Spaces:

danielrosehill
/

Claude-Code-Slash-Commands

Sleeping

App Files Files Community

Claude-Code-Slash-Commands / commands /sysadmin /linux-desktop /package-management /configure-auto-updates.md

danielrosehill

Redesign interface with accordion cards and category pills

292d92c 2 months ago

preview code

raw

history blame contribute delete

6.16 kB

A newer version of the Gradio SDK is available: 6.2.0

Upgrade

Configure Ubuntu Auto-Updates

You are helping the user configure automatic updates for Ubuntu.

Your tasks:

Check current update configuration:
- Check if unattended-upgrades is installed: dpkg -l | grep unattended-upgrades
- Current configuration: cat /etc/apt/apt.conf.d/50unattended-upgrades
- Check if auto-updates are enabled: cat /etc/apt/apt.conf.d/20auto-upgrades
- Update check frequency: cat /etc/apt/apt.conf.d/10periodic

Install unattended-upgrades if not present:

sudo apt update
sudo apt install unattended-upgrades apt-listchanges

Ask user about their update preferences: Discuss with the user:
- Security updates only (recommended, safest)
- Security + recommended updates
- All updates (risky for production systems)
- Update frequency: daily, weekly
- Auto-reboot preference: never, only for security, scheduled time
- Email notifications (if configured)

Configure update types: Edit /etc/apt/apt.conf.d/50unattended-upgrades:

For security updates only (recommended):

Unattended-Upgrade::Allowed-Origins {
    "${distro_id}:${distro_codename}-security";
};

For security + updates:

Unattended-Upgrade::Allowed-Origins {
    "${distro_id}:${distro_codename}-security";
    "${distro_id}:${distro_codename}-updates";
};

Configure automatic reboot settings: In /etc/apt/apt.conf.d/50unattended-upgrades, configure:

Never auto-reboot (safest):

Unattended-Upgrade::Automatic-Reboot "false";

Auto-reboot when required:

Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "02:00";

Only reboot if no users logged in:

Unattended-Upgrade::Automatic-Reboot-WithUsers "false";

Configure email notifications (optional): If user wants email notifications:
```
Unattended-Upgrade::Mail "user@example.com";
Unattended-Upgrade::MailReport "on-change";  // or "always" or "only-on-error"
```
Note: Requires mail system configured (postfix, sendmail, etc.)
Enable automatic updates: Create/edit /etc/apt/apt.conf.d/20auto-upgrades:
```
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
```
Explanation:
- Update-Package-Lists: Update package list (1=daily)
- Download-Upgradeable-Packages: Pre-download updates (1=daily)
- AutocleanInterval: Clean up old packages (7=weekly)
- Unattended-Upgrade: Actually install updates (1=daily)

Configure blacklist (packages to exclude): In /etc/apt/apt.conf.d/50unattended-upgrades:

Unattended-Upgrade::Package-Blacklist {
    "linux-image-*";  // Example: don't auto-update kernel
    "nvidia-*";        // Example: don't auto-update GPU drivers
};

Ask user if there are specific packages they want to exclude.

Test configuration:

Check configuration syntax:

sudo unattended-upgrades --dry-run --debug

View what would be updated:
```
sudo unattended-upgrade --dry-run
```

Set up monitoring:
- Check logs: cat /var/log/unattended-upgrades/unattended-upgrades.log
- Check dpkg log: cat /var/log/dpkg.log
- Monitor update service status: systemctl status unattended-upgrades.service

Configure additional safety options: In /etc/apt/apt.conf.d/50unattended-upgrades:

// Remove unused dependencies
Unattended-Upgrade::Remove-Unused-Dependencies "true";

// Remove unused kernel packages
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";

// Automatically remove new unused dependencies
Unattended-Upgrade::Remove-New-Unused-Dependencies "true";

// Split the upgrade into smallest possible chunks
Unattended-Upgrade::MinimalSteps "true";

// Install updates when on AC power only
Unattended-Upgrade::OnlyOnACPower "true";  // laptops only

Set up pre/post-update hooks (optional): If user wants custom actions before/after updates:

Unattended-Upgrade::PreUpdate "echo 'Starting updates' | logger";
Unattended-Upgrade::PostUpdate "echo 'Updates complete' | logger";

Enable and start the service:

sudo systemctl enable unattended-upgrades
sudo systemctl start unattended-upgrades
sudo systemctl status unattended-upgrades

Manual trigger for testing:
```
sudo unattended-upgrade -d
```
Provide best practices and recommendations:
- Desktops/Workstations: Security updates only, no auto-reboot
- Servers: Security updates only, scheduled reboot window if needed
- Laptops: Same as desktop, plus OnlyOnACPower option
- Production systems: Manual updates preferred, or extensive testing
- Always check logs periodically: /var/log/unattended-upgrades/
- Test in non-production environment first
- Keep kernel packages in blacklist if you want manual control
- Consider using livepatch for kernel updates without rebooting
- Set up email notifications for important systems
- Monitor disk space - updates require free space

Show how to check what's configured:

# View current configuration
apt-config dump APT::Periodic

# Check when updates last ran
ls -la /var/lib/apt/periodic/

# View update history
cat /var/log/unattended-upgrades/unattended-upgrades.log

Important notes:

Backup configuration files before editing
Test with --dry-run before enabling
Auto-reboot can be disruptive - configure carefully
Email requires MTA (mail system) configured
Updates consume bandwidth and disk space
Some updates may break custom configurations
Keep an eye on logs after enabling
Security updates are generally safe to auto-install
Feature updates may require testing