Managing Windows Patches via Patch Metadata

Version 1

    One of the common challenges that I see with Windows Patching in BladeLogic (since 8.0) is that there is currently no easy way to manage which bulletins have been "approved" for distribution, which are obsolete etc.  One way to do this is to create a property on the "Windows Bulletin" in the property object dictionary called something like 'PATCH_bulletin_approval'.  This can then receive a string (e.g. New (the default), QA, Approved, Rejected, etc.) which can then be used within a catalog to generate a Smart Group.


    Using this approach, all new bulletins will drop into my "New" smart group, from where they can either be pushed to QA or rejected.  Once tested via the QA smart group, they can then be moved to status 'Approved' ready for patching the production estate.


    This approach works really well, until you have to recreate the catalog for any reason, at which point you lose all of your metadata that was added via the properties!


    To get around this, I wrote a collection of Jython scripts!


    The first (BuildDepotClassXML.nsh) is used to generate an XML of all available Depot Classes in your current BladeLogic environment.  You should only need to run this script once, then just leave the XML file that it generates until you next upgrade BladeLogic.  Note that this is a Jython script wrapped within an NSH header to make it easy to run.  You'll still need BLJython to be installed and configured, though!


    The next file backs up all of your bulleting metadata to XML, and the final script restores it, based on the Bulletin name.


    All of the scripts should be fairly easy to understand (and are extensively commented) but if you have any questions, please ask!




    God bless,