AFAIK there's no native way. I would do this with a set of defines wrapped around the yum-security package (which allows you to list and operate on security updates only).
On Mon, Oct 10, 2011 at 12:22 PM, Jo Rhett <jrh...@netconsonance.com> wrote: > Am I overlooking a native way to update vulnerable packages only if they > are already installed? There's no option to set a package to 'latest' only > if installed. OnlyIf and Unless don't operate on package resources. > (Yum/CentOS but I imagine the issue is the same for all platforms) > > No, running a "yum upgrade all" is not plausible. Maintaining a list of > packages which should be upgraded is plausible and expected. > > The obvious thing seems to be creatinga ruby fact that loads all packages > into facts and then doing the logic based around that, but Luke and other > have expressed concerns over doing this in the past. Is there a better way? > > -- > Jo Rhett > Net Consonance : consonant endings by net philanthropy, open source and > other randomness > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To post to this group, send email to puppet-users@googlegroups.com. > To unsubscribe from this group, send email to > puppet-users+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/puppet-users?hl=en. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.