Linux patches are managed by linking to Yellowdog Updater Modified (yum). The following diagram shows the overall flow of Linux patch management:
Download patches [operation by the infrastructure administrator]
The infrastructure administrator uses the Internet terminal to download the latest patches (RPM packages) from either the Fujitsu website or the Red Hat Network.
Register patches [operation by the infrastructure administrator]
The infrastructure administrator registers the patches (RPM packages) with the yum repository server. The infrastructure administrator then defines these patches as part of the Linux patch management target.
If patches have been added to or removed from the yum repository server, define the Linux patch management target again and then execute the yum cache cleanup notification command.
Obtain the patch application status [processing by Systemwalker Software Configuration Manager]
Systemwalker Software Configuration Manager extracts information about which RPM packages have been applied or can be applied from each server, and then registers this information in the CMDB.
RPM package information can be obtained either automatically or manually (using a command).
Send new patch registration notifications [processing by Systemwalker Software Configuration Manager]
When Systemwalker Software Configuration Manager detects a new patch, an email is automatically sent to each tenant user and each tenant administrator, notifying them that the new patch has been registered.
Execute patch application [operation by the tenant user or the tenant administrator]
Either the tenant user or the tenant administrator logs in to the management console and applies the new patch.
Check execution status [operation by the infrastructure administrator, the tenant administrator. or the tenant user]
Check the patch application status using the management console or the job information management command.
Obtain patch application information [processing by Systemwalker Software Configuration Manager]
Systemwalker Software Configuration Manager extracts patch application information from each server and stores it in the CMDB.
Look up patch application status
The infrastructure administrator, dual-role administrator, tenant administrator and tenant user log in to the management console and check the patch application status.
The following table explains the operation flow for each role.
Operation flow | User roles | Reference | ||||
---|---|---|---|---|---|---|
Infrastructure administrator | Dual-role administrator | Tenant administrator | Tenant user | |||
1 | Download patches | Y | Y | - | - | Refer to the yum manuals. |
2 | Register patches | Y | Y | - | - | Refer to the yum manuals for information on how to register patches (RPM packages). Refer to "2.5.2 Defining the Linux Patch Management Target" for information on how to define the Linux patch management target. Refer to "yum Cache Cleanup Notification Command" in the Reference Guide for information on the yum cache cleanup notification command. |
3 | Obtain patch application status | Y | Y | - | - | "Patch Information Update Command" in the Reference Guide |
4 | Send new patch registration notification | - | - | - | - | An email is sent automatically when a new patch is registered. If email transmission fails, either an infrastructure administrator or a dual-role administrator must resend the email using the email resend command as described in the Reference Guide. |
5 | Execute patch application | - | Y | Y | Y | "Patch Management" in the Operator's Guide |
6 | Check execution status | Y | Y | Y (*1) | Y (*1) | Check the patch application execution status using the Task Management window on the management console (refer to "Task Management" in the Operator's Guide for details), or the job information management command (refer to "swcfmg_job (Job Information Management Command)" in the Reference Guide for details). |
7 | Obtain patch application status | Y | Y | - | - | "Patch Information Update Command" in the Reference Guide |
8 | Reference patch application status | Y | Y | Y | Y | "Patch Management" in the Operator's Guide |
Y: Implement the task.
-: Do not implement the task
*1: Only the Task Management window can be operated.