So, to start I am glad that I have received a few requests for topics. One of them kind of covered two topics, automatic updates and log file management. I am going to split them up into two different posts, with the first being automatic updates.
Ubuntu, and many other distros, have it built in to enable automatic updates through their package managers. While you can install updates manually through the command line in Ubuntu through apt-get or aptitude (I prefer aptitude), sometimes you have a system that you want things a little more “hands free”. In Ubuntu (and other Debian/Debian based distros) this is provided by the unattended-upgrades package, available in your repository. On the desktop release, it is already installed, on the server release it is not.
First, it would be bad of me to not point out the official documentation on this. It is targeted at the server, but it applies to the desktop as well: https://help.ubuntu.com/10.10/serverguide/C/automatic-updates.html Note that is for Ubuntu 10.10, but they have similar documentation for other releases as well.
In Ubuntu 10.10 (and 11.04 natty), it is set by default for Security updates only, but it is also only set to update the package list. The unattended-upgrades package gives quite a bit of control over what it will and will not do, as well as options for letting you know what it did. In order to get it to actually install the packages automatically, you would need to edit the file /etc/apt/apt.conf.d/10periodic . In this file you will find a few options, as mentioned, by default the first one is enabled, updating the list of available packages. All of the settings in this file are how often that task will be performed in days. Note that this file is part of the package update-notifier-common which is not installed by default on the server release, but you can create it easily. The default contents of this file are:
APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "0"; APT::Periodic::AutocleanInterval "0";
Or you can install the update-notifier-common package which comes with some other nice goodies as well such as adding some information to your login MOTD if there are updates available, a reboot is required for a package update, and a few other nice things to have.
You can set it to download the new updates (but not install them) with the second option, as mentioned, setting it to 1 would have it do that every day, once per day, 3 would be every 3 days. The third option is how often you would like it to remove un-installed packages from the local package download cache. One option that may not be in that file by default (but you can add it) is the option to actually make it install the updated packages. If you set APT::Periodic::Unattended-Upgrade to a value, then new packages will be installed that often.
Now that we have covered how to make it install upgrades automatically, what if you would like to be notified that it happened? You can always check /var/log/unattended-upgrades, but that go’s against my first rule… I feel that whenever possible, my servers should come to me, not the other way around. So now we will make unattended-upgrades let me know when it does something. For that, we go to the file /etc/apt/apt.conf.d/50unattended-upgrades .
In this file, there is a setting Unattended-Upgrade::Mail, if you un-comment this line, and set it to your email address, your system will email you a summary of packages installed, or any errors encountered. Please note that for this to work, you will need something that provides /usr/bin/mail. The package mailx will provide this, it will also work with sendmail, postfix and others. Do note that because there will be several URL’s, all plain text, and the from address will be root@hostname, that the email will likely be spam filtered (it is for sure by gmail). After the first email arrives, just check your spam folder and then whitelist the sender of the email.
Also, the default is for unattended-upgrades to only work with security related updates. This is also modified in the file /etc/apt/apt.conf.d/50unattended-upgrades . If you would like it to also install updates from sources other than just the security repository, at the very top of this file you will see the entries for the other default repositories. Any that you un-comment will also get some unattended-upgrade love. There is also a setting in there to have it automatically reboot the server if a package install requires it… I prefer to leave this one off as I like to be in control of any downtime that my server has.
This pretty much covers how to get off the ground with unattended-upgrades. If you have any questions about it, or if you want to know if it can do something in particular, leave a comment!