Long time listener, first time caller. I am not sure if this is a unique situation I would like to create or if it is very common and I just haven't found a way to do it. Any insight would be really helpful though.
I have a small group of Ubuntu 12.04 web servers that takes little administration right now. Basically, developers push changes when they need to and I make changes when security issues pop up and patch manually every month. We have a dev group and production group that are all managed by Salt, no more than 10 machines but possibly adding a lot more soon.
I would like to be able to have my dev group install patches every day, or as they come out, and monitor those patches for things that break. I could do this with a cron job or similar and just have it run
apt-get update && apt-get upgrade -y every day I would assume.
The part I was looking into is that on production I would like to have updates run maybe weekly, but install only patches that were released the previous week. I would also like the ability to stop a patch from going through if it breaks something and I need to make changes before I let it install. I have looked a little into running apt-get with some flags to see if it will give release dates on the patches or something but have not had much luck in that dept.
I guess I really would like to know how you guys manage your updates and if you do much more than just having them automatically install or manually installing them.
[link][2 comments]