update

Configure update-with-puppet to collect list of packages to update

Dansk Supermarked Group

dansksupermarked

7,623 downloads

4,323 latest version

5.0 quality score

Version information

  • 1.7.3 (latest)
  • 1.5.0
  • 1.4.0
  • 1.3.0
  • 1.2.2
  • 1.2.0
  • 1.1.0
  • 1.0.1
  • 1.0.0
released Apr 24th 2018
This version is compatible with:
  • Puppet Enterprise 2018.1.x, 2017.3.x, 2017.2.x, 2017.1.x, 2016.5.x, 2016.4.x
  • Puppet >=3.0.0 <6.0.0
  • RedHat
    ,
    CentOS
    ,
    Fedora

Start using this module

Tags: dnf, rpm, yum

Documentation

dansksupermarked/update — version 1.7.3 Apr 24th 2018

Update with Puppet

Build Status

Would like to know which packages should be updated on a node?

Would like that list of packages to be injected in your Puppet code?

How it Works

The module will help you configure and schedule update-with-puppet. By default the module will poll once GitHub for update-with-puppet, this feature is only supported since Puppet 4.4. The 'file_src_base_uri' and 'file_replace' parameters can be overwritten to change that behavior and load the three Python files via one of the other supported Puppet sources.

The CRON job will be set for the day and hour defined, the minute of execution will be randomly generated to avoid running at the same time on multiple nodes in the same environment.

The job will fetch from the package provider the updates available for the specified package repositories. A list of Puppet Package resource will be generated (For now as Hiera JSON). The list will, by default, create the Package resources under a Hiera key named 'packages' which should be used in your site.pp or other top level Puppet file to use a lookup key to create resources. This list will be committed to a GIT repository where your Puppet configuration is. You're then free to have those Package resources updated by Puppet.

Example

After assigning the update class to a node, the following parameters should be set.

JSON Hiera

  • With GIT commit and Pull Request creation.
{
  "update::generate_pr": true,
  "update::git_account_name": "YOUR_GIT_ACCOUNT_WHERE_PUPPET_CONF_IS",
  "update::git_email": "THE_EMAIL_OF_THE_GIT_USER",
  "update::git_password": "GIT_USER_PASSWORD",
  "update::git_repo_name": "THE_GIT_REPO_NAME_WHERE_PUPPER_CONF_IS",
  "update::git_user": "GIT_USER",
  "update::git_username": "GIT_USERNAME (optional)",
  "update::hiera_file": "THE_HIERA_FILE_TO_WRITE_RESOURCE_TO (Fact in name is a good idea)",
  "update::pr_reviewers": "LIST_OF_PR_REVIEWERS (optional)",
  "update::repo_filter": "COMMA_SEPARATED_LIST_OF_YUM_REPO_TO_SEARCH",
  "update::working_branch": "NAME_OF_GIT_BRANCH_TO_COMMIT_TO"
}
  • With GIT commit in a feature branch, no Pull Request.
{
  "update::git_account_name": "YOUR_GIT_ACCOUNT_WHERE_PUPPET_CONF_IS",
  "update::git_email": "THE_EMAIL_OF_THE_GIT_USER",
  "update::git_password": "GIT_USER_PASSWORD",
  "update::git_repo_name": "THE_GIT_REPO_NAME_WHERE_PUPPER_CONF_IS",
  "update::git_user": "GIT_USER",
  "update::git_username": "GIT_USERNAME (optional)",
  "update::hiera_file": "THE_HIERA_FILE_TO_WRITE_RESOURCE_TO (Fact in name is a good idea)",
  "update::repo_filter": "COMMA_SEPARATED_LIST_OF_YUM_REPO_TO_SEARCH",
  "update::working_branch": "NAME_OF_GIT_BRANCH_TO_COMMIT_TO"
}

The module will attempt to install Python modules via RPM ('manage_python_deps' is set to true by default), one of them expects EPEL to be defined in Puppet as Yumrepo['epel']. You can also set the param to false and install those Python module via pip as site libraries.

Use Case

A CRON job will collect a list of packages to be updated. If a pull request with the defined 'pr_title' doesn't already exist, one can be created for data collected in that environemnt/branch. Then create a GIT PR to be reviewed, eventually edited, and finally merged in your Puppet configuration to have the packages updated during the next Puppet run.

OS Support

  • RPM based Linux: RHEL, Centos, Scientific, older Fedora,...
  • DNF based Linux: newer Fedora.

Repository Support

  • GIT.
  • BitBucket API for pull request creation.

When updating the module

The code managed by this module is by default loaded from GitHub only once. To force their upgrade, set 'file_replace' to true.

Copyright

Copyright 2017 Dansk Supermarked Group and released under the terms of the GPL version 3 license.