Linux - Centralized Patch Management System

Standard Toaster

I'm running a small (but growing!) Linux environment comprising of about 21 Linux servers

The environment I mainly look after consists of CentOS 5 & 6 and Red Hat 6.
All of these are patched individually via their appropriate yum repos.

Can anyone suggest a method of centralising patch management for these servers? I've heard that Puppet is often used to do this but I've never used it myself, and would be interested in hearing from other system administrators.

Support for Solaris and Windows would be a bonus....and open-source!

Cheers

Stuxnet

We use BigFix at work, dont think its free or os tho
doesnt help I know :-p

madhatter76

Have a look at http://spacewalk.redhat.com/ it would sort your Centos needs.

For Redhat Channels there is a similar product called RHN Satellite which will cost you $$$$

ld50

Puppet is excellent. It's open-source and Solaris is also supported. I've only used for debian and osx management. Both server and desktop. It's a very powerful tool and will make managing servers an ease.

I think there are management modules for windows now. So happy days.

Standard Toaster

Cheers all, decided today we're going to trial run Puppet. I'll post back my findings.

laugh

Take precautions against automagically installing something bad, we updated all our servers to a version of puppet that had a bug that broke our use case, we had to manually downgrade puppet on a lot of servers. A dodgy version of our backup software also made it onto servers.

We came up with our own system to promote rpms to the repos used by our production servers after they have been tested.

Feelgood

You could give CFENGINE a whirl, its not strictly for patch management but can be used as such.

Standard Toaster

Went with a combo setup of Puppet/Foreman/Spacewalk in the end. Now to play with them! >.<