Automatische Updates mit unattended-upgrades einrichten
Mit folgendem Befehl installieren wir unattended-upgrades aus den Paketquellen.
root:~# apt-get install unattended-upgrades
Nun passen wir die Konfiguration von unattended-upgrades an. Die Konfiguration ist durch die Kommentare eigentlich selbsterklärend.
root:~# vi /etc/apt/apt.conf.d/50unattended-upgrades
// Automatically upgrade packages from these (origin, archive) pairs
Unattended-Upgrade::Allowed-Origins {
"Ubuntu lucid-security";
"Ubuntu lucid-updates";
};
// List of packages to not update
Unattended-Upgrade::Package-Blacklist {
// "vim";
// "libc6";
// "libc6-dev";
// "libc6-i686";
};
// Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent, make sure that you
// have a working mail setup on your system. The package 'mailx'
// must be installed or anything that provides /usr/bin/mail.
Unattended-Upgrade::Mail "postmaster@example.com";
// Do automatic removal of new unused dependencies after the upgrade
// (equivalent to apt-get autoremove)
Unattended-Upgrade::Remove-Unused-Dependencies "false";
// Automatically reboot *WITHOUT CONFIRMATION* if a
// the file /var/run/reboot-required is found after the upgrade
Unattended-Upgrade::Automatic-Reboot "false";
// Use apt bandwidth limit feature, this example limits the download
// speed to 70kb/sec
//Acquire::http::Dl-Limit "70";
Um automatische Updates zu aktivieren, müssen wir noch folgendes in der Datei /etc/apt/apt.conf.d/02periodic einstellen.
root:~# vi /etc/apt/apt.conf.d/02periodic
// Enable the update/upgrade script (0=disable)
APT::Periodic::Enable "1";
// Set maximum size of the cache in MB (0=disable)
APT::Periodic::MaxSize "512";
// Do "apt-get update" automatically every n-days (0=disable)
APT::Periodic::Update-Package-Lists "1";
// Do "apt-get upgrade --download-only" every n-days (0=disable)
APT::Periodic::Download-Upgradeable-Packages "1";
// Run the "unattended-upgrade" security upgrade script
// every n-days (0=disabled)
// Requires the package "unattended-upgrades" and will write
// a log in /var/log/unattended-upgrades
APT::Periodic::Unattended-Upgrade "1";
// Do "apt-get autoclean" every n-days (0=disable)
APT::Periodic::AutocleanInterval "7";
// Send report mail to root
// 0: no report (or null string)
// 1: progress report (actually any string)
// 2: + command outputs (remove -qq, remove 2>/dev/null, add -d)
// 3: + trace on
APT::Periodic::Verbose "1";
Nun testen wir unattended-upgrades ob alles funktioniert.
root:~# unattended-upgrades --dry-run
In der Log-Datei /var/log/unattended-upgrades/unattended-upgrades.log schauen wir ob Fehler aufgetaucht sind.
root:~# less /var/log/unattended-upgrades/unattended-upgrades.log
Leider lässt sich das Subject der Benachrichtigung nicht ändern, da dies im Skript /usr/bin/unattended-upgrades Hard Coded ist. In meinem Fall möchte ich, dass der Hostname des Subject am Anfang in Eckigen Klammern steht. Dazu geht man zur Zeile 238 (und 239) und editiert den Eintrag entsprechend.
Hier das Diff der Änderung am Subject der Benachrichtigung.
238,239c238
< "-s", _("unattended-upgrades result "
< "for '%s'") % host(),
---
> "-s", _("[%s] unattended-upgrades") % host(),