How Does JetPatch Collect Patch Updates?
- On the endpoint itself JetPatch deploys a cron based scheduling job that executes based on the pre-defined schedule a command that checks and retrieves new updates, effectively locking yum or zypper while executing.
- The execution results will be written into /var/cache/JetPatch/scan_result.txt file - see section: 'Step 1 - Add the scheduling properties to JetPatch configuration'
- JetPatch collects the updates from the endpoint by running the "Collect Endpoint Updates" built-in system task. The run frequency of "Collect Endpoint Updates" task is explained in section: 'Step 2 - Wait for "Collect Endpoint Updates" activity to run'
- By default this system task will not execute a new yum or zypper command (hence it will not lock yum / zypper), but rather return the cached result from the /var/cache/JetPatch/scan_result.txt file.
- Note: there are circumstances that will cause the "Collect Endpoint Updates" task to also initiate a yum or zypper command execution, these are:
- The /var/cache/JetPatch/scan_result.txt cached file was deleted and can no longer be found on the disk (see this article for more details)
- JetPatch Software upgrade that includes a change in the "Collect Endpoint Updates" mechanism
- If there were new patch installations or patch removals, since the last "Collect Endpoint Updates" run.
Step 1 - Add the scheduling properties to JetPatch configuration
The default scheduling of the JetPatch cronjob is every day at 4 am for both Linux and Solaris.
These defaults can be changed by adding properties to JetPatch via the intigua.properties file.
Note - You can use this site to help you with your cron expression.
Linux Configuration
bulkrun.update-scan.linux.cron-expression=<CRON_EXPRESSION>
Solaris Configuration
bulkrun.update-scan.solaris.cron-expression=<CRON_EXPRESSION>
CRON scheduling expressions examples -
- 0 4 * * * - Scan for updates every day at 04:00 AM
- 0 6 * * * - Scan for updates every day at 06:00 AM
An example of a line representing a scan every day at 04:00 AM is:
bulkrun.update-scan.linux.cron-expression=0 4 * * *
bulkrun.update-scan.solaris.cron-expression=0 4 * * *
Once you make the necessary changes, restart tomcat.
service tomcat restart
Step 2 - Wait for "Collect Endpoint Updates" activity to run
The next time JetPatch will run the "Collect Endpoint Updates" activity on any relevant endpoint, the CRON schedule will be changed automatically.
New endpoints will get the configured scheduling also.
Note - The current scheduling for the JetPatch scan CRON job will be overridden by the newly configured expression that was set in JetPatch properties file (of default expression if nothing was added).
Relevant Properties for Collect Endpoint Updates - Manager initiated scans (with default values):
# Enable/disable the collect endpoint update script
bulkrun.update-scan.enabled=true
# Minimum interval (in hours) an endpoint would be scanned with collect endpoint updates after a successful scan.
# Maximum time depends on number of connected endpoints, failure time and retries intervals, and number of parallel scan activities
bulkrun.update-scan.periodical-run.delay.hours=2
# Max number of collect endpoint updates that can run in bulk
bulkrun.update-scan.tasks.limit=10
# Interval that checks whether there is still an endpoint that Collect Endpoint Update needs to run on based on the bulkrun.update-scan.periodical-run.delay.hours value
endpoint.updatescan.job.interval.sec=30
# Delay collect endpoint updates after restarting tomcat
endpoint.updatescan.job.initial.delay.sec=30
# Length of time to wait if and endpoint fails with collect endpoint updates and maximum number of retries
bulkrun.update-scan.run-failed-after.mins=30
bulkrun.update-scan.failed.iterations.max=3
Comments
0 comments
Please sign in to leave a comment.