<

[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x

Automatic Updates for Ubuntu 14/15/16 - with all updates.

Published on
3,661 Points
661 Views
Last Modified:
Fine Tune your automatic Updates for Ubuntu / Debian
Call me a risk taker, I allow all of my systems to update everything automatically.  Managing 50+ systems on a daily basis can become a daunting task if you don't.  I would rather cleanup after a bad update than after an attack.  At least with the update I know what happened.
 
So here is how I configure Automatic Updates in Ubuntu 14:
Packages needed: cron-apt, unattended-upgrades
  • apt-get install cron-apt
  • apt-get install unattended-upgrades
     
That's it for the packages, now let's get things configured:
First we need to edit the 50unattended-upgrades file located in /etc/apt/apt.conf.d/.  I use nano, you can us any editor you are comfortable with.
  • nano /etc/apt/apt.conf.d/50unattended-upgrades
    Mine looks like this:
// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {        "${distro_id}:${distro_codename}-security";
        "${distro_id}:${distro_codename}-updates";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";
};

// List of packages to not update (regexp are supported)
Unattended-Upgrade::Package-Blacklist {
//      "vim";
//      "libc6";
//      "libc6-dev";
//      "libc6-i686";
};

// This option allows you to control if on a unclean dpkg exit
// unattended-upgrades will automatically run
//   dpkg --force-confold --configure -a
// The default is true, to ensure updates keep getting installed
//Unattended-Upgrade::AutoFixInterruptedDpkg "false";

// Split the upgrade into the smallest possible chunks so that
// they can be interrupted with SIGUSR1. This makes the upgrade
// a bit slower but it has the benefit that shutdown while a upgrade
// is running is possible (with a small delay)
//Unattended-Upgrade::MinimalSteps "true";

// Install all unattended-upgrades when the machine is shuting down
// instead of doing it in the background while the machine is running
// This will (obviously) make shutdown slower
//Unattended-Upgrade::InstallOnShutdown "true";

// Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent, make sure that you
// have a working mail setup on your system. A package that provides
// 'mailx' must be installed. E.g. "user@example.com"
//Unattended-Upgrade::Mail "root";

// Set this value to "true" to get emails only on errors. Default
// is to always send a mail if Unattended-Upgrade::Mail is set
//Unattended-Upgrade::MailOnlyOnError "true";

// Do automatic removal of new unused dependencies after the upgrade
// (equivalent to apt-get autoremove)
Unattended-Upgrade::Remove-Unused-Dependencies "true";

// Automatically reboot *WITHOUT CONFIRMATION*
//  if the file /var/run/reboot-required is found after the upgrade
Unattended-Upgrade::Automatic-Reboot "true";

// If automatic reboot is enabled and needed, reboot at the specific
// time instead of immediately
//  Default: "now"
Unattended-Upgrade::Automatic-Reboot-Time "04:00";

// Use apt bandwidth limit feature, this example limits the download
// speed to 70kb/sec
//Acquire::http::Dl-Limit "70";

Open in new window

 I simply edited the comment " // " out of these lines. too enable non-critical or non-security updates.  This will allow all of the updates I want.
 
// "${distro_id}:${distro_codename}-security"; 
// "${distro_id}:${distro_codename}-updates";

Open in new window

which now reads
 
"${distro_id}:${distro_codename}-security"; 
"${distro_id}:${distro_codename}-updates";

Open in new window

then I changed

// Unattended-Upgrade::Remove-Unused-Dependencies "false";

Open in new window

to

Unattended-Upgrade::Remove-Unused-Dependencies "true";

Open in new window

which does the cleanup of unneeded dependencies.

next I changed the lines that reads
// Unattended-Upgrade::Automatic-Reboot "false";

Open in new window


to read

Unattended-Upgrade::Automatic-Reboot "true";

Open in new window


to enable automated rebootsand finally, changed

// Unattended-Upgrade::Automatic-Reboot-Time "02:00";

Open in new window

to read as

Unattended-Upgrade::Automatic-Reboot-Time "04:00";

Open in new window


to allow automatic reboots at 4:00 am as necessary.I didn't make any other changes because I use monitoring software that reports update statuses.

Next we edit 10periodic (or 2periodic, I don't think it matters.  I'm not sure what the difference is, if there is any.  I just know that some documentation reads 10 periodic and some 2periodic.  I don't recommend having both files, just use on or the other)  Both files use commands that are well documented in the file /etc/cron.daily/apt.  (There is no need to edit /etc/cron.daily/apt, just read it).nano /etc/apt/apt.conf.d/10periodic

APT::Periodic::Enable "1";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";

Open in new window


Then verify that /etc/apt/apt.conf.d/20auto-upgrades is correct:nano /etc/apt/apt.conf.d/20auto-upgrades

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

Open in new window


Reboot your system and give it 24 hours.  You should notice that all of you updates are being installed automagically! 

Note I set my updates to happen daily, this is my preference, you may want to change it to weekly, to reduce overhead.  I highly suggest reading the documentation to fully understand what is going on.  This is simply a guide to how I do it, use it to get going then fine tune it to your preferences.
This article is a repost from my blog: http://xpertnotes.net/blog/2015/03/02/automatic-updates-for-ubuntu-14-with-all-updates/
0
Comment
0 Comments

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Join & Write a Comment

Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial
Suggested Courses
Course of the Month19 days, 17 hours left to enroll

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month