This topic walks you through the process of using BMC BladeLogic Server Automation (BSA) to analyze the Red Hat Linux systems in your environment to see if there are systems that require patches and updates.
This topic includes the following sections:
The video at right demonstrates the process of patch analysis for Linux Red Hat systems.
This topic is intended for system administrators. The goal of this topic is to demonstrate how to perform basic patch analysis for Linux systems using BSA. In the example shown here, we are analyzing for missing or outdated RPMs and Errata.
Patch management refers to the acquisition, testing, and installation of patches to ensure that servers are always in compliance with organizational policies.
Due to the number of servers being managed, multiplied by the vast amount of patches released by the software and OS vendors, patch management has become one of the most time consuming tasks for many IT organizations. BSA automates the process of building and maintaining a patch repository, analyzing target servers, and, if necessary, packaging and deploying patches. At the end of the process, reports are available to show compliance.
Patch management in BSA consists of two primary tasks:
BSA supports analysis, download, and deployment of patches for all of the major operating systems.
This walkthrough shows how to use a Patch Analysis Job to identify missing critical patches on Red Hat Enterprise Linux 6 servers. The Patch Analysis Job created in the walkthrough:
The walkthrough also shows how to view Patch Analysis results for Red Hat Enterprise Linux 6 systems and to determine which critical patches need to be applied.
Create the Patching Job.
Define the general settings on the New Linux Patching Job General panel.
On the Analysis Options panel, specify whether the job should run in Install mode or Update mode. Install mode is used to install new RPMs on systems as well as any required dependencies. Update mode checks for outdated RPMs based on what is in the catalog. Use Update mode for Linux patching and Install made when installing new RPMs.
On this panel you can also specify the include and exclude lists that form the basis of your patch analysis. Patch Analysis Jobs analyze patches by collecting an "include" list and then removing any patches from an "exclude" list. The contents of patch smart groups can change based on patch characteristics. It is possible for a patch to appear in both the include and the exclude list. If that occurs, the patch is not analyzed. Remember, the include list minus the exclude list yields the patches to be analyzed.
If you do not specify an include or exclude list, the analysis uses all RPMs in the catalog that are applicable to the target severs. In this walk through we use a patch smart group that includes a limited set of Errata.
On the Remediation Options panel, you define what to do when a target is not compliant with the patches you are analyzing. BSA can automatically create the BLPackages and Deploy Jobs needed to correct any patching deficiencies that the job discovers.
On the Targets panel, select the servers that are the targets of this Linux Patching Job.
On the Default Notifications panel, configure the default notification settings. The defaults are used for all runs of this job unless you override them with notification settings for a scheduled job.
This example sends an email to the patch administrator for any targets that have failed analysis, and appends detailed patch analysis results with the e-mail.
On the Schedules panel, you can set up an execution schedule for the job and you can choose to execute it immediately.
For this example we run the job immediately and also schedule it to run on the first Tuesday of every month afterwards.
Once the job starts to execute, the Tasks in Progress pane (typically at lower right) shows the tasks running at this moment. In a typical BSA production environment you will see many jobs running at the same time performing many different tasks.
To show the Tasks in Progress pane in full screen mode, double-click the Tasks in Progress tab. This gives you more room to expand the columns in the pane. To return the view to its original size, double-click the tab again.
Wait for the job to finish and click Refreshif needed
To view the results of the patching job:
Identify servers with missing patches.
The right panel shows a summary of the job results, including the numbers of missing RPMs and Errata for each server.
Identify the missing patches.
Optionally, you may want to examine the properties of an RPM or Errata before applying it to your servers.
We have seen how BSA lets you analyze patches for the Linux operating system. The next step is to deliver the appropriate fixes to the operating systems.
See Walkthrough: Basic patch remediation for a description of how to package and deploy patches to servers requiring remediation. The walkthrough describes a process for Windows, but the process is the for Linux.
The following BladeLogic ZipKit provides a pre-configured component template that performs a number of actions to determine patch readiness on Linux systems: