Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Puppetizing the pain out of patching os patching, Tony Green, Puppet

26 views

Published on

Once upon a time, there was a mystical land whose inhabitants were able to manage patching on their Linux AND Windows servers using a single tool. Join me for a jaunt into this fantastical land where you'll hear tales of collaboration, compliance and self service automation!

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Puppetizing the pain out of patching os patching, Tony Green, Puppet

  1. 1. Puppetizing the pain out of patching Tony Green (he/him) tgreen@albatrossflavour.com @albatrossflavour
  2. 2. Me
  3. 3. TL;DRIt's late in the conference, how about we get the demo out of the way first and then we can talk about the how and why.
  4. 4. Principles
  5. 5. Principles 1. Do one thing and do it well
  6. 6. Principles 1. Do one thing and do it well 2. Canonical data is on the node
  7. 7. Principles 1. Do one thing and do it well 2. Canonical data is on the node 3. Blocked means blocked
  8. 8. Principles 1. Do one thing and do it well 2. Canonical data is on the node 3. Blocked means blocked 4. Automagically updated
  9. 9. Principles 1. Do one thing and do it well 2. Canonical data is on the node 3. Blocked means blocked 4. Automagically updated 5. Single, centralised, interface for reporting
  10. 10. Principles 1. Do one thing and do it well 2. Canonical data is on the node 3. Blocked means blocked 4. Automagically updated 5. Single, centralised, interface for reporting 6. Unified orchestration options with self service
  11. 11. Why?
  12. 12. -- Jake Rogers
  13. 13. Facter
  14. 14. • Updates • Blackout windows • Pinned package list • Last run state • Patch window • Reboot override • Pending reboot state • Blockers
  15. 15. Cache files
  16. 16. Patch windows
  17. 17. Use hiera ...
  18. 18. or the console.
  19. 19. Then run the agent
  20. 20. Blackouts
  21. 21. Patch blockers • During blackout window • Invalid blackout window • Warnings present 1 1  Configurable option
  22. 22. Patch blockers You cannot patch....I am a servant of the Secret Fire, wielder of the flame of Anor. You cannot patch. The dark fire will not avail you, flame of Udûn. Go back to the Shadow! You cannot patch.
  23. 23. Warnings• Package resources with versions that aren't locked at the OS layer • Fact cache files don't exist • Fact cache files have not been recently updated
  24. 24. Security only patching
  25. 25. And then run the task
  26. 26. To reboot, or not to reboot, that is the question
  27. 27. Reboot required?
  28. 28. Reboot options • always • never • patched • smart
  29. 29. https//bit.ly/os_patching
  30. 30. Integrations
  31. 31. Sample queries
  32. 32. Roadmap• Agentless patching through Bolt • Chocolatey • Puppet Remediate • BSD support (Thanks to Romain Tartière) • AIX and Solaris • Gems • ...?
  33. 33. Special thanks to • Not Potato • Brett Gray • Rob Nelson • Tommy McNeely • Geoff Williams • Jake Rogers • Nathan Giuliani
  34. 34. Very special thanks to Yasmin Rajabi and the bolt/tasks team. Without you, none of this would be possible.
  35. 35. Thank you! tgreen@albatrossflavour.com " @albatrossflavour # https//bit.ly/os_patching
  36. 36. Questions?

×