How to apply rolling patch updates with no downtime
This topic walks you through the process of how to apply rolling patch updates to your infrastructure with no downtime using TrueSight Server Automation. This example uses a Patch Catalog smart group to patch the servers behind the load balancer so that there is no downtime to the business services that rely on the web servers.
It includes the following sections:
The video at right from BMC Communities (8:25) provides a quick demonstration of the process.
In this example, the environment has a simple structure: one load balancer (called HA Proxy in this example) and three web servers (running Red Hat Linux) behind the load balancer.
The load balancer is used to distribute requests to the three web servers. This example shows how you can patch the servers behind the load balancer so that there is no downtime to the business services that rely on the web servers.
What do I need to do before I begin?
Prior to performing the steps in this example, you must have:
- Set up a patch catalog. For specific steps, see Walkthrough: Setting up and managing an online patch catalog for Windows or Walkthrough: Setting up and managing an online patch catalog for Linux. The patch catalog in this example is for Linux (Red Hat).
- Created a patch catalog smart group containing the servers you will be patching. This smart group can be used as an include filter for the Patching Job to determine if the specific patch in the smart group is missing from the target web servers. See step 7 in Walkthrough: Setting up and managing an online patch catalog for Linux. In this example, the patch catalog smart group looks for a specific Red Hat errata (RHSA-2015:2550).
To create and run the Patching Job
Define the general settings on the New Red Hat Patching Job General panel.
The options on the Analysis Options panel are pre-selected for you.
On the Remediation Options panel:
On the Targets panel, select the servers that are the targets of this Linux Patching Job.
|On the Default Notifications panel, click Next, as we are not configuring any default notification settings. The defaults are used for all runs of this job unless you override them with notification settings for a scheduled job.|
On the Schedules panel, you can choose to execute it immediately or you can set up an execution schedule for the job.
For this example, we want to run the job immediately, but do not want to create a schedule.
Once the job complete, view the results of the patching job:
As you can see, the job successfuly completed for all three of the web servers.
The next step is to see if the patch was missing, and if so to remediate the problem.
To apply the updates
In the BSA console, under Jobs, navigate to the folder for your Windows Patching Job. The examples in this procedure use the folder structure Jobs > Patch Analysis Jobs > Windows Patch Analysis.
The New Patch Remediation Job wizard opens. The Remediation Job creates the following items:
On the General panel:
On the Remediation Options panel:
On the Deploy Job Options panel, on the Job Options tab:
This example uses the default settings for the Deploy phases tab. For information about these options, see Deploy Job - Phase Options.
However, we do want to add pre-execution and post-execution commands. To do so, click Pre/Post Commands.
In this example, we add a pre-execution command to remove the HA proxy server prior to the patch being applied, and then add it back after job execution is complete.
After adding the commands, click OK to close the Pre/Post Commands dialog, and then click OK again to close the Deploy Job options dialog.
On the Phases and Schedules Tab:
On the Deploy Job Properties panel:
On the Job Run Notifications, click Next.
Bypassing this panel will use the default notifications that were set up in the Patch Analysis Job in the previous walkthrough.
The Remediation Job creates the Deploy Job and a Batch Job required to apply the patch.
The executing job appears in the Tasks in Progress view on the console. After the Remediation Job executes, you can view its results under the original Patching Job with which it is associated.
|After the Remediation Job completes, right click the Remediation run and select Open Generated Batch Job.|
On the Batch Job Options panel, select Execute Jobs Sequentially under Execution options. In case the Remediation Job creates multiple Deploy Jobs, this option ensures that the Deploy Jobs are executed sequentially by the Batch Job, so that one server at a time is patched.
Save and close the job.
As you can see in the example, the first server has been patched and rebooted, and the patch is being applied to the second server.
The servers will be brought down for patching one at a time, and any incoming requests are routed to online the servers.
Once you see that all three servers are up and running, then the patching process is complete, without incurring any downtime.
Where to go from here
To review other specific patch management examples, see Example patching scenarios