Frequently asked questions

Learn the answers to frequently asked questions about Patch for Oracle Enterprise Linux.

Does Oracle Linux 9 uses Custom Repository Management dashboard and YUM Transaction History dashboard?
Yes, Custom Repository Management dashboard can be configured for Oracle Linux 9 and this enable the direct download also.
Does Oracle Linux use the download plug-in and the download cacher for Oracle Linux 6, Oracle Linux 7, and Oracle Linux 8?
No, download plug-in and the download cacher are not supported for Oracle Linux 6, Oracle Linux 7, and Oracle Linux 8. Only, Oracle Linux 9 uses the feature of the download plug-in and the download cacher. Users must configure Oracle's public repository for downloding the patches for required packages.
Why are my Oracle Linux patch updates failing deployment?

Some repositories are not enabled by default as they might break Oracle Enterprise Linux upstream compatibility. This might cause patches to fail deployment and users might get the following similar error shown in the EDRDeployData.log file:

No package kernel-devel-3.-514.26.1.0.1.el7.x86_64 available.
 No package kernel-headers-3.-514.26.1.0.1.el7.x86_64 available.
 No package kernel-tools-3.-514.26.1.0.1.el7.x86_64 available.
 No package kernel-tools-libs-3.-514.26.1.0.1.el7.x86_64 available.
 No package perf-3.-514.26.1.0.1.el7.x86_64 available.
 No package python-perf-3.-514.26.1.0.1.el7.x86_64 available.
 Error: Nothing to do

Users need to decide if upstream compatibility is necessary.

Follow these steps to enable the missing repository:
Note: The following steps are applicable for all Oracle Linux version.
  1. Go to /etc/yum.repos.d/public-yum-ol7.repo and search OL7 repository file.
  2. If the entry for the repository in this case [ol7_MODRHCK] exists, ensure that it is enabled.
  3. If the repository entry does not exist, add the following entry:
    [ol7_MODRHCK]
name=Latest RHCK with fixes from Oracle for Oracle Linux $releasever ($basearch)
baseurl=http://yum.oracle.com/repo/OracleLinux/OL7/MODRHCK/$basearch/
ggpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-oracle
gpgcheck=1
priority=20
enabled=1
  4. Save your changes.
How to identify the packages belonging to a Oracle Linux repository?

Some repositories are not enabled by default and this might cause patches to fail deployment. There might be chance when the patches deployment failed for a package but users are not aware as which repository that package belongs to. In that case, use yum commands to identify the repository.

There are some basic commands available in yum, if the repository is added and enabled in /etc/yum.repos.d/<somename>.repo. Then using yum info <pkgname> will list the available packages. For example:
yum info cri-o-1.20.7-1.el8
Available Packages
Name         : cri-o
Version      : 1.20.7
Release      : 1.el8
Arch         : src
Size         : 9.6 M
Source       : None
Repo         : ol8_cloud_native_1.3
Summary      : Kubernetes Container Runtime Interface for OCI-based containers
URL          : https://github.com/cri-o/cri-o
License      : ASL 2.0
Description  : CRI-O is meant to provide an integration path between OCI conformant runtimes and the kubelet.
               Specifically, it implements the Kubelet Container Runtime Interface (CRI) using OCI conformant runtimes.

Name         : cri-o
Version      : 1.20.7
Release      : 1.el8
Arch         : x86_64
Size         : 19 M
Source       : cri-o-1.20.7-1.el8.src.rpm
Repo         : ol8_cloud_native_1.3
Summary      : Kubernetes Container Runtime Interface for OCI-based containers
URL          : https://github.com/cri-o/cri-o
License      : ASL 2.0
Description  : CRI-O is meant to provide an integration path between OCI conformant runtimes and the kubelet. 
               Specifically, it implements the Kubelet.
Do we need internet connectivity on the endpoints for deploying patches in Oracle Linux?

Yes, endpoints or BESClient directly downloads the required packages from configured Oracle's public repository accessing by internet. BES Server does not download the required patches.

If BESClient cannot access Internet, then set up a custom repository. Contact Oracle support to setup or create a custom repository.

"Oracle Linux Custom Repository Management" dashboard is used to register and manage custom repositories for Oracle Linux Clients.

What to do when Fixlets fail to install with the following message in the EDR log? "Warning: Nothing to install. Please check if you are using the latest kernel."
This message appears only in case of Fixlets that deploy kernel packages. A kernel Fixlet becomes relevant if the endpoint does not have the target kernel package installed or if the endpoint's active kernel is at a lower version than the target kernel package. An endpoint is still considered subject to kernel vulnerabilities even if it has the latest kernel installed but not using it actively.

To remediate the issue, restart the endpoint and ensure it is using the latest kernel available.