This script schedules the patching of SUMA client systems with action chains, a product migration to a higher service pack level or performs an offline upgrades. An action chain for a client system includes the patching with the type of patches that are requested by the user and then a reboot if it is suggested by a patch, everything at a specified date and time.
If the patching fails for a system, the reboot is not run by the action chain.
The input this program receives, is a file as first argument that is structured in the following way:
client-system-name,YYYY-mm-dd HH:MM:SS
group:name-of-group,YYYY-mm-dd HH:MM:SS
client-system-name2,YYYY-mm-dd HH:MM:SS,migration-target-label
group:name-of-group2,YYYY-mm-dd HH:MM:SS,migration-target-label
client-system-name3,now
group:name-of-group3,now
client-system-name4,YYYY-mm-dd HH:MM:SS,ks-label,koptsWhere:
- YYYY = Year
- mm = Month
- dd = Day
- HH = Hour
- MM = Minutes
- SS = Seconds
or
- now = execution at the earliest time
For example:
instance-k3s-0,now
instance-k3s-1,2023-03-06 10:00:00
instance-k3s-2,2023-03-13 11:00:00
group:Build Hosts,2023-03-06 19:00:00
instance-sles15-sp3,2023-03-06 20:00:00,sle-product-sles15-sp4-pool-x86_64
group:sles15-sp4-systems,now,sle-product-sles15-sp5-pool-x86_64This associates each system with a patching date and time when the patching will be scheduled. If the system has no
pending patches, it will be skipped and no action chain will be created for it. In case there is a third argument
with a product target label and the migrate option is specified, a product migration will be scheduled for the system.
The patch command has an option called -p and --policy to indicate a CSV file with the following structure:
BaseProductName,PatchAdvisoryType1 PatchAdvisoryType2 PatchAdvisoryType3When specified it will patch each system that has BaseProductName as their base product with the patch advisory types (security, bugfix, product_enhancement and all) that follow after the comma separated by spaces.
There is an example of patching policies located at conf/product_patching_policy.conf. Note: this file does not have
the full list of available products. The user of the script will have to add the desired base products and their
patching policies as needed.
The script needs a separate configuration file named config with the following format:
[server]
api_url = https://your-suma-server-name.localdomain/rpc/api
fqdn = your-suma-server-name.localdomain
[credentials]
username = your-username
password = your-passwordOptions:
api_url: contains the SUMA server FQDN and path to the API (which is/rpc/api) using the HTTPS protocol.fqdn: contains the SUMA server FQDN.username: contains a SUMA username with permissions to perform patching on the chosen client servers.password: contains the password of the SUMA username.
Depending on how the script was installed, it can be run in different ways. If the script was installed using the RPM package, it can be run as follows:
$ sumacli patch systems.csv
However, if the script was installed using the source code, it can be run as follows:
$ python3 -m sumacli patch systems.csv
The following examples assume the script was installed using the RPM package.
On the command line, you may run the following command to apply all the available patches to each system
in systems.csv:
$ sumacli patch --all-patches systems.csv
Or to patch the systems by the policies part of conf/product_patching_policy.conf and add a reboot to each
action chain:
$ sumacli patch --policy conf/product_patching_policy.conf --reboot systems.csv
Or to migrate the systems to a new Service Pack (SP) level:
$ sumacli migrate systems.csv
Or to request a package refresh for each system:
$ sumacli utils -r systems.csv
The systems.csv file has to be structured as described in the Input section.
To validate results, you may run:
$ sumacli validate actions/action_ids_file
You may add the -h or --help option after each command to list all their available options with a short description.
For example:
$ sumacli -h
Or
$ sumacli patch --help