[SOLVED] Unattended upgrades: how to automate a few each day?
DebianThis forum is for the discussion of Debian Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Unattended upgrades: how to automate a few each day?
Are there any tools that can automate updating a few computers each day?
We have too many systems and not enough people to upgrade manually so we conclude it is desirable to update automatically. But, in case an update causes a critical breakage, updating all systems at the same time would create a peak urgent workload
So we conclude it is not desirable to update many systems at the same time.
Net result of all this cogitating: we would like to automate upgrading in batches, say a sixth of the systems each day Mon through Sat.
Searching the 'net for tools to do that has identified no solutions. Did I miss something? Or should I get scripting?
There are a lot of packages for updates on debian. From unattended upgrades to just notify a user. They all go with cron so you would just need to do the scheduling there.
AIUI none of those solutions are able to upgrade "a sixth of the systems each day Mon through Sat".
One solution would be to install unattended-upgrades and cron-apt then somehow hook into the part of cron-apt that does the upgrade and only let it be effective on the specified day for the particular computer. Maybe as simple as a daily cron job to set /var/lib/apt/periodic/upgrade-stamp.
But better not re-invent the wheel if there is such a wheel ... ?
AS far as I recal cron-apt per default only updates the packages list and predownloads stuff. So you would just add another cron job to actually do the update. Thus way the package would remain intact. Also you still would need to create those cron jobs your self or per ssh or maybe tell the chef to have his puppet repair the (cf)engine. Dunno if you have some of that running.
Help me get the phrase "a sixth of the sysstems each day Mon through Sat" right.
Script runs everyday. On Monday the first batch gets updates. Tuesday the next batch is up. and so on?
Or run on every machine on everyday and if there is an update elect the elite and send them into the fight while the rest gets the week off?
cron-apt has a random sleep built inside. So you could use this to have it report to some server and see if they are one of the lucky winner to try the new shiny or if they are to late for that day. Also this way you would need to change the script and the package with it. And some kind of control system to give out the tickets.
Or reverse this and have a control system start the update per ssh on some of the machines
That's an attractive idea, installing an extra cron job to do the upgrades, especially as we prefer not to to change as-installed files.
We do not run puppet. Maybe we should. Maybe this requirement is the one to tip the balance in favour of puppet. We did consider it but thought it complex to master and a few people were grumbling about it being flawed (details forgotten).
First thoughts on how to set up "a sixth of the systems to upgrade each day Mon through Sat" was to split them based on the second part of the fully qualified hostname (FQHN) which is effectively an organisation/department name. So a FQHN of server1.my_org.whatever could be parsed to get "my_org" and thence "m" which could be looked up in a configuration table to find out which day of the week it should upgrade on.
Advantages of this scheme are that it is zero-config on individual computers (they all have the same table) and very simple for humans to learn. When the calls start coming in for similar issues and all from organisations/departments with names beginning S to V and it's Friday ...
In case organisations/departments changed and resulted in a significantly uneven number of computers upgrading on various days, a new table could be distributed to all computers.
Random self-selection would be fun
Centralised control would be attractive but we have unreliable Internet connections and inconsistent computer up times
Distribution: Debian Testing, Stable, Sid and Manjaro, Mageia 3, LMDE
Posts: 2,628
Rep:
I assume you are using Debian Stable. Most package upgrades for your installed packages come from the security repo. They are patchs for potential exploits. I think you should think about getting them installed as soon as they are available.
That's an attractive policy until the day it causes a critical breakage on all systems and we don't have enough people to fix all the systems as quickly as the users and we would like.
OK, that scenario is unlikely -- given the care that Debian take with update quality control -- but it could happen, hence wanting to update one sixth of the systems on Monday through Saturday.
Marking this solved because the original question -- "Are there any tools that can automate updating a few computers each day?" -- seems to have been answered "no".
We have decided that creating a solution is relatively low priority so it will be while, if ever, before we have a solution to share.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.