TrueSight Server Automation 21.3
|September 30, 2022||Notification of a critical issue with partitioned databases|
Identifies the corrective action for a problem related to offline or online database cleanup utility on partitioned tables.
|June 14, 2022||Notification of a critical issue with the blcli Delete cleanupObsoleteFilesFromFileServer command||Alerts users of TrueSight Server Automation 21.3 to a critical issue that occurs with the blicli Delete cleanupObsoleteFilesFromFileServer command.|
|December 19, 2021||Fix available for Apache Log4j vulnerabilities||Mitigation for the Apache Log4j vulnerabilities CVE-2021-44228 and CVE-2021-45046|
|December 13, 2021||Rolling Update 1 for version 21.3||Support for Windows Server 2022 for Agent and Patching|
|October 21, 2021||21.3 enhancements|
Includes the following enhancements and updates:
- To stay informed of changes to this list, click the icon on the top of this page.
Ready-made PDFs are available on the PDFs page. You can also create a custom PDF.Click here to see the steps.The BMC Documentation portal gives you the ability to generate PDF and Microsoft Word documents of single pages, and to create PDF exports of multiple pages in a space.
Creating PDF and Word exports
You can create a PDF of a page or a set of pages. (Non-English page exports are not supported.) You can also create a Word document of the current page.
To export to PDF or Word
- From the Tools menu in the upper-right, select a format:
- Export to Word to export the current page to Word format
- Export to PDF to export the current page or a set of pages to PDF
- If exporting to PDF, select what you want to export:
- Only this page to export the current page
- This page and its children to export a set of pages
- From the Tools menu in the upper-right, select a format:
Concepts, architecture, deployment, planning, and system requirements.
Information about installing the product and migrating product data.
Required post-installation configuration.
Upgrade process, migration, and configuration.
Issues resolution, error messages, logs, and contacting Support.
Interface descriptions, using the product.
Security, system administration, maintenance.
Development interfaces and toolkits.
Integrations with other products.
Review the TrueSight Server Automation 21.3 enhancements for features that will benefit your organization and to understand changes that might impact your users.
Use subscription certificates from the repository server for Red Hat Enterprise Linux
In earlier versions, whenever Red Hat reissued any subscription certificates, you had to update the Patch Global Configuration settings (online mode) and the offline downloader's XML configuration file (offline mode) so that the patch catalogs could use the latest certificates.
Starting with this version, TrueSight Server Automation provides support for using certificates from the repository server in addition to the Patch Global Configuration settings and the XML configuration file. While creating a patch catalog if you select the Use Certificates From Repository Server option (online mode), TrueSight Server Automation uses certificates from the repository server instead of the Patch Global Configuration settings. If you set the
<use-repo-server-cert> element to 1 in the XML configuration file, TrueSight Server Automation uses certificates from the repository server instead of the file. If the repository server does not have the latest certificates or if those certificates are not working, TrueSight Server Automation makes an attempt to refresh the certificates on the repository server by using the subscription-manager
Access subscription certificates from a non-standard location on the repository server
By default, the repository server stores subscription certificates for the Red Hat Enterprise Linux patch catalogs in a standard directory. TrueSight Server Automation accesses certificates from this directory while creating a patch catalog. Now you can store certificates in a non-standard directory and configure the psu-patch.properties file so that TrueSight Server Automation can access certificates from the non-standard directory. For more information about configuring the file, see Creating a patch catalog for Red Hat Enterprise Linux (online mode) and Preparing the configuration file for Red Hat Enterprise Linux (offline mode).
Verification of Smart Hub and Smart Hub Gateway by Application Servers and Smart Agents
A TrueSight Server Automation Application Server and Smart Agent can now verify whether they are communicating with a legitimate Smart Hub and Smart Hub Gateway. For more information about the verification process, see Smart Hub to Application Server and Smart Agent.
Secure TLS communication between the Application Server and RSCD Agents using server-side, CA-signed certificates
You can now secure the TLS communication between RSCD Agents and an Application Server by using the server-side, CA-signed certificates on the RSCD Agents.
To use the CA-signed certificates for the server-side verification process, complete the following tasks:
- Configure the Application Server for the CA bundle, which contains root and intermediate CA certificates.
- Generate a CA-signed certificate for the RSCD Agent.
- Provision the RSCD Agent with the CA-signed certificate and enable certificate verification.
For more details about these tasks, see TLS with server-side, CA-signed certificates - Securing a Windows Application Server (Windows) or TLS with server-side, CA-signed certificates - Securing a UNIX Application Server (UNIX).
Analyze RPMs flagged as security updates for Red Hat Enterprise Linux patch catalogs
While creating or modifying a Red Hat Enterprise Linux Patching Job, you can now perform an analysis only for those RPMs that are flagged as security updates.
The new option, Security Mode - Analyze for security updates available for installed RPMs on target server for performing analysis is available for the Red Hat Enterprise Linux versions 7 and 8 Patching Jobs. For more information, see the Patching Job - Analysis Options panel on Creating a Patching Job.
After you upgrade to version 21.3, ensure that you update the existing patch catalogs for the new option to take effect.
Database cleanup performance improvement
The underlying structure of how object overflow data is stored in the COMPLIANCE_RULE_RESULT and JOB_RUN_EVENT tables has been changed and new columns have been added to these tables in version 21.3. The number of rows in the OBJECT_OVERFLOW_DETAIL table has reduced. These changes might result in a cleanup performance improvement in certain environments.
BMC recommends that you perform upgrade in a test environment first, using a copy of the production database, to better estimate the downtime window.
Operations Dashboard UI enhancements
The Operations Dashboard has been enhanced with the following features:
- On the TrueSight Server Automation tab, the legends to indicate deployments have been moved to the right pane. So you can now navigate through a large number of deployments easily.
. In addition, the color scheme has been improved, and each deployment has been assigned a unique color.
- On the Configuration tab, the Dashboard Refresh interval has been reduced to 60 seconds.
- The position of the tooltip for a deployment has been changed for better readability.
For more information, see Operations dashboard.
Password updates for the Live Reporting dashboard
Starting from this release, when you launch the Live Reporting dashboard from the TrueSight Server Automation console for the first time, you are prompted to set the dashboard password. Once you set the password, you will not be prompted for a password on subsequent launches.
You will also need to use this password the first time you launch the dashboard from a browser as you can no longer use the default password. For more information, see Launching the Live Reporting dashboard.
This release contains the following installer updates.
Ability to compare subjects of CA-signer and Smart Hub server certificates
When installing or upgrading the Smart Hub, the subjects of the CA-signer and Smart Hub server certificates are compared. If the subjects match, you are prompted to regenerate the Smart Hub server certificate.
ca-cert-subject: Indicates the values used for generating the CA-signer certificate.
server-cert-subject: Indicates the values used for generating the Smart Hub server certificate.
Availability of 64-bit installers on Windows for various components
TrueSight Server Automation provides 64-bit installers for the following components on Windows:
- PXE Server
- Network Shell
During upgrade to 21.3, the installation directory for these components remains the same even when using the 64-bit installers. For example, if Network Shell (32-bit) was installed in the C:\Program Files (x86) directory, Network Shell is upgraded in the same directory.
TrueSight Server Automation no longer provides 32-bit installers for the following components on Windows:
- Application Server
- Network Shell
RPM-based installer for the Linux, ppc64le architecture
This release provides RPM-based installer for the Linux, ppc64le architecture. For the complete list of installers available in TrueSight Server Automation, see Supported platforms for native installers.
Third-party software updates
This release contains the following third-party software updates.
Support for updated version of Java Runtime Environment (JRE)
This version is shipped with 64-bit JRE, AdoptOpenJDK version 11.0.12+7.
Support for PsExec version 2.34
TrueSight Server Automation now supports PsExec version 2.34.
Note that PsExec versions 2.32 and 2.33 are not supported.
Enabling Smart Agent in RSCD Agents
If you are using RSCD Agents that don't have the Smart Agent feature enabled, ensure that you enable this feature while upgrading to 21.3. Enabling this feature now will prepare your deployed agents for automatic upgrade in a future version.
For instructions on enabling this feature, see Upgrading the RSCD agent on Windows or Upgrading the Network Shell or the RSCD agent using RPM.
PKI authentication updates
TrueSight Server Automation no longer supports 32-bit DLLs when using ActivClient or 90meter for PKI authentication. Therefore, after you upgrade the TrueSight Server Automation console to 21.3, update the sunpkcs11.cfg file to store the path to the 64-bit DLLs. For instructions, see Implementing PKI authentication.
Additional Compliance Content templates
This version adds support for the following Compliance templates:
Assign multiple managed servers to an existing server group using a text file
Now you can assign multiple managed servers to an existing server group simultaneously through a text file by using the Add only existing servers to the group option in the Import Servers wizard. For more information, see Assigning multiple managed servers to a server group using a text file.
Improved job run logging for Patching and Deploy Jobs
The job run logs are improved for the Patching and Deploy Jobs:
- The command exit code for the Patching and Deploy Jobs now shows the full executable path. For example,
"C:\temp\stage\c8258c8160668a62\bldeploycmd-1.bat": Item '<Item name>' returned exit code 0.
- The Deploy end status event is now logged at
ERRORlevel instead of
DEBUG. For example,
08/14/21 11:48:10.086 DEBUG bldeploy - [Q4093119 Deploy Job2021-04-22 17-32-24-599+0530] Sending deploy end status event: The service cannot be started.
Configure additional number of errors and warnings in logs for a target and job run
You can set the additional number of errors and warnings that can be stored in the logs for a target and job run by using the following attributes in the
jrelog component of the
PerTargetErrorWarningBufferLimit: Sets the number of errors and warnings that can be stored for a target in addition to the limit specified in
blasadminby using the
JobRunErrorWarningBufferLimit: Sets the numbers of errors and warnings that can be stored for a job run in addition to the limit specified in
blasadminby using the
For more information about these attributes, see Controlling the size of job logs.
Change in the system authorization notification mechanism for audit trails
In earlier releases, no audit trail notification was sent if the notification was configured on the .* (parent) authorization. For example, if the notification was configured on the Server.* authorization and a user live browsed a server object, no notification was sent.
Starting with this release, to enable audit trail notifications on the parent authorizations, use the following blasadmin command:
set RBAC UseParentAuthNotifications true
Now if the notification is configured on the Server.* authorization and a user live browses a server, notification is sent as configured.
The default value for this setting is
For more information, see Defining audit trails.
REST API enhancements
This version provides the following REST API enhancements:
- The REST API support is available for Patching Jobs on the Ubuntu platform.
- You can add a server to the system by using the POST method. For more information about this method, see servers.
- You can decommission a server with the specified ID by using the DELETE method. For more information about this method, see servers.
The REST API logs display the unique session ID for each API call invoked and the time taken to complete the call (in milliseconds). The following example displays
total time takenfor the POST call.
[04 Aug 2021 16:50:27,746] [https-jsne-jio-9843-exec-6] [INFO] [BLAdmin:BLAdmins:10.133.76.186] Response Status:- POST -> https://tssa-qa:9843/rest/api/v1/patching-jobs, status code 400, session id [4463AD18C034XA6F09F8A7BD7507UI], total time taken ms
For the complete list of supported operating systems and API details, see REST API endpoints.