Automatic Updates for Ubuntu 14/15/16 - with all updates.

Published on
3,852 Points
Last Modified:
Fine Tune your automatic Updates for Ubuntu / Debian
Call me a risk taker, I allow all of my systems to update everything automatically.  Managing 50+ systems on a daily basis can become a daunting task if you don't.  I would rather cleanup after a bad update than after an attack.  At least with the update I know what happened.
So here is how I configure Automatic Updates in Ubuntu 14:
Packages needed: cron-apt, unattended-upgrades
  • apt-get install cron-apt
  • apt-get install unattended-upgrades
That's it for the packages, now let's get things configured:
First we need to edit the 50unattended-upgrades file located in /etc/apt/apt.conf.d/.  I use nano, you can us any editor you are comfortable with.
  • nano /etc/apt/apt.conf.d/50unattended-upgrades
    Mine looks like this:
// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {        "${distro_id}:${distro_codename}-security";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";

// List of packages to not update (regexp are supported)
Unattended-Upgrade::Package-Blacklist {
//      "vim";
//      "libc6";
//      "libc6-dev";
//      "libc6-i686";

// This option allows you to control if on a unclean dpkg exit
// unattended-upgrades will automatically run
//   dpkg --force-confold --configure -a
// The default is true, to ensure updates keep getting installed
//Unattended-Upgrade::AutoFixInterruptedDpkg "false";

// Split the upgrade into the smallest possible chunks so that
// they can be interrupted with SIGUSR1. This makes the upgrade
// a bit slower but it has the benefit that shutdown while a upgrade
// is running is possible (with a small delay)
//Unattended-Upgrade::MinimalSteps "true";

// Install all unattended-upgrades when the machine is shuting down
// instead of doing it in the background while the machine is running
// This will (obviously) make shutdown slower
//Unattended-Upgrade::InstallOnShutdown "true";

// Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent, make sure that you
// have a working mail setup on your system. A package that provides
// 'mailx' must be installed. E.g. "user@example.com"
//Unattended-Upgrade::Mail "root";

// Set this value to "true" to get emails only on errors. Default
// is to always send a mail if Unattended-Upgrade::Mail is set
//Unattended-Upgrade::MailOnlyOnError "true";

// Do automatic removal of new unused dependencies after the upgrade
// (equivalent to apt-get autoremove)
Unattended-Upgrade::Remove-Unused-Dependencies "true";

// Automatically reboot *WITHOUT CONFIRMATION*
//  if the file /var/run/reboot-required is found after the upgrade
Unattended-Upgrade::Automatic-Reboot "true";

// If automatic reboot is enabled and needed, reboot at the specific
// time instead of immediately
//  Default: "now"
Unattended-Upgrade::Automatic-Reboot-Time "04:00";

// Use apt bandwidth limit feature, this example limits the download
// speed to 70kb/sec
//Acquire::http::Dl-Limit "70";

Open in new window

 I simply edited the comment " // " out of these lines. too enable non-critical or non-security updates.  This will allow all of the updates I want.
// "${distro_id}:${distro_codename}-security"; 
// "${distro_id}:${distro_codename}-updates";

Open in new window

which now reads

Open in new window

then I changed

// Unattended-Upgrade::Remove-Unused-Dependencies "false";

Open in new window


Unattended-Upgrade::Remove-Unused-Dependencies "true";

Open in new window

which does the cleanup of unneeded dependencies.

next I changed the lines that reads
// Unattended-Upgrade::Automatic-Reboot "false";

Open in new window

to read

Unattended-Upgrade::Automatic-Reboot "true";

Open in new window

to enable automated rebootsand finally, changed

// Unattended-Upgrade::Automatic-Reboot-Time "02:00";

Open in new window

to read as

Unattended-Upgrade::Automatic-Reboot-Time "04:00";

Open in new window

to allow automatic reboots at 4:00 am as necessary.I didn't make any other changes because I use monitoring software that reports update statuses.

Next we edit 10periodic (or 2periodic, I don't think it matters.  I'm not sure what the difference is, if there is any.  I just know that some documentation reads 10 periodic and some 2periodic.  I don't recommend having both files, just use on or the other)  Both files use commands that are well documented in the file /etc/cron.daily/apt.  (There is no need to edit /etc/cron.daily/apt, just read it).nano /etc/apt/apt.conf.d/10periodic

APT::Periodic::Enable "1";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";

Open in new window

Then verify that /etc/apt/apt.conf.d/20auto-upgrades is correct:nano /etc/apt/apt.conf.d/20auto-upgrades

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

Open in new window

Reboot your system and give it 24 hours.  You should notice that all of you updates are being installed automagically! 

Note I set my updates to happen daily, this is my preference, you may want to change it to weekly, to reduce overhead.  I highly suggest reading the documentation to fully understand what is going on.  This is simply a guide to how I do it, use it to get going then fine tune it to your preferences.
This article is a repost from my blog: http://xpertnotes.net/blog/2015/03/02/automatic-updates-for-ubuntu-14-with-all-updates/

Featured Post

Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Join & Write a Comment

Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Next Article:

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month