I'm running a small (but growing) Linux environment comprising of no more than 10 Linux servers.
The environment consists of CentOS 5 & 6, and Oracle Linux 5 & 6 boxen. All of these are patched individually via their appropriate yum repos.
Can anyone suggest a method of centralising patch management for these servers? I've heard that Puppet is often used to do this but I've never used it myself, and would be interested in hearing from other system administrators.
Most Configuration Management tools are really good at this. puppet and Chef being two of the most popular, and radmind being the one I use.
The documentation for the specific tool will give you an idea of how to implement patch management -- it does vary from tool to tool.
Other options include a centralized yum/apt/whatever repository and homegrown scripts to pull patches from it at scheduled intervals (or on demand), and there are also commercial solutions from some major vendors, some of which (like RedHat's RHN Satellite) are quite excellent if you spend the time learning how they work and really take advantage of their capabilities.
One item nobody has pointed out yet that I feel bears noting is homogeny -- to the extent possible, make your servers interchangeable cogs running the same software. This greatly simplifies patch management (the same patches have to go everywhere) and IMHO makes life a lot easier as your environment grows.
I would recommend something along the lines of Spacewalk. It is basically the free version of Red Hat's Satellite software.
Since you are looking at Linux, checkout an upcoming project from Redhat: Pulp.
Pulp is a more modern solution to the problem, which specifically targets package & patch management, audit etc. This is something that puppet/chef can do on their own with some amount of effort. Pulp only does packages and Yum, and leaves the Config management to puppet/chef, which is how it should be. It's got a Rest api for scripting etc.
I'm not a fan of Spacewalk/Satellite, but YMMV.
Yes we use puppet for a large cluster patch and administrative management. Another alternative for small sets is to create a local yum repo and deploy changes with custom RPM packaging.