Frequently asked questions

The questions and answers in the section can help you to better understand Patch for Oracle Enterprise Linux.

Why are my Oracle Linux patch updates failing deployment?

Some repositories are not enabled by default as they might break Oracle Enterprise Linux upstream compatibility. This might cause patches to fail deployment and users might get the following similar error shown in the EDRDeployData.log file:

No package kernel-devel-3.-514. available.
 No package kernel-headers-3.-514. available.
 No package kernel-tools-3.-514. available.
 No package kernel-tools-libs-3.-514. available.
 No package perf-3.-514. available.
 No package python-perf-3.-514. available.
 Error: Nothing to do

Users need to decide if upstream compatibility is necessary.

Follow these steps to enable the missing repository:
Note: The following steps are applicable for all Oracle Linux version.
  1. Go to /etc/yum.repos.d/public-yum-ol7.repo and search OL7 repository file.
  2. If the entry for the repository in this case [ol7_MODRHCK] exists, ensure that it is enabled.
  3. If the repository entry does not exist, add the following entry:
    name=Latest RHCK with fixes from Oracle for Oracle Linux $releasever ($basearch)
  4. Save your changes.
Do we need internet connectivity on the endpoints for deploying patches in Oracle Linux?

Yes, endpoints or BESClient directly downloads the required packages from configured Oracle's public repository accessing by internet. BES Server does not download the required patches.

If BESClient cannot access Internet, then set up a custom repository. Contact Oracle support to setup or create a custom repository.

"Oracle Linux Custom Repository Management" dashboard is used to register and manage custom repositories for Oracle Linux Clients.

What to do when Fixlets fail to install with the following message in the EDR log? "Warning: Nothing to install. Please check if you are using the latest kernel."
This message appears only in case of Fixlets that deploy kernel packages. A kernel Fixlet becomes relevant if the endpoint does not have the target kernel package installed or if the endpoint's active kernel is at a lower version than the target kernel package. An endpoint is still considered subject to kernel vulnerabilities even if it has the latest kernel installed but not using it actively.

To remediate the issue, restart the endpoint and ensure it is using the latest kernel available.