homeblogstandardize and automate patching workflows with puppet enterprise

Standardize and automate patching workflows with Puppet Enterprise

Patching systems is not a new problem; this is something that organizations are very familiar with. Organizations have tried solving this issue in various ways by cobbling together multiple tools, processes, different teams, and more.

Organizations are constantly trying to stay secure and keep their systems up to date, but patch management isn’t a simple process. In fact, applying the patch itself is just one part of the overall workflow, which involves multiple teams and various steps. This process flow is usually planned weeks in advance.

A typical patching workflow is manually intensive and extremely time-consuming. It can involve: teams reviewing available patches, tracking down affected systems, coordinating with owners of systems, agreeing on scheduling and blackout windows, creating the necessary ticketing and getting change approvals, applying the actual patch (this could involve going into the machines, installing the patch, making sure things work, doing a reboot, etc.), then informing teams of patch success or failure and, finally, confirming the job has completed and systems are back to a healthy state.

We know this is a major pain point for many of our customers, so we’ve come up with two new ways to help teams standardize and automate patching workflows.

OS patching from the PE Console

With the release of Puppet Enterprise 2019.8, Puppet now provides pre-built automation content for patching systems regardless of operating system. Review available patches across your Windows and Linux nodes, apply the actual patches, and report on the patch success or failure to ensure your systems are back to a healthy state.

apply patches

One of the most valuable aspects of this new patching capability is having visibility into all of the patches across your estate regardless of OS. This allows you to use one tool to apply your patches. You can give your teams access to what they are responsible for so they can manage this on their time. Patching uses Tasks for the workflow, making it easy for your organization to get started right away!

New! Patching service

If you’re looking to improve patching processes but need to hold off on updating to PE 2019.8, we’ve got you covered. Our new patching service helps make patching more scalable and efficient by reducing delays and manual work.

A Puppet expert will work with your team to implement a standardized workflow and build out tasks to trigger the workflow via Puppet Enterprise. RBAC and pre-defined scheduling/blackout windows enable self-service deployments by other teams, cutting out the bottlenecks of cross-team coordination and manual change-approval processes. This codified, automated workflow mitigates the risks associated with patching at scale, and makes it easier to reliably update systems on a regular cadence.

When you’re ready to upgrade to Puppet Enterprise 2019.8 to take advantage of out-of-the-box patching workflows and other new capabilities, our upgrade services can help ensure a smooth transition. We’ll help you convert or replace existing Puppet code, install and configure the latest release, and migrate nodes to run against your new infrastructure.

I hope these updates help ease the pain of patching. We’re eager to hear your feedback! Drop us a line in the Puppet Slack channel to let us know what you think.

Learn more

  • Learn more about Puppet Enterprise 2019.8 here.
  • Download Puppet Enterprise 2019.8 here.
  • Check out what’s new between releases here.
  • See the release notes here.
  • Register for an upcoming Tech Talk: Puppet Enterprise: Update vs. upgrade?