Hi: The Puppet@Sun case study recently posted to the RL blog [1] says they use Puppet to make security patching easier. Anybody know how they do that? Is there some magic in Puppet which makes patching Solaris easier? Thanks! Footnotes: [1] http://reductivelabs.com/2010/01/26/case-study-sun-microsystems-uses-puppet-to-accelerate-system-updates-and-ensure-consistent-configurations-across-their-web-server-architecture/ -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
Mark, On Feb 2, 3:39 pm, Mark Plaksin <ha...@usg.edu> wrote:> The Puppet@Sun case study recently posted to the RL blog [1] says they > use Puppet to make security patching easier. Anybody know how they do > that? Is there some magic in Puppet which makes patching Solaris easier? >since I''m the one who said it I think I should answer :) The way that puppet makes it easier for us to patch is that when there is a security issue, we can usually start by deploying a mitigation, e.g. disable the service, or update the ipfilter config to block the service in question, or some other kind of action. Then we can schedule normal downtime and patch in an orderly fashion, instead of scrambling to patch 650 systems at once. We have also used a custom facts to gather info from all systems, and report back if they are vulnerable to a specific issue or not. Let me know if you have more questions... cheers, /Martin -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
+------------------------------------------------------------------------------ | On 2010-02-02 08:22:40, Martin Englund wrote: | | We have also used a custom facts to gather info from all systems, and | report back if they are vulnerable to a specific issue or not. I wouldn''t mind seeing the facts. Cheers. -- bda cyberpunk is dead. long live cyberpunk. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.
> I wouldn''t mind seeing the facts.Me neither if possible. -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com. To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en.