One common task for Linux sysadmins is to perform updates. The task in itself is not difficult. However, the issue comes in when the updates are performed for multiple Linux servers. The task becomes time-consuming and hence challenging.
Keeping the system up-to-date is essential for maintaining the stability of the servers. The updates also protect the servers from known vulnerabilities and hence keep it running smoothly. By performing automatic updates, you can be sure that your system is always up-to-date with the latest security patches and software updates. Additionally, automatic updates will save you time and effort, as you will no longer have to manually check for and install the updates on a regular basis.
This guide will show a step-by-step process for configuring your Ubuntu system to automatically update software packages and security updates.
Let's get started.
Installing Unattended-upgrades package
We'll use unattended-upgrades
to perform the updates automatically. So we'll start by installing it.
Follow the steps below to install unattended-upgrades
package.
-
Open the terminal. You can do so by pressing
Ctrl + Alt + T
. -
Update the package lists with the following command.
sudo apt-get update
-
After the packages database is up-to-date, use the command below to install the unattended-upgrades package.
sudo apt-get install unattended-upgrades
-
After installation, run the following command to enable automatic updates.
sudo dpkg-reconfigure --priority=low unattended-upgrades
In the configuration window that appears, use the arrow keys to select
Yes
, and pressEnter
to confirm that automatic updates should be enabled.The installation is now complete. The next step is to configure the updates settings.
Configuring Automatic Update Settings
After the installation of unattended-upgrades
, one needs to configure the settings to suit his/her needs. Let's see how to do this.
-
Open the terminal once more by pressing
Ctrl + Alt + T
-
Use the following command to open the configuration file for the automatic updates.
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
In this configuration file, you can specify exactly what types of updates you want installed automatically. For example, you can only choose to install security updates and leave software updates. You can also choose to install all the updates.
-
To specify the updates you want to install automatically, find the following lines in the configuration file:
// Automatically upgrade packages from these (origin:archive) pairs Unattended-Upgrade::Allowed-Origins { "${distro_id}:${distro_codename}-apps - security"; // "${distro_id}:${distro_codename}-updates"; // "${distro_id}:${distro_codename}-proposed"; // "${distro_id}:${distro_codename}-backports"; };
Remove the double forward slash
//
(Comment symbols) from the lines that correspond to the types of updates you want to install.For example, for
security updates
, the comments symbols are removed by default, which means security updates will be installed. To install software updates, remove the comment symbol from the following line:// "${distro_id}:${distro_codename}-updates";
Removing the comment symbol from proposed updates will enable automatic updates for the proposed repository, which is a staging area for updates that are being tested before they are released to the stable repositories. These updates are not recommended for production systems.
Backports updates update the backports repository, which contains updated versions of packages that have been backported from a newer release of Ubuntu to an older release. These updates are provided as a convenience to users who want to use newer software on an older system, without having to upgrade to a newer release of Ubuntu.
You might also want to remove comments from these lines.
// Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
// Unattended-Upgrade::Remove-Unused-Dependencies "false";
// Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
// Unattended-Upgrade::Automatic-Reboot "true";
With
Automatic-Reboot
set to true, you should make sure to set a time to reboot the machine. Choose a time that the server is not in use mostly, i.e., the late nights.To set the time, Uncomment the line below and set the time that you prefer:
// Unattended-Upgrade::Automatic-Reboot-Time "02:00";
-
Once you have made all the changes necessary, press
Ctrl + X
to exit, then pressY
to save the changes, and pressEnter
to confirm the file name.
Verifying Automatic Update Functionality
After the installation and configuration of the settings to automatic updates, we can verify that it is working as it should by using the following command.
sudo unattended-upgrade --dry-run --debug
This command will check for available updates, if there are some available, it will display a list of packages to be installed.
You can then install the updates by running the command below.
sudo unattended-upgrade -v
The command above will download and install the updates and you can monitor the progress in the terminal.
sudo less /var/log/unattended-upgrades/unattended-upgrades.log
The log file should display the details of the updates installed as well as the errors that may have occorred during the installation process.
Baseline
Following this guide will ensure that your system remains up-to-date with the latest security patches and software updates without having to manually check for and install them. This will save you time and effort, while also improving the security and stability of your system. Remember to periodically check your system to ensure that automatic updates are functioning as expected.
If you found this guide helpful, consider sharing it with those who might find it interesting.
Thanks for reading. :)