28 Patching Linux Hosts

Linux Host Patching is a feature in Enterprise Manager Grid Control that helps in keeping the machines in an enterprise updated with security fixes and critical bug fixes, especially in a data centre or a server farm.

This feature support in Enterprise Manager Grid Control enables you to:

This chapter explains how you can patch Linux hosts. In particular, this chapter covers the following:

Getting Started

This section helps you get started with this chapter by providing an overview of the steps involved in patching Linux hosts. Consider this section to be a documentation map to understand the sequence of actions you must perform to successfully patch Linux hosts. Click the reference links provided against the steps to reach the relevant sections that provide more information.

Table 28-1 Getting Started with Patching Linux Hosts

Step Description Reference Links

Step 1

Understanding the Deployment Procedure

Understand the Deployment Procedure that is offered by Enterprise Manager Grid Control for patching Linux hosts.

To learn about the Deployment Procedure, see Deployment Procedures.

Step 2

Knowing About the Supported Releases

Know what releases of Linux are supported by the Deployment Procedure.

To learn about the releases supported by the Deployment Procedure, see Supported Releases.

Step 3

Meeting the Prerequisites

Before you run any Deployment Procedure, you must meet the prerequisites, such as setting up of the patching environment, applying mandatory patches, setting up of Oracle Software Library.

To learn about the prerequisites for patching Linux hosts, see Prerequisites.

Step 4

Running the Deployment Procedure

Run the Deployment Procedure to successfully patch Linux hosts.

To patch Linux hosts, follow the steps explained in Patching Procedure.

Step 5

Performing Other Linux Patching Activities

There are other activities that you can perform such as registering custom channels, configuration file management, and so on.


Deployment Procedures

Enterprise Manager Grid Control provides the following Deployment Procedures for Linux patching:

  • Patch Linux Hosts

    This deployment procedure allows you to patch Linux hosts. The steps to run this deployment procedure is specified in the next section.

  • Linux RPM Repository server setup

    This deployment procedure allows you to set up a Linux RPM repository server. Follow the steps mentioned in Setting Up the RPM Repository to set up the Linux RPM repository server.

Supported Releases

Following are the releases supported for Linux patching:

Table 28-2 Supported Releases

Feature Linux Distributions Supported

Compliance

Oracle Enterprise Manager Linux, RedHat

Update Job

Oracle Enterprise Manager Linux, RedHat, SuSE Linux

Emergency Patching

Oracle Enterprise Manager Linux, RedHat

Linux Patching Deployment Procedures

Oracle Enterprise Manager Linux, RedHat, SuSE Linux

Undo Patching

Oracle Enterprise Manager Linux, RedHat

Channel management

Oracle Enterprise Manager Linux, RedHat


Patching Linux Hosts

This section explains how you can patch Linux hosts. This section covers the following:

Prerequisites

Before running the deployment procedure, ensure that you meet the following requirements:

Patching Procedure

Follow these steps to patch Linux hosts using deployment procedures:

  1. In the Deployments tab, click Patching through Deployment Procedures. Select Patch Linux Hosts and click Schedule Deployment.

  2. In the Linux Distribution section, select the correct distribution and also select the update tool to use.

    Surrounding text describes patch_linux_package_repos.gif.
  3. In the Package Repository section, click the torch icon to select the RPM Repository.

  4. In the Select Updates page, select the packages to be updated.

  5. In the Select Hosts page, select the targets to be updated. You can also select a group by changing the target type to group.

  6. In the Credentials page, enter the credentials to be used for the updates.

  7. In the Pre/Post script page, enter the pre/post scripts, if any.

  8. In the Schedule page, enter the schedule to be used.

  9. Review the update parameters and click Finish.

  10. A deployment procedure will be submitted to update the selected packages. Follow all the steps of the procedure until it completes successfully.

  11. Once the procedure is completed, you can view the updated versions of the packages by clicking Targets, selecting the target name, clicking Configuration, and then clicking Packages.

Linux Patching Home Page

In the Linux Patching Home page, you can do the following:

  • Manage and monitor out-of-date and rogue packages for each host in the enterprise

  • Configure targets that need to be automatically updated

  • View compliance reports

Viewing Compliance History

The Compliance History page provides compliance details for the selected Group, for a specific time period. You can select the required time period from the View Data drop-down list and click Refresh.

Prerequisites

  • At least one Linux patching group must be defined.

  • You must have View privileges on the Linux host comprising the patching group.

Procedure to View Compliance History

To view the compliance history of a Linux patching group:

  1. In the Deployments tab, select Linux Patching.

  2. In the Linux Patching page, under Related Links, click Compliance History.

  3. In the Compliance History page, the Groups table in this page lists all the accessible Linux patching groups and the number of hosts corresponding to each group.

  4. If there are multiple Linux patching groups, the Compliance History page will display the historical data (for a specific time period) for the first group that is listed in that table.

  5. To view the compliance history of a Linux patching group, click the View icon corresponding to that group.

Note:

By default, the compliance data that is displayed is retrieved from the last seven days. To view compliance history of a longer time period, select an appropriate value from the View Data drop-down list. The page refreshes to show compliance data for the selected time period.

Patching Non-Compliant Packages

Patch non-compliant packages from the Linux Patching home page.

Prerequisites

Before patching non-compliant packages, ensure that:

  • A Linux Patching group is created and the Compliance Collection job has succeeded.

Procedure to patch Non-Compliant Packages

Do the following to patch non-compliant packages:

  1. Log in to Enterprise Manager Grid Control.

  2. In the Deployments tab, select Linux Patching.

  3. In the Linux Patching page, in the Compliance Reporting section, select the Group and click Schedule Patching.

  4. Control is transferred to the Credentials page of the "Patch Linux Hosts" deployment procedure. Click Back to change the list of packages to update or the targets to update.

  5. Enter the credentials and click Next.

  6. Enter the pre/post scripts, if any.

  7. Enter the schedule.

  8. Review the updated parameters and click Finish.

  9. A deployment procedure is submitted to update the host. Check if all the steps finished successfully.

Undo Patching

You can uninstall packages from the Linux Patching home page.

Prerequisites

Before rolling back packages, ensure that:

  • A Linux Patching group is created.

  • The lower version of the package must be present in the RPM repository.

Procedure to Undo Patching

Do the following to uninstall or rollback packages installed:

  1. Log in to Enterprise Manager Grid Control.

  2. In the Deployments tab, select Linux Patching.

  3. In the Linux Patching page, from the Compliance report table, click Undo Patching.

  4. In the Undo Patching: Action page, select Uninstall Packages.

  5. Select the Rollback Last Update Session option and click Next.

  6. Select the Group and click Next.

  7. In the Undo Patching: Credentials page, specify the credentials to be used while performing the undo patching job.

  8. In the Undo Patching: Patching Scripts page, select the pre/post patching scripts if any.

  9. Review the selected options and click Finish.

  10. A job is submitted to rollback the updates done in the previous session.

  11. Examine the job submitted to see if all the steps are successful.

Registering a Custom Channel

You can register a custom channel.

Prerequisites

Following are the prerequisites for registering a custom channel:

  • RPM Repository must be under /var/www/html and accessible through http protocol.

  • Metadata files should be created by running yum-arch and createrepo commands.

  • Management Agent must be installed in the RPM repository machine and pointed to the OMS.

Procedure to Register a Custom Channel

Do the following to register a custom RPM Repository in Enterprise Manager Grid Control:

  1. Log in to Enterprise Manager Grid Control.

  2. Go to Setup and select Patching Setup.

  3. In the Linux Patching Setup tab, click the Manage RPM Repository link.

  4. In the Manage Repository Home page, click Register Custom Channel.

  5. In the Register Custom Channel page, specify a unique channel name.

  6. Click Browse and select the host where custom RPM repository was setup.

  7. Specify the path where RPM repository resides. The directory location must start with /var/www/html/. Click OK.

  8. A Package Information job is submitted. Follow the job until it completes successfully.

Cloning a Channel

You can clone a channel.

Prerequisites

Following are the prerequisites before you can clone a channel:

  1. There must at least one channel already present.

  2. Patching user must have read/write access in both the source and target channel machine.

  3. Check if enough space is present in the target channel machine.

  4. Patch user must have write access under the agent home. Patch user must have sudo privilege.

Procedure to Clone a Channel

Follow these steps to clone a channel:

  1. Log in to Enterprise Manager Grid Control.

  2. Go to Setup and select Patching Setup.

  3. In the Linux Patching Setup tab, click the Manage RPM Repository link.

  4. Select the source channel that you want to create-like (clone) and click Create Like.

  5. Enter the credentials to use for the source channel. The credentials must have both read and write access.

  6. Enter a unique target channel name.

  7. Click Browse to select the target host name.

  8. Enter the directory location of the target channel. This directory should be under /var/www/html.

  9. Enter the credentials to use for the target channel. This credential should have both read and write access. Click OK.

  10. A Create-Like job is submitted. Follow the job until it completes successfully.

Copying Packages from One Channel to Another

You can copy packages from one channel to another.

Prerequisites

Following are prerequisites to copy packages from one channel to another:

  1. Atleast 2 channels must be present.

  2. Patching user must have read/write access on both the source and target channel machine.

  3. The target channel machine must have adequate space.

  4. Patch user must have write access under the agent home. Patch user must have sudo privilege.

Procedure to Copy Packages from One Channel to Another

Follow these steps to copy packages from one channel to another:

  1. Log in to Enterprise Manager Grid Control.

  2. Go to Setup and select Patching Setup.

  3. In the Linux Patching Setup tab, click the Manage RPM Repository link.

  4. Select the source channel and click Copy Packages.

  5. Select the target channel.

  6. From the source channel section, select and copy the packages to the target channel section.

  7. Enter credentials for the source and target channels. These credentials should have read/write access to the machines. Click OK.

  8. A Copy Packages job is submitted. Follow the job until it completes successfully.

Adding Custom Packages to a Channel

You can add custom RPMs to a channel.

Prerequisites

Following are the prerequisites for adding custom RPMs to a channel:

  1. Atleast one channel must be present.

  2. Patching user must have write access on the channel machine.

  3. Patch user must have write access under the agent home. Patch user must have sudo privilege.

Procedure to Add Custom Packages to a Channel

Follow these steps to add custom RPMs to a channel:

  1. Log in to Enterprise Manager Grid Control.

  2. Go to Setup and select Patching Setup.

  3. In the Linux Patching Setup tab, click the Manage RPM Repository link.

  4. Select the channel name where you want to add the RPM and click Add.

  5. Select the source target name and the credentials to be used for the machine. The credentials you use must have read/write access.

  6. In the Upload Files section, click the search icon to browse for the RPM files.

  7. Enter the credentials to be used on the channel's machine. Click OK.

  8. An Add Package job is submitted. Follow the job until it completes successfully.

Deleting a Channel

You can delete a channel.

Prerequisites

Following are the prerequisites for deleting a channel:

  1. Atleast one channel must be present.

  2. Patching user must have write access to delete the RPM files from the channel machine.

  3. Patch user must have write access under the agent home. Patch user must have sudo privilege.

Procedure to Delete a Channel

Follow these steps to delete a channel:

  1. Log in to Enterprise Manager Grid Control.

  2. Go to Setup and select Patching Setup.

  3. In the Linux Patching Setup tab, click the Manage RPM Repository link.

  4. Select the channel name you want to delete and click Delete.

  5. If you want to delete the packages from the RPM Repository machine, select the check box and specify credentials for the RPM Repository machine. Click Yes.

  6. If you have not selected to delete the packages from RPM Repository machine, you will get a confirmation message saying "Package Channel <channel name> successfully deleted". If you have selected the Delete Packages option, a job will be submitted to delete the packages from the RPM Repository machine. Follow the job until it completes successfully.

Configuration File Management

This section explains the configuration file management activities. In particular, this section covers the following:

Prerequisites

Check if Software Library is already configured in OMS or not. If not configured, create one.

Creating Config File Channel

To create a configuration file channel, do the following:

  1. In the Deployments tab, click Linux Patching, and then click Configuration Files. Click Create Config File Channel.

  2. Enter a unique channel name and description for the channel and click OK.

  3. You will see a confirmation message saying that a new configuration file is created.

Uploading Configuration Files

You can upload configuration files.

Prerequisites

To upload configuration files, atleast one configuration file must be present.

Procedure to Upload Configuration Files

Follow these steps to upload configuration files:

  1. In the Deployments tab, click Linux Patching, and then click Configuration Files.

  2. Select the file and click Upload Configuration Files.

  3. You can either upload files from local machine (where the browser is running) or from a remote machine (agent should be installed on this machine and pointed to OMS). Select the mode of upload.

  4. In the File Upload section, enter the file name, path where the file will be deployed in the target machine, and browse for the file on the upload machine.

  5. For uploading from remote machine, click Upload from Agent Machine. Click Select Target and select the remote machine.

    Before browsing for the files on this machine, set preferred credential for this machine.

  6. After selecting the files, click OK.

  7. You will see a confirmation message saying "Files are uploaded".

Importing Files

You can import files.

Prerequisites

To import files, atleast two channels present.

Procedure to Import Files

Follow these steps to import files:

  1. In the Deployments tab, click Linux Patching, and then click Configuration Files.

  2. Select the source channel and click Import Files.

  3. Select the target channel.

  4. From Source channel section, select the files and copy it to the target channel section. Click OK.

  5. You will see a confirmation message saying, "Selected files are successfully imported".

Deploying Files

You can deploy files.

Prerequisites

Following are the prerequisites to deploy files:

  • Patch user must have write access under the agent home. Patch user must have sudo privilege.

  • There should be at least one channel with some files uploaded

Procedure to Deploy Files

Follow these steps to deploy files:

  1. In the Deployments tab, click Linux Patching, and then click Configuration Files.

  2. Select the source channel and click Deploy Files.

  3. In the wizard that opens up, select the files that you want to deploy and click Next.

  4. Click Add to select the targets where you want to deploy the files.

  5. Enter the credentials for the selected targets.

  6. Enter the Pre/Post scripts that need to be applied before or after deploying the files.

  7. Review the deploy parameters and click Finish.

  8. A Deploy job will be submitted. Follow the job's link until it completes successfully.

Deleting Channels

You can delete channels.

Prerequisites

To delete channels, at least one configuration file must be present.

Procedure to Delete Channels

Follow these steps to delete a channel:

  1. In the Deployments tab, click Linux Patching, and then click Configuration Files.

  2. Select the channel to delete and click Delete. Click Yes.

  3. You will see a confirmation message saying, "Config File Channel (channel name) successfully deleted".