Apply patch once to windows node
55 views
Skip to first unread message
Dhaval Thakar
Jul 15, 2014, 9:50:53 AM7/15/14
to puppet...@googlegroups.com
Hi All,
I am starting to use puppet to manage windows nodes, tried searching but couldn't find solution for this...
I need to apply kaspersky patch using puppet to windows nodes. So far I have used kaspersky server to install / upgrade / patch antivirus. Trying to get it done using puppet.
Can someone guide me to run windows command on nodes only once ? This patch does not update installed application version hence couldn't use Package in manifest file.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
I am starting to use puppet to manage windows nodes, tried searching but couldn't find solution for this...
I need to apply kaspersky patch using puppet to windows nodes. So far I have used kaspersky server to install / upgrade / patch antivirus. Trying to get it done using puppet.
Can someone guide me to run windows command on nodes only once ? This patch does not update installed application version hence couldn't use Package in manifest file.
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
David Schmitt
Jul 21, 2014, 2:09:29 AM7/21/14
to puppet...@googlegroups.com
On 2014-07-15 15:36, Dhaval Thakar wrote:
> Hi All,
>
> I am starting to use puppet to manage windows nodes, tried searching but
> couldn't find solution for this...
>
> I need to apply kaspersky patch using puppet to windows nodes. So far I
> have used kaspersky server to install / upgrade / patch antivirus.
> Trying to get it done using puppet.
>
> Can someone guide me to run windows command on nodes only once ? This
> patch does not update installed application version hence couldn't use
> Package in manifest file.
Trying to understand your use-case here: What is the problem of using
> Hi All,
>
> I am starting to use puppet to manage windows nodes, tried searching but
> couldn't find solution for this...
>
> I need to apply kaspersky patch using puppet to windows nodes. So far I
> have used kaspersky server to install / upgrade / patch antivirus.
> Trying to get it done using puppet.
>
> Can someone guide me to run windows command on nodes only once ? This
> patch does not update installed application version hence couldn't use
> Package in manifest file.
the kaspersky server to deploy the AV patches?
To answer you primary question: If you find a way to programmatically
check whether the patch is applied or not, and you know how to install
the patch by code, you can implement a exec resource with an onlyif
argument to do so. It'll probably be a pain to maintain and will not
scale as patches accumulate.
Regards, David
dhaval thakar -SkillnetED
Jul 21, 2014, 3:35:39 AM7/21/14
to puppet...@googlegroups.com
Thanks for the reply.
Only valid reason I have is to install patches on fresh OS, along with
AV which may not work if I push patches using kasper, kasper admin
maintains its local catalogue for app / patch deployment. Also these
patches does not change ver number for installed AV. Another reason is
to learn puppet.
For now I have created following menifest which works fine on test
setup. I am yet to use it for all users. Pl reply if you find any kind
of configuration error etc.
class av_patches {
if ! defined(Package["Kaspersky Endpoint Security 10 for
Windows"]) {
package { "Kaspersky Endpoint Security 10 for Windows":
ensure => installed,
}
}
file { "c:/software/patch_10_1_249.exe":
ensure => present,
source =>
"puppet:///modules/av_patches/patch_10_1_249.exe",
require => Package["Kaspersky Endpoint Security 10 for Windows"],
}
file { "c:/software/patch_pfsf2.exe":
ensure => present,
source => "puppet:///modules/av_patches/patch_pfsf2.exe",
require => Package["Kaspersky Endpoint Security 10 for Windows"],
}
exec { "patch_10_1_249":
command => 'c:/software/patch_10_1_249.exe /s',
creates => "c:/software/patch_10_1_249-installed",
require => File["c:/software/patch_10_1_249.exe"],
notify => File["c:/software/patch_10_1_249-installed"],
}
file { "c:/software/patch_10_1_249-installed":
ensure => file,
require => Exec["patch_10_1_249"],
}
exec { "patch_pfsf2":
command => 'c:/software/patch_pfsf2.exe /s',
creates => "c:/software/patch_pfsf2-installed",
require => File["c:/software/patch_pfsf2.exe"],
notify => File["c:/software/patch_pfsf2-installed"],
}
file { "c:/software/patch_pfsf2-installed":
ensure => file,
require => Exec["patch_pfsf2"],
}
}
David Schmitt
Jul 21, 2014, 5:39:10 AM7/21/14
to puppet...@googlegroups.com
Re,
This defined() condition should not be necessary: Have only a single
location where the package is defined.
Interesting chaining for stampfileing! I haven't seen that one before
and it looks nice, given the circumstances.
The important thing to test is that calling the patch installers a
second time doesn't result in an error. Else that construct might need
manual intervention, when something interrupts puppet after installing
the patch but before doing the -installed file.
> }
All in all it looks like a pragmatic solution to an ugly problem. When
you'll gain experience with new patches in your environment, you might
want to look into extracting the patch versions into a variable to avoid
editing it in many places, but that is already nitpicking.
Regards, David
--
* Always looking for people I can help with awesome projects *
G+: https://plus.google.com/+DavidSchmitt
Blog: http://club.black.co.at/log/
LinkedIn: http://at.linkedin.com/in/davidschmitt
location where the package is defined.
and it looks nice, given the circumstances.
The important thing to test is that calling the patch installers a
second time doesn't result in an error. Else that construct might need
manual intervention, when something interrupts puppet after installing
the patch but before doing the -installed file.
> }
All in all it looks like a pragmatic solution to an ugly problem. When
you'll gain experience with new patches in your environment, you might
want to look into extracting the patch versions into a variable to avoid
editing it in many places, but that is already nitpicking.
Regards, David
--
* Always looking for people I can help with awesome projects *
G+: https://plus.google.com/+DavidSchmitt
Blog: http://club.black.co.at/log/
LinkedIn: http://at.linkedin.com/in/davidschmitt
Reply all
Reply to author
Forward
0 new messages