Patch management parameters

User name for the owner of the patch data. String.

Default: root

Group name for the owner of the patch data. String.

Default: root

User account for running the cron job that scans for new patches in the background. String.

Default: $patch_data_owner

Determines if the yum_utils package should be managed by this module on RedHat family nodes. If true, use the yum_utils parameter to determine how it should be managed. Boolean.

Default: false

If managed, determines what the package is set to. Enum[installed, absent, purged, held, latest]

Default: installed

Determines if the patching task should run if there were warnings present on the pe_patch fact. If true, the run will abort and take no action. If false, the run will continue and attempt to patch. Boolean.

Default: false

Determines if puppet fact upload runs after any changes are made to the fact cache files. Boolean.

Default: true

Determines if apt-get autoremove runs during reboot. Boolean.

Default: false

Determines if the delta_rpm package should be managed by this module on RedHat family nodes. If true, use the delta_rpm parameter to determine how it should be managed. Boolean.

Default: false

If managed, determines what the delta_rpm package is set to. Enum[installed, absent, purged, held, latest]

Default: installed

Determines if the yum_plugin_security package should be managed by this module on RedHat family nodes. If true, use the yum_plugin_security parameter to determine how it should be managed. Boolean.

Default: false

If managed, determines what the yum_plugin_security package is set to. Enum[installed, absent, purged, held, latest]

Default: installed

Determines if a node reboots after patching. This overrides the setting in the task. Variant, Boolean, Enum[always, never, patched, smart, default]

• always - The node always reboots during the task run, even if no patches are required.
• never (or false) - The node never reboots during the task run, even if patches are applied.
• patched (or true) - The node reboots if patches are applied.
• smart - Use the OS supplied tools, like needs_restarting on RHEL or a pending reboot check on Windows, to determine if a reboot is required, if it is reboots, or if it does not reboot.
• default - Uses whatever option is set in the reboot parameter for the pe_patch::patch_server task.

Default: default

Identifies nodes in or across patching node groups to run patching plans against.

Default: undef

The full path to an executable script or binary on the target node to be run before patching.

Default: undef

The full path to an executable script or binary on the target node to be run after patching.

Default: undef

The hour or hours to run the cron job that scans for new patches.

Default: absent, or *

The month or months to run the cron job that scans for new patches.

Default: absent, or *

The monthday or monthdays to run the cron job that scans for new patches.

Default: absent, or *

The weekday or weekdays to run the cron job that scans for new patches.

Default: absent, or *

The min or mins to run the cron job that scans for new patches.

Default: fqdn_rand(59) - a random number between 0 and 59.

Use present to install scripts, cronjobs, files, etc. Use absent to clean up system that previously hosted.

Default: present

Determines a window of time when nodes cannot be patched. Hash.

:title - Name of the blackout window. String.

:start- Start of the blackout window (ISO8601 format). String.

:end - End of the blackout window (ISO8601 format). String.

Default: undef

Determines which types of updates Windows Update searches for. To search both software and driver updates, remove the Type argument. String.

Default: IsInstalled=0 and IsHidden=0 and Type='Software'