14 Operating System Updates

This chapter describes the operating system update features that are available in the software.

The following information is included:

• Introduction to Operating System Updates

• Roles for Operating System Updates

• Actions for Operating System Updates

• Location of Operating System Updates in the User Interface

• Using System Catalogs

• About Operating System Update Reports

• Creating Update Policies

• Creating Update Profiles

• Updating Oracle Solaris 8, 9, and 10 and Linux Operating Systems

• Updating Oracle Solaris 11 Operating Systems

• Updating an Oracle Solaris Boot Environment

• Updating Microsoft Windows Operating Systems

• Related Resources for Operating System Updates

14.1 Introduction to Operating System Updates

Oracle Enterprise Manager Ops Center reduces the complexity of updating a large number of systems, standardizes the update installation process, minimizes downtime, and enables you to choose the level of automation.

You can maintain your Oracle Solaris, Linux, and Microsoft Windows operating systems to the recommended and latest updates and perform complex update tasks in a consistent manner. For most platforms, the update features help you to perform the following tasks:

• Manage different operating system update conditions that exist for installing an update

• Identify dependencies

• Download update packages or updates from the appropriate vendor sites

• Run an update simulation to test the update in your environment

• Rollback your systems to a previous state if an update is not stable in your environment

• Maintain consistent component configuration of your systems to the latest security updates

The list of supported operating system releases and functionality is available in the Oracle Enterprise Manager Ops Center Certified Systems Matrix Guide.

The update features include:

• Catalogs

• Reports

• Update Profiles

• Update Policies

• Deployment Plans

Oracle Enterprise Manager Ops Center provides one stop solution for all the requirements for updating your operating systems. You can use Update Profiles and plans to define which components must be installed and the level of automation during the installation.

You create update jobs with operating system update profiles and policies to update an operating system. OS update profiles and policies define which updates to install, and how the update job proceeds after determining the update dependencies and user interaction. A set of system-defined update profiles is available in the UI. You can copy the profiles and edit them to create your own customized profiles.

When you run an OS Update job, Oracle Enterprise Manager Ops Center performs the following actions:

1. Locks the asset.

2. Creates a snapshot for Oracle Solaris 8-10 and Linux operating systems.

3. Queues the job on the Enterprise Controller for the associated Proxy Controller. The Agent Controller retrieves the job and performs the tasks on the asset.

4. Saves the job log on the Enterprise Controller.

5. Unlocks the asset.

A variety of operating system reports are available to give you insight into the operating system compliance status, the state of your operating system update levels, and provide information about the recommended updates and packages.

You can view your managed operating systems with the All Assets view or the Operating Systems view, as shown in Figure 14-1 and Figure 14-2.

Figure 14-1 All Assets View

Description of "Figure 14-1 All Assets View"

Figure 14-2 Operating Systems View

Description of "Figure 14-2 Operating Systems View"

14.1.1 Requirements for Updating Operating Systems

The Enterprise Controller obtains information about latest updates from the Knowledge Base, Oracle Solaris 11 parent repositories on Oracle.com, and vendor sites. You must have an Internet connection to obtain the updates and packages from the various locations. In the absence of an Internet connection to the Enterprise Controller, you can get the latest updates by using a special script, called the harvester, to create local versions of the Knowledge Base and Oracle Solaris 11 Software Update Library. See the Oracle Enterprise Manager Ops Center Administration Guide for information about connection modes and how to use the harvester script.

The operating system update feature has the following requirements:

• Agent managed: Linux and Oracle Solaris 8, 9, and 10 operating system must be agent-managed to perform most operating system update tasks. You can update Oracle Solaris 11 and Microsoft Windows with an agentlessly managed operating system. See Using Agent Management for Operating Systems for details and how to switch management modes.

• Access to updates: The software is designed to use a secure Internet connection to obtain operating system updates as they become available. If you cannot use an Internet connection from within your datacenter, you can run the software in disconnected mode and download the latest updates to an external storage device and use that to update the software libraries.

• Established Software Update Library: For Linux or Oracle Solaris, you must create an update library to store the update information. See Chapter 5, "Software Libraries" for information on establishing and using software update libraries.

• Compatible configuration for Oracle Solaris 11: To update an Oracle Solaris 11 operating system, the Enterprise Controller and the Proxy Controller must be running on an Oracle Solaris 11 operating system.

• Valid update credentials: You must have update credentials for each platform vendor. You must provide a valid My Oracle Support (MOS) account for Oracle Linux and Oracle Solaris. Valid vendor credentials are required for SuSE Linux and Microsoft Windows. Typically, you supply the credentials when you install Oracle Enterprise Manager Ops Center. See Authentications in the Oracle Enterprise Manager Ops Center Administration Guide for how to add or edit your update credentials.

Manage the operating systems with an agent for the most robust feature set, including reports, monitoring, and analytics. See Discovering and Managing Assets for more about the discovery and management process. See Using Agent Management for Operating Systems for the differences between the two modes and how to change the agent management mode.

14.1.2 Methods of Running an Update Job

You can use the following methods to run an update job:

• Deployment plans that use the update profiles and policies. A deployment plan defines the profiles used, in some cases the plans used, and the sequence of operations (or steps). The following deployment plans include update: Install Server, Software Deployment/Update, and Update Solaris 11 OS.

• System catalogs for Oracle Solaris 8 - 10 and Linux.

• Reports.

• Update profiles.

14.1.3 Options Available When Running an Update Job

You have the following options available when running an update job:

• Select update profiles and policies.

• Select different targets for each task in the job.

• Select job simulation mode. Simulating a patching job helps to estimate the time required to run the job, to know the patch dependencies and the expected job result. In the simulation mode, you can select to download the required updates.

• Failure policy to determine the action when a task fails.

14.2 Roles for Operating System Updates

Table 14-1 lists the tasks that are discussed in this section and the role required to complete the task. An administrator with the appropriate role can restrict privileges to specific targets or groups of targets. Contact your administrator when you do not have the necessary role or privilege to complete a task.

See Asset Management for details on using the discovery feature to add assets and for more information on creating user-defined groups. Contact your administrator if you do not have the necessary role or privilege to complete a task. See the Oracle Enterprise Manager Ops Center Administration Guide for information about the different roles and the permissions they grant.

Table 14-1 Operating System Management Roles and Permissions

Task	Role
New Update OS Job	Update Admin
Deploy or Update Software	Update Admin
Simulate an OS Update	Update Admin or Update Sim Admin
Compare System Catalog	Update Admin
Create Catalog Snapshot	Update Admin
View and Modify Catalog	Update Admin
Update Management Credentials	Security Admin
Any Actions related to changing credentials	Security Admin
Import image	Storage Admin
Upload image	Storage Admin
Upload image	Storage Admin
Unconfigure, SCCM Configuration	Ops Center Admin
Reboot, upgrade Agent Controller	Asset Admin
Edit Tags	Asset Admin
Edit Attributes	Asset Admin

14.3 Actions for Operating System Updates

Two management modes are available, agent managed and agentlessly managed. To perform updates to your Linux or Oracle Solaris 8, 9, or 10 operating system, the operating system must be a managed asset. Oracle Solaris 11 and Microsoft Windows do not require an agent managed operating system.

You can manage your operating systems by installing an Agent Controller on the OS or by using SSH to perform tasks. You must have an agent managed operating system to use the OS Update features, including the system catalogs, OS update jobs, and reports. See Using Agent Management for Operating Systems for more details, including when an agent is required, how to determine the management mode, and how to change the management mode.

After you manage your assets, you can perform the following actions:

• Monitor your physical and virtual operating systems

• View OS utilization for Oracle Solaris and Linux operating systems

• Provision Oracle Solaris and Linux operating systems

• Manage Oracle Solaris boot environments

• Create a System Catalog

• Create an OS Report

• Update Oracle Solaris and Linux operating systems

• Update Microsoft Windows operating systems

14.4 Location of Operating System Updates in the User Interface

To see operating system information, expand Assets in the Navigation pane, then select the operating system. You can use the Operating Systems filter to just display the operating systems, as shown in Figure 14-3.

Figure 14-3 Operating System Filter

Description of "Figure 14-3 Operating System Filter"

14.5 Using System Catalogs

A system catalog is a software inventory of installed instances and versions of Oracle Solaris 8 - 10 OS updates, Linux RPMs, and local software. Oracle Enterprise Manager Ops Center automatically takes a snapshot of the operating system after executing any job on the OS, including when you discover and manage the operating system, start the Agent Controller, and when you update the operating system. A snapshot is stored on the Enterprise Controller as a catalog with the time stamp and job details after every update job that you run on a system.

Note:

Oracle Solaris 11 operating systems do not have or use snapshots. or system catalogs. Instead, the Oracle Solaris 11 operating system manages the OS packages.

You can create a new catalog at any time and use it to record the state of a system. Catalogs enable you to rollback your system to any previous configuration or to create a profile that you can use to apply a consistent configuration throughout your data center.

The Catalog List contains all of the snapshots. When you create a historical catalog, the current state of the selected system is identified and stored as the previous catalog of the system. The saved previous catalog is the most recent system catalog.

Note:

You can create a historical catalog only for the current state of the system.

The catalog list always provides the listing of the most recent catalog. The software updates the catalog list whenever you update a system or create an historical catalog. You can identify the current catalog by the time stamp. You can use an historical catalog to create a profile and apply it to configure other systems.

14.5.1 Viewing and Modifying a Catalog

When you are using dual boot environments for Oracle Solaris Live Upgrade (Oracle Solaris 10), the catalog displays the inventory of the active boot environment of the operating system. To view the catalog of an alternate boot environment (ABE), you must first activate the ABE from the UI, and then wait for the job to finish. The software updates the current catalog and contains the ABE catalog information and OS software components. This automatically updates the catalog of any zones.

When you have an alternate boot environment, you cannot create and compare catalogs until you activate the ABE. By default, only the catalogs of the active boot environment are compared.

14.5.2 Comparing System Catalogs

You can compare two managed systems or two system catalogs for differences in the installed update components. You can also compare the current system catalog and saved snapshots of the same managed system to examine the differences in the components that are installed and uninstalled after executing a job.

Use the Compare Catalogs option to change the software components of a particular operating system to that of the source system.

The following options are available when you compare catalogs:

• Differences Between Systems: Displays the difference between the source and the target systems update components. The difference appears in the Compare Catalog window.

• Tasks to Make Target Like Source: Creates the list of components that must be installed on the target system. Select Include for the components to install on the target system.

14.6 About Operating System Update Reports

To ensure that your managed systems are up-to-date, you must determine which updates (packages and patches) and actions to apply to your system. The OS update reports help you to determine the updates that are applicable to your systems and how many of the applicable updates are compliant or not compliant for the selected systems.

The OS Update reports enable you to check for new updates and update your systems. You can get a general report, or test a system for available fixes.

When you create a report, you select the criteria that are relevant to you, such as a list of hosts that have a specific patch or a list of hosts that do not have a specific patch. See Creating an Operating System Report in Chapter 10 for detailed information about OS Update reports and Table 10-3 for a list of available reports for operating system.

14.7 Creating Update Policies

An Update policy defines the level of interaction required during an OS update job for Oracle Solaris and Linux operating systems. Policies define how to answer any questions that are raised during installation, uninstallation, or upgrade of Oracle Solaris and Linux updates.

The following system-defined policies are available in the software:

• Ask for All: The software stops the update job for each action and consults you on all action to take.

• No to All: The software denies all actions.

• Yes to All: The software confirms all actions.

Note:

By default, all operating system update plans use the yes to all policy.

You can create customized policies that answer differently depending on the specific OS update component. For example, when you want to review the questions and manually supply answers for patch 121288, which is part of the Oracle Solaris 10 Recommended updates from February 23, 2012, you can choose to set a specific policy for that patch, as shown in Figure 14-4.

Figure 14-4 OS Update Policies and User Defined Policy Details

Description of "Figure 14-4 OS Update Policies and User Defined Policy Details"

Policy settings are hierarchical. When there is not a policy setting for a component, the policy for that component's parent applies. For example, it is possible to create a policy that allows the system to install a given component but prohibits installation of certain specific versions of that component.

Note:

The policy only applies to actions that are implicitly generated by the dependency resolver. If a conflict occurs between a profile and policy, the profile overrides the policy.

The update policy is not applicable when updating Microsoft Windows operating systems.

To Create a User-Defined Policy

1. Expand Plan Management, then click Update Policies in the Navigation pane.

2. Click Create Policy in the Actions pane.

3. Identify the policy by providing a name and description.

4. Click the Available Packages / Patches tab to view all available packages and updates. Use the search criteria to refine the list:

   • Distribution: The operating system distribution, such as Oracle Solaris 9 for SPARC, Oracle Solaris 10 for SPARC, or Oracle Solaris 10 for x86

   • Category: Package category, such as Cluster, Recommended Software Configuration, or Hardware

   • View: View all, available, withdrawn, modified packages/updates, or reboot

   • Version: View All Versions or filter for the Latest Versions

   Figure 14-5 Create OS Update Policy

   
   Description of "Figure 14-5 Create OS Update Policy"
   
   

5. Select the component, then click an icon for the type of policy you want for the component, either Answer Questions Yes, Answer Questions No, or Answer Questions Ask User.

6. (Optional) To view details of the component, click the View icon.

7. Click Create OS Update Policy.

14.8 Creating Update Profiles

An update profile defines the component configuration of the systems that you want to manage. Update profiles specify which components are to be installed and which are prohibited, and any additional actions to be performed on an Oracle Solaris or Linux OS.

Use profiles to accomplish the following:

• Manage multiple systems in a consistent manner

• Automate repetitive administration jobs

• Record the requirements of your enterprise

• Automatically configure servers and workstations

• Manage dependencies and ensure consistency

The profile settings Required, Not Allowed, and Upgrade affect a managed host only during the actual deployment of that profile. At any time, you can run a job that contradicts the settings of a previously used profile; therefore you must understand your system settings and requirements thoroughly.

Predefined profiles are provided to perform common system-wide checks and to automate the operating system updates. These profiles cannot be edited or deleted.

You identify the profile type when you create the profile. The profile type is a tag that filters the required profiles when you create a deployment plan.

The following are profile types:

• Install: Indicates that new components are added, or installed. Use the Install profile type for Oracle Solaris operating system updates, baselines, and patchclusters.

• Upgrade: Indicates that existing components are upgraded.

• Script: Indicates that action scripts are executed.

  Note:

  You can create profiles that perform all of the actions for the profile type. The profile tag filters the required profiles in deployment plans. See About Complex Deployment Plans for more information.

To Create a New Profile

1. Expand Plan Management, then click Update Profiles in the Navigation pane.

2. Click Create New Profile in the Actions pane.

3. Enter a profile name and brief description of the profile.

   1. Enter a name and description for the profile.

   2. Select a Profile Type tag, either Upgrade, Install, or Script, to categorize and filter the profiles later.

   3. Select a distribution from the drop-down list. For example, SOLARIS10_SPARC.

   4. (Optional) You can further define the criteria by choosing a category, view, and version from the drop-down lists.

   Figure 14-6 OS Update Profile Search Criteria

   
   Description of "Figure 14-6 OS Update Profile Search Criteria"
   
   

   Figure 14-7 Create an OS Update Profile

   
   Description of "Figure 14-7 Create an OS Update Profile"
   
   

4. Locate and select a Component from the Component tree.

5. If required, select the check box to specify that the component is added to all applicable distributions.

   Note:

   This only applies to distributions that are active at the time the profile is created. As new distributions are activated you must edit the profile to explicitly add any components for those distributions.

6. Specify whether the action is Required, Upgrade, or Uninstall.

   Note:

   Some actions might not apply. For example, a component cannot be Required if the system does not have the information about how to obtain the component.

7. (Optional) You can repeat the preceding actions to select multiple components for the same or different operating systems.

8. Click Save as Named Profile. When an existing profile has the same name, you are asked to confirm that you want to replace the profile.

   Note:

   You cannot replace system-defined profiles.

14.9 Updating Oracle Solaris 11 Operating Systems

Oracle Solaris 11 uses a different update mechanism than earlier versions of the operating system. Oracle Solaris 11 uses packages to update the operating system and any non-global zones. The packages are part of an Image Packaging System (IPS) that is integrated with the ZFS file system.

When you install Oracle Enterprise Manager Ops Center on an Oracle Solaris 11 operating system, you create a local software package repository. The repository, called the Oracle Solaris 11 Software Update Library, is either on a file system on the same system as the Enterprise Controller, or on an NFS server share that the Enterprise Controller can access. You will populate the local library with packages from the parent repository instead of the Knowledge Base.

Note:

To update an Oracle Solaris 11 operating system, the Enterprise Controller and Proxy Controller must be running on an Oracle Solaris 11 operating system. When Oracle Enterprise Manager Ops Center is not running on Oracle Solaris 11, the Oracle Solaris 11 update actions are not available.

The ZFS integration automatically creates an alternate boot environment every time an operating system is installed or updated. You can quickly and easily create an alternate boot environment when needed, and manage existing boot environments. Using an alternate boot environment provides a safe method of testing an update before deploying it to your live environment.

Unlike earlier versions of Oracle Solaris, you cannot run an ad-hoc operating system update job or browse package contents for Oracle Solaris 11. The best method of updating an Oracle Solaris 11 operating system is with a deployment plan.

To upgrade the operating system to the latest version of the Oracle Solaris 11 package, choose Upgrade all components.

Before you run an update job, verify that the Oracle Solaris 11 Software Update Library contains the package, or latest version of the package, that you want to use. See Libraries for Oracle Solaris 11 for more information.

Note:

An Oracle Solaris 11 OS update job installs the latest available version of Oracle Solaris 11. An Oracle Solaris 11 OS provisioning job will install a specific Oracle Solaris 11 SRU version.

You will complete the following actions to update your Oracle Solaris 11 operating system:

1. Create an Oracle Solaris 11 update profile.

2. Optionally, create operational profiles that contain scripts to perform preinstall and postinstall actions.

3. Create an Oracle Solaris 11 update plan.

4. Select the target asset, then select the Deploy/Update Software action.

All update plans use the yes to all policy by default. If you do not want to automate the update by answering yes to all questions, you can create one or more customized update policies.

Create an update profile to define the images to use. After you have created the profile, you can create a deployment plan and choose the update and operational profiles to perform the tasks that you want for that plan. You can copy and edit plans to create customized plans for different purposes or targets.

An Oracle Solaris 11 update deployment plan provides a framework of steps and actions that you can perform to update your Oracle Solaris 11 operating systems.

The Oracle Solaris 11 Update deployment plan is a multi-step plan. The Update OS step is required, all other steps are optional. You cannot add steps to this type of plan.

Figure 14-8 Oracle Solaris 11 Deployment Template

Description of "Figure 14-8 Oracle Solaris 11 Deployment Template"

The Oracle Solaris 11 Update deployment plan includes the following steps:

1. Update Configuration: A profile is not attached to this step. The configuration is not required. At runtime, you can choose the type of update job, either an update simulation or an actual job.

2. Preinstall script: Optionally, you can associate an operational profile that contains a script that performs an action before you apply the update.

3. Create an alternate boot environment: You can create an alternate boot environment before the update job. This is optional.

4. Update the operating system: The profile that applies the update packages.

5. Post install script: Optionally, you can associate an operational profile that contains a script that performs an action after you apply the update.

6. Monitoring: Optionally, you can enable monitoring.

You can choose a failure policy for the plan, either to stop the update when a failure occurs, or to complete as many of the steps as possible.

14.10 Updating Oracle Solaris 8, 9, and 10 and Linux Operating Systems

You will use a similar methodology and set of procedures to update your Linux and Oracle Solaris 8, 9, and 10 operating systems.

You can use the following update methods and options to update these operating systems:

• Use predefined or custom profiles and associated deployment plans to update a system or group of systems.

• Use a system to create a simple update job without creating a profile. Use this method to apply a single patch quickly.

• Use the compliance reports output to update your OS. Use this method to make your systems compliant with newly released updates.

• Use compare catalogs to roll a system back to its previous state.

Table 14-2 Methods of Creating an Operating System Update Job

Update Method	Oracle Solaris 8, 9, and 10	Linux
Create and deploy an Update Plan	Yes	Yes
Create a new Update OS Job	Yes	Yes
Create Update Profile and Policy	Yes	Yes
Modify or compare a System Catalog	Yes	Yes
Create an Oracle Solaris Update Compliance report	Yes	No
Create a Compliance Report	Yes	No

In addition to the methods described previously, you can use Live Upgrade and alternate boot environments to update your Oracle Solaris OS with a minimum of downtime.

14.10.1 About Operating System Update Jobs

Creating a new update job enables you to use custom or predefined profiles. Use this method for complex update scenarios or to apply updates consistently across many systems. You can run the OS update plan in simulate or deploy mode. In simulate mode, you can choose whether to download the updates.

The New Update OS Job option enables you to create customized update jobs. When creating a job, you define how the software performs the job, set the automation level of the job, and select a policy from the list of available policies. You can run the job in simulation mode or run the actual job. Simulation mode determines the actions and results of a job, and estimates the amount of time required to complete the job. You can use a job simulation to determine if your job can succeed based on your policy and profile responses. You can run a simulation with or without downloading updates.

Note:

To use an alternate boot environment (ABE) and run ABE pre-action scripts for Solaris OS, see the procedures in Oracle Solaris Boot Environments.

14.10.2 Updating an Operating System From a Deployment Plan

Deployment plans enable you to control how the update is performed and apply updates consistently across many systems. With this method, you can use custom or predefined profiles to perform complex update scenarios or to apply updates consistently across many systems.

You can use the following deployment plan templates to update a supported operating system:

• Software Deployment/Update: Use this plan to apply script based update profiles.

• Configure Server Hardware and Install OS: Use this plan to configure a service processor or a chassis, provision OS and update the OS.

• Configure and Install Dynamic System Domain: Use this plan to create dynamic system domains, provision and update OS on the domains.

• Install Server: Use this plan to provision and update the OS.

You will complete the following actions to use plans to update your Oracle Solaris or Linux operating system:

1. Create an OS update profile.

2. Optionally, create operational profiles that contain scripts to perform preinstall and postinstall actions.

3. Create a deployment plan.

4. Complete the plan, select the target asset, then select the Deploy/Update Software action.

The settings and values in the profiles bound to each step are defaults. You can modify the settings and values when you apply the plan. The profile settings and values are constrained by the target systems to which the plan is applied. All update plans use "yes to all" policy.

14.10.3 Updating an Operating System by Modifying a System Catalog

A system catalog contains a list of operating system software components that are installed on a managed system. Catalogs provide the capability to directly manipulate the installed software components on a single operating system or a group of operating systems.

Updating an operating system by modifying a system catalog provides the following advantages:

• Enables you to create a quick ad hoc job

• Provides an easy method of applying a single patch, baseline, or package

• Enables you to update an operating system without creating a profile for a one-time job

14.10.4 Updating an Operating System From an Operating System Report Result

You can generate compliance reports for an operating system from which you can create an operating system update job.

The Oracle Solaris Update Compliance report is similar to a Recommended Software Configuration report. The report uses the Oracle Solaris update patch bundles as the recommended software configurations. You can use this report to check how compliant a system is with a particular Oracle Solaris update and bring the operating system into compliance.

See Chapter 10, "Reports" for information about generating these reports. You can generate these reports for non-compliant components. The report result appears with the option to install the updates, packages, updates, and incidents.

The report results are stored in the database associated with the Enterprise Controller. The software maintains a history of the reports for analysis purposes.

From the report result, you can initiate a job to install the non-compliant component updates. The New Update OS Job Wizard starts, enabling you to enter job information and to schedule the job. The required data for profiles, policies, and targets are automatically pre-populated in the New Update OS Job Wizard.

Note:

Updating a version of Oracle Solaris is not the same as upgrading to a new version.

For example, you can run the Oracle Solaris Update Compliance reports for Oracle Solaris update releases and bring systems into compliance with those bundles. Oracle Solaris update release bundles contain the equivalent set of updates to the corresponding update. You can use them to bring pre-existing packages up to the same software level as the corresponding update. However, this feature does not perform a full Oracle Solaris upgrade from one release to another. The update release bundles do not contain additional packages that are in the update releases and they do not change the first line of /etc/release to specify an upgrade has taken place, although they do append a line to /etc/release to specify that the update bundle is applied.

14.10.5 Using a System Catalog

A system catalog is a list of operating system software components that are installed on a particular managed system. An initial catalog is created after the system is discovered and managed.

After an operating system is available and selected, you can view and modify the catalogs and create historical catalogs (snapshots of the system).

Modifying a catalog is an alternate way to run an operating system update job to install, uninstall, or upgrade a component. Modifying a catalog does not require an update profile to run the update job and is a quick way of changing the component configuration of a system.

You can compare the system catalogs of two managed systems, view the summary of the comparison, and you can choose to make the target system the same as the source system.

Catalogs provide the capability to directly manipulate the installed software components on a single operating system or a group of operating systems. Alternatively, a catalog can be saved as a profile, and then an operating system update job can be run using this profile.

You can run an operating system update job, or you can use the simulate feature to run an update simulation before you apply updates.

Create an Update Profile From a System Catalog

You can save the catalog of a system as a profile. Using this profile, you can create the systems with the required configuration in your data center.

14.11 Updating Linux Operating Systems

Use profiles and associated deployment plans to update Linux on a single system or on a group of systems, use the New Update OS Job option to create a customized update job, or use a report to update your Linux operating system. You can use the Host Compliance Report or System Catalog Report to update your Linux operating system.

See Chapter 10, "Reports" for information about the types of reports available for Linux. See the Oracle Enterprise Manager Ops Center Certified Systems Matrix for a list of supported Linux operating systems.

Custom or predefined profiles enable you to perform complex update scenarios and to apply updates consistently across many systems.

The following deployment plan templates are available for updating a Linux operating system:

• Software Deployment/Update: Use this plan to apply script-based update profiles.

• Configure Server Hardware and Install OS: Use this plan to configure a service processor or a chassis, provision OS and update the OS.

• Configure and Install Dynamic System Domain: Use this plan to create dynamic system domains, provision and update OS on the domains.

• Install Server: Use this plan to provision and update the OS.

Complete the following actions to use plans to update your Linux operating system:

1. Create an OS update profile.

2. Optionally, create operational profiles that contain scripts to perform preinstall and postinstall actions.

3. Create a deployment plan.

4. Complete the plan, select the target asset, then select the Deploy/Update Software action.

The profile settings and values for each step are the default settings and are constrained by the target systems to which the plan is applied. All update plans use a yes to all policy. You can modify the settings and values when you apply the plan.

Creating a new update job enables you to use custom or predefined profiles. Use this method for complex update scenarios or to apply updates consistently across many systems. You can run the OS update plan in simulate or deploy mode. In simulate mode, you can choose whether to download the updates.

To create a customized update job, use the New Update OS Job option. When creating a job, you define how the software performs the job, set the automation level of the job, and select a policy from the list of available policies. You can run the job in simulation mode or run the actual job. Simulation mode determines the actions and results of a job, and estimates the amount of time required to complete the job. You can use a job simulation to determine if your job can succeed based on your policy and profile responses. You can run a simulation with or without downloading updates.

14.11.1 Determining if the Latest RPM Package Manager is Installed

Use the Service Pack Compliance report to help you to determine if a system is compliant with a service pack. The report provides information on updates created by the publication and release of a service pack, enabling you to determine whether the target system has the latest service package installed. For example, you can run the Service Pack Compliance report and identify required security updates based on packages that have a security flag.

The report results identify whether the operating system is compliant with a specified package. If the operating system is not compliant, the results suggest a course of action. When you have a package that is older than the selected pack, the report will recommend that you upgrade to that package. When the operating system has a package that is newer than the selected package, the report will recommend that you downgrade to the package you selected from the Services menu. For example, if you installed a newer kernel version, the report results recommend downgrading to the version that is in the package you selected.

To Determine if the Latest RPM is Installed

1. Expand Reports, then click Additional Reports in the Navigation pane.

2. Click Service Pack Compliance Report in the Actions pane.

3. Type a report name and, optionally, a description.

4. Select Not Compliant.

5. Select an RPM package from the Services list, then click Next.

   Figure 14-9 Service Pack Compliance Report

   
   Description of "Figure 14-9 Service Pack Compliance Report"
   
   

6. Expand Servers in the Select Targets pane and select a Linux operating system. Click Add to Target List, then click Next.

7. Click Run Report.

14.11.2 Uploading RPMs

Oracle Enterprise Manager Ops Center automatically uploads RPMs when a New OS Update job is launched, or when you choose to run an OS Update job simulation and select the option to download the patches. Outside of an update job, you can use the Bulk Upload Packages and Patches option to upload all RPMs from a DVD or from the YUM repository. See Uploading Software in Bulk for more information. To upload a single RPM, use the Upload Local Software option, as described in Uploading a Local Software Package.

14.12 Updating an Oracle Solaris Boot Environment

You always need an update profile to update an Oracle Solaris Boot environment. You can use the update profile in an update deployment plan or the Update Job Wizard.

You can update an alternate boot environment as part of a Software Deployment / Update deployment plan by selecting the alternate boot environment as the target. See the Oracle Enterprise Manager Ops Center Updating Your Oracle Solaris 10 Operating System for an example of how to use this plan.

You can create a customized update job, including the option to use an alternate boot environment (ABE) to perform a live upgrade of your Oracle Solaris 10 operating system. With Live Upgrade, you create an inactive ABE, update and patch the ABE, synchronize the ABE and BE, and then switch boot environments. When you switch boot environments, the patched and tested ABE becomes the active boot environment.

Note:

Do not use Live Upgrade on your Enterprise Controller or Proxy Controllers. Live Upgrade does not synchronize all of the files that are required for these components.

You must run a separate update job for systems that use an ABE from those that do not use an ABE. When creating a job, you must define the following job parameters:

• Name and description of the update job.

• Alternate Boot Environment: Whether to use an alternate boot environment.

• Profile: Defines what updates are to be installed, uninstalled, or updated on an operating system. Select a profile from the list of predefined and customized profiles.

• Policy: Defines how a job is performed and sets the automation level of the job. Select a policy from the list of available policies. You can also create your own policies.

• Target Settings: Defines whether the target is different or similar for each task in the job.

• Actual Run: Defines whether this job is in simulation mode. You can choose to deploy the job, or to run a job simulation. A job simulation determines the actions and results of a job, and estimates how much time is required to complete the job. A job simulation also indicates whether your policy and profile responses will enable the job to succeed.

• Task Execution Order: Specifies whether the tasks is run in parallel or sequentially.

• Task Failure Policy: Specifies the action to take if a task fails.

• Targets: Select one or more target hosts for this job.

To create an ABE as part of this job, you must write at least one script that uses the lucreate command and then upload the script to the Local Content.

Note:

The ABE name defined in the script must match the ABE name that you use when you run the update job to create the ABE.

To Update a Boot Environment

Perform the following steps to update a boot environment:

1. Click Assets in the Navigation pane.

2. Expand All Assets, or use the All Assets filter to locate the Oracle Solaris 10 operating system instance.

3. Click New Update OS Job from the Actions pane. The New Update OS Job Wizard is displayed. The Job Information window is displayed first.

4. Complete the following Job parameters:

   • Type a job name.

   • Select the Run Type:

     • Simulation. To download the required updates as part of the simulation, select the Download check box.

     • Actual Run. Updates the operating system.

   • Select the task execution order:

     • Sequential

     • Parallel

   • Choose the Target Setting:

     • Use the same Targets for all tasks in the job

     • Use different Targets for each task in the job

   • Choose the Task Failure Policy:

     • Complete as much of the job as possible

     • Stop at failure and notify

   • Select the ABE check box.

   • (Optional) To create an alternate boot environment during this job by running an ABE Pre-Action Script, click the Enable check box.

     Note:

     You must create the script and upload it to the library before you can use this option.

5. Define the profile, policy and target for each task, or edit the profile and policy.

6. (Optional) To edit the profile or policy of the default task, click the Profile or Policy cell for the task to display a drop-down menu. Select the profile or policy from the menu.

7. (Optional) To add a new task, click the Add (+) icon.

   • A second row appears. Click the Profile cell for that row to display a drop-down menu. Select the new profile that you want to add.

   • To change the policy for the new profile, click the Policy cell and select a new policy from the drop-down menu.

   • When you chose the parameter to use a different target for each task, click the Targets cell to display the Select Targets page. Select one or more target from the list of Available Items, then click Select to include the asset in the Target List. Click Add to Target List to close the page.

   • Click Next.

8. If you selected the option to create an ABE as part of the job, the Create ABE page appears.

9. When you have only one ABE, the Boot Environment Workflow page appears, go to step 10. When you have multiple alternate boot environments, the ABE Selection page appears.

   • One or more of the targets has more than one possible associated ABE. Select the ABE from the drop-down menu for each of the Targets. You can use the Select ABE field to filter for the ABE name.

   • Click Next. The Boot Environment Workflow page is displayed.

10. If you selected Simulation in the job parameters, the boot environment workflow cannot be edited. Skip to step 12.

11. If you selected Actual Run in the job parameters, you can edit the pre-actions and post-actions in the workflow.

    • Pre-actions by default will unmount and then mount the ABE. To synchronize the ABE with the BE before mounting, click the Sync ABE check box.

    • Post-Actions by default will unmount the ABE.

      • Click Modify Current BE to edit the description of the current boot environment. You might use this to describe the state of the current BE. For example, Boot environment running Oracle Solaris 10 5/08 operating system before applying the Oracle Solaris 10 operating system September baseline.

      • Click Modify Alternate BE to edit the description of the ABE. You might use this to describe the state of the ABE. For example, boot environment running Oracle Solaris 10 5/08 operating system after applying the Oracle Solaris 10 operating system September baseline.

    • Click Activate and Reboot ABE to switch boot environments after update.

12. Schedule the job, then click Next.

    • Run Now starts the job immediately after you click Finish in the Job Summary.

    • Start Date enables you to select a date and time to start the job.

    • On a recurring schedule enables you to run the same job on a monthly or daily scheduled time.

13. Review the Job Summary, then click Finish to run the job as scheduled in the previous step.

14.13 Updating Microsoft Windows Operating Systems

You can update your managed Microsoft Windows operating systems by using the Microsoft System Center Configuration Manager (SCCM) and Windows Management Instrumentation (WMI) software.

Oracle Enterprise Manager Ops Center uses the Microsoft SCCM 2007 and WMI software to update your managed Windows operating systems. The Windows Update function depends on the SCCM's agent installed on the managed systems.You can configure SCCM to install agents on your managed Windows systems either automatically or through a manual process.

You must have access to SCCM software that is configured for software updates. The Enterprise Controller connects to the SCCM software to get the latest updates and packages. The SCCM software connects to the Microsoft website through the Internet and downloads the metadata that is used for compliance analysis. You can connect Oracle Enterprise Manager Ops Center to the Microsoft website to download updates that are then handled by SCCM for installation.

You do not need any authentication to access the Microsoft website. However, you must provide authentication information to access the SCCM server.

14.13.1 About Windows OS Update Jobs

Oracle Enterprise Manager Ops Center contains the following options in an update job to maintain control and consistency across your data center:

• Groups: Help you to organize your assets in the user interface and act as targets for many types of jobs.

• Roles: Determine the tasks that you can perform on a specific piece of an asset or a group of assets.

• Reports: Enable you to run compliance reports and create update jobs from the compliance reports.

You can define the following job parameters while creating a windows update job:

• Name and Description: Identify the name of the report against which you want to create a Windows operating system update job. Provide a detailed description that clearly identifies the job in the historical record.

• Reboot behavior: Enables you to select the reboot behavior when a reboot is required after running the new update job. You can choose to reboot the system immediately following the update operation or to reboot the system at the default setting of the SCCM server.

• License Terms: Enables you to review the license terms and either accept or decline them. The License Terms window appears only when the updates in the report require you to review the License Terms.

• Schedule: Enables you to schedule when the update job runs.

14.13.2 Modify the Registry

Due to some changes that Microsoft introduced for registry key ownership, you must manually modify the registry and change the ownership permissions for the Administrators group.

Note:

You must modify the registry on a Windows Server 2008 R2. Other Windows servers, such as 2008 Server SP2, do not require you to modify the registry.

14.13.3 Configure Oracle Enterprise Manager Ops Center for Updating the Windows Operating System

Oracle Enterprise Manager Ops Center uses the DCOM wire protocol (MSRPC) to access the Windows Management Instrumentation (WMI) and get Windows update information. It uses the software update capability of the Microsoft System Center Configuration Manager (SCCM) to update any managed Windows operating systems.

Before you can use the software to update your Windows systems, configure it to interact with the identified Microsoft System Center Configuration Manager (SCCM). In addition, you might need to modify the WMI registry.

To configure Oracle Enterprise Manager Ops Center to interact with the identified SCCM, you must have the following credentials:

• SCCM Server

  • Server Name

  • Domain Name

  • Site Name

  • User Name

  • Password

• SCCM Share

  • URL

  • Domain Name

  • User Name

  • Password

The configuration information appears in the Configuration tab of the Windows Update window.

Note:

Oracle Enterprise Manager Ops Center uses the same SCCM credentials to access the SCCM server and enable the SCCM share. Use the <domain> format for the Domain Name field. Do not use the <domain>\<username> format. Entering an incorrect format for the Domain Name field returns a configuration task. In this case, unconfigure the SCCM and configure the SCCM again with the correct format for the credentials.

14.13.4 Creating an Update Job for the Windows Operating System

You can use the output from compliance reports to update your Windows operating system to comply with the newly released updates.From the results of the Windows Host Compliance Report and the Windows Incident Compliance Report, you can make your systems compliant by initiating an update job for the Windows operating system.

Figure 14-10 Process for Updating Windows Operating System

Description of "Figure 14-10 Process for Updating Windows Operating System"

The Create New Windows Update Job Wizard enables you to create an update job. When creating a new update job, you must define the following job parameters:

• Name and Description for the new Windows software update job.

• Reboot behavior: Lets you select whether you want the system to reboot immediately following the update operation or at the default setting of the SCCM server.

• License Terms: Lets you review the license terms and either accept or decline them. The License Terms window appears only when the updates in the report require license terms that must be reviewed.

• Schedule: Lets you decide how you want to schedule the execution of the new update job.

14.14 Related Resources for Operating System Updates

For instructions in performing actions or to learn more about the role of this feature, go to one of the following resources:

• See Chapter 5, "Software Libraries" for how to add and update operating system packages and images.

• See Chapter 12, "Operating System Management" for details on managing operating systems, including Using Agent Management for Operating Systems, Overview of Oracle Solaris Boot Environments, Overview of Oracle Solaris 11 Boot Environments, and Overview of Oracle Solaris 10 Boot Environments.

• See Chapter 10, "Reports" for details on the operating system Update reports.

• See Chapter 18, "Oracle Solaris Zones" for information about zones and how you can use Oracle Enterprise Manager Ops Center to efficiently manage all phases of zones lifecycle.

For end-to-end examples, see the workflows and how to documentation in the Deploy How To library at http://docs.oracle.com/cd/E40871_01/nav/deployhowto.htm and the Operate How To library at http://docs.oracle.com/cd/E40871_01/nav/operatehowto.htm.

For in-depth information about these products, see the following Oracle documentation:

• For a list of the Oracle Linux documentation available in HTML and PDF formats, visit the Oracle Linux Documentation website at >>http://www.oracle.com/us/technologies/linux/index.html.

• Transitioning From Oracle Solaris 10 to Oracle Solaris 11 Guide at http://docs.oracle.com/cd/E23824_01/html/E24456/docinfo.html

• Oracle Solaris 11 Information Library at http://docs.oracle.com/cd/E23824_01/index.html

• For a list of the Oracle Solaris 10 documentation available in HTML and PDF formats, visit the Oracle Solaris 10 Documentation website at http://www.oracle.com/technetwork/documentation/solaris-10-192992.html.

• For a list of the Oracle Solaris 8 and 9 documentation, visit the Legacy Solaris Documentation website at http://www.oracle.com/technetwork/documentation/legacy-solaris-192993.html.