Patching using Fixlets

You can apply Rocky Linux patches to your deployment by using the Fixlets that are available from the Rocky Linux Fixlet sites.

Before you begin

  • Subscribe to the appropriate Fixlet sites.
  • Activate the necessary analyses from the Patching Support site or Fixlet sites, such as the Endpoint Dependency Resolution - Deployment Results analysis to view the patch deployment results.
  • Install and enable GPG keys on the endpoints. You can use the Import RPM-GPG-KEY-Rocky Linux-release task to import the necessary keys.
  • Set the appropriate configuration for the client /var directory.
    • If the /var directory is set to noexec option, specify a different directory to run the executable for patching. Otherwise, patching will fail. You can run the Set the path for _BESClient_LinuxPatch_executable_directory Fixlet and specify the alternative directory name.
    • If the /var directory has limited disk space, provide a directory with more space to cache the patch metadata. You can run the Set the path for _BESClient_LinuxPatch_metadata_directory Fixlet and specify the alternative directory name.
    Note: The specified directory path for both the _BESClient_LinuxPatch_executable_directory and _BESClient_LinuxPatch_metadata_directory settings must be a valid, absolute path name. It can contain only alphanumeric characters, forward slashes, and underscores.
  • If you are not using repositories, register the appropriate Rocky Linux download plug-in. For more information about download plug-ins, see Using the download plug-in.

About this task

When running a Rocky Linux patch Fixlet®, you can also deploy a test run before applying the patch. You can view the Deployment Results analysis to determine if the dependencies have been successfully resolved and if an installation will be successful.

Note: When using the test run feature, the action reports back as Fixed, even if the test fails.

Kernel Fixlets provide the option to upgrade or install all kernel packages. The upgrade option replaces existing kernel packages with later versions. The install option installs the later kernel packages next to the previous versions. The default behavior for kernel updates is to install packages side by side. Additionally, each kernel update Fixlet® provides the ability to test each of these options.

Procedure

  1. From the Patch Management domain, click OS Vendors > Rocky Linux, and navigate to the patch content using the domain nodes.
    Figure 1. Patch Management navigation tree

    Patch Management navigation tree
  2. In the content that is displayed in the list panel, select the Fixlet that you want to deploy. The Fixlet opens in the work area.
  3. Click the tabs at the top of the window to review details about the Fixlet.
  4. Click Take Action to deploy the Fixlet.
    Note: If you are using a repository to be the package source, run the Enable custom repository support - RockyLinux task before taking any of the Fixlet action. The task configures the actions to use YUM to perform the necessary downloads from the configured repositories on the endpoints. When the custom repository support is enabled, the Fixlets stop downloading the metadata and packages through the Bigfix infrastructure and let YUM download the necessary files.

    You can also click the appropriate link in the Actions box:

    • You can start the deployment process.
    • You can deploy a test run prior to applying the patch. View the Endpoint Dependency Resolution - Deployment Results analysis to determine if the dependencies have been successfully resolved and if an installation is successful.
    • You can view the Red Hat bulletin for a particular Fixlet, select the Click here to view the patch page action to view the patch page.
  5. You can set more parameters in the Take Action dialog.

    For detailed information about setting parameters with the Take Action dialog, see the BigFix Console Operator's Guide.

  6. Click OK.