Enabling EUS patch functionality

This topic describes how to enable BigFix EUS Patch functionality in BigFix.

About this task

After buying a BigFix EUS Patch Add-on product, follow these one time steps to enable the BigFix EUS Patch functionality:

Procedure

  1. Add the EUS Add-on license to a server in the BigFix License Portal.
    Execute the following steps to add the EUS Add-on license to a server in the BigFix License Portal:
    1. Login to tem.subscribenet.com using your BigFix credentials.
    2. Click the server’s serial number to manage it.
      BigFix EUS Patch add-on products available for allocation is displayed.
      Figure 1. BigFix License Key Center


    3. Allocate one unit of the EUS patch product(s) to the server and click Submit.
    Note: If you have a license to these HCL parts and your License Key Center is missing the entitlement then open a help ticket at https://support.bigfix.com
  2. Check for license update.
    Note: The BES Platform screen of the BigFix License Overview shows that a site certificate update was detected. If the site certificate update is not detected, click Check for license update and the update should be detected shortly.
    Figure 2. License update


  3. Update the masthead with BESAdmin.
    Do the following to update the masthead with BESAdmin:
    1. Select BigFix Administration Tool (BESAdmin) from the Start menu on the root server. When launched, you are prompted for Site Admin Private Key Password (your deployment’s private key password).
    2. Enter the correct password and BESAdmin will update your deployment’s masthead. After the update is complete, click OK.
  4. Enable the EUS Patch sites.
    After the masthead is updated, click Refresh at the top right of the License Overview dashboard and the EUS site(s) of your organization that are purchased should be listed. Only enable content that applies to your environment.

    You can enable the content like any other BigFix content site using the Enable link in the site’s collapsible section in the dashboard.

    Note: If the new sites do not appear in your license dashboard after running BESAdmin from the prior step, then clear your console cache and restart your console. If the issue persists then open a help ticket at https://support.bigfix.com and request a manual license.crt to import into your BESAdmin.
  5. Configure the RHSM plugin.
    EUS/ELS patching uses the BigFix Red Hat Subscription Management (RHSM) download plugin. Entitlement is required to download the content and is provided via certificates. Follow the instruction in the Help Center to download your certificates and set up the RHSM Plugin: https://help.hcltechsw.com/bigfix/10.0/patch/Patch/Patch_RH/c_using_rhsm_dlp.html
  6. Check for an updated RHSM plug-in.
    Verify that the RHSM plug-in is updated to the latest version in the Manage download plugins dashboard.https://help.hcltechsw.com/bigfix/10.0/patch/Patch/Patch_RH/t_upgrading_rhsm_download_plug-in.html
  7. Enable the EUS/ELS patching.
    Run the following steps to enable the EUS/ELS patching:
    1. From the Patching Support Site take action on the Fixlet 70 - Enable the EUS/ELS repositories in the RHSM Download Plugin targeting the BigFix server where the RHSM plugin is installed.
    2. Verify that the repositories are reachable. From the command line on the BigFix server run the following for Windows: C:\Program Files (x86)\BigFix Enterprise\BES Server\DownloadPlugins\RHSMProtocol\RHSMPlugin --check-allrepos For Linux: /var/opt/BESServer/DownloadPlugins/RHSMProtocol/RHSMPlugin --check-allrepos

    Note: If any of the repos show a zero, then the subscription certificates on the BigFix server do not include those extended repositories. Ensure that the repos that you are interested in do not have zero values.
  8. Create Subscription Groups for Endpoints that Require Extended Support. Only the endpoints which require Extended Support patches should be subscribed to the Extended Support sites. The easiest way to target those endpoints is to create a group of the endpoints which currently have EUS-eligible versions of RHEL installed. For RHEL 8, a group with these conditions will capture your Extended Support endpoints:
    Note: Red Hat eventually provides EUS patches for additional versions of RHEL 8. You can add versions to the group definition once Red Hat starts the EUS phase of support for those versions.

    For RHEL 7, a group with these conditions will capture your Extended Support endpoints:



    For RHEL 6, the EUS phase is completed but the ELS phase is currently active. It is safe to subscribe all your RHEL 6 endpoints to the Extended Support site:



    You can treat the RHEL 5 Extended support in a similar way as RHEL 6:

  9. Subscribe the endpoints to the Extended Support Patch Content sites.
    Set each EUS site’s subscription Relevance to the correct OS and click Save Changes.
    Figure 3. External Site: Patches for RHEL5 Extended Support


    Note: Endpoints does not install patches from the mainstream RHEL 7 and 8 patch sites when they are subscribed to the RHEL 7 Extended Support or RHEL 8 Extended Support patch sites. So it is important to get the correct Extended Support site subscriptions, only the subscribed endpoints which require EUS 7 or EUS 8 patches to the RHEL 7 and 8 Extended Support patch sites.