Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
#Provides automated patch management
class profile::patch_mgmt_win (
Array $blacklist = [],
Array $whitelist = [],
Optional[Hash] $patch_window = {
range => '01:00 - 04:00',
weekday => 'Sunday',
repeat => 3
}
) {
include os_patching
class { 'wsus_client':
server_url => 'http://wsus.example.com:8530',
target_group => 'AutoApproval',
enable_status_server => true,
auto_install_minor_updates => false,
auto_update_option => 'NotifyOnly',
detection_frequency_hours => 22
}
if $facts['os_patching'] {
$updatescan = $facts['os_patching']['missing_update_kbs']
}
else {
$updatescan = []
}
if $whitelist.count > 0 {
$updates = $updatescan.filter |$item| { $item in $whitelist }
} elsif $blacklist.count > 0 {
$updates = $updatescan.filter |$item| { !($item in $blacklist) }
} else {
$updates = $updatescan
}
schedule { 'patch_window':
* => $patch_window
}
if $facts['os_patching']['reboots']['reboot_required'] == true {
Windows_updates::Kb {
require => Reboot['patch_window_reboot']
}
notify { 'Reboot pending, rebooting node...':
schedule => 'patch_window',
notify => Reboot['patch_window_reboot']
}
}
reboot { 'patch_window_reboot':
apply => 'finished',
schedule => 'patch_window'
}
$updates.each | $kb | {
windows_updates::kb { $kb:
ensure => 'present',
maintwindow => 'patch_window'
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.