60 lines
1.4 KiB
Puppet
60 lines
1.4 KiB
Puppet
#Provides automated patch management
|
|
class profile::patch_mgmt_nix (
|
|
Array $blacklist = [],
|
|
Array $whitelist = [],
|
|
Optional[Hash] $patch_window = {
|
|
range => '01:00 - 14:00',
|
|
weekday => 'Sunday',
|
|
repeat => 3
|
|
}
|
|
) {
|
|
include os_patching
|
|
if $facts['os_patching'] {
|
|
$updatescan = $facts['os_patching']['package_updates']
|
|
}
|
|
else {
|
|
$updatescan = []
|
|
}
|
|
if $whitelist.count > 0 {
|
|
$updates = $updatescan.filter |$item| { $item in $whitelist }
|
|
} elsif $blacklist.count > 0 {
|
|
$updates = $updatescan.filter |$item| { !($item in $blacklist) }
|
|
} else {
|
|
$updates = $updatescan
|
|
}
|
|
schedule { 'patch_window':
|
|
* => $patch_window
|
|
}
|
|
if $facts['os_patching']['reboots']['reboot_required'] == true {
|
|
Package {
|
|
require => Reboot['patch_window_reboot']
|
|
}
|
|
notify { 'Reboot pending, rebooting node...':
|
|
schedule => 'patch_window',
|
|
notify => Reboot['patch_window_reboot']
|
|
}
|
|
} else {
|
|
Package {
|
|
notify => Reboot['patch_window_reboot']
|
|
}
|
|
}
|
|
reboot { 'patch_window_reboot':
|
|
apply => 'finished',
|
|
schedule => 'patch_window'
|
|
}
|
|
if $updates.size > 0 {
|
|
exec { 'Clean Yum before updates':
|
|
command => 'yum clean all',
|
|
path => '/usr/bin',
|
|
schedule => 'patch_window'
|
|
}
|
|
}
|
|
$updates.each | $package | {
|
|
package { $package:
|
|
ensure => 'latest',
|
|
schedule => 'patch_window',
|
|
require => Exec['Clean Yum before updates'],
|
|
}
|
|
}
|
|
}
|