WebSphere Automation "How To" Series #15 : How to install interim fixes and fix packs using WebSphere Automation UI
Previous blogs in this WebSphere Automation "How To" series :
WebSphere Automation "How To" Series #1 : How to get WebSphere Automation UI URL WebSphere Automation "How To" Series #2 : How to specify user roles and permissions WebSphere Automation "How To" Series #3 : How to configure WebSphere Automation with an Enterprise LDAP WebSphere Automation "How To" Series #4 : How to register WebSphere Application Server traditional servers using configuretWasUsageMetering.py script WebSphere Automation "How To" Series #5 : How to register WebSphere Liberty servers WebSphere Automation "How To" Series #6 : How to configure email server and email addresses for notifications WebSphere Automation "How To" Series #7 : How to setup Instana to send alerts to WebSphere Automation WebSphere Automation "How To" Series #8 : How to setup secure access to Linux or UNIX servers WebSphere Automation "How To" Series #9 : How to trigger a memory leak health investigation when used heap is over 80 percent WebSphere Automation "How To" Series #10 : How to view WebSphere Automation REST APIs using Swagger UIWebSphere Automation "How To" Series #11 : How to get and delete assets using APIsWebSphere Automation "How To" Series #12 : How to get security bulletins using APIsWebSphere Automation "How To" Series #13 : How to retrieve a list of vulnerabilities using APIsWebSphere Automation "How To" Series #14 : How to get CVE impact summaries using APIs This post will focus on how to install interim fixes and fix packs using WebSphere Automation UI.
Following the steps detailed in WebSphere Automation "How To" Series #4 : How to register WebSphere Application Server traditional servers using configuretWasUsageMetering.py script (
https://community.ibm.com/community/user/wasdevops/blogs/brian-hanczaryk/2022/04/06/websphere-automation-how-to-series-4-how-to-regist), we've registered one WebSphere Application Server traditional server on a RHEL VM.
Following the steps detailed in WebSphere Automation "How To" Series #5 : How to register WebSphere Liberty servers (
https://community.ibm.com/community/user/wasdevops/blogs/brian-hanczaryk/2022/04/11/websphere-automation-how-to-series-5-how-to-regist), we've registered one WebSphere Liberty server on a RHEL VM.
Following the steps detailed in WebSphere Automation "How To" Series #8 : How to setup secure access to Linux or UNIX servers (
https://community.ibm.com/community/user/wasdevops/blogs/brian-hanczaryk/2022/04/25/websphere-automation-how-to-series-8-how-to-setup), we've setup secure access to our RHEL VMs. For both VMs, we've ensured that Python 3 is installed and on the PATH as detailed in
https://www.ibm.com/docs/en/ws-automation?topic=requirements-managed-server.
The following is a screenshot of the WebSphere Automation UI after registering the servers.
Using the registered Liberty server for this example, we'll click on one of the unresolved CVEs (CVE-2022-22475). The top of the CVE page displays CVE information with a link to view the security bulletin along with risk level, days exposed and detected date. Underneath the CVE information is a list of the servers that are affected by this CVE. For this example, there is one server listed, showing the server name, WebSphere version, Java SDK version, hostname, topology, vulnerability status, days exposed, detection date and a link to prepare fix.
By clicking the 'Prepare fix' link, we can utilize the WebSphere Automation UI to install the interim fix or fix pack to resolve the CVE. The following is a screenshot of the WebSphere Automation UI CVE page.
After clicking the 'Prepare fix', we are presented to choose the fix to resolve the vulnerability. At the top of the page, we are presented with a list of all the registered servers that share the installation and will be updated. Underneath the review of servers in the installation on the target host, the user is presented with up to two possible ways to resolve the vulnerability. The user can choose the radio button to either apply the most recent fix pack or interim fix. If this is the first time that either the fix pack or interim fix installation has been attempted, the user has the option to either 'Fetch fix' or 'Fetch then install fix'.
The following is a screenshot of the WebSphere Automation UI Prepare fix page before selecting a fix.
If the fix pack or interim fix has already been fetched, then the user is presented with the 'Install fix' button after the radio button is selected. In this example, we have already fetched the interim fix for PH46072, so we are presented with 'Install fix' button after selecting the radio button for PH46072.
The following is a screenshot of the WebSphere Automation UI Prepare fix page after selecting the interim fix for PH46072.
After clicking the 'Install fix' button, the user is presented with a pop-up to confirm the installation. The following is a screenshot of the WebSphere Automation UI Confirm installation pop-up for the interim fix installation.
After clicking the 'Proceed' button on the Confirm installation pop-up, the WebSphere Automation UI shows the Security -> Fix management information. The following is a screenshot of the WebSphere Automation UI Fix management information while the interim fix is in the process of installing.
After the interim fix installs successfully, the WebSphere Automation UI status changes to show status of 'Installation complete'. The following is a screenshot of the WebSphere Automation UI Fix management information after the interim fix installation completed.
On the WebSphere Automation UI Fix management page, the user can click on the ID number to view more detailed information. When the user clicks on the ID, the right pane shows the detailed installation information with the history of the steps performed. Under the 'Installing fix' card, the user can download the runbook.log. The following is a screenshot of the more detailed installation information that is shown in the right pane.
The example shown above has stepped through the process when the user chooses to install an interim fix. The WebSphere Automation UI flow is similar for installing a fix pack with one exception when confirming the installation. When installing a fix pack, the user must choose to select the 'Accept license' checkbox before the 'Proceed' button is enabled and by default the create backup is set to On. The following is a screenshot of the WebSphere Automation UI Confirm installation pop-up for a fix pack installation.
To read more about protecting application platforms and to view a recorded WebSphere Automation patch deployment demo, visit
https://www.ibm.com/cloud/blog/automation-is-critical-for-protecting-application-platforms.
You can find more IBM Docs related to WebSphere Automation at
https://www.ibm.com/docs/en/ws-automation.
#WebSphere#Automation #WebSphereAutomation