From dc9a93ba63143fb69b8b3b6daf6d083f16565b67 Mon Sep 17 00:00:00 2001
From: "christopher.lawrence" <chris.lawrence@puppet.com>
Date: Mon, 2 Mar 2020 11:09:23 +0000
Subject: [PATCH] added in  the patching_unix.pp and patching modules

---
 Puppetfile                                    |  1 +
 .../profile/manifests/patching/patch_unix.pp  | 59 +++++++++++++++++++
 2 files changed, 60 insertions(+)
 create mode 100644 site-modules/profile/manifests/patching/patch_unix.pp

diff --git a/Puppetfile b/Puppetfile
index 276dee6..c933247 100644
--- a/Puppetfile
+++ b/Puppetfile
@@ -31,6 +31,7 @@ mod 'puppetlabs-pwshlib', '0.4.0'
 mod 'puppet-archive', '4.4.0'
 mod 'puppet-staging', '3.2.0'
 mod 'puppetlabs-reboot', '2.4.0'
+mod 'albatrossflavour-os_patching', '0.13.0'
 
 # Modules from Git
 # Examples: https://github.com/puppetlabs/r10k/blob/master/doc/puppetfile.mkd#examples
diff --git a/site-modules/profile/manifests/patching/patch_unix.pp b/site-modules/profile/manifests/patching/patch_unix.pp
new file mode 100644
index 0000000..e606663
--- /dev/null
+++ b/site-modules/profile/manifests/patching/patch_unix.pp
@@ -0,0 +1,59 @@
+#Provides automated patch management
+class profile::patch_mgmt_nix (
+  Array $blacklist = [],
+  Array $whitelist = [],
+  Optional[Hash] $patch_window = {
+    range   => '01:00 - 14:00',
+    weekday => 'Sunday',
+    repeat  => 3
+  }
+) {
+  include os_patching
+  if $facts['os_patching'] {
+    $updatescan = $facts['os_patching']['package_updates']
+  }
+  else {
+    $updatescan = []
+  }
+  if $whitelist.count > 0 {
+    $updates = $updatescan.filter |$item| { $item in $whitelist }
+  } elsif $blacklist.count > 0 {
+    $updates = $updatescan.filter |$item| { !($item in $blacklist) }
+  } else {
+    $updates = $updatescan
+  }
+  schedule { 'patch_window':
+    * => $patch_window
+  }
+  if $facts['os_patching']['reboots']['reboot_required'] == true {
+    Package {
+      require => Reboot['patch_window_reboot']
+    }
+    notify { 'Reboot pending, rebooting node...':
+      schedule => 'patch_window',
+      notify   => Reboot['patch_window_reboot']
+    }
+  } else {
+    Package {
+      notify => Reboot['patch_window_reboot']
+    }
+  }
+  reboot { 'patch_window_reboot':
+    apply    => 'finished',
+    schedule => 'patch_window'
+  }
+  if $updates.size > 0 {
+    exec { 'Clean Yum before updates':
+      command  => 'yum clean all',
+      path     => '/usr/bin',
+      schedule => 'patch_window'
+    }
+  }
+  $updates.each | $package | {
+    package { $package:
+      ensure   => 'latest',
+      schedule => 'patch_window',
+      require  => Exec['Clean Yum before updates'],
+    }
+  }
+}