FOSS centralized patch management?
Hi guys! I was wondering whatever solution you guys might use to check/update your servers/containers? I'd like not having to depend on any cloud, something running locally would be great.
Thanks!
I set and update my containers with Ansible. It works well, but it’s a bit slow and it’s a whole setup on top of your deployment!
Podman has that built in via Systemd.
So does docker and pretty much everything else. I would be careful if you aren't doing it manually.
Yep. It'll work fine until it doesn't.
Ansible
Docker: ouroboros. Linux: unattended-upgrades or dnf-automatic. Windows: MECM.
I know those FOSS ones aren't centralized, but I find it a lot easier for them to just update themselves as necessary.
Why ouroborous over watchtower for docker ?
With Gitea/Forgejo you can run a local actions executor, which builds the images, pushes to gitea's image registry, and using a script pulls them on the other side and restarts them. Worked fine in our small startup.
I update my servers with pkg_add -u. No reason to over complicate things.
I run a script each week that updates docker images and restarts containers. And also every week I run a system update command and reboot the server afterwards.
You shouldn't run a server, if you don't have to time to maintain it.
