SUMMARY: Pruning the "?_Recommended" Patch Clusters

From: Crist Clark <>
Date: Wed Dec 17 2003 - 19:15:23 EST
Crist Clark wrote:
> Any Solaris administrator knows that applying the ?
> patch cluster typically takes hours to run. I'm not completely sure
> why it has to. I've been trying to "prune" sets manually and it drastically
> speeds things up. I wanted to enquire here as to whether anyone knows of
> a reason that this would "break" installation of the cluster. (I know
> Sun support's knee jerk reaction would be that I always must run their
> script on the untouched cluster, so no point in asking them.)
> The biggest timesaver seems to be removing patches that are clearly
> already applied. What could this break?
>   cd 8_Recommended
>   for PATCH in 1*; do
>         [ -d /var/sadm/patch/$PATCH ] &&
>                 rm -r $PATCH
>   done
> I think I know why it seem to take patchadd(1M) so much longer to figure
> this out. I guess it builds its patch list from examining the
> /var/sadm/pkg/*/pkginfo files. But if I haven't been adding "new" (but
> unpatched) packages to the system, would my test possibly cause any
> problems?
> Other tricks for speeding "install_cluster?" Will summarize for the list
> of course.
> --

I received quite a few replies, about a dozen, and that's not even counting
the kind people who let me know that they were Out of the Office early for
the holidays. The general consensus is that skipping patches that you 
already have on your system is a safe thing to do.

However, most people recommended an approach like,

  cd 8_Recommended
  mv patch_order patch_order.dist
  while read PATCH; do
	[ ! -d /var/sadm/patch/$PATCH ] && echo $PATCH
  done < patch_order.dist > patch_order

And then running install_cluster. One way to do this, that is easily 
portable across systems is to add the directory existence check to
the install_cluster script itself,

*** install_cluster.orig        Fri Dec 12 15:13:14 2003
--- install_cluster     Wed Dec 17 15:39:45 2003
*** 219,225 ****
  for patch in ${patchlist} ; do
!       if [ -d $patch ]; then
                echo "Installing ${patch}..." | tee -a ${LOGFILE}
                ( /usr/sbin/patchadd ${saveold} ${patch} ) >> ${LOGFILE} 2>&1
--- 219,225 ----
  for patch in ${patchlist} ; do
!       if [ -d $patch ] && [ ! -d /var/sadm/patch/$patch ]; then
                echo "Installing ${patch}..." | tee -a ${LOGFILE}
                ( /usr/sbin/patchadd ${saveold} ${patch} ) >> ${LOGFILE} 2>&1

Another (more robust?) variant is to use 'showrev -p' to build a list of
installed patches rather than the '-d /var/sadm/patch/$PATCH' test.

(FWIW, I was nuking patch directories 'cause the machine I was using
as an example is tight on scratch space and I wanted to free up some

Finally, Sun's PatchPro was recommended, but it looks like you need 
JRE, WBEM, and other assorted cruft that I do not have on most servers.
(Unless it's a tool where you may have one PatchPro installation
supporting patches on multiple hosts, but that wasn't clear from the quick
docs I read.)
Crist J. Clark                     
Globalstar Communications                                (408) 933-4387
sunmanagers mailing list
Received on Wed Dec 17 19:15:14 2003

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:25 EST