System updates

Rudder "System updates" plugin allows to check and ensure nodes have the latest packages available installed. It is part of Rudder’s patch management features.

See available updates

The list of available updates is visible in the dedicated System updates page in the Patch management menu category.

There are two entry-points for exploring updates, by node or by update.

By node

by node

By update

by update


You can access all the information about available updates through the usual nodes API.


How it works

The systems running an agent with Rudder 7.1 or newer will collect the list of available updates on the node during each inventory (by default, daily between 0-6 a.m.).

If you want to update the list of installed package or available updates you can trigger an inventory, either with the rudder agent inventory command or in the policies with the Inventory trigger generic method in the technique editor.

This list comes directly from what the node sees, and hence depends on configured repositories on the system. It allows following your existing repository management workflows, whether your nodes are directly plugged to upstream repositories or you’re using frozen snapshots to handle patch levels. The amount of details available depends on what the package manager provides.

The available updates refresh (apt update or equivalent) is done automatically by the agent, by default every 4 hours (on OSes where it is not automatically done).


Basic system update with standard library techniques

Rudder provides techniques in its standard library to do basic system updates through the usual rule application process.

These techniques support Linux and Windows thanks to the dedicated System update and Windows update techniques. They provide simple scheduling and basic reporting in Rudder usual rule reporting.


Advanced update campaigns with detailed reporting

System-updates plugin provides an advanced update mechanism with "system update campaigns". It provides advanced scheduling with easy lookup of past, currently running and planned campaigned. Each campaign get centralized advanced reporting with, for each nodes, updated packages and console output of system update execution if debugging is needed.

Supported systems

System-update campaigns only work on Linux systems in Rudder 7.2.

Update campaign in audit-only nodes

A system update campaign WILL update a node even if that node is set in audit only.

Define a campaign

In order to keep updated your system, you have to define a campaign. It consists of a: - name - description - execution schedule: schedule by month, week or one shot, and you will be able to define a time slot during which the updates will take place - target: groups of node on which the campaign will be applied

Campaigns keep history of events, you can keep track of which updates have succeeded or failed.

If you delete a campaign, the history will also be deleted.


Monitor event

Each campaigns produce an event. These are the updates planned, they can have 3 states: - planned: the next scheduled tasks - running: update is running right now - skipped: this event has been canceled

You have no control on which package are updated during the campaigns, you cannot filter the list of package to be updated.


← Secret Management User management →