Currently, we have to run updates on each machine manually. It would be nice to do this all at once, from one place. Cfengine has "package support", but it's pretty rudimentary and doesn't handle complex updates very well at all. Since each server is different, we can't just do a one-size-fits-all update for them.
This is partially implemented with a better understanding of updating pacakges via cfengine, and aptimager for shellservers.
- Call aptitude update on the target
- Get the suggested list of updates from aptitude safe-upgrade
- Sanity-check the list
- Also, check for "critical packages", like core daemons (ldap, http, etc). These need to be dealt with differently
- Install new core daemons. If you update everything at once, these may be down for a while. If you do each core daemon individually, and then do all the rest with a safe-upgrade, you will have much less downtime
- Install everything else
Ideally, the program would work with debconf to answer repeated debconf questions (you don't want to have to answer the same question 10 times)
Priority: Very low, wishlist