Is there any way to have a newly-bootstrapped client system automatically apply all package updates (not just patches) once registered? Specifically I mean clients registered via the API or the SUMA web interface. I notice in the traditional bootstrap.sh scripts there seems to be a configuration parameter to apply all updates on registration but I don’t see an obvious way to do that when using the API. I guess salt could be used for this? I’ve no idea where to start with that though, any tips gratefully received.
I figured this out eventually so posting here in case it benefits anyone else. I did this using a salt state channel. In SUMA web UI, go to “Configuration”, then “Channels” and “Create State Channel”. Give the channel a name and label (for both I used “state-pkg-updates”) and a description and paste the following in the “SLS Contents” box:
pkg_updates:
pkg.uptodate:
- refresh: True
You can link this state to system groups so that any machines joining those groups from the activation key will have the state applied and the machines patched, or what I did was to go to “Home” > “My Organisation” > “Configuration Channels” then scroll down the list to find my new state channel, check the box beside it and click “Save Changes” then just confirm the next screen.
Now all systems which we bootstrap to SUMA get that state applied which means they get fully patched to whatever updates are available in the software channels they are assigned, regardless of what Linux distro they are. If you have never done a salt state before doing the above then you have now 