RHEL Patching Discussion

Manish · November 22, 2019, 1:45pm

Hello All,

I have configured RHSM Plugin and Patching is working perfectly.
I wanted to understand if I only add below patches in baseline, will it patch the endpoints successfully or it has some set of pre-requites.

RHEL 7

|Fixlet ID| |Task|

|200| Delete RHEL 7 Package List File for Multiple-Package Baseline Installation|
|300| TROUBLESHOOTING: RHEL 7 Patching Deployment Logs - Cleanup|
|301| Import RPM-GPG-KEY-redhat-release - RHEL 7|
|201| Enable the Multiple-Package Baseline Installation feature - RHEL 7|
|101| Multiple-Package Baseline Installation - RHEL 7 - x86_64 - Server|

RHEL 6

|Fixlet ID| |Task|

|200| Delete RHEL 6 Package List File for Multiple-Package Baseline Installation|
|300| TROUBLESHOOTING: RHEL 6 Patching Deployment Logs - Cleanup|
|301| Import RPM-GPG-KEY-redhat-release - RHEL 6|
|201| Enable the Multiple-Package Baseline Installation feature - RHEL 6|
|121| Multiple-Package Baseline Installation - RHEL 6 - x86_64 - Server|

Please suggest!!

Regards,
Manish Singh

MattMangan · November 22, 2019, 2:40pm

The only thing missing from the baseline are the actual patch Fixlets. These would be placed after TaskID: 201 and before the last item in the baseline (TaskID:101 and TaskID: 121) respectively.

-Matt

Manish · November 27, 2019, 1:22pm

Hi @MattMangan

Thanks for your response, Please let me know your thought on below concern ,
Before patch 121 I added below fixlet
RHSA-2019:1467 - Python Security Update - Red Hat Enterprise Linux 6 (x86_64)
RHBA-2019:2470 - Subscription-Manager Bug Fix Update - Red Hat Enterprise Linux 6 (x86_64)
RHSA-2019:2473 - Kernel Security And Bug Fix Update - Red Hat Enterprise Linux 6 (x86_64) (Superseded)
RHSA-2019:2736 - Kernel Security And Bug Fix Update - Red Hat Enterprise Linux 6 (x86_64) (Superseded)
RHSA-2019:2863 - Kernel Security Update - Red Hat Enterprise Linux 6 (x86_64) (Superseded)
RHSA-2019:3755 - Sudo Security Update - Red Hat Enterprise Linux 6 (x86_64)
RHSA-2019:3836 - Kernel Security And Bug Fix Update - Red Hat Enterprise Linux 6 (x86_64) (Superseded)
RHEA-2019:3847 - Microcode_ctl Bug Fix And Enhancement Update - Red Hat Enterprise Linux 6 (x86_64)
RHBA-2019:3856 - Udev Bug Fix Update - Red Hat Enterprise Linux 6 (x86_64)
RHBA-2019:3857 - Sos Bug Fix Update - Red Hat Enterprise Linux 6 (x86_64)
RHBA-2019:3858 - Samba Bug Fix Update - Red Hat Enterprise Linux 6 (x86_64)
RHSA-2019:3878 - Kernel Security Update - Red Hat Enterprise Linux 6 (x86_64)

So, Patch Enable the Multiple-Package Baseline Installation feature - RHEL 6 enable single yum call through which patch will be deployed which we have added in Baseline

Last patch Multiple-Package Baseline Installation - RHEL 6 - x86_64 - Server install the patches whose information is present in MultiPkgInstall.txt file, located in the /var/opt/BESClient/EDRDeployData.

MultiplePkgInstall.txt contains the list of patches which we have added after Fixlet Id 201 and before 121 ?

Please correct me if my understanding is incorrect or I am missing out anything ?

Also if we use the above method, RHEL patching would complete in 20 -30 minutes ?

Regards,
Manish Singh