How to configure Red Hat Linux settings in Patch Manager Plus?
Patch Manager Plus for Red Hat Enterprise Linux enables administrators to manage all security patches that are released by the Red Hat Security Announce(RHSA), for Red Hat subscribed machines and servers. It allows to identify, install, and audit Red Hat package updates, helping enterprises maintain a high level of security across Linux endpoints.
Note: For patching Red Hat, it is recommended that all the managed endpoints have Standard subscriptions for Red Hat Enterprise Linux.
This how to document provides prerequisites to patch Red Hat systems and instructions to configure Red Hat settings.
- Configure proxy settings and ensure https://access.redhat.com/ is accessible from the Patch Manager Plus server.
- Ensure our External Download Tool is available on the Patch Manager Plus Server.
- Install Patch Manager Plus agents on the RHEL systems to be patched.
- Allow your proxy to download .jar, .rpm files.
- Verify if you have purchased sufficient licenses for your patching requirements.
Steps to configure patch settings for Red Hat Linux:
1. Provide Red Hat account information
- Provide the credentials using which you have purchased the Red Hat subscription. This information is required to validate and download all the .rpm packages for your network.
- Ensure this credential has permissions to download packages from https://access.redhat.com/downloads/ to the server machines.
2. System Nomination
System Nomination is a process of hand-picking one computer each for these categories - Server, Desktop and Workstation in your network. The selected systems will be used to download meta files required by YUM tool for patching.
Red Hat Linux uses the YUM (Yellow dog Updater Modified) as its package management solution. The YUM provides all dependencies required to deploy a patch.
Prerequisites to nominate a computer:
- Verify if Patch Manager Plus agent is installed in the computer.
- Check if the nominated system has an active Red Hat subscription.
- Configure proxy such that https://cdn.redhat.com/ is accessible from the nominated systems.
- Ensure that it has an active internet connection without any firewall restrictions.
- Ensure that there is at least 20GB free space for '/' partition.
- Ensure that the machine has minimal down-time.
- The nominated machine should have the following specifications
- RAM size : 4 GB or higher.
- Processor : Intel Core i3 (2 Core / 4 Thread) 2.0 GHz or higher
Steps to follow for system nomination:
- Provide the name of the computer nominated for Server category.
- Provide the name of the computer nominated for Desktop category.
- Provide the name of the computer nominated for Workstation category.
Architecture and process of patching Red Hat systems
This section explains the processes involved in patching Red Hat systems using Patch Manager Plus with the help of architecture diagrams.
1. Cache creation
Steps involved in the process of Cache creation:
- The Patch Manager Plus server detects the available Red Hat versions and architecture in all the systems in your network.
- The Nominated System (for the category of Servers) downloads the RH Cache Plugin from the server. The Plugin will reside on the Nominated System.
- The RH Cache Plugin in the Nominated System downloads required meta files for all the other systems in the network ( that belong to the category of 'servers') from the Red Hat portal, using the YUM tool.
- The downloaded files are then uploaded to the Patch Manager Plus server.
- All the other systems residing in the network receive the data from the Patch Manager Plus server. Each system uses the meta data to detect it's missing patches and dependencies.
Note: The above steps refer to the category of Servers. The same steps are applicable to the category of Workstations and Desktops as well.
2. Scan and Deployment
Steps involved in the process of scanning and patch deployment:
- The Patch Manager Plus server syncs the External Download Tool and supported patches information from ManageEngine's central Patch Repository.
- The server initiates the scan on all the Red Hat systems and detects the missing patches.
- The External Download Tool downloads the patches and dependencies from the Red Hat portal using the account credentials provided.
- a) The downloaded files are replicated from the Patch Manager Plus server to the Distribution Server(s). The remote office agents download the files from the Distribution Server.
b)Other agents download the files from the Patch Manager Plus Server.
- Once patches are downloaded and available, deployment is carried out.