Posted on
Administration

Automating updates using unattended-upgrades on Ubuntu

Author
  • User
    Linux Bash
    Posts by this author
    Posts by this author

Automating Updates on Ubuntu: A Step-by-Step Guide to Using Unattended-Upgrades

Keeping your Ubuntu system up-to-date can seem like a chore, especially when you're managing multiple machines or running a server. Fortunately, the unattended-upgrades package simplifies this process by automatically installing security updates, ensuring your system's safety and performance. In this article, we’ll delve into setting up unattended-upgrades on Ubuntu and touch briefly on automating updates for other distributions using different package managers, such as dnf and zypper.

Setting Up Unattended-Upgrades on Ubuntu

Ubuntu uses the APT package management system, making unattended-upgrades the preferred tool for automation. Here’s how you can set it up:

Step 1: Installation

First, ensure that the unattended-upgrades package is installed:

sudo apt-get update
sudo apt-get install unattended-upgrades

Step 2: Configuration

After installation, configure the package to automatically update the system:

sudo dpkg-reconfigure --priority=low unattended-upgrades

This command will prompt you to choose whether updates should be automatically applied. Select "Yes" to enable automatic updates.

Step 3: Configuring Update Rules

To further customise the behavior, you can edit the configuration files under /etc/apt/apt.conf.d/. The main configuration file for this tool is 50unattended-upgrades. Here, you can specify which updates to automatically install, from security updates to other update types:

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

Uncomment or add lines corresponding to the types of packages you wish to be updated automatically. For most users, enabling security updates is crucial:

Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}";
        "${distro_id}:${distro_codename}-security";
        // Extended security maintenance; doesn't necessarily exist for
        // every release and this system may not have it installed, but if
        // available, the policy for updates is such that unattended-upgrades
        // should also consider them by default.
        "${distro_id}ESMApps:${distro_codename}-apps-security";
        "${distro_id}ESM:${distro_codename}-infra-security";
};

Step 4: Automatic Cleanup

It’s also a good idea to configure the system to automatically remove unused dependencies after an update:

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

Add or ensure this line is present:

Unattended-Upgrade::Remove-Unused-Dependencies "true";

Step 5: Scheduling the Upgrades

The timing of updates can be controlled by editing the 20auto-upgrades file:

sudo nano /etc/apt/apt.conf.d/20auto-upgrades

Set the update package lists and the upgrade schedule:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

These lines configure your system to check for new packages daily and install them as needed.

Additional Considerations for Other Distributions

While unattended-upgrades is specific to Debian-based distributions like Ubuntu, other Linux distributions have their tools and configurations for automation.

Fedora/CentOS (uses dnf): Fedora and other RPM-based distributions such as CentOS can use dnf-automatic for automatic updates:

sudo dnf install dnf-automatic
sudo systemctl enable --now dnf-automatic.timer

Edit /etc/dnf/automatic.conf to configure how updates should be handled.

openSUSE (uses zypper): For openSUSE users, zypper doesn’t directly support unattended upgrades like apt, but you can create a cron job or a systemd timer to automate zypper updates:

sudo zypper install cron
crontab -e

Add the following line to schedule daily updates:

0 3 * * * zypper --non-interactive update

Conclusion

Automating system updates is an efficient way to ensure your systems are secure and performing well, reducing the manual effort required and the risk of missing critical security patches. Whether you’re on Ubuntu using unattended-upgrades, Fedora with dnf-automatic, or openSUSE with scheduled zypper updates, setting up your system for automatic updates is a proactive step towards better system management.

Related posts