Thanks Martin. It sounds really good. Would you share some configuration on place? When you say patching you mean only linux with packages updates? Regards On 13/03/2015 8:08 PM, "Martin Willemsma" <mwillem...@gmail.com> wrote:
> I do have a succes story for using Puppet as a patch management tool. We > build a system around PuppetDB and our internal CMDB to have patches > installed automatically according to update schedules (input for puppet > schedule type) and in a controlled manner. > > - Display package updates from PuppetDB in our CMDB > - Manage schedules for installing the updates per node/region/datacenter > - Review,Commit and Approve updates > > The puppetmaster is fetching the approved update information for nodes > from our CMDB in its agent run together with the configured schedules. All > nodes we manage have the module with the package update manifest. In an > agent run a node is checking if it is enabled for auto updates, if so which > updates are approved and installs them according to the assigned schedule. > After the update run the stdout and stderr are available in the CMDB. > > This works very well for us and allows unattended installation of updates > in a controlled manner. > > > 2015-03-13 6:55 GMT+01:00 Alex Harvey <alexharv...@gmail.com>: > >> While it's possible to do stuff like this in Puppet, it's not really >> configuration management that you're doing here; it's systems >> administration. If your requirement is to have patches installed >> automatically, I would write this as a 10 line shell script, and have >> Puppet just take care of installing the script as a cron task. >> >> >> On Friday, March 13, 2015 at 5:45:16 AM UTC+11, Brian Morris wrote: >>> >>> I don't have enough nodes to justify running my own patch repository, >>> but here is the manifest I use for patching our Debian-derived systems. >>> First, though, here is the facter called "updates_already_running" >>> >>> Facter.add(:updates_already_running) do >>> confine :osfamily => "Debian" >>> setcode do >>> if Facter::Util::Resolution.exec("ps aux | grep 'dpkg\|apt-get' | grep >>> -v grep") >>> "yes" >>> end >>> end >>> end >>> >>> And, here is the manifest: >>> >>> class system_updates { >>> # ==Purpose >>> # This class is used for running system updates on all Linux assets. >>> # >>> # ==Actions >>> # * Compiles a list of available updates >>> # * Ensures that any pending package problems are resolved >>> # * Applies all available updates >>> # * Automatically cleans up any packages that are no longer needed >>> # * Empties genericadmin's mailbox >>> >>> # * Reboots the system if any updates require it >>> # >>> # >>> if ( $::updates_already_running ) { >>> } >>> else { >>> >>> Exec["lock_prep"] -> Exec["apt_prep"] -> Exec["apt_update"] -> Exec[ >>> "apt_fix"] -> Exec["apt_upgrade"] -> Exec["apt_remove"] -> Exec[ >>> "empty_mailbox"] -> Exec["reboot"] >>> # >>> # >>> exec { "lock_prep": >>> command => "rm -f /var/lib/dpkg/lock ; rm -f >>> /var/lib/apt/lists/lock ; rm -f /var/cache/apt/archives/lock", >>> } >>> exec { "apt_prep": >>> command => "rm -rf /var/lib/apt/lists/* ; mkdir >>> /var/lib/apt/lists/partial", >>> } >>> exec { "apt_update": >>> command => "apt-get update", >>> } >>> exec { "apt_fix": >>> command => "apt-get -f install", >>> } >>> exec { "apt_upgrade": >>> command => "apt-get -o Dpkg::Options::=\"--force-confdef\" -o >>> Dpkg::Options::=\"--force-confold\" -y --force-yes dist-upgrade", >>> } >>> exec { "apt_remove": >>> command => "apt-get -y autoremove", >>> } >>> exec { "empty_mailbox": >>> command => 'echo "" > /home/genericadmin/mbox', >>> onlyif => "test -f /home/genericadmin/mbox", >>> } >>> exec { "reboot": >>> command => "reboot", >>> onlyif => "test -f /var/run/reboot-required", >>> } >>> } >>> } >>> >>> I hope this helps you. >>> >>> Brian >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Puppet Users" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to puppet-users+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/puppet-users/42e006cd-df5d-4284-95ff-c243585c1eeb%40googlegroups.com >> <https://groups.google.com/d/msgid/puppet-users/42e006cd-df5d-4284-95ff-c243585c1eeb%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> >> For more options, visit https://groups.google.com/d/optout. >> > > > > -- > Met vriendelijke groet, Kind Regards, > > Martin Willemsma > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/CAFcmyypmOqzNAvFS2jGhH-bFqLUo1xuYmoy0Bs0foK-P%2B2HC0Q%40mail.gmail.com > <https://groups.google.com/d/msgid/puppet-users/CAFcmyypmOqzNAvFS2jGhH-bFqLUo1xuYmoy0Bs0foK-P%2B2HC0Q%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAAWpFTEAh9Myg%2BJFs%2Bcp8Y7n71f3AJ4yojVd4O4LcJbn1tD2cw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.