Patching method
BigFix offers more flexibility to the patch management solution by using native tools.
BigFix provides several different methods to manage patches for SUSE Linux Enterprise.
Patching by using the Endpoint Dependency Resolution (EDR) method
Endpoint dependency resolution (EDR) is an approach to UNIX patching where dependencies for bulletins are calculated dynamically during an action run time. Packages are patched regardless of which packages are already installed on the endpoints.
The Patches for SLE11 System Z site uses the EDR method.
The EDR method uses a dependency resolution tool that requires the system to be compliant before it can do calculations. It requires dependencies of all of the installed packages on the system to be satisfied.
If these dependencies are not satisfied, the deployment fails and logs the error output of the
EDR Plug-in in the EDR_DeploymentResults.txt file, which is located in the
directory <client folder>\EDRDeployData\. Some dependency
requirements cannot be determined by Fixlet relevance. In some cases, multiple levels of
dependencies or conflicting third-party packages can prevent the installation of a Fixlet content.
It is therefore recommended to minimize the number of third-party packages installed on the system.
For more information about dependency issues, see Troubleshooting.
With this approach, you can deploy preference lists to endpoints from the Preference Lists Dashboard in the Linux RPM Patching site. For more information about preference lists, see Manage Preference Lists.
When dependencies are resolved on the endpoints, there might be multiple valid sets of dependencies that satisfy the requirements of the targets. Preference lists help to decide which requirements to satisfy in these situations. For more information about the dashboard, see Using the Preference Lists Dashboard.
The Fixlets for all SUSE content use zypper, the default package manager for SUSE Linux Enterprise. Zypper gives you more flexibility in terms of patch deployment and in providing results that are suitable for SUSE Linux Enterprise solutions. It uses a command-line interface and simplifies the process of installing, uninstalling, updating, and querying software packages. It is based on ZYpp, also known as libzypp. For more information about Zypper, see the documentation at http://www.suse.com or see the Novell Support website at https://www.novell.com/support/.
Zypper reduces dependency issues, improves performance, and is more reliable in terms of installing security patches. This method also allows you to use custom repositories for patching. For more information about custom repository support, see Custom repositories management.
- Patches for SLE 15
- Patches for SLE 15 on System z
- Patches for SLE 15 PPC64LE
- Patches for SLE 12 Native Tools
- Patches for SLE 12 on System z
- Patches for SLE 12 PPC64LE
- Patches for SLE 11 Native Tools
- Patches for SLE 11 on System z Native Tools
- Zypper utility configuration settings
-
The native tools sites use all the settings in /etc/zypp/zypp.conf.
The following Zypper configuration settings are set to values that come from another file, which is dynamically created during Fixlet execution:cachedirconfigdirmetadatadirpackagesdirreposdirrepo.add.proberepo.refresh.delaysolvfilesdir
- Identifying file relevance with Native tools content
-
The native tools captures file relevance in the same way as EDR. Both methods check for the relevance clause
exist lower version of a package, but not exist higher version of it. If both tools are applied to the same deployment, the relevance results are the same.
Patching method matrix
| Patching method | Applicable sites | Applicable features |
|---|---|---|
| Endpoint Dependency Resolution (EDR) |
|
|
| Native tools (Zypper) |
|
|