Precaching Linux patches for offline demo


Is there any way you can pre-cache for instance patch 18100839 “Unspecified - Firefox - Ubuntu 16.04 (amd64)” in the Bigfix server so you can later deploy it without the Bigfix server being online?

The reason I am asking is that I am giving a demo on Linux patch mgmt, and I wish to use my VMware lab environment (all Bigfix infrastrucure in VMware Workstation) and not depend on having the Bigfix server online.

I have tried using both the BESDownloadCacher and the File Pre-Cache Wizard, but to no avail: The Bigfix server still needs to download or verify content online.

Linux patch sites create a list of files to download dynamically due to dependency resolution, meaning we first calculate dependencies for a package on the endpoint and come up with a list of packages to download. Each endpoint might have a different list due to the way the endpoint is setup.

The only way you can really do it “offline” is to host your own custom repo with all the files on it. Alternative is to run a few endpoints on the same Fixlet just to build a small cache. Each Fixlet has a “test” action that will test to see if it can install, but doesn’t actually install. You can use this action to build the cache without installing, but you will need to be online first for it to work.

Also, the BESDownloadCacher and File Pre-Cache Wizard only works on Fixlets that have a direct file download URL listed in the actionscript. As mentioned previously, Linux patch sites create the download list dynamically, so it won’t have that URL, meaning those tools won’t work.

1 Like

Hi zevanty, and thank you for a quick reply!

Pre-populating the cache by having a virtual Windows machine install a required patch, then roll back the v.m. snapshot and run the Windows patch process again works great.

I therefore thought I would be able to do the same thing when demoing Linux patch mgmt, but the Bigfix server apparently must access Ubuntu sources, even though the v.m. of course needs the exact same content after rolling back the snapshot.

I was wondering if the Bigfix server need internet access to verify the SHA1 values of the content, or something like that. Anyway, I just cannot get this to work!

The Ubuntu endpoint will tell the BigFix server what files need to be downloaded and where to download. Therefore, BigFix Server will be the one who goes and grabs the files. So yes, it will need internet access.

Yes, I understand, but I have had the impression the ‘air gap’ tools would allow a Bigfix server to operate without being connected to the internet, and still be able to patch endpoints. It seems like this is not the case for Linux patching(?).

It works for Red Hat, there is a standalone “RHSMDownloadCacher” that can build a local repository, then on the BES Root Server we have to configure the RHSM Download Plugin to use the local repository. This is done via a manual edit to the RHSM Download Plugin on the root server.

I’ve not patched Ubuntu endpoints so I don’t know whether there is a similar Ubuntu plugin.

Checking the Bigfix Utilities page, I don’t see a download cacher for Ubuntu :frowning:

Yes, but most Linux sites have their own tools, such as RHSMDownloadCacher as mentioned by JasonWalker. For Ubuntu, such a tool does not exist. You’ll need to file a RFE and a manager will prioritize it.

Thank you both for clearing this up for me!

I am giving a demo tomorrow for a prospective customer with a few hundred Ubuntu servers, and ‘air gap’ may not be an issue. Anyway, I am now prepared and I have good answers should the subject come up! :slight_smile: