/patch_mgmt_win.pp
Last active Sep 17, 2019
| #Provides automated patch management | |
| class profile::patch_mgmt_win ( | |
| Array $blacklist = [], | |
| Array $whitelist = [], | |
| Optional[Hash] $patch_window = { | |
| range => '01:00 - 04:00', | |
| weekday => 'Sunday', | |
| repeat => 3 | |
| } | |
| ) { | |
| include os_patching | |
| class { 'wsus_client': | |
| server_url => 'http://wsus.example.com:8530', | |
| target_group => 'AutoApproval', | |
| enable_status_server => true, | |
| auto_install_minor_updates => false, | |
| auto_update_option => 'NotifyOnly', | |
| detection_frequency_hours => 22 | |
| } | |
| if $facts['os_patching'] { | |
| $updatescan = $facts['os_patching']['missing_update_kbs'] | |
| } | |
| else { | |
| $updatescan = [] | |
| } | |
| if $whitelist.count > 0 { | |
| $updates = $updatescan.filter |$item| { $item in $whitelist } | |
| } elsif $blacklist.count > 0 { | |
| $updates = $updatescan.filter |$item| { !($item in $blacklist) } | |
| } else { | |
| $updates = $updatescan | |
| } | |
| schedule { 'patch_window': | |
| * => $patch_window | |
| } | |
| if $facts['os_patching']['reboots']['reboot_required'] == true { | |
| Windows_updates::Kb { | |
| require => Reboot['patch_window_reboot'] | |
| } | |
| notify { 'Reboot pending, rebooting node...': | |
| schedule => 'patch_window', | |
| notify => Reboot['patch_window_reboot'] | |
| } | |
| } | |
| reboot { 'patch_window_reboot': | |
| apply => 'finished', | |
| schedule => 'patch_window' | |
| } | |
| $updates.each | $kb | { | |
| windows_updates::kb { $kb: | |
| ensure => 'present', | |
| maintwindow => 'patch_window' | |
| } | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment