Download the Microsoft Offline patch catalog from the command line

The populate-opsware-update-library shell script downloads the Offline Microsoft Catalog from the Microsoft site and imports the Windows database and patches into Server Automation.

Prerequisites:

Before running the command line script, ensure that:

• your patching mode in SA Client > Administration > Patch Settings > Patch Downloads is set to Microsoft Offline Catalog.
• your SA Core has access to the internet or to a web proxy.
• the patch metadata is available in the currently loaded Microsoft patch database. SA maps patch binaries to available patch metadata during patch import. For more information, see Import metadata for Windows patches.

Script vs. SA Client imports

You can import patches from the Microsoft Offline Catalog either from the SA Client using this script. The command line script is better when you want to download all the available patches to the system. If you updated your patches monthly, for example, you would most likely use the command line tool, and save the arguments.

For information about importing the offline Microsoft catalog via the SA Client, see Import Windows patch database from the MS offline catalog.

Running the script

The populate-opsware-update-library script is located in the following directory:

/opt/opsware/mm_wordbot/util/

To run the script:

1. Log on to the Software Repository server as root.
2. Schedule the script to run periodically as a cron job on the Software Repository server. From the SA Client, the patches imported with the script show up as automatically imported.

3. Run the populate-opsware-update-library script with --help parameter for a complete list of available options.

Script Options

• This shell script sets the initial status of newly imported patches to Available or Limited.
• The script can also filter the patches imported according to operating system, such as specific versions of Windows Servers. When you run this script, patches from all products that are selected in the Patch Settings product list will be imported, unless they are specifically omitted by one of the command-line options. See Parameters for the populate-opsware-update-library script.
• This script provides options for omitting patches from certain Windows operating systems; but it does not provide options for omitting non-OS products, such as Microsoft Office or Exchange.

Parameters for the populate-opsware-update-library script

The following table describes the script’s options.

Option	Description
--spin <hostname-or-IP>	Hostname or IP address of the Data Access Engine (spin) host. Default: spin
--theword <hostname-or-IP>	Hostname or IP address of the Software Repository (theword) host. Default: theword
--cert_path <file-path>	File specification of the cert file to be used for the spin connection. Default: /var/opt/opsware/crypto/wordbot/wordbot.srv
--ca_path <file-path>	File specification of CA file to be used for Spin connection. Default value: /var/opt/opsware/crypto/wordbot/opsware-ca.crt
--verbose	Display copious output.
--no_nt4	Do not process NT4 patches.
--no_w2k	Do not process W2K patches.
--no_xp	Do not process XP patches.
--no_w2k3	Do not process W2K3 patches.
--no_w2k3x64	Do not process W2K8 x64 patches.
--no_w2k8	Do not process W2K8 patches.
--no_w2k8x64	Do not process W2K8 x64 patches.
--no_w2k8r2x64	Do not process W2K8 R2 x64 patches.
--no_w2k8r2ia64	Do not process W2K8 R2 IA64 patches.
--no_w2k12x64	Do not process W2K12 x64 patches.
--no_w2k12r2x64	Do not process W2K12 R2 x64 patches.
--no_w7x64	Do not process W7 x64 patches.
--no_w7	Do not process W7 patches.
--no_w81x64	Do not process W8.1 x64 patches.
--no_w10x64	Do not process W10 x64 patches.
--no_w2k16x64	Do not process W16 x64 patches.
--wget_path <file-path>	Use wget for the downloads vs built-in download support. File specification of the wget utility.
--wget_http_proxy <server:port>	wget HTTP proxy server in format proxyserver:httpport. This option is ignored if wget http proxy is configured in wget user startup file .wgetrc.
--wget_ftp_proxy <server:port>	wget FTP proxy server in format proxyserver:ftpport. This option is ignored if wget ftp proxy is configured in wget user startup file .wgetrc.
--use_proxy_url <url>	When downloading binaries, connect via this proxy URL. This option overrides the proxy settings specified via the http_proxy environment variable.
--proxy_userid <userid>	Basic-auth userid to provide to proxy server. Another way of providing the proxy userid is by setting the POP_OPSW_LIB_PROXY_USER environment variable. This option overrides the proxy userid specified via the POP_OPSW_LIB_PROXY_USER environment variable.
--proxy_passwd <passwd>	Basic-auth passwd to provide to proxy server. Another way of providing the proxy password is by setting the POP_OPSW_LIB_PROXY_PASSWD environment variable. This option overrides the proxy password specified via the POP_OPSW_LIB_PROXY_PASSWD environment variable. Please note that specifying the proxy password via this option makes the password visible to any user on the process command line. To avoid this do not use this option and specify the password via the POP_OPSW_LIB_PROXY_PASSWD environment variable.
--set_available	Set availability status to Available when uploading patches.
--set_limited	Set availability status to Limited when uploading patches.
--no_hotfixes	Do not upload hotfixes.
--no_servicepacks	Do not upload service packs.
--no_updaterollups	Do not upload updaterollups.
--no_wsusscan_upload	Do not upload the MBSA 2.1x patch database.
--wsusscan_url_override <url>	Download the MBSA 2.1x patch database from this URL.
--force_msutil_upload	Force new Microsoft utilities to be fetched and uploaded This option is ignored if --download_only is also specified.
--no_msutil_upload	Skip Microsoft utilites check and upload
--wua_x86_url_override <url	Download x86 Windows Update Agent from this URL.
--wua_x64_url_override <url>	Download x64 Windows Update Agent from this URL.
--wua_ia64_url_override <url>	Download ia64 Windows Update Agent from this URL.
--update_all	Refresh the patches already uploaded into Opsware SAS.
--download_only <path>	Download files from the vendor's web site to the specified path, but do not upload them into Opsware SAS.
--download_only_if_not_exists	If --download_only specified, only download patches that don't yet exist.
--upload_from_update_root <path>	Upload files from specified directory instead of from vendor's website. This option is ignored if --download_only is also specified.
--use_temp_download_path <path>	Download files to temporary download directory instead of a subdirectory under /var/tmp.
--log_file <path>	Log the output to the specific file.
--parallel_uploads <number>	Number of patch uploads to run in parallel. System specific default value will be used.
--download_retry <number>	Number of times to retry the download of patches
--help	Display this message. Note that --set_limited and --set_available cannot both be set at the same time. ./populate-opsware-update-library.pyc: version 3.2.0 This script has been developed and test-run on a word server, but should run on any core server with word or spin crypto. No parsing of the cab is done in this script.