Since there are some Linux systems in my environment which need regular updates I built a little routine for that. If you like to take over any parts of it, feel free.
I assume that you know how to setup KACE scripting, Custom Inventory Rules and labels, so I just provide the snippets.
It consists of a regulary running script which does a Detect of patches, a Deployment of patches, cleaning out old downloaded patches and logs it, so I can review errors.
In addition it updates the search database so the newly installed versions can be found and be used in internal scripts.
Prerequisites:1. all Linux systems have the agent installed
2. a local mirror is setup (optional, if not done, the updates are taken from the official mirrors)
3. all Linux systems have an interactive root-account
Setting up the script:
apt upgrade -y;
apt dist-upgrade -y;
apt autoremove -y;
apt autoclean -y;
echo "last run: " >>/root/upgrade.result
echo "Results:" >>/root/upgrade.result
echo "updating the patch list: " >>/root/upgrade.result
echo $update >>/root/upgrade.result
echo "run the patches: " >>/root/upgrade.result
echo $upgrade >>/root/upgrade.result
echo "distribution patches: " >>/root/upgrade.result
echo $dist-upgrade >>/root/upgrade.result
echo "Housekeeping: " >>/root/upgrade.result
echo "remove old updates: " >>/root/upgrade.result
echo $remove >>/root/upgrade.result
echo "clean the logs and results: " >>/root/upgrade.result
echo "updating the database: " >>/root/upgrade.result
echo $search >>/root/upgrade.result
cat /var/run/reboot-required >>/root/upgrade.result
If needed the script can be split in multiple scripts, so a detect ( apt update ), deploy (apt upgrade and apt dist-upgrade) and the housekeeping steps (apt autoremove and apt autoclean) are split in single scripts.
Result handling and automatic reboot
To have the results directly in the SMA there was simply a small CIR needed:
ShellCommandTextReturn( cat /root/upgrade.result )
The second CIR is needed for getting the info which services need a reboot:
ShellCommandTextReturn( cat /var/run/reboot-required.pkgs )
The third CIR is needed for getting all systems which need to be rebooted:
FileExists (/var/run/reboot-required )
This one is linked to a smart label, which regulary reboots the systems out of hours.
Note: /var/run/reboot-required and /var/run/reboot-required.pkgs are automaticly deleted after a reboot, so rebooted systems fall out of the labels.
Note: the log contains only the last run and brings down the error codes from apt directly. If you need more speaking error messages, just add the translation to the script.