Are there any tools that can automate updating a few computers each day?

We have too many systems and not enough people to upgrade manually so we conclude it is desirable to update automatically. But, in case an update causes a critical breakage, updating all systems at the same time would create a peak urgent workload

So we conclude it is not desirable to update many systems at the same time.

Net result of all this cogitating: we would like to automate upgrading in batches, say a sixth of the systems each day Mon through Sat.

Searching the 'net for tools to do that has identified no solutions. Did I miss something? Or should I get scripting?

Automate updating on your systems using 'cron' scheduler.
Schedule each computer according to need.

There are a lot of packages for updates on debian. From unattended upgrades to just notify a user. They all go with cron so you would just need to do the scheduling there.

Thanks s.verma, zhjim and descendant_command

AIUI none of those solutions are able to upgrade "a sixth of the systems each day Mon through Sat".

One solution would be to install unattended-upgrades and cron-apt then somehow hook into the part of cron-apt that does the upgrade and only let it be effective on the specified day for the particular computer. Maybe as simple as a daily cron job to set /var/lib/apt/periodic/upgrade-stamp.

But better not re-invent the wheel if there is such a wheel ... ?

cron can be set for a specific day.

Just change the /etc/cron.d/cron-apt file on your batches of machines to set the day you want.

AS far as I recal cron-apt per default only updates the packages list and predownloads stuff. So you would just add another cron job to actually do the update. Thus way the package would remain intact. Also you still would need to create those cron jobs your self or per ssh or maybe tell the chef to have his puppet repair the (cf)engine. Dunno if you have some of that running.

Help me get the phrase "a sixth of the sysstems each day Mon through Sat" right.
Script runs everyday. On Monday the first batch gets updates. Tuesday the next batch is up. and so on?
Or run on every machine on everyday and if there is an update elect the elite and send them into the fight while the rest gets the week off?

cron-apt has a random sleep built inside. So you could use this to have it report to some server and see if they are one of the lucky winner to try the new shiny or if they are to late for that day. Also this way you would need to change the script and the package with it. And some kind of control system to give out the tickets.

Or reverse this and have a control system start the update per ssh on some of the machines

Thanks descendant_command and zhjim

That's an attractive idea, installing an extra cron job to do the upgrades, especially as we prefer not to to change as-installed files.

We do not run puppet. Maybe we should. Maybe this requirement is the one to tip the balance in favour of puppet. We did consider it but thought it complex to master and a few people were grumbling about it being flawed (details forgotten).

First thoughts on how to set up "a sixth of the systems to upgrade each day Mon through Sat" was to split them based on the second part of the fully qualified hostname (FQHN) which is effectively an organisation/department name. So a FQHN of server1.my_org.whatever could be parsed to get "my_org" and thence "m" which could be looked up in a configuration table to find out which day of the week it should upgrade on.

Advantages of this scheme are that it is zero-config on individual computers (they all have the same table) and very simple for humans to learn. When the calls start coming in for similar issues and all from organisations/departments with names beginning S to V and it's Friday ...

In case organisations/departments changed and resulted in a significantly uneven number of computers upgrading on various days, a new table could be distributed to all computers.

Random self-selection would be fun

Centralised control would be attractive but we have unreliable Internet connections and inconsistent computer up times

I assume you are using Debian Stable. Most package upgrades for your installed packages come from the security repo. They are patchs for potential exploits. I think you should think about getting them installed as soon as they are available.

Thanks widget

That's an attractive policy until the day it causes a critical breakage on all systems and we don't have enough people to fix all the systems as quickly as the users and we would like.

OK, that scenario is unlikely -- given the care that Debian take with update quality control -- but it could happen, hence wanting to update one sixth of the systems on Monday through Saturday.

Marking this solved because the original question -- "Are there any tools that can automate updating a few computers each day?" -- seems to have been answered "no".

We have decided that creating a solution is relatively low priority so it will be while, if ever, before we have a solution to share.