Wulf's Various Things

User Tools

Site Tools

Trace:
linux:unattended-updates

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Next revision		Previous revision
linux:unattended-updates [2018/07/22 15:47] – created Wulf Rajeklinux:unattended-updates [2023/06/05 14:05] (current) – [Initial installation and configuration] Wulf Rajek
Line 1: Line 1:
 ====== Unattended Updates ====== ====== Unattended Updates ======
 +
 +In order to install updates automatically, the unattended-upgrades package needs to be installed and configured. It can install only security updates or updates from any branch or repository that's desired. It can reboot automatically or not at all and it can exclude specific packages.
 +
 +===== Initial installation and configuration =====
  
 <code> <code>
Line 8: Line 12:
 vi /etc/apt/apt.conf.d/50unattended-upgrades vi /etc/apt/apt.conf.d/50unattended-upgrades
 #uncomment the desired origin. For only security updates, comment out everything else #uncomment the desired origin. For only security updates, comment out everything else
 +Unattended-Upgrade::Origins-Pattern {
 +      "o=Debian,n=bullseye";
 +      "o=Debian,n=bullseye-updates";
 +      "o=Debian,n=bullseye-proposed-updates";
 +      "o=Debian,n=bullseye-security";
 +      "o=Debian,n=bullseye,l=Debian-Security";
 +
 +//To enable ALL updates, use this:      
 +//      "site=*";
 +};
 +
 #blacklist packages as required (mysql-server,mysql-client,apache,php etc) #blacklist packages as required (mysql-server,mysql-client,apache,php etc)
-#set mail to whoever should receive it and make sure bsd-mailx or sendmail is installed and able to send mails +Unattended-Upgrade::Package-Blacklist { 
-#configure reboot+ "mysql-server*"; 
 + "mysql-common*"; 
 + "default-mysql-server"; 
 + "php7.0-*"; 
 + "apache2*"; 
 + "blink"; 
 + "python-sipsimple"; 
 +}; 
 + 
 +#Don't force updates 
 +Unattended-Upgrade::AutoFixInterruptedDpkg "false"; 
 + 
 +#set mail to whoever should receive it and make sure bsd-mailx or sendmail  
 +#is installed and able to send mails 
 +Unattended-Upgrade::Mail "root"; 
 + 
 +#configure reboot if desired. 
 +Unattended-Upgrade::Automatic-Reboot "false";
 </code> </code>
  
Line 26: Line 58:
 <code> <code>
 vi /etc/cron.d/unattended-upgrade  vi /etc/cron.d/unattended-upgrade 
-0 */4 * * * root sleep $(( $RANDOM % 14400 ));PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin unattended-upgrade+0 */4 * * * root sleep $(( 1$(date +\%N) \% 14400 ));PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin unattended-upgrade
 </code> </code>
  
 +Test the configuration using:
 +<code>sudo unattended-upgrades --dry-run
 +
 +tail /var/log/unattended-upgrades/unattended-upgrades.log
 +</code>
 +
 +===== Additional Repositories =====
  
 To include additional repositories, the origin and suite (archive) names need to be identified first: To include additional repositories, the origin and suite (archive) names need to be identified first:
Line 54: Line 93:
 </code> </code>
  
-Test the configuration using: 
-<code>sudo unattended-upgrades --dry-run 
  
-tail /var/log/unattended-upgrades/unattended-upgrades.log+ 
 +===== Notify required reboot on login ===== 
 +<code> 
 +vi /root/.profile 
 +</code> 
 +add after the .bashrc call, but before the mesg line: 
 +<code> 
 +-/var/run/reboot-required ] && echo -e "\n*** System restart required ***\n"
 </code> </code>
  
-To allow unattended upgrades for all packagesuse:+===== Running on battery ===== 
 + 
 +For unattended-upgrades to skip upgrades when the system is running on batterythe following package needs to be installed:
 <code> <code>
-Unattended-Upgrade::Origins-Pattern { +apt-get install powermgmt-base
-        "site=*"; +
-};+
 </code> </code>
  
linux/unattended-updates.1532270854.txt.gz · Last modified: (external edit)