Documentation is now available for the Fall 2020 Update release!

Configuring Patch Schedules

Describes the steps to add and schedule a patch.

Leave Feedback

Introduction

Patching the resources consistently ensures complete protection against any security threat. Configuring the patch schedule allows the administrator to decide when to apply the patch updates.

Adding and scheduling patches

To add a patch configuration:

  1. From All Clients, select a client.
  2. Go to Automation > Patch Management > Patch Configuration and click Add.
  3. From Add Patch Configuration, provide the following:
    • Select Client
    • Patch Configuration Name: Refers to the name for the patch ready for installation.
    • Description: Refers to the patch details.
    • Apply To: Refers to applying the patch to desktops or servers.
    • Resource Groups: Refers to applying patches to Windows and Linux devices in the resource groups.
  4. After providing the basic details, navigate to the Assign Devices section.
  5. From Assign Devices, select the devices from the Available Devices section.
    The selected devices appear in the Assigned Devices section.
  6. After selecting the devices, navigate to Approval Type.
  7. From Approval Type, select one of the following options:
    • Manual Approve
    • Auto Approve
  8. After selecting Approval Type, navigate to Reboot Options.
  9. From Reboot Options, select one of the following options:
    • Do not reboot
    • Reboot after install if required
  10. After selecting the reboot options, navigate to the Patching Schedule section.
  11. From Patching Schedule, provide the following parameter:
    • Select Time Zone
      Note: The patching process runs according to the selected time zone. For existing patch configurations, Resource Time Zone is automatically assigned.
    • Start Date
    • Recurrence Pattern: Select the pattern to run the patching process. For example, Run On Demand, Patch Tuesday.
      Note: For Windows, select Patch Tuesday to schedule the patch installation process. This selection helps to align with Microsoft’s Patch Tuesday every month.
    • Enable patching during shutdown/reboot: Select to enable automatic patching when the device is in shutdown or reboot mode.
    • Enable maintenance: Select to enable maintenance period.
      Note: After enabling the maintenance period, select the desired duration.
    • Add Users: To add users, perform the following:
      1. Click +Add Users.
      2. From the Users screen, select the desired users.
      3. Click Add Users.
        The selected users receive an email notification after completing the patch configuration job.
  12. Click Finish.

Internal patch configuration process

After the patch configuration job begins, the agent executes the following:

Step 1: Agent receives control MSG xml (as seen in debug logs)

<cm><id>MISSING_PATCH_DL_IN</id><reqid>2018-06-25 06:49:14</reqid><params>2</params></cm>

Step 2: Agent sends response

<cm><id>RES_MISSING_PATCH_DL_IN</id><response><![CDATA[<winadviceinfo><result params=”2″>success</result><reqid>2018-06-25 06:49:14</reqid></winadviceinfo>]]></response></cm>

Step 3: Agent receives control MSG xml

<cm><id>MISSING_PATCH_DL_IN_LIST</id><reqid>0</reqid><params><ps><p><name>fcoe-utils-1.0.28-6.el6.x86_64 — “”</name><name>curl-7.19.7-53.el6_9.x86_64 — “”</name><name>libtiff-3.9.4-21.el6_8.x86_64 — “”</name><name>efibootmgr-0.5.4-15.el6.x86_64 — “”</name><name>grep-2.20-6.el6.x86_64 — “”</name></p><list>0</list></ps></params></cm>

The agent saves the kbid in path location /opt/opsramp/agent/tmp/approved_pkgs.json file.

Step 4: Agent runs patch install job

The following commands are used (depending on the OS) to generate a patch_install_result.json file in path location /opt/opsramp/agent/tmp/patch_install_result.json:

  • Ubuntu – /usr/bin/python /opt/opsramp/agent/lib/apt_frame.py install
  • CentOS, Fedora – /usr/bin/python /opt/opsramp/agent/lib/yum_frame.py install
  • SUSE - /usr/bin/python /opt/opsramp/agent/lib/zypper_frame.py install
  • DARWIN – /usr/bin/python /opt/opsramp/agent/lib/mac_frame.py install

After running the patch install job, the agent checks for the KBIDs that requires a reboot.