Patching methods
IBM BigFix offers more flexibility to the patch management solution by providing patching options that cater to your needs.
BigFix provides several different methods to manage patches for CentOS Linux Enterprise.
Patching by using the Endpoint Dependency Resolution (EDR) method
Endpoint dependency resolution (EDR) is an approach to UNIX patching where dependencies for bulletins are calculated dynamically during an action run time. Packages are patched regardless of which packages are already installed on the endpoints.
- Patches for CentOS 5
- Patches for CentOS 6
The EDR method uses a dependency resolution tool that requires dependencies of all of the installed packages on the system to be satisfied. To view the EDR results, see the EDR_DeploymentResults.txt file that is located in the directory <client folder>\EDRDeployData\.
With this approach, you can deploy preference lists to endpoints from the Preference Lists Dashboard in the Linux RPM Patching site. For more information about preference lists, see Manage Preference Lists.
When dependencies are resolved on the endpoints, there might be multiple valid sets of dependencies that satisfy the requirements of the targets. Preference lists help to decide which requirements to satisfy in these situations.
Patching by using the YUM utility
Yellow dog Updater, Modified (YUM), the default patch manager for CentOS, replaces the Endpoint Dependency Resolver (EDR) utilities that BigFix Patch for Enterprise Linux previously used. Patch Management for CentOS Linux that uses YUM applies to CentOS versions 5, 6, and 7.
Previously, the BigFix Patch for CentOS sites used a set of utilities that are called Endpoint Dependency Resolver utilities to handle package dependencies on the endpoint. YUM replaces these EDR utilities and gives you more flexibility in terms of patch deployment and providing results that are in parallel with Red Hat and CentOS solutions.
YUM is a package management tool that updates, installs, and removes Red Hat Package Manager (RPM) packages. YUM uses a command-line interface and simplifies the process of installing, uninstalling, and updating packages, provided that there is access to the YUM repository.
- YUM utility configuration settings
-
The BigFix Patch for CentOS sites that apply the YUM utility use Fixlet settings in /etc/yum.conf. except for the following YUM configuration settings:
- cachedir
- keepcache
- plugins
- reposdir
- pluginpath
- pluginconfpath
- metadata_expire
- installonlypkgs
- Identifying file relevance with Native tools content
-
The native tools captures file relevance in the same way as EDR. Both methods check for the relevance clause exist lower version of a package, but not exist higher version of it. If both tools are applied to the same deployment, the relevance results are the same.
Patching method matrix
Patching method | Applicable sites | Applicable features |
---|---|---|
Endpoint Dependency Resolution (EDR) |
|
|
Native tools (YUM) |
|
Download Plug-ins |