Thursday, August 23, 2018

Configure Unattended Upgrades on Raspberry Pi

If we were to run Raspberry Pi headless (without attached monitor), it would be nice if we can perform unattended system upgrades. In Debain/Ubuntu class of software, we can perform unattended upgrades using the software package unattended-upgrades. 

To install the software, use the command below: 

sudo apt-get install unattended-upgrades
# Following are additional software required
# we only need mailutils or bsd-mailx, choose 1
sudo apt-get install mailutils
sudo apt-get install bsd-mailx
sudo apt-get install update-notifier-common 

Next, we need to edit the configuration files:

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

The configuration should be similar as below:

Unattended-Upgrade::Origins-Pattern {
        // Codename based matching:
        // This will follow the migration of a release through different
        // archives (e.g. from testing to stable and later oldstable).
//      "o=Debian,n=jessie";
//      "o=Debian,n=jessie-updates";
//      "o=Debian,n=jessie-proposed-updates";
//      "o=Debian,n=jessie,l=Debian-Security";
        "o=${distro_id},n=${distro_codename}";
        "o=${distro_id},n=${distro_codename}-updates";
        "o=${distro_id},n=${distro_codename}-proposed-updates";
        "o=${distro_id},n=${distro_codename},l=Debian-Security";
// Archive or Suite based matching:
        // Note that this will silently match a different release after
        // migration to the specified archive (e.g. testing becomes the
        // new stable).
//      "o=Debian,a=stable";
//      "o=Debian,a=stable-updates";
//      "o=Debian,a=proposed-updates";
        "origin=Debian,codename=${distro_codename},label=Debian-Security";
};

Unattended-Upgrade::Mail "username@example.com";
Unattended-Upgrade::Automatic-Reboot "true";


Basically, we commented out those type of upgrade we want to apply. The second last line allows the system to email us the status. We must install mailutils or mailx first in Raspbian for the email notification to be effective. The last line allow the system to reboot automatically. Please also make sure that update-notifier-common has been installed.

There are more option that we can set such as reboot time and log file in the configuration file. Uncomment any option when necessary.

Next, we need to amend another auto upgrade configuration file.


sudo nano /etc/apt/apt.conf.d/20auto-upgrades

The configuration files should have the following:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::Verbose "1";
APT::Periodic::AutocleanInterval "7";

Finally, we perform a test to see if the upgrade process works:

sudo unattended-upgrade -d -v --dry-run

To enable unattended-upgrade use the following command:

sudo dpkg-reconfigure --priority=low unattended-upgrades


Reference

For further reference, please check out the following post:
Debian Wiki UnattendedUpgrades
Ubuntu Community Help: AutomaticSecurityUpdates
Ubuntu Official Documentation: Automatic Updates

***

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.