Skip to content

Creating Rules for Automatic Patching

  1. Create directory /var/run/cluster-control/facts/autopatch.
  2. Edit the file rules in that directory.

Format of Rules

The rules file should contain on each line: a verdict, and conditions. All conditions must be met for the verdict to be applied.

The conditions are the name of a tag or the word all to match all tags.

The verdict must be one of accept, reject, accept-quick, or reject-quick.

If all the conditions match, the verdict is set to the specified verdict. If the verdict is a -quick verdict (i.e., accept-quick or reject-quick) then this verdict is immediately returned for the given patch. Otherwise the next rule is processed. When all the rules have been processed, the verdict last set is returned.

Each condition can specify more than one tag separated by whitespace. If more than one tag is specified by a condition ANY of those tags must be present for that condition to match. All conditions must match for a given verdict to be applied.

That is, the following two rulesets are identical

First:

accept recommend impact-none
accept security impact-none

Second:

accept "recommended security" impact-none

Example ruleset

reject all
reject-quick !impact-none
accept impact-none severity-critical
accept recommended
accept security