7 Replies Latest reply on Jan 26, 2012 7:38 AM by Bill Robinson

    Redhat patch install with Bladelogic

    Pritam Majumder

      We have some Redhat Enterprise linux Servers (5.2) where we want to install patches with Bladelogic server automation (7.5). I am cretaing a patch repository by downloading the required patches from RHN (for channel rhel-x86_64-server-5) with the RedhatRepositoryManager.sh utility of bladelogic.


      Question is how can we distinguish between simple application level patches and OS kernel level patches? e.g. I am able to download around 3000 patches and if we apply all of them, the OS kernel level will be changed from 5.2 to the latest (5.6). We do not want to do that rather we want to be in 5.2 level only and apply the required patches.


      How to achieve that?




        • 1. Redhat patch install with Bladelogic

          You can use exclude list to exclude all kernel patches, it supprots wildcards Check VPC documentation for more details.

          The exclude list is provided as an input to the yum utility.

          • 2. Redhat patch install with Bladelogic

            I will recommed that you create and use a Global exclude file fucntionality which will make sure that the kernel patches are excluded for all usual job runs. This will avoid accidental upgrade of kernel

            • 3. Redhat patch install with Bladelogic
              Pritam Majumder

              Thanks Rohit for the input. Looking for some more detail info on this.

              1. where to get the VPC document. i am using RedhatRepositoryManager.sh utility, is it all the same with VPC?

              2. I need use the yum utility once I complete the patch download. Do I need to pass the exclude list at that time?




              • 4. Redhat patch install with Bladelogic


                RedhatRepositoryManager.sh utility is meant to download the patches. You can download all the patches without having to worry about excluding the kernl patches.

                I beleive you will have to install VPC (Vendor Patch content) for using the patch functionality.

                YOu should be able to download it and the documentation from the Support site using your support credentials.

                The VPC installer creates jobs that have parameters to do patch analayis and deployment.

                The global exlclude file lives om teh appserver where VPC Is installed.

                Do have VPC Installed  ?

                • 5. Redhat patch install with Bladelogic
                  Pritam Majumder

                  I am not sure if we have VPC installed but my feeling is it is not (how to check?)


                  So it means without VPC we can not go ahead to identify which are the kernel patches and which are security patch?

                  • 6. Redhat patch install with Bladelogic

                    What is the use case here you are trying to address here ?

                    VPC lets you:

                    - do patch analysis - it will run against a set of servers to find out which all patches are missing on which all servers

                    - it creates deploy jobs which can be used to install missing patches obtained from such a patch analysis.

                    - you can control which patches to install and use deploy job capabilities.


                    What do you want to do ?

                    All kernelpatches in Linux will start by the name kernel*.

                    • 7. Redhat patch install with Bladelogic
                      Bill Robinson

                      The redhat levels don't really mean anything.  if you take a rhel 5.1 box and install all the current patches except the kernel patches does that make it rhel 5.6?  or what if you just patch the kernel and nothing else - does that make it 5.6 ?  redhat does not work like suse with regards to the levels.  redhat is on more of a continuous release cycle - when you apply patches, those are always the current patches for that major release of rhel.  imo the minor release number means nothing. 


                      so i think you want to just exclude the kernel patches.