Date: 01-29-2008
Original: Dan Shaw

Category: Sun Patch Server and Services

Server: ashbumon101


USAGE: Patching and collecting patch information for Solaris Server(s)


SUMMARY : PCA is a third party tool that was developed for a long time and published in 2003 with the latest release this year January 2008. It is a stream lined process for patching individual servers to enterprise environments. Even the Sun Engineers give this product praise and based on it's power and simplicity is the reason for choosing this patch mangement solution.



There are only two files to PCA
pca - /usr/local/bin - This file needs to be names pca
pca.1 - /usr/share/man/man1 - This file is originally named pca.8 and is renamed
pca.conf - /usr/local/Configuration file for PCA varialbles ONLY long name variables can be used in config files
pca-proxy.conf - /etc - This file is for setting up proxy server only
/umon/patchdir - Primary Patch directory - This holds the files to ALL Solaris OS versions PCA clients
/umon/patchdir/backout - Backout directory - This holds the backout patches for the PCA proxy server only

SUN PCA Link : PCA - Patch Check Advanced

Server Prerequisites:
Once the server has been jumpstarted and patched there are some additional requirements before installing PCA

  1. The following packages are required for PCA
    SUNWperl584core - Perl 5.8.4 (core)
    SUNWperl584man - Perl 5.8.4 Reference Manual Pages
    SUNWperl584usr - Perl 5.8.4 (non-core)
    SUNWgcmn gcmn - Common GNU package
    SUNWwgetr - GNU wget - utility to retrieve files from the World Wide Web (root)
    SUNWwgetu - wget - GNU wget
  2. On the jumstart server ashbjs150 in directory /jumpstart/Sol_10/Solaris_10/custom/Custom_Apps/PCA
    You will find the lastest PCA software
    pca - Patch mangement code
    pca.1 - Man page
  3. Mount the jumpstart file systems where these files are located
  4. mount -F nfs /mnt
    Make sure the nfs client is ruunning if not issue the following command to start the service
  5. svcadm enable -rst network/nfs/client
  6. cd /mnt/Solaris_10/custom/Custom_Apps/PCA
  7. cp the pca file to /usr/local/bin
  8. chmod -x /usr/local/bin/pca - Change the file to be executible
  9. cp pca.1 /usr/share/man/man1 - Copy PCA man page to default man page directory
  10. chmod -r /usr/share/man/man1/pca.1 - Change file to readable

Testing the installation and updating pca

  1. Type: man pca - this will produce the PCA man page - This wil onlly work on the primary MAN server ashbumon101
  2. cd /umon/patcdir
  3. type pca -l all - If you get the desired result check for updates right away
  4. pca --update now


  1. On the pca proxy server ashbumon101
  2. Copy the pca-proxy.conf.server file to /etc/pca-proxy.conf from the follwing directory on the jumpstart server.
  3. File must be owned and group by nobody and chmod 655
  4. Copy the /usr/local/bin/pca file to /usr/local/apache2/cgi-bin/pca-proxy.cgi
    This allows the client to execuite the pca programm as cgi file in a http environment
  5. Set the Timeout option in httpd.conf or httpd-default.conf to e.g. 1800 (seconds)
    This ensures that apache won't interrupt large patch downloads


Initial Client / Agent Installation as a http proxy agent

  1. The follwing packages are required as mentioned above but you do not need to install the man pages
    SUNWperl584man - Perl 5.8.4 Reference Manual Pages
    SUNWperl584usr - Perl 5.8.4 (non-core)
    SUNWgcmn gcmn - Common GNU package
    SUNWwgetr - GNU wget - utility to retrieve files from the World Wide Web (root)
    SUNWwgetu - wget - GNU wget
  2. First check to see if perl is installed.
    Type perl -v on the command line.
  3. Add the following packages using pkgadd from list above
  4. copy the "pca" file from /jumpstart/Sol_10/Solaris_10/custom/Custom_Apps/PCA
    to /usr/local/bin
  5. The pci-proxy.cgi is owned and group of root
  6. chown root:root: pci-proxy.cgi
  7. chmod 655

Configure Client with the following

When pca is run each client looks to the proxy server ashbumon101 to see if the server has the patch locally in /umon/patchdir and if not it will use the proxy server via the /etc/pca-proxy.conf file to conact sunsolve and download the patch for that client to the proxy patch server to /umon/patchdir and then the local client in /var/tmp/patchdir

  1. Copy the following file to from the jumpstart server /jumpstart/Sol_10/Solaris_10/custom/Custom_Apps/PCa/pca.conf.client
    to /usr/local/etc/pca.conf on to the client server.

    *******************EXAMPLE OUTPUT**************
    ## PCA Configuration file for Patch Management ##
    ## Thu Jan 31 12:21:05 PST 2008
    ## Dan Shaw
    # This file is for the pca client servers only
    # User Name and Password for

    # Default Patch Directory

    # Setup the Local Patch Server info

    # Retries from SunSolve Server
    ********************END OF EXAMPLE OUTPUT***********

  2. Create the following directories

Testing the installation

  1. Run the pca command /uar/local/bin/pca and it should produce an output that looks like the following:
    THis is a partial list but you know it works if you see this output.

    ashbjs150:root # pca -l
    Using /var/tmp/patchdir/patchdiag.xref from Jan/29/08
    Host: ashbjs150 (SunOS 5.9/Generic_122300-14/sparc/sun4u)
    List: missing

    Patch IR CR RSB Age Synopsis
    ------ -- - -- --- --- -------------------------------------------------------
    112951 13 < 14 RS- 70 SunOS 5.9: patchadd and patchrm Patch
    110208 17 < 22 --- 489 Netra Lights Out Management 2.0 patch
    111722 04 < 05 --- 543 SunOS 5.9: Math Library (libm) patch
    112771 21 < 34 -S- 404 Motif 1.2.7 and 2.1.1: Runtime library patch for Solaris 9
    112785 62 < 63 RS- 12 X11 6.6.1: Xsun patch

Standard Run for the PCA client

  1. Type: "pca -d missingrs"
    The -d is for download; the "missing" is for missing patches and the "rs" is for the recommended and security patches
  2. Then run "pca -si missingrs"
    This runs a safe installation of all missing and recommended and security patches and can be run without the previous step but not recommened if you are unfimilar unfamilar with the environment.

Solving issues.

  1. run the pca command with --debug to run pca in debug mode. This help me resolve some things during installation.


Last Updated On: February 6, 2008