Creating a patch catalog for AIX

Related BMC Communities article

BMC Customers using Automation for Patching use cases depend on OS vendors for Patches and metadata.  To view a document that tracks the service status of the different OS Vendors as known to BMC Support, see the following BMC Communities document:

OS Patching Vendor Health Dashboard

The patch catalog is used to maintain and work with the patch repository through the TrueSight Server Automation Console. For both types of repositories, online and offline, you create a patch catalog through the TrueSight Server Automation console. Patches are added to the catalog as depot objects according to filters defined for the catalog.

This topic describes how to set up a patch catalog for IBM AIX, and includes the following sections:

Step 1: Review prerequisites for the catalog

Review the following prerequisites for creating patch catalogs for AIX.

  • Ensure that security policies on the repository server do not block the download of the catalog.
  • Excerpt named proxyServerSUMA was not found in document xwiki:Automation-DevSecOps.Server-Automation.TrueSight-Server-Automation.tssa252.Using.Creating-and-modifying-TrueSight-Server-Automation-jobs.Panel-reference-for-Patch-Management-Jobs.Patch-Catalog-job-panels.Patch-catalog-AIX-Catalog.WebHome.

  • Ensure that the system you will use for the patch repository is supported by TrueSight Server Automation.

    Click here to see the platforms supported for storing your repository

    For the complete list of deprecated platforms, see Deprecated-and-discontinued-features.

Step 2: Create the patch catalog

  1. Right-click a folder in the Depot and select New > Patch catalog > AIX Patch Catalog.
    The New Patch Catalog dialog panel opens.

  2. Provide information for the patch catalog as described in the following table:

    Panel section

    Description

    General

    Enter a Name for the patch catalog and a Description of its contents. Then, browse to the folder in which you want to store the catalog.

    Catalog options

    Define a number of options including locations (such as the location of the source files and the repository), as well as filters and whether local copies of the files are created on the target server or downloaded directly during deployment.

    Catalog Mode

    Select one of two options:

    • Source from IBM Network (Online Mode): Use this mode if the TrueSight Server Automation Application Server is installed on a server with Internet access. Credentials are not required.
    • Source from Disk Repository (Offline Mode): Use this mode in a secured environment where download occurs on a server, with Internet access, outside of the environment.

    Download option

    Select one of the two download options:

    • Fixget: Use this mode if you want to download the AIX patches from Fixget servers.

      Important

      IBM no longer supports fixget for AIX version 6.x and later. Therefore, TrueSight Sever Automation does not support fixget for downloading patch catalogs for AIX version 6.x and later.

    • SUMA: Use this mode if you want to download the AIX patches from Fix Central servers using IBM Service Update Management Assistance (SUMA).

      Notes

      • BMC recommends using, the latest, SUMA download option instead of the Fixget download option for AIX patching.
      • Before you use the SUMA download option, ensure that the repository server is running AIX 6 TL 6 or a later version and that it is configured with ECC.

      • The SUMA command used in the SUMA download option, does not allow TrueSight Server Automation to configure a proxy server automatically. The proxy server must be manually configured by using the System Management Interface Tool (SMIT), which is recommended by IBM.

        Click here to view steps for configuring the repository server using SMIT.

        To configure a proxy server on repository server while using the SUMA download option, perform the following steps:

        1. On the repository server, start the System Management Interface Tool (SMIT) by running the smit command.
        2. Select the Communications Applications and Services option.
        3. Select the Create/Change Service Configuration option.
        4. Select the Create/Change Service Configuration option, once again.
        5. Select the Create/Change Primary Service Configuration option.
        6. In the entry field for Connection type enter HTTP_PROXY.
        7. Enter the IP address, port number, and authentication user ID of the proxy server that you want to use.

        You can now use the proxy server for creating an online or offline catalog with the SUMA download option.


    Repository Options

    Enter the following information:

    Field

    Description

    Payload Source Location (NSH path)

    Location where existing metadata and payload files are stored
    Metadata files stored in this location are copied to the catalog automatically. Payload files are not copied to the catalog.

    Repository Location (NSH path)

    NSH path to the location where the patch repository is located
    BMC recommends that this location have ample free space. Repositories typically contain many files, usually totaling gigabytes of data.
    (Offline Only)
    Either this location must be hosted on an AIX platform, or the downloader must be run on an AIX platform. If both are not on AIX platforms, you cannot create an AIX patch catalog.
    (Online Only)
    This location must be hosted on an AIX platform.
    Note: As you do not need to specify the URL of the patch files, the Payload Source Location (NSH path) option is dimmed.

    Note: When specifying a host within an NSH path, you can use either the host name of the IP address (IPv4 or IPv6).

    Base Repository Location

    Enter the following information:

    Field

    Description

    Base Repository Location

    NSH path to the location where base-level payload files are stored. Base-level payload files are not copied to the repository location.

    Base Repository Network URL

    URL of the location where base-level metadata and payload files are stored. Specifying a value for this field is optional if you have selected the Copy to agent at staging option for the Network URL Type For Payload Deployment field.

    Notes:

    • If the patches that you require do not contain dependencies, you need not specify values for the Base Repository Location and Base Repository Network URL fields.
    • For more information about how to upgrade or install AIX patches using the Base Repository Location and the Base Repository Network URL options, see Creating-a-patch-catalog-for-AIX-in-online-mode.

    Note: When specifying a host within an NSH path, you can use either the host name of the IP address (IPv4 or IPv6).


    OS Base Version

    Version of the operating system (OS) for which you want to source Technology Levels, Service Packs, and so on. The SUMA download option works out of the box with AIX 7.2, AIX 7.1, and AIX 6.1. However, starting 23.1 you can add new OS Base Version (for example, AIX 7.3) by modifying the xml configuration file for AIX (for the Supported-platforms) and importing it through the Patch Global Configuration dialog box. For more information, see Preparing-the-configuration-file-for-AIX.

    Filters

    Filters limit the amount of information brought into the catalog. For an offline catalog, re-create the filters defined in the configuration file used by the download utility. Available filter types are as follows:

    • By Update Level
    • By Fix Type
    • By Fix ID

    Only patches that match the combinations you define are added to the catalog. You can define filters either when the catalog is created or later, when you edit the catalog. To begin, click Add Filter and select from the following:

    Field

    Description

    By Update Level

    Select either Technology Level or Service Pack (which includes Concluding Service packs). The corresponding list is enabled. You can include more than one Technology Level or Service Pack in the patch catalog.
    Note:The list of available Technology Levels and Service Packs depends on a file downloaded from the vendor and stored on your server. To see the identifier list in the patch catalog, you must identify the location of the file in the AIX Updates List File box. For more information, see the AIX Updates List File field in Global configuration parameters list.

    By Fix Type

    Select one of the following three fix types for a particular update level — All Latest Fixes, All Security Fixes, or All Critical Fixes. Only one Fix Type filter can be included in the patch catalog.

    Note: The SUMA download option is only supported for the All Latest Fixes update level.

    OS Level

    Fixes of a particular type are downloaded for the Operating System Level defined here.

    By Fix ID

    Create an individual filter for a specific APAR or PTF. Multiple filters of this type are permitted in the patch catalog.

    • Type: Select either APAR or PTF. Multiple filters of this type are permitted in the patch catalog.
    • APAR Id/PTF Id: Enter the identifier for the APAR/PTF.
      If the patch catalog contains this type of filter, you can create an Include/Exclude list as part of the analysis options for a Patching Job based on this patch catalog.

    Note: The SUMA download option is only supported for PTF type of filters.

  3. In the bottom right corner, select Job options. (You can also edit the catalog at a later time to set these options).

  4. Provide information for the patch catalog options as described in the following table:

    Tab

    Description

    Schedules

    Job Run Notifications

    Depot Object Options

    Network URL Type for Payload Deployment

    • (default) Copy to agent at staging: The TrueSight Server Automation Application Server copies patch payloads to a staging directory on the target server during the Deploy Job staging phase.
    • Agent mounts source for direct use at deployment (no local copy): A Deploy Job instructs the agent on a target server to: mount the device specified in the URl and deploy patch payloads directly to the agent. The Deploy Job does not copy patch payloads to a staging area on the agent, so the job does not create any local copies of the patches on target servers.

    Network URL for Payload Deployment

    The value entered here depends on your selection in the Network URL Type for Payload Deployment box:

    • If you chose Copy to agent at staging, do not enter a value here. The value is autopopulated based on the repository location.
    • If you chose Agent mounts source for direct use at deployment (no local copy), enter the NFS-accessible path to the location of the payload.
      If you specify the host in this path as an IPv6 address, enclose the IPv6 address in square brackets.

    RBAC Policy

    Browse to and select a predefined ACL Policy. Permissions defined by the ACL Policy are assigned to all Depot objects created in the catalog.

    Max Deport Object Work Items to Process in Parallel

    Maximum number of work items that can be performed in parallel.

    Job Properties

    Permissions

  5. Click Finish
    A Patch Catalog is stored in the appropriate Depot folder.


Editing the options

  1. In the Depot, right-click the AIX Patch Catalog you just created.
  2. Select Open.
  3. Set or update any information for the patch catalog options.
  4. When finished, save the catalog.

Where to go from here

Downloading-patch-payloads-to-the-catalog

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*