We manage quite a lot of linux servers using ansible VIA an AWX server, and patch these once a week using dnf update. Most of our servers are Alma Linux.
We've had two instances recently where significant bugs have been released which has caused a lot of problems and work to fix things up. I'm wondering about some kind of mechanism whereby we can only install updates/packages based on a specified minimum age or time since release. So, for example, we say dnf update, but only install anything that has been out for at least two weeks (thereby hopefully avoiding any new problems that may be lurking about).
I've scoured the internet and haven't found anything like this though which is surprising. Does anyone have any way to do something like this? Appreciate the question is quite open, but that's because I can't find even a starting point at the moment.
Just for reference here is a snippet of a playbook that patches these machines.
---
- name: upgrade all packages
remote_user: "{{ remote_user }}"
become: yes
dnf:
name: "*"
state: latest