Configuring Patch SchedulesDescribes the steps to add and schedule a patch.Leave FeedbackIntroductionPatching consistently ensures complete protection against any security threat for your resources. Configuring the patch schedule allows you to decide when to apply the patch updates.NotePatch configuration can be scheduled on a periodic or on-demand basis.Adding and scheduling patchesTo add a patch configuration:From All Clients, select a client.Go to Automation > Patch Management > Patch Configuration and click Add.From Add Patch Configuration, provide the following:Select ClientPatch Configuration Name: Refers to the name for the patch ready for installation.Description: Refers to the details of the patch.Apply To: Refers to applying the patch to Desktops or Servers.Resource Groups: Refers to applying patches to Windows and Linux devices in the resource groups.After providing the basic details, navigate to Assign Devices section.From Assign Devices, select the devices from the Available Devices section.The selected devices appear in the Assigned Devices section.After selecting the devices, navigate to Approval Type.From Approval Type, select one of the following options:Manual ApproveAuto ApproveAfter selecting Approval Type, navigate to Reboot Options.From Reboot Options, select one of the following options:Do not rebootReboot after install if requiredAfter selecting the reboot options, navigate to Patching Schedule section.From Patching Schedule, provide details for the following parameters:Start DateRecurrence PatternSelect the check-box to select the following parameters:Enable patching during shutdown/rebootEnable maintenanceClick Add Users. The selected users receive an email notification after completing the patch configuration job.Click Finish.NotesThe patch configuration is displayed in the configured list and click Run Now to install the approved patches as per requirement.The approved patches are installed only when a patch configuration is added.Patches are downloaded directly to individual desktops and servers. You can install Patches using Agent for Windows. You may experience above normal bandwidth usage during the weekend patch maintenance period.Internal patch configuration processAfter the patch configuration job begins, the agent executes the following:NoteThis process is shown for Linux resources.Step 1: Agent receives control MSG xml (as seen in debug logs)<cm><id>MISSING_PATCH_DL_IN</id><reqid>2018-06-25 06:49:14</reqid><params>2</params></cm> Step 2: Agent sends response<cm><id>RES_MISSING_PATCH_DL_IN</id><response><![CDATA[<winadviceinfo><result params=”2″>success</result><reqid>2018-06-25 06:49:14</reqid></winadviceinfo>]]></response></cm> Step 3: Agent receives control MSG xml<cm><id>MISSING_PATCH_DL_IN_LIST</id><reqid>0</reqid><params><ps><p><name>fcoe-utils-1.0.28-6.el6.x86_64 — “”</name><name>curl-7.19.7-53.el6_9.x86_64 — “”</name><name>libtiff-3.9.4-21.el6_8.x86_64 — “”</name><name>efibootmgr-0.5.4-15.el6.x86_64 — “”</name><name>grep-2.20-6.el6.x86_64 — “”</name></p><list>0</list></ps></params></cm> The agent saves the kbid in path location /opt/opsramp/agent/tmp/approved_pkgs.json file.Step 4: Agent runs patch install jobThe following commands are used (depending on the OS) to generate a patch_install_result.json file in path location /opt/opsramp/agent/tmp/patch_install_result.json:Ubuntu – /usr/bin/python /opt/opsramp/agent/lib/apt_frame.py installCentOS, Fedora – /usr/bin/python /opt/opsramp/agent/lib/yum_frame.py installSUSE - /usr/bin/python /opt/opsramp/agent/lib/zypper_frame.py installDARWIN – /usr/bin/python /opt/opsramp/agent/lib/mac_frame.py installAfter running the patch install job, the agent checks for the KBIDs that requires a reboot.