Adoptable Cookbooks List

Looking for a cookbook to adopt? You can now see a list of cookbooks available for adoption!
List of Adoptable Cookbooks

Supermarket Belongs to the Community

Supermarket belongs to the community. While Chef has the responsibility to keep it running and be stewards of its functionality, what it does and how it works is driven by the community. The chef/supermarket repository will continue to be where development of the Supermarket application takes place. Come be part of shaping the direction of Supermarket by opening issues and pull requests or by joining us on the Chef Mailing List.

Select Badges

Select Supported Platforms

Select Status

RSS

linux_patching (3) Versions 0.1.0

A Chef cookbook to patch Linux nodes.

Policyfile
Berkshelf
Knife
cookbook 'linux_patching', '= 0.1.0', :supermarket
cookbook 'linux_patching', '= 0.1.0'
knife supermarket install linux_patching
knife supermarket download linux_patching
README
Dependencies
Changelog
Quality 33%

linux_patching

pipeline status

Description

A Chef cookbook to patch Linux nodes, based on Brian Fald's (@bflad) chef-auto-patch cookbook. Provides the ability to configure three patching windows/stages: pre-configuration, patching, and post-configuration. Also updated to support the latest version of chef-client, additional OSes, and newer versions of existing OS varieties.

Requirements

Platforms

  • amazon
  • arch
  • centos
  • debian
  • redhat
  • ubuntu

Cookbooks

  • cron

Stages

  • <b>pre_config</b> - disabled by default. Allows preparation scripts to be run, such as preparing/cleaning the system, pre-downloading patches, or notifying external systems. Can help speed up patching process and meet patching timeframes.
  • <b>patch</b> - the primary patching stage. This stage is enabled by default and will run the node platform's patch script in the templates directory.
  • <b>post_config</b> - disabled by default. Allows for checkout scripts to be run, such as verifying system state, rebooting at a later date, or notifying external systems. Use this to run tasks at a set scheduled time after the completion of the patching stage.

Attributes

The following is a hash of options that can be set for a stage, where stage is one of patch, pre_config, or post_config. See the Examples section for more details.

Attribute Description Type Default
enable Controls if the stage is enabled. Boolean true for patching stage, otherwise false
hour Hour to patch at. Integer 3
minute Minute to patch at. Integer 0
monthly Enable patching on a monthly interval corresponding to the textual week number (first, second, etc.) and weekday (monday, tuesday, etc.). Overridden by the weekly attribute. String nil
platforms Not yet supported. Platforms that the patching schedule applies to. Chef will not manage patching on the node if its platform is not one specified. String all
reboot Controls if reboots are performed immediately after patching. Boolean false
splay Seconds of random delay before beginning patching. Integer 0
weekly Enable patching on a weekly interval corresponding to the textual weekday (monday, tuesday, etc). Overrides the monthly attribute. String sunday
script The sequential commands to run for the stage's script. Array varies, see /attributes/default.rb

Recipes

  • recipe['linux_patching'] - configures automatic patching.

Usage

  • Update attributes as desired
  • Update script templates
  • Add recipe to node run list

Examples

Enable weekly patching with reboots

node['linux_patching']['patch'] = {
  'enable' => true,
  'hour' => 3,
  'minute' => 0,
  'monthly' => nil,
  'platforms' => 'all',
  'reboot' => true,
  'splay' => 0,
  'weekly' => 'sunday',
}

Enable monthly patching with no reboot

node['linux_patching']['patch'] = {
  'enable' => true,
  'hour' => 2,
  'minute' => 30,
  'monthly' => 'second tuesday',
  'platforms' => 'all',
  'reboot' => false,
  'splay' => 300,
  'weekly' => nil,
}

Disable patching entirely on a node

node['linux_patching']['patch']['enable'] = false
node['linux_patching']['pre_config']['enable'] = false
node['linux_patching']['post_config']['enable'] = false

TODO

The following is a list of things I would like to eventually add to this cookbook. Feel free to contribute by raising an issue or pull request to this project in GitLab.

  • Write InSpec tests
  • Provide example pre_config and post_config scripts
  • Add ability to "run now". Thought is to have an attribute that when set to true, will run the patch process/scripts at the next chef-client run.
  • Add support for the 'platforms' attribute within a stage.

Dependent cookbooks

cron ~> 6.2.1

Contingent cookbooks

There are no cookbooks that are contingent upon this one.

linux_patching CHANGELOG

This file is used to list changes made in each version of the linux_patching cookbook.

0.1.0 (2019-09-25)

  • Initial release.

Collaborator Number Metric
            

0.1.0 failed this metric

Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.

Contributing File Metric
            

0.1.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file

Foodcritic Metric
            

0.1.0 passed this metric

No Binaries Metric
            

0.1.0 passed this metric

Testing File Metric
            

0.1.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file

Version Tag Metric
            

0.1.0 failed this metric

Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number