Creating a patch catalog

The patch catalog is used to maintain and work with the patch repository through the BMC Server Automation Console.

For both types of repositories, online and offline, you create a patch catalog through the BMC Server Automation Console. Patches are added to the catalog as depot objects according to filters defined for the catalog.

Note

The deploy option for the patch catalog does not involve patch analysis and thus cannot account for dependencies on other patches. This option does not check for payload availability. BMC recommends that the deploy option be used only by advanced users who would want to deploy a patch without performing a patch analysis.

This topic includes the following sections:

Related BMC Communities article

BMC Customers using Automation for Patching use cases depend on OS vendors for Patches and metadata.  To view a document that tracks the service status of the different OS Vendors as known to BMC Support, see the following BMC Communities document:

OS Patching Vendor Health Dashboard

Before you begin

  • Ensure that security policies on the repository server do not block the download of the catalog.
  • You cannot use a proxy server while using the SUMA download option when creating an AIX patch catalog. For details on the Proxy Server options, see Global-Configuration-parameter-list.

  • (Linux only) Ensure that you have performed the corresponding prerequisite steps if you are creating a patch catalog for any of the following Linux operating systems:

    Click here to view prerequisite steps for Linux patching...

    Operating systems

    Prerequisite steps

    • Red Hat Enterprise Linux
    • SUSE Linux Enterprise
    • Oracle Enterprise Linux

    You must pre-install the following packages on the server that hosts the patch repository:

    • createrepo 0.4.6
    • python-urlgrabber 2.9.6

    Note: The versions above were used for testing and validation. Later versions of these packages are known to work but have not been officially qualified with the product.

    Red Hat Enterprise Linux

     

    • If the RHEL repository is created using an earlier version of the offline downloader (8.6 or earlier), you must rerun the offline downloader once before creating or updating an offline patch catalog.

    • Ensure that you have downloaded and imported the required certificate as described in the following steps:

      Downloading and importing the certificate required for creating an RHEL patch catalog...

      The DER encoded binary X.509 (.CER) certificate must be imported before creating a Patch Catalog for any version of the Red Hat Enterprise Linux. If you have imported this certificate in previous versions of BMC Server Automation, ensure that you have re-imported the certificate, if the Java Version is changed on the current version of BMC Server Automation.

      See the following steps for downloading and importing the DER encoded binary X.509 (.CER) certificate file.

      Downloading the certificate file

      You must use your browser to download the required certificate from https://idp.redhat.com/idp/. Although you can use any browser to download the certificates, we have provided steps for downloading using Internet Explorer as an example:

      1. Right-click the Internet Explorer icon and select Run As Administrator.
        adminrun.png
      2. Navigate to the Red Hat Customer Portal site (https://idp.redhat.com/idp/) and click the pad-lock icon padlock.JPG on the right of navigation bar.
      3. Click the View Certificates link, the Certificate Dialog box opens.
      4. On the Details tab, click the Copy to File button. The Certificate Export Wizard opens.
      5. Select DER encoded binary X.509 (.CER) and save the file with a .cer extension.

      Importing the certificate file

      Depending on the operating system you are on, perform either of the following steps:

      On Windows


        1. Navigate to directory on which you have installed BMC Server Automation. The default directory is C:\Program Files\BMC Software\BladeLogic\appserver.
        2. Copy the Red Hat certificate file to the \NSH\jre\lib\security path inside the installation directory.

        3. Navigate to the \NSH\jre\bin path inside the installation directory and execute the following command: 

          keytool.exe -import -alias redhat 
          -file <installationDirectory>\NSH\jre\lib\security\redhat.cer 
          -keystore <installationDirectory>\NSH\jre\lib\security\cacerts

          Note that <installationDirectory> is the file path to the directory on which BMC Server Automation is installed.

        4. When prompted by the system for a password, enter changeit.
        5. Restart the Application Server to import the certificate to BMC Server Automation.

      On Linux:

      Navigate to directory on which you have installed BMC Server Automation. The default directory is /opt/bmc/bladelogic/appserver.

      1. Copy the Red Hat certificate file to the /NSH/br/java/lib/security path inside the installation directory.

      2. Navigate to the /NSH/br/java/bin path inside the installation directory and execute the following command:

        keytool -import -alias redhat 
        -file <installationDirectory>/NSH/br/java/lib/security/redhat.cer 
        -keystore <installationDirectory>/NSH/br/java/lib/security/cacerts

        Note that <installationDirectory> is the file path to the directory on which BMC Server Automation is installed.

      3. When prompted by the system for a password, enter changeit.
      4. Restart the Application Server to import the certificate to BMC Server Automation.

    Red Hat Enterprise Linux 7 only

    • You must ensure that the repository server is connected to the internet and has the following utilities installed:
      • Yum
      • Reposync
      • Subscription manager

    • You need to download certain certificates and add them to a depot location before you can create a patch catalog for RHEL 7.

      Downloading certificates for creating an RHEL 7 patch catalog

       

      1. You must register an account on Red Hat Customer Portal, if you do not already have an account.
      2. Log on to the Red Hat Customer Portal and click Subscriptions at the top of the page.
        1.png
      3. At the bottom of the page, under Subscriber Inventory, click Systems.
        2.png
      4. Click Register a system, if you have not already registered your system.
        3.png
      5. Enter the details of your system and click Register.
        4.png
      6. After your system is registered, attach a subscription to your system by clicking Attach a subscription.
        5.png
      7. Select the type of subscription you are using and click Attach Selected.
        6.png
      8. In the Entitlement certificate column of the attachment click Download, to download the entitlement certificate file.
        7.png
      9. Rename the file to client-cert.pem and copy it to a temporary location on the depot.
      10. On the Identity Certificate tab click Download, to download the identity key certificate file.
      11. 8.png
      12. Rename the file to client-key.pem and copy it to a temporary location on the depot.
      13. On your RHEL 7 server, navigate to the /etc/rhsm/ca/ and copy the CA certificate file (redhat-uep.pem) to the same directory as the client-key.pem and client-cert.pem files.
      14. (For online mode only) You must enter the locations of the certificate files in the SSL CA Cert File (redhat-uep.pem), SSL Client Cert File (client-cert.pem), and SSL Client Key File (client-key.pem) fields of the Patch Global Configuration dialog box, see Global-Configuration-parameter-list.
    • You can use a Proxy server for RHEL 7 patch catalog in BMC Server Automation. For details on the Proxy Server options, see Global-Configuration-parameter-list.

    • Note the limitations while creating filters for RHEL 7 in an online or offline catalog.

      Click here to view the filter limitations for RHEL7

       

      • When patching on RHEL7, you cannot create update-level or channel-level filters. You must use errata-level filters instead.
      • if your repository server runs on RHEL 5 or earlier, you can only download packages to your repository and not the errata metadata. Note that although the errata metadata is not downloaded, you can still create errata ID and errata-type filters in the online or offline catalog

  • Ensure that the platform on which you plan to store the patch repository is supported by BMC Server Automation.

    Click here to expand the supported platform matrix for storing patch repositories...

    Select the type of patch catalog you are creating to filter the supported platforms.

To create a patch catalog

  1. Right-click a folder in the Depot and select New > Patch catalog > platformName > Catalog.
    For platformName, substitute the platform such as Windows patch catalog, Red Hat patch catalog.
    Note: To create patch catalog for Ubuntu, select New > Patch Catalog > Debian Linux Patch Catalog. On the second panel of the wizard, select the Ubuntu version to download in the Download from vendor section, as shown below.
    ubuntu_patch_catalog.gif

  2. Provide information for the patch catalog as described in the following topics:

    Note

    After they are created, all panes in the wizard remain available for edit and review except General and Permissions.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*