K1000 Patching
Good day everyone,
We are testing patching using the K1000 in our company.
For testing purposes I have created simply a detect schedule to run on a single computer every hour. However it doesn't seem be very punctual as per the schedule. Is there any way to force the detect to be run and also force the deploy to run provided there are patched ready for deployment?
0 Comments
[ + ] Show comments
Answers (2)
Please log in to answer
Posted by:
jknox
9 years ago
The short answer is sort of. You can force a detect/deploy schedule to be run manually.
The long answer: A detect and deploy schedule isn't quite that simple.
A detect runs based on the patch signatures that the K1000 has previously downloaded. Once that has run, patches need to be downloaded based on the detect results. This is download is a separate schedule from patching.
Once the patches are downloaded, they are deployed the next time the patch schedule runs.
So, if the patch schedule only runs once a week, it will take a minimum of two weeks to deploy.
Does that make sense?
The long answer: A detect and deploy schedule isn't quite that simple.
A detect runs based on the patch signatures that the K1000 has previously downloaded. Once that has run, patches need to be downloaded based on the detect results. This is download is a separate schedule from patching.
Once the patches are downloaded, they are deployed the next time the patch schedule runs.
So, if the patch schedule only runs once a week, it will take a minimum of two weeks to deploy.
Does that make sense?
Comments:
-
Thank you for taking the time to respond.
What you stated makes sense to me.
We have a Detect All running against all our client machines so the K1000 box has up-to-date patches downloaded and ready to deploy.
However, before we start patching to all our clients, we are required to determine how it will it impact users. We started testing with Java 8u40 to patch to 8u45. Once Java 8u40 was installed, we wanted to force to detect so that the K1000 will know that our test machine needs that patch and so deploy it on the next Java deploy schedule. Unfortunately, we have not been able to trigger the detect so our testing is slow as we have to wait overnight for the detect to be run. Our detect schedule is configure to run every hour but it doesn't seem to detect during the day despite that. - egas 9 years ago-
Are you using Labels for your Detect Patches or "All Patches"? - rockhead44 9 years ago
-
We're using labels. - egas 9 years ago
-
Is the Java 8 Update 45 patch Active and appearing in your label? - rockhead44 9 years ago
-
It is, along with Jave 7 Update 80 - egas 9 years ago
-
Not sure what to check beyond that. I will say that i scrapped patching Java and started updated via MI (using .bat file) and Labels and have had no problems. I do still patch some other apps so you certainly want to get the issues resolved. - rockhead44 9 years ago
-
Maybe I will investigate the MI option as well.
I appreciate your feedback rockhead - egas 9 years ago -
No problem. Lots of info on here about deploying Java via MI with a batch file. - rockhead44 9 years ago
Posted by:
jegolf
9 years ago
You can use a detect and deploy schedule but it runs a continuous detect and deploy cycle until all patches are deployed (detect, patch reboot, detect, patch, reboot, etc). In my case I have separate detect and deploy schedules so I can run one round...
Comments:
-
Thank you for responding. We too also decided on separate detect and deploy schedules for when we roll this out. However, for our testing, we have been unable to force a detect. - egas 9 years ago