I answered this over on stackexchange and then saw this posted here so answering it here too.
You should take a look at BOSH. Its the tool that is used by CloudFoundry, its services and a distro of Kubernetes called Kubo for installation, management and "Day 2" operations.
It's basically a declarative, cloud-agnostic orchestration tool that features rolling updates, canary deployments, scaling, monitoring and self healing. It can monitor processes on VMs (i.e. services) as well as the VM themselves and will make sure that the deployment is running as you specified it to in the deployment manifest.
In order to do all of this (especially the monitoring and self-healing bits) it has a client-server architecture which is deployed with a cut-down version of BOSH itself called bosh bootloader or bbl for short. You use this to deploy the BOSH director. You talk to the bosh director by installing the bosh-cli (brew install bosh-cli on a mac).
For you deployment you would first need to create what's called a BOSH release and this can, admittedly, be a little daunting if you are not familiar with BOSH but as CF, its services and Kubo are all open source there are tons of references out there. There are also lots of pre-backed releases and stemcells (OSes).
After creating your release you upload it to your bosh director and bosh deploy. To upgrade it you upload the next version of your release and bosh deploy. To patch a security vulnerability you upload the latest blessed stemcell from bosh.io and bosh deploy. I am sure you get the picture.
If you want to go the next level then there is a good getting started guide here.
