22.2 enhancements and patches
22.2
Patching enhancements
This release contains the following patching enhancements.
Support for patching Amazon Linux servers
You can patch Amazon Linux target servers.
For information about creating a patch catalog for Amazon Linux, see Creating-a-patch-catalog-for-Amazon-Linux-CentOS-or-OL-ULN.
Support for multiple subscription certificates
If your Red Hat entitlements are spread across multiple certificates, Server Automation can identify the applicable certificate for a patch repository or channel from the multiple certificates available on the repository server.
For more information, see Creating-a-patch-catalog-for-Red-Hat-Enterprise-Linux.
Support for configuring Solaris patch download URLs
Configure the Solaris patch download URL by using the solaris.download.base.url property in the patch-psu.properties file. For example, in case of an outage of a URL, update this property with a working URL.
For more information, see Special issues for patch management.
Support for Windows Server 2022
Server Automation supports Windows Server 2022 for the Unified Product installer, Application Server, Agent, NSH, Console, Live Reporting, Patching, and Virtualization modules.
For the complete list of supported operating systems, see Supported Platforms.
Security enhancements
This release contains the following security enhancements.
Restrict access to the Application Server file system
In version 22.2, Server Automation by default restricts access to the Application Server file system by using a low privilege user named bluser for executing external commands.
After you upgrade to version 22.2, by default the access is restricted. You can allow unrestricted access by updating the BLASAdmin parameter, EnableLowPrivUser in the Appserver module. For more information, see Restricting access to the Application Server File System.
Restrict access to the TrueSight Server Automation Console
As an RBACAdmin user, restrict access to the Server Automation Console for a user by selecting the Disable TrueSight Server Automation Console Access option when creating or updating the user. For more information, see User-General-Information.
You can also view and restrict the console access by using BLCLI commands, RBACUser-setRCPAccessDisabled and RBACUser-isRCPAccessDisabled.
Database enhancements
This release contains the following database enhancements.
Support for modular table partitioning
As a Server Automation database user, execute partitioning scripts for specific modules such as Compliance, Job Run Event, and RBAC. Partitioning for the entire database at a time is no longer supported.
For more information, see Table-partitioning.
Support for partitioning the RBAC module
To enhance the performance of database queries related to RBAC modules, Server Automation supports partitioning for the RBAC module. Partitioning is supported for the following RBAC tables:
- ROLE_AGG_AUTH
- BL_ACL_POLICY_AGG_AUTH
- BL_ACL_AGG_AUTH
For more information, see Table-partitioning.
Ability to update virtual machines
Use the new BLCLI command virtualization - executeCommand to update the settings of a virtual machine.
For more information, see executeCommand.
Auto populate email addresses in TrueSight Smart Reporting - Platform
As an RBACAdmin user, auto populate email address for a Server Automation user in TrueSight Smart Reporting - Platform while broadcasting reports. To do this, set the REPORT_EMAIL_ADDRESS* property in Server Automation and the ENABLE_EMAIL_ID_FOR_REPORTING_USER property in TrueSight Server Automation - Data Warehouse.
For information about broadcasting reports, see Broadcasting reports through email.
Support for Compliance Content templates
This version supports the following Compliance Content templates:
Cache for the Task In Progress view to improve performance
Starting from this release, the Server Automation Application Server enables you to maintain a cache of the currently executing tasks (jobs) for the Task In Progress view. When you enable the cache, the data for the view is fetched from the cache, and not from the Server Automation database that leads to performance improvement. Caching is applicable for both the automatic and manual refresh.
By default, cache is disabled. You can enable it by using the BLASAdmin parameter, EnableTaskInProgressCache in the Appserver module.
For more information, see Managing-jobs-in-progress.
REST API enhancements
This release contains the following REST API enhancements.
Enable or disable the service_ticket parameter in session response
To enable or disable the service_ticket parameter in the session response of the /api/v1/sessions call, set the include_service_ticket property to true or false in the application.properties file, which is located in the <AppServerInstallDir>\NSH\br\deployments\default\tomcat\webapps\rest\WEB-INF\classes directory.
For more information, see REST API endpoints.
Analyze RPMs flagged as security updates for Red Hat Enterprise Linux patch catalogs
Analyze the RPMs that are flagged as security updates when you create or modify a Red Hat Enterprise Linux Patching job.
Specify the following values for the mode option in the REST API call to perform the analysis:
- security_update: Analyzes all available security updates. This option analyzes the last version available of any package with at least one security errata, thus can analyze non-security erratas if they provide a more updated version of the package.
- security_update_minimal: Analyzes the packages that have a security errata use.
For more information, see REST API endpoints.