Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Automating Patching Process

Created: 10 Feb 2013 • Updated: 09 May 2013 | 1 comment
Hello All,
 
I waned to seek help on an issue we face with our Patching process. 
Situation is the following ( My ideas are mentioned in the brackets ) : Currently guys involved in patching do a lot of manual work during the pre checks and post checks involved in the patching process : 
 
 
Pre Checks:
- Check for SMA agent is running or not - 
( This i can automate via a task delivered as a policy, This I can schedule prior to the patching schedule )
 
- Check for servers in reboot required state and schedule the reboot of these servers before the scheduled patching activity 
( aexpatchutil /reboot will reboot the servers if the result of this command is True, The question is, how can I make this task/ policy explicitly precede before the actual patch installation policy ? Is there a way to instruct a policy to start execution only if another policy has executed ? At the moment our patching policies are time based, they start doing a particular action at a certain time, I assume there would be an option to have a sequential software delivery task rolled out with certain ctions wrapped inside ) 
 
Patching Process:
Patching schedule is 1 hour ( for e.g at 1:00 AM patch installation starts and 2 :00 AM reboot occurs using software update policies ). 
 
 
Post Checks:
-Run a script to find out which servers did not reboot after the patching. Once the guys have identified these servers , they feed this server list to another script which mass reboots the servers.
( I was thinking of using the aexpatchutil tool again to perform this check and reboot the servers again , in case they did not get rebooted correctly at their scheduled reboot time after patch installation. How would I achieve sending the successful or unsuccessful reboot status back to SMP or how would I force the SMAs to report back their status to SMP ? )
 
- Check for DHCP service is running ( this check is performed because we sometime face issue that the server gives ping responses but somehow is stuck at OS level and thus preventing handing out IP addresses to clients)
( This again can be done via Altiris task to check service state , and start up service in case its stopped. )
 
What I am struggling with is building the logic for incorporating the above ideas. I am hoping one of you can point me in the right direction or provide me any snippets of examples on how I can implement this in our environment.
 
Thank you
Operating Systems:

Comments 1 CommentJump to latest comment

MicaPete's picture

Saur,

I would suggest posting this question to the Patch Management sponsored group here:

https://www-secure.symantec.com/connect/groups/patch-management

Thanks

Meike