Unsupported content This version of the product has reached end of support. The documentation is available for your convenience. However, you must be logged in to access it. You will not be able to leave comments.

Walkthrough: Updating patches on Linux servers

This topic walks you through the process of using BladeLogic Portal to examine and correct deficiencies in the patch configuration of Red Hat Linux servers. This topic includes the following sections:

The video at right demonstrates the process of updating Linux patches. The video was created using an earlier version of BladeLogic Portal, so you may detect minor differences in the user interface.

 

 

icon-play2x.png http://youtu.be/bf_0jRLE9zM

Introduction

The goal of this topic is to check the patch configuration of Red Hat servers by running a Patch Analysis operation based on collections of patches called patch catalogs.

When you run a Patch Analysis operation in BladeLogic Portal, you are essentially running a Patching Job in BMC BladeLogic Server Automation (BSA). However, the interface in portal is much simpler than in BSA. Generally, you can execute a portal operation with just a few clicks.

The procedure described below shows how to manage patch configurations on Linux. You can use the same basic procedure for Windows. Note that while this procedure is based on patch catalogs, you can also run a Patch Analysis operation based on an existing Patching Job that was defined in BSA.

What is patch analysis?

A Patch Analysis operation requires you to make a few simple choices. You choose the patches you want to analyze from a patch catalog and you select the target servers where the operation should run.

When you execute the Patch Analysis operation, it compares the patches you specify to the patches installed on target servers. If a target server does not have the correct version of a patch, the operation flags the deficiency.

You can correct the patch configuration of target servers by choosing the patches to be deployed and then automatically running a remediation job. It deploys the designated patchesNo configuration is necessary for a remediation job. 

Then, you can run the original Patch Analysis operation again to confirm that your target servers are now correctly patched.

What do I need to get started?

This procedure is based on patch catalogs that must be set up in BSA.

For this walkthrough, you need an account to access BladeLogic Portal. The account must have the necessary permissions to perform patch analysis.

How to update patches in a Linux environment

 

Step

Example

1

Select Create Operation > Patch Analysis.

The Create Patch Analysis Operation wizard opens.

 

CreatePatchAnalysisOperationDefinition.gif

2

  1. For Name, enter a name for the Patch Analysis operation, such as Red Hat security.
  2. For Operating System, select Redhat Patch Analysis.
  3. Select Create Analysis Job from Catalog.
    In this demonstration, we will select the patches we want to analyze from a catalog.

Note

When you create a Patch Analysis operation for Red Hat targets, by default the operation only examines existing patches on targets and compares them to the patches you want to analyze. If an outdated version of the patch exists, the operation flags it.

Read more

You can adjust this behavior so the operation looks for both missing and outdated patches. To do so, use BMC Server Automation to modify the definition of the Patching Job created by this operation. On the Analysis Options page, select Install Mode rather than Update Mode .

This limitation does not apply to patch analysis for Microsoft Windows servers.

CreatePatchAnalysisOperationDefinitionCompleted.gif

3

  1. Click Next. The wizard displays the Patches window.
  2. Select a patch catalog, which identifies the collection of patches you can use for analysis.
    Patch catalogs are defined in BSA.
  3. When you select a patch catalog, the system prompts you to choose a job folder where an automatically created job is stored in BSA.
    If a default job folder is already defined for your site or security group, you are not prompted to select a folder. 

CreatePatchAnalysisOperationPatches1.gif

4

Select any patches or patch groups to include in the analysis by finding the appropriate row for each item and clicking Inc.

You can expand each patch group to see its contents and select individual patches. You can also search for patches and select from the results.

In this example, we include one patch group.

CreatePatchAnalysisOperationPatchesInc.gif

5

Select any patches or patch groups to exclude by clicking Exc.

In this example we exclude one patch group.

Patch Analysis operations analyze patches by collecting an "include" list and then removing any patches from an "exclude" list. The contents of patch smart groups can change based on patch characteristics. It is possible for a patch to appear in both the include and the exclude list. If that occurs, the patch is not analyzed. Remember, the include list minus the exclude list yields the patches to be analyzed.

CreatePatchAnalysisOperationPatchesExc.gif

6

Click Next to display the Targets page. Use this page to search or browse for targets. Select each target to include in the operation.

In this example, we searched for clm-aus and then clicked on each target we wanted to select.

CreatePatchAnalysisOperationTargets.gif

7

Click Execute Now.

The operation wizard closes. The operation appears on the home page and begins to execute.

Optionally, you can use the wizard to define notifications and schedules but for this demonstration we skipped those steps.

 

CreatePatchAnalysisOperationHome.gif

8

When the operation is complete, click the Actions menu at right. Then select View Results.

CreatePatchAnalysisOperationHomeCloseup.gif

9

The results of the patch operation appear. Notice how one server is fully patched.

CreatePatchAnalysisOperationResults.gif

10

Select the Actions icon. From the popup menu select Remediate All Patches For All Targets.
You can also choose to remediate all patches for a single target but in this example we are remediating all targets.

CreatePatchAnalysisOperationRemediate.gif

11

  1. A dialog box asks you to select a default job and depot group. When you provide that information, click Create
  2. Click the Remediation Options tab to show the remediation operation you just created.

CreatePatchAnalysisOperationRemediationOp.gif

12

Click the Execute icon. The remediation operation begins to execute.

When the remediation operation is complete, return to the home page.

CreatePatchAnalysisOperationClickExecute.gif

13

On the home page, run the original operation again by clicking the Execute icon. The Execute Operation dialog box opens. Select the same servers where you originally ran the Patch Analysis operation and click Execute.

 

CreatePatchAnalysisOperationExecuteOperation.gif

14

When the operation completes, click View Results.

On the results page, notice how all servers are fully patched, indicating the remediation action was successful.

CreatePatchAnalysisOperationResults2.gif

Wrapping it up

In this topic, you used BladeLogic Portal to run a Patch Analysis operation to identify patching deficiencies. You then ran a remediation operation to correct those deficiencies. Finally, you ran the Patch Analysis operation again to confirm that target servers were correctly patched.

Where to go from here

To learn more about patch analysis, see Creating-or-modifying-a-Patch-Analysis-operation.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*