It really depends on the OS and how you want to handle it.
Puppet already has the package (
https://docs.puppet.com/puppet/latest/type.html#package) with the option
*ensure
=> latest,* that will keep the package at the most recent patches available
in repos defined on the hosts.
If you want to patch everything your manifest can be as simple as an
* exec{ 'yum -y update':*
* path => ['/usr/bin', '/usr/sbin',},*
* }*
It really depends on what you want to accomplish.
Providing you have the puppetlabs/stdlib module installed you can use
*strftime* to pull in the current date/time to assign to a variable. If you
use a smart class parameter, *class x ( $somevar="something", ) { puppet
block }*, you can change override the smart class variable to be the date /
time you the current date/time must exceed to run your patching. Even more
complex setups would have it so that you have *$window_start *and
* $window_stop* variables to control when Puppet will even consider
patching.
Basically it will all come down to the OS you are used, the patching
commands (yum, dpkg, zypper) required to handle the process.
The best way to get this worked out is to figure out exactly how your
process will go, what depends on what and then pseudo code it to follow the
login through. Then start looking to see what Puppet can do for you
natively and what you will have to do via exec, custom facts or defines.
--
You received this message because you are subscribed to the Google Groups
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to puppet-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/puppet-users/2bebcb7b-5aa0-4e02-a396-e55e9674080b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
