As part of a project at a customer, we’re setting up a bunch of servers running Ubuntu 14.04, and I wanted the machines to keep themselves up to date.
There is a not well-known package that handles that pretty well: unattended-upgrades.
It works well so far, but I wanted to have more than security updates and get regular updates as well. As described in the Ubuntu help article, you can alter the file /etc/apt/apt.conf.d/50unattended-upgrades
where you can find a lot of useful settings:
Unattended-Upgrade::Mail
will send you emails when something goes wrong (instead of relying on crontab’s EMAIL variable)Unattended-Upgrade::Automatic-Reboot
will reboot the machine if necessaryUnattended-Upgrade::Automatic-Reboot-Time
allow you to define the best time to reboot after an upgrade
The settings I was after is Unattended-Upgrade::Allowed-Origins
, and unlike what is shown in the article, mine looked like this:
Unattended-Upgrade::Allowed-Origins { "${distro_id}:${distro_codename}-security"; // "${distro_id}:${distro_codename}-updates"; // this is the line I'm looking for // "${distro_id}:${distro_codename}-proposed"; // "${distro_id}:${distro_codename}-backports"; };
All I had to do is uncomment the line ending in -updates line (we use Ansible to make the change on all machines) and I was done !
Note: if you’re new to Ansible and unattended-upgrades and don’t want to write your own roles, you should have a look at https://github.com/jnv/ansible-role-unattended-upgrades instead.