Hi Beth,
Beth Morin <bethnda...@cox.net> wrote:
> Our network has NO internet access so we have to sneaker net our
> patches into the system.
PCA is of good use in such an environment.
> I have been reading a bit about PCA and see that you can use a
> local server. Would it be reasonable to say that I could set up a
> "patch server" on one box, manually update my patches on that one
> box and have PCA point to it on all my other boxes to automate
> patch management?
The best setup would need at least one machine in your network which can
reach the Internet, and which can be reached from all internal systems.
In that case, you could setup a local caching proxy server with pca: All
you need is a standard web server like apache, into which you install
pca as pca-proxy.cgi. Then you point all local systems at the proxy
using pca's xrefurl/patchurl options, and they will be able to
transparently download any patch via the proxy without an Internet
connection.
If no system on the network has Internet access - i.e. if you will be
downloading patches and the xref file from some admin workstation not
reachable by the other machines, then you can still make one of the
internal machines a patch server, via HTTP/FTP/NFS. You will have to
download the required patches on the admin workstation, and put them up
on the local patch server. To determine which patches are needed, you
can use the technique described in "CREATING PATCH REPORTS FOR REMOTE
MACHINES" in the docs. It will allow you to run pca on the admin machine
with input from the machines to be patched, so you can downlad patches
and create patch reports centrally.
Similar setups are used by many PCA users. You can look the archive of
this mailing list for some past reports of others' experiences.
> If PCA is what I am reading then this will save our organization
> running primarily Solaris a ton of man hours ...
That's the perfect moment to mention
http://www.par.univie.ac.at/solaris/pca/donation.html :)
Martin.
