On 6/2/11 7:49 AM, "no-re...@cfengine.com" <no-re...@cfengine.com> wrote: > I used to manage updates with CF2 > (http://watson-wilson.ca/2008/08/cfengine-2-cookbook.html#SECTION0001000000000 > 00000000). The key is to know which hosts you trust to update without causing > problems. Host with custom drivers or third party software should be viewed > with skepticisim while bog standard hosts should be more forgiving.
I suggest a thinking exercise if the network is very large... Mostly around scheduling your updates. We use a mix of cf and manual methods for this, applying any required patches during planned windows to make sure they are reviewed before deployment. I've had this discussion a few times; if you "randomly" update "production", what exactly did QA qualify "if" something breaks? :-) With patching in general, of course you must do it...but making it look as much like "any another release" as possible (e.g. A part of your routine process vs. a one off) is typically a wise approach. _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
