9

I followed the documentation for enabling automatic upgrades in Ubuntu servers, but it's not really updating anything at all.

My /etc/apt/apt.conf.d/50unattended-upgrades looks almost like the default.

// Automatically upgrade packages from these (origin, archive) pairs
Unattended-Upgrade::Allowed-Origins {
        "Ubuntu karmic-security";
        "Ubuntu karmic-updates";
};

// List of packages to not update
Unattended-Upgrade::Package-Blacklist {
//      "vim";
//      "libc6";
//      "libc6-dev";
//      "libc6-i686";
};

// Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent, make sure that you
// have a working mail setup on your system. The package 'mailx'
// must be installed or anything that provides /usr/bin/mail.
Unattended-Upgrade::Mail "pupeno@example.com";


// Automatically reboot *WITHOUT CONFIRMATION* if a 
// the file /var/run/reboot-required is found after the upgrade 
//Unattended-Upgrade::Automatic-Reboot "false";

The directory /var/log/unattended-upgrades/ is empty. Running /etc/init.d/unattended-upgrades start is not very nice:

root@mozart:~# /etc/init.d/unattended-upgrades start
Checking for running unattended-upgrades: root@mozart:~#

Something seems to be broken, but I'm not sure why.

I have pending updates and they are not being applied:

root@mozart:~# aptitude safe-upgrade
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Reading extended state information      
Initializing package states... Done
The following packages will be upgraded:
  linux-libc-dev 
1 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Need to get 0B/743kB of archives. After unpacking 4096B will be used.
Do you want to continue? [Y/n/?]

In all the servers I have, unattended upgrades seems to have been disabled:

root@mozart:~# apt-config shell UnattendedUpgradeInterval APT::Periodic::Unattended-Upgrade
root@mozart:~#

Any ideas what am I missing?

deizel.
  • 193
  • 7
Pablo Fernandez
  • 7,438
  • 25
  • 71
  • 83
  • libc is a major package. I wouldn't let any server update that on it's own ! – Antoine Benkemoun Feb 09 '10 at 16:46
  • Antoine, I don't have any problem with it; besides, libc-dev is the devel package, probably a bunch of .h and things like that. And this is only what's pending now, now what will be pending latter on, so discussing this particular package doesn't add much to the issue. – Pablo Fernandez Feb 09 '10 at 17:06

3 Answers3

9

Check the actual documentation for your Ubuntu version here: 

/usr/share/doc/unattended-upgrades/README.gz

For Ubuntu 11.10, to enable it, you do:

sudo dpkg-reconfigure -plow unattended-upgrades

(it's an interactive dialog) which will create /etc/apt/apt.conf.d/20auto-upgrades with the following contents:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

So indeed the information in Ubuntu 10.04 server guide is out-of-date.

If you're using Puppet like we do at Bippo and Soluvas, you can use something like this to automate proper unattended-upgrades configuration:

# Unattended upgrades
package { unattended-upgrades: ensure => present }
file { '/etc/apt/apt.conf.d/50unattended-upgrades':
  content => template('bipposerver/50unattended-upgrades'),
  mode    => 0644,
  require => Package['unattended-upgrades'],
}
file { '/etc/apt/apt.conf.d/20auto-upgrades':
  source  => 'puppet:///bipposerver/20auto-upgrades',
  mode    => 0644,
  require => Package['unattended-upgrades'],
}
service { unattended-upgrades:
  enable    => true,
  subscribe => [ Package['unattended-upgrades'],
                 File['/etc/apt/apt.conf.d/50unattended-upgrades',
                      '/etc/apt/apt.conf.d/20auto-upgrades'] ],
}

Make sure to provide the templates/files 50unattended-upgrades and 20auto-upgrades as you see fit.

I'm also updating the Ubuntu Wiki page to reflect this.

Hendy Irawan
  • 335
  • 3
  • 8
  • 1
    +1 FWIW, the [13.04 server guide](https://help.ubuntu.com/13.04/serverguide/automatic-updates.html) is still out-of-date. – deizel. Aug 24 '13 at 23:36
6

I don't see anything wrong with your /etc/apt/apt.conf.d/50unattended-upgrades. Mine looks almost like yours but I only let security upgrades be applied automatically, nothing else. I also have it set to send mail simply to "root" (Postfix handles the rest).

But: the init script /etc/init.d/unattended-upgrades is not for running unattended upgrades. It just checks whether the unattended upgrade process is running and waits until it exits. I don't really know why it is needed or why it does what it does (it wasn't even present on previous Ubuntu versions) but it is not the way to do unattended upgrades.

Instead there is, on Ubuntu, a Python program called unnattended-upgrades that does the work. Try running that manually and see what happens. Also check the output of the command 

apt-config shell UnattendedUpgradeInterval APT::Periodic::Unattended-Upgrade

It should say UnattendedUpgradeInterval='1', indicating that you configured APT correctly to allow for unattended upgrades.

Ubuntu runs /etc/cron.daily/apt daily from cron. If you look at that script you see that it does various APT-related things, among them unattended upgrades. My guess is that you somehow disabled that cron script and so nothing happens unattended.

That's it, more or less, off the top of my head. Please post a followup if you have tried my ideas without success.

HTH

daff
  • 4,809
  • 2
  • 28
  • 27
  • 2
    Thank you for the answer daff. I added the output of "apt-config shell UnattendedUpgradeInterval APT::Periodic::Unattended-Upgrade" to the question. All my servers print nothing for it. – Pablo Fernandez Feb 19 '10 at 08:25
5

Have you check /etc/apt/apt.conf.d/10periodic ?

it should have the last line

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "1";
APT::Periodic::Unattended-Upgrade "1";
Tanarri
  • 514
  • 2
  • 5
  • 6
    These settings don't all live in 10periodic but are distributed over 10periodic, 20auto-upgrades and 50unattended-upgrades. If you put them in the wrong place a future APT upgrade may overwrite them. 20auto-upgrades is the place to set APT::Periodic::Unattended-Upgrade "1"; and 50unattended-upgrade to tune the behaviour, as described in the Ubuntu Server Guide. – daff Mar 01 '10 at 11:23
  • Could you put the detail information here or link(s)? I cannot find them. – Tanarri Mar 02 '10 at 03:25
  • 4
    This is as described at https://help.ubuntu.com/10.04/serverguide/C/automatic-updates.html – Tony Edgecombe Jun 06 '10 at 18:28
  • The Ubuntu 10.04 (official) Server Guide seems to be out of date. Refer to my answer for more info. – Hendy Irawan Jun 21 '12 at 07:15
  • 3
    The latest URL for the docs is: https://help.ubuntu.com/lts/serverguide/automatic-updates.html and it says that all these four should be in 10periodic as Tanarri qrote. The page for unattended upgrades, doesn't contradict this, though it adds some other useful info: https://help.ubuntu.com/community/AutomaticSecurityUpdates – SamGoody Sep 18 '15 at 08:29