-
1. Re: NSH Automate Windows Patching with Scheduled remediation
Bill RobinsonJun 1, 2016 5:31 PM (in response to Steve Abercrombie)
1 of 1 people found this helpfulThe attached will do some of that. it updates a dummy bldeploy job w/ the deploy times and then applies that 'template' to the remediation options and then schedules the patching job to run.
-
2. Re: NSH Automate Windows Patching with Scheduled remediation
Steve Abercrombie Jun 2, 2016 12:04 PM (in response to Bill Robinson)Bill,
I found out another way to do this but it was kind of ugly, it'll work but what you have provided will be a better option. Thanks for the solution! I have another question and if you want I can create a new thread. I'm wondering how you'd approach with a script running a patch remediation job that'll go through all of the steps. Then when it completes, it loops through and runs a patch analysis and checks to see if there are more patches. If there are more patches, then it runs another patch remediation job to patch again. The script would then continue this process until there are no more patches showing in the patch analysis job.
Steve
-
3. Re: NSH Automate Windows Patching with Scheduled remediation
Bill RobinsonJun 2, 2016 1:46 PM (in response to Steve Abercrombie)
can you run the deploy jobs immediately after analysis or you do you need to schedule them in the future ? you should be able to do something like run the patching job + auto-remediation, call it again - and check the results until there are no missing patches. there's a couple Unreleased blcli commands and documentation that will let you get the count of servers w/ missing patches and also one in the utility namespace to dump out the results that you could text-process for the count.
i'll see if i can work up an example.
-
4. Re: NSH Automate Windows Patching with Scheduled remediation
Steve Abercrombie Jun 6, 2016 4:49 PM (in response to Bill Robinson)Yes, I can run the deploy jobs immediately after analysis. Were you able to get an example put together?
Thanks,
Steve
-
5. Re: NSH Automate Windows Patching with Scheduled remediation
Bill RobinsonJun 16, 2016 6:44 AM (in response to Steve Abercrombie)
1 of 1 people found this helpfulsorry about the delay - something like the below should work. the patching job should already be setup for auto-remediation and the 'execute now' set in the deploy options in the patching job.
so it will run the job, generate remediation artifacts and deploy them, then check if there were servers missing patches. if there were, it re-runs the job. if no patches are missing then no remediation artifacts are generated, otherwise it keeps doing that. i put a limit on how many times that loop happens.
blcli_setjvmoption -Dcom.bladelogic.cli.execute.quietmode.enabled=true
blcli_setoption serviceProfileName defaultProfile
blcli_setoption roleName BLAdmins
blcli_connect
patchingJob="/Workspace/Patching Jobs/WindowsPatchingJob"
#dummyDeployJob="/Workspace/DummyDeploy"
runAnalysis()
{
blcli_execute PatchingJob getDBKeyByGroupAndName "${patchingJob%/*}" "${patching Job##*/}"
blcli_storeenv jobKey
blcli_execute Job executeJobAndWait ${jobKey}
blcli_storeenv jobRunKey
}
getResults()
{
missingServers=""
missingCount=0
blcli_execute JobRun jobRunKeyToJobRunId ${jobRunKey}
blcli_storeenv patchingJobRunId
blcli_execute JobRun findPatchingJobChildrenJobsByRunKey ${patchingJobRu nId}
blcli_execute JobRun getJobRunId
blcli_execute Utility setTargetObject
blcli_execute Utility listPrint
blcli_storeenv patchAnalysisJobRunIds
for jobRunId in ${patchAnalysisJobRunIds}
do
blcli_execute JobRun findById ${jobRunId}
blcli_execute JobRun getType
blcli_storeenv jobRunType
if [[ ${jobRunType} != 7033 ]]
then
blcli_execute PatchAnalysisResult findJobResultByAnalysi sJobRunId ${jobRunId}
blcli_execute JobResult getResultId
blcli_storeenv patchAnalysisJobResultId
blcli_execute PatchAnalysisResult findServersWithMissing Patches ${patchAnalysisJobResultId}
blcli_execute SDeviceHeader getName
blcli_execute Utility setTargetObject
blcli_execute Utility listPrint
blcli_storeenv missingServers
missingServers=(${missingServers})
missingCount=$((${missingCount}+${#missingServers[@]}))
fi
done
}
missingCount=1
i=0
while [[ ${missingCount} -gt 0 ]] && [[ ${i} -lt 5 ]]
do
let i+=1
runAnalysis
getResults
echo "missingPatchCount: ${missingCount}"
echo "i=${i}"
done
-
6. Re: NSH Automate Windows Patching with Scheduled remediation
Steve Abercrombie Jun 16, 2016 8:37 AM (in response to Bill Robinson)This will do the trick, thanks again!
-
7. Re: NSH Automate Windows Patching with Scheduled remediation
Steve Abercrombie Jun 21, 2016 11:00 AM (in response to Bill Robinson)Bill,
One more thing, I'm running into the problem where my PreCmd and PostCmd commands are failing due to my Antivirus software blocking them. How do I change the Deployment Path properties when I create the dummy job?
Thanks,
Steve
-
8. Re: NSH Automate Windows Patching with Scheduled remediation
Bill RobinsonJun 21, 2016 2:40 PM (in response to Steve Abercrombie)
If the dummy job doesn’t override the options for the pre- and post- script location you can just set it directly in the deploy options in the patching job
-
9. Re: NSH Automate Windows Patching with Scheduled remediation
Steve Abercrombie Jun 21, 2016 3:20 PM (in response to Bill Robinson)How would I do this in blcli?
-
10. Re: NSH Automate Windows Patching with Scheduled remediation
Bill RobinsonJun 21, 2016 3:24 PM (in response to Steve Abercrombie)
I don’t believe you can set those options in the blcli. once they are set in the gui they should stay set. i thought all you were doing is running the analysis/auto-remediation, re-running analysis and looking for when there are no missing patches ?
-
11. Re: NSH Automate Windows Patching with Scheduled remediation
Steve Abercrombie Jun 22, 2016 9:28 AM (in response to Bill Robinson)I'm wanting to remove the interactive aspect to the process so I can rely on the job that I've created to create it properly with all of the parameters that I need set. It would be nice to be able to set that Deployment path so I don't have to add another component to the job to handle the Pre and Post scripts.
-
12. Re: NSH Automate Windows Patching with Scheduled remediation
Bill RobinsonJun 22, 2016 11:42 AM (in response to Steve Abercrombie)
yeah - the issue is that not all of the options are inherited from the dummy and you can't edit all the options in the template deploy job inside the patching job.
so what settings do you need to have set in the generated deploy? just 'execute now' and the pre- post- path ? any others ?
-
13. Re: NSH Automate Windows Patching with Scheduled remediation
Steve Abercrombie Jun 22, 2016 3:41 PM (in response to Bill Robinson)Nothing else, these should work.
-
14. Re: NSH Automate Windows Patching with Scheduled remediation
Bill RobinsonJul 6, 2016 3:23 PM (in response to Steve Abercrombie)
changing the pre/post install command will increment the dbkey of the template deploy. there's no way to update the remediation job and patching job w/ the new association. similar thing w/ the execute now.