Hi list,
According to business requirements, we must have our Solaris servers patched
with the last CPU and create a monthly report with the patch compliance level
(%) against that patch set per server.
I was given the task to create such report.
------------------------------------------------------
Server #patches in last CPU #installed applicable
patches(a) #non-applicable patches #missing
applicable patches from last CPU(b) Compliance level (100 - b/a*100)
.
.
-------------------------------------------------------
I tried EMOC , but it's huge and not very smart. It gives me the list of
non-installed patches from the CPU, but considering non-applicable patches as
not-installed.
This week I started looking at pca. I downloaded the xref file from oracle,
gathered the .out info from our Solaris servers as described in the "remote"
and run a pca report against my servers.
The problem I have is the xref file has newer patches than the CPU patches, and
I must check compliance against the CPU patches.
How complicated will be to create the patchdiag.xref from the patchset, instead
of downloading from Oracle?
I was taking a look at the format and it looks very simple. From the downloaded
CPU files, I can get almost all the info in one shot.
Patchdiag format:
----------------------------------
138899|01|Aug/01/08| | | |
|Unbundled|sparc;|SUNWs9brandu:11.10.0,REV=2008.04.24.03.37;|Solaris 9
Containers 1.0: s9_brand patch
Field Definitions
Field Name Definition
Examples
1 Patch number A series of numeric characters defining a
specific patch. 138899
2 Patch version A two digit number, zero filled, defining the
patch version 01
3 Release date Date the patch was release in the format
MMM/dd/yy Apr/01/08
4 Recommended The character "R" or a space."R" means this is a
recommended patch R
5 Security The character "S" or a space."S" means
this is a security patch S
6 Obsolete The character "O" or a space.
"O" means the patch has been
obsoleted by another patch or version. O
7 Bad The characters "YB". "Y ", " B" or
spaces.
"B" means this is a bad patch
and the patch has been withdrawn
"Y" means this is a Y2K patch
YB
8 OS Version This field lists Solaris release, the word
"Unbundled" if this is for a non OS product. A "_x86" suffix to the release
indicates this patch is specific to x86 architecture.
10
10_86
Unbundled
9 Architecture A ";" separated list of applicable
architectures. sparc, i386, sparc.sun4u
10 Package A ";" separated list of
packages this patch applies to.
SUNWcsu:11.10.0,REV=2005.01.21.15.53
11 Readme Synopsis This is a synopsis of the readme file
for the patch SunOS 5.10: flowacct
patch
Obsoleted by: 137278-01 SunOS 5.10:
usr/sbin/ipsecconf patch
----------------------------------
>From the patch directory:
-bash-3.2# cat patchinfo
PATCHINFOVERSION="1.0"
PATCHID=121337-01
PATCH_CORRECTS='BaseOS.SolarisCore-5.10'
PATCH_ARCH='sparc'
PATCH_OS='SunOS'
PATCH_OSRELEASE='5.10'
PATCH_PROPERTIES='rebootafter singleuser clientroot'
PATCH_REQUIRES="118822-23"
So, my plan is to write a script to create a custom patchdiag.xref so I can use
pca to extract information.
My only problem is the field #10, which is not in the patchinfo file. The
release date is in the README.<patch> file.
Before starting with tests, I would like to ask:
1) Is there any better way to do it?
2) is pca considering that info (field #10)?
3) If yes, does anybody have any tip where can I extract that info from?
4) Did anybody have a requirement like this before? (compare against a fixed
set of patches)
Thanks,
Sergio
