I am new to Puppet, and I am wondering if it is an effective solution for patch/pkg management on Solaris as well as Linux. I am more interested on the Solaris side. So far am unable to locate any relevant documentation. Where can I find documentation on how to handle this?
Linux – Patching with Puppet
configuration-managementlinuxpuppetsolaris
Best Answer
Patch management is a very broad topic that can have variables like company policy. Therefore there is no out of the box solution that fits all needs, and therefore, puppet only comes with the tools to create solutions that match your specific requirements.
For Rpm or Apt based Linux, all you need is custom repositories, which can be created by rsync, or mrepo, or Satellite or Pulp. Then use puppet to point your servers to these repositories. Puppet can then use Rpm or Apt to manage packages for you. (Check other pages on that site)
Pulp also lets you track what RPM packages are present on what servers, and install them remotely. You could use puppet to install and configure Pulp on your servers. Pulp is a new and not so mature product btw. The features that pulp offers could by built using puppet with some thought and effort.
For Solaris, if it's an individual package, you could use the "pkgadd" provider.
To selectively install multiple Solaris patches, or to install "all the latest" patches, you could use an external script along with puppet "Exec".
There is a popular open source script that people use to manage patches on Solaris. PCA. With PCA, you can create internal mirrors of Sun patches, and configure servers to use those mirrors, instead of going out to the internet.
For installing Solaris packages, you can use the "bldcat" tool from OpenCSW to build internal package repositories. Then you can use "pkgutil" in Puppet to install your internal (and CSW) Solaris packages.
Your architecture then becomes very similar to Linux + yum or Apt.