If you are able to do manual mouting with target then you won't face any issue via Bladelogic Nfs mount....
But this did not clarify my query.
I know if I can manual mount it works.. As I am will be doing this in a production environment and will not get an oppurtunity to play around.
I want to understand when Bladelogic mounts the share on target during remediation what does it look for on target to mount the share ?
Also what will be the flow ? WHat ports need to be opened (NFS uses 2049) and direction ?
If I have multiple locations and hundred's of servers, I have to take this all this in to consideration before putting this solution
NFS client should be present on target.If its is not present then user has to install nfs client.Blade does not install nfs client
Port will be same what you mentioned
I think the default nfs type will be nfs3 which uses other ports - not just 2049 (which i believe is what nfs4 uses by default). you may need to configure the nfs client, and the nfs server to use a static set of ports - like here:
the nfs-utils package needs to be installed on all the targets and they obviously need network access to the repository server.
This will be a challenge to open all these ports (TCP and UDP 2049/33776/33777/33778/33779/32) from targets for nfs mount to Linux Patch repository server and will be difficult to get this implemented.
Also for similar windows setup I assume we have to use SMB to get patching working at remote location with agent mount option !! open ports (TCP 445 and 139) from targets to windows patch repository servers.
Is there any other better way\Best Practice to do automated patching in heterogeneous environment with multiple remote locations ?
i wouldn't focus on the ports there - you need NFS to work from the target system to the repository storing the files. as the link i sent should mention it's possible to force nfs to default to a particular version and for it to use TCP only - you just need to configure the nfs clients and nfs server to do so.
Here I am talking about multiple locations and each locations having multiple physical network seperated by firewalls
I have many servers behind firewall and DMZ, so I have to get ports (NFS) opened for them from DMZ to trusted network if I use agent mount
Also getting NFS client installed and configured on all the linux servers will be challenge, not from actual implementaion but to get the customer approval.
the only options here are:
-use the 'agent mount' url type and make sure the target can mount the repo location
-use a central repo and nsh repeaters to cache the payloads during the deploy job runs.
I am looking at the first option and planning around this "use the 'agent mount' url type and make sure the target can mount the repo location"
If I want to use the second option i.e. "use a central repo and nsh repeaters to cache the payloads during the deploy job runs."
how will repeater help me in case of automated patching (Patch analysis with auto remdeiation) ? What my understanding is
1) The remediation packages created for missing patches has soft link to the actual patches in repository and during deploy they get copied directly from repository to target bypassing the repeater.
2) the package will be different for each servers, based on the missing patches on the server.
1 of 1 people found this helpful
if many or all of the target servers are getting the same patches, then the repeater will help. if the servers are getting a different set of patches per each server, the repeater won't really help here.