I wrote a rake task which does the following:
- connect to each role in an (chef) environment and show all available package updates (with new version and current installed version)
- for each node ask the user if all updates should be applied and if ‘no’, step through the list of updates and ask for each single update. if ENV[PACKAGES] (string with package names, seperated by ‘,’) is applied to the rake task, those packages will be updated without confirmation.
To avoid critical application updates (like postgresql), we set those packages ‘on hold’ (dpkg --set-selections) by a cookbook, so that they don’t get touched or listed by ‘apt-get dist-upgrade’ (which is executed in that rake task). In this combination keeping our ~50 (debian) nodes up to date is now a very simple and controllable task without much effort.
If there’s any interest, I could start to write a knife plugin for it.
Or how do you manage package updates? Are there better ways?
Reichenberger Str. 113a
Tel. +49 (0) 30 61651135
Fax +49 (0) 30 61651138
Handelsregister Berlin: HRB 131781
Geschäftsführung: A. Reissner, M. Kavalar