cookbook 'linux_patching', '= 0.1.0'
linux_patching (3) Versions 0.1.0 Follow1
A Chef cookbook to patch Linux nodes.
cookbook 'linux_patching', '= 0.1.0', :supermarket
knife supermarket install linux_patching
knife supermarket download linux_patching
linux_patching
Description
A Chef cookbook to patch Linux nodes, based on Brian Fald's (@bflad) chef-auto-patch
cookbook. Provides the ability to configure three patching windows/stages: pre-configuration, patching, and post-configuration. Also updated to support the latest version of chef-client, additional OSes, and newer versions of existing OS varieties.
Requirements
Platforms
- amazon
- arch
- centos
- debian
- redhat
- ubuntu
Cookbooks
- cron
Stages
- <b>pre_config</b> - disabled by default. Allows preparation scripts to be run, such as preparing/cleaning the system, pre-downloading patches, or notifying external systems. Can help speed up patching process and meet patching timeframes.
- <b>patch</b> - the primary patching stage. This stage is enabled by default and will run the node platform's patch script in the templates directory.
- <b>post_config</b> - disabled by default. Allows for checkout scripts to be run, such as verifying system state, rebooting at a later date, or notifying external systems. Use this to run tasks at a set scheduled time after the completion of the patching stage.
Attributes
The following is a hash of options that can be set for a stage, where stage is one of patch
, pre_config
, or post_config
. See the Examples section for more details.
Attribute | Description | Type | Default |
---|---|---|---|
enable | Controls if the stage is enabled. | Boolean |
true for patching stage, otherwise false |
hour | Hour to patch at. | Integer | 3 |
minute | Minute to patch at. | Integer | 0 |
monthly | Enable patching on a monthly interval corresponding to the textual week number (first, second, etc.) and weekday (monday, tuesday, etc.). Overridden by the weekly attribute. |
String | nil |
platforms | Not yet supported. Platforms that the patching schedule applies to. Chef will not manage patching on the node if its platform is not one specified. | String | all |
reboot | Controls if reboots are performed immediately after patching. | Boolean | false |
splay | Seconds of random delay before beginning patching. | Integer | 0 |
weekly | Enable patching on a weekly interval corresponding to the textual weekday (monday, tuesday, etc). Overrides the monthly attribute. |
String | sunday |
script | The sequential commands to run for the stage's script. | Array | varies, see /attributes/default.rb
|
Recipes
-
recipe['linux_patching']
- configures automatic patching.
Usage
- Update attributes as desired
- Update script templates
- Add recipe to node run list
Examples
Enable weekly patching with reboots
node['linux_patching']['patch'] = { 'enable' => true, 'hour' => 3, 'minute' => 0, 'monthly' => nil, 'platforms' => 'all', 'reboot' => true, 'splay' => 0, 'weekly' => 'sunday', }
Enable monthly patching with no reboot
node['linux_patching']['patch'] = { 'enable' => true, 'hour' => 2, 'minute' => 30, 'monthly' => 'second tuesday', 'platforms' => 'all', 'reboot' => false, 'splay' => 300, 'weekly' => nil, }
Disable patching entirely on a node
node['linux_patching']['patch']['enable'] = false node['linux_patching']['pre_config']['enable'] = false node['linux_patching']['post_config']['enable'] = false
TODO
The following is a list of things I would like to eventually add to this cookbook. Feel free to contribute by raising an issue or pull request to this project in GitLab.
- Write InSpec tests
- Provide example pre_config and post_config scripts
- Add ability to "run now". Thought is to have an attribute that when set to true, will run the patch process/scripts at the next chef-client run.
- Add support for the 'platforms' attribute within a stage.
Dependent cookbooks
cron ~> 6.2.1 |
Contingent cookbooks
There are no cookbooks that are contingent upon this one.
linux_patching CHANGELOG
This file is used to list changes made in each version of the linux_patching cookbook.
0.1.0 (2019-09-25)
- Initial release.
Collaborator Number Metric
0.1.0 failed this metric
Failure: Cookbook has 0 collaborators. A cookbook must have at least 2 collaborators to pass this metric.
Contributing File Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.1.0 passed this metric
No Binaries Metric
0.1.0 passed this metric
Testing File Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.0 failed this metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a CONTRIBUTING.md file
Foodcritic Metric
0.1.0 passed this metric
No Binaries Metric
0.1.0 passed this metric
Testing File Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.0 passed this metric
0.1.0 passed this metric
Testing File Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must contain a TESTING.md file
Version Tag Metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number
0.1.0 failed this metric
0.1.0 failed this metric
Failure: To pass this metric, your cookbook metadata must include a source url, the source url must be in the form of https://github.com/user/repo, and your repo must include a tag that matches this cookbook version number