Oracle® Enterprise Manager Administrator's Guide for Software and Server Provisioning and Patching 10g Release 5 (10.2.0.5.0) Part Number E14500-04 |
|
|
PDF · Mobi · ePub |
Linux Host Patching is a feature in Enterprise Manager Grid Control that helps in keeping the machines in an enterprise updated with security fixes and critical bug fixes, especially in a data centre or a server farm.
This feature support in Enterprise Manager Grid Control enables you to:
Set up Linux RPM Repository based in Unbreakable Linux Network (ULN) channels.
Download Advisories (Erratas) from ULN.
Set up Linux Patching Group to update a group of Linux hosts and collect compliance information.
Allow non-compliant packages to be patched.
Rollback/Uninstall packages from host.
Manage RPM repositories and channels (clone channels, copy packages from one channel into another, delete channels).
Add RPMs to custom channels.
Manage Configuration file channels (create/delete channels, upload files, copy files from one channel into another)
This chapter explains how you can patch Linux hosts. In particular, this chapter covers the following:
This section helps you get started with this chapter by providing an overview of the steps involved in patching Linux hosts. Consider this section to be a documentation map to understand the sequence of actions you must perform to successfully patch Linux hosts. Click the reference links provided against the steps to reach the relevant sections that provide more information.
Table 20-1 Getting Started with Patching Linux Hosts
Step | Description | Reference Links |
---|---|---|
Understanding the Deployment Procedure Understand the Deployment Procedure that is offered by Enterprise Manager Grid Control for patching Linux hosts. |
To learn about the Deployment Procedure, see Deployment Procedures. |
|
Knowing About The Supported Releases Know what releases of Linux are supported by the Deployment Procedure. |
To learn about the releases supported by the Deployment Procedure, see Supported Releases. |
|
Understanding the Deployment Phases The Deployment Procedure consists of a series of interview screens that take you through the different deployment phases and capture the required information. Understand the different phases involved and know what information is captured in each phase. |
To learn about the deployment phases involved in patching Linux hosts, see Deployment Phases. |
|
Meeting the Prerequisites Before you run any Deployment Procedure, you must meet the prerequisites, such as setting up of the patching environment, applying mandatory patches, setting up of Oracle Software Library. |
To learn about the prerequisites for patching Linux hosts, see Prerequisites. |
|
Running the Deployment Procedure Run the Deployment Procedure to successfully patch Linux hosts. |
To patch Linux hosts, follow the steps explained in Patching Procedure. |
|
Performing Other Linux Patching Activities There are other activities that you can perform such as registering custom channels, configuration file management, and so on. |
|
Enterprise Manager Grid Control provides the following Deployment Procedures for Linux patching:
Patch Linux Hosts
This deployment procedure allows you to patch Linux hosts. The steps to run this deployment procedure is specified in the next section.
Linux RPM Repository server setup
This deployment procedure allows you to set up a Linux RPM repository server. Follow the steps mentioned in Setting Up the RPM Repository to set up the Linux RPM repository server.
Following are the releases supported for Linux patching:
Feature | Linux Distributions Supported |
---|---|
Compliance |
Oracle Enterprise Manager Linux, RedHat |
Update Job |
Oracle Enterprise Manager Linux, RedHat, SuSE Linux |
Emergency Patching |
Oracle Enterprise Manager Linux, RedHat |
Linux Patching Deployment Procedures |
Oracle Enterprise Manager Linux, RedHat, SuSE Linux |
Undo Patching |
Oracle Enterprise Manager Linux, RedHat |
Channel management |
Oracle Enterprise Manager Linux, RedHat |
This section explains how you can patch Linux hosts. This section covers the following:
The following table describes the different phases involved in this Deployment Procedure:
Table 20-3 Deployment Phases for Patching Linux Hosts
Phase | Description |
---|---|
Package Repository Allows you to select the Linux distribution and the RPM repository. |
|
Select Updates Allows you to select the packages to be updated. |
|
Select Hosts Allows you to select the targets to be updated. |
|
Credentials Allows you to enter the credentials for the patching operation. |
|
Pre/Post Scripts Allows you to specify any scripts to be run before and after the patching job. |
|
Schedule Allows you to specify the schedule for the patching job. |
|
Review Allows you to review the information and submit the patching job. |
Before running the deployment procedure, ensure that you meet the following requirements:
Ensure that you meet the prerequisites described in the following sections:
Software Library must be configured in OMS.
All the target machines must have yum or up2date installed in it, and must also have sudo enabled for the patch user.
Follow these steps to patch Linux hosts using deployment procedures:
In the Deployments tab, click Patching through Deployment Procedures. Select Patch Linux Hosts and click Schedule Deployment.
In the Linux Distribution section, select the correct distribution and also select the update tool to use.
In the Package Repository section, click the torch icon to select the RPM Repository.
In the Select Updates page, select the packages to be updated.
In the Select Hosts page, select the targets to be updated. You can also select a group by changing the target type to group.
In the Credentials page, enter the credentials to be used for the updates.
In the Pre/Post script page, enter the pre/post scripts, if any.
In the Schedule page, enter the schedule to be used.
Review the update parameters and click Finish.
A deployment procedure will be submitted to update the selected packages. Follow all the steps of the procedure until it completes successfully.
Once the procedure is completed, you can view the updated versions of the packages by clicking Targets, selecting the target name, clicking Configuration, and then clicking Packages.
In the Linux Patching Home page, you can do the following:
Manage and monitor out-of-date and rogue packages for each host in the enterprise
Configure targets that need to be automatically updated
View compliance reports
The Compliance History page provides compliance details for the selected Group, for a specific time period. You can select the required time period from the View Data drop-down list and click Refresh.
At least one Linux patching group must be defined.
You must have View privileges on the Linux host comprising the patching group.
To view the compliance history of a Linux patching group:
In the Deployments tab, select Linux Patching.
In the Linux Patching page, under Related Links, click Compliance History.
In the Compliance History page, the Groups table in this page lists all the accessible Linux patching groups and the number of hosts corresponding to each group.
If there are multiple Linux patching groups, the Compliance History page will display the historical data (for a specific time period) for the first group that is listed in that table.
To view the compliance history of a Linux patching group, click the View icon corresponding to that group.
Note:
By default, the compliance data that is displayed is retrieved from the last seven days. To view compliance history of a longer time period, select an appropriate value from the View Data drop-down list. The page refreshes to show compliance data for the selected time period.Patch non-compliant packages from the Linux Patching home page.
Before patching non-compliant packages, ensure that:
A Linux Patching group is created and the Compliance Collection job has succeeded.
Do the following to patch non-compliant packages:
Log in to Enterprise Manager Grid Control.
In the Deployments tab, select Linux Patching.
In the Linux Patching page, in the Compliance Reporting section, select the Group and click Schedule Patching.
Control is transferred to the Credentials page of the "Patch Linux Hosts" deployment procedure. Click Back to change the list of packages to update or the targets to update.
Enter the credentials and click Next.
Enter the pre/post scripts, if any.
Enter the schedule.
Review the updated parameters and click Finish.
A deployment procedure is submitted to update the host. Check if all the steps finished successfully.
You can uninstall packages from the Linux Patching home page.
Before rolling back packages, ensure that:
A Linux Patching group is created.
The lower version of the package must be present in the RPM repository.
Do the following to uninstall or rollback packages installed:
Log in to Enterprise Manager Grid Control.
In the Deployments tab, select Linux Patching.
In the Linux Patching page, from the Compliance report table, click Undo Patching.
In the Undo Patching: Action page, select Uninstall Packages.
Select the Rollback Last Update Session option and click Next.
Select the Group and click Next.
In the Undo Patching: Credentials page, specify the credentials to be used while performing the undo patching job.
In the Undo Patching: Patching Scripts page, select the pre/post patching scripts if any.
Review the selected options and click Finish.
A job is submitted to rollback the updates done in the previous session.
Examine the job submitted to see if all the steps are successful.
You can register a custom channel.
Following are the prerequisites for registering a custom channel:
RPM Repository must be under /var/www/html
and accessible through http protocol.
Metadata files should be created by running yum-arch and createrepo commands.
Management Agent must be installed in the RPM repository machine and pointed to the OMS.
Do the following to register a custom RPM Repository in Enterprise Manager Grid Control:
Log in to Enterprise Manager Grid Control.
Go to Setup and select Patching Setup.
In the Linux Patching Setup tab, click the Manage RPM Repository link.
In the Manage Repository Home page, click Register Custom Channel.
In the Register Custom Channel page, specify a unique channel name.
Click Browse and select the host where custom RPM repository was setup.
Specify the path where RPM repository resides. The directory location must start with /var/www/html/
. Click OK.
A Package Information job is submitted. Follow the job until it completes successfully.
You can clone a channel.
Following are the prerequisites before you can clone a channel:
There must at least one channel already present.
Patching user must have read/write access in both the source and target channel machine.
Check if enough space is present in the target channel machine.
Patch user must have write access under the agent home. Patch user must have sudo privilege.
Follow these steps to clone a channel:
Log in to Enterprise Manager Grid Control.
Go to Setup and select Patching Setup.
In the Linux Patching Setup tab, click the Manage RPM Repository link.
Select the source channel that you want to create-like (clone) and click Create Like.
Enter the credentials to use for the source channel. The credentials must have both read and write access.
Enter a unique target channel name.
Click Browse to select the target host name.
Enter the directory location of the target channel. This directory should be under /var/www/html.
Enter the credentials to use for the target channel. This credential should have both read and write access. Click OK.
A Create-Like job is submitted. Follow the job until it completes successfully.
You can copy packages from one channel to another.
Following are prerequisites to copy packages from one channel to another:
Atleast 2 channels must be present.
Patching user must have read/write access on both the source and target channel machine.
The target channel machine must have adequate space.
Patch user must have write access under the agent home. Patch user must have sudo privilege.
Follow these steps to copy packages from one channel to another:
Log in to Enterprise Manager Grid Control.
Go to Setup and select Patching Setup.
In the Linux Patching Setup tab, click the Manage RPM Repository link.
Select the source channel and click Copy Packages.
Select the target channel.
From the source channel section, select and copy the packages to the target channel section.
Enter credentials for the source and target channels. These credentials should have read/write access to the machines. Click OK.
A Copy Packages job is submitted. Follow the job until it completes successfully.
You can add custom RPMs to a channel.
Following are the prerequisites for adding custom RPMs to a channel:
Atleast one channel must be present.
Patching user must have write access on the channel machine.
Patch user must have write access under the agent home. Patch user must have sudo privilege.
Follow these steps to add custom RPMs to a channel:
Log in to Enterprise Manager Grid Control.
Go to Setup and select Patching Setup.
In the Linux Patching Setup tab, click the Manage RPM Repository link.
Select the channel name where you want to add the RPM and click Add.
Select the source target name and the credentials to be used for the machine. The credentials you use must have read/write access.
In the Upload Files section, click the search icon to browse for the RPM files.
Enter the credentials to be used on the channel's machine. Click OK.
An Add Package job is submitted. Follow the job until it completes successfully.
You can delete a channel.
Following are the prerequisites for deleting a channel:
Atleast one channel must be present.
Patching user must have write access to delete the RPM files from the channel machine.
Patch user must have write access under the agent home. Patch user must have sudo privilege.
Follow these steps to delete a channel:
Log in to Enterprise Manager Grid Control.
Go to Setup and select Patching Setup.
In the Linux Patching Setup tab, click the Manage RPM Repository link.
Select the channel name you want to delete and click Delete.
If you want to delete the packages from the RPM Repository machine, select the check box and specify credentials for the RPM Repository machine. Click Yes.
If you have not selected to delete the packages from RPM Repository machine, you will get a confirmation message saying "Package Channel <channel name> successfully deleted". If you have selected the Delete Packages option, a job will be submitted to delete the packages from the RPM Repository machine. Follow the job until it completes successfully.
This section explains the configuration file management activities. In particular, this section covers the following:
Check if Software Library is already configured in OMS or not. If not configured, create one.
To create a configuration file channel, do the following:
In the Deployments tab, click Linux Patching, and then click Configuration Files. Click Create Config File Channel.
Enter a unique channel name and description for the channel and click OK.
You will see a confirmation message saying that a new configuration file is created.
You can upload configuration files.
Follow these steps to upload configuration files:
In the Deployments tab, click Linux Patching, and then click Configuration Files.
Select the file and click Upload Configuration Files.
You can either upload files from local machine (where the browser is running) or from a remote machine (agent should be installed on this machine and pointed to OMS). Select the mode of upload.
In the File Upload section, enter the file name, path where the file will be deployed in the target machine, and browse for the file on the upload machine.
For uploading from remote machine, click Upload from Agent Machine. Click Select Target and select the remote machine.
Before browsing for the files on this machine, set preferred credential for this machine.
After selecting the files, click OK.
You will see a confirmation message saying "Files are uploaded".
You can import files.
Follow these steps to import files:
In the Deployments tab, click Linux Patching, and then click Configuration Files.
Select the source channel and click Import Files.
Select the target channel.
From Source channel section, select the files and copy it to the target channel section. Click OK.
You will see a confirmation message saying, "Selected files are successfully imported".
You can deploy files.
Following are the prerequisites to deploy files:
Patch user must have write access under the agent home. Patch user must have sudo privilege.
There should be at least one channel with some files uploaded
Follow these steps to deploy files:
In the Deployments tab, click Linux Patching, and then click Configuration Files.
Select the source channel and click Deploy Files.
In the wizard that opens up, select the files that you want to deploy and click Next.
Click Add to select the targets where you want to deploy the files.
Enter the credentials for the selected targets.
Enter the Pre/Post scripts that need to be applied before or after deploying the files.
Review the deploy parameters and click Finish.
A Deploy job will be submitted. Follow the job's link until it completes successfully.
You can delete channels.
Follow these steps to delete a channel:
In the Deployments tab, click Linux Patching, and then click Configuration Files.
Select the channel to delete and click Delete. Click Yes.
You will see a confirmation message saying, "Config File Channel (channel name) successfully deleted".