Ask Your Question

Install Security Updates via Puppet Master on Agents

asked 2015-09-29 14:10:55 -0600

mfurqan777 gravatar image

updated 2015-09-29 23:27:14 -0600

Hi we have Puppet Master agent setup working fine. We intend to do central Security updates on all agents connected to Puppet Master. Mcollective plugin is also installed and We tried following two approaches:

  1. Restart puppet service on agent via MCO from Master, As when puppet is restarted It gets sync to Master for its setting and on Master(Site.pp) lets suppose we define these two commands to execute. (Apt-get update & aptitude safe-upgrade) cmd: mco rpc service restart service=puppet -S hostname=nodename Result: puppet on node gets restarted and Apt-get update & aptitude safe-upgrade are run in background. Issue: On Puppet Master we only get service puppet is running.No clue whether these commands(Apt-get update & aptitude safe-upgrade) runs successfully or not.

  2. Run command on puppet agent From puppet Master via MCO CMD: mco rpc nrpe runcommand command=puppetrestart -I node -v puppetrestart is defined as a nrpe cmd on agent that contains "puppet agent -t" Result: On agent it sync with Master and runs cmds in background. Issue: As it is nrpe cmd and apt-get and aptitude takes time , we get time-out response on Puppet Master end, Means we are not sure whether cmds executed successfully or not

Is there any way to Install Security updates on all connected agents while remaining on Puppet Master? Any help or suggestion will be appreciated Thanks

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2015-10-01 04:45:39 -0600

jorhett gravatar image

If you are updating the patches using Puppet, then the proper way to identify success or failure is by analyzing the report generated by the node when it is done. If you have a Dashboard set up that either receives the reports, or queries Puppet DB then this will provide information on which nodes updated, which haven't, which failed...

I wouldn't run Puppet through NRPE. If you really want to see the interactive output of a Puppet run (or any other long-running command), then use the Shell agent

mco shell --wi /nodename/ start "puppet agent --test"
mco shell --wi /nodename/ watch

This provides screen-like functionality for executing a long-running command. You can safely attach, detach as necessary until the command completes.

edit flag offensive delete link more


Thanks @jorhett I tried this: mco rpc shell -I user-data start command="puppet agent --test" *[=========================> ] 1 / 1 user-data : OK {:handle=>"d40ccfee-188a-4924-ba39-3235e9511382"} Added more comments due to character limit

mfurqan777 gravatar imagemfurqan777 ( 2015-10-01 13:44:56 -0600 )edit

The puppet gets restart but on Puppet Master side I get the above output only. As I set "apt-get update and Aptitude safe-upgrade" to exec in site.pp. There is no out put about those cmd, unable to run cmd: mco rpc shell watch Attempted to call action watch for shell but it's not declared in the DDL

mfurqan777 gravatar imagemfurqan777 ( 2015-10-01 13:47:29 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2015-09-29 14:10:55 -0600

Seen: 519 times

Last updated: Oct 01 '15