Using Sun Update Connection with the CLI on Solaris 10
30 Oct 2005 06:54 PM / Filed in: I.T.
Sun has made available (for free) the Sun Update Connection software to help system administrators keep their Solaris 10 systems up-to-date.
I consider Sun Update Connection from the point of view of a system administrator that needs to apply patches to a server with no graphical environment. That means I will only show how to use Sun Update Connection using the CLI (Command-Line Interface). This method makes usage of a subset of Sun Update Connection known as Sun Update Manager. This tiny guide is not intended to replace the official instructions from Sun but rather supplements them. I found them confusing at times so if you need a quick start for using Sun Update Connection, read on. You can later on read the full instructions on Sun's website.
Sun Update Connection is not integrated by default with Solaris 10 but according to C|Net News.com, this should be fixed in the next global update to Solaris 10, expected by the end of this year. You will need to download and install it separately. The installations instructions are rather clear and the installation is pretty much straightforward.
Once the installation is over, you will need to register your machine with Sun to be able to use Sun Update Connection, using your Sun Online Account (free registration). It should be noted that if you don't have a valid Sun Service Plan, you may only download security fixes and hardware drivers.
To register a system, you need to create a registration profile file. This file contains the data necessary to process your system's registration with Sun as shown by the following example:
userName=ichigo
password=shinigami
hostName=hollow
subscriptionKey=
portalEnabled=false
proxyHostName=
proxyPort=
proxyUserName=
proxyPassword=
This will register the system which hostname is hollow using the Sun Online Account ichigo which password is shinigami. This user has no Sun Service Plan so the subscriptionKey parameter is left empty. If you are going to register your system using a proxy, you will need to fill the 4 last parameters in the above example.
The registration profile must be owned by root and its permissions set to 0400 or 0600. This file must be fed to the sconadm command as shown below:
# /usr/sbin/sconadm register -a -r /tmp/registrationprofile.properties
For more details about the registration process, read the Registration Guide.
Once registered, you will be able to analyze your system, retrieve a list of updates and apply them automatically using the smpatch command:
# smpatch analyze
# smpatch update
For more information about the smpatch command, please refer to the manual page available upon Sun Update Connection installation.
Sun Update Connection 1.0.1, the latest version available as of this writing, has a few limitations/quirks:
• It is incompatible with containers, a major feature of Solaris 10. I hope this limitation will cease to exist in future versions since containers (also known as zones) are essential for system administrators who want to make good use of their hardware capabilities and optimize system usage from a performance and security standpoints.
• You can't install patches requiring interactivity.
• the analysis step performed by smpatch doesn't seem to be working correctly. It will keep displaying a list of updates even if they are not applicable to your configuration. To reproduce this issue, try to analyze, update then analyze once more using smpatch. A feature or a bug?
I consider Sun Update Connection from the point of view of a system administrator that needs to apply patches to a server with no graphical environment. That means I will only show how to use Sun Update Connection using the CLI (Command-Line Interface). This method makes usage of a subset of Sun Update Connection known as Sun Update Manager. This tiny guide is not intended to replace the official instructions from Sun but rather supplements them. I found them confusing at times so if you need a quick start for using Sun Update Connection, read on. You can later on read the full instructions on Sun's website.
Sun Update Connection is not integrated by default with Solaris 10 but according to C|Net News.com, this should be fixed in the next global update to Solaris 10, expected by the end of this year. You will need to download and install it separately. The installations instructions are rather clear and the installation is pretty much straightforward.
Once the installation is over, you will need to register your machine with Sun to be able to use Sun Update Connection, using your Sun Online Account (free registration). It should be noted that if you don't have a valid Sun Service Plan, you may only download security fixes and hardware drivers.
To register a system, you need to create a registration profile file. This file contains the data necessary to process your system's registration with Sun as shown by the following example:
userName=ichigo
password=shinigami
hostName=hollow
subscriptionKey=
portalEnabled=false
proxyHostName=
proxyPort=
proxyUserName=
proxyPassword=
This will register the system which hostname is hollow using the Sun Online Account ichigo which password is shinigami. This user has no Sun Service Plan so the subscriptionKey parameter is left empty. If you are going to register your system using a proxy, you will need to fill the 4 last parameters in the above example.
The registration profile must be owned by root and its permissions set to 0400 or 0600. This file must be fed to the sconadm command as shown below:
# /usr/sbin/sconadm register -a -r /tmp/registrationprofile.properties
For more details about the registration process, read the Registration Guide.
Once registered, you will be able to analyze your system, retrieve a list of updates and apply them automatically using the smpatch command:
# smpatch analyze
# smpatch update
For more information about the smpatch command, please refer to the manual page available upon Sun Update Connection installation.
Sun Update Connection 1.0.1, the latest version available as of this writing, has a few limitations/quirks:
• It is incompatible with containers, a major feature of Solaris 10. I hope this limitation will cease to exist in future versions since containers (also known as zones) are essential for system administrators who want to make good use of their hardware capabilities and optimize system usage from a performance and security standpoints.
• You can't install patches requiring interactivity.
• the analysis step performed by smpatch doesn't seem to be working correctly. It will keep displaying a list of updates even if they are not applicable to your configuration. To reproduce this issue, try to analyze, update then analyze once more using smpatch. A feature or a bug?