Linux patches are managed by linking to Yellowdog Updater Modified (yum). The following diagram shows the overall flow of Linux patch management:
Figure 1.2 Overview of Linux patch management
Point
When the linkage servers have internet access, work performed using Internet terminals can be performed on the linkage servers.
Download patches [operation by the infrastructure administrator]
The infrastructure administrator uses the Internet terminal to download the latest patches (RPM packages) from either the Fujitsu website or the Red Hat Network.
Register patches [operation by the infrastructure administrator]
The infrastructure administrator registers the patches (RPM packages) with the yum repository server. The infrastructure administrator then defines these patches as part of the Linux patch management target.
If patches have been added to or removed from the yum repository server, define the Linux patch management target again and then execute the yum cache cleanup notification command.
Obtain the patch application status [processing by Systemwalker Software Configuration Manager]
Systemwalker Software Configuration Manager extracts information about which RPM packages have been applied or can be applied from each server, and then registers this information in the CMDB.
RPM package information can be obtained either automatically or manually (using a command).
Send new patch registration notifications [processing by Systemwalker Software Configuration Manager]
When Systemwalker Software Configuration Manager detects a new patch, an email is automatically sent to each tenant user and each tenant administrator, notifying them that the new patch has been registered.
Execute patch application [operation by the infrastructure administrator, the tenant user or the tenant administrator]
Either the tenant user or the tenant administrator logs in to the management console and applies the new patch.
The infrastructure administrator and dual-role administrator can execute the patch application using the command on the admin server.
Check execution status [operation by the infrastructure administrator, the tenant administrator. or the tenant user]
Check the patch application status using the management console or the command on the admin server.
Obtain patch application information [processing by Systemwalker Software Configuration Manager]
Systemwalker Software Configuration Manager extracts patch application information from each server and stores it in the CMDB.
Look up patch application status
The infrastructure administrator, dual-role administrator, tenant administrator and tenant user log in to the management console and check the patch application status. The infrastructure administrator and dual-role administrator can also check the patch application status using the command on the admin server.
The following table explains the operation flow for each role.
Operation flow | User roles | Reference | ||||
|---|---|---|---|---|---|---|
Infrastructure administrator | Dual-role administrator | Tenant administrator | Tenant user | |||
1 | Download patches | Y | Y | - | - | Refer to the yum manuals. |
2 | Register patches | Y | Y | - | - | Refer to the yum manuals for information on how to register patches (RPM packages). Refer to "2.6.2 Defining the Linux Patch Management Target" for information on how to define the Linux patch management target. Refer to "yum Cache Cleanup Notification Command" in the Reference Guide for information on the yum cache cleanup notification command. |
3 | Obtain patch application status | Y | Y | - | - | "Patch Information Update Command" in the Reference Guide |
4 | Send new patch registration notification | - | - | - | - | An email is sent automatically when a new patch is registered. If email transmission fails, either an infrastructure administrator or a dual-role administrator must resend the email using the email resend command as described in the Reference Guide. |
5 | Execute patch application | Y(*1) | Y | Y | Y | "Patch Application Wizard" under "Patch Management" in the Operator's Guide "Patch Application Command" in the Reference Guide |
6 | Check execution status | Y | Y | Y(*2) | Y(*2) | "Job Management" in the Operator's Guide "Job Information Management Command" in the Reference Guide |
7 | Obtain patch application status | Y | Y | - | - | "Patch Information Update Command" in the Reference Guide |
8 | Reference patch application status | Y | Y | Y(*2) | Y(*2) | "Patch Management" in the Operator's Guide "Patch Information Output Command" in the Reference Guide |
Y: Implement the task.
-: Do not implement the task
*1: Only the command can be operated.
*2: Only the management console can be operated.
