Has anyone used Puppet to manage Solaris Patches? If so could you pass on any tips. For those without Solaris experience, you can only describe the configuration of a Solaris system with the full combination of Installed Packages Installed Patches Applied Configuration
On Feb 24, 2007, at 3:33 PM, Scott White wrote:> > Has anyone used Puppet to manage Solaris Patches? If so could you > pass on any tips. > > For those without Solaris experience, you can only describe the > configuration of a Solaris system with the full combination of > > Installed Packages > Installed Patches > Applied ConfigurationYou''re the first to ask about this, but it shouldn''t be that hard to manage them. The hardest part, currently, will be performance, because each patch operation will run separately which will be slow. I''ve been planning ways to speed up this kind of operation, but I don''t yet have time to implement it. -- Learning is not attained by chance, it must be sought for with ardor and attended to with diligence. -- Abigail Adams --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com
On 2/25/07, Luke Kanies <luke@madstop.com> wrote:> On Feb 24, 2007, at 3:33 PM, Scott White wrote: > > > > > Has anyone used Puppet to manage Solaris Patches? If so could you > > pass on any tips. > > > > For those without Solaris experience, you can only describe the > > configuration of a Solaris system with the full combination of > > > > Installed Packages > > Installed Patches > > Applied Configuration > > You''re the first to ask about this, but it shouldn''t be that hard to > manage them. The hardest part, currently, will be performance, > because each patch operation will run separately which will be slow. > > I''ve been planning ways to speed up this kind of operation, but I > don''t yet have time to implement it.You copy all the patches over to the same directory and create a patch_order file using smpatch [1]. Then add them all with one "patchadd -M <dir> patch_order" which might speed things up a bit. Doing this in an automated way with puppet is the next challenge. cheers matthew [1] http://mgerdts.blogspot.com/2006/01/patchorder-made-easy.html> > -- > Learning is not attained by chance, it must be sought for with > ardor and > attended to with diligence. -- Abigail Adams > --------------------------------------------------------------------- > Luke Kanies | http://reductivelabs.com | http://madstop.com > > > _______________________________________________ > Puppet-users mailing list > Puppet-users@madstop.com > https://mail.madstop.com/mailman/listinfo/puppet-users >-- matthew http://wadofstuff.blogspot.com
On Feb 24, 2007, at 10:53 PM, Matthew Flanagan wrote:> > You copy all the patches over to the same directory and create a > patch_order file using smpatch [1]. Then add them all with one > "patchadd -M <dir> patch_order" which might speed things up a bit. > > Doing this in an automated way with puppet is the next challenge.This problem is essentially the same problem as packages, where it''s faster to install many at once, but I think the speed differences are even worse, although I do not know as I haven''t installed a Solaris patch automatically in years. There''s definitely some kind of generalized algorithm one could use, but I''ve no idea what it is. -- To define recursion, we must first define recursion. --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com
Fast, ordered and automated would be great, but we could probably start with something simple. How about another Package type, very much like Sun and RPM, where we provide the source. For anything more automated it would be great to rely on another project rather that try to internalise the logic, much like you do with apt and yum. How about Patch Check Advanced? It seems to be the most popular. http://www.par.univie.ac.at/solaris/pca/intro.html If you think it is the right solution architecturally I can have a go at making it work? Rgds Scott On 25 Feb 2007, at 08:11, Luke Kanies wrote:> On Feb 24, 2007, at 10:53 PM, Matthew Flanagan wrote: >> >> You copy all the patches over to the same directory and create a >> patch_order file using smpatch [1]. Then add them all with one >> "patchadd -M <dir> patch_order" which might speed things up a bit. >> >> Doing this in an automated way with puppet is the next challenge. > > This problem is essentially the same problem as packages, where it''s > faster to install many at once, but I think the speed differences are > even worse, although I do not know as I haven''t installed a Solaris > patch automatically in years. > > There''s definitely some kind of generalized algorithm one could use, > but I''ve no idea what it is. > > -- > To define recursion, we must first define recursion. > > --------------------------------------------------------------------- > Luke Kanies | http://reductivelabs.com | http://madstop.com > > > _______________________________________________ > Puppet-users mailing list > Puppet-users@madstop.com > https://mail.madstop.com/mailman/listinfo/puppet-users
On 24 Feb 2007, at 14:42, Luke Kanies wrote:> You''re the first to ask about this, but it shouldn''t be that hard to > manage them. The hardest part, currently, will be performance, > because each patch operation will run separately which will be slow.also Sun patches want to be installed in singler user mode, which makes applying them horrible to automate :( I’ve given this some thought, and have come up with no ideas. However, testing of PCA (Patch Check Advanced) makes me think that wrapping PCA calls through puppet is somehow the answer. PCA is faster and generally much better than Sun’s own tools. Gary Law gary.law@gmail.com _______________________________________________ Puppet-users mailing list Puppet-users@madstop.com https://mail.madstop.com/mailman/listinfo/puppet-users
Fast, ordered and automated would be great, but we could probably start with something simple. How about another Package type, very much like Sun and RPM, where we provide the source. For anything more automated it would be great to rely on another project rather that try to internalise the logic, much like you do with apt and yum. How about Patch Check Advanced? It seems to be the most popular. http://www.par.univie.ac.at/solaris/pca/intro.html If you think it is the right solution architecturally I can have a go at making it work? Rgds Scott> On Feb 24, 2007, at 10:53 PM, Matthew Flanagan wrote: >> >> You copy all the patches over to the same directory and create a >> patch_order file using smpatch [1]. Then add them all with one >> "patchadd -M <dir> patch_order" which might speed things up a bit. >> >> Doing this in an automated way with puppet is the next challenge. > > This problem is essentially the same problem as packages, where it''s > faster to install many at once, but I think the speed differences are > even worse, although I do not know as I haven''t installed a Solaris > patch automatically in years. > > There''s definitely some kind of generalized algorithm one could use, > but I''ve no idea what it is. > > -- > To define recursion, we must first define recursion. > --------------------------------------------------------------------- > Luke Kanies | http://reductivelabs.com | http://madstop.com > > > _______________________________________________ > Puppet-users mailing list > Puppet-users@madstop.com > https://mail.madstop.com/mailman/listinfo/puppet-users >
On Feb 25, 2007, at 5:08 PM, Gary Law wrote:> > also Sun patches want to be installed in singler user mode, which > makes applying them horrible to automate :(I''ve basically never done this and have never had problems.> I’ve given this some thought, and have come up with no ideas. > However, testing of PCA (Patch Check Advanced) makes me think that > wrapping PCA calls through puppet is somehow the answer. PCA is > faster and generally much better than Sun’s own tools.Sounds like an easy provider. :) -- Good judgment comes from experience, and experience comes from bad judgment. --Barry LePatner --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com
On Feb 25, 2007, at 5:52 PM, Scott White wrote:> > Fast, ordered and automated would be great, but we could probably > start > with something simple. > > How about another Package type, very much like Sun and RPM, where we > provide the source. > > For anything more automated it would be great to rely on another > project > rather that try to internalise the logic, much like you do with apt > and > yum. > > How about Patch Check Advanced? It seems to be the most popular. > > http://www.par.univie.ac.at/solaris/pca/intro.html > > If you think it is the right solution architecturally I can have a > go at > making it work?Yeah, that''s definitely what I would start with, and I would definitely accept the provider if you created one. -- The difference between scientists and engineers is that when engineers screw up, people die. -- Professor Orthlieb --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com