If you use jython you can probably create a java set of patch ids and server ids, i don’t think you can do that w/ the blcli – i’ll see if i can find out how the portal calls it though.
Why not try exclude list of qnumbers than going by your way?
blcli PatchingJob addQNumbersToExcludeListForDevices QNUMBER DEVICE_NAME
even the below can also help you in only including specifc patches during patch analysis and then deploy with remediation job.
JOB_KEY=`blcli PatchingJob createWindowsPatchingJobWithTargetGroup nocPAJob $JOB_GROUP $TARGET_GROUP $CATALOG_NAME
//localhost/c/include.lst //localhost/c/exclude.lst true false false false
if process can be changed this way then it might be helpful .
Both of your suggestions are good and we already use some of this as standard and I have been looking at the
However the scenario we are trying to cater for is patch analyse server(s) raise a change, apply approved patches, don't apply non approved.
The include/exclude and the add exclusion to servers both require another analysis job to be run
Hey @mike jones
understood your point, but still the way i would suggest
1. Get the patch list from security
2. Add part of the patching job with servers
3. send back the patch result
4. once approved in remedy patch the servers
because this would be a standard process, but the suggestion would be more dynamic and not sure we can cater to that.
might be others who can help you on this
but anyways please share if you get anything like that on the same
being able to analyze for everything and then only deploy the missing ones would make sense.
if you are still using that crazy script i wrote, you could modify that to read a list of accepted patches and then only make the deploy jobs (one per server per patch) for those
I did send your script to the people that made the request for this functionality and suggested similar. I was also looking to see if there was a bully command to create a BLPackage then add the patches required as softlinked items into one package.
But if we did that we would effectively be re-coding something similar to the built-in remediation functionality and as the select certain patches from the results of an analysis job, then deploy is now available in the GUI I was hoping it would be scriptable