While it's possible to do stuff like this in Puppet, it's not really
configuration management that you're doing here; it's systems
administration. If your requirement is to have patches installed
automatically, I would write this as a 10 line shell script, and have
Puppet just take care of installing the script as a cron task.
On Friday, March 13, 2015 at 5:45:16 AM UTC+11, Brian Morris wrote:
>
> I don't have enough nodes to justify running my own patch repository, but
> here is the manifest I use for patching our Debian-derived systems. First,
> though, here is the facter called "updates_already_running"
>
> Facter.add(:updates_already_running) do
> confine :osfamily => "Debian"
> setcode do
> if Facter::Util::Resolution.exec("ps aux | grep 'dpkg\|apt-get' | grep
> -v grep")
> "yes"
> end
> end
> end
>
> And, here is the manifest:
>
> class system_updates {
> # ==Purpose
> # This class is used for running system updates on all Linux assets.
> #
> # ==Actions
> # * Compiles a list of available updates
> # * Ensures that any pending package problems are resolved
> # * Applies all available updates
> # * Automatically cleans up any packages that are no longer needed
> # * Empties genericadmin's mailbox
>
> # * Reboots the system if any updates require it
> #
> #
> if ( $::updates_already_running ) {
> }
> else {
>
> Exec["lock_prep"] -> Exec["apt_prep"] -> Exec["apt_update"] -> Exec[
> "apt_fix"] -> Exec["apt_upgrade"] -> Exec["apt_remove"] -> Exec[
> "empty_mailbox"] -> Exec["reboot"]
> #
> #
> exec { "lock_prep":
> command => "rm -f /var/lib/dpkg/lock ; rm -f
> /var/lib/apt/lists/lock ; rm -f /var/cache/apt/archives/lock",
> }
> exec { "apt_prep":
> command => "rm -rf /var/lib/apt/lists/* ; mkdir
> /var/lib/apt/lists/partial",
> }
> exec { "apt_update":
> command => "apt-get update",
> }
> exec { "apt_fix":
> command => "apt-get -f install",
> }
> exec { "apt_upgrade":
> command => "apt-get -o Dpkg::Options::=\"--force-confdef\" -o
> Dpkg::Options::=\"--force-confold\" -y --force-yes dist-upgrade",
> }
> exec { "apt_remove":
> command => "apt-get -y autoremove",
> }
> exec { "empty_mailbox":
> command => 'echo "" > /home/genericadmin/mbox',
> onlyif => "test -f /home/genericadmin/mbox",
> }
> exec { "reboot":
> command => "reboot",
> onlyif => "test -f /var/run/reboot-required",
> }
> }
> }
>
> I hope this helps you.
>
> Brian
>
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/42e006cd-df5d-4284-95ff-c243585c1eeb%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
