Promote OS updates and configuration changes to production using zfs send?

I would like a way to perform system updates and configuration changes on a test/staging machine, check everything is ok, then deploy those changes verbatim to a running production machine that has a read-only root dataset. The machine is servicing web requests.

My current idea is to have my debian root filesystem as a read-only mounted clone of an unmounted dataset. That way I should be able to zfs receive changes from the test machine, create a new clone, overlay mount the new clone over the old root filesystem, pause incoming requests at the load balancer, and kexec reboot into the new filesystem. I would also have to configure zfsbootmenu to default to the new clone.

Does that sound like it could work and is sane?

I don’t know if that is workable or sane., but when you mention testing a configuration on one host and then repeating it on another, that suggests to me that Ansible is the tool you want to consider.

I thought of that, but it seemed like zfs receive plus zfs clone is much less work than having to maintain ansible playbooks that preform all updates in chroot environments. Plus there is the additional benefit of having an exact byte-for-byte copy, rather than relying on an imperative process that can go of the rails if anything has changed on the destination.