Best practice for puppet agent (minor) version updates?
Greetings - What is the prevailing opinion on a package update strategy for the puppet agent? This would be applying updates within the same code stream (e.g. 4.5.3 -> 4.6.2), not updating between major versions. Is it recommended to just update periodically to the latest version from the repo or to lock in at a specific version so that you can have a bit more control and keep in sync with the puppet server/master?
Also, (for RHEL, which we are using) the documentation only recommends updating using the repo package. That's fine, but I wonder if anyone is downloading the version-specific RPM for the puppet agent and updating from that file? It will technically work, but not sure if it's recommended. With RHEL and yum, you can update from repo and use the versionlock plugin which works fine too.
I'm just starting out and we have a small number of nodes but will be rolling out the agents to larger numbers of servers over time. I'd like to have a currency/update process that's easily supportable if possible. I'm interested in learning how teams with large enterprises under Puppet are handling this. Thanks!