New Patch Assessment

George Morrison · ‎11-03-2003

First of all, what is the correct way to send feedback about ITRC?

For background, I have about 15 HP-UX systems (and more on the way) that I am responsible for. My patching strategy is to patch every quarter.

I just had my firt experience with the new Patch assessment feature, and all in all I like it. That said, here are my gripes:

1. Uploads of .fs files must must be through a browswer. Or more accurately, there are no instructions that I have found on how to upload .fs files except via a browser. That means (for me) that I must ftp my .fs files to my PC then upload them. It was bad enough that I had to get the cpm_collect script via PC and browser, but now the dang fs files too!!! Anyone have alternate suggestions?

2. At least for me, everytime I upload a .fs file, only that .fs file shows in the "systems to be select" area of the web page. So it seems we have gone from keeping .fs files on a ftp site forever to not keeping them at all. Does anyone know a way for more than one system to be selectable from the patch assessment screen? Has anyone had it work with more than one system?

3. Surely this must be a bug. When I do get through the patch assessment, if I choose "download a script to ftp the patches", I get a 0 byte file (on my PC of course, cause all ftp access to this feature is now disabled, grumble grumble). Has anyone had the "download a script..." option work correctly?

James Specht · ‎11-03-2003

I can help with your first part. You can ftp the files directly to the server using ftp. Send them to ftp.us-support2.external.hp.com (192.151.52.22) using your CA account and password. I use the following in a script. I have my CA account and password in my .netrc file.

ftp -i ftp.us-support2.external.hp.com << EOF
binary
cd incoming
lcd /tmp
put $HN.fs
bye
EOF

On the second part I make sure the .fs file is called by my system name. SystemA.fs, systemB.fs. This allows multiple files on the selection pages.

Finally, I have attached a script (cpm_check.sh) I use to help automate the process as much as I am comfortable with. It might give you some help.

--Jim

"Everyone can be taught to sculpt: Michelangelo would have had to be taught how not to. So it is with the great programmers."

George Morrison · ‎11-03-2003

Jim,

Thanks for your reply, and I am sure it worked great when we had CPM. But the new (this week I beleive) Patch Assessment seems (in fact is documented) to ignore the file in the old incoming dir.

Thanks again,

George

Steven E. Protter · ‎11-03-2003

With regards to feedback. This is one way many do do feedback. If your feedback is about itrc in general or the website, there is a link on the main itrc.hp.com site.

You might find this process works better if you install a browser on your HP-UX server and access and run it with an X windows client.

The best browser for hp-ux in my opinion is mozilla 1.4 which is available in depot format from software.hp.com

I'm sensing there are some binary/ascii ascii/binary issues causing that zero byte file sistuation. I don't think you want to be running this assessment off a pc.

I can give you a step by step solution telling you how to implement my suggestion. Post back if you are interested. Its kind of a long type if you're not.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

George Morrison · ‎11-03-2003

Steven -

Thanks so much for your reply. I don't think I need the procedure, but thanks for the offer. I tried to do the assessment using an old copy of Netscape, and it didn't work. I'll get Mozilla and give it another shot. Using a PC as a go between is painful.

While CPM certainly did not provide a "batch process" for patch analysis and retreival, I am disappointed HP appears to be moving farther from batch/bulk patch analysis. I can't imagine how sites with 10s or 100s of systems to analyze will react to the change.

If anyone from HP familiar with the new Patch Assessment feature would comment, esp. on points 2 and 3 I would be very interested in hearing what you have to say.

Evan Zweifel · ‎11-03-2003

1. Yes, all upload of .fs files need to be performed via a browers. Your unix brower should work fine as well. I use Mozilla without any problem.

2. Only 1 system can be analyzed at a time. When you upload a second, it overwrites the first. Previously in CPM, even though you could upload and store multiple .fs files, you could only analyze one system at a time. Once you analyzed the system and installed the recommended patches, the uploaded version was stale.

3. This is a bug. And has been fixed. I verified that this works as of 11:20 MST.

Thanks,

Evan.

George Morrison · ‎11-03-2003

Evan -

Thanks for your reply.

1. Drat.

2. You are correct, CPM would analyze only one system at a time. But I could script the ftp upload of the .fs file from each systems cron and then iterate through the patch analysis.

3. Thanks, it no longer produces a 0 byte file.

Kevin McManus_1 · ‎11-03-2003

Hi,

Sounds like from your Gripes #1 & #2 that you have some automated way of uploading the .fs files and the new patch assessment prevents you from doing so any more. If so, just collect the .fs files locally somewhere, such as the disk on the system you're running your browser. You'll need to change your cron job to deposit the .fs files in the new location as opposed to on the ITRC.

Later, when you go to run your assessment(s) you'll navigate to the directory containing the .fs files. Within that same session, if you wish to do an assessment of another system, the interface will remember the directory containing the .fs files. Select the system of interest. Unless I'm misunderstanding something, this should be pretty close what you used to have with CPM, and you won't have to contend with the disk quota that the ITRC imposed.

Hope this helps.

Kevin McManus

harry d brown jr · ‎11-03-2003

George,

I agree that the new "method" --> SUCKS. I reported it to HP as an "issue". Maybe everyone should also.

{edited by moderator: Issues should be reported to HP by using the Contact HP link at the top of this page.)

That might work when you have a few systems to deal with, but some of us have a lot of servers (in my case 300+), making the "new" experience a little more nauseating and very time consuming.

live free or die
harry

Live Free or Die

John Graf_1 · ‎11-04-2003

I came across this post while trying to find a solution to a patching question.
I have had problems in the past with the Customized Patch Process. I used the Contact HP link and the team that supports the site walked me through the issue. I guess that is the quickest way to get it resolved. Let them know and they can assist. They have a team that works via email and phone when having problems with ITRC. I did not know that before today.

Hope this helps,

John

George Morrison · ‎11-04-2003

Kevin -

Thanks for your reply. I do have an automated upload procedure that I am disappointed I can no longer use. You are correct, I can now collect them on the system I will run Mozilla from, but the fact is I now have an additional step (upload fs, "select" the one and only system, run analysis) vs cpm (select from multiple systems and run the analysis).

However, IMO, running the analysis is greatly improved in the new version. I like the patch selection profiles and the automatic processing of dependencies and conflicts.

I had hoped that there would be improvements in CPM that would move the process towards less direct human involvment and it "feels" like the new process is going the other way in some respects. This is disappointing.

What, in my little dream world, I would like is to upload the fs files and have the patch selection/analysis run automatically, producing a script like get_patches for each system (or group of systems). Ideally I would be able to have different patch selection profiles for each system or group of systems. Alternatively, I would be delighted with a program that would reside on one of my hosts and would query the patch database and perform patch selection/analysis (based on a profile that I select/tune), download the patches and put them into a depot.

Ah well.

George Morrison · ‎11-04-2003

Harry -

I am glad to hear from someone with a significant number of systems to deal with.

I cannot go so far as to say the "new" method sucks. I certainlly view it as less convenient to initiate the analysis than CPM, but the improvements in patch selection and analysis go at least part of the way to balance the overall throughput.

You clearly will have more effort to slog through 300+ patch assessments than I do. Do you find that you recover much time with the new automated dependency/conflict resolution?

George

George Morrison · ‎11-04-2003

John -

Thanks for the suggestion.

George

Kimberly Ann · ‎11-05-2003

George, Harry, et al...

I'll get the Patch team to take a look at what you've posted here.

In meantime, as mentioned by a moderator above, the best way to get feedback into the ITRC teams is through the contact page at

http://www1.itrc.hp.com/service/help/contactHP.do

The ITRC 'ask a question' page is in upper right or directly at http://us-support.external.hp.com/usage/bin/doc.pl/screen=usageQuestion

You get to both by clicking on the 'online help' link in upper left of this page, or the 'contact hp' link in the very upper left grey header.

Thanks,
Dan

Cheryl Griffin · ‎11-05-2003

And if you look right above to the left of the search box, it says Contact HP. You are never more than a scroll up in finding the link to contact HP Support.

Please do not circulate individual's names as this may only slow down the process of getting help. We have teams of people who are ready to help. Contact HP is the fastest way of reaching the right person.

"Downtime is a Crime."

Steve Bonds · ‎02-26-2004

I just found this thread through the search interface, and I'm glad I'm not the only one who has issues with the new slow, one-system-at-a-time interface. Has there been any work on getting this process more automated since it was raised in November?

I'm considering a perl script that would merge all my PSIFILEs into a single consolidated file so that I'd get one giant bundle with all the patches I need in it. (Well, maybe 2 since some of the 11.0 vs. 11i patches are different.)

Has anyone else worked on something like this? Is there something else in the works that would make this a wasted effort?

-- Steve

George Morrison · ‎02-26-2004

Nothing has happened that I am aware of, with the exception of the "bug" in point 3 being fixed.

I know of nobody merging fs files; that is a step I don't want to try. I am not sure that method would produce a valid patch assessment. Also, I imagine support from HP for patch bundles created that way would be scant at best. At least for me, I would rather go through the pain of the "one at at time" method.

Steven E. Protter · ‎02-26-2004

George,

I am aware of and have experienced this bug even using the ftp download option.

HP openned a case for me when it happened to me. It happens whenever the June 2003 bundle is included in a selected patch set. De-select that and the zero byte file thing may stop happening.

There are other products I fear which trigger the problem.

HP says they are working on it.

SEP

Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com

Trond Eirik Aune · ‎02-26-2004

Patch assesment is fine and all, but the minute you get more than 1 server, you should just ignore it.

Do what we do, download all the patches and create your own local depot and patch from there.

You can easily do this by making an ftp script that get the latest patches from hp every night.

If you always trues the installer, this is great way of doing it since it will pick what it needs from what you have. If you want to avoid possible buggy patches, then wait a few months after a patch is released ebfore downloadign it incase it gets replaced.

Sry. i could only provide you with an alternate to Patch Assessment.

George Morrison · ‎02-27-2004

Steven -

I did a download just a week or two ago and had no problem. Must be a new bug, or a reintroduction of the prior bug. I am sure it will be fixed soon.

George

George Morrison · ‎02-27-2004

Trond -

Certainly we also make our own depots, but I rely heavily on the Patch Assessment program to help me load that depot. As I mentioned before, I am looking for ways to automate the patch selection process, and I find the new process less helpful than the old CPM process. However, I like the patch profile part of the new tool and I feel like the patch budles I now get are more complete than those created with the previous tool.

My hope by opening this thread is that "the powers that be" will hear us and take our opinions, wants and needs into account for the next (or the one after the next) revision of the tool.

George

Steve Bonds · ‎03-01-2004

I've finished the script to "intelligently" merge the PSIFILEs. If anyone would like to test a copy, please mail me at:

jks3wfj02@sneakemail.com

Keep in mind that HP supports the individual patches, not custom bundles. Whether created by yourself, the ITRC, or with the assistance of some bozo's random perl script they all carry the same (lack of) support.

The only supported HP bundles I'm aware of are the Quality Packs and perhaps HP RCAA-created custom bundles (they charge for this.)

The script has these restrictions:
+ It picks the lowest version of any product installed on multiple systems and only reports it once
+ It always reports the same hardware type
+ It only reports patches that are included on all the systems

This means that the script won't help with OS-installable hardware-specific firmware downloads, and there will be some warnings about dependent patches missing.

-- Steve

George Morrison · ‎03-01-2004

Steve -

Thanks for your contribution.

George

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

New Patch Assessment

New Patch Assessment

Re: New Patch Assessment

Re: New Patch Assessment

Re: New Patch Assessment

Re: New Patch Assessment

Re: New Patch Assessment

Re: New Patch Assessment

Re: New Patch Assessment

Re: New Patch Assessment

Re: New Patch Assessment

Re: New Patch Assessment

Re: New Patch Assessment

Re: New Patch Assessment

Re: New Patch Assessment

Re: New Patch Assessment

Re: New Patch Assessment

Re: New Patch Assessment

Re: New Patch Assessment

Re: New Patch Assessment

Re: New Patch Assessment

Re: New Patch Assessment

Re: New Patch Assessment

Re: New Patch Assessment