Results 1 to 4 of 4

Thread: How to Schedule Unattended-Upgrades to Run Once a Month

  1. #1
    Join Date
    Dec 2005
    Beans
    2

    How to Schedule Unattended-Upgrades to Run Once a Month

    Hi Everyone,

    I am trying to get Unattended-Upgrades to run on my Ubuntu 18.04 servers. I would like it to run
    once a month (OnCalendar=Tue *-*-1..7 7:00:00). It's currently running every day. I am not sure
    how to modify the systemd timers to achieve this. Any help would be appreciated. I have been working with
    Ubuntu support since 10/22/19 and haven't been able to solve the problem.

    Code:
    # cat /etc/apt/apt.conf.d/50unattended-upgrades
    Unattended-Upgrade::Allowed-Origins {
            "${distro_id}:${distro_codename}";
            "${distro_id}:${distro_codename}-security";
            // Extended Security Maintenance; doesn't necessarily exist for
            // every release and this system may not have it installed, but if
            // available, the policy for updates is such that unattended-upgrades
            // should also install from here by default.
            "${distro_id}ESM:${distro_codename}";
            "${distro_id}:${distro_codename}-updates";
    //      "${distro_id}:${distro_codename}-proposed";
    //      "${distro_id}:${distro_codename}-backports";
    };
    // List of packages to not update (regexp are supported)
    Unattended-Upgrade::Package-Blacklist {
    //      "vim";
    //      "libc6";
    //      "libc6-dev";
    //      "libc6-i686";
    };
    Unattended-Upgrade::DevRelease "false";
    Unattended-Upgrade::Mail "dnp@ams.org";
    Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
    Unattended-Upgrade::Remove-Unused-Dependencies "true";
    Unattended-Upgrade::Automatic-Reboot "true";
    Unattended-Upgrade::Automatic-Reboot-Time "now";
    Code:
    # cat /etc/apt/apt.conf.d/20auto-upgrades
    APT::Periodic::Update-Package-Lists "1";
    APT::Periodic::Download-Upgradeable-Packages "1";
    APT::Periodic::AutocleanInterval "7";
    APT::Periodic::Unattended-Upgrade "1";
    Code:
    # cat /etc/apt/apt.conf.d/20auto-upgrades
    APT::Periodic::Update-Package-Lists "1";
    APT::Periodic::Download-Upgradeable-Packages "1";
    APT::Periodic::AutocleanInterval "7";
    APT::Periodic::Unattended-Upgrade "1";
    Code:
    # cat /etc/systemd/system/apt-daily.timer                        
    [Unit]
    Description=Daily apt dailey upgrade activities
    
    [Timer]
    #DayOfWeek Year-Month-Day Hour:Minute:Second
    OnCalendar=*-*-* 4:00:00
    RandomizedDelaySec=10min
    Persistent=true
    
    [Install]
    WantedBy=timers.target
    Code:
    # cat /lib/systemd/system/apt-daily-upgrade.timer
    [Unit]
    Description=Daily apt upgrade and clean activities
    After=apt-daily.timer
    
    [Timer]
    OnCalendar=*-*-* 7:00
    RandomizedDelaySec=20m
    Persistent=true
    
    [Install]
    WantedBy=timers.target

    Code:
    # systemctl list-timers --all
    NEXT                         LEFT          LAST                         PASSED       UNIT                       
    Thu 2019-12-05 10:04:21 EST  4min 27s left Thu 2019-12-05 09:01:43 EST  58min ago    anacron.timer              
    Thu 2019-12-05 17:07:51 EST  7h left       Thu 2019-12-05 07:06:54 EST  2h 52min ago motd-news.timer            
    Fri 2019-12-06 04:05:14 EST  18h left      Thu 2019-12-05 04:06:43 EST  5h 53min ago apt-daily.timer            
    Fri 2019-12-06 07:02:01 EST  21h left      Thu 2019-12-05 07:06:43 EST  2h 53min ago apt-daily-upgrade.timer    
    Fri 2019-12-06 07:39:16 EST  21h left      Thu 2019-12-05 07:39:16 EST  2h 20min ago systemd-tmpfiles-clean.time
    Mon 2019-12-09 00:00:00 EST  3 days left   Mon 2019-12-02 00:00:01 EST  3 days ago   fstrim.timer               
    n/a                          n/a           n/a                          n/a          snap-repair.timer          
    n/a                          n/a           n/a                          n/a          snapd.refresh.timer        
    n/a                          n/a           n/a                          n/a          snapd.snap-repair.timer    
    n/a                          n/a           n/a                          n/a          ureadahead-stop.timer
    Thanks,
    Dan
    Last edited by deadflowr; December 5th, 2019 at 07:18 PM. Reason: code tags

  2. #2
    Join Date
    Oct 2009
    Location
    Reykjavík, Ísland
    Beans
    13,426
    Distro
    Xubuntu 19.10 Eoan Ermine

    Re: How to Schedule Unattended-Upgrades to Run Once a Month

    The idea behind unattended updates is that they can be run often. Why do you want to block this?
    Bringing old hardware back to life. About problems due to upgrading.
    Please visit Quick Links -> Unanswered Posts.
    Don't use this space for a list of your hardware. It only creates false hits in the search engines.

  3. #3
    Join Date
    Dec 2005
    Beans
    2

    Re: How to Schedule Unattended-Upgrades to Run Once a Month

    My management only wants to patch monthly. I can't convince them that more frequently is to our benefit.

  4. #4
    Join Date
    Sep 2011
    Location
    Behind you!
    Beans
    1,193
    Distro
    Ubuntu 18.04 Bionic Beaver

    Re: How to Schedule Unattended-Upgrades to Run Once a Month

    Quote Originally Posted by dnp60 View Post
    My management only wants to patch monthly. I can't convince them that more frequently is to our benefit.
    Sounds like management making the wrong choice.

    However, I already install my servers without the option to do unattended upgrades...because I run my own script.

    I would find out "why" they are not wanting to do updates more frequently. If they want to ensure the system does not reboot but one time per month (uptime metric reasons), the upgrade does not force a reboot. You could have it check for an apply upgrades daily and on the 1st of every month, check if you see /var/run/reboot.required (iirc) and if you do, have the system auto-reboot.

    If they want the server to remain "stable" because of no changes (avoid site failures due to deprecated functions being removed...like PHP does), then I could understand why they desire a frozen system for a while...unless that system is exposed to the Internet which makes the risk of it not being patch far worse than the potential of a patch breaking the system.

    LHammonds

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •