max number of times that Puppet can perform patching within the patch window functionality is not working #88
Description
For some reason, the ‘max runs’ option within the patch windows is being ignored. All of our patch groups have max_runs set to 1 but will continue to patch systems if patches are still available after the 'pe_patch_fact_generation.sh’ script is executed at the end of each patch run. Example below.
2nd_thu_20_22_prod_nr:
day_of_week: Thursday
count_of_week: 2
hours: 20:00 - 22:00
max_runs: 1
reboot: never
first puppet run within patch window – the packages available for patching were determined from the cron job (pe_patch_fact_generation.sh) which ran on March 27th
Apr 13 20:00:54 itf-sannav puppet-agent[89855]: Package[bpftool.x86_64] (unmanaged) will be updated by Patching_as_code
Apr 13 20:00:54 itf-sannav puppet-agent[89855]: Package[diffutils.x86_64] (unmanaged) will be updated by Patching_as_code
Apr 13 20:00:54 itf-sannav puppet-agent[89855]: Package[kernel.x86_64] (unmanaged) will be updated by Patching_as_code
Apr 13 20:00:54 itf-sannav puppet-agent[89855]: Package[kernel-tools.x86_64] (unmanaged) will be updated by Patching_as_code
Apr 13 20:00:54 itf-sannav puppet-agent[89855]: Package[kernel-tools-libs.x86_64] (unmanaged) will be updated by Patching_as_code
Apr 13 20:00:54 itf-sannav puppet-agent[89855]: Package[nss.x86_64] (unmanaged) will be updated by Patching_as_code
Apr 13 20:00:54 itf-sannav puppet-agent[89855]: Package[nss-sysinit.x86_64] (unmanaged) will be updated by Patching_as_code
Apr 13 20:00:54 itf-sannav puppet-agent[89855]: Package[nss-tools.x86_64] (unmanaged) will be updated by Patching_as_code
Apr 13 20:00:54 itf-sannav puppet-agent[89855]: Package[openssl.x86_64] (unmanaged) will be updated by Patching_as_code
Apr 13 20:00:54 itf-sannav puppet-agent[89855]: Package[openssl-libs.x86_64] (unmanaged) will be updated by Patching_as_code
Apr 13 20:00:54 itf-sannav puppet-agent[89855]: Package[zlib.x86_64] (unmanaged) will be updated by Patching_as_code
Apr 13 20:00:55 itf-sannav puppet-agent[89855]: (/Stage[main]/Patching_as_code/Exec[Patching as Code - Before patching - pre patch default commands]/returns) executed successfully
Apr 13 20:00:56 itf-sannav puppet-agent[89855]: (/Stage[main]/Patching_as_code::Linux::Patchday/Exec[Patching as Code - Clean Cache]/returns) executed successfully
Apr 13 20:01:40 itf-sannav puppet-agent[89855]: (/Stage[main]/Patching_as_code::Linux::Patchday/Package[bpftool.x86_64]/ensure) ensure changed '3.10.0-1160.83.1.el7' to '0:3.10.0-1160.88.1.el7'
Apr 13 20:01:46 itf-sannav puppet-agent[89855]: (/Stage[main]/Patching_as_code::Linux::Patchday/Package[diffutils.x86_64]/ensure) ensure changed '3.3-5.el7' to '0:3.3-6.el7_9'
Apr 13 20:03:38 itf-sannav puppet-agent[89855]: (/Stage[main]/Patching_as_code::Linux::Patchday/Package[kernel.x86_64]/ensure) ensure changed '3.10.0-1160.71.1.el7; 3.10.0-1160.76.1.el7; 3.10.0-1160.80.1.el7; 3.10.0-1160.81.1.el7; 3.10.0-1160.83.1.el7' to '0:3.10.0-1160.88.1.el7'
Apr 13 20:03:47 itf-sannav puppet-agent[89855]: (/Stage[main]/Patching_as_code::Linux::Patchday/Package[kernel-tools.x86_64]/ensure) ensure changed '3.10.0-1160.83.1.el7' to '0:3.10.0-1160.88.1.el7'
Apr 13 20:03:51 itf-sannav puppet-agent[89855]: (/Stage[main]/Patching_as_code::Linux::Patchday/Package[kernel-tools-libs.x86_64]/ensure) ensure changed '3.10.0-1160.88.1.el7' to '0:3.10.0-1160.88.1.el7'
Apr 13 20:03:57 itf-sannav puppet-agent[89855]: (/Stage[main]/Patching_as_code::Linux::Patchday/Package[nss.x86_64]/ensure) ensure changed '3.79.0-4.el7_9' to '0:3.79.0-5.el7_9'
Apr 13 20:04:00 itf-sannav puppet-agent[89855]: (/Stage[main]/Patching_as_code::Linux::Patchday/Package[nss-sysinit.x86_64]/ensure) ensure changed '3.79.0-5.el7_9' to '0:3.79.0-5.el7_9'
Apr 13 20:04:03 itf-sannav puppet-agent[89855]: (/Stage[main]/Patching_as_code::Linux::Patchday/Package[nss-tools.x86_64]/ensure) ensure changed '3.79.0-5.el7_9' to '0:3.79.0-5.el7_9'
Apr 13 20:04:10 itf-sannav puppet-agent[89855]: (/Stage[main]/Patching_as_code::Linux::Patchday/Package[openssl.x86_64]/ensure) ensure changed '1:1.0.2k-25.el7_9' to '1:1.0.2k-26.el7_9'
Apr 13 20:04:16 itf-sannav puppet-agent[89855]: (/Stage[main]/Patching_as_code::Linux::Patchday/Package[zlib.x86_64]/ensure) ensure changed '1.2.7-20.el7_9' to '0:1.2.7-21.el7_9'
Apr 13 20:04:16 itf-sannav puppet-agent[89855]: (/Stage[main]/Patching_as_code/File[Patching as Code - Save Patch Run Info]/ensure) defined content as '{sha256}363495f191055656bfb3ca11c9fe561d9497a656117dba2cf3f465bff65f4fd8'
Apr 13 20:04:16 itf-sannav puppet-agent[89855]: Patches installed, refreshing patching facts...
Apr 13 20:04:16 itf-sannav puppet-agent[89855]: (/Stage[main]/Patching_as_code/Notify[Patching as Code - Update Fact]/message) defined 'message' as 'Patches installed, refreshing patching facts...'
Apr 13 20:04:23 itf-sannav puppet-agent[89855]: (/Stage[main]/Pe_patch/Exec[pe_patch::exec::fact_upload]) Triggered 'refresh' from 1 event
Apr 13 20:04:45 itf-sannav pe_patch_fact_generation.sh: Uploading facts
Apr 13 20:04:51 itf-sannav pe_patch_fact_generation.sh: Patch data refreshed - This is checking for new packages available for patching. If any are found, PE_PATCH facts will be updated and they will be patched on the next Puppet run. (Should be during the next Patch window)
Apr 13 20:04:51 itf-sannav puppet-agent[89855]: (/Stage[main]/Pe_patch/Exec[pe_patch::exec::fact]) Triggered 'refresh' from 1 event
Apr 13 20:04:51 itf-sannav puppet-agent[89855]: (/Stage[main]/Patching_as_code/Exec[Patching as Code - After patching - post patch default commands]/returns) executed successfully