a public resource for all things web hosting, systems administration, and dedicated server management.

Automatic updates for linux servers

If you're one of Anchor's customers with an unmanaged dedicated server (or VPS), we enable automatic updates by default. This is a newer (albeit poorly documented) feature on Debian and Ubuntu systems, and a primitive task we've scripted up for Redhat/Fedora systems.

Read on if you'd like to know how this is setup, or you need to modify the functionality. It's assumed you're comfortable with regular package management and maintenance operations on your system.

Contents

  1. Automatic updates for linux servers
    1. Debian-type / Ubuntu
    2. Redhat-type / Fedora

Debian-type / Ubuntu

Debian systems have a package solution for this in more recent versions (albeit not well documented at all).

  1. Install the package 

    aptitude update
aptitude install unattended-upgrades

  2. This doesn't do anything on its own, contrary to what you might've guessed, so we add a conf fragment in /etc/apt/apt.conf.d/98local 

    APT::Periodic::Unattended-Upgrade "1";
  3. Set some periodic options to have downloads and cleaning done automatically

    • If you have the update-notifier-common package installed (more likely on Ubuntu), you can modify /etc/apt/apt.conf.d/10periodic like so: 

      APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "1";

    • If not, drop those three lines into /etc/apt/apt.conf.d/98local

  4. Activity is logged to /var/log/unattended-upgrades/

  5. You may wish to edit /etc/apt/apt.conf.d/50unattended-upgrades to configure upgrade sources

  6. Depending on your version of the unattended-upgrades package, you can also set a mail recipient for notification about upgrade actions, once again in /etc/apt/apt.conf.d/50unattended-upgrades 

    // Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent, make sure that you
// have a working mail setup on your system. The package 'mailx'
// must be installed or anything that provides /usr/bin/mail.
//Unattended-Upgrade::Mail "root@localhost";

  7. You should be good to go. APT brings its own cronjob to /etc/cron.daily/apt which handles the actual running of maintenance tasks

Redhat-type / Fedora

Things are a little less advanced for Redhat. Drop this shell script into /etc/cron.daily/yumupdate.sh and set it to be executable 

   1 #!/bin/sh
   2 
   3 YUM=/usr/bin/yum
   4 
   5 # -y == assume yes
   6 # -d == debug verbosity
   7 # -e == error-reporting level
   8 # -R == wait 0~n min before running the command (randomise)
   9 
  10 # clear all packages, dependency headers, metadata and metadata cache
  11 ${YUM} -y -d 0 -e 0 clean all
  12 
  13 # update the yum package itself
  14 ${YUM} -y -d 0 -e 0 update yum
  15 
  16 # update everything
  17 ${YUM} -y -R 10 -e 0 -d 0 update
Did did you find this article useful? Then See also articles on: Web hosting support, dedicated server administration and useful hosting tools