Patching using Fixlets

You can apply CentOS Linux patches to your deployment by using the Fixlets that are available from the CentOS Fixlet sites.

Before you begin

  • Subscribe to the appropriate Fixlet sites.
  • Activate the necessary analyses from the Patching Support site or Fixlet sites, such as the Endpoint Dependency Resolution - Deployment Results analysis to view the patch deployment results.
  • Install and enable GPG keys on the endpoints. You can use the Import RPM-GPG-KEY-centos-release task to import the necessary keys.
  • Set the appropriate configuration for the client /var directory.
    • If the /var directory is set to noexec option, specify a different directory to run the executable for patching. Otherwise, patching will fail. You can run the Set the path for _BESClient_LinuxPatch_executable_directory Fixlet and specify the alternative directory name.
    • If the /var directory has limited disk space, provide a directory with more space to cache the patch metadata. You can run the Set the path for _BESClient_LinuxPatch_metadata_directory Fixlet and specify the alternative directory name.
    Note: The specified directory path for both the _BESClient_LinuxPatch_executable_directory and _BESClient_LinuxPatch_metadata_directory settings must be a valid, absolute path name. It can contain only alphanumeric characters, forward slashes, and underscores.
  • If you are using the native tools site for CentOS 7 to patch your systems, run the Install bzip2 (ID #1) Fixlet to identify which systems require the installation of the bzip2 utility. Then, download the installation package from the vendor website and use the RPM Deployment Wizard to deploy the package to various endpoints.
    Note: The bzip2 utility may not be included in the CentOS 7 base installation, therefore manual installation of this compression utility is required.
  • If you are using repositories, register the endpoints to the repository that contains the patches. You can use YUM or the CentOS Custom Repository Management dashboard to add a repository as a package source. For more information about the dashboard, see CentOS Custom Repository Management.
  • If you are not using repositories, register the appropriate CentOS download plug-in. For more information about download plug-ins, see Using the download plug-in.

About this task

When running a CentOS Linux patch Fixlet®, you can also deploy a test run before applying the patch. You can view the Deployment Results analysis to determine if the dependencies have been successfully resolved and if an installation will be successful.

Note: When using the test run feature, the action reports back as Fixed, even if the test fails.

Kernel Fixlets provide the option to upgrade or install all kernel packages. The upgrade option replaces existing kernel packages with later versions. The install option installs the later kernel packages next to the previous versions. The default behavior for kernel updates is to install packages side by side. Additionally, each kernel update Fixlet® provides the ability to test each of these options.

Procedure

  1. From the Patch Management domain, click OS Vendors > CentOS, and navigate to the patch content using the domain nodes.
    Figure 1. Patch Management navigation tree

    Patch Management navigation tree
  2. In the content that is displayed in the list panel, select the Fixlet that you want to deploy. The Fixlet opens in the work area.
  3. Click the tabs at the top of the window to review details about the Fixlet.
  4. Click Take Action to deploy the Fixlet.
    Note: If you are using a repository to be the package source, run the Enable custom repository support - CentOS task before taking any of the Fixlet action. The task configures the actions to use YUM to perform the necessary downloads from the configured repositories on the endpoints. When the custom repository support is enabled, the Fixlets stop downloading the metadata and packages through the Bigfix infrastructure and let YUM download the necessary files.

    You can also click the appropriate link in the Actions box:

    • You can start the deployment process.
    • You can deploy a test run prior to applying the patch. View the Endpoint Dependency Resolution - Deployment Results analysis to determine if the dependencies have been successfully resolved and if an installation is successful.
    • You can view the Red Hat bulletin for a particular Fixlet, select the Click here to view the patch page action to view the patch page.
  5. You can set more parameters in the Take Action dialog.

    For detailed information about setting parameters with the Take Action dialog, see the BigFix Console Operator's Guide.

  6. Click OK.