Technical

Enabling unattended-upgrades in Ubuntu

1

As part of a project at a customer, we’re setting up a bunch of servers running Ubuntu 14.04, and I wanted the machines to keep themselves up to date.
There is a not well-known package that handles that pretty well: unattended-upgrades.

It works well so far, but I wanted to have more than security updates and get regular updates as well. As described in the Ubuntu help article, you can alter the file /etc/apt/apt.conf.d/50unattended-upgrades where you can find a lot of useful settings:

  • Unattended-Upgrade::Mail will send  you emails when something goes wrong (instead of relying on crontab’s EMAIL variable)
  • Unattended-Upgrade::Automatic-Reboot will reboot the machine if necessary
  • Unattended-Upgrade::Automatic-Reboot-Time allow you to define the best time to reboot after an upgrade

The settings I was after is Unattended-Upgrade::Allowed-Origins, and unlike what is shown in the article, mine looked like this:

Unattended-Upgrade::Allowed-Origins {
 "${distro_id}:${distro_codename}-security";
// "${distro_id}:${distro_codename}-updates"; // this is the line I'm looking for
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
};

All I had to do is uncomment the line ending in -updates line (we use Ansible to make the change on all machines) and I was done !

Note: if you’re new to Ansible and unattended-upgrades and don’t want to write your own roles, you should have a look at https://github.com/jnv/ansible-role-unattended-upgrades instead.