unattended-upgrades behaviour inside a cluster

[slashdd]

Over the years a few incidents has been reported after automatic upgrades on cluster environment (e.g. pacemaker/corosync, ...) causing issues/unwanted downtimes for user for many reasons such as:

• Package restarting service after upgrade.
• Package stopping service at 'prerm' and starting it back at 'postinst'.
• Unattended-upgrade is not cluster aware meaning there will be no logic in upgrading a cluster env. Chances that only one or few nodes in the cluster got updated is likely, making the cluster inconsistent in terms of version and possibly unstable.
• ....

Is there any cluster intelligence that can be added into 'u-u' ? What is the official recommendation in terms of 'u-u' usage cluster environment -wise ?

[rbalint]

Synchronizing updates across multiple machines is out of scope for u-u.

If keeping versions of packages is required please disable u-u and use a different update mechanism.

If the only problem is the service restart then that could be avoided by setting up u-u to install packages on shutdown and restarting the nodes.