[Puppet Users] Re: Puppet as patch management

Thu, 12 Mar 2015 11:45:51 -0700 

I don't have enough nodes to justify running my own patch repository, but 
here is the manifest I use for patching our Debian-derived systems. First, 
though, here is the facter called "updates_already_running"

Facter.add(:updates_already_running) do
 confine :osfamily => "Debian"
 setcode do
 if Facter::Util::Resolution.exec("ps aux | grep 'dpkg\|apt-get' | grep -v 
grep")
 "yes"
 end
 end
end

And, here is the manifest:

class system_updates { 
 # ==Purpose
 # This class is used for running system updates on all Linux assets.
 #
 # ==Actions
 # * Compiles a list of available updates
 # * Ensures that any pending package problems are resolved
 # * Applies all available updates
 # * Automatically cleans up any packages that are no longer needed
 # * Empties genericadmin's mailbox

 # * Reboots the system if any updates require it
 #
 #
 if ( $::updates_already_running ) {
 }
 else {
 
 Exec["lock_prep"] -> Exec["apt_prep"] -> Exec["apt_update"] ->  Exec[
"apt_fix"] -> Exec["apt_upgrade"] -> Exec["apt_remove"] ->  Exec[
"empty_mailbox"] -> Exec["reboot"]
 #
 #
 exec { "lock_prep":
      command   => "rm -f /var/lib/dpkg/lock ; rm -f 
/var/lib/apt/lists/lock ; rm -f /var/cache/apt/archives/lock",
    }
 exec { "apt_prep":
  command   => "rm -rf /var/lib/apt/lists/* ; mkdir 
/var/lib/apt/lists/partial",
 }
 exec { "apt_update":
 command => "apt-get update",
 }
 exec { "apt_fix":
 command => "apt-get -f install",
 }
 exec { "apt_upgrade":
 command => "apt-get -o Dpkg::Options::=\"--force-confdef\" -o 
Dpkg::Options::=\"--force-confold\" -y --force-yes dist-upgrade",
 }
 exec { "apt_remove":
 command => "apt-get -y autoremove",
 }
 exec { "empty_mailbox":
 command   => 'echo "" > /home/genericadmin/mbox',
 onlyif    => "test -f /home/genericadmin/mbox",
 }
 exec { "reboot":
 command => "reboot",
 onlyif => "test -f /var/run/reboot-required",
 }
 }
}

I hope this helps you.

Brian

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/puppet-users/27686dc5-20d0-4c49-bb49-5639a42babe4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to