As part of my regular patching cycle, I’m looking to take a snapshot once a month, sit on it for a week and monitor media/blogs/forums for any potential issues with releases. As I add servers to my Foreman estate it’s going to be a fairly broad church - for example NGINX, Zabbix, Graylog, MySQL, Postfix, RabbitMQ to name but a few. Obviously I’m using some initial Canary boxes, and Pre-Prod boxes before any updates are promoted to Production servers, and will incorporate snapshot backup/rollback procedures. Obviously however even with a robust testing procedure things can always slip through the net until an update reaches Prod.
Obviously when we’re dealing with Linux patches are released from a wide variety of sources and repos at different times, and the wealth of sources can be vast and overwhelming, not to mention it can be easy to go snowblind and tune out when trying to manual picking through every single security announcement.
How do you manage this to most effectively monitor for any potentially problematic releases? Does anybody you have any top tips, procedural advice or essential sources to check for dealing with this?
My estate is primarily Alma (RHEL) based so looking for info in that area, although we do have some legacy Ubuntu boxes so I’d also be interested in any tips on that distro.
Many thanks in advance.