Re,
On 2014-07-21 09:35, dhaval thakar -SkillnetED wrote:
-------- Original Message --------
Subject: Re: [Puppet Users] Apply patch once to windows node
From: David Schmitt <[email protected]>
To: [email protected]
Date: 07/21/2014 11:39 AM
On 2014-07-15 15:36, Dhaval Thakar wrote:
Hi All,
I am starting to use puppet to manage windows nodes, tried searching but
couldn't find solution for this...
I need to apply kaspersky patch using puppet to windows nodes. So far I
have used kaspersky server to install / upgrade / patch antivirus.
Trying to get it done using puppet.
Can someone guide me to run windows command on nodes only once ? This
patch does not update installed application version hence couldn't use
Package in manifest file.
Trying to understand your use-case here: What is the problem of using
the kaspersky server to deploy the AV patches?
To answer you primary question: If you find a way to programmatically
check whether the patch is applied or not, and you know how to install
the patch by code, you can implement a exec resource with an onlyif
argument to do so. It'll probably be a pain to maintain and will not
scale as patches accumulate.
Regards, David
Hi,
Thanks for the reply.
Only valid reason I have is to install patches on fresh OS, along with
AV which may not work if I push patches using kasper, kasper admin
maintains its local catalogue for app / patch deployment. Also these
patches does not change ver number for installed AV. Another reason is
to learn puppet.
For now I have created following menifest which works fine on test
setup. I am yet to use it for all users. Pl reply if you find any kind
of configuration error etc.
class av_patches {
if ! defined(Package["Kaspersky Endpoint Security 10 for
This defined() condition should not be necessary: Have only a single
location where the package is defined.
Windows"]) {
package { "Kaspersky Endpoint Security 10 for Windows":
ensure => installed,
}
}
file { "c:/software/patch_10_1_249.exe":
ensure => present,
source =>
"puppet:///modules/av_patches/patch_10_1_249.exe",
require => Package["Kaspersky Endpoint Security 10 for Windows"],
}
file { "c:/software/patch_pfsf2.exe":
ensure => present,
source => "puppet:///modules/av_patches/patch_pfsf2.exe",
require => Package["Kaspersky Endpoint Security 10 for Windows"],
}
exec { "patch_10_1_249":
command => 'c:/software/patch_10_1_249.exe /s',
creates => "c:/software/patch_10_1_249-installed",
require => File["c:/software/patch_10_1_249.exe"],
notify => File["c:/software/patch_10_1_249-installed"],
}
file { "c:/software/patch_10_1_249-installed":
ensure => file,
require => Exec["patch_10_1_249"],
}
exec { "patch_pfsf2":
command => 'c:/software/patch_pfsf2.exe /s',
creates => "c:/software/patch_pfsf2-installed",
require => File["c:/software/patch_pfsf2.exe"],
notify => File["c:/software/patch_pfsf2-installed"],
}
file { "c:/software/patch_pfsf2-installed":
ensure => file,
require => Exec["patch_pfsf2"],
}
Interesting chaining for stampfileing! I haven't seen that one before
and it looks nice, given the circumstances.
The important thing to test is that calling the patch installers a
second time doesn't result in an error. Else that construct might need
manual intervention, when something interrupts puppet after installing
the patch but before doing the -installed file.
}
All in all it looks like a pragmatic solution to an ugly problem. When
you'll gain experience with new patches in your environment, you might
want to look into extracting the patch versions into a variable to avoid
editing it in many places, but that is already nitpicking.
Regards, David
--
* Always looking for people I can help with awesome projects *
G+: https://plus.google.com/+DavidSchmitt
Blog: http://club.black.co.at/log/
LinkedIn: http://at.linkedin.com/in/davidschmitt
--
You received this message because you are subscribed to the Google Groups "Puppet
Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/53CCDFAB.3080909%40dasz.at.
For more options, visit https://groups.google.com/d/optout.
