Cookbook to manage updates with HP Smart Update Manager.
['hpsum']['path']
path to cache HP SUM files, nil unless customer provides permanent location['hpsum']['policy']['allow_reboot']
true by default['hpsum']['inventory']['lastcheck']
timestamp['hpsum']['inventory']['interval']
how frequently the policty['hpsum']['baseline']['mount'][]
list of HP SUM baseline mounts
Dynamically generate new roles from the baselines by iterating over the node['hpsum']['baseline']['mount'].keys using cheffish chef_role. Parses XML to dynamically generate roles.
Baselines are managed as roles that provide the packages and their required versions.
role[bl_production]
[hpsum][bl][prod][action] = "downgrade"
[hpsum][bl][prod][ilo_firmware] = "2.3.1.2"
[hpsum][bl][prod][nic] = "9.2.3.5"
[hpsum][bl][prod][raidcontroller] = "1.2.3.5"
[hpsum][bl][prod][usbcontroller] = "9.2.3.5"
role[bl_hotfix]
[hpsum][bl][hotfix][action] = "rewrite"
[hpsum][bl][hotfix][raidcontroller] = "1.2.3.7"
role[bl_hotfix2]
[hpsum][bl][hotfix2][action] = "upgrade"
[hpsum][bl][hotfix2][raidcontroller2] = "1.2.3.9"
node[hpsum][bl].keys.each do |baseline| baseline.keys.each do |pkg| hpsum_package pkg do action pkg[action] version pkg[version] allow_retry true allow_reboot true end end
This recipe checks if a node has run an inventory check within the specified interval time. If the interval has been exceeded it will run a new inventory check, iterating over the baseline mount points and generating new XML for future compliance checks. These timestamps are stored as the following node attributes:
['hpsum']['inventory']['lastcheck']
timestamp of last inventory check['hpsum']['inventory']['interval']
time (in seconds) for the interval policy
The following knife command provides an example of generating a report to identify machines out of policy.
chef exec knife exec example_scripts/inventory_check.rb
Iterates over mount points, pushes XML into node object. Could be used for a compliance report. No changes to the node.
You can do an ad-hoc report knife exec check packages report role says [hpsum][bl][hotfix][raidcontroller] = "1.2.3.7" node says [hpsum][bl][hotfix][raidcontroller] = "1.2.3.9"
What sort of reports do we want to generate and where do they go? Audit cookbook or process data for Analytics.
Performs updates Call the HPSUM CLI to generate the new XML files based off of each baseline. Mounts each HP SUM mount and runs the CLI, generating XML files hpsum -s --rewrite|downgrade --use_location Set environment for permanent HP SUM as an option %TMP% rewrite requires preventing multiple runs
Author:: Matt Ray (matt@chef.io)
Copyright 2015 Chef Software, Inc.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.