Creating a patch catalog for RHEL 6
Related BMC Communities article
BMC Customers using Automation for Patching use cases depend on OS vendors for Patches and metadata. To view a document that tracks the service status of the different OS Vendors as known to BMC Support, see the following BMC Communities document:
The patch catalog is used to maintain and work with the patch repository through the BMC Server Automation Console. For both types of repositories, online and offline, you create a patch catalog through the BMC Server Automation Console. Patches are added to the catalog as depot objects according to filters defined for the catalog.
This topic describes how to set up a patch catalog for RHEL 6, and includes the following sections:
The video at right demonstrates the steps in creating an offline patch catalog for Red Hat Enterprise Linux 6, including the preparatory task of setting up the Offline Patch Downloader utility for Red Hat Enterprise Linux.
Reviewing prerequisites for the catalog
Ensure that security policies on the repository server do not block the download of the catalog.
You must pre-install the following packages on the server that hosts the patch repository:
- reposync (part of the yum-utils rpm)
- If you plan to use a Proxy server for the RHEL 7 patch catalog in BMC Server Automation, review the Proxy Server options described in Global Configuration parameter list.
Creating the patch catalog
Right-click a folder in the Depot and select New > Patch catalog > Red Hat Linux Patch Catalog.
The Patch Catalog wizard opens.
After they are created, all panes in the wizard remain available for edit and review except General and Permissions.
Provide information for the patch catalog as described in the following table:
Panel Description Patch catalog - General Enter a Name for the patch catalog and a Description of its contents. Then, browse to the folder in which you want to store the catalog. Patch catalog - Red Hat Catalog options Defines a number of options including locations (such as the location of the source files and the repository), as well as filters and whether local copies of the files are created on the target server or downloaded directly during deployment.
Select one of two options:
- Source from Red Hat Network (Online Mode): Use this mode if the BMC Server Automation Application Server is installed on a server with Internet access.
- Source from Disk Repository (Offline Mode): Use this mode in a secured environment where download occurs on a server, with Internet access, outside of the environment.
Red Hat Network Credentials
If you selected Source from Red Hat Network (Online Mode) enter the user name and password supplied by the vendor and required to access the Red Hat Network website. If you have already entered your Red Hat Network credentials in the Global Configuration parameter list, those credentials will appear by default while creating a patch catalog. However, note that you can modify the credentials for a particular Patch catalog and override the default credentials.
Enter the following information:
Payload Source Location (NSH path)
(Offline Only) Location of existing metadata and payload files. Metadata files stored in this location are copied to the catalog automatically. Payload files are not copied to the catalog.
Repository Location (NSH Path)
NSH path of the patch repository location. BMC recommends that this location have ample free space. Repositories typically contain many files, usually totaling gigabytes of data.Click here to see the platforms supported for storing your repository
- MultiExcerpt named 'repositoryMatrix' was not found
- In online mode, you can copy pre-existing Errata and RPMs manually into this directory. BMC Server Automation does not download duplicate files from the Red Hat Network site.
- The Payload Source Location and the Repository Location can point to the same directory.
- When specifying a host within an NSH path, you can use either the host name of the IP address (IPv4 or IPv6).
- Red Hat recommends that the version of the operating system of the patches in the patch repository and the repository server should match. For example, if your catalog contains RedHat Enterprise Linux 7, then the repository server should be RedHat Enterprise Linux 7.
Depot Object Options
Enter the following information:
Network URL Type for Payload Deployment
- (default) Copy to agent at staging: The BMC Server Automation Application Server copies patch payloads to a staging directory on the target server during the Deploy Job staging phase.
- Agent mounts source for direct use at deployment (no local copy): A Deploy Job instructs the agent on a target server to: mount the device specified in the URl and deploy patch payloads directly to the agent. The Deploy Job does not copy patch payloads to a staging area on the agent, so the job does not create any local copies of the patches on target servers.
Network URL for Payload Deployment
The value entered here depends on your selection in the Network URL Type for Payload Deployment box:
- If you chose Copy to agent at staging, do not enter a value here. The value is autopopulated based on the repository location.
- If you chose Agent mounts source for direct use at deployment (no local copy), enter the NFS-accessible path to the location of the payload.
If you specify the host in this path as an IPv6 address, enclose the IPv6 address in square brackets.
Browse to and select a predefined ACL Policy. Permissions defined by the ACL Policy are assigned to all Depot objects created in the catalog.
Filters limit the amount of information brought into the catalog.There is no upper limit to the number of filter combinations you can make but there must be at least one. Only RPMs and Errata that match the combinations you define (and their dependent RPMs and Errata) are added to the catalog. Note that you cannot create multiple filters for the same combination of operating system and architecture.
Available types of filters are:
Click here to view limitations on filters
- Errata Type
- When patching on RHEL7, you cannot create update-level or channel-level filters. You must use errata-level filters instead.
- When patching on RHEL7, you cannot create channel-level filters. You must use errata-level filters instead.
You can define filters either when the catalog is created or later, when you edit the catalog. To begin, click Add Filter and select from the following:
Online Mode (Red Hat Network is selected automatically)
Select the channel from the list provided. The operating system (OS) and architecture are supplied automatically in read-only boxes. If you want to download child channels, select Offline Mode, and use the Patch Downloader utility for Red Hat Enterprise Linux, as described in Downloading child channels using the Patch Downloader utility.
By Errata Type
For Errata Type, choose:
- Bug Fix Advisory
- Product Enhancement Advisory
- Security Advisory
For Errata Severity, choose:
By Errata Advisory
Create an Include List by entering the names of individual Errata Advisories.
By Update Level
Select the Update Level from the list provided.
Offline Mode (Disk Repository is selected automatically)
In Offline Mode, you must create the filters definitions in the configuration file that is used by the patch downloader utility.
Enable Update Level
Select an Update Level that you previously downloaded.
Select an Update Level identifier; only one can be included for each filter.
Patch catalog - Default Notifications
The Default Notifications panel provides options for defining default notifications that are generated when a job completes. If you have set up notifications for a particular scheduled job, those notifications are generated instead of default notifications.
Default notifications can take the form of emails or SNMP traps. When a job completes, an SNMP trap is sent to a specified server, where it can be read using software that receives and interprets SNMP traps. Default notifications are sent when you run a job immediately (that is, you do not schedule the job) or a scheduled job completes but you have not set up email or SNMP notifications for that scheduled occurrence.
Job Run Notifications
Send email to
Lists email addresses of the accounts to notify when a job completes with the status that you specify. Separate multiple email addresses with semicolons, such as
firstname.lastname@example.org;email@example.com. After entering email address information, check the statuses that cause an email to be generated. The statuses can be Success, Failed, or Aborted.
Send SNMP trap to
Provides name or IP address of the server to notify when the job completes. After entering server information, select the statuses that should cause an SNMP trap to be generated. The statuses can be Success, Failed, or Aborted.
BMC Server Automation provides a management information base (MIB) that describes its SNMP trap structure. You can use this MIB to create scripts that integrate traps into your trap collection system. The MIB is located on the Application Server host computer at installDirectory/Share/BladeLogic.mib.
List failed servers in email notification
Indicates that email notifications should list all servers on which a job has failed.
Patch catalog - SchedulesThe Schedules panel lets you schedule a job to execute immediately, schedule a job at a specific time in the future, schedule a job on a recurring basis, and define notifications that are issued when a job runs.
When scheduling a job, you can perform any of the following tasks:
- Scheduling a job that executes immediately — To schedule a job that executes immediately, select Execute job now.
- Scheduling a job — The Schedule tab lets you schedule a job so it can run one time, recur hourly, daily, weekly, or monthly, or recur at some arbitrary interval. For more information, see Patch catalog - Scheduling.
- Defining job notifications — The Job Notifications tab lets you set up notifications that are generated when a scheduled job runs. For more information, see Patch catalog - Scheduled Job Notifications.
Patch catalog - Properties
The Properties panel provides a list of properties automatically assigned to a Snapshot Job. In this list, you can modify the value of any properties that are defined as editable.
For any property that has a check in the Editable column, select the property and click in the Value column.
- To set a property value back to its default value, click Reset to Default Value
The value of the property is reset to the value it inherits from a built-in property class. The Value Source column shows the property class from which the value is inherited. .
- Depending on the type of property you are editing, you can take different actions to set a new value, such as entering an alphanumeric string, choosing from an enumerated list, or selecting a date.
To insert a parameter into the value, enter the value, bracketed with double question mark delimiters (for example,
??MYPARAMETER??) or click Select Property .
Patch catalog - PermissionsThe Permissions list is an access control list (ACL) granting roles access to any objects created in the system, such as jobs, servers, or depot objects. ACLs control access to all objects, including the sharing of objects between roles.
Using the Permissions panel, you can add individual permissions to an object. You can also set permissions by adding ACL templates or ACL policies. For more information, see the following table:
Adding an authorization
An authorization grants permission to a role to perform a certain type of action on this object.
To add an authorization to this object, click Add Entryin the Access Control List area. Then use the Add New Entry dialog box to specify the role and authorization you want to add.
Adding an ACL template
An ACL template is a group of predefined authorizations granted to roles. Using an ACL template, you can add a group of authorizations to the object.
To add an ACL template to the object, click Use ACL Templatein the Access Control List area. Then use the Select ACL Template dialog box to specify an ACL template that you want to add to this object.
To set the contents of the selected ACL templates so they replace all entries in the access control list, check Replace ACL with selected templates. If you do not check this option, the contents of the selected ACL templates are appended to existing entries in the access control list.
Adding an ACL policy
An ACL policy is a group of authorizations that can be applied to this object but can be managed from one location.
To add an ACL policy to this object, click Use ACL Policyin the ACL Policies area. Then use the Select ACL Policy dialog box to specify an ACL policy that you want to add to the object.
To set the contents of the selected ACL policies so they replace all entries in the access control list, check Replace ACL with selected policies. If you do not check this option, the contents of the selected ACL policies are appended to existing entries in the access control list.
A Patch Catalog is stored in the appropriate Depot folder.
Editing the additional options
- In the Depot, right-click the Red Hat Patch Catalog you just created.
- Select Open.
Set or update any information for the patch catalog options.
When finished, save the catalog.