Configuring Patch Schedules

Describes the steps to add and schedule a patch.

Leave Feedback

Introduction

Patching consistently ensures complete protection against any security threat for your resources. Configuring the patch schedule allows you to decide when to apply the patch updates.

Adding and scheduling patches

To add a patch configuration:

  1. From All Clients, select a client.
  2. Go to Automation > Patch Management > Patch Configuration and click Add.
  3. From Add Patch Configuration, provide the following:
    • Select Client
    • Patch Configuration Name: Refers to the name for the patch ready for installation.
    • Description: Refers to the details of the patch.
    • Apply To: Refers to applying the patch to Desktops or Servers.
    • Resource Groups: Refers to applying patches to Windows and Linux devices in the resource groups.
  4. After providing the basic details, navigate to Assign Devices section.
  5. From Assign Devices, select the devices from the Available Devices section.
    The selected devices appear in the Assigned Devices section.
  6. After selecting the devices, navigate to Approval Type.
  7. From Approval Type, select one of the following options:
    • Manual Approve
    • Auto Approve
  8. After selecting Approval Type, navigate to Reboot Options.
  9. From Reboot Options, select one of the following options:
    • Do not reboot
    • Reboot after install if required
  10. After selecting the reboot options, navigate to Patching Schedule section.
  11. From Patching Schedule, provide details for the following parameters:
    • Start Date
    • Recurrence Pattern
  12. Select the check-box to select the following parameters:
    • Enable patching during shutdown/reboot
    • Enable maintenance
  13. Click Add Users. The selected users receive an email notification after completing the patch configuration job.
  14. Click Finish.

Internal patch configuration process

After the patch configuration job begins, the agent executes the following:

Step 1: Agent receives control MSG xml (as seen in debug logs)

<cm><id>MISSING_PATCH_DL_IN</id><reqid>2018-06-25 06:49:14</reqid><params>2</params></cm>

Step 2: Agent sends response

<cm><id>RES_MISSING_PATCH_DL_IN</id><response><![CDATA[<winadviceinfo><result params=”2″>success</result><reqid>2018-06-25 06:49:14</reqid></winadviceinfo>]]></response></cm>

Step 3: Agent receives control MSG xml

<cm><id>MISSING_PATCH_DL_IN_LIST</id><reqid>0</reqid><params><ps><p><name>fcoe-utils-1.0.28-6.el6.x86_64 — “”</name><name>curl-7.19.7-53.el6_9.x86_64 — “”</name><name>libtiff-3.9.4-21.el6_8.x86_64 — “”</name><name>efibootmgr-0.5.4-15.el6.x86_64 — “”</name><name>grep-2.20-6.el6.x86_64 — “”</name></p><list>0</list></ps></params></cm>

The agent saves the kbid in path location /opt/opsramp/agent/tmp/approved_pkgs.json file.

Step 4: Agent runs patch install job

The following commands are used (depending on the OS) to generate a patch_install_result.json file in path location /opt/opsramp/agent/tmp/patch_install_result.json:

  • Ubuntu – /usr/bin/python /opt/opsramp/agent/lib/apt_frame.py install
  • CentOS, Fedora – /usr/bin/python /opt/opsramp/agent/lib/yum_frame.py install
  • SUSE - /usr/bin/python /opt/opsramp/agent/lib/zypper_frame.py install
  • DARWIN – /usr/bin/python /opt/opsramp/agent/lib/mac_frame.py install

After running the patch install job, the agent checks for the KBIDs that requires a reboot.