Description
This operation component applies updates to the operating system of the specified host.
If the operating system of the specified host is Windows, install Windows Update and Microsoft Update via WSUS. Also, apply update patches to the operating system of the specified host from the host where they are stored.
If the operating system of the specified host is Linux, apply RPM package for installed packages via the yum repository server.
Options
Basic Options
Target host name or IP address where the operation component will be executed.
To execute the operation component on the Management Server, specify the following:
For IPv4: 'localhost' or '127.0.0.1'
For IPv6: 'localhost' or '::1'
An argument error occurs if the host name or IP address is omitted.
The maximum length of the host name or IP address is 1,024 characters. An argument error occurs if this is exceeded.
This is the install updates method.
wsus: Install updates using the Windows Server Update Services (WSUS).
yum: Install updates using the Yellowdog Updater, Modified (YUM) repository server.
mod: Install updates stored in the directory specified in the mod_targetdir option.
If nothing was specified, the following settings will be used. This option is not case sensitive.
If Windows is specified in the ostype option: wsus
If Linux is specified in the ostype option: yum
An argument error will occur if a value other than "wsus", "yum" and "mod" is specified.
The maximum length of the string for "patch_kind" is 1,024 characters. An argument error occurs if this is exceeded.
This is the full path of the directory used for storing the updates on the server which installs the updates.
This is only required if "mod" has been specified for the 'patch_kind' option.
If something other than "mod" has been specified for the 'patch_kind' option, specifying "mod_targetdir" will be invalid.
The maximum length of the string for "mod_targetdir" is 1,024 characters. An argument error occurs if this is exceeded.
This is the host name or IP address used to store the updates.
This is only required if "mod" has been specified for the 'patch_kind' option.
If something other than "mod" has been specified for the 'patch_kind' option, specifying "mod_stragehost" will be invalid.
If the updates are stored on the Management Server, specify the following:
For IPv4: 'localhost' or '127.0.0.1'
For IPv6: 'localhost' or '::1'
The maximum length of the host name or IP address is 1,024 characters. An argument error occurs if this is exceeded.
This is the full path of the directory on the server used to store the updates specified in mod_stragehost.
This is only required if "mod" has been specified for the 'patch_kind' option.
If something other than "mod" has been specified for the 'patch_kind' option, specifying "mod_stragedir" will be invalid.
The maximum length of the string for "mod_stragetdir" is 1,024 characters. An argument error occurs if this is exceeded.
Note: Store updates in the directory specified by the "mod_stragedir" in the same format as they are downloaded from the Microsoft Download Center.
<Example>
<mod_stragedir>\Windows6.0-KB2522422-x86.msu
This is the install update file name.
This is only required if "mod" has been specified for the 'patch_kind' option.
If something other than "mod" has been specified for the 'patch_kind' option, specifying "mod_patchfilename" will be invalid.
The upper limit for the number of update files is 100. If this number is exceeded, an argument error occurs.
An argument error also occurs if duplicate update patch files are specified.
The specification is in CSV format. Refer to "3.17 Notes on Specifying Multiple Input Parameters" for examples of multiple specifications.
Apply updates in the specified file name order.
Advanced Options
Specify an update number (starting with KB) or an update program ID (8 alphanumeric characters-4 alphanumeric characters-4 alphanumeric characters-4 alphanumeric characters-12 alphanumeric characters. Note that "-" is a hyphen. Use alphabets from A through F. This option is not case sensitive.)
An argument error occurs if the update number and the update program ID are, collectively, specified.
This is only valid when wsus has been specified for the 'patch_kind' option.
If something other than "wsus" has been specified for the 'patch_kind' option, specifying "wsus_patchno" will be invalid.
A maximum of 100 update numbers or update IDs can be specified. If this number is exceeded, an argument error occurs.
An argument error also occurs if duplicate update patch numbers or update program IDs are specified.
The specification is in CSV format. Refer to "3.17 Notes on Specifying Multiple Input Parameters" for examples of multiple specifications.
If the "wsus_patchno" option is specified, the specification for the "wsus_type" option will not take effect.
If the "wsus_patchno" option is omitted, the operation component will follow the specification for the "wsus_type" option.
Example: Specifying five update patch numbers (KB000001 through KB000005)
"KB000001","KB000002","KB000003","KB000004","KB000005"
This is the update type which is installed using wsus.
This is only valid when wsus is specified for the patch_kind option and wsus_patchno is omitted.
If something other than "wsus" has been specified for the 'patch_kind' option, specifying "wsus_type" will be invalid.
This option will not take effect if an update patch number or update program ID is specified using the "wsus_patchno" option.
software: Applies software updates.
driver: Applies driver updates.
all: Applies both software updates and driver updates.
If nothing was specified, the setting will be "all". This option is not case sensitive.
An argument error will occur if a value other than "software", "driver" and "all" is specified.
The name of the install package.
It is only valid if "yum" is specified for the "patch_kind" option.
If something other than "yum" has been specified for the patch_kind option, specifying "yum_packagename" will be invalid.
A maximum of 100 packages can be specified. An argument error occurs if this limit is exceeded.
If duplicated package names are specified, an argument error will occur.
Specifications are in CSV format. Refer to "3.17 Notes on Specifying Multiple Input Parameters" for examples of multiple specifications.
Application order execution may be switched according to specified package names.
If this option is omitted, all updatable packages will become relevant.
<name><architecture>
For example, if applying the most recent four patches, with the package names: openssh.i386, openssh-askpass.i386, openssh-clients.i386, and openssh-server.i386:
"openssh.i386", "openssh-askpass.i386", "openssh-clients.i386", "openssh-server.i386"
<name>/<epoch number>:<version number>/<release number>/<architecture>
Alternatively,
<name>/<version number>/<release number>/<architecture>
For example, if applying release patches for four specific versions, with the package names: openssh.i386, openssh-askpass.i386, openssh-clients.i386, and openssh-server.i386:
"openssh/4.3p2/41.el5/i386","openssh-askpass/4.3p2/41.el5/i386","openssh-clients/4.3p2/41.el5/i386","openssh-server/4.3p2/41.el5/i386"
This is the operating system type for the host which installs the update.
Specify Windows or Linux. This option is not case sensitive.
If the OS type is omitted, the Configuration Management Database (CMDB) will be searched based on the specified host name or IP address, and Systemwalker Runbook Automation automatically sets the acquired OS type as the value.
An argument error will occur if an operating system type other than "Windows" or "Linux" is specified.
If anything other than "Windows" is specified when the patch_kind is specified as "wsus" or "mod", an argument error will occur.
If anything other than "Linux" is specified when the patch_kind is specified as "yum", an argument error will occur.
The maximum length of the OS type is 1,024 characters. An argument error occurs if this is exceeded.
Name of the SSL user connecting to the host which installs the update.
If the connected user name and password required for connection are not specified, the Configuration Management Database (CMDB) is searched based on the specified host name or IP address and Systemwalker Runbook Automation automatically sets the acquired connected user name as the value.
If the operation component connects with the file transfer infrastructure, the connected user name will be fixed at either of the following names and cannot be changed. In this case, the user name is ignored even if specified.
If the Business Server is running on Windows: SYSTEM user
If the Business Server is running on Linux or Solaris: root
The maximum length of the connected user name is 1,024 characters. An argument error occurs if this is exceeded.
Specify the password of the SSL user connecting to the host which installs the update.
If the connected user name and password required for connection are not specified, the Configuration Management Database (CMDB) will be searched based on the specified host name or IP address, and then Systemwalker Runbook Automation will automatically set the acquired connected user password as the value.
If it connects with the file transfer infrastructure, the connected user password is invalid.
The maximum length of the connected user password is 1,024 characters. An argument error occurs if this is exceeded.
This is the operating system type for the host which stores the update.
Specify Windows or Linux or Solaris. This option is not case sensitive.
If the OS type is omitted, the Configuration Management Database (CMDB) will be searched based on the specified host name or IP address, and Systemwalker Runbook Automation automatically sets the acquired OS type as the value.
The maximum length of the OS type is 1,024 characters. An argument error occurs if this is exceeded.
Name of the SSL user connecting to the host which stores the update.
If the connected user name and password required for connection are not specified, the Configuration Management Database (CMDB) will be searched based on the specified host name or IP address, and then Systemwalker Runbook Automation will automatically set the acquired connected user name as the value.
If the operation component connects with the file transfer infrastructure, "mod_strage_username" will be fixed at the following name and cannot be changed. In this case, the user name is ignored even if specified.
If the updates are stored on a host running Windows: SYSTEM user
If the updates are stored on a host running Linux or Solaris: root
The maximum length of the connected user name is 1,024 characters. An argument error occurs if this is exceeded.
Specify the password of the SSL user connecting to the host which stores the update.
If the connected user name and password required for connection are not specified, the Configuration Management Database (CMDB) will be searched based on the specified host name or IP address, and then Systemwalker Runbook Automation will automatically set the acquired connected user password as the value.
If it connects with the file transfer infrastructure, the connected user password is invalid.
The maximum length of the connected user password is 1,024 characters. An argument error occurs if this is exceeded.
The user name for executing the command on the target host where the operation component is to be executed.
If the execution user name is omitted, the Configuration Management Data Base (CMDB) will be searched based on the specified host name or IP address, and Systemwalker Runbook Automation automatically sets the acquired management user as the value. If not registered in CMDB, it is executed using the connected user name.
This is only valid if "Linux" is specified for the "ostype" option.
f something other than "Linux" has been specified for the ostype option, specifying "patchexecusername" will be invalid.
The maximum length of the execution user name is 1,024 characters. An argument error occurs if this limit is exceeded.
Specify the completion timeout (in seconds) for executing the operation component.
Values between 300 and 86400 (1 day) can be specified.
Example) If the completion timeout is 10 minutes: 600
If the operation component has not finished executing even though the specified time has passed, the processing for the operation component will be interrupted with return value 201.
This is the retry count for the execution of operation components.
Specify the number of retry attempts to be used when operation components terminate with return value 161. Values between 0 and 5 can be specified.
If an operation component terminates with a return value other than "161" as a result of being re-executed from a retry, execution of the operation component will terminate even if the specified number of retries has not been reached. The return value for the operation component will be the value from the last time the operation component was executed.
Example) To retry the operation component twice: 2
This is the retry interval (seconds) for operation components.
Specify the time to wait before a retry is attempted if operation components terminate with return value 161. Values between 1 and 14400 can be specified.
Example) To retry at 300 second intervals: 300
If the specification of the timeout, retry and retry_interval is omitted, and a value beyond the limits of the above-mentioned is input, the value specified with the operation components definition file becomes effective. Refer to "2.5 Definition File for Operation Components" for details.
Return Values
Icon | Name | Return value | Description |
|---|---|---|---|
| Success | 0 | The update has been applied successfully. |
| Success(restart) | 1 | The server needs to be restarted. |
| Failure | 161 | An error has occurred during the processing of communications with the Business Server. If a retry count has been specified, retries will be attempted. |
171 | Application of one or more updates failed. | ||
172 | The server needs to be restarted and application of one or more updates failed. | ||
173 | There was a failure in the yum command during preparation prior to application. | ||
187 | Authentication failed when an attempt was made to connect to the Business Server over the network (using SSH). Alternatively, an error occurred during the processing of communications with the Business Server (file transfer infrastructure). In this case, the error code for the file transfer infrastructure is output to the execution results. Refer to "3.21 Detailed Code of File Transfer Infrastructure" for information on error codes. | ||
188 | When an operation component was performing an operation on a Business Server where an RBA Agent has not been installed, an SSH network connection with the Business Server was closed. | ||
189 | An attempt to connect to the Business Server over the network (using SSH) failed. Alternatively, an error occurred during the processing of communications with the Business Server (file transfer infrastructure). In this case, the error code for the file transfer infrastructure is output to the execution results. Refer to "3.21 Detailed Code of File Transfer Infrastructure" for information on error codes. | ||
197 | There is an error with the content of an option. | ||
- | - | 201 | Execution of the operation component timed out. |
202 | The operation component has not been executed. There is a problem with the settings for executing the operation component. | ||
203 | The operation component has not been executed normally. There is a problem with the Management Server environment. | ||
205 | The operation component has not been executed. There is a problem with the input information specification of the operation component. | ||
206 | The operation component has not been executed normally. There is a problem with the output information specification of the operation component. | ||
207 | The operation component has not been executed. The operation component may not have been registered on the Management Server. | ||
208 | The Automated Operation Process has been canceled because the Automated Operation Process was recovered while the operation component was executing. |
Output information
Variable | Description |
|---|---|
message |
This variable will be set to the following message if updates are successfully applied to all of the servers. The operation component was successful.
|
execution_result | The result of applying the updates is stored in this variable.
|
failure_patchlist | If the process of applying updates fails, is cancelled, or does not exist in a usable list, the following information will be output in CSV format. Output is in the order specified in the options. Updates output to the "notexist_patchlist" are included.
|
notexist_patchlist | If the specified update does not exist in the executable list returned by "wsus", the following is output in CSV format. Output in the order specified in options. patch number or update program ID |
returnCode | This variable is set to the return value. |
Output format for execution_result is as follows:
[RC(update application return code)], [PatchNo(applicable update number)], [Message(message)]
If updates are applied to the wsus_patchno options as specified below:
"KB000001", "KB000002", "KB000003", "KB000004", "KB000005"
The following is output:
<Example>
RC, Patch No, Message
0, KB000001, "The update was installed normally."
2, KB000002, "Failed to install the update."
3, KB000003, "Installation of the update was interrupted."
4, KB000004, "The specified update does not exist."
1, KB000005, "The update was installed normally, however it is necessary to restart the server."
The meaning of RC (update application return code) and Message (message) are as follows:
0: The update was applied normally.
1: The update was applied normally but the server needs to be restarted.
2: Failed to apply the update.
3: Application of the update was cancelled.
4: The specified update does not exist.
If the patch_kind value is "wsus", the update number or the update program ID will be output to PatchNo (applied update number).
If the patch_kind value is "mod", the update file name will be output to PatchNo (applied update number).
If updates are applied to the "yum_packagename" options as per the following specifications:
"openssh.i386", "openssh-askpass.i386", "openssh-clients.i386", "openssh-server.i386"
The following is output:
<Example>
RC, Patch No, Message
0, openssh.i386, "The update was installed normally."
1, openssh-askpass.i386, "Failed to install the update."
2, openssh-clients.i386, "Installation of the update was interrupted."
3, openssh-server.i386, "The specified update does not exist."
The meaning of RC (update application return code) and Message (message) are as follows:
0: The update was applied normally.
1: Failed to apply the update.
2: Application of the update was cancelled.
3: The specified update does not exist.
If the patch_kind value is "yum", the package name will be output to PatchNo (applied update number).
Notes
If information other than the Management Server is entered for the "hostname" or "mod_stragehost" option, this operation component will execute actions using either the file transfer infrastructure or SSH communications. Specify settings so that communications can be performed using at least one of these methods. Refer to "3.16 Notes of Each Communication Method" for information on communication methods.
This operation component may take a long time to execute when there are a number of updates to be applied, or when the communication speed is slow. For this reason, set an appropriate value for the "timeout" parameter.
If an update that has already been applied is applied again, it will terminate normally.
For the file name of the update to be applied, use only alphanumeric characters and white space and full width characters, and the symbols below:
Symbols that can be used: "!" "~" "_" "-" "."
Use the Web console to check the return value. Refer to "Confirming the Operation Component Execution Status/Execution Results" in the Systemwalker Runbook Automation Operation Guide for details.
If a return value between 201 and 208 has been output, the Automated Operation Process will enter an aborted state or an error state, and error messages will be output to the following locations:
Event logs for the Management Server (if the Management Server is running on Windows(R))
syslogs for the Management Server (if the Management Server is running on Linux)
Custom messages for BPMN
Check for messages in these locations and take the appropriate action. Refer to the Systemwalker Runbook Automation Message Guide for details.
Notes if the server applying the updates is running Windows:
To apply updates via WSUS, first configure the WinHTTP proxy settings for the server where the updates are to be applied. Use the following procedure to configure the WinHTTP proxy settings.
Configure the proxy settings by executing either the netsh or proxycfg commands (Windows commands) from the command prompt.
[Execution example for Windows Server 2008 or Windows Server 2012]
netsh winhttp set proxy proxy-server="<servername>:<port number>" bypass-list="<bypass-list>"
[Execution example for Windows Server 2003]
proxycfg -p "<servername>:<port number>" "<bypass-list>"
For <servername>, specify the name of the proxy server.
For <port number>, specify the port number of the proxy server.
For <bypass-list>, use semicolons to separate and specify hosts that have direct access and do not use proxy servers.
Type the following command from the command prompt to restart the Automatic Updates service.
net stop wuauserv net start wuauserv
On the server where the updates are applied, the operating system records the execution status of the updates and stores this information in the "WindowsUpdate.log" file in the folder specified by the "windir" environment variable.
If the execution of the operation component times out, the operation process is suspended, but the processing for applying the updates continues. In this case, refer to the WindowsUpdate.log file on the server where the updates are being applied to check whether the update processing has completed. If "reboot required = Yes" is recorded in the WindowsUpdate.log file, restart the server.
Notes if the server applying the updates is running Linux:
The "yum" repository server environment is required before operation. Build the "yum" repository server within the intranet.
When applying updates via the "yum" repository server, specify the "yum" settings on the server (where the updates will be applied) before applying the updates, as follows:
Settings files related to the "yum" repository server are created in the following directory:
/etc/yum.repos.d
Settings files are created with the following content:
Describe "VT", "Cluster", "Cluster Storage" if necessary. They are not necessary for the basic package.
[Server] <=Repository ID (unspecified names are made unique) name=RHELT Server <=change to unspecified names so that the meaning of Repository is understood) baseurl=ftp://10.0.0.1/pub/i386/RHEL5.1/Server <=Directory for the yum repository to be accessed (ftp) enable=1 <=validity/invalidity of obtaining the package (not obtained if 0) gpgcheck=0 <= whether or not to check GPG key (overwrite yum.conf) [VT] name=RHEL5 VT baseurl=ftp://10.0.0.1/pub/i386/RHEL5.1/VT enabled=1 gpgcheck=0 [Cluster] baseurl=ftp://10.0.0.1/pub/i386/RHEL5.1/Cluster enabled=1 gpgcheck=0 [ClusterStorage] baseurl=ftp://10.0.0.1/pub/i386/RHEL5.1/ClusterStorage enabled=1 gpgcheck=0
The four types of command below are executed as pre-application preparation. If there is an error when these commands are executed, the return value will be 173.
yum clean all (cache clear) yum list installed (acquisition of list of installed packages) yum list updates (list of applicable updates) yum deplist (acquisition of dependency)
Clears the cache of previously installed updates before applying new updates on the server where updates are to be applied.
The actual status of update applications is recorded on the server where the updates are to be applied, in the "yum.log" file in the /var/log directory.
If there are packages amongst the specified packages with a dependency, applies those package updates simultaneously. For that reason, install dependent packages beforehand. Check application results of dependent package updates in the "yum.log" file in the /var/log directory.
If execution of the operation component times out, although the operation process is cancelled, processing for applying updates continues. In such a case, see the "yum.log" file on the server where updates are to be applied to check whether application of updates is completed.
The software requirements for the "yum" repository server are for the following. Use the installed "yum" package for the following software:
Red Hat Enterprise Linux 5.0 - 5.7
Red Hat Enterprise Linux 6.0 - 6.2
