Automatic Updates for Ubuntu 14/15/16 - with all updates.

Frank McCourryV.P. Holland Computers, Inc.
CERTIFIED EXPERT
Published:
Fine Tune your automatic Updates for Ubuntu / Debian
Call me a risk taker, I allow all of my systems to update everything automatically.  Managing 50+ systems on a daily basis can become a daunting task if you don't.  I would rather cleanup after a bad update than after an attack.  At least with the update I know what happened.
 
So here is how I configure Automatic Updates in Ubuntu 14:
Packages needed: cron-apt, unattended-upgrades
  • apt-get install cron-apt
  • apt-get install unattended-upgrades
     
That's it for the packages, now let's get things configured:
First we need to edit the 50unattended-upgrades file located in /etc/apt/apt.conf.d/.  I use nano, you can us any editor you are comfortable with.
  • nano /etc/apt/apt.conf.d/50unattended-upgrades
    Mine looks like this:
// Automatically upgrade packages from these (origin:archive) pairs
                      Unattended-Upgrade::Allowed-Origins {        "${distro_id}:${distro_codename}-security";
                              "${distro_id}:${distro_codename}-updates";
                      //      "${distro_id}:${distro_codename}-proposed";
                      //      "${distro_id}:${distro_codename}-backports";
                      };
                      
                      // List of packages to not update (regexp are supported)
                      Unattended-Upgrade::Package-Blacklist {
                      //      "vim";
                      //      "libc6";
                      //      "libc6-dev";
                      //      "libc6-i686";
                      };
                      
                      // This option allows you to control if on a unclean dpkg exit
                      // unattended-upgrades will automatically run
                      //   dpkg --force-confold --configure -a
                      // The default is true, to ensure updates keep getting installed
                      //Unattended-Upgrade::AutoFixInterruptedDpkg "false";
                      
                      // Split the upgrade into the smallest possible chunks so that
                      // they can be interrupted with SIGUSR1. This makes the upgrade
                      // a bit slower but it has the benefit that shutdown while a upgrade
                      // is running is possible (with a small delay)
                      //Unattended-Upgrade::MinimalSteps "true";
                      
                      // Install all unattended-upgrades when the machine is shuting down
                      // instead of doing it in the background while the machine is running
                      // This will (obviously) make shutdown slower
                      //Unattended-Upgrade::InstallOnShutdown "true";
                      
                      // Send email to this address for problems or packages upgrades
                      // If empty or unset then no email is sent, make sure that you
                      // have a working mail setup on your system. A package that provides
                      // 'mailx' must be installed. E.g. "user@example.com"
                      //Unattended-Upgrade::Mail "root";
                      
                      // Set this value to "true" to get emails only on errors. Default
                      // is to always send a mail if Unattended-Upgrade::Mail is set
                      //Unattended-Upgrade::MailOnlyOnError "true";
                      
                      // Do automatic removal of new unused dependencies after the upgrade
                      // (equivalent to apt-get autoremove)
                      Unattended-Upgrade::Remove-Unused-Dependencies "true";
                      
                      // Automatically reboot *WITHOUT CONFIRMATION*
                      //  if the file /var/run/reboot-required is found after the upgrade
                      Unattended-Upgrade::Automatic-Reboot "true";
                      
                      // If automatic reboot is enabled and needed, reboot at the specific
                      // time instead of immediately
                      //  Default: "now"
                      Unattended-Upgrade::Automatic-Reboot-Time "04:00";
                      
                      // Use apt bandwidth limit feature, this example limits the download
                      // speed to 70kb/sec
                      //Acquire::http::Dl-Limit "70";

Open in new window

 I simply edited the comment " // " out of these lines. too enable non-critical or non-security updates.  This will allow all of the updates I want.
 
// "${distro_id}:${distro_codename}-security"; 
                      // "${distro_id}:${distro_codename}-updates";

Open in new window

which now reads
 
"${distro_id}:${distro_codename}-security"; 
                      "${distro_id}:${distro_codename}-updates";

Open in new window

then I changed

// Unattended-Upgrade::Remove-Unused-Dependencies "false";

Open in new window

to

Unattended-Upgrade::Remove-Unused-Dependencies "true";

Open in new window

which does the cleanup of unneeded dependencies.

next I changed the lines that reads
// Unattended-Upgrade::Automatic-Reboot "false";

Open in new window


to read

Unattended-Upgrade::Automatic-Reboot "true";

Open in new window


to enable automated rebootsand finally, changed

// Unattended-Upgrade::Automatic-Reboot-Time "02:00";

Open in new window

to read as

Unattended-Upgrade::Automatic-Reboot-Time "04:00";

Open in new window


to allow automatic reboots at 4:00 am as necessary.I didn't make any other changes because I use monitoring software that reports update statuses.

Next we edit 10periodic (or 2periodic, I don't think it matters.  I'm not sure what the difference is, if there is any.  I just know that some documentation reads 10 periodic and some 2periodic.  I don't recommend having both files, just use on or the other)  Both files use commands that are well documented in the file /etc/cron.daily/apt.  (There is no need to edit /etc/cron.daily/apt, just read it).nano /etc/apt/apt.conf.d/10periodic

APT::Periodic::Enable "1";
                      APT::Periodic::Update-Package-Lists "1";
                      APT::Periodic::Download-Upgradeable-Packages "1";
                      APT::Periodic::AutocleanInterval "7";
                      APT::Periodic::Unattended-Upgrade "1";

Open in new window


Then verify that /etc/apt/apt.conf.d/20auto-upgrades is correct:nano /etc/apt/apt.conf.d/20auto-upgrades

APT::Periodic::Update-Package-Lists "1";
                      APT::Periodic::Unattended-Upgrade "1";

Open in new window


Reboot your system and give it 24 hours.  You should notice that all of you updates are being installed automagically! 

Note I set my updates to happen daily, this is my preference, you may want to change it to weekly, to reduce overhead.  I highly suggest reading the documentation to fully understand what is going on.  This is simply a guide to how I do it, use it to get going then fine tune it to your preferences.
This article is a repost from my blog: http://xpertnotes.net/blog/2015/03/02/automatic-updates-for-ubuntu-14-with-all-updates/
0
1,360 Views
Frank McCourryV.P. Holland Computers, Inc.
CERTIFIED EXPERT

Comments (0)

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.