Patching methods
IBM BigFix offers more flexibility to the patch management solution by providing patching options that cater to your needs.
BigFix provides several different methods to manage patches for SUSE Linux Enterprise.
Patching by using the Endpoint Dependency Resolution (EDR) method
Endpoint dependency resolution (EDR) is an approach to UNIX patching where dependencies for bulletins are calculated dynamically during an action run time. Packages are patched regardless of which packages are already installed on the endpoints.
- Patches for SLE10
- Patches for SLE11*
- Patches for SLE10 System Z
- Patches for SLE11 System Z
The EDR method uses a dependency resolution tool that requires the system to be compliant before it can do calculations. It requires dependencies of all of the installed packages on the system to be satisfied.
If these dependencies are not satisfied, the deployment fails and logs the error output of the EDR Plug-in in the EDR_DeploymentResults.txt file that is located in the directory <client folder>\EDRDeployData\. Some dependency requirements cannot be determined by Fixlet relevance. In some cases, multiple levels of dependencies or conflicting third-party packages can prevent the installation of a Fixlet content. Hence, it is recommended to minimize the number of third-party packages installed on the system. For more information about dependency issues, see Troubleshooting.
With this approach, you can deploy preference lists to endpoints from the Preference Lists Dashboard in the Linux RPM Patching site. For more information about preference lists, see Manage Preference Lists.
When dependencies are resolved on the endpoints, there might be multiple valid sets of dependencies that satisfy the requirements of the targets. Preference lists help to decide which requirements to satisfy in these situations. For more information about the dashboard, see Using the Preference Lists Dashboard.
Patching by using the native tools (Zypper) method
Zypper is the default package manager for SUSE Linux Enterprise. It gives you more flexibility in terms of patch deployment and in providing results that are suitable for SUSE Linux Enterprise solutions. It uses a command-line interface and simplifies the process of installing, uninstalling, updating, and querying software packages. It is based on ZYpp, also known as libzypp. For more information about Zypper, see the documentation at http://www.suse.com or see the Novell Support website at https://www.novell.com/support/.
Zypper reduces dependency issues, improves performance, and is more reliable in terms of installing security patches. This method also enables you to use custom repositories for patching. For more information on custom repository support, see Custom repositories management.
The Zypper approach is introduced to replace the EDR utilities that Patch Management for SUSE Linux Enterprise previously used. Subscribe to the Patches for SLE 11 Native Tools or Patches for SLE 12 Native Tools sites to use the Zypper method.
- Zypper utility configuration settings
-
The native tools sites use all the settings in /etc/zypp/zypp.conf.
The following Zypper configuration settings are set to values that come from another file, which is dynamically created during Fixlet execution:- cachedir
- configdir
- metadatadir
- packagesdir
- reposdir
- repo.add.probe
- repo.refresh.delay
- solvfilesdir
- Identifying file relevance with Native tools content
-
The native tools captures file relevance in the same way as EDR. Both methods check for the relevance clause exist lower version of a package, but not exist higher version of it. If both tools are applied to the same deployment, the relevance results are the same.
Patching method matrix
| Patching method | Applicable sites | Applicable features |
|---|---|---|
| Endpoint Dependency Resolution (EDR) |
|
|
| Native tools (Zypper) |
|
|