Debian considering automated upgrades

Posted Dec 16, 2016 1:42 UTC (Fri) by JanC_ (guest, #34940)
In reply to: Debian considering automated upgrades by tnoo
Parent article: Debian considering automated upgrades

That shouldn't really be a problem with 'unattended-upgrades':

* by default it only upgrades for security issues; you could also configure it to only upgrade from your own private tested repository, if you think that's necessary on certain critical systems
* it allows for a configurable blacklist of packages that will never be upgraded
* it can try to fix interrupted upgrades automatically (or you can disable this)
* you can configure it to delay upgrades until shutdown/reboot
* automatic reboot is possible but optional, can be scheduled to happen immediately or at a particular time, and when disabled it's easy for other programs or scripts to check if a reboot is wanted at a more opportune moment

etc.

And in any case, removing or disabling it is easy if that's what you really want/need.

to post comments

Debian considering automated upgrades

Posted Dec 16, 2016 1:48 UTC (Fri) by JanC_ (guest, #34940) [Link] (1 responses)

Also see: https://github.com/mvo5/unattended-upgrades (the default configuration files are under /data/ )

Debian considering automated upgrades

Posted Dec 17, 2016 9:34 UTC (Sat) by Cato (guest, #7643) [Link]

A fairly nice Ansible role that installs and configures unattended-upgrades for Debian and Ubuntu: https://github.com/jnv/ansible-role-unattended-upgrades.git

Ansible is lightweight compared to Puppet/Chef/Salt etc - only requires SSH and Python on target server (and you can bootstrap to install Python if needed), and is easy to learn since its scripts are executed sequentially. See http://docs.ansible.com/