<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Automatic Updates for Ubuntu 14/15/16 - with all updates.

Published on
3,899 Points
899 Views
Last Modified:
Fine Tune your automatic Updates for Ubuntu / Debian
Call me a risk taker, I allow all of my systems to update everything automatically.  Managing 50+ systems on a daily basis can become a daunting task if you don't.  I would rather cleanup after a bad update than after an attack.  At least with the update I know what happened.
 
So here is how I configure Automatic Updates in Ubuntu 14:
Packages needed: cron-apt, unattended-upgrades
  • apt-get install cron-apt
  • apt-get install unattended-upgrades
     
That's it for the packages, now let's get things configured:
First we need to edit the 50unattended-upgrades file located in /etc/apt/apt.conf.d/.  I use nano, you can us any editor you are comfortable with.
  • nano /etc/apt/apt.conf.d/50unattended-upgrades
    Mine looks like this:
// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {        "${distro_id}:${distro_codename}-security";
        "${distro_id}:${distro_codename}-updates";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";
};

// List of packages to not update (regexp are supported)
Unattended-Upgrade::Package-Blacklist {
//      "vim";
//      "libc6";
//      "libc6-dev";
//      "libc6-i686";
};

// This option allows you to control if on a unclean dpkg exit
// unattended-upgrades will automatically run
//   dpkg --force-confold --configure -a
// The default is true, to ensure updates keep getting installed
//Unattended-Upgrade::AutoFixInterruptedDpkg "false";

// Split the upgrade into the smallest possible chunks so that
// they can be interrupted with SIGUSR1. This makes the upgrade
// a bit slower but it has the benefit that shutdown while a upgrade
// is running is possible (with a small delay)
//Unattended-Upgrade::MinimalSteps "true";

// Install all unattended-upgrades when the machine is shuting down
// instead of doing it in the background while the machine is running
// This will (obviously) make shutdown slower
//Unattended-Upgrade::InstallOnShutdown "true";

// Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent, make sure that you
// have a working mail setup on your system. A package that provides
// 'mailx' must be installed. E.g. "user@example.com"
//Unattended-Upgrade::Mail "root";

// Set this value to "true" to get emails only on errors. Default
// is to always send a mail if Unattended-Upgrade::Mail is set
//Unattended-Upgrade::MailOnlyOnError "true";

// Do automatic removal of new unused dependencies after the upgrade
// (equivalent to apt-get autoremove)
Unattended-Upgrade::Remove-Unused-Dependencies "true";

// Automatically reboot *WITHOUT CONFIRMATION*
//  if the file /var/run/reboot-required is found after the upgrade
Unattended-Upgrade::Automatic-Reboot "true";

// If automatic reboot is enabled and needed, reboot at the specific
// time instead of immediately
//  Default: "now"
Unattended-Upgrade::Automatic-Reboot-Time "04:00";

// Use apt bandwidth limit feature, this example limits the download
// speed to 70kb/sec
//Acquire::http::Dl-Limit "70";

Open in new window

 I simply edited the comment " // " out of these lines. too enable non-critical or non-security updates.  This will allow all of the updates I want.
 
// "${distro_id}:${distro_codename}-security"; 
// "${distro_id}:${distro_codename}-updates";

Open in new window

which now reads
 
"${distro_id}:${distro_codename}-security"; 
"${distro_id}:${distro_codename}-updates";

Open in new window

then I changed

// Unattended-Upgrade::Remove-Unused-Dependencies "false";

Open in new window

to

Unattended-Upgrade::Remove-Unused-Dependencies "true";

Open in new window

which does the cleanup of unneeded dependencies.

next I changed the lines that reads
// Unattended-Upgrade::Automatic-Reboot "false";

Open in new window


to read

Unattended-Upgrade::Automatic-Reboot "true";

Open in new window


to enable automated rebootsand finally, changed

// Unattended-Upgrade::Automatic-Reboot-Time "02:00";

Open in new window

to read as

Unattended-Upgrade::Automatic-Reboot-Time "04:00";

Open in new window


to allow automatic reboots at 4:00 am as necessary.I didn't make any other changes because I use monitoring software that reports update statuses.

Next we edit 10periodic (or 2periodic, I don't think it matters.  I'm not sure what the difference is, if there is any.  I just know that some documentation reads 10 periodic and some 2periodic.  I don't recommend having both files, just use on or the other)  Both files use commands that are well documented in the file /etc/cron.daily/apt.  (There is no need to edit /etc/cron.daily/apt, just read it).nano /etc/apt/apt.conf.d/10periodic

APT::Periodic::Enable "1";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";

Open in new window


Then verify that /etc/apt/apt.conf.d/20auto-upgrades is correct:nano /etc/apt/apt.conf.d/20auto-upgrades

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

Open in new window


Reboot your system and give it 24 hours.  You should notice that all of you updates are being installed automagically! 

Note I set my updates to happen daily, this is my preference, you may want to change it to weekly, to reduce overhead.  I highly suggest reading the documentation to fully understand what is going on.  This is simply a guide to how I do it, use it to get going then fine tune it to your preferences.
This article is a repost from my blog: http://xpertnotes.net/blog/2015/03/02/automatic-updates-for-ubuntu-14-with-all-updates/
0
Comment
0 Comments

Featured Post

IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

Join & Write a Comment

Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month