- -x allow_existing_depot=false
Usage: Advanced
Applicable steps: download
depot
Determines whether the target depot must be empty at the start
of the command, or can be an existing depot. SWA does not perform
any analysis of the depot contents. By specifying this option, you
accept responsibility for the contents of this depot.
- true
Target depot can exist (it is non-empty).
- false
Target depot must be empty at the start of the command.
- -x analysis_file=${user_dir}/cache/swa_analysis.xml
Usage: Basic
Applicable steps: analyze
report download depot
The file containing the raw analysis results, including a list
of software that should be downloaded from Hewlett-Packard in order
to address the issues found by the analysis. Use this option to save
the results from a specific analysis, and later reuse those results
in order to download the corresponding software from HP. If you do
not use the default location when the analysis file is created (swa report creates this file), be sure to specify
that location when the analysis file is later used (swa get uses this file).
Possible values include any absolute or relative path name with
appropriate permissions.
The use of ${user_dir} at the beginning of
this option value is substituted with the value of the user_dir option (which defaults to $HOME/.swa).
- -x analyzers=QPK SEC PCW
Usage: Basic
Applicable steps: analyze
Specifies a space-separated list (appropriately quoted for your
shell if applicable) of analyzers to be used. Each analyzer represents
a different type of analysis that swa can perform. The supported analyzers
follow in two lists (generic and specific).
- Generic analyzers:
- CRIT
patches that fix critical problems
- PCW
patches with critical warnings
- PW
patches with warnings (a superset of PCW)
- QPK
latest quality pack
- SEC
security bulletins that may apply
- Specific analyzers:
- CHAIN={patchID[,patchID]*}
include patch or recommended successor
- PATCH={patchID[,patchID]*}
include specific patch.
Note: Use of CHAIN is generally preferred.
Note: This option is equivalent to -a but is suitable for use within an extended options file
(-X) or configuration file.
- -x catalog_max_age=24
Usage: Intermediate
Applicable steps:
catalog
Specifies the age, in hours, of the locally-cached copy of the
HP software catalog before a new local copy should be obtained. If
the local file becomes too old (based on the timestamp in the file),
SWA tries to obtain a copy of the catalog from the catalog_source location. It is possible that the remote catalog is also too old
(as determined by the timestamp in the file). For example, suppose catalog_max_age=2 and catalog_source specifies a location that gets updated daily from HP's website.
In this case, the downloaded catalog is used, but will be updated
every time SWA checks the catalog's age.
Note: There are two special values, 0 and -1. The value of 0 signifies to always update the file. The value of -1 signifies to never update the file, regardless of age.
- -x catalog=${user_dir}/cache/swa_catalog.xml
Usage: Intermediate
Applicable steps:
catalog analyze
The file containing a locally-cached copy of the catalog of
available HP software and published security bulletins.
Possible values include any absolute or relative path name with
appropriate permissions.
The use of ${user_dir} at the beginning of
this option value is substituted with the value of the user_dir option (which defaults to $HOME/.swa).
- -x catalog_source=https://ftp.itrc.hp.com/wpsl/bin/doc.pl/
screen=wpslDownloadPatch/swa_catalog.xml.gz?PatchName= /export/patches/swa_catalog.xml.gz
Usage:
Intermediate
Applicable steps: catalog
A space-separated list of URLs (appropriately quoted for your
shell if applicable) that controls the remote location and service
to obtain the remote HP software catalog. The catalog contains a list
of all potential issues, relevant software product updates and patches
that address many issues, along with descriptions of manual actions
that address some issues. HP frequently updates this catalog as new
issues become known and as new actions are recommended.
The following format is used to specify URLs:
service://[user:password@]hostname.domainname:port
Where service is one of the following
methods for obtaining the remote catalog from HP:
- https
Secure/authenticated HTTP
- http
Unauthenticated HTTP
- ftp
Unauthenticated FTP
Note: The following are alternative, though
less-secure, unauthenticated paths to the standard HP catalog file:
http://ftp.itrc.hp.com/wpsl/bin/doc.pl/screen=wpslDownloadPatch/ swa_catalog.xml.gz?PatchName=/export/patches/swa_catalog.xml.gz
ftp://ftp.itrc.hp.com/export/patches/swa_catalog.xml.gz
- -x crl_check=true
Usage: Advanced
Applicable steps: catalog
download
When set to true, SWA will require the Certificate
Revocation List (CRL) to be updated and checked for the trusted Certificate
Authority (CA) certificate being used to validate the remote server.
In the unlikely event that the private certificate of the server
pointed to by the catalog_source option is suspected
of being compromised, its certificate will be revoked, and added to
a list of revoked certificates by the CA. See the catalog_source option.
The CRL must be signed by the same certificate chain that signed
the host certificate being checked. Checking the CRL requires regular
downloads from the CA, which can lengthen the SWA run time. If you
do not wish to validate a revocation list, set this to false.
- -x crl_url=http://crl.verisign.com/RSASecureServer.crl
Usage: Advanced
Applicable steps: catalog
download
The URL of the CRL. See the crl_check option
for more information. If you are behind a proxy server, then you will
need to configure the proxy information for the protocol being used
to download the CRL.
- -x download_cmd=
Usage: Intermediate
Applicable steps:
catalog download
Specifies a command that can download a URL from the Internet.
The command is enclosed in single quotes ('). This option is useful
in cases where a system does not have a direct connection to the Internet,
but can execute a command that can download a URL from the Internet
(for example, by using a gateway machine).
Using this option overrides many options which are used by the
internal SWA download functionality, including proxy and CRL configuration.
This command should take one option that is supplied by SWA
(the URL of a file to download), and outputs that file to its standard
output. If the actual command in your environment behaves differently,
it can be wrapped by a shell script in order to provide the interface
that SWA needs.
The command needs to support the protocol specified by the catalog_source option (default HTTPS) for catalog retrieval
and FTP for patch retrieval. See the catalog_source option.
Note: Externally used commands are not necessarily
supported by HP, but can give considerable flexibility for your environment.
For example, some external commands can authenticate using Windows NT®-based domain passwords to
a Microsoft® web proxy, which
is not directly supported by SWA.
The following command is an example:
swa report -x download_cmd='ssh user@system curl'
This command uses SSH (see ssh(1)) to run the curl command on a gateway system. The curl command
is an open source tool that ships with several Linux distributions. curl may be configured, either using a configuration file
on the gateway system or by command-line parameters specified as part
of the download_cmd option.
- -x ftp_proxy=${proxy}
Usage: Advanced
Applicable steps: catalog
download
Proxy host and port (with optional HTTP basic authentication
username and password) for accessing content using the FTP protocol.
No proxy information is specified by default.
The following format is used:
service://[user:password@]proxy-server:port
For example: ftp_proxy=http://web-proxy.mycompany.com:8088
The FTP protocol is used for patch download. Integrity of the
patches is checked using MD5 secure hashes in the catalog, for which
the HTTPS protocol is recommended. See the https_proxy option and the catalog_source option for details.
The use of ${proxy} for this option value
is substituted with the value of the proxy option
(which is not set by default).
- -x html_report=${user_dir}/report/swa_report.html
Usage: Basic
Applicable steps: report
The file containing the HTML-formatted report that is generated
by the swa report command. This is a single file
with internal hyperlinks. The HTML report may be printed to standard
output using the stdout_report_type option.
The use of ${user_dir} at the beginning of
this option value is substituted with the value of the user_dir option (which defaults to $HOME/.swa).
- -x https_proxy=${proxy}
Usage: Advanced
Applicable steps: catalog
download
Proxy host and port (with optional HTTP basic authentication
username and password) for accessing content using the HTTPS protocol.
No proxy information is specified by default.
The following format is used:
service://[user:password@]proxy-server:port
For example: https_proxy=http://web-proxy.mycompany.com:8088
If username and password are specified as authentication credentials
to your proxy server, HTTP basic authentication is used, which is
a clear-text protocol, (that is, your password may be visible to others
on your network). Also, credentials specified on the command-line
are visible to other local users, and access to credentials stored
in extended option files are determined by their permissions. If your
proxy server requires another type of authentication, see the -x download_cmd option.
The use of ${proxy} for this option value
is substituted with the value of the proxy option
(which is not set by default).
- -x http_proxy=${proxy}
Usage: Advanced
Applicable steps: catalog
download
Proxy host and port (with optional HTTP basic authentication
username and password) for accessing content using the HTTP protocol.
No proxy information is specified by default.
The following format is used:
service://[user:password@]proxy-server:port
For example: http_proxy=http://web-proxy.mycompany.com:8088
The HTTP protocol is the default protocol used to download certificate
revocation lists. See the crl_url option for more
details.
The use of ${proxy} for this option value
is substituted with the value of the proxy option
(which is not set by default).
- -x ignore_file=${user_dir}/ignore
Usage: Basic
Applicable steps: analyze
Files containing regular expressions, indicating which issues
to ignore. Each issue is matched by a regular expression (see regexp(5)), and is ignored by the analysis. That is, whether
or not the host or depot being analyzed have the identified issue,
that issue will not appear on the report. In addition, software will
not be selected for download to address the issue. The software may
still be selected to address a different issue.
When a user first runs SWA, if this file does not exist, a template
file is created, which contains instructions on how to use this file.
Upon creation, if a ~/.spc_ignore file exists,
it is translated into the SWA format and appended to the template.
The use of ${user_dir} at the beginning of
this option value is substituted with the value of the user_dir option (which defaults to $HOME/.swa).
- -x inventory_max_age=24
Usage: Intermediate
Applicable steps:
inventory
Specifies the age, in hours, of the cached copy of the inventory
contents of a given system. If the inventory becomes too old (based
on the timestamp stored in the file), SWA will inventory the host
system/depot again.
Note: There are two special values, 0 and -1. The value of 0 signifies to always update the file. The value of -1 signifies to never update the file, regardless of age.
- -x inventory_source=localhost
Usage: Basic
Note: This
release supports only one system, depot (limited use cases), or inventory
file for analysis per invocation of SWA. This option is useful for
analyzing a remote system without installing SWA on that system.
Specify one of the following: a host system or depot to be inventoried,
analyzed, and reported on; or an existing inventory file to be analyzed
and reported on.
Specify source as a URL using one of the following formats:
- hostname
System specification, uses unauthenticated swlist protocol to gather the host inventory.
- [hostname:]full-path-to-depot
Depot specification, also uses swlist protocol (limited use cases).
- ssh://[user@]hostname[:full-path-to-depot]
SSH specification to system or depot, uses SSH to
contact host and local swlist of the system or
depot.
The inventory information is cached for later access
in a cache directory within the user_dir. Naming
of the inventory files is based on the hostname and path-to-depot
as specified (for example, using the fully qualified domain name of
a host will be cached separately from using the node name, even for
the same machine). Refresh of the cached inventory for each inventory_source is determined by the inventory_max_age option.
Note: This option is equivalent to -s but is suitable for use within an extended options file
(-X) or configuration file.
- [file://]full-path-to-inventory-file]
Inventory file specification, must be a local file.
If an argument is specified in such a way that it could be interpreted
as either a system name or a file name, it will be assumed to be a
system name. For example, if foo is the argument,
then it will be interpreted as a system named foo. Alternatively, if ./foo is the argument, then
it will be interpreted as an inventory file named foo residing in the current directory.
If an inventory file name is not specified, the inventory information
is cached for later access in a cache directory within the user_dir. Naming of these cached inventory files is based
on the hostname and path-to-depot as specified (e.g. using the fully
qualified domain name of a host will be cached separately from using
the node name, even for the same machine). Refresh of the cached inventory
for each inventory_source is determined
by the inventory_max_age option.
The following option specifications are examples:
System specification:
-x inventory_source=ssh://user@host.example.com
Depot specification:
-x inventory_source=ssh://host.example.com/var/spool/sw
Inventory file specification:
-x inventory_source=file:///home/user/local_inventory.xml
Note: This option is equivalent to -s but is suitable for use within an extended options file
(-X) or configuration file.
- -x logfile=/var/opt/swa/swa.log
Usage: Basic
Applicable steps: catalog
inventory analyze report download depot
This is the path to the log file for this command. Each time
SWA is run, this file will grow larger. This can be changed, for example,
to a month-specific location for easier archiving, off-host backup,
and rotation.
- -x log_verbosity=4
Usage: Basic
Applicable steps: catalog
inventory analyze report download depot
Specifies the level of message verbosity in the log file (See
also -x verbosity). Legal values are:
- 0
Only ERROR messages and the starting and ending BANNER
messages.
- 1
Adds WARNING messages.
- 2
Adds NOTE messages.
- 3
Adds INFO messages (informational messages preceded
by the '*' character).
- 4
Adds verbose INFO messages; this is the default.
- 5
Adds very verbose INFO messages.
- -x preview=false
Usage: Basic
Applicable steps: download
depot
Specifies if swa step should be run in preview
mode or not. If preview is set to false, do not
run in preview mode. If preview is set to true,
run this command in preview mode only (that is, complete the analysis
phase and exit; no changes are committed to disk). Setting this option
to true has the same effect as specifying -p on the command line.
- -x proxy=
Usage: Basic
Applicable steps: catalog
download Proxy host and port (with optional HTTP basic authentication
username and password) for accessing content using the relevant protocol.
No proxy information is specified by default.
The following format is used:
service://[user:password@]proxy-server:port
For example: proxy=http://web-proxy.mycompany.com:8088
If username and password are specified as authentication credentials
to your proxy server, HTTP basic authentication is used, which is
a clear-text protocol, (that is, your password may be visible to others
on your network). Also, credentials specified on the command-line
are visible to other local users, and access to credentials stored
in extended option files are determined by their permissions. If your
proxy server requires another type of authentication, see the -x download_cmd option. This option is used as the default
for the other proxy settings.
The HTTPS protocol is used for catalog download, the HTTP protocol
is used to download the CRL, and the FTP protocol is used for patch
download. The proxy= option controls the default
for all three proxies. See the https_proxy option,
the http_proxy option, and the ftp_proxy option for more details.
- -x report_when_no_issues=true
Usage: Intermediate
Applicable steps:
report
Controls whether SWA will produce a report to standard output
when there are no issues and/or actions. This is useful, for example,
in a cron job where you want email sent to you only if there is an
issue found.
- true
A standard output report is always produced.
- false
A standard output report is only produced if there
are issues and/or actions.
Hint: To check for error status, use the exit code of the command
and check the logfile for details.
- -x ssh_options=
Usage: Intermediate
Applicable steps:
inventory
Options to be passed to ssh. Multiple options may, be included
as a space-delimited list. For example, if you are using SWA in a
cronjob, you may want to specify '-o BatchMode=yes' to return immediately upon failure, rather than prompting for a
password.
See ssh_config(5) for additional options.
- -x stdout_report_type=action
Usage: Basic
Applicable steps: report
Type of report to display on standard output. This is useful
for controlling what type of output you would like to see. Legal values
are:
- action
Summary of recommended actions
- issue
Summary of identified issues
- detail
Recommended actions with issue justification
- html
Comprehensive HTML report
- none
No report
- -x swcache=/var/opt/swa/cache
Usage: Basic
Applicable steps: download
depot
This is the directory where SWA stores downloaded patches before
putting them into a depot. The default location is only writable by
root, so this directory needs to be changed for a non-root user to
be able to download software. Opening up permissions on the default
location is not recommended.
- -x user_dir=~/.swa
Usage: Basic
Applicable steps: catalog
inventory analyze report download depot
The directory where SWA stores catalog, inventory, analysis,
ignore, and report files. The default location is a subdirectory (.swa) of the user's home directory. This can be changed,
for example, to allow archival of previous interim artifacts in a
date-specific directory or off-host. Several other options default
to a directory relative to this directory, so changing this option
allows all of those locations to stay in synch relative to a common
root.
- -x verbosity=3
Usage: Basic
Applicable steps: catalog
inventory analyze report download depot
Specifies the level of standard error verboseness:
- 0
Only ERROR messages and the starting and ending BANNER
messages.
- 1
Adds WARNING messages.
- 2
Adds NOTE messages.
- 3
Adds INFO messages (informational messages preceded
by the '*' character); this is the default.
- 4
Adds verbose INFO messages.
- 5
Adds very verbose INFO messages.
Note: The -v option is
equivalent to increasing verbosity by 1 (for example, from 3 to 4)
and the -q option is equivalent to decreasing verbosity
by 1. The -v and -q options
can be used more than once.
Printable version
