Help Center/ Cloud Operations Center/ User Guide/ Automated O&M/ Patch Management/ Managing Patch Baselines
Updated on 2025-08-08 GMT+08:00
View PDF
Share

Managing Patch Baselines

Scenarios

You can customize a patch baseline to scan the patches of an instance. The patches that do not comply with the baseline can be fixed.

You can create patch baselines for ECS, CCE, and BMS instances as required.

Cloud Operations Center has provided the public patch baselines of all OSs as the preset patch baseline when ECS and BMS instances are used initially. Patch baseline for CCE instances needs to be manually created.

Precautions

The common baseline cannot be modified or deleted.

Creating a Patch Baseline

  1. Log in to COC.
  2. In the navigation pane on the left, choose Resource O&M > Automated O&M.
  3. In the Routine O&M area, click Patch Management.
  4. On the displayed page, click the Patch Baseline tab.
  5. Click Create Patch Baseline and set the parameters.

    Table 1 Basic information parameters

    Parameter

    Description

    Example Value

    Baseline Name

    Customize the name of the patch baseline based on the naming rule.

    Test baseline

    Description

    (Optional) You can describe the remarks or usage instructions of the baseline.

    -

    Scenario Type

    The value can be ECS, CCE, or BMS.

    ECS

    OS

    The value can be Huawei Cloud EulerOS, CentOS, or EulerOS.

    Huawei Cloud EulerOS

    Default Baseline or Not

    Select the option to set this patch as the default patch baseline.

    -

    Baseline Type

    Select a baseline type.

    • If you select Installation Rule Baseline, set the parameters by referring to Table 2.
    • If you select Custom Baseline, set the parameters by referring to Table 3.

    -
    Table 2 Installation rule baseline

    Parameter

    Option

    Description

    Product
    • Huawei Cloud EulerOS
      • All
      • Huawei Cloud EulerOS 1.1
      • Huawei Cloud EulerOS 2.0
    • CentOS
      • All
      • CentOS 7.2
      • CentOS 7.3
      • CentOS 7.4
      • CentOS 7.5
      • CentOS 7.6
      • CentOS 7.7
      • CentOS 7.8
      • CentOS 7.9
      • CentOS 8.0
      • CentOS 8.1
      • CentOS 8.2
    • EulerOS
      • All
      • EulerOS 2.2
      • EulerOS 2.5
      • EulerOS 2.8
      • EulerOS 2.9
      • EulerOS 2.10

    Product for which you want to scan patches. Only the patches of the selected product are scanned and fixed.

    Category
    • All
    • Security
    • Bugfix
    • Enhancement
    • Recommended
    • New package

    Category of patches. Only the patches of the selected category are scanned and fixed.

    Severity
    • All
    • Critical
    • Important
    • Moderate
    • Low
    • None

    Severity level of patches. Only the patches of the selected severity are scanned and fixed.

    Automatic Approval
    • Approve the patch after a specified number of days.
    • Approve patches released before the specified date.

    Automatically approve patches that meet specified conditions.

    Specified Days

    0-365

    This parameter is mandatory when Approve the patch after a specified number of days. is selected.

    Specified Days

    -

    This parameter is mandatory when Approve patches released before the specified date. is selected.

    Compliance Reporting
    • Unspecified
    • Critical
    • High
    • Medium
    • Low
    • Suggestion

    Level at which patches that meet the patch baseline are displayed in the compliance report

    Install Non-Security Patches

    -

    If you do not select this option, the patches with vulnerabilities will not be updated during patch repairing.

    Abnormal Patches

    -

    Approved patches and rejected patches can be in the following formats:

    • Complete software package name: example-1.0.0-1.r1.hce2.x86_64
    • Software package names that contain a single wildcard: example-1.0.0*.x86_64
    Table 3 Custom baseline

    Parameter

    Option

    Description

    Product
    • Huawei Cloud EulerOS
      • All
      • Huawei Cloud EulerOS 1.1
      • Huawei Cloud EulerOS 2.0
    • CentOS
      • All
      • CentOS 7.2
      • CentOS 7.3
      • CentOS 7.4
      • CentOS 7.5
      • CentOS 7.6
      • CentOS 7.7
      • CentOS 7.8
      • CentOS 7.9
      • CentOS 8.0
      • CentOS 8.1
      • CentOS 8.2
    • EulerOS
      • All
      • EulerOS 2.2
      • EulerOS 2.5
      • EulerOS 2.8
      • EulerOS 2.9
      • EulerOS 2.10

    Product for which you want to scan patches. Only the patches of the selected product are scanned and fixed.

    Compliance Reporting

    Unspecified

    Critical

    High

    Medium

    Low

    Suggestion

    Level at which patches that meet the patch baseline are displayed in the compliance report

    Baseline Patches

    None

    You can customize the version and release number of a baseline path. Only the patches that match the customized baseline patch can be scanned and installed.

    • A maximum of 1,000 baseline patches can be uploaded for a baseline.
    • The patch name can contain a maximum of 200 characters, including letters, digits, underscores (_), hyphens (-), dots (.), asterisks (*), and plus signs (+).
    • The data in the second column consists of the version number (including letters, digits, underscores, dots, and colons) and the release number (including letters, digits, underscores, and dots) that are separated by a hyphen (-). Both two types of numbers can contain a maximum of 50 characters.

  6. Click OK.

    The patch baseline is created.

Setting a Default Baseline

  1. Log in to COC.
  2. In the navigation pane on the left, choose Resource O&M > Automated O&M.
  3. In the Routine O&M area, click Patch Management.
  4. On the displayed page, click the Patch Baseline tab.
  5. Locate the target baseline and click Set Default Baseline in the Operation column.

    The default baseline is set.

Modifying a Patch Baseline

  1. Log in to COC.
  2. In the navigation pane on the left, choose Resource O&M > Automated O&M.
  3. In the Routine O&M area, click Patch Management.
  4. On the displayed page, click the Patch Baseline tab.
  5. Locate the target baseline and click Modify in the Operation column.

    Table 4 Basic information parameters

    Parameter

    Description

    Example Value

    Baseline Name

    Customize the name of the patch baseline based on the naming rule.

    Test baseline

    Description

    (Optional) You can describe the remarks or usage instructions of the baseline.

    -

    Scenario Type

    This parameter cannot be changed.

    ECS

    OS

    This parameter cannot be changed.

    Huawei Cloud EulerOS

    Baseline Type

    This parameter cannot be changed.

    • If you select Installation Rule Baseline, set the parameters by referring to Table 2.
    • If you select Custom Baseline, set the parameters by referring to Table 3.

    -

  6. Click OK.

    The patch baseline is modified.

Deleting a Patch Baseline

  1. Log in to COC.
  2. In the navigation pane on the left, choose Resource O&M > Automated O&M.
  3. In the Routine O&M area, click Patch Management.
  4. On the displayed page, click the Patch Baseline tab.
  5. Locate the target baseline and click Delete in the Operation column.

    The patch baseline is deleted.

Parent Topic: Patch Management