wsus_inventory

pdk
tasks
Bolt inventory plugin for dynamically retrieving groups and targets from Microsoft WSUS (Windows Server Update Services)
Encore Technologies

Encore Technologies

encore

1,131 downloads

1,131 latest version

5.0 quality score

Version information

  • 0.1.0 (latest)
released Apr 15th 2020
This version is compatible with:
  • Puppet Enterprise 2019.8.x, 2019.7.x, 2019.5.x, 2019.4.x, 2019.3.x, 2019.2.x, 2019.1.x, 2019.0.x, 2018.1.x, 2017.3.x, 2017.2.x, 2016.4.x
  • Puppet >= 4.10.0 < 7.0.0
  • CentOS
    ,
    RedHat
    ,
    Debian
    ,
    Ubuntu
    ,
    windows
Tasks:
  • resolve_reference

Start using this module

Documentation

encore/wsus_inventory — version 0.1.0 Apr 15th 2020

wsus_inventory

Build Status Puppet Forge Version Puppet Forge Downloads Puppet Forge Score Puppet PDK Version puppetmodule.info docs

Welcome to your new module. A short overview of the generated parts can be found in the PDK documentation at https://puppet.com/pdk/latest/pdk_generating_modules.html .

The README template below provides a starting point with details about what information to include in your README.

Table of Contents

  1. Description
  2. Setup - The basics of getting started with wsus_inventory
  3. Usage - Configuration options and additional functionality
  4. Limitations - OS compatibility, etc.
  5. Development - Guide for contributing to the module

Description

Briefly tell users why they might want to use your module. Explain what your module does and what kind of problems users can solve with it.

This should be a fairly short description helps the user decide if your module is what they want.

Setup

Setup Requirements

This module connects to the WSUS SQL server. To do this we make use of the sequel Ruby lubrary and the underlying tiny_tds adapter, which relies on the FreeTDS C library. Below are basic instructions for setting up FreeTDS on the node you're running bolt from so that this module can communicate with the WSUS SQL Server and generate inventory. For more instructions on your platform of choice, checkout the tiny_tds and freetds instructions for your platform on Google.

Setup Requirements: RHEL/CentOS

# install freetds
sudo yum -y install freetds freetds-devel
/opt/puppetlabs/bolt/bin/gem install sequel tiny_tds

Setup Requirements: Debian

# install freetds
sudo apt-get -y install freetds-bin freetds-dev
/opt/puppetlabs/bolt/bin/gem install sequel tiny_tds

Setup Requirements: Windows

# freetds is compiled staticly and installed alongside the tiny_tds library on Windows
/opt/puppetlabs/bolt/bin/gem install sequel tiny_tds

Examples

Example query all targets from WSUS

Queries ALL computers from WSUS and returns them as a list of Targets for Bolt.

---
version: 2.0

groups:
  - name: windows_wsus
    config:
      transport: winrm
      winrm:
        user: xxx
        password:
          _plugin: pkcs7
          encrypted_value: ENC[PKCS7,xxx]
        ssl: true
        ssl-verify: false
    vars:
      patching_order: 1
    targets:
      # grabs a list of groups from WSUS
      - _plugin: wsus_inventory
        # creds to login to the WSUS MSSQL database
        host: wsus.domain.tld
        database: 'SUSDB'
        username: DOMAIN\svc_wsus_bolt
        password:
          _plugin: pkcs7
          encrypted_value: ENC[PKCS7,xxx]     
        # remove hosts that haven't checked into WSUS in the last N days
        filter_older_than_days: 1
        # return a list of 'targets'
        format: targets'

Example query targets in specific groups from WSUS

Queries WSUS for computers who are members of specific groups (Servers_A, Servers_B) in WSUS. It then combines the members from all groups specified into one list and returns that as a list of Targets to Bolt (ie. a union of the members for groups specified).

---
version: 2.0

groups:
  - name: windows_wsus
    config:
      transport: winrm
      winrm:
        user: xxx
        password:
          _plugin: pkcs7
          encrypted_value: ENC[PKCS7,xxx]
        ssl: true
        ssl-verify: false
    vars:
      patching_order: 1
    groups:
      # grabs a list of groups from WSUS
      - _plugin: wsus_inventory
        # creds to login to the WSUS MSSQL database
        host: wsus.domain.tld
        database: 'SUSDB'
        username: DOMAIN\svc_wsus_bolt
        password:
          _plugin: pkcs7
          encrypted_value: ENC[PKCS7,xxx]     
        # remove hosts that haven't checked into WSUS in the last N days
        filter_older_than_days: 1
        # return a list of 'targets'
        format: targets'
        # Only return targets that are members of the following groups in WSUS
        # Since we are returning format: 'targets' we will return one big list of targets
        # for all computers in all of the following groups (big union)
        groups:
          - Servers_A
          - Servers_B

Example query all groups from WSUS

Queries WSUS for ALL groups, and returns group structures for each group in WSUS. For each group in WSUS, we prefix the returned group name with windows_wsus_ (specified by the group_name_prefix parameter) and then append the WSUS group name. Note: Bolt is picky about its group naming standards, so all WSUS group names will be lowercased, and all non alpha-numeric (or _) characters will be replaced with _.

Example:


# configuration
group_name_prefix: 'windows_wsus'

# WSUS group name
Servers A

# resulting group data
- name: windows_wsus_servers_a
  targets:
    - host1
    - host2
    - host3

Below is the inventory to make this happen

---
version: 2.0

groups:
  - name: windows_wsus
    config:
      transport: winrm
      winrm:
        user: xxx
        password:
          _plugin: pkcs7
          encrypted_value: ENC[PKCS7,xxx]
        ssl: true
        ssl-verify: false
    vars:
      patching_order: 1
    groups:
      # grabs a list of groups from WSUS
      - _plugin: wsus_inventory
        # creds to login to the WSUS MSSQL database
        host: wsus.domain.tld
        database: 'SUSDB'
        username: DOMAIN\svc_wsus_bolt
        password:
          _plugin: pkcs7
          encrypted_value: ENC[PKCS7,xxx]
        # remove hosts that haven't checked into WSUS in the last N days
        filter_older_than_days: 1
        # return a list of 'groups', this could also be 'targets'
        format: 'groups'
        # insert windows_wsus_ before the group names we get from WSUS
        # so we will get groups like: windows_wsus_servers_a
        group_name_prefix: 'windows_wsus_'

Example query specific groups from WSUS

If we only want to return a specific set of groups, they can be specified in a list:

---
version: 2.0

groups:
  - name: windows_wsus
    config:
      transport: winrm
      winrm:
        user: xxx
        password:
          _plugin: pkcs7
          encrypted_value: ENC[PKCS7,xxx]
        ssl: true
        ssl-verify: false
    vars:
      patching_order: 1
    groups:
      # grabs a list of groups from WSUS
      - _plugin: wsus_inventory
        # creds to login to the WSUS MSSQL database
        host: wsus.domain.tld
        database: 'SUSDB'
        username: DOMAIN\svc_wsus_bolt
        password:
          _plugin: pkcs7
          encrypted_value: ENC[PKCS7,xxx]
        # remove hosts that haven't checked into WSUS in the last N days
        filter_older_than_days: 1
        # return a list of 'groups', this could also be 'targets'
        format: 'groups'
        # names of groups to extract from WSUS, these need to match exactly what is in WSUS
        # note: this will be downcased when returned because Bolt only allows lowercase names
        groups:
          - Servers_A
          - Servers_B
          - Servers_A_EDR
          - Servers_B_EDR
          - Servers_HV
        # insert windows_wsus_ before the group names we get from WSUS
        # so we will get groups like: windows_wsus_servers_a
        group_name_prefix: 'windows_wsus_'