Rolling Back Patches from Linux Assets
You can create a rollback job to roll back patches from Linux assets.
Linux Cloud Agent version 7.1 or later is the prerequisite for creating Linux rollback jobs. You can roll back the patches that are deployed only after the Linux Cloud Agent version 7.1 adaptation.
Go to Jobs > Linux > Create Job. Click Rollback Job and complete the following steps:
6. Schedule
7. Options
8. Job Access
9. Confirmation
1. Basic Information
Enter a job title and description, and click Next.
2. Select Assets
Refer to the following details and select the asset tags or assets from which to roll back the patches, select the required options, and then click Next.
The following two asset selection options are available:
- Manual Asset Selection: This option allows you to select assets manually.
- Import Assets: This option allows you to import the asset from the CSV file you upload.
Refer to the following manual asset selection steps:
i. Select assets or asset tags to which you want to apply the patches.
Want to add assets later? Go to the Assets tab, select one or more assets from the Quick Actions menu of a single asset, or from the Actions menu (bulk actions), click Add to Existing Job or Add to New Job. Once enabled, you cannot add assets later to On-Demand or run-once (non-recurring) jobs.
Patches are deployed on the tags you select only for assets in the user's scope. The corresponding child tags are automatically selected when you select the asset tag.
- Select Any to include assets that have any of the selected tags.
- Select All to include only those assets in the patch deployment job with ALL the selected tags.
ii. (Optional) Select the Add Exclusion Assets checkbox to exclude specific assets from the deployment job.
You can include and exclude a maximum of 50 assets from the job.
Based on the selected options, the final list of assets is calculated considering included and excluded asset tags and included and excluded assets. To understand how final assets are determined for a job, see Which Assets are Included in a Job.
iii. (Optional) Select the Add Exclusion Asset Tags checkbox to exclude the assets from the deployment job with All/ANY of the selected asset tags.
Note: You can include and exclude a maximum of 50 asset tags from a job. To understand how final assets are determined for a job, see Which Assets are Included in a Job.
Refer to the following import assets steps:
1. Click Import Assets.
2. Upload the CSV that includes the Assets you want to upload.
Important to Know
- You can import a maximum of 5000 assets from the CSV file.
- The asset names are case-sensitive. Hence, you must include the correct asset name in the CSV file. Incorrectly spelled assets or assets not available in your subscription are not considered for import.
- The CSV file is validated during the import process, and the reasoning or error for skipped assets is also recorded. You can download the validated file and get these details. Note that the CSV file validation and import process might take longer based on the number of assets included, which increases the file size.
3. Select Pre-actions
Select the Run Script pre-action and click Add. For more information, see About Pre-Actions and Post-Actions.
4. Select Patches
- Click the Plus
icon next to Select Patches to select the patches you want to roll back from the selected assets. You are navigated to the List: Patches available for Rollback page. - Select the patches, click Add to Job, and then click Close. You are navigated to the Select Patches page of the rollback job creation workflow.
If you want to add more patches, click the Plus icon next to Selected Patches on the Select Patches page and complete adding patches from the List: Patches available for Rollback page as explained earlier.
Good to Know!
- Yo can also add patches to the rollback job later. To do so, go to the Patches tab, and select one or more patches. From the Quick Actions menu of a single patch or from the Actions menu (bulk actions) click Add to Existing Job or click Add to New Job.
- You cannot add patches later to the On Demand or run-once (non-recurring) jobs after they are enabled.
- You can modify a job to add patches using the Add to Existing Job option from the Patches tab. However, you cannot add target assets or asset tags later. To apply patches to an asset that is not added to the job, you can 1) edit an existing job from the Jobs tab, 2) select the asset from the Assets tab and use the Add to Existing Job option, or 3) create a new patch job for that asset.
You can add a maximum of 2000 patches to a single job. To add patches above 2000, create another job.
5. Select Post-actions
Select the post-action that you want to execute on the assets after the job is completed and click Next. For more information, see About Pre-Actions and Post-Actions.
6. Schedule
Refer to the following details, complete the job schedule settings, and click Next.
i. Choose when to install the patches, whether On-Demand or Schedule.
- The On-Demand option lets you install the patches immediately once the job is created and enabled.
- The Schedule option allows you to install the patches at a set time. You can run the scheduled job daily, weekly, or monthly.
For more information, see Schedule Job Settings.
Good to Know!
Monthly jobs which are scheduled to run on the 31st of the month will be scheduled every two months (where 31st date is available). You can schedule the job to run on the last day of the month which ensures that the job runs on the last day irrespective of whether the month has 28, 30, or 31 days.
- (Optional) To configure a Patch Window, click Set Duration.
- A Patching Window is used to enforce time-bound execution. The Patch Window can be set between 30 minutes to 168 hours or 10080 minutes.
ii. (Optional) To randomize download time, click Set Duration.
7. Options
Configure the communication options by referring to the following details on how to notify users about the patch rollback, and click Next.
Reboot Messages
- Switch on the toggle next to the Suppress Reboot option when you want to suppress the asset reboot and users are not prompted for reboot post patch rollback.
- Switch on the toggle next to the Reboot Countdown option to display the countdown message to users after the deferment limit is reached. This gives the end user an indication of how long it will take before the system is rebooted.
We highly recommend that when you create the job, fill out the details in the Title and Message fields for these options as this will have better performance in the agent/platform acknowledging the requests. Keep the messages very brief and the descriptions as detailed as possible.
Notification Settings
You can choose to send email notifications to the intended recipients for events such as job starts or job completions. You can enter a maximum of 50 email addresses. Also, the distribution list is not supported.
8. Job Access
Choose Co-Authors for this job and click Next. The co-authors can perform job actions based on their permissions, such as editing the job.
9. Confirmation
Review your selections, and choose to Save or Save & Enable the job.
The SuperUser or Administrator can change the job status (enable/disable), delete, and edit the job.
- When you click Save, the job is saved, and its status is DISABLED. You can enable it later.
To run a job in the DISABLED state, you must enable it. To enable it, go to the Jobs tab and click Enable from the Quick Actions menu of a job.
- When you click Save & Enable, the job is saved, and its status is ENABLED. This option is available only when creating a Job the first time, not during editing the job.
The Save & Enable option should be chosen only when you are confident that the job is correctly configured because it's enabled and in a good-to-execute state.
You can use the Disable option to temporarily disable a scheduled job. Later, at your convenience, you can re-enable the job.
On-demand or run-once (nonrecurring) jobs cannot be edited or disabled once enabled.
See Enabling or Disabling Jobs
