![[?]](https://gyptazy.com/fedi/gyptazy/s/avatar-1aa83a84ee47c864bc90216a89d0efcf.png){kind=avatar}
What would you think about a new API endpoint that lets you run unattended upgrades with a simple call like:
/nodes/{node_name}/apt/upgrade
At the moment you need to use the node’s HTML5 console to perform upgrades. Other methods exist such as running unattended Debian upgrade scripts, using patch management tools like #Spacewalk or #QualvoSec, or automating the process with #Ansible over SSH. My idea is to have an API based solution that relies on Proxmox authentication and authorization. This would also allow third party tools such as #ProxLB to provide automated patch management and even handle guest rebalancing in a way that is similar to DRS without requiring direct SSH access.I have already been running this approach on several internal clusters since the release of PVE 8 without issues. Now I am interested to hear if you would use unattended upgrades in general or if you are already running them today.
#Linux #OpenSource #PatchManagement #Security #DevOps #Automation #Ansible #PVE #PVE8 #PVE9
Alt...
A Proxmox Node running apt-get -y dist-upgrade command via API in a non interactive and unattended way by a patched and extended API from gyptazy
...
Older...
![[?]](https://assets.growers.social/accounts/avatars/111/020/532/060/811/975/original/e282b2b6ba9f6a6c.jpeg)
@gyptazy I'm a bare Linux guy, but I used ProxMox for a while when I was learning, not here to tell you not to use it jftr
But I am going to encourage you, if the number of machines you manage is less than twenty, to always pull up a terminal and run your updates by hand. Most of the time it's just gonna be you staring at a text scroll, but now and then you'll catch an easy problem that would likely stymie an unattended update, and you might even get the occasional warning that you're about to break something.
Once you get into large numbers of machines (I once ran a 500-node render farm for a couple years) that calculus changes, but it becomes relaxing even. :>
...
* Node Validation
* Patch node
* Validate if patches req. reboot
If yes:
* Move all guests to another node by evaluating free resources (DRS alike style)
* Reboot
* Rebalance cluster again
* goto next node ;)
Even if there would be any issue - what is my benefit by seeing this on the console rather than being notified by the monitoring afterwards and just looking at the logs of the specific node. I'm fully with you for major upgrades, but for minors I never encountered any issues - but that's exactly why I ask - my references may not fit for all setups ;) So, thanks a lot for your feedback - appreciate it!
![[?]](https://social.anoxinon.de/system/accounts/avatars/114/559/732/877/037/261/original/45ec202d7bd64e69.png)
Privat habe ich nur ein node. Da ist nur fire and forget 🤣 via cli.
Nur weil es eine API gibt muss man die ja nicht nutzen wenn man es bereits anders automatisiert hat. Für ProxLB scheint das sinnvoll zu sein.
Wegen einem Node nutze ich das Privat nicht. Aber kann es mir vorstellen später im unternehmen bei uns einzusetzen. Aber da sind wir noch komplett im aufbauen.
![[?]](https://files.mastodon.social/accounts/avatars/000/592/868/original/634423aff2391b93.jpg)
@gyptazy Only have one node (still trying to figure out something smaller as backup) for my home network. It has backups and all, but simply using the web interface is fine for me so far.
I can see that if you want to automate the upgrade, the API also sends status updates. Would that be possible? Otherwise automation might just run into a dead endpoint while the system is upgrading.
...
...
@gyptazy Yes, I get that point. That's why I was thinking how I would use that if I ever automate this.
![[?]](https://assets.chaos.social/accounts/avatars/107/225/940/634/894/799/original/b7e7df18570e4b4b.jpg)