Articles in this section

How to configure Linux patches bulk install

To reduce maintenance times on your Linux endpoints, you can install patches in bulk on the endpoints. 

The patches installation will be sent in a single command line (batch) to accomplish a much faster deployment process!

Configure Linux Bulk Install

  1. SSH JetPatch console.
  2. Edit the intigua.properties file:
VersionFile Path
Prior to 5.0vi /usr/share/tomcat/default/conf/intigua.properties
Post 5.0vi /usr/share/intigua/services/data/intigua-main/conf/intigua.properties

3. Insert the following property:

bulkinstall.linux.enabled=true

4. Restart the relevant service for your version:

VersionRestart Command
Prior to 5.0systemctl restart tomcat
Post 5.0docker restart intigua-main

Supported Platforms

  • All yum-based Linux (RHEL, OL, AlmaLinux, RockyLinux, AmazonLinux).
  • Zypper-based Linux (SLES).

Notes

  • Bulk deployment is disabled by default.
  • In case one of the patches fails, the entire patching process on the endpoint will fail.
  • Rollback will restore all patches and not a single patch.
  • Once bulk deployment is enabled, it will bulk install patches in batches, based on the split patch execution configuration (default 60).

When to Use Bulk Install — Performance Considerations

In advisory-based (default) mode, JetPatch runs a separate yum command per advisory:

   yum update --advisory=ELSA-XXXX-XXXX -y

Each command incurs approximately 10-15 seconds of overhead for metadata checks, dependency resolution, and transaction verification — even when the advisory is already installed or no packages need to be downloaded.

For environments with a large number of advisories per patching cycle (e.g., 60+ advisories), this cumulative overhead can result in 15-20 minutes of patching time with zero actual package installation.

Enabling bulk install reduces this to a single yum transaction, typically completing in 3-5 minutes for the same set of packages.

Recommended for:

  • Large environments with many advisories per cycle
  • Environments using pre-download cron jobs (yum update --downloadonly) where download time is already zero
  • Patching windows where time is constrained

Not recommended when:

  • Per-advisory granular rollback is a strict requirement (bulk rollback reverts the entire transaction)
  • Compliance reporting requires per-advisory pass/fail status for individual advisories

Note: The split patch execution configuration (default 60) controls the batch size. If you have more advisories than the batch size, they will be split into multiple batches.

 

Related articles

Comments

0 comments

Please sign in to leave a comment.