Use > Server patching > Patch management for Ubuntu > Patch administration

Patch administration

The section provides information on following topics:

Prerequisites for importing the patch database (metadata)

Before you can import the Ubuntu patch database, you must configure your SA Client to use a Web proxy when communicating with your SA core.

To configure your SA Client:

  1. In the Log in to HPE Server Automation Client window, click More to expand the window.
  2. Click Advanced Settings to open the Advanced Settings window.

  3. In the Proxies section:

    • If you want to use the same proxy as the browser, select Use Browser

      Or

    • If you want to set a different proxy, select Manual and enter the SA Core's IP or hostname in the No Proxy Hosts text box. This will ensure that the SA Client communicates directly with the SA core.

Setting patch availability

You can set the default patch availability by using the SA Client.

To set the default value for the availability of a newly imported patch by using the SA Client:

  1. In the navigation pane, select Administration >Patch Settings.

  2. From the Default Availability for Imported Patches drop-down list, select either Limited Availability or Available.

    • Limited Availability (Default)—A patch marked Limited Availability has been imported into HPE Server Automation and can be installed only by a patch administrator who has the required permissions. To obtain these permissions, contact your system administrator. See the SA 10.51 Administer section for an explanation of these permissions.
    • Available—A patch marked Available can be installed on managed servers.

Importing the Ubuntu patch database metadata and packages

To import the Ubuntu metadata using the SA Client:

Before performing these steps, see Prerequisites for importing the patch database (metadata).

  1. In the navigation pane, select Administration>PatchSettings.
  2. Click the Ubuntu tab.
  3. If a proxy is needed, set the Proxy value. If the proxy requires a user name, password or user agent, set those values as needed.
  4. To import the metadata of the Ubuntu repository from the Ubuntu web site, click Import Metadata.

    The Import Repository Metadata for Ubuntu window displays the overall progress of the unites as well as the units being processed.

To import the Ubuntu packages using the SA Client:

Before performing these steps, import the metadata and scan your servers for patch compliance. After scanning servers for compliance, you can import the Ubuntu patches using the SA Client.

  1. In the navigation pane, select Administration>Patch Settings.
  2. Click the Ubuntu tab.
  3. To import the database from the Ubuntu web site, click Import Packages.

    The Run Server Script window appears displaying the script to run (Import Ubuntu Packages is selected by default. You can switch to Import Ubuntu Metatadata to just import the package metadata.

    The script page also provides script metadata, such as the version, type, location (import destination) and description.

  4. Click Next or select the next step to proceed through the Run Server Script steps:

    • Servers and Groups
    • Options
    • Scheduling
    • Notifications
    • Job Status

Note For information on Run Server Script steps and options, see the SA 10.51 Use section for information on running server scripts.

  1. When you are done defining the options, click Start Job.
  2. The Job Status will display the results as the import is processing. The import may take a long time depending on the size of the import.

    When the import job is complete, the Job Status will display the details of the job activity. Select any server to see a log of the job details on that server in the detail pane, including an Ubuntu Package Import Summary at the bottom of the job results log.

Scheduling a patch compliance scan

To schedule a patch compliance scan on all Ubuntu managed servers:

  1. In the navigation pane, select Administration > Compliance Settings.

Compliance Scan window

  1. In the Compliance Settings content pane, in the Patch Compliance Schedule section, click Edit Settings.
  2. In the Schedule Compliance Scan window, select Enable Compliance Scan.
  3. From the Schedule drop-down list, select the frequency of the scans.

    If you select Custom, specify the crontab string with the following values:

    • Minute (0-59)
    • Hour (0-23)
    • Day of the month (1-31)
    • Month of the year (1-12)
    • Day of the week (0-6 with 0=Sunday)
    • Any of these fields can contain an asterisk to indicate all possible values. For example, the following crontab string runs the job at midnight every weekday:

      0 0 * * 1-5

      The crontab string can also handle serial (1,2,3,4) as well as range (1-5) values. For more information, consult the crontab man pages on a Unix computer.

  4. In the Start Time field, specify the time you want the job to begin.

  5. From the Time Zone drop-down list, select a default time zone for the job execution time or accept the default time zone. The default time shown converts the scheduled time to the time zone set in your user preferences. If you do not set a preferred time zone, the time zone is derived from the HPE Server Automation core server, which is typically UTC.

  6. Click OK to save your settings.

Setting a patch compliance level

The patch policy compliance level defines your patch compliance level.

To set the patch compliance level:

  1. In the navigation pane, select Administration>Compliance Settings.
  2. From the Compliance Rules drop-down list, select one of the following compliance levels: Policy Only, Policy and Exception, or Customized.

    If you select Customized, click Edit Custom to open the Edit Customized Policy Compliance Level window. To edit the compliance level, click the icon in the Compliance Result column. Click Apply to save your changes.

Supported Ubuntu versions

See the SA 10.5 Support and Compatibility Matrix for the list of SA-supported Managed Server platforms for your version of SA.