Re: OS patching via cfengine

[Thomas Glanzmann]

* Ryan Anderson <Ryan.Anderson@udlp.com> [030306 21:24]:
> I'm trying to roll out OS patches to Solaris & IRIX hosts, but can't
> think of a way via cfengine besides making a cfengine script that

For Solaris patch we use a shell scripts, provided by our computing
center to do the patching automatically on our workstations. This shell
script is called autopatch, if you want I could send you a copy.

> - Patches would reside in a central location that should be mounted
> manually; ie not all hosts are in a NIS domain with an automount
> location to pull from. I'd be open to using a 'copy' of all patches to
> every host if this is a better design way to go

We're using a automounted NFS directory. But if you can you should
always use a more reliable protocoll like http and do check sums before
applying patches. We had two scenarios which left us with 50 unusable
Solaris workstations:
        Once we applied a NFS patch and while applying that patch the
        patchmgr could not reach the the patch via NFS.

        Another day went the NFS server with patches down while our
        workstations applied patches.

> Has anyone 'invented the wheel' on this one already and willing to
> share ideas or code?

Drop me an eMail and I send you the Solaris autopatch script. For
Linux/Debian box it is nice to system updates. We do this every hour
automatically on 70 Linux machines.