Linux patches are managed by linking to Yellowdog Updater Modified (yum). The overall flow of the operations is as follows.
Figure 1.2 Overview of Linux patch management
Point
When the linkage servers have Internet access, work performed using Internet terminals can be performed on the linkage servers.
Download patches [operation by an infrastructure administrator]
Infrastructure administrators use Internet terminals to download the latest patches (RPM packages) from the Fujitsu website or the Red Hat Network.
Register patches [operation by an infrastructure administrator]
Infrastructure administrators register the patches (RPM packages) with yum repository servers. Infrastructure administrators then define these patches as part of the Linux patch management targets.
If patches have been added to or removed from the yum repository server, define the Linux patch management target again and then execute the yum Cache Cleanup Notification command.
Obtain the patch application status [processing by Systemwalker Software Configuration Manager]
Systemwalker Software Configuration Manager extracts information about which RPM packages have been applied or can be applied from each server, and then registers this information in the CMDB.
RPM package information can be obtained either automatically or manually (using a command).
Send new patch registration notifications [processing by Systemwalker Software Configuration Manager]
When Systemwalker Software Configuration Manager detects a new patch, an email is automatically sent to each tenant user and each tenant administrator, notifying them that the new patch has been registered.
Execute patch application [operation by an infrastructure administrator, tenant user or tenant administrator]
Tenant users or tenant administrators log in to the management console and apply the new patches.
The infrastructure administrator can perform the patch application using the command on the admin server.
Check execution status [operation by an infrastructure administrator, tenant administrator. or tenant user]
Check the patch application status using the management console or the command on the admin server.
Obtain patch application information [processing by Systemwalker Software Configuration Manager]
Systemwalker Software Configuration Manager extracts patch application information from each server and stores it in the CMDB.
Look up patch application status
Infrastructure administrator, tenant administrators, or tenant users log in to the management console and check the patch application statuses. Infrastructure administrators can also check the patch application statuses using the command on the admin server.
The following table explains the operation flow for each role.
Operation Flow | User roles | Reference | ||||
|---|---|---|---|---|---|---|
Infrastructure Administrator | Dual-Role Administrator | Tenant Administrator | Tenant User | |||
1 | Download patches | Y | Y | - | - | Refer to the yum manuals. |
2 | Register patches | Y | Y | - | - | Refer to the yum manuals for information on how to register patches (RPM packages). Refer to "2.8.2 Defining the Linux Patch Management Target" for information on how to define the Linux patch management target. Refer to "yum Cache Cleanup Notification Command" in the Reference Guide for information on the yum Cache Cleanup Notification command. |
3 | Obtain patch application status | Y | Y | - | - | "Patch Information Update Command" in the Reference Guide |
4 | Send new patch registration notification | - | - | - | - | An email is sent automatically when a new patch is registered. If email transmission fails, either an infrastructure administrator or a dual-role administrator must resend the email using the Email Resend Command as described in the Reference Guide. |
5 | Execute patch application | Y(*1) | Y | Y(*2) | Y(*2) | "Patch Application Wizard" in "Patches" in the Operator's Guide "Patch Application Command" in the Reference Guide |
6 | Check execution status | Y | Y | Y(*2) | Y(*2) | "Job Management" in the Operator's Guide "Job Information Management Command" in the Reference Guide |
7 | Obtain patch application status | Y | Y | - | - | "Patch Information Update Command" in the Reference Guide |
8 | Look up patch application status | Y | Y | Y(*2) | Y(*2) | "Patches" in the Operator's Guide "Patch Information Output Command" in the Reference Guide |
Y: Implement the task
-: Do not implement the task
*1: Only commands can be executed.
*2: Only the management console can be operated.
