reidmv · August 29, 2015 14:12
diff --git a/0_yum_update_in_puppet.txt b/0_yum_update_in_puppet.txt
 The following Puppet code examples demonstrate how Puppet can assist in
 implementing a repository-based patching workflow. Chris St. Pierre does
 a good job of describing the methodology in his whitepaper, "Staging
 Package Deployment via Repository Management".

 https://www.usenix.org/legacy/event/lisa11/tech/full_papers/Pierre.pdf
diff --git a/1_resource.pp b/1_resource.pp
 # In the simplest case, a resource such as this one will have Puppet check on
 # every run whether or not there are any package updates available from any
 # configured yum repositories, and update those packages if there are.
 exec { 'yum-updates':
  command   => "/usr/bin/yum update -y",
  unless    => "/usr/bin/yum check-update",
  logoutput => true,
 }
diff --git a/2_class.pp b/2_class.pp
 # In a more complicated example, a class can be created which will configure a
 # system to point to a specific repository and ensure that all available #
 # updates from that repo are applied. Whether or not to actually apply the
 # updates is optional, controlled by a class parameter.
 class critical_updates (
  $baseurl       = 'http://mirror.centos.org/centos/$releasever/os/$basearch/',
  $gpgkey        = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6',
  $apply_updates = false,
 ) {

  yumrepo { 'critical_updates':
    baseurl  => $baseurl,
    descr    => 'Critical Update Repo',
    enabled  => 1,
    gpgcheck => 1,
    gpgkey   => $gpgkey,
  }

  exec { 'yum-critical-update':
    command   => "yum --disablerepo '*' --enablerepo critical_updates update -y",
    unless    => "yum --disablerepo '*' --enablerepo critical_updates check-update",
    logoutput => true,
    path      => '/usr/bin',
    noop      => !$apply_updates,
    require   => Yumrepo['critical_updates'],
  }

 }
	The following Puppet code examples demonstrate how Puppet can assist in
	implementing a repository-based patching workflow. Chris St. Pierre does
	a good job of describing the methodology in his whitepaper, "Staging
	Package Deployment via Repository Management".

	https://www.usenix.org/legacy/event/lisa11/tech/full_papers/Pierre.pdf
	# In the simplest case, a resource such as this one will have Puppet check on
	# every run whether or not there are any package updates available from any
	# configured yum repositories, and update those packages if there are.
	exec { 'yum-updates':
	command => "/usr/bin/yum update -y",
	unless => "/usr/bin/yum check-update",
	logoutput => true,
	}
	# In a more complicated example, a class can be created which will configure a
	# system to point to a specific repository and ensure that all available #
	# updates from that repo are applied. Whether or not to actually apply the
	# updates is optional, controlled by a class parameter.
	class critical_updates (
	$baseurl = 'http://mirror.centos.org/centos/$releasever/os/$basearch/',
	$gpgkey = 'file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-6',
	$apply_updates = false,
	) {

	yumrepo { 'critical_updates':
	baseurl => $baseurl,
	descr => 'Critical Update Repo',
	enabled => 1,
	gpgcheck => 1,
	gpgkey => $gpgkey,
	}

	exec { 'yum-critical-update':
	command => "yum --disablerepo '*' --enablerepo critical_updates update -y",
	unless => "yum --disablerepo '*' --enablerepo critical_updates check-update",
	logoutput => true,
	path => '/usr/bin',
	noop => !$apply_updates,
	require => Yumrepo['critical_updates'],
	}

	}