USN-4221 - Ubuntu 16.04 errors out


I’m trying to apply patches onto 16.04 systems, its a little challenging due to the fact that i have to play whack a mole with the USN fixlets as they will randomly start showing

Is this a bigfix fixlet issue or a machine issue?

So it seems to be a syntax issue, image

Is there a possibility for a quick Ubuntu patches 16.04 review?

This is more than likely a configuration issue in your deployment, the error code can be misleading in this case. There are a limited number of error codes that the client can send to the server, and pre-execution download plugins just send a code that ‘there was a failure before execution started’ that the Console interprets as a syntax error.

TL;DR - Check the /varo/opt/BESClient/EDRDeployData folders for error messages. Check the Download Plugins for your distribution are configured (in the Patching Support site / Manage Download Plugins dashboard), or that your endpoint is configured for a local repo.

For background on what’s happening here, in the case of Linux patching, our Fixlet has identified that one target package (RPM / DEB) needs to be updated. But the Fixlet doesn’t know every dependency for the package, which can vary from one endpoint to another. So we have a process known as “Endpoint Dependency Resolution”, where rpm/yum/dpkg commands are executed on the endpoint itself. These commands produce the list of dependencies for the package so those can also be downloaded from the server.

We’re using the client’s “Execute Prefetch Plugin” functionality to run this dependency resolution before the Action is actually available to start “executing” - this EDR portion happens during what would normally be the file precaching phase. If you set an action to start tomorrow at noon, the EDR process would actually run now, figure out the package dependencies, and then prefetch all the dependent packages so that at noon tomorrow, when the action is allowed to “start” and actually installs the packages, everything needed has already been downloaded on the client.

From the screenshot you posted, there was an error of some kind during the prefetch / EDR phase. The EDR scripts produce their own separate log files that you’ll need to check on the endpoint. Some common errors are that, by default, the client only allows 10 seconds for a prefetch plug-in command to execute, and that’s not long enough to perform the EDR task. There are tasks in each of the Linux patching sites to configure a longer timeout, you’d need to set those (usually to several minutes) and restart the client to allow prefetch plug-ins to execute again.

Other common problems include the Download Plug-Ins not configured on the server (so the server is not maintaining a copy of the RPM/DEB repos), or the Server is blocked from downloads to update the repo.

In any case, you may wish to open a support incident to track down the source of the problem, as there are several moving parts and different log files to check, between the BESClient log, EDRDeployData logs, as well as the download plugin logs on the server.

1 Like