Hi All, I'd like to have a discussion about how to scale patch management on De*an based systems.
Right now, my methodology is looping over my servers in a script and saving the output from 'apt list --upgradable'. This seems to be a utility which will display packages needing updates regardless of whether you use apt-get, apt-get dist-upgrade, or apt-get upgrade. Thing is, when I had 20 servers, this method worked quite well. Most of the servers were LAMP stacks. I now host around 60 servers with various software installed, not just Apache and Mysql anymore. The patch list gets complex and involves various software components. I don't always have time to patch right away so I need to plan for potential downtime of the more critical systems and prioritize system patches based on the criticality of the affected software. Knowing why the patch is needed or what was fixed becomes a priority. Are there any utilities out there for making patch management "easier" when dealing with multiple De*an systems? Is there a better way to get information about patch fixes other than digging up the Changelogs from a web browser? Thanks! _______________________________________________ Dng mailing list [email protected] https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
