Red Hat Linux Settings

How to configure Red Hat Linux settings in Desktop Central?

Description

Desktop Central for Red Hat Enterprise Linux enables administrators to manage all security patches that are released by the Red Hat Security Announce(RHSA), for Red Hat subscribed machines and servers. It allows to identify, install, and audit Red Hat package updates, helping enterprises maintain high level of security across Linux endpoints.

This how to document provides prerequisites to patch Red Hat systems and instructions to configure Red Hat settings.

Prerequisites:

  1. Configure proxy settings and ensure https://access.redhat.com/ is accessible from the Desktop Central server.
  2. Ensure our External Download Tool is available on the Desktop Central Server.
  3. Install Desktop Central agents on the RHEL systems to be patched.
  4. Allow your proxy to download .jar, .rpm files.
  5. Verify if you have purchased sufficient licenses for your patching requirements.

Steps to configure patch settings for Red Hat Linux:

Navigate to Desktop Central -> Patch Management -> Settings. Click on Red Hat Linux settings. You can also navigate to Admin -> Patch Settings and select the Red Hat Linux settings.

1. Provide Red Hat account information

  • Provide the credentials using which you have purchased the Red Hat subscription. This information is required to validate and download all the .rpm packages for your network. 
  • Ensure this credential has permissions to download packages from https://access.redhat.com/downloads/ to the server machines.

2. System Nomination

System Nomination is a process of hand-picking one computer each for these categories - Server, Desktop and Workstation in your network. The selected systems will be used to download meta files required by YUM tool for patching.

Red Hat Linux uses the YUM (Yellow dog Updater Modified) as its package management solution. The YUM provides all dependencies required to deploy a patch.

Prerequisites to nominate a computer:

  1. Verify if Desktop Central agent is installed in the computer.
  2. Check if the nominated system has an active Red Hat subscription.
  3. Configure proxy such that https://cdn.redhat.com/ is accessible from the nominated systems.
  4. Ensure that it has an active internet connection without any firewall restrictions.
  5. Ensure that there is atleast 20 GB free space for '/' partition.
  6. Ensure that the machine has minimal down-time.
  7. The nominated machines should have the following specifications
    • RAM size : 4 GB or higher.
    • Processor : Intel Core i3 (2 Core / 4 Thread) 2.0 GHz or higher.

Steps to follow for system nomination:

  1. Provide the name of the computer nominated for Server category.
  2. Provide the name of the computer nominated for Desktop category.
  3. Provide the name of the computer nominated for Workstation category.

Architecture and process of patching Red Hat systems

This section explains the processes involved in patching Red Hat systems using Desktop Central with the help of architecture diagrams. 

1. Cache creation

rh-cache-creation

Steps involved in the process of Cache creation:

  1. The Desktop Central server detects the available Red Hat versions and architecture in all the systems in your network.
  2. The Nominated System (for the category of Servers) downloads the RH Cache Plugin from the server. The Plugin will reside on the Nominated System.
  3. The RH Cache Plugin in the Nominated System downloads required meta files for all the other systems in the network ( that belong to the category of 'servers') from the Red Hat portal, using the YUM tool.
  4. The downloaded files are then uploaded to the Desktop Central server.
  5. All the other systems residing in the network receive the data from the Desktop Central server. Each system uses the meta data to detect it's missing patches and dependencies.

Note: The above steps refer to the category of Servers. The same steps are applicable for the category of Workstations and Desktops as well.

2. Scan and Deployment

rh-scan-deployment

Steps involved in the process of scanning and patch deployment: 

  1. The Desktop Central server syncs the External Download Tool and supported patches information from ManageEngine's central Patch Repository.
  2. The server initiates scan on all the Red Hat systems and detects the missing patches.
  3. The External Download Tool downloads the patches and dependencies from the Red Hat portal using the account credentials provided.
  4. a) The downloaded files are replicated from the Desktop Central server to the Distribution Server(s). The remote office agents download the files from the Distribution Server.
    b)Other agents download the files from the Desktop Central Server.  
  5. Once patches are downloaded and available, deployment is carried out.