System updates
Rudder "System updates" plugin allows to check and ensure nodes have the latest packages available installed. It is part of Rudder’s patch management features.
See available updates
The list of available updates is visible in the dedicated System updates page in the Patch management menu category.
There are two entry-points for exploring updates, by node or by update.
In the REST API
You can access all the information about available updates through the usual nodes API.
How it works
The systems running an agent with Rudder 7.1 or newer will collect the list of available updates on the node during each inventory (by default, daily between 0-6 a.m.).
If you want to update the list of installed package or available updates you can trigger an inventory,
either with the rudder agent inventory command or in the policies with the Inventory trigger
generic method in the technique editor.
This list comes directly from what the node sees, and hence depends on configured repositories on the system. It allows following your existing repository management workflows, whether your nodes are directly plugged to upstream repositories or you’re using frozen snapshots to handle patch levels. The amount of details available depends on what the package manager provides.
The available updates refresh (apt update or equivalent) is done automatically by the agent, by default every 4 hours (on OSes where
it is not automatically done).
Basic system update with standard library techniques
Rudder provides techniques in its standard library to do basic system updates through the usual rule application process.
These techniques support Linux and Windows thanks to the dedicated System update and Windows update techniques. They provide simple scheduling and basic reporting in Rudder usual rule reporting.
Advanced update campaigns with detailed reporting
System-updates plugin provides an advanced update mechanism with "system update campaigns". It provides advanced scheduling with easy lookup of past, currently running and planned campaigned. Each campaign get centralized advanced reporting with, for each nodes, updated packages and console output of system update execution if debugging is needed.
Update campaign in audit-only nodes
|
A system update campaign WILL update a node even if that node is set in audit only. |
Define a campaign
In order to keep updated your system, you have to define a campaign. It consists of a: - name - description - execution schedule: schedule by month, week or one shot, and you will be able to define a time slot during which the updates will take place - target: groups of node on which the campaign will be applied
Campaigns keep history of events, you can keep track of which updates have succeeded or failed.
|
If you delete a campaign, the history will also be deleted. |
Monitor event
Each campaigns produce an event. These are the updates planned, they can have 3 states: - planned: the next scheduled tasks - running: update is running right now - skipped: this event has been canceled
|
You have no control on which package are updated during the campaigns, you cannot filter the list of package to be updated. |
← Secret Management User management →