Need assistance on Red hat Patching

Usage and Config Patch
1

Hello Team,

I am new to Red Hat patching setup via Bigfix , and I need guidance on how Red Hat patching is handled through BigFix in our environment.

Initially, I requested access to the Red Hat Subscription Management (RHSM) portal to review patching and subscription details. However, I was informed by the existing admin team that:

  • The organization does not plan to renew Red Hat subscriptions

  • Red Hat patching is expected to be managed via BigFix

Based on this, I need clarification on the following:

  1. How does BigFix manage Red Hat OS patching when there is no active Red Hat subscription?

  2. What patching methods are supported in this scenario (e.g., cached repositories, custom repositories, disconnected mode, etc.)?

  3. Are there any limitations or compliance considerations we should be aware of when patching Red Hat systems without an active subscription?

  4. Are there any recommended configurations, prerequisites, or documentation specific to this setup?

This information will help me understand the supported approach and ensure patching is done correctly and in line with best practices.

Regards,

Bharat

2

Welcome to the forums @bharat.c

You must have an entitlement certificate to be able to patch RH with BigFix.

Go to the RHSM portal, create a "system" (We called it BigFix) and then configure your entitlements, and then download the entitle and system certificates. They can be together in one file or separate certificates.

You have to have the Red hat plugin installed as well.

Put your certs in the certs folder of the RHSMProtocol folder.

image
image652×256 35.4 KB

From an elevated command prompt, you can set access and verify BigFix has access to the RH Repos with this command.

.\RHSMPlugin.exe --check-baserepos

image

Your log output may be long so you may want to save the output, use a redirect like this...

.\RHSMPlugin.exe --check-baserepos >>Output.log

Run the command and you can see if you have access to the REPOs.

image
image963×273 141 KB

You may need to check the log you saved in order to determine the reason a REPO is not accessible.

You can also configure which REPOS to check in the plugin folder, in the "allowrepors.cfg" file.

3 Likes
3

Welcome to the forum!

I just wanted to echo what @D.Dean has stated so you hear it directly from an HCL person.

Using BigFix to deploy your Red Hat patches, does require an active Red Hat subscription. You must carry entitlements equal to the number of Red Hat systems on which you are applying Red Hat patches, regardless of whether you use BigFix, Satellite, RHSM, or custom repositories. It's not about how you install the packages, it's about whether you're entitled to use the packages at all.

4

Thanks @D.Dean and @JasonWalker for this information, We are using satellite server and I dont see option to add Bigfix server on RHSM portal, rather I need to add Menifest. also when I tried to add existing satellite server via RHEL Custom Repository Management. It is saying unspecified and I am unable to add repository, any leads what should I do?

5

If you have an on-site Satellite you will not use the RHSM Download Plugin, you will instead add a client setting to the agent running on each Red Hat computer, to tell it to use the Satellite as a custom repository provider. You will register your Red Hat computers directly with Satellite as you would normally do without BigFix

The client setting and value would be "_BESClient_RHEL_AllowYumDownloads" = “1”

3 Likes