We have a number of Debian servers that need to be patched and manual patching becomes an issue as their number grows.
What I am lookig at is a way to push patches to the servers from the central location and have some sort of reporting on how it goes.I believe that there shoud be relatively easy way to do it without buying third party tools.
Puppet comes to my mind but maybe there are other ideas that can serve this purpose better?
Debian – Free centralized patch management for Debian
aptdebianpatch-management
Related Solutions
Open up /etc/apt/sources.list, and you should see lines like the following (URLs will likely vary):
deb http://http.us.debian.org/debian stable main contrib
Simply add non-free to the respective URLs you wish to use, i.e.:
deb http://http.us.debian.org/debian stable main contrib non-free
Running apt-get update will update your local repo with the package listing.
WPKG
http://wpkg.org
"W-package" (GUI and Command line) is an automated software deployment, upgrade and removal tool for Windows.
- WPKG is open source software.
- It can be used to push/pull software packages, such as Service Packs, hotfixes, or program installations from a central server to a number of workstations.
- It can run as a service to install software in the background (silent install), without user interaction.
- It can install MSI, InstallShield, PackagefortheWeb, Inno Setup, Nullsoft, other software installers or .exe packages, .bat and .cmd scripts and similar: no more repackaging to perform software installation.
Here's a list of software that have already available silent installs, upgrades, and uninstalls configurations (yes, Adobe flash/reader, Java, Firefox, Quicktime are included here). You can write your own too, and contribute to the community.
It doesn't include a full "software-push" feature, but we solved this by using psexec to run it on all our client/hosts, from a remote computer.
You can use the wpkgCreateReport tool to generate a report showing which packages are installed on which computers.
check out the other user contributed software/tools, might come in useful
LUP
http://localupdatepubl.sourceforge.net
Another solution could be using software called Local Update Publisher. It allows you to publish 3rd party software updates through your WSUS server. It seems to use WSUS API feature called "Local Publishing". I haven't used it though, here's what claims to do:
- Publish applications to a domain or workgroup.
- Create rules to define install behavior.
- Monitor progress of installations.
- Use WSUS groups for approvals.
- Utilize existing WSUS architecture. Support multiple parent and child servers.
- Import and export standard update catalogs.
Best Answer
Puppet is great, but doesn't really handle that problem.
What should work (I've done the theory but haven't rolled it out) is using cron-apt in combination with repositories managed by debmashal to approve the patches that cron-apt will then deploy.
Debmarshal is out of google and there's a tech talk available on it:
http://code.google.com/p/debmarshal/
http://www.youtube.com/watch?v=L3hRToC23mQ