Patching Job - Analysis Options for Red Hat Enterprise Linux, Oracle Enterprise Linux, and SUSE Linux Enterprise

A Patching Job checks the configuration of patches on specific servers according to filters defined as part of the job definition.

On the Basic Options tab, you can perform the following actions:

  1. (Additional step for SuSE Patching only) Select whether you want to perform patching using the Zypper or yum tool.

    Click here for more information about the Zypper patching tool.

    An improved packaging framework called Zypper has been introduced in SUSE Linux 10.3 and later versions. TrueSight Server Automation now supports patching using the Zypper packaging framework. Because Zypper is an improved packaging framework, BMC strongly recommends using the Zypper tool for patching instead of the existing YUM patching tool. When using YUM, you might encounter dependency issues.

    Important
    • Ensure that you have Zypper 1.3.7 or later is installed on your SuSE repository server, before you use Zypper for patching.
    • BMC strongly recommends using Zypper when creating a patching job for a patch catalog that was created using the Subscription Management Tool (SMT).
  2. Choose one of the following options:

    • Install Mode - Analyze for missing RPMs and updates available for installed RPMs on a target server

      Notes

      Do not choose Install Mode if you are including all errata or all RPMs from the catalog. Various conflicts and dependency issues between RPMs may occur because Install Mode attempts to install RPMs for which the base versions or earlier versions are not present.

      You are not required, nor is it recommended, to include the default RPMs Patch smart group that is part of the catalog. If no includes are specified, the analysis will check for the missing patches for the target server OS version and platform. If the include list is specified, there will be an explicit check for each rpm in the patch smart group.

    • Update Mode - Analyze only for updates available for installed RPMs on a target server

    • (Additional option for Red Hat Enterprise Linux) Security Mode - Analyze for security updates available for installed RPMs on target server. Select from one of the following options:

      • Update: Analyze all available security updates. This option analyzes the last version available of any package with at least one security errata, thus can analyze non-security erratas if they provide a more updated version of the package.
      • Update-minimal: Analyzes the packages that have a security errata use.

      Important

      After you upgrade to version 21.3, ensure that you update the patch catalog for the Security Mode option to take effect.

    • (Additional option for SuSE if you are patching with Zypper) Dist-Upgrade Mode - Analyze only for distribution upgrade or service pack upgrade.

      zypper.png

      Important

      If you have created a SuSE patch catalog in the online mode, you can only update your target from the existing OS level to the next OS level. For example, to update a target from SuSE Linux Enterprise 11 SP2 to SuSE Linux Enterprise 11 SP4, you must first update your target to SUSE Linux Enterprise 11 SP3, and only then upgrade to SUSE Linux Enterprise 11 SP4.

      Note

      Zypper supports updates for distributions and service packs, which is not supported by the YUM patching tool. The Zypper method of analysis automatically skips distribution and service pack upgrade-related rpms during normal package updates (Install mode and Update mode). In yum method of analysis, however, the distribution and service pack upgrade-related rpms must be manually excluded during the normal package updates. As a result, you may find a difference in the analysis results of Zypper and yum.

      Your selection between Zypper and Yum is captured in the job property OTHER_LINUX_ANALYSIS_PATCHING_TOOL, with a value of 0 for Zypper or 1 for Yum (the default). This job property is available as of TrueSight Server Automation 8.9.01.

      Click here to see steps to for upgrading SuSE 11 SP1 to SuSE 11 SP2 using zypper

      For an online catalog:

      1. Create a SuSE online catalog for SuSE 11 SP2 by selecting following repositories during filter selection:
        • SLES11-SP2-Update
        • SLES11-SP2-Pool
        • SLES11-SP1-Update
        • SLES11-SP2-Pool
      2. Run the patch analysis job using the patch catalog created above.

      For an offline catalog:

      1. Provide URLs for the following repositories in SuSE downloader config xml and run the offline downloader
        • SLES11-SP2-Update
        • SLES11-SP2-Pool
        • SLES11-SP1-Update
        • SLES11-SP2-Pool
      2. Create the offline catalog by providing repository created by offline downloader.
      3. Run the patch analysis job using the patch catalog created above.

  3. Create an Include/Exclude list for specific patches through the Include-or-Exclude-Selection dialog box to override the default, which includes the entire Patch catalog in the analysis.

    (only for 8.9 SP1 and later releases) For more information about Include/Exclude list optimizations in Red Hat patch analysis using the By Complete Package Name and By Package Name only options, click the following link:

    Click here to expand information about optimizations in the Include/Exclude list for Red Hat

    TrueSight Server Automation can automatically select the appropriate rpm version or versions while including or excluding an rpm package in an RHEL patch analysis job. To enable this version optimization, select the By Package Name Only option while including or excluding patches. Whenever any rpm package is selected with the By Package Name Only option, TrueSight Server Automation automatically performs the following:

    • In case of an include patch operation—includes the latest rpm version of the package from the catalog, even if that version is not manually selected
    • In case of an exclude patch operation—excludes all rpm versions of the package from the catalog, even if all versions are not manually selected

    You can still individually specify rpm versions for include or exclude by selecting the By Complete Package Name option. When this option is selected, TrueSight Server Automation does not automatically include or exclude any rpm version that is not manually selected by the user from the catalog. Whenever any rpm package is selected with the By Complete Package Name option, TrueSight Server Automation automatically performs the following:

    • In case of an include patch operation—includes the latest rpm version of the package, from the selected rpm packages
    • In case of an exclude patch operation—excludes all rpm versions of the package, from the selected rpm packages
    Important

    The exclude operation takes precedence over the include operation. Therefore, If a package is excluded with the By Package Name Only option, all versions of the package will be excluded from analysis, even if specific versions are manually included.


    Examples:

    When a selection is made with the By Complete Package Name option you can manually select each version to include or exclude from the catalog.

    RHEL optimizations 3.PNG

    RHEL optimizations 4.PNG

    Manually select each version from the catalog

    Specific versions displayed in the Include/Exclude list

    When a selection is made with the By Package Name Only option, you can select any one version of the rpm packages and TrueSight Server Automation automatically selects the appropriate versions for the packages.

    RHEL optimizations 1.PNG

     RHEL optimizations 2.PNG

    Select any one version of the rpm packages

     Only package names are displayed in the Include/Exclude list

On the yum.conf tab, perform either of the following actions:

  • Select the Use Patch Global Configuration File check box if you want to use a yum.conf file with default settings provided with TrueSight Server Automation.

Or

  • Deselect the Use Patch Global Configuration File check box if you want to use a custom yum.conf file. You can customize the yum.conf file to configure the different patch analysis and deployment parameters. Your desired entries should be added in the text box provided. 

    Click here to see a sample of a yum.conf file.
    [main]
    debuglevel=4
    logfile=/var/log/yum.log
    pkgpolicy=newest
    distroverpkg=RedHat-release
    tolerant=1
    obsoletes=1
    plugins=0
    gpgcheck=0
    bootloader=1

Notes

The system default /etc/yum.conf file is not used in either of the above cases. 

In addition to the options listed in the sample yum.conf above, if you want to avoid the removal of old RPMs during patch analysis when a native yum is used, you can include the installonly_limit option in the yum.conf file. For more information, see the description of this issue in Troubleshooting Patch Management issues.

For more information about all the options that you can include in the yum.conf file, see the yum.conf man page.

The yum.conf tab applies only to Red Hat Enterprise Linux, Oracle Enterprise Linux, and SUSE Linux Enterprise servers. You can also customize the yum.conf file from the Patch Global Configuration option. For more information, see Global-Configuration-parameter-list.


Where to go from here

Patching-Job-Remediation-Options

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*