Cool Solution - Automatic Upgrades for UCC Thinclients

From Univention Wiki

Revision as of 14:20, 5 September 2016 by Hpeter (talk | contribs)
Jump to: navigation, search
Produktlogo UCC Version 1.0

Note: Cool Solutions are articles documenting additional functionality based on Univention products. Not all of the shown steps in the article are covered by Univention Support. For questions about your support coverage contact your contact person at Univention before you want to implement one of the shown steps.

Also regard the legal notes at Terms of Service.


Ubuntu's Advanced Packaging Tool (APT) offers means for automatic software maintenance. The unattended-upgrades package is usually installed by default in UCC desktops.

It basically installs the /etc/cron.daily/apt cron script, which follows the instructions in these two files (explained next in more detail):

  • /etc/apt/apt.conf.d/10periodic (The frequency, in days, for the main tasks)
  • /etc/apt/apt.conf.d/50unattended-upgrades (Options)

Configuration

Set up

sudo apt-get install unattended-upgrades

Activate unattended upgrades

Automatic updates are normally disabled. To enable them, make sure both variables, APT::Periodic::Unattended-Upgrade and APT::Periodic::Update-Package-Lists are set to "1" in /etc/apt/apt.conf.d/10periodic

cat /etc/apt/apt.conf.d/10periodic
 APT::Periodic::Unattended-Upgrade "1";
 APT::Periodic::Update-Package-Lists "1";
 APT::Periodic::Download-Upgradeable-Packages "1";
 APT::Periodic::AutocleanInterval "5";

As we can see, in this file is possible to enable the automatic update of lists and the download and clean up of packages. For more options, you can check out the comments on the cron script.

Options

The main file to configure 'unattended-upgrades' is /etc/apt/apt.conf.d/50unattended-upgrades

There, you can select package sources. The system will apply such updates as programed. Typically you would allow security and updates. (// means the line is commented out)

 Unattended-Upgrade::Allowed-Origins {
       "${distro_id}:${distro_codename}-security";
       "${distro_id}:${distro_codename}-updates";
 //    "${distro_id}:${distro_codename}-proposed";
 //    "${distro_id}:${distro_codename}-backports";
 }

You can also exclude some critical packages you don't want to upgrade

 Unattended-Upgrade::Package-Blacklist {
     "libc6-i686";
 };

The /etc/apt/apt.conf.d/50unattended-upgrades file documents other useful options:

Unattended-Upgrade::AutoFixInterruptedDpkg "true";
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Unattended-Upgrade::Automatic-Reboot "false";
Unattended-Upgrade::InstallOnShutdown "true";

Set up notifications

Unattended-Upgrade::Mail "root@example.com";
Unattended-Upgrade::MailOnlyOnError "true";

And one to limit the network bandwidth (kb/sec)

Acquire::http::Dl-Limit "128";

Finally, the Official documentation recommends the package apticron for more advanced notification options.

More

Personal tools