What about 'automatic unattended updates' for Ubuntu 18 or 20 LTS? Yes or no?
What is the current community "think" about using 'automatic unattended updates' for Ubuntu 18 or 20 LTS?
For years I just log in on the first of the month and do an 'apt update' followed by an 'apt upgrade.'
Are most/many of you folks doing this? I'm skeptical of anything "automatic" in Linux… but I'm not afraid to ask and take advice from more experienced (and better!) Linux sysadmins than I am.
Al
5 Replies
My preference for any server would be manually updating the system. If something goes wrong or a configuration file needs updating before a reboot, it's something you'll want to take care of before you find problems later on, perhaps have to boot into a rescue environment, and in the worst case, rebuild your server completely.
When I do server restarts, I do so from Lish so I can monitor the output and make certain that nothing has gone wrong. That will also allow me a quick boot into a rescue environment if needed.
Don't forget to back up data, configuration files under /etc, any other folders you want to back up. You can utalize the Linode backup service, but I'd also recommend something off sight. Even Object Storage from Linode would do if it's not in the same data center as your Linode is.
Just some thoughts, hope they're helpful for you.
Blake
boot into a rescue environment
Can you briefly explain the above? Do you keep a mirror-server as a backup?
You write:
Can you briefly explain the above? Do you keep a mirror-server as a backup?
If your Linode becomes unbootable, you can boot into what's called "Rescue mode". During this process, your Linode is booted using PXE…which loads a small, memory-based Finnix distro that gives you enough capability to mount your regular file systems and try to effect a fix.
If you use "raw" partitions to install/run a non-Linux OS (e.g., Windoze or some flavor of BSD), you'll need to use rescue mode to download the installer and run it. I regularly carry out experiments on Linodes running FreeBSD or NetBSD. Rescue mode is the mechanism I have to use to install them.
See: https://www.linode.com/docs/guides/rescue-and-rebuild/
One thing you should do, IMHO, if your situation allows, is upgrade or install the latest LTS version of Ubuntu (20.04)…or consider Debian 10.
-- sw
P.S. I used to used Ubuntu but switched away from it. My reasons are outlined here:
- https://www.linode.com/community/questions/20847/ubuntu-or-debian-which-might-be-better-for-email
- https://www.linode.com/community/questions/21328/which-distro-makes-the-most-sense-for-ghost
I'm longing for the day when I can jettison Linux altogether and have a supported way to install FreeBSD, a true Unix, like you can at Digital Ocean. I don't use Digital Ocean for other reasons.
I learned that unattended-updates is installed and activated by default in Ubuntu 20. I'm not sure what it is updating or when! :-)
I do a manual "apt update" and "apt upgrade" every Sunday morning.
Often I will get a screen asking me if I want to restart the apache server AND unattended-updates. The box for apache is 'ticked' (with *) but not the box for unattended-updates.
Should I be restarting unattended-updates as well by "ticking" the box for that service?
When I used Ubuntu (and, even now using Debian), I have ALWAYS had unattended updates turned OFF. I don't trust an automated update manager (any of 'em) enough to do the right thing with respect to updating my system.
Given that, there's always the possibility that an unattended update will install something that is broken and your system/services won't come back up after the updater is done. It doesn't happen very often but it DOES happen. Better to have the chance to say no and investigate first, IMHO.
-- sw
P.S. Wrt Ubuntu, Canonical has gotten in a lot of hot water for installing spyware and little goodies that "phone home" in the past. They also opt for installing stuff that uses Canonical-only technology (e.g., snaps) over more tried/true/industry-standard technology. It's just one of the many ways they try to lock you in.