To configure the patching repository so that it can copy patches to alternate locations, use SFTP, SCP, FTP, NFS, or a premounted file system.

Similar documents
Oracle Fusion Middleware

NetBackup Deployment Template User Guide for Chef

Genesys Administrator Extension Deployment Guide. Prerequisites for Genesys Administrator Extension Modules

IBM z Systems Development and Test Environment Tools User's Guide IBM

Software Content Repository Tool 2.0 Guide vcenter Configuration Manager 5.3 Software Content Repository Tool 2.0

FastTrack to Red Hat Linux System Administrator Course Overview

VMware vcenter Configuration Manager Administration Guide vcenter Configuration Manager 5.7

Sql 2005 User's Guide Oracle 11g Release 2

Dell Storage Compellent Integration Tools for VMware

Performing an ObserveIT Upgrade Using the Interactive Installer

Dell Storage Integration Tools for VMware

DocuShare Installation Guide

Sun OpenSSO Enterprise Policy Agent 3.0 Guide for Apache HTTP Server 2.2.x

Upgrading an ObserveIT One-Click Installation

<Insert Picture Here> Configuration Manager Installation Process

VMware vcenter Configuration Manager Installation and Getting Started Guide vcenter Configuration Manager 5.4.1

RSA NetWitness Logs. Oracle iplanet Web Server. Event Source Log Configuration Guide. Last Modified: Tuesday, May 09, 2017

Cisco Prime Service Catalog Compatibility Matrix

Dell Storage Compellent Integration Tools for VMware

Location Intelligence Geographic Information Systems. MapMarker Plus. Version 30. Installation Guide

Technical Whitepaper. NetBackup PureDisk Technical Product Management. PureDisk Remote Office Protection. Export to NetBackup Feature

Websphere Force Uninstall Application Server 8 Linux Install

Getting Started with. Agents for Unix and Linux. Version

Genesys Interaction Recording Solution Guide. WebDAV Requirements

vrealize Operations Manager Configuration Guide 19 JULY 2018 vrealize Operations Manager 6.7

RSA NetWitness Logs. Oracle Directory Server. Event Source Log Configuration Guide. Last Modified: Thursday, June 29, 2017

Oracle OpenSSO E

Oracle Collaboration Suite

Teradici PCoIP Connection Manager 1.8 and Security Gateway 1.14

Contents Overview... 5 Downloading Primavera Gateway... 5 Primavera Gateway On-Premises Installation Prerequisites... 6

ArcGIS 9. Installing ArcIMS 9 on IBM AIX

VIRTUAL GPU LICENSE SERVER VERSION , , AND 5.1.0

IT Business Management System Requirements Guide

vrealize Operations Manager Configuration Guide Modified on 17 AUG 2017 vrealize Operations Manager 6.6

Requirements for ALEPH 500 Installation

Tivoli Web Solutions. Upgrade Notes

Compatibility matrix: ServiceCenter 6.2

Red Hat JBoss Web Server 3

Ahsay Online Backup Manager v7 Quick Start Guide for Synology NAS

Linux Administration

UPGRADING TO ADOBE EXPERIENCE MANAGER FORMS ON JEE FOR WEBLOGIC

Oracle Enterprise Manager Ops Center

Oracle Oracle Identity Manager 11g

INSTALLING AND DEPLOYING ADOBE EXPERIENCE MANAGER FORMS ON JEE FOR JBOSS

INSTALLING AND DEPLOYING ADOBE EXPERIENCE MANAGER FORMS ON JEE FOR WEBLOGIC

SAS Fair Banking 8.1 Installation Instructions

Remote Device Mounting Service

SAS. Installation Guide Fifth Edition Intelligence Platform

Interoperability of Bloombase StoreSafe and Thales payshield for Data-at-Rest Encryption

InstallAnywhere: Requirements

Installing SmartSense on HDP

Oracle Communications Marketing and Advertising

How To Install Java Manually Linux Terminal Server 2008

StreamSets Control Hub Installation Guide

Product Information for etrust Audit Components

Linux Essentials Objectives Topics:

Installation Guide Installing AuraPlayer Components on Tomcat in a Linux Environment

User Guide. Informatica Log Express

Compatibility matrix: HP Service Manager Software version 7.00

IBM Maximo Anywhere Version 7 Release 6. Planning, installation, and deployment IBM

QuickStart Guide for Managing Computers. Version 9.73

Core Services SSL Installation Guide. Service Pack 9, July 2007

RSA NetWitness Logs. Apache HTTP Server. Event Source Log Configuration Guide. Last Modified: Friday, November 3, 2017

Server Monitoring. AppDynamics Pro Documentation. Version 4.1.x. Page 1

Snap Creator Framework 4.1

Red Hat Development Suite 2.1

Manual Ftp Windows 7 Server 2008 R2 Java

QuickStart Guide for Managing Computers. Version 9.32

Setup VirtualBox with Ubuntu bit on Windows7 64bit host. A native installation is of course fine, too. Let updater update.

Security Content Update Getting Started Guide. Versions: CCS 11.1.x and CCS 11.5.x

Reconfiguring VMware vsphere Update Manager. 17 APR 2018 VMware vsphere 6.7 vsphere Update Manager 6.7

Installing the Management Software

Click Studios. Passwordstate. Password Discovery, Reset and Validation. Requirements

VMware Horizon 7 Administration Training

Cisco Prime Service Catalog Virtual Appliance Quick Start Guide 2

Installation Guide. OMi Management Pack for Microsoft Skype for Business Server. Software Version: 1.00

CloudView NMS Agent User Guide. /multi-platform version/

ForeScout Extended Module for IBM BigFix

Informatica 9.0 PowerCenter Installation Quick Start Guide

Tasktop Sync - Installation Primer. Tasktop Sync - Installation Primer

Automic Agent Deployment and Upgrade Toolkit. How-To Documentation

Site Caching Services Installation Guide

Oracle Database Appliance Kit for WebLogic Server

GMU Specifications And Installation Procedures Page 1 04/04/08. JBM Gateway Management Utility Server Specifications And Installation Procedures

HP Internet Usage Manager Software Installation Guide

QuickStart Guide for Managing Computers. Version

Upgrading Cisco UCS Director to Release 6.6

HP StorageWorks Performance Advisor. Installation Guide. Version 1.7A

Upgrade Instructions. NetBrain Integrated Edition 7.1. Two-Server Deployment

Table of Contents. Configure and Manage Logging in to the Management Portal Verify and Trust Certificates

Artix Version Installation Guide: Java

IBM Maximo Anywhere Version 7 Release 6. Planning, installation, and deployment IBM

IBM. Harshit Kumar Agrawal & Chethan Chandrashekar 3/5/2014

RHCSA Rapid Track Course (RH199)

PRODUCT DOCUMENTATION. Backup & Replication v5.0. User Guide.

VMware vcenter Configuration Manager and VMware vcenter Application Discovery Manager Integration Guide

Teamcenter 10.1 Systems Engineering and Requirements Management. Systems Architect/ Requirements Management Server Installation Manual for Windows

Oracle Utilities Customer Care and Billing

UPGRADING TO ADOBE EXPERIENCE MANAGER FORMS ON JEE FOR WEBSPHERE

Road map for a Typical installation of IBM Tivoli Monitoring, Version 5.1.0

Transcription:

Configuring Protocols to Stage and 1 Deploy Linux and UNIX Patches VCM supports patching of managed machines in distributed environments, either geographically or separated by firewalls. VCM uses a single Red Hat Linux patching repository machine that has the Software Content Repository (SCR) Tool installed. The distributed patching configuration can include one or more Red Hat Linux alternate location machines to store the patches for deployment to managed machines. Before you copy Linux and UNIX patches from the patching repository machine to alternate location machines or to target managed machines, you must configure the protocols to enable the communication between the patching repository, alternate locations, and managed machines. The copy operations use several protocols. To configure the patching repository so that it can copy patches to alternate locations, use SFTP, SCP, FTP, NFS, or a premounted file system. To configure the target managed machines so that they can retrieve the patch files from the patching repository, use HTTPS, HTTP, FTP, NFS, or a premounted file system. To configure the target managed machines so that they can retrieve the patch files from the alternate locations, use HTTP, NFS, HTTPS, FTP, or a premounted file system. You can configure HTTP, FTP, and other supported protocols on the Red Hat Linux patching repository and alternate location machines. CAUTION When you use HTTP or HTTPS to stage patches from the patching repository to Solaris managed machines, the staging action might consume all of the swap space in /tmp, to the full file size of the patch, which might be a problem on production machines. For more information to configure the protocols, see http://kb.vmware.com/kb/2051632. Configuring HTTP on the Red Hat Linux Patching Repository When VCM deploys patches, the Red Hat Linux patch repository machine downloads patches from the Red Hat network based on the selected patch bulletins. During each download, patch metadata is synchronized to the patching repository to ensure that the available content is always current. You can schedule the patch staging and deployment to the target managed machine separately. Linux and UNIX managed machines can use HTTP to retrieve patches directly from the Red Hat Linux patching repository machine. The VCM Collector orchestrates and coordinates the tasks required to download, stage, and deploy the patches, and the custom pre-deployment, post-deployment, and reboot actions using the VCM Agent installed on the patching repository machine and the VCM Agent on the target managed machines. VMware, Inc. 1

Configuring HTTP on the Red Hat Linux Patching Repository Figure 1 1. Configuring HTTP for the Red Hat Linux Patching Repository To configure the Red Hat Linux patching repository machine so that it can use HTTP, you must perform several tasks. After you configure HTTP, you can use VCM to keep the patches current. The Apache default configuration is in /etc/httpd/conf/httpd.conf. This procedure uses the default configuration. You must update this file to conform to your specific security requirements. Install a Red Hat Enterprise Linux machine to serve as the patching repository. 1. On the Red Hat Linux patching repository machine, run the # up2date httpd command to install the Web server. 2. If you use Yum, run the # yum install httpd command. 3. Start the Apache Web server with httpd. a. Run the # chkconfig httpd on command. b. Run the # /etc/init.d/httpd start command. What do to next Configure the patching repository machine to use Java. See "Install Java on the Patching Repository Machine" on page 3. 2 VMware, Inc.

Configuring Protocols to Stage and Deploy Linux and UNIX Patches Install Java on the Patching Repository Machine VCM uses the Software Content Repository (SCR) Tool to download Linux and UNIX patches from OS vendor Web sites to the patching repository, and deploy those patches to Linux and UNIX managed machines. Red Hat Enterprise Linux includes OpenJDK, which is the open source version of the Sun Java Development Kit. Because the SCR Tool is only certified with Oracle Java, you must perform several tasks to install the current version of Java. Verify that the Red Hat Linux machine can access the Internet to download the latest version of Java, and the Oracle Java Cryptography Extension (JCE), which is used for SCR Tool password encryption. See http://www.oracle.com/technetwork/java/javase/downloads/index.html. 1. On the Red Hat Linux patching repository machine, download the latest version of Java. 2. Download version 7 of the Java Cryptography Extension (JCE). 3. To install Java, run the following commands. a. Run the rpm i jdk-7u21-linux-x64.rpm command. b. Run the # alternatives --install /usr/bin/java java /usr/java/latest/jre/bin/java 20000 command. c. Run the # alternatives --install /usr/bin/javaws javaws /usr/java/latest/jre/bin/javaws 20000 command. 4. To support the use of Java to encrypt passwords, which is required for the SCR Tool when retrieving patches from the vendor(s), update the JCE. a. To extract the JCE package, run the # unzip UnlimitedJCEPolicyJDK7.zip command. b. To copy the files to the correct location, run the # cp UnlimitedJCEPolicy/*.jar /usr/java/latest/jre/lib/security/ command. To download Linux and UNIX patches from OS vendor Web sites to the patching repository, you must install the Software Content Repository Tool. See "Install and Configure the Software Content Repository Tool" on page 3. Install and Configure the Software Content Repository Tool To ensure that you can download Linux and UNIX patches from OS vendor Web sites to the patching repository, you must install the Software Content Repository (SCR) Tool on the Red Hat Linux patching repository machine. To ensure that the SCR Tool can download patches from vendor Web sites after you install it, install Java on the patching repository Machine. See "Install Java on the Patching Repository Machine" on page 3. Obtain the Software Content Repository Tool Guide from the VMware Documentation Web site. See https://www.vmware.com/support/pubs/vcm_pubs.html. VMware, Inc. 3

Configuring HTTP on the Red Hat Linux Patching Repository Verify that the Red Hat Linux patching repository machine can access the VMware download site to download the SCR Tool. See the Software Content Repository Tool Guide. 1. On the Red Hat Linux patching repository machine, download the SCR Tool into the /tmp directory. This action downloads the SCR-vmware-5.0.0.20.tar.gz file. 2. Run the following commands to generate a directory for the SCR Tool, and extract the ZIP file in that directory. a. To create the directory, run the # mkdir /SCR command. b. To change to the directory, run the # cd /SCR command. c. To extract the file, run the # tar xzf /tmp/scr-vmware-5.0.0.20.tar.gz command. 3. Run the # /SCR/bin/lumension_encryptor_tool.sh command to encrypt your Red Hat entitlement password. 4. Type your password, and type it again to encrypt it. The format of the password resembles: 00deb46558d24018addc875054bc3a9e. 5. Create the directory /var/www/html/vendorfiles to contain the downloaded patches and support files. 6. Create the directory /SCR/cacherequest for patch requests. 7. To configure the SCR Tool to use the Apache folder and your Red Hat entitlement, run the following commands to update the Red Hat properties file. a. To make the directory, run the # mkdir /var/www/html/vendorfiles /SCR/cacherequest command. b. To view the Red Hat properties file, run the # cat </SCR/conf/REDHAT-rt.properties command. The properties file entries must resemble the following example. platform=linux arch=x86_64 dist=redhat folder=/var/www/html/vendorfiles keyfile=./vmware.plk key=y341h8i7arr8915580oepd index=vmware57.xml program="." thirdparty=true user=your_redhat_entitlement_username_credentials pwd=00deb46558d24018addc875054bc3a9e # for Your Entitlement Password from encryptor_tool configlog=/scr/logs/redhat-config.log 4 VMware, Inc.

Configuring Protocols to Stage and Deploy Linux and UNIX Patches checkpayload=true dependencycheck=false channels=client-5,workstation-6,server-5,server-6 downloadpayload=false cacherequestfolder=/scr/cacherequest To ensure that VCM can copy patches from the patching repository machine to the alternate location machines and target managed machines, install the VCM Agent on the patching repository machine. See "Install the Linux VCM Agent" on page 5. Install the Linux VCM Agent To ensure that VCM can copy patches from the patching repository machine to the alternate location machines and target managed machines, you must install the VCM Agent on the patching repository machine. To download Linux and UNIX patches from OS vendor Web sites to the patching repository, install the Software Content Repository (SCR) Tool on the Red Hat Linux patching repository machine. See "Install and Configure the Software Content Repository Tool" on page 3. 1. Locate the VCM Agent on the VCM Collector. The location of the VCM Agent is C:\Program Files (x86) \VMware\VCM\Installer\Packages\PersistentComponents\CMAgent.5.7.0.Linux.zip. 2. Copy the VCM Linux Agent from the VCM Collector to the patching repository machine. 3. To install the VCM Linux Agent, run the following commands. # gunzip CMAgent.5.7.0.Linux.zip #./CMAgent.5.7.0.Linux #./CSIInstall/InstallCMAgent 4. When you are prompted for the default certificates, press Enter, and press Enter again. License the patching repository machine. See "License the Patching Repository in VCM" on page 5. License the Patching Repository in VCM Before VCM can access and use the patching repository, you must license the patching repository machine. Install the Linux VCM Agent on the patching repository machine. See "Install the Linux VCM Agent" on page 5. VMware, Inc. 5

Configuring HTTP on the Red Hat Linux Patching Repository 1. In VCM, click Administration. 2. Select Machines Manager > Licensed Machines > Licensed UNIX Machines. 3. Click Add Machines. 4. Select Basic and click Next. 5. Type the machine name, select the domain, and select the domain type. 6. In the Machine Type drop-down menu, select Red Hat Server. 7. Type the port. 8. Click Add, click Next, and click Finish. Use VCM to collect data on the patch assessment state of Linux and UNIX managed machines and the patches installed. See "Collect Patch Assessment Data from Managed Machines" on page 6. Collect Patch Assessment Data from Managed Machines Collect data from Linux and UNIX managed machines to determine the patch assessment state and the patches installed and validate the certificate for the patching repository. License the patching repository machine so that VCM can access and use the patching repository. See "License the Patching Repository in VCM" on page 5. 1. In VCM, click Collect. 2. Select Machine Data and click OK. 3. Select the machines from which to collect data, click Select Data Types to collect from these machines, and click Next. 4. On the Data Types page, expand Unix, click Patch Assessment, and click Patches - Installed. 5. Click Use default filters and click Next. 6. Review the summary and click Finish. 7. Click Jobs to monitor the collection, and wait for the collection to finish. 8. In the Licensed UNIX Machines data grid, locate the patching repository machine, and view the Agent State column to validate that the patching repository appears as Current Agent. If the Agent State is incorrect, fix the problem, collect patching data again, and verify the Agent State. Enable the trust and patching repository status for the patching repository machine. See "Set the Trust and Patching Repository Status" on page 6. Set the Trust and Patching Repository Status Trusted host machines use elevated privileges to perform actions for VCM. You must enable the trust and patching repository status for the Red Hat Linux patching repository machine, to designate it as a trusted patching machine for security purposes. 6 VMware, Inc.

Configuring Protocols to Stage and Deploy Linux and UNIX Patches Collect patching data from Linux and UNIX managed machines. See "Collect Patch Assessment Data from Managed Machines" on page 6. 1. On the VCM Collector, to set the repository status for the patching repository machine, click Administration and click Certificates. 2. If the patching repository status is set for a different patching repository machine, disable the patching repository status to stop using that machine as the patching repository. a. In the Certificates data grid, click the existing Red Hat Linux machine that has the Patching Repository Status enabled. b. Click Patching Repository. c. Click Disable, click Next, and click Finish. 3. Enable the trust status for the Red Hat Linux machine that you are designating as the patching repository. a. In the Certificates data grid, click a single Red Hat Linux machine. b. Click Change Trust Status. c. Select the Check to trust or uncheck to untrust the selected machines check box and click Next. 4. Enable the patching repository status for the Red Hat Linux machine that you are designating as the patching repository. a. Click the Red Hat Linux machine. b. Click Patching Repository. c. Click Enable, click Next, and click Finish. Verify the base path setting for the Software Content Repository (SCR) Tool on the patching repository machine. See "Verify the SCR Tool Base Path for the Patching Repository" on page 7. Verify the SCR Tool Base Path for the Patching Repository The setting for the Software Content Repository (SCR) Tool base path in VCM must point to the location where you installed the SCR Tool on the patching repository machine. The base path directory contains directories for the SCR binary files, configuration files, logs. Enable the trust and patching repository status for the Red Hat Linux patching repository machine. See "Set the Trust and Patching Repository Status" on page 6. VMware, Inc. 7

Configuring HTTP on the Red Hat Linux Patching Repository 1. In VCM, click Administration. 2. Select Settings > General Settings > Patching > UNIX > Additional Settings. 3. Verify that the value for the Default UNIX/Linux package repository SCR base path setting is the location on the patching repository machine where you installed the SCR Tool, such as /SCR. 4. Verify that the value for the Default UNIX/Linux package repository path setting is the location used in the Red Hat properties file, such as /var/www/html/vendorfiles. Configure how the target managed machines obtain and stage the patches for deployment. See "Configure How Managed Machines Stage Patches for Deployment" on page 8. Configure How Managed Machines Stage Patches for Deployment You must configure how the target managed machines obtain and stage the patches so that VCM can deploy them to the managed machines. When you configure the managed machines to obtain patches from the patching repository machine, the repository path is relative to the directory served by your Apache Web server. For example, /vendorfiles is a correct path, because the repository path is relative. A full path, such as /var/www/html/vendorfiles, is incorrect. Verify the base path for the Software Content Repository (SCR) Tool on the patching repository machine. See "Verify the SCR Tool Base Path for the Patching Repository" on page 7. 1. In VCM, click Administration. 2. Click Settings > General Settings > Patching > UNIX > Patch Staging. 3. Click Add. 4. Type a unique name for the patching repository, type a description, and click Next. 5. Select Obtain patches from the Patching Repository and click Next. 6. Select the patching repository machine from which VCM copies the patches. a. Type the relative path to the repository of Linux and UNIX patches on the patching repository machine. For example, /vendorfiles. b. Select HTTP as the protocol to use for copying patches from the patching repository, and use the default port of 80 for the HTTP protocol to use to copy patches. c. Click Finish. You do not need to establish credentials to the patching repository, because credentials are not needed by default. Configure the source of the staged patches for deployment. See "Configure the Machine Group to Use the Patch Staging Configuration" on page 9. 8 VMware, Inc.

Configuring Protocols to Stage and Deploy Linux and UNIX Patches Configure the Machine Group to Use the Patch Staging Configuration You must configure the source of the staged patches for VCM to patch the managed machines. By default, VCM stages the patches in the /tmp directory on the managed machines. However, vendors such as HP, Oracle, and IBM, can bundle multiple patches into a set, and the /var/tmp directory is used to process the patches during patch deployment. Configure how the target managed machines obtain and stage the patches for VCM to deploy to the managed machines. See "Configure How Managed Machines Stage Patches for Deployment" on page 8. 1. In VCM, click Administration. 2. Click Settings > General Settings > Patching > Machine Group Mapping. 3. Click All UNIX Machines or your specific machine group, and click Edit. 4. Select Standard Deployment to access patches in /tmp or in the directory defined in UNIX Additional Settings. 5. Select the source for staged patches to be the repository that you defined. The protocol, machine IP address, port, and path used to transfer the patches appears under the source that you selected. 6. To use the default directory to extract temporary files during the patch deployment, such as /var/tmp, select Standard Temp Path, and click Next. This temporary directory is defined in UNIX Additional Settings. Configure an automatic patch deployment to use VCM to deploy patches to managed Linux and UNIX machines. See the VCM online help. VMware, Inc. 9

Configuring HTTP on the Red Hat Linux Patching Repository 10 VMware, Inc.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback