Configuring Patch SchedulesDescribes the steps to add and schedule a patch.Leave FeedbackIntroductionPatching the resources consistently ensures complete protection against any security threat. Configuring the patch schedule allows the administrator to decide when to apply the patch updates.NoteYou can schedule patch configurations on a periodic or on-demand basis.Adding and scheduling patchesTo add a patch configuration:From All Clients, select a client.Go to Automation > Patch Management > Patch Configuration and click Add.From Add Patch Configuration, provide the following:Select ClientPatch Configuration Name: Refers to the name for the patch ready for installation.Description: Refers to the patch details.Apply To: Refers to applying the patch to desktops or servers.Resource Groups: Refers to applying patches to Windows and Linux devices in the resource groups.After providing the basic details, navigate to the Assign Devices section.From Assign Devices, select the devices from the Available Devices section.The selected devices appear in the Assigned Devices section.After selecting the devices, navigate to Approval Type.From Approval Type, select one of the following options:Manual ApproveAuto ApproveAfter selecting Approval Type, navigate to Reboot Options.From Reboot Options, select one of the following options:Do not rebootReboot after install if requiredAfter selecting the reboot options, navigate to the Patching Schedule section.From Patching Schedule, provide the following parameter:Select Time ZoneNote: The patching process runs according to the selected time zone. For existing patch configurations, Resource Time Zone is automatically assigned.Start DateRecurrence Pattern: Select the pattern to run the patching process. For example, Run On Demand, Patch Tuesday.Note: For Windows, select Patch Tuesday to schedule the patch installation process. This selection helps to align with Microsoft’s Patch Tuesday every month.Enable patching during shutdown/reboot: Select to enable automatic patching when the device is in shutdown or reboot mode.Enable maintenance: Select to enable maintenance period.Note: After enabling the maintenance period, select the desired duration.Add Users: To add users, perform the following:Click +Add Users.From the Users screen, select the desired users.Click Add Users.The selected users receive an email notification after completing the patch configuration job.Click Finish.NotesThe patch configuration is displayed in the configured list and click Run Now to install the approved patches as per requirement.The approved patches are installed only when a patch configuration is added.Patches are downloaded directly to individual desktops and servers. The administrators can install Patches using Agent for Windows. The administrator might experience above normal bandwidth usage during the weekend patch maintenance period.Internal patch configuration processAfter the patch configuration job begins, the agent executes the following:NoteThis process is shown for Linux resources.Step 1: Agent receives control MSG xml (as seen in debug logs)<cm><id>MISSING_PATCH_DL_IN</id><reqid>2018-06-25 06:49:14</reqid><params>2</params></cm> Step 2: Agent sends response<cm><id>RES_MISSING_PATCH_DL_IN</id><response><![CDATA[<winadviceinfo><result params=”2″>success</result><reqid>2018-06-25 06:49:14</reqid></winadviceinfo>]]></response></cm> Step 3: Agent receives control MSG xml<cm><id>MISSING_PATCH_DL_IN_LIST</id><reqid>0</reqid><params><ps><p><name>fcoe-utils-1.0.28-6.el6.x86_64 — “”</name><name>curl-7.19.7-53.el6_9.x86_64 — “”</name><name>libtiff-3.9.4-21.el6_8.x86_64 — “”</name><name>efibootmgr-0.5.4-15.el6.x86_64 — “”</name><name>grep-2.20-6.el6.x86_64 — “”</name></p><list>0</list></ps></params></cm> The agent saves the kbid in path location /opt/opsramp/agent/tmp/approved_pkgs.json file.Step 4: Agent runs patch install jobThe following commands are used (depending on the OS) to generate a patch_install_result.json file in path location /opt/opsramp/agent/tmp/patch_install_result.json:Ubuntu – /usr/bin/python /opt/opsramp/agent/lib/apt_frame.py installCentOS, Fedora – /usr/bin/python /opt/opsramp/agent/lib/yum_frame.py installSUSE - /usr/bin/python /opt/opsramp/agent/lib/zypper_frame.py installDARWIN – /usr/bin/python /opt/opsramp/agent/lib/mac_frame.py installAfter running the patch install job, the agent checks for the KBIDs that requires a reboot.