Enabling EUS patch functionality

This topic describes how to enable BigFix EUS Patch functionality in BigFix.

About this task

After you buy a BigFix EUS Patch add-on product, follow these one time steps to enable the BigFix EUS Patch functions:

Procedure

  1. Add the EUS add-on license to a server in the BigFix License Portal by completing these steps:
    1. Login to tem.subscribenet.com with your BigFix credentials.
    2. Click the server’s serial number to manage it.
      BigFix EUS Patch add-on products available for allocation is displayed.
      Figure 1. BigFix License Key Center
    3. Allocate one unit of the EUS patch product to the server and click Submit.
    Note: If you have a license to these HCL parts and your License Key Center is missing the entitlement then open a help ticket at https://support.bigfix.com
  2. Check for a license update.
    Note: The BigFix Enterprise Suite Platform screen of the BigFix License Overview shows that a site certificate update was detected. If the site certificate update is not detected, click Check for license update, and the update should be detected in a moment.
    Figure 2. License update
  3. Update the masthead with the BESAdmin tool, by completing these steps:
    Do the following to update the masthead with BESAdmin:
    1. From the Start menu on the root server, select BigFix Administration Tool (BESAdmin) . You are prompted for your site admin private key password, which is your deployment’s private key password.
    2. Enter the password and the BESAdmin will update your deployment’s masthead. After the update is complete, click OK.
  4. Enable the EUS Patch sites.
    After the masthead is updated, click Refresh at the top-right corner of the License Overview dashboard and the EUS site(s) of your organization that are purchased should be listed. Only enable content that applies to your environment.
    You can enable the content like any other BigFix content site using the Enable link in the site’s collapsible section in the dashboard.
    Note: If the new sites are no listed in your license dashboard after you run BESAdmin tool in the prior step, clear your console cache and restart your console. If the issue persists then open a help ticket at https://support.bigfix.com and request a manual license.crt file to import into your BESAdmin tool.
  5. Configure the RHSM plugin.
    EUS and Extended Life Cycle Support (ELS) patching uses the BigFix Red Hat Subscription Management (RHSM) download plugin. Entitlement is required to download the content and is provided via certificates. Follow the instruction in the HCL Help Center to download your certificates and set up the RHSM Plugin: https://help.hcltechsw.com/bigfix/10.0/patch/Patch/Patch_RH/c_using_rhsm_dlp.html
  6. Check for an updated RHSM plug-in.
    Verify that the RHSM plug-in is updated to the latest version by checking the Manage download plugins dashboard.https://help.hcltechsw.com/bigfix/10.0/patch/Patch/Patch_RH/t_upgrading_rhsm_download_plug-in.html
  7. Enable the EUS and ELS patching by completing these steps:
    Run the following steps to enable the EUS/ELS patching:
    1. From the Patching Support Site take action on the Fixlet 70 - Enable the EUS/ELS repositories in the RHSM Download Plugin targeting the BigFix server where the RHSM plugin is installed.
    2. Verify that the repositories are reachable. From the command line on the BigFix server run the following for Windows: C:\Program Files (x86)\BigFix Enterprise\BES Server\DownloadPlugins\RHSMProtocol\RHSMPlugin --check-allrepos For Linux: /var/opt/BESServer/DownloadPlugins/RHSMProtocol/RHSMPlugin --check-allrepos
    Note: If any of the repos show a zero, then the subscription certificates on the BigFix server do not include those extended repositories. Ensure that the repos that you are interested in do not have zero values.
  8. Create Subscription Groups for Endpoints that Require Extended Support.
    Only the endpoints which require Extended Support patches should be subscribed to the Extended Support sites. The easiest way to target those endpoints is to create a group of the endpoints which currently have EUS-eligible versions of RHEL installed.
    For RHEL 8, a group with these conditions will capture your Extended Support endpoints:
    Note: Red Hat eventually provides EUS patches for additional versions of RHEL 8. You can add versions to the group definition once Red Hat starts the EUS phase of support for those versions.

    For RHEL 7, a group with these conditions will capture your Extended Support endpoints:

    For RHEL 6, the EUS phase is completed but the ELS phase is currently active. It is safe to subscribe all your RHEL 6 endpoints to the Extended Support site:

    You can treat the RHEL 5 Extended support in a similar way as RHEL 6:

  9. Subscribe the endpoints to the Extended Support Patch Content sites.
    Set each EUS site’s subscription Relevance to the correct OS and click Save Changes.
    Figure 3. External site: Patches for RHEL5 Extended Support
    Note: Endpoints does not install patches from the mainstream RHEL 7 and 8 patch sites when they are subscribed to the RHEL 7 Extended Support or RHEL 8 Extended Support patch sites. So it is important to get the correct Extended Support site subscriptions, only the subscribed endpoints which require EUS 7 or EUS 8 patches to the RHEL 7 and 8 Extended Support patch sites.