I am using unattended-upgrades across multiple servers. I would like package updates to be rolled out gradually, either randomly or to a subset of test/staging machines first. Is there a way to do that for APT on Ubuntu?
An obvious option is to set some machines to update on Monday and the others to update on Wednesday, but that only gives me only weekly updates…
The goal of course is to avoid a Crowdstrike-like situation on my Ubuntu machines.
edit: For example. An updated openssh-server comes out. One fifth of the machines updates that day, another fifth updates the next day, and the rest updates 3 days later.
https://wiki.debian.org/UnattendedUpgrades#Modifying_download_and_upgrade_schedules_.28on_systemd.29
Bottom of the page. It’s not about staging environments, but it’s about scheduling the updates in systemd.
I invite you to re-read the second paragraph of my post.
You’re just throwing things I already listed back at me. I mentioned a staging environment, I mentioned a schedule was a (bad) option.
An obvious option is to set some machines to update on Monday and the others to update on Wednesday, but that only gives me only weekly updates…
You can literally schedule them by the minute, but okay buddy.
I’ll never not be stumped by people who are looking for answers shitting all over those answers.
Maybe I’m not being clear.
I want to stagger updates, giving time to make sure they work before they hit the whole fleet.
If a new SSH version comes out on Tuesday, I want it installed to 1/3 of the machines on Tuesday, another third on Wednesday, and the rest in Friday. Or similar.
Having machines update on a schedule means I have much less frequent updates and doesn’t even guarantee that they hit the staging environment first (what if they’re released just before the prod update time?)