Ask Your Question

How do I automatically get the latest security updates for Puppet?

asked 2012-11-01 12:50:01 -0600

updated 2012-11-01 12:56:38 -0600

I have Puppet 2.7.19 installed from the packages hosted at for my enterprise linux systems and for my Debian based systems. I've followed the documentation published in the Using the Puppet Labs Package Repositories document.

Now that Puppet is semantically versioned, how can I automatically install the latest patch (i.e. bugfix or security) release without also automatically upgrading the minor or major version of Puppet?

edit retag flag offensive close merge delete

2 Answers

Sort by ยป oldest newest most voted

answered 2012-12-18 10:38:03 -0600

asq gravatar image

updated 2012-12-18 10:40:03 -0600

puppet shouldn't be considered iron-stable to be safely updated automatically. while there are chances that with minor version upgrades will go smooth, you should always test each upgrade - basically check if all manifests compile successfully and review your load average graphs to check new version is not hogging your setup down - prior to putting it into production, especially regarding puppetmasters.

i like to use mcollective package (ie. mco package install / mco package status) plugin to check/install packages, as it's more agile than puppet itself i can use it to quickly rollback if something goes wrong.

you should ... (more)

edit flag offensive delete link more

answered 2012-11-09 13:19:03 -0600

carthik gravatar image

The Upgrading Intentionally section of the documentation regarding upgrading puppet might be what you are looking for, specifically the part which deals with apt pinning, and how you might want to maintain your own repository if you're using yum.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools



Asked: 2012-11-01 12:50:01 -0600

Seen: 1,225 times

Last updated: Dec 18 '12