Install a single patch or multiple patches as a background process.
About this task
Use this topic to provide visibility and control over patch installation, status and
history. See Central Management for more information.
This how-to
topic uses a combination of commands from the CLI and choices from the GUI to help you install the
latest Guardium patch. The Guardium system must be rebooted after installing a patch.
Important: Patches downloaded in ZIP format must be unzipped outside
the
Guardium® system before
uploading and installing. Observe the following restrictions for any patch with database structure
changes:
- Perform or schedule the patch installation during quiet time on the Guardium system to avoid conflicts with
long-running processes such as heavy reports, audit processes, backups, and imports.
- The exact time required for patch installation depends on database utilization, data
distribution, and other considerations.
- Install patches in a top-down manner, first patching a central manager before patching
aggregators and finally collectors.
In the procedure below, you will follow these steps from the Guardium system that is designated
and configured as the Central Manager:
- Enter the CLI command store system patch install to install a single patch or
multiple patches to the Central Manager from a network location.
- Click to move patches from the CM to managed units.
Procedure
Install the patch(es) to the Central Manager
Note: A compressed patch file may
contain multiple patches, but only one patch can be installed at a time. To install more than one
patch, choose all the patches that need to be installed, separated by commas. Internally the CLI
submits requests for each patch on the list (in the order specified by the user) with the first
patch taking the request time provided by the user and each subsequent patch three minutes after the
previous one. In addition, CLI will check to see if the specified patch(es) are already requested
and will not allow duplicate requests.
- Enter the following command:
store system patch install <type> <date> <time>
where <type>
is sys
, ftp
,
scp
, or cd
and <date>
and
<time>
are the patch installation request date and time formatted as YYYY-mm-dd
and hh:mm:ss. If date and time are not entered or if now
is entered, the installation request
time is NOW.
Table 1. Patch install type descriptions and parameters
Name |
Description |
sys |
The sys option is for use when installing a second or subsequent patch from a
compressed file that has been copied to the Guardium system by using this command previously. Use
this option to apply a second or subsequent patch from a patch file that has been copied to the IBM®
Guardium system by a previous store system patch
execution.
Install from /var/log/guard/patches
|
ftp or scp |
The ftp and scp options copy a compressed patch file from a
network location to the Guardium system. To install a
patch from a compressed patch file located somewhere on the network, use the ftp or
scp option, and respond to the prompts as shown below. Important: Patches downloaded in ZIP format must be unzipped outside
the Guardium system before
uploading and installing. Observe the following restrictions for any patch with database structure
changes:
- Perform or schedule the patch installation during quiet time on the Guardium system to avoid conflicts with
long-running processes such as heavy reports, audit processes, backups, and imports.
- The exact time required for patch installation depends on database utilization, data
distribution, and other considerations.
- Install patches in a top-down manner, first patching a central manager before patching
aggregators and finally collectors.
Please enter the following information for file transfer:
Host to import patch from:
User on (host name):
Full path to the patch, including name (file name may use wildcard *):
(LDAP password)Password:
Enter the scp/ftp port if you need to use a special port, else just press Enter key to continue:
The file transfer process can take a while to complete.
Leave the terminal open and do not answer any questions until the transfer is complete.
Starting transfer, please wait.
The file transfer is complete.
Do you want to continue (yes or no)? yes
List the files in the patches directory:
1. (name of file)
Please choose patches to install (1-1, or multiple numbers separated by ",", or q to quit): 1
Install item 1
Patch has been submitted, and will be installed according to the request time, please check installed patches report or CLI (show system patch installed).
Please don't forget to remove your media if necessary.
|
cd |
The cd option is for use in installing the patch from a DVD disk. To display a
complete list of applied patches, see the Installed Patches report on the Guardium Monitor tab of the administrator portal. There is also an
Available Patches report on this same Guardium Monitor
tab. To install a patch from a DVD, insert the DVD into the IBM
Guardium DVD ROM drive before executing this command. A
list of patches contained on the DVD will be displayed.
|
Use the UI to move the patch(es) from Central Manager to managed
units
- Navigate to .
- From the Central Management page, select managed units to receive
the patch and click the Patch Distribution button.
- From the Patch Distribution page, select the patches to
distribute.
The Patch Distribution page displays an available patch list with
dependencies, and allows for the selecting of a patch and installing it to all selected units. The
list of available patches is constructed out of the available patches and evaluating the currently
installed patches on each of the selected units along with the dependency list of available patches.
Patches available but not installable (a dependent patch is missing) are shown in the list as grayed
out and cannot be selected. The selection of patch to install is a single selection: only one patch
can be installed at a time.
- Click Install Patch Now to install the patch immediately.
- Click Schedule Patch to schedule patch installation for the
future.
After clicking Install Patch Now, a command is sent to all
selected units to install that patch. The process of installing patches happens in the
background.
- Navigate to .
- Click on Patch Installation Status. The Patch
Installation Status screen will display for each unit, failed installations and
discrepancies - situations such as having one patch being installed on part of the units only,
regardless if it failed on other units or was not installed.
Results
The patched systems are now ready to be used; however, remember that the Guardium system must be
rebooted after installing a patch.