Any boiler plate cron job for auto update and reboot for regular package updates?
-Jeremy
Do you mean Ubuntu package updates? MiaB is configured to run those automatically, but only with apt-get, and reboot isn’t something usually configured to happen automatically, but you can certainly make any cron job that you feel is necessary.
Well I guess not apparently.
What would be nice is a script to run and reboot every night at midnight if an update needing a reboot occurred.
There is much you do not understand about how the server is configured. For example:
- How does the dashboard get the data printed on that page?
- What tools are installed to the server to manage packages, and how are those tools configured?
- Also, I missed typing a key phrase in my above post where I stated
apt-getbut meant to stateapt-get upgrade. Why might that matter?
Outdated packages are prone to breach.
I will figure it out or someone with the know how ill post something useful.
Thanks anyway!
If anyone finds a good way to improve or test this, please let me know. I don’t want to run a fowl on a production system. Thanks!
-Jeremy
Also, it’s true I don’t know how your software works, but based on your prior quote above, some of it does not:
It has been several days since this package notice came out, please see the following screen shot a few minuets ago when I updated my packages. It clearly says the output of the correlating packages that needed updating.
Thought you would like to know since it is your project.
https://fading.blue/u/907707.png
-Jeremy
That’s okay, we all know hos embarrassing it is when we go back through our posts from when we were still learning…
1 Like
Is it? That hasn’t been my experience, unless I’m impatient and beat it to the punch as I tend to run my own apt update; apt upgrade's manually once I receive the notifications.
This is a user forum for a freely provided software system. You are talking to other users here who are merely trying to be helpful.
In my experience, MIAB does apply safe updates on a 24 hour cycle.
Anyone using MIAB as a production mail server would probably not set it to reboot automatically as one would want to supervise what is being applied. Generally there isn’t much benefit to keeping packages right up to date unless you see a security notice. Just part of routine admin.
If your experimenting and learning you can also benefit from reading through the scripts in the GitHub repository to understand exactly how MIAB works.
The architecture diagram might be an interesting place to start. There is a reference there to a cron.daily job that includes status update btw which perhaps you might amend.
2 Likes
MIAB handles system updates in a pretty interesting way, but at least in my experience, it does a pretty good job of autoupdating itself. A couple of things that you need to keep in mind:
- The status checks are updated once every 24 hours by default.
- The system update check happens at random intervals to minimize the chance of all MIAB installs making a call to the mirrors at the same time (THIS IS A VERY GOOD THING.)
- The script that actually runs the apt commands is located at
/usr/lib/apt/apt.systemd.daily. That script basically checks for package updates that are considered safe for “unattended upgrade” and will cause those to update accordingly via the daily cron. - If a package is NOT set in the unattended upgrade parameters, it will have to be updated manually.
Obviously, not having every package marked for unattended upgrade is by design, so occasionally, you will have to manually do some package upgrades which may or may not require you to reboot the box.
“Just kick the box once a day” is not going to be a solution that everyone should (much less would) want, as many users use MIAB in a production environment where the advantage of availability outweighs the minute risk of some packages being out of date.
5 Likes
Thanks for the tips. I also pay an extra $1.70 for rotating backups from vultr. This is suitable for me in-case of melt down. I think I keep about maybe a couple weeks in rotation.
The minimal risk is worth the trade for convenience to auto update. However, I noted your network load worry. Are these packages pulling from an independent repo?
Thanks again!
If you think about this for a few moments, I suspect you can come up with a way to answer this question for yourself.
Ah, I’ll take that as a yes.
The reason I ask is because some of the packages seem standard. But I suppose customization always requires common packages to be modified a little.
You really shouldn’t, because that is certainly not the case. When you run apt update you should recognize every mirror that is being installed from. Every component of MIAB (aside from MIAB-specific scripts and configurations) should get installed from a common repo.
Bearing that in mind, when I said
Perhaps I should have been clearer and said “This is a good thing because it would be improper etiquette to make the 20K+ installs of MIAB all call the update servers at the same time.”
1 Like
Either way, your answer makes me feel a little more reassured otherwise. I really have trust issues with third party repo’s.
Update to my script, use at own risk.
Will let you know once I have one fully working, but this one appears to update fully.
My last script had the wrong search term, hopefully after another kernel update, this script will reboot properly.
Thanks for your efforts. I also echo the fact that I will not permit auto-reboot on a production server. It needs to be managed in off hours, so that in case of error or failure, backups can be deployed if needed.
Believe me - you only let a production email server go down once without planning for it happending again, with a clear idea how you will get it back online with minimal (or no) downtime and data loss.
Alternatively, you might use the Ubuntu built in functionality. See unattended upgrades in Ubuntu
You’ll need the package unattended-upgrades, (and update-notifier-common if you want automatic reboots). To enable/disable functionalitiy, look at /etc/apt/apt.conf.d/50unattended-upgrades