04 Sep 09 Combining patch sets and deploying as a single file (tape format)

I’ve had to deliver some absolutely enormous patch sets in my day and it can be a real pain to have to tar them all up and untar them.

Another real problem in high availability environments is the urgent need to limit the number of boots you schedule.

The way around it is to create a larger single file tape format patch. The key command is swpackage.

I generally like to set up a major system update bi-annually.

In this example, I keep a file system called /patch which has plenty of room.

cd /patch

mkdir June-2009

cd June-2009

I then proceed to gather new software.

http://software.hp.com

Patch database on http://itrc.hp.com

I download the software depots directly to /patch/June-2009/

If security restrictions permit, I use a HP-UX based browser to get the software.hp.com stuff. It just avoids errors in the file transfer process. filezilla works well, if you must use a PC with windows to gather patches.

In the patch database, I use the scripted ftp option. I normally combine the bi-annual QPK/gold pack with any patches required by security_patch_check or SWA.

The scripted ftp option is great, because it restarts, and comes with a build in script to build a depot at the end of the download.

First I use the create_depot script, usually using the -d option

create_depot_<unique name> -d June-2009-bi-annual.depot

Now I have everything in the same directory with the extension depot.

First i build a depot. I have a script named depmake2

for i in *.depot
do

swcopy -x enforce_dependencies=FALSE \
-x mount_all_filesystems=FALSE \
-x reinstall=TRUE \
-x write_remote_files=TRUE \
-x layout_version=1.0 \
-s ${PWD}/$i \* @ ${1}
done

The $1 parameter is once gain the name of the new, combined depot I wish to create

depmake2 June-2009-bi-annual.depot

This will pick up anything I’ve downloaded from software.hp.com

swpackage -s /patch/June-2009/June-2009-bi-annual.depot -d June-2009.bid.tape.depot -x target_type=tape -x media_capacity=8000

The maximum media capacity is 8 GB.

What I am left with is a single tape depot that I can install on any system or even copy into an Ignite patch server with a single command.

swinstall -x autoreboot=true -x reinstall=false -s /path/June-2009.bid.tape.depot \*

One deployment, one reboot.

Before you install, don’t forget to Ignite your system. Always have a backup plan.

#!/usr/bin/sh
/opt/ignite/bin/make_tape_recovery -Av -x inc_entire=vg00 -x exclude=/home -d “description”
# /usr/contrib/bin/eject.tape

Or backup to a central Ignite NFS share.

/opt/ignite/bin/make_net_recovery -s tzfat -x inc_entire=vg00 -a jufdev:/scratch/ignite/archives -C

Ignite is a separate article

Tags: definition of patch type., patches, patching