ProxPatch – Rolling Updates for Proxmox VE Clusters

ProxPatch is a small and focused tool that automates the process of patching a Proxmox VE cluster in a safe and predictable way. Instead of manually updating each node, migrating workloads, rebooting, and repeating the same workflow over and over, ProxPatch handles this sequence automatically while keeping the cluster available.

ProxPatch Logo for Proxmox VE Clusters
ProxPatch Logo for Proxmox VE Clusters

The goal of the project is simple: make routine cluster maintenance reliable, repeatable, and easy to audit. ProxPatch performs rolling updates across the cluster so that only one node is maintained at a time. Virtual machines and containers are migrated away from the node being updated, updates are applied, and the node is brought back online before the next one is processed.

What the Project Does

ProxPatch adds a lightweight orchestration layer on top of native Proxmox functionality. It does not replace existing tools or introduce heavy dependencies. Instead, it relies on standard Proxmox commands and common Linux utilities to coordinate updates across the cluster.

A typical run includes:

  • Discovering cluster nodes and current state
  • Validating cluster health and quorum
  • Checking for available package updates
  • Migrating workloads away from the target node
  • Applying updates using APT
  • Rebooting if required
  • Waiting for the node to return healthy
  • Continuing with the next node

This process is deterministic and follows the same order every time, making behavior easy to understand and verify.

Design Approach

The project is intentionally conservative. If something looks unsafe, it stops. ProxPatch will not continue if cluster quorum is at risk, if a node is unhealthy, or if workloads cannot be migrated safely. This helps avoid unexpected downtime during maintenance.

The focus is on doing one task well: orchestrating updates across a Proxmox cluster without disrupting running services.

Integration

ProxPatch uses tools that already exist in most Proxmox environments:

  • pvesh for cluster information
  • qm and pct for VM and container handling
  • ssh for node orchestration
  • apt for package updates
  • systemd for service execution

Because of this, no additional agents need to be installed on every node. The tool can run from a single node and coordinate the rest of the cluster.

How It Can Be Used

ProxPatch can be started manually from the command line, run as a systemd service, or scheduled to execute at regular intervals. This makes it suitable for homelab environments as well as larger production clusters where regular maintenance windows are required.

It is designed to fit into existing workflows rather than replace them. Administrators can still control when updates happen while letting ProxPatch handle the coordination.

Scope

The project focuses specifically on patch orchestration for Proxmox VE clusters. It does not aim to replace configuration management, monitoring, or deployment tooling. Instead, it complements those systems by providing a predictable way to keep cluster nodes up to date.

ProxPatch is open source and developed with transparency and operational safety in mind. Feedback, testing, and contributions are welcome.