For systems based on Debian/Ubuntu, you have got a package denominated unattended-upgrades, which allows to apply automatic updates (stable, security, updates and proposed-updates).
When we install an Ubuntu release, on the one hand we can mark the option for the system to automatically install the security updates. In this case, Ubuntu will install the unattended-upgrades package on the server and manage this subject.
And on the other, we can directly install it later and fit it based on our needs.
root@ubuntu-server:~# aptitude install unattended-upgradesThrough its configuration file (50unattended-upgrades), we can fit the types of updates (stable and security), the list of packages which must not be updated (mysql-server and apache2), an optional email address for warning about any problem, band with and so on.
root@ubuntu-server:~# cat /etc/apt/apt.conf.d/50unattended-upgrades
// Automatically upgrade packages from these (origin, archive) pairs
Unattended-Upgrade::Allowed-Origins {
"${distro_id} stable";
"${distro_id} ${distro_codename}-security";
// "${distro_id} ${distro_codename}-updates";
// "${distro_id} ${distro_codename}-proposed-updates";
};
// List of packages to not update
Unattended-Upgrade::Package-Blacklist {
"mysql-server";
"apache2";
};
// Send email to this address for problems or packages upgrades
Unattended-Upgrade::Mail "admin@ubuntu-server.local";
// Do automatic removal of new unused dependencies after the upgrade
//Unattended-Upgrade::Remove-Unused-Dependencies "false";
// Automatically reboot *WITHOUT CONFIRMATION* if a
// the file /var/run/reboot-required is found after the upgrade
Unattended-Upgrade::Automatic-Reboot "false";
// Use apt bandwidth limit feature, this example limits the download
// speed to 70kb/sec
//Acquire::http::Dl-Limit "70";In order to set the update period (in days), we have to edit the 20auto-upgrades file. In the following example, the packages which can be updated will be downloaded everyday, but the automatic updates will just be applied once a week. The downloaded packages will be removed every 15 days.
root@ubuntu-server:~# cp -a /usr/share/unattended-upgrades/20auto-upgrades /etc/apt/apt.conf.d/
root@ubuntu-server:~# cat /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::Unattended-Upgrade "7";
APT::Periodic::AutocleanInterval "15";We can manually execute the unattended-upgrade daemon as well, by means of the next order.
root@ubuntu-server:~# unattended-upgrade -d
Initial blacklisted packages: mysql-server apache2
Starting unattended upgrades script
Allowed origins are: ["('Ubuntu', 'stable')", "('Ubuntu', 'maverick-security')"]
pkgs that look like they should be upgraded:
Fetched 0B in 0s (0B/s)
blacklist: ['mysql-server', 'apache2']
InstCount=0 DelCount=0 BrokenCout=0
No packages found that can be upgraded unattendedAnd finally, also say this application will be run via cron (/etc/cron.daily/apt). All output will be logged into the /var/log/unattended-ugprades.log file.
No comments:
Post a Comment