Nicotine Part 1: Automated Patching with Python and AWS SSM
April 1, 2019
python aws ssm legacy patchingIntroduction
Patching or bricking snowflake, legacy or monolithic servers is enough to make any engineer want to relapse on cigs, but try something different this time by putting on a patch: a Nicotine Patch!
Nicotine is a patch delivery system written in Python for RHEL and RHEL-variants hosted in AWS and that have the SSM agent installed.
What Makes Nicotine Patching Different?
You give Nicotine your “patch” file which is simply a yaml file of shell commands; Nicotine will then AMIfy your crazy EC2 instance, fully patch it or security patch it (if you have RHEL errata access) and finally execute your patch file on it which is typically a list of system tests that determine whether the box has been successfully patched or not. If your Nicotine patch passes Nicotine assumes the box to be good and exits; otherwise it will spin a new EC2 instance from the AMI it originally took and run your nicotine patch against that box.