This is a Dockerised version of Patchman.
It also has a modified host page to add a separate section for security updates.
- Download
docker-compose.ymland.env - Add your configuration in
.env(see Environment Variables below) - Run
docker compose up -dordocker-compose up -d(old version) - Run
docker compose exec -it server patchman-manage createsuperuserand enter the same ADMIN details you configured in.env - Run
docker compose logs mariadb 2>&1 | grep GENERATEDto get your generated MariaDB root password. Store this somewhere safe. - Browse to
<IP/hostname>:8080and start using Patchman!
For next steps, you'll need to configure your Patchman clients. You can find instructions in the Patchman repository.
The supplied docker-compose.yml includes a scheduler service which executes Patchman maintenance operations on a predefined schedule.
If the scheduler encounters any errors when performing Patchman maintenance, it will save logs to ./scheduler-error-logs. You can also configure Slack and SMTP notifications; see here for information.
See the Environment Variables section below for the default schedule and how to change it to your preference.
Patchman maintenance (executed with patchman -a) includes the following operations:
- Refresh repositories
- Find host updates
- Process pending reports*
- Clean reports (removes all but the last three reports from each host)
- Perform some sanity checks on the database and clean unused entries
- Perform reverse DNS checks if enabled per-host
* Reports should rarely, if ever, be pending for any significant duration since they are expected to be processed by the worker service in an asynchronous manner upon subsmission.
By default, the MariaDB database included in docker-compose.yml will use a randomly generated root password.
If you wish to set your own password, configure a MYSQL_ROOT_PASSWORD environment variable in docker-compose.yml.
All environment variables without a default are required, unless noted otherwise in the variable's description.
The rest are optional and, if unspecified, will use the listed default.
| Name | Description | Default |
|---|---|---|
ADMIN_EMAIL |
Administrator email address. | |
ADMIN_USERNAME |
Administrator username. | |
SECRET_KEY |
Patchman's secret key. Create a unique string and don't share it with anybody. | |
TIME_ZONE |
Time zone for this installation. All choices can be found here. At time of writing, Patchman does not properly support this. It will work, but you'll receive warnings to STDOUT. |
Etc/UTC |
LANGUAGE_CODE |
Language for this installation. All choices can be found here. | en-GB |
MAX_MIRRORS |
Maximum number of mirrors to add or refresh per repo. | 5 |
DAYS_WITHOUT_REPORT |
Number of days to wait before notifying users that a host has not reported. | 14 |
ALLOWED_HOSTS |
Hosts allowed to access Patchman. | * |
PATCHMAN_MAINTENANCE_ENABLED |
Enable/disable the scheduled maintenance action. | true |
PATCHMAN_MAINTENANCE_SCHEDULE |
The cron schedule for the maintenance action. See here for the scheduling format (go-cron). |
@daily |
By default, Patchman will use the database container included in docker-compose.yml.
However, you can use an external/different database if you wish. To do so, configure .env with the following settings:
| Name | Description | Default |
|---|---|---|
DB_ENGINE |
Supported database engines: mysql, oracle, and postgresql. |
mysql |
DB_HOST |
Database server IP/name. | mariadb |
DB_PORT |
Database port. If empty, will use the default port for selected engine. | |
DB_NAME |
Database name. | patchman |
DB_USER |
Database username. | patchman |
DB_PASSWORD |
Database password. | MyPatchmanDBP@ssw0rd! |
| Name | Description | Default |
|---|---|---|
DJANGO_DEBUG |
Enable/disable Django debug. | False |
DJANGO_LOGLEVEL |
Set Django's log level. | INFO |
GUNICORN_WORKERS |
Numbers of Gunicorn (web server) workers. | 2 |
CELERY_REDIS_HOST |
Redis server IP/name for Celery worker. Only set this if you want to use your own redis server. |
redis |
CELERY_REDIS_PORT |
Redis server port for Celery worker. Only set this if you want to use your own redis server. |
6379 |
CELERY_LOG_LEVEL |
Set Celery's log level. | INFO |
- Patchman
- Original docker-patchman (unmaintained)