We also use Munin and it is set to send emails when updates are available, however this fix and this fix are needed for it work properly.
When we first started using Xen on CentOS5 servers (probably about 12 years ago) I found that doing a
yum update on multiple virtual servers at exactly the same time on the same physical server caused such a load spike that they would stop responding, so since then I have been updating servers sequentially, using this script, it is rather old and could probably do with improving but it means that to update a server it is a matter of sshing to it and running
sudo -i and then
a-up, this writes the changes that are to be made to a
/root/Changelog file, see the logchange script.
To make life easier my (Ansible provisioned)
~/.bash_aliases file contains sections like this:
And my (Ansible provisioned)
~/.ssh/config file contains corresponding entries like this:
So to update all the Stretch servers I type
ssh-stretch and then
exit and then do the next one, to make this easier when out and about I have shortcuts for all these commands in the terminal client on my Ubuntu Touch phone, which has an encrypted Debian chroot on it, so it is four button presses per server…
If all these servers were on other peoples hardware and I didn’t need to worry about the impact of updating 30 virtual servers on a physical host all at the same time then I’d consider sorting out a quicker why of thing this, however, I’d still worry about the one in a fifty, or so, updates that require interaction — I guess most people enable automatic updates, but again I had some bad experiences of this over a decade ago and vowed to do things manually, however most updates don’t require much thought, but when there are ones that change a key PHP or Apache or Nginx or whatever config file for security reasons then you do need to looks at the diffs and manually sort things out — my approach is time consuming but it minimises the risk of an automatic update leaving a key service unable to restart.