1 2 Previous Next 29 Replies Latest reply on May 7, 2015 12:58 PM by Yanick Girouard

    Red hat patch analysis not recognizing exclusions

    Todd Schaal

      In my redhat patch catalog I created a smart group called  kernel with the filter:

       

        Any RPM Where ??NAME?? starts with kernel

       

      The smart group shows all the kernel rpms, as I would expect..

       

      I then created a patch analysis job and excluded the kernel smart group.  When I run it against my servers, the kernel patches show as missing, when I would expect them to not be included.

        • 1. Re: Red hat patch analysis not recognizing exclusions
          Bill Robinson

          can you show the screenshots of the job options w/ the exclude list ?  and run the job in debug mode and get the files that generates.

          • 2. Re: Red hat patch analysis not recognizing exclusions
            Todd Schaal

            Here are the options:

             

            Here is that smart group:

             

            For debug logs are you looking for the yum.log?

            • 3. Re: Red hat patch analysis not recognizing exclusions
              Bill Robinson

              yep - there's some other yum output as well that is captured.  that should show if it's using an exclude list or not.  also what version of blade ?

              • 4. Re: Red hat patch analysis not recognizing exclusions
                Todd Schaal

                Not getting anything in /var/log/yum.log?  would an analysis generate any logs?  I tried turning the debug level up to 10 in the analysis job.  We are running 8.5.01.301

                • 5. Re: Red hat patch analysis not recognizing exclusions
                  Bill Robinson

                  On the job set the ‘debug_mode_enabled’ property to true

                  Run the job

                  On the appserver that ran the wit for the job under NSH/tmp/debug there will be a directory named like the job name and the timestamp of the run.   that should have the yum output.

                   

                  Oh – also – are you using a customized yum.conf (this is 8.5?)?

                  • 6. Re: Red hat patch analysis not recognizing exclusions
                    Todd Schaal

                    I am not using a custom yum.conf.  Do you know what files you want to see (some of them are quite large).

                     

                    yum.conf:

                     

                    [main]

                    debuglevel=4

                    logfile=/var/log/yum.log

                    pkgpolicy=newest

                    distroverpkg=RedHat-release

                    tolerant=1

                    obsoletes=1

                    plugins=0

                    gpgcheck=0

                    bootloader=1

                     

                    cachedir=//var/tmp/stage/LinuxCatalog_2715_ltacgplum04

                    reposdir=//var/tmp/stage/LinuxCatalog_2715_ltacgplum04

                    [repo]

                    name=repo

                    baseurl=file:repo

                     

                     

                     

                    yum_analysis.res:

                     

                    Config time: 0.012

                     

                    Yum Version: 3.2.22

                     

                    Setting up Package Sacks

                     

                    pkgsack time: 11.143

                     

                    rpmdb time: 0.000

                     

                    Setting up Update Process

                     

                    Building updates object

                     

                    up:Obs Init time: 0.276

                     

                    up:simple updates time: 0.183

                     

                    up:obs time: 0.010

                     

                    up:condense time: 0.000

                     

                    updates time: 1.522

                     

                    Resolving Dependencies

                     

                    --> Running transaction check

                     

                    ---> Package crash.x86_64 0:5.1.8-3.el5_11 set to be updated

                     

                    ---> Package cups.x86_64 1:1.3.7-32.el5_11 set to be updated

                     

                    ---> Package cups-libs.x86_64 1:1.3.7-32.el5_11 set to be updated

                     

                    ---> Package cups-libs.i386 1:1.3.7-32.el5_11 set to be updated

                     

                    ---> Package firefox.x86_64 0:31.6.0-2.el5_11 set to be updated

                     

                    ---> Package firefox.i386 0:31.6.0-2.el5_11 set to be updated

                     

                    ---> Package kernel.x86_64 0:2.6.18-404.el5 set to be installed

                     

                    ---> Package kernel-devel.x86_64 0:2.6.18-404.el5 set to be installed

                     

                    ---> Package kernel-headers.x86_64 0:2.6.18-404.el5 set to be updated

                     

                    ---> Package ksh.x86_64 0:20100621-24.el5_11 set to be updated

                     

                    ---> Package nss_db.x86_64 0:2.2-38.el5_11 set to be updated

                     

                    ---> Package nss_db.i386 0:2.2-38.el5_11 set to be updated

                     

                    ---> Package openssl.x86_64 0:0.9.8e-32.el5_11 set to be updated

                     

                    ---> Package openssl.i686 0:0.9.8e-32.el5_11 set to be updated

                     

                    ---> Package openssl-devel.i386 0:0.9.8e-32.el5_11 set to be updated

                     

                    ---> Package openssl-devel.x86_64 0:0.9.8e-32.el5_11 set to be updated

                     

                    ---> Package postgresql-libs.x86_64 0:8.1.23-10.el5_10 set to be updated

                     

                    ---> Package postgresql-libs.i386 0:8.1.23-10.el5_10 set to be updated

                     

                    ---> Package sendmail.x86_64 0:8.13.8-10.el5_11 set to be updated

                     

                    ---> Package setroubleshoot.noarch 0:2.0.5-7.el5_11 set to be updated

                     

                    ---> Package setroubleshoot-server.noarch 0:2.0.5-7.el5_11 set to be updated

                     

                    ---> Package tzdata.x86_64 0:2015b-1.el5 set to be updated

                     

                    --> Finished Dependency Resolution

                     

                    Dependency Process ending

                     

                    Depsolve time: 1.237

                     

                     

                     

                    Dependencies Resolved

                     

                     

                     

                    ================================================================================

                     

                    Package Arch Version Repository

                     

                      Size

                     

                    ================================================================================

                     

                    Installing:

                     

                    kernel x86_64 2.6.18-404.el5 repo 22 M

                     

                    kernel-devel x86_64 2.6.18-404.el5 repo 5.9 M

                     

                    Updating:

                     

                    crash x86_64 5.1.8-3.el5_11 repo 2.3 M

                     

                    cups x86_64 1:1.3.7-32.el5_11 repo 3.1 M

                     

                    cups-libs x86_64 1:1.3.7-32.el5_11 repo 197 k

                     

                    cups-libs i386 1:1.3.7-32.el5_11 repo 201 k

                     

                    firefox x86_64 31.6.0-2.el5_11 repo 67 M

                     

                    firefox i386 31.6.0-2.el5_11 repo 66 M

                     

                    kernel-headers x86_64 2.6.18-404.el5 repo 1.5 M

                     

                    ksh x86_64 20100621-24.el5_11 repo 1.3 M

                     

                    nss_db x86_64 2.2-38.el5_11 repo 747 k

                     

                    nss_db i386 2.2-38.el5_11 repo 759 k

                     

                    openssl x86_64 0.9.8e-32.el5_11 repo 1.5 M

                     

                    openssl i686 0.9.8e-32.el5_11 repo 1.5 M

                     

                    openssl-devel i386 0.9.8e-32.el5_11 repo 1.9 M

                     

                    openssl-devel x86_64 0.9.8e-32.el5_11 repo 1.9 M

                     

                    postgresql-libs x86_64 8.1.23-10.el5_10 repo 197 k

                     

                    postgresql-libs i386 8.1.23-10.el5_10 repo 198 k

                     

                    sendmail x86_64 8.13.8-10.el5_11 repo 638 k

                     

                    setroubleshoot noarch 2.0.5-7.el5_11 repo 134 k

                     

                    setroubleshoot-server noarch 2.0.5-7.el5_11 repo 1.2 M

                     

                    tzdata x86_64 2015b-1.el5 repo 755 k

                     

                     

                     

                    Transaction Summary

                     

                    ================================================================================

                     

                    Install 2 Package(s) 

                     

                    Update 20 Package(s) 

                     

                    Remove 0 Package(s) 

                     

                     

                     

                    Total download size: 181 M

                     

                    Is this ok [y/N]: Exiting on user Command

                     

                    Complete!

                     

                     

                    analysis_log.log:

                     

                    ----------Options------

                     

                    Debug Flag: ON

                     

                    Analysis Options:List - update

                     

                     

                     

                      

                     

                    Initialize: cleaning up previous result files

                     

                    clean up complete

                     

                    Extracting headers

                     

                    Running YUM from /var/tmp/stage/LinuxCatalog_2715_ltacgplum04...

                     

                    YUM Command: includelist=`cat rpm-includes.lst| tr -d '

                     

                    ' | tr '

                     

                    ' ' '` && for i in 0 1 2 3 4 5 :; do echo n; done | blyum -c ./yum.conf -C update $includelist > "/var/tmp/stage/LinuxCatalog_2715_ltacgplum04/yum_analysis.res" 2> "/var/tmp/stage/LinuxCatalog_2715_ltacgplum04/yum.err.log"

                     

                    YUM dry run done!

                     

                    Generating rpm information...

                     

                    RPM information generated.

                     

                    Getting installed RPMs count....

                     

                    Parse results...

                     

                    Record Analysis logs in logfile: /var/tmp/stage/LinuxCatalog_2715_ltacgplum04/analysis_log.log

                    • 7. Re: Red hat patch analysis not recognizing exclusions
                      Yanick Girouard

                      Based on the debug yum log you provided, it's not doing any excludes. The excludes should be listed in the yum.conf on an exclude= line. It's not there. Could be a bug, not sure yet... Can you also show a screenshot of your yum.conf tab in the Patching Job setup? I think that's what Bill was referring to when he asked if you were using a custom yum.conf.

                       

                      If you browse the Kernel smartgroup you have created, do you see the kernel packages in there or not?

                       

                      As for excluding kernels, be careful because you're missing the redhat-release as well, so if you update redhat-release without the kernel for example, /etc/redhat-release file will show a later version of Red Hat while the actual kernel in use will be older. You need to exclude more than just kernel*. See this Red Hat KB about it: https://access.redhat.com/solutions/10185

                       

                      I also prefer not to use the NAME property to filter packages using a smartgroup, but rather the RPM_PACKAGE* one and the "is one of" operator. By specifying the exact names of packages you want to exclude (or include) you're sure not to include/exclude extras you didn't know existed or didn't think about.

                      • 8. Re: Red hat patch analysis not recognizing exclusions
                        Todd Schaal

                        Here is the yum.conf tab:

                         

                         

                        Also, yes there are 1,986 kernel rpms in the smart group

                        • 9. Re: Red hat patch analysis not recognizing exclusions
                          Yanick Girouard

                          I don't see anything wrong in your setup so far, but the log clearly showed it was not using any excludes, so something is bugged. Have you tried to recreate the patching job and re-select the patch smartgroup as an exclude? Make sure you close and re-open your console first too in case it's caching incorrect data somewhere (although I doubt it).

                           

                          Based on what I see I would open a support ticket.

                          • 10. Re: Red hat patch analysis not recognizing exclusions
                            Bill Robinson

                            what about in the patch global config, on the 'redhat' tab ?

                            • 12. Re: Red hat patch analysis not recognizing exclusions
                              Todd Schaal

                              Sorry for the long silence but this is just getting weirder.  I tried creating a new analysis job with just my kernel smart group excluded

                               

                              Any RPM Where ??NAME?? starts with kernel

                               

                              and it appeared to work.  I then exluded a smart group with the following filter:

                               

                              Any RPM Where ??RPM_PACKAGE*?? starts with postgres

                               

                              Running the analysis with the 2 smart groups exluded,  and it shows both the kernel and postgres rpms as missing.  I then removed the postgres group, so that it just excluded the kernel group (the exact configuration that worked before), and now I'm seeing the kernel rpm as missing?

                              • 13. Re: Red hat patch analysis not recognizing exclusions
                                Yanick Girouard

                                Instead of "Any RPM Where ??RPM_PACKAGE*?? starts with postgres", use the "is one of" operator with the complete name of the package (i.e. the name of the package is just the first part before the version, i.e. kernel, or kernel-headers, or kernel-devel. Instead of using a partial string match, use the full package name with a list, that way you're sure not to include or exclude something you didn't really intend to.

                                 

                                You should also run the tests in an ordered manner, against the same server always, so you can compare apples with apples. Also, just to make sure, between each test, save your job and close it, then re-open it to confirm you're using the right settings and that they saved. If you have the job results window opened for the job, close it and re-open it between tests to make sure this is not a console glitch (i.e. you modified the job, but the results window kept the old settings). I doubt this is the case, but you need to be thorough regardless.

                                 

                                The debug logs (yum.conf and yum_analysis.res) from each run would also help to troubleshoot the issue.

                                • 14. Re: Red hat patch analysis not recognizing exclusions
                                  Bill Robinson

                                  what version of blade is this - down to the build ?  eg 8.5.01.301

                                  1 2 Previous Next