0

As an administrator to many Ubuntu servers that run on AWS - sometimes I cannot keep track of what servers need package updates and when. Is there a way to automate this process in a sense where running sudo apt-get update and sudo apt-get upgrade is just done automatically?

EDIT: This is in question to running Ubuntu 16.04 LTS servers.

muru
  • 197,895
  • 55
  • 485
  • 740
Robert Dewitt
  • 126

2 Answers2

1

Disclaimer: I am not a Linux expert, merely someone trying to gain a level of expertise. I use ucaresystem-core in the terminal. It's automatic in the sense that it automates the sequence of commands that would otherwise be required. I suggest you visit https://www.ostechnix.com/ucaresystem-core-basic-maintenance-tool-ubuntu/. However, for full automation it seems that you might need to transition to the use of snaps.

Roy G
  • 55
  • So this script would run on its own without me having to keep using ssh into a server and run updates manually? – Robert Dewitt Jun 22 '17 at 00:18
  • @RobertDewitt Well, I have to run the command manually. I don't know enough about Linux to know if this can be invoked automatically. Sorry. Maybe the link that I provided will further inform you. – Roy G Jun 23 '17 at 23:34
1

You didn't say what version of Ubuntu you are running but since you are managing servers that are ostensibly in a production environment, I'll assume it's 16.04 LTS or something similarly stable. If so, the Software updater should take care of making sure that everything is patched to the latest stable version.

You can of course (as root) cron

apt-get update and 

apt-get upgrade

https://help.ubuntu.com/community/CronHowto

but there is a small downside using that approach as discussed on other threads on this site. Primarily, the issue is that packages available through the software updater have gone through an additional step of limited user testing that you don't get by using apt-get.

And of course some updates, notably kernel updates, that require a reboot to take effect. In a production environment you'll probably want to schedule any reboot for a maintenance window.

There is also a risk that an unattended upgrade could go wrong so I've always found value in watching the messages as package upgrades are performed to ensure that everything went smoothly.

jones0610
  • 2,157
  • Can you tell me more about cron? As well - you do have a point; automation may not always be best. – Robert Dewitt Jun 22 '17 at 00:28
  • 1
    Automation is pretty much a necessity for professional admins. So you're smart to look to ways to find sustainable ways to make your job easier and more consistent, especially for repetitive tasks. I happen to be uber-sensitive to maintaining a stable environment. You may have more tolerance for risk than I do. What you want to do is perfectly fine (IMO) so long as you make the assumption that all unattended package upgrades will run flawlessly. – jones0610 Jun 22 '17 at 00:37
  • We can chat about this on IRC if you like. There are ways to write a script to do the package upgrading via cron, send the messages to a file and then e-mail the file to you to review. In this way, you'll never have to ssh into a server to do upgrades and pass or fail, you'll be notified quickly how things went. If you have a trouble ticket system deployed sending the e-mail there will help with version control and scheduling for upgrades that failed. – jones0610 Jun 22 '17 at 00:53