All notable changes to this project will be documented in this file.
- Adds error handling to patching. On error:
- If error occurs after monitoring is disabled, monitoring is re-enabled
- If error occurs before updates are attempted, target is removed from further steps
- On Linux (rhel/debian) If error occurs while updates are being applied:
- If yum records new transaction, packages were attempted to be installed -> report number of failed packages/successful and log error
- If there is no new transaction something else happened -> log details to LOG_FILE and report 1 failed 'package'
- Reports update history only for targets where updates were attempted
(Refactor)
Contributed by Alex Chrystal (@asktheaxis)
-
Added support for overriding ssl and the cert used during prometheus connections. (Enhancement)
Contributed by Alex Chrystal (@asktheaxis)
-
Added support for AlmaLinux. (Enhancement)
Contributed by Vadym Chepkov (@vchepkov)
-
Fixing issue where the update history was not being reported back on RHEL8 systems.
Contributed by Bradley Bishop (@bishopbm1)
-
Added support for Oracle Linux.
Contributed by Sean Millichamp (@seanmil)
-
remove unused hiera configuration
Contributed by Vadym Chepkov (@vchepkov)
-
Added disconnect_wait input to be passed to the reboot plan so that there can be controls around when the plan checks if the server has rebooted.
Contributed by Bradley Bishop (@bishopbm1)
-
Added support for Rocky Linux. (Enhancement)
Contributed by Vadym Chepkov (@vchepkov)
-
Added a new plan and task
patching::snapshot_kvmfor creating/deleting snapshots on KVM/libvirt.Contributed by Nick Maludy (@nmaludy)
-
Fixed issue where puppet facts were not in the expected spot causing puppet_facts plan to fail. We added a conditional to check for the facts in both places
Contributed by Bradley Bishop (@bishopbm1)
-
Bumped module
puppetlabs/puppet_agentto< 5.0.0Contributed by @fetzerms
-
Added module
puppetlabs/rebootto>= 3.0.0 < 5.0.0Contributed by @fetzerms
-
Bumped
puppetrequirement to< 8.0.0to support Puppet 7Contributed by Nick Maludy (@nmaludy)
-
PDK update to
2.0.0Contributed by Nick Maludy (@nmaludy)
-
Remove tests for Puppet
5. NOTICE Puppet 5 support will be removed in next major version.Contributed by Nick Maludy (@nmaludy)
-
Added tests for Puppet
7Contributed by Nick Maludy (@nmaludy)
-
Fixed issue where agruments for reboot strategy are being overridden by inventory file.
Contributed by Bradley Bishop (@bishopbm1)
-
Switch from Travis to GitHub Actions
Contributed by Nick Maludy (@nmaludy)
-
Added monitoring_prometheus bolt plan and task to optionally create/delete silences in Prometheus to suppress alerts for the given targets.
-
Added monitoring_multiple bolt plan to enable/disable monitoring for multiple different services at once.
Contributed by John Schoewe (@jschoewe)
-
Fixed header line for CSV
Contributed by Haroon Rafique
-
Fixed trivial bug with useless use of cat
Contributed by Haroon Rafique
-
Added new configuration option:
patching_update_provider: Parameter sets the provider in the update tasks.
Contributed by Bill Sirinek (@sirinek)
-
Fixed bug in
patching::available_updates_windowswhere ifchoco outdatedprinted an error, but returned a0exit status our output parsing code was throwing an exception causing a unhelpful error to be printed. Now, we check for this condition and if we can't successfully parse the output ofchoco outdatedwe explicitly fail the task and return the raw output from the command.Contributed by Nick Maludy (@nmaludy)
-
Added new plans
patching::get_factsto retrieve a set of facts from a list of targets andpatching::set_factsto set facts on a list of targets. This is used to assign thepatching_groupfact so that we can query PuppetDB for group information in dynamic Bolt inventories.Contributed by Nick Maludy (@nmaludy)
-
Fixed a bug with a hard coded wait for reboot. (Bug Fix)
Contributed by Michael Surato (@msurato)
-
Add
hostnameas a choice for patching::snapshot_vmware::target_name_property It can be used in cases where target discovery uses fully qualified domain names and VM names don't have domain name componentContributed by Vadym Chepkov (@vchepkov)
-
Fixed a bug in
patching::monitoring_solarwindsplan wherepatching_monitoring_name_propertyconfig value wasn't being honored. (Bug Fix)Contributed by Nick Maludy (@nmaludy)
-
Fixed a bug in
patching::updatetask on RHEL where errors in theyumcommand we're being reported due to the use of a|. Now we check$PIPESTATUS[0]instead of$?. (Bug Fix)Contributed by Nick Maludy (@nmaludy)
-
Added new configuration options:
patching_reboot_wait: Parameter controls thereboot_waitoption for the number of seconds to wait between reboots. Default = 300paching_report_file: Customize the name of the report file to write to disk. You can disable writing the report files by specifying this as'disabled'. NOTE: for PE users writing files to disk throws an error, so you'll be happy you can now disable writing these files! Default =patching_report.csvpatching_report_format: Customize the format of the reports written to the report file. Default =pretty
(Enhancement)
Contributed by Nick Maludy (@nmaludy)
-
To support the new configuration options above, the
patching::reboot_requiredplan had its parameterreboot_waitrenamed towait. (Enhancement)Contributed by Nick Maludy (@nmaludy)
-
Ensure the
patching.jsonfile exists on Windows by creating a blank file if it was previously missing.Contributed by Bill Sirinek (@sirinek)
-
use
nameinstead ofhostto better represent targets in inventoryContributed by Vadym Chepkov (@vchepkov)
-
Fixed a bug where if
patching::update_historytask was called and no results were returned thepatching::update_historyplan would fail. Now, we default to an empty array so a 0 is displayed.Contributed by Nick Maludy (@nmaludy)
-
BREAKING CHANGE Converted from
nodestotargetsfor all plans and tasks. This is in support of Bolt2.0. Any calling plans or CLI will need to use thetargetsparameter to pass in the hosts to be patched. (Feature)Contributed by Nick Maludy (@nmaludy)
-
Fixed inconsistent documentation for result file location, proper location is:
C:/ProgramData/patching/log/patching.json. (Bug Fix) #28Contributed by Nick Maludy (@nmaludy)
-
Added documentation for patching with PE and
pcptimeouts. (Documentation) #28Contributed by Nick Maludy (@nmaludy)
-
PDK sync to 1.17.0 template (Enhancement)
Contributed by Nick Maludy (@nmaludy)
-
Made the timeout after reboot a configurable parameter. (Enhancement)
Contributed by Michael Surato (@msurato)
-
Fixed bug in
patching::snapshot_vmwarewhere the wrong snapshot name was printed to the user. (Bug Fix)Contributed by Nick Maludy (@nmaludy)
-
Fixed bug in
patching::available_updates_windowswhere usingprovider=windowsthrew an error. (Bug Fix)Contributed by Nick Maludy (@nmaludy)
-
Add support for Fedora Linux. (Enhancement)
Contributed by Vadym Chepkov (@vchepkov)
-
Modified location of the puppet executable on Linux to use the supported wrapper. This sets library paths to solve consistency issues. (Bug Fix)
Contributed by Michael Surato (@msurato)
-
Add support for SUSE Linux Enterprise. (Enhancement)
Contributed by Michael Surato (@msurato)
-
Modify the scripts to use /etc/os-release. This will fallback to older methods in the absense of /etc/os-release. (Enhancement)
Contributed by Michael Surato (@msurato)
-
Re-establish all targets availability after reboot
Contributed by Vadym Chepkov (@vchepkov)
-
Fixed a bug in
patching::puppet_factswhere the sub command would fail to run on installations with customGEM_PATHsettings. (Bug Fix)Contributed by Nick Maludy (@nmaludy)
-
Changed the property we use to look up SolarWinds nodes from
'Caption'to'DNS'by default. Also made the property configurable using thepatching_monitoring_name_property. There are now new parameters on thepatching::monitoring_solarwindstask and plans to allow specifying what property we are matching for on the SolarWinds side. (Enhancement)Contributed by Nick Maludy (@nmaludy)
-
Add support for RHEL 8 based distributions (Enhancement)
Contributed by Vadym Chepkov (@vchepkov)
-
Added shields/badges to the README. (Enhancement)
Contributed by Nick Maludy (@nmaludy)
-
Added the ability to enable/disable monitoring during patching. The first implementation is to do this in the SolarWinds monitoring tool:
- Task -
patching::monitoring_solarwinds: This task enables/disbles monitoring for a list of node names. - Plan -
patching::monitoring_solarwinds: Wraps thepatching::monitoring_solarwindstask in an easier to consume fashion, along with configuration option parsing and pretty printing. (Enhancement)
Contributed by Nick Maludy (@nmaludy)
- Task -
-
Changed the name of the configuration option
patching_vm_name_propertytopatching_snapshot_target_name_property. This correlates to the new property that was just added (below). (Enhancement)Contributed by Nick Maludy (@nmaludy)
-
Added a new configs:
patching_monitoring_planName of the plan to execute for monitoring alerts control. (default:patching::monitoring_solarwinds)patching_monitoring_enabledEnable/disable the monitoring phases of patching. (default:true)patching_monitoring_target_name_propertyDetermines what property on the target maps to the node's name in the monitoring tool (SolarWinds). This was intentionally made discinct frompatching_snapshot_target_name_propertyin case the tools used different names for the same node/target.
Contributed by Nick Maludy (@nmaludy)
-
Empty strings
''for plan names no longer disable the execution of plans (thepick()function removes these, so it gets ignored). Instead pass in the string'disabled'to disable the use of a pluggable plan. (Bug fix)Contributed by Nick Maludy (@nmaludy)
-
Renamed task implementations to
_linuxand_windowsto work around a Forge bug where it didn't support that Bolt feature and was denying module submission. Due to this i also had to create matching task metadata for_linuxand_windowsand mark them as"private": trueso that they are not visible inbolt task show. (Enhancement)Contributed by Nick Maludy (@nmaludy)
Features
Bugfixes
Known Issues