#1 - You must separate the groups you analyze by OS version. If you don't, when you select the "deploy all missing hotfixes" option an error is thrown. Re: Design - without being too long winded we have at least 6 server smart groups for patch targeting. Variables are: OS Version; VM Host, VM Guest, or Non-VM; x86 versus x64; and the time slot the owner allows the server to be patched.
#2 - If the package is built via analyze then you won't have that problem. If you build the package manually, BL will not prevent the execution of a 2000 hotifx against a 2003 target. But when it's invoked the OS will know and not apply it.
#3 - We patched 565 servers (about half our environment) last Saturday evening in about 4 hours.
Also be wary that with the packages created by patch analysis, each item within the package is set to "ignore on failure". So the deploys will ALWAYS finish with a success status even if it failed. There is supposed to be an option in 7.4.2 to change this behavior.
This also depends on the version of bladelogic - in 7.4+ the analysis engine is different then in 7.2-7.3 so #1 will be different if you are using 7.4
#2 should be the same regardless of the version of bladelogic.
Apologies for resurrecting an old thread, but regarding this issue:
Also be wary that with the packages created by patch
analysis, each item within the package is set to
"ignore on failure". So the deploys will ALWAYS
finish with a success status even if it failed.
Is there any way to change this default to "Continue"? We are running into frustration where a job is ended as "Successful" even though every patch may have failed to apply. Checked the docs and see how to change the setting on a hotfix-by-hotfix basis... but we want the default to be Continue so we have a visual indicator. In the midst of patching several hundred servers, the less stuff we have to tweak by hand, the better. :)
w/ Unix patching I believe you can set this in the jython.conf or blvpc.conf file.
for windows, I'm not sure if you can do this. There are some defaults you can set for DeployJobs in the Property dictionary (DeployOptions), but I don't believe that will get you the 'continue' option.
for windows, I'm not sure if you can do this. There
are some defaults you can set for DeployJobs in the
Property dictionary (DeployOptions), but I don't
believe that will get you the 'continue' option.
I hate that answer. :)
I did some poking around; as you suspected, there was nothing there for the DeployJobs/Packages/Patches in the Property Dictionary. However, what I found is that the patch items in the Depot have ACTION_ON_FAILURE as a property. (And, naturally, it is set to Ignore and I cannot change it.)
If we were able to change this setting, do you think it would propagate through to the BLPackages auto-generated by the Patch Deployment? This is really kind of an annoyance for us, to see "Successful" job completion when patches failed, would like to see a solution without having to adjust every one by hand. (We do +/- 600 servers a week, so that's a lot of clicking in the middle of the night!)
>Is there any way to change this default to "Continue"? We are running into
I've asked for this repeatedly to no avail.
Maybe with another customer asking for it the powers that be may consider making it available.
File 'enhancement requests' w/ our support people, and if you really need to get this in, give the BMC/BladeLogic rep who is responsible for your account a call.
oh, good find.
so you might be able to make this 'ignore' in the 'Tools | Patch Analysis Configuration' menu. though i set it and it didn't change anything in the property dictionary.
open up a ticket w/ support on this - maybe there is a way to change it. not sure about setting it to 'continue' - there might be something in the db you can do..or w/ the blcli...
The patch analysis configuration is already set to "Ignore", which makes sense. The only other option available is "Abort".
Naturally, the one we want doesn't seem to be there. :)
I've been there and done that Bill