Global Configuration parameter list
Global configuration parameters provide basic information that is automatically supplied as the default during catalog creation and update as well as during Patching and Remediation Job creation. The following sections describe the configuration parameters and how to configure these parameters:
To have basic information automatically supplied during catalog creation and update as well as Patching and Remediation Job creation, configure global patch configuration parameters.
To configure global patch configuration parameters
- From the Configuration menu, select Patch Global Configuration.
The Patch Global Configuration dialog box is displayed. - Update the parameters as necessary.
The parameters are divided into the following tabs:All Operating Systems — Configuration parameters options for a proxy server
- Platform-specific tabs – For each platform (such as the Windows tab and the Solaris tab) – Parameters that apply only to that specific platform type
Shavlik URL Configuration — Configuration for connecting to Shavlik for downloading Microsoft Windows patch related metadata
The Shavlik metadata download occurs during Live Browse operations of the Hotfixes node in a Server Object, or during a Catalog Update Job run for an online Windows Patch Catalog. For Offline Windows Patch Catalogs the metadata files must be added as Depot Files, as noted in the Patch catalog - Windows Catalog page.
Parameters on the All Operating Systems tab
Parameter | Description |
---|---|
Proxy Settings: | |
Proxy Server Type | Select the type of proxy server used:
Before you use a proxy server while patching, note the following:
|
User Name | Enter the user name required to log onto the proxy server. If this parameter is defined, the Internet connection is through the proxy server. |
Password | Enter the password associated with the defined user name required to log onto the proxy server. |
Domain | Enter the domain name of the proxy server. |
Host | Enter the IP address or host name of the proxy server. |
Port | Enter the port number used for communication with the proxy server. For a list of all port numbers used by TrueSight Server Automation, see TrueSight Server Automation ports. |
Catalog Settings: | |
Use last successful catalog run | If a catalog update fails you can use the last successful run of the Patch Catalog update while executing the Patching job.
|
Remediation Settings: | |
Whether to create a single Deploy Job for all targets that require remediation.
|
Platform-specific parameters
Note
The following table describes parameters that are platform specific. You must enter this information for every platform that you want to patch using TrueSight Server Automation.
Parameter (Only for Red Hat Linux) | Description |
---|---|
Red Hat Channel Filters List File | (Red Hat Linux only) Use this XML file to customize the Red Hat child channel filter list that is displayed while creating the online catalog. You can add modify this file to add additional Red Hat child channel filters in the list. Note: If you modify a URL for an existing channel, the URL is not updated for the catalog that already uses this channel. To use the new URL, delete the filter (channel) from the catalog and add the same channel again. |
Red Hat ISO URLs File (CDN repo) | (Red Hat Linux only) By default, TrueSight Server Automation supports update-level patching for RHEL 6 and 7 with the CDN download option. You can customize the Red Hat ISO URLs XML file to extend update-level patching support for RHEL 5 targets. |
Yum Process Priority (nice value) | (Red Hat Linux only) Set the priority of a process. The default value is 0. You can set the value withing a range of -20 to 19.
|
Parameter ( Only for Solaris) | Description |
---|---|
Oracle Username | (Solaris only) User name for accessing the Oracle website |
Oracle Password | (Solaris only) Password for accessing the Oracle website |
Ldom option | (Solaris Only) Options to patch independent Solaris logical domains (LDoms) simultaneously. For more information, see Patching Job - Independent Solaris LDoms can be patched simultaneously. The following options are provided:
|
Single User Mode and Reboot Override File | (Solaris Only) The location in the Depot for the file used to override single-user mode and reboot settings for a particular patch. |
Solaris Updates List File | (Solaris Only) The location of the file containing released information from Oracle about clusters. Information contained in this file is used to prepopulate the filter selection lists found in the patch catalog wizard. |
Parameter (Only for Microsoft Windows) | Description |
---|---|
Windows Filter Configuration File | (Microsoft Windows Only) The location of the product_categories.xml file, which contains product information and metadata mapping information from Shavlik. Information contained in this file is used to populate the filter selection lists found in the patch catalog wizard. If you want to add a new product to the filter list, you must add a new product_category tag in the product_categories.xml and add a vendor node. You can also add specific information to the optional nodes (family, version, product, include_products, exclude_products). To customize the products in the product_categories.xml file, perform the following steps:
Note: BMC recommends that you keep a backup of the product_categories.xml file before upgrading. After you upgrade, go to the file server and manually move the product_categories.xml file located at <fileserver location>\patch\GlobalConstants to a folder outside the file server. After moving the file, download the latest file from Patch Global Configuration. |
Command Priority | (Microsoft Windows only) One of the commands that TrueSight Server Automation runs on target servers during Patching Jobs consumes a large amount of CPU power. On servers that only have a single CPU, this consumption can give the appearance of a system hang. It may also have an effect on other processes that are running on the target server.
Default value is Normal. |
Parameter (Only for SuSE) | Description |
---|---|
SuSE Service Packs List File | (SuSE Only) The location of the file containing released information of service packs from Novell. Information contained in this file is used to prepopulate the filter selection lists found in the patch catalog wizard. Note: The format of the SuSE service packs list file is changed in TrueSight Server Automation 8.9. If you have previously customized the SuSE service packs list file and are upgrading from a version prior to TrueSight Server Automation 8.9, you must manually update the changes to the new format. |
Novell Username | (SuSE Only) Username for accessing SuSE Linux Enterprise 9 URLs. |
Novell Password | (SuSE Only) Password for accessing SuSE Linux Enterprise 9 URLs. |
Novell Mirror Username | (SuSE Only) Username for accessing SuSE Linux Enterprise 10 and SuSE Linux Enterprise 11 mirror URLs. |
Novell Mirror Password | (SuSE Only) Password for accessing SuSE Linux Enterprise 10 and SuSE Linux Enterprise 11 mirror URLs. |
Parameter (Only for AIX) | Description |
---|---|
AIX Updates List File | (AIX Only) The location of the file containing released information from IBM about available Technology Levels and Service Packs. Information contained in this file is used to prepopulate the Technology Level and Service Pack filter selection lists found in the patch catalog wizard. |
Analysis Option | (AIX Only) Select one of the following choices:
|
Precommit Option | (AIX Only) Select one of the following actions:
|
Deploy Option | (AIX Only) Select one of the following actions:
|
Parameter | Description |
---|---|
Catalog Object Processor Batch Size | The default batch size used for parallel processing during a Catalog Update Job. The number of catalog objects processed by each batch. If no value is entered, the default value is 300. |
Analysis Server Results Batch Size | The default batch size used for parallel processing during a Patching Job. The number of analysis processes handled by each batch. If no value is entered, the default value is set at 100. |
Action on Failure | The action that TrueSight Server Automation takes if a patch fails to deploy:
|
HTTP/HTTPS/FTP Connection Retry | (Windows, Solaris, Red Hat Linux, SuSE, and AIX) The number of attempts made before reporting failure if TrueSight Server Automation fails to connect to a vendor site. |
HTTP/HTTPS/FTP Connection Timeout | (Windows, Solaris, Red Hat Linux, SuSE, and AIX) The length of time, in milliseconds, that TrueSight Server Automation waits before making another attempt to connect to the vendor site. |
Patch deploy success return codes | The Deploy Job sends commands to the OS which in turn sends responses back to TrueSight Server Automation indicating that the commands succeeded. In most cases, standard commands are used but occasionally, the OS uses a return code not known to TrueSight Server Automation. Unknown codes entered in this field are defined to TrueSight Server Automation as success return codes. |
Patch deploy failure return codes | The Deploy Job sends commands to the OS which in turn sends responses back to TrueSight Server Automation indicating that the commands failed. In most cases, standard commands are used. However, occasionally the OS uses a return code not known to TrueSight Server Automation. Unknown codes entered in this field are defined to TrueSight Server Automation as failure return codes. |
Patch deploy warning return codes | The Deploy Job sends commands to the OS which in turn sends warnings back to TrueSight Server Automation. In most cases, standard warnings are used; occasionally, the OS uses a return code not known to TrueSight Server Automation. Unknown codes entered in this field are defined to TrueSight Server Automation as warning return codes. |
Patch deploy reboot return codes | The Deploy Job sends commands to the OS which in turn sends back a request for reboot to TrueSight Server Automation. In most cases, standard commands are used; occasionally, the OS uses a return code not known to TrueSight Server Automation. Unknown codes entered in this field are defined to TrueSight Server Automation as reboot return codes. |
Patch undeploy success return codes | (Microsoft Windows and Oracle Solaris only) During rollback of a patch, the OS returns an exit code if the action was successful. In most cases, standard commands are used; occasionally, the OS uses a return code not known to TrueSight Server Automation. Unknown codes entered in this field are defined to TrueSight Server Automation as undeploy success return codes. |
Patch undeploy failure return codes | (Microsoft Windows and Oracle Solaris only) During rollback of a patch, the OS returns an exit code if the action failed. In most cases, standard commands are used; occasionally, the OS uses a return code not known to TrueSight Server Automation. Unknown codes entered in this field are defined to TrueSight Server Automation as undeploy failure return codes. |
Patch undeploy warning return codes | (Microsoft Windows and Oracle Solaris only) During rollback of a patch, the OS may return a warning. In most cases, standard commands are used; occasionally, the OS uses a return code not known to TrueSight Server Automation. Unknown codes entered in this field are defined to TrueSight Server Automation as undeploy warning return codes. |
Patch undeploy reboot return codes | (Microsoft Windows and Oracle Solaris only) During rollback of a patch, the OS may send back a request for reboot to TrueSight Server Automation. In most cases, standard commands are used; occasionally, the OS uses a return code not known to TrueSight Server Automation. Unknown codes entered in this field are defined to TrueSight Server Automation as reboot return codes |
Debian Linux Updates List File | (Ubuntu and Debian Only) The location of the file containing information for Version, Base URL, Distribution, Component, and Architecture. Information contained in this file is used to prepopulate the filters in the distributions tree view found in the patch catalog wizard. See Patch catalog - Ubuntu Catalog or Patch catalog - Debian Catalog for more information about the distributions tree view. |
SSL CA Cert File (for targets with 32-bit, 64-bit, Z series (s390x), ppc64le, and P series (ppc64) architectures) | The location of the CA certificate file (redhat-cacert.pem) that is copied from the /etc/rhsm/ca/ directory of the Red Hat target server, see the Before you begin section of Creating a patch catalog. |
SSL Client Cert File | The location of the subscription certificate file (client-cert.pem) that is downloaded from the Red Hat subscription management service, see the Before you begin section of Creating a patch catalog. |
SSL Client Key File | The location of the system ID file (client-key.pem) that is downloaded from the Red Hat subscription management service, see the Before you begin section of Creating a patch catalog. |
Options on the yum.conf tab for Red Hat Enterprise Linux, Oracle Enterprise Linux, and SUSE Linux Enterprise servers
On the yum.conf tab, perform either of the following actions:
- Select the Use Default check box if you want to use a yum.conf file with default settings provided with TrueSight Server Automation.
Or
Deselect the Use Default check box if you want to use a custom yum.conf file. You can customize the yum.conf file to configure the different patch analysis and deployment parameters. Your desired entries should be added in the text box provided.
Note
The system default /etc/yum.conf file is not used in either case.
In addition to the options listed in the sample yum.conf above, if you want to avoid the removal of old RPMs during patch analysis when a native yum is used, you can include the installonly_limit option in the yum.conf file. For more information, see the description of this issue in Troubleshooting Patch Management issues.
For more information about all the options that you can include in the yum.conf file, see the yum.conf man page.
You can also customize the yum.conf file when you create a Patching Job. For more information, see Patching Job - Analysis Options for Red Hat Enterprise Linux, Oracle Enterprise Linux, and SUSE Linux Enterprise.
Parameters on the Shavlik URL Configuration tab
The Shavlik URL Configuration tab provides information about the configuration files required by Microsoft Windows.
- OemCatalogWpd.zip— Required by the Application Server to decrypt metadata files
- partner.manifest.xml — Used internally by Shavlik
- WindowsPatchData.zip — Windows patch analysis and packaging information
The following table lists the fields that are available for configuring the Shavlik files. To edit the details, select the file and click Edit Patch Configuration File.
Parameter | Description |
---|---|
Shavlik URL Configuration Type | (Read-only) The name of the configuration file downloaded from the Ivanti Technologies website. |
URI (http URL/NSH path) | URL of the Ivanti Technologies website from where the WindowsPatchData.zip, OemCatalogWpd.zip or partner.manifest.xml configuration file can be downloaded. Alternatively, you can enter the NSH location of the files on your servers. You can change this parameter to any URL that has valid copies of these files. Note: If a patch is available only via FTP and if an HTTP or HTTPS proxy is used, TrueSight Server Automation initiates a CONNECT request to the proxy for the FTP connection. This may require additional configuration on your proxy, to accept CONNECT requests for FTP requests. |
Download | Select this parameter to begin downloading from the Ivanti Technologies website by using the URL that you provided in the URI box. The configuration files are stored on the file server in the templates directory. |
Description | Enter a description for the URL/NSH path you entered in the URI box. |
Check for updates | Select this option if you want to automatically check for updates and overwrite the existing WindowsPatchData.zip, OemCatalogWpd.zip, or partner.manifest.xml files before every job run. However, if you leave this option unchecked, you must click Download to manually check for updates and overwrite the WindowsPatchData.zip, OemCatalogWpd.zip, or partner.manifest.xml files.Warning: If this option is selected, you might experience performance degradation with windows hotfixes, when multiple job servers are running a single snapshot job on several hundred targets at the same time. If this occurs, you can try leaving this option unchecked, and manually checking for updates by clicking Download. |
Where to go from here
Ensure that you have completed all tasks listed in Preparatory tasks for patch management.
Comments