WebSphere Application Server & Liberty

 View Only

WebSphere Automation "How To" Series #15 : How to install interim fixes and fix packs using WebSphere Automation UI

By Brian Hanczaryk posted Mon August 22, 2022 08:35 AM

  
WebSphere Automation "How To" Series #15 : How to install interim fixes and fix packs using WebSphere Automation UI

Previous blogs in this WebSphere Automation "How To" series :
WebSphere Automation "How To" Series #1 : How to get WebSphere Automation UI URL 
WebSphere Automation "How To" Series #2 : How to specify user roles and permissions 
WebSphere Automation "How To" Series #3 : How to configure WebSphere Automation with an Enterprise LDAP 
WebSphere Automation "How To" Series #4 : How to register WebSphere Application Server traditional servers using configuretWasUsageMetering.py script 
WebSphere Automation "How To" Series #5 : How to register WebSphere Liberty servers 
WebSphere Automation "How To" Series #6 : How to configure email server and email addresses for notifications 
WebSphere Automation "How To" Series #7 : How to setup Instana to send alerts to WebSphere Automation 
WebSphere Automation "How To" Series #8 : How to setup secure access to Linux or UNIX servers 
WebSphere Automation "How To" Series #9 : How to trigger a memory leak health investigation when used heap is over 80 percent 
WebSphere Automation "How To" Series #10 : How to view WebSphere Automation REST APIs using Swagger UI
WebSphere Automation "How To" Series #11 : How to get and delete assets using APIs
WebSphere Automation "How To" Series #12 : How to get security bulletins using APIs
WebSphere Automation "How To" Series #13 : How to retrieve a list of vulnerabilities using APIs
WebSphere Automation "How To" Series #14 : How to get CVE impact summaries using APIs 

This post will focus on how to install interim fixes and fix packs using WebSphere Automation UI.

Following the steps detailed in WebSphere Automation "How To" Series #4 : How to register WebSphere Application Server traditional servers using configuretWasUsageMetering.py script (https://community.ibm.com/community/user/wasdevops/blogs/brian-hanczaryk/2022/04/06/websphere-automation-how-to-series-4-how-to-regist), we've registered one WebSphere Application Server traditional server on a RHEL VM.

Following the steps detailed in WebSphere Automation "How To" Series #5 : How to register WebSphere Liberty servers (https://community.ibm.com/community/user/wasdevops/blogs/brian-hanczaryk/2022/04/11/websphere-automation-how-to-series-5-how-to-regist), we've registered one WebSphere Liberty server on a RHEL VM.

Following the steps detailed in WebSphere Automation "How To" Series #8 : How to setup secure access to Linux or UNIX servers (https://community.ibm.com/community/user/wasdevops/blogs/brian-hanczaryk/2022/04/25/websphere-automation-how-to-series-8-how-to-setup), we've setup secure access to our RHEL VMs. For both VMs, we've ensured that Python 3 is installed and on the PATH as detailed in https://www.ibm.com/docs/en/ws-automation?topic=requirements-managed-server.

The following is a screenshot of the WebSphere Automation UI after registering the servers.

Security_1


Using the registered Liberty server for this example, we'll click on one of the unresolved CVEs (CVE-2022-22475). The top of the CVE page displays CVE information with a link to view the security bulletin along with risk level, days exposed and detected date. Underneath the CVE information is a list of the servers that are affected by this CVE. For this example, there is one server listed, showing the server name, WebSphere version, Java SDK version, hostname, topology, vulnerability status, days exposed, detection date and a link to prepare fix.

By clicking the 'Prepare fix' link, we can utilize the WebSphere Automation UI to install the interim fix or fix pack to resolve the CVE. The following is a screenshot of the WebSphere Automation UI CVE page.

CVE-2022-22475_1


After clicking the 'Prepare fix', we are presented to choose the fix to resolve the vulnerability. At the top of the page, we are presented with a list of all the registered servers that share the installation and will be updated. Underneath the review of servers in the installation on the target host, the user is presented with up to two possible ways to resolve the vulnerability. The user can choose the radio button to either apply the most recent fix pack or interim fix. If this is the first time that either the fix pack or interim fix installation has been attempted, the user has the option to either 'Fetch fix' or 'Fetch then install fix'.

The following is a screenshot of the WebSphere Automation UI Prepare fix page before selecting a fix.

Prepare_Fix_1


If the fix pack or interim fix has already been fetched, then the user is presented with the 'Install fix' button after the radio button is selected. In this example, we have already fetched the interim fix for PH46072, so we are presented with 'Install fix' button after selecting the radio button for PH46072.

The following is a screenshot of the WebSphere Automation UI Prepare fix page after selecting the interim fix for PH46072.

Prepare_Fix_2


After clicking the 'Install fix' button, the user is presented with a pop-up to confirm the installation. The following is a screenshot of the WebSphere Automation UI Confirm installation pop-up for the interim fix installation.

Confirm_Installation_1


After clicking the 'Proceed' button on the Confirm installation pop-up, the WebSphere Automation UI shows the Security -> Fix management information. The following is a screenshot of the WebSphere Automation UI Fix management information while the interim fix is in the process of installing.

Fix_Management_1


After the interim fix installs successfully, the WebSphere Automation UI status changes to show status of 'Installation complete'. The following is a screenshot of the WebSphere Automation UI Fix management information after the interim fix installation completed.

Fix_Management_2


On the WebSphere Automation UI Fix management page, the user can click on the ID number to view more detailed information. When the user clicks on the ID, the right pane shows the detailed installation information with the history of the steps performed. Under the 'Installing fix' card, the user can download the runbook.log. The following is a screenshot of the more detailed installation information that is shown in the right pane.

Fix_Management_ID_1


The example shown above has stepped through the process when the user chooses to install an interim fix. The WebSphere Automation UI flow is similar for installing a fix pack with one exception when confirming the installation. When installing a fix pack, the user must choose to select the 'Accept license' checkbox before the 'Proceed' button is enabled and by default the create backup is set to On. The following is a screenshot of the WebSphere Automation UI Confirm installation pop-up for a fix pack installation.

Confirm_Installation_Fix_Pack_1


To read more about protecting application platforms and to view a recorded WebSphere Automation patch deployment demo, visit https://www.ibm.com/cloud/blog/automation-is-critical-for-protecting-application-platforms.

You can find more IBM Docs related to WebSphere Automation at https://www.ibm.com/docs/en/ws-automation.
#WebSphere#Automation #WebSphereAutomation​​​​
0 comments
24 views

Permalink