Auto-upgrade with Debian

from Hugo Haas <[email protected]>, Tue, 21 Nov 2000 22:50:17 -0500

Replies:

gerald

Parents:

None.

--SLDf9lqlvOQaIe6s
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

I have been wanting to have a look at auto-upgrading my Debian boxes so
that I could just forget about them for a long time, and I finally
reached a point where I had too many boxes to maintain. So I finally did
it.

It's actually (as I expected) pretty simple with apt: do an update of
the list of packages, and if one of them has changed, try to perform an
upgrade.

Until now, everything has been going fine. I guess that if a
configuration file is about to be changed, the upgrade will fail and I
will have to perform the update manually. Well, time will tell. Anyway,
when using stable, only bug fixes should be uploaded so there is little
chance that this kind of modification happens.

I am attaching the script that I run every night.

--
Hugo Haas <[email protected]> - http://larve.net/people/hugo/
- I know you feel bad about the juice incident, but I'm sure you can
make up for it somehow. - That's it! Somehow! -- Homer Jay

--SLDf9lqlvOQaIe6s
Content-Type: text/plain; charset=us-ascii
Content-Disposition: attachment; filename=auto-upgrade

#! /bin/sh

PATH=/usr/sbin:/sbin:/usr/bin:/bin

if [ ! "`apt-get -q update | grep ^Get`" ]
then
exit 0
fi

# Packages updated: do an upgrade
apt-get upgrade -q -y

--SLDf9lqlvOQaIe6s--

Re: Auto-upgrade with Debian

from Gerald Oskoboiny <[email protected]>, Mon, 12 Mar 2001 04:05:37 -0500

Replies:

ot
hugo

Parents:

hugo

On Tue, Nov 21, 2000 at 10:50:17PM -0500, Hugo Haas wrote:
> I have been wanting to have a look at auto-upgrading my Debian boxes so
> that I could just forget about them for a long time, and I finally
> reached a point where I had too many boxes to maintain. So I finally did
> it.
>
> It's actually (as I expected) pretty simple with apt: do an update of
> the list of packages, and if one of them has changed, try to perform an
> upgrade.

This is really cool and useful, and works much better than the
various Redhat autoupgrade systems I have experience with.

One minor annoying thing about the way this works is that you get
mail from cron whenever the package list is updated, whether or
not it affects any of the packages you have installed on your
systems.

Now that we have a bunch of machines using this system at work,
I am starting to get more and more of these messages (about 25 of
them in the last month, which isn't bad, but you know how I feel
about cron output. Well, some of you do.)

So I changed the last line of the auto-upgrade script on un to
skip the output if it says:

Reading Package Lists...
Building Dependency Tree...
0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

> #! /bin/sh
>
> PATH=/usr/sbin:/sbin:/usr/bin:/bin
>
> if [ ! "`apt-get -q update | grep ^Get`" ]
> then
> exit 0
> fi
>
> # Packages updated: do an upgrade
> apt-get upgrade -q -y

I changed the last line to:

apt-get upgrade -q -y | tac | sed '/^0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.$/,/^Reading Package Lists/d' | tac

The 'tac' stuff is necessary because '/pat1/,/pat2/d' doesn't work
as I would expect in sed: it deletes the lines even if there is no
line matching pat2.

--
Gerald Oskoboiny <[email protected]>
http://impressive.net/people/gerald/

Re: Auto-upgrade with Debian

from Olivier Thereaux <[email protected]>, Thu, 5 Jul 2001 14:07:17 +0900

Replies:

hugo

Parents:

gerald

Hey.

I had a look at the auto-upgrade script for debian, described in [1]
and [2] and have a few questions for the author(s), along with (humble)
proposals to improve it.

[1] http://impressive.net/archives/fogo/[email protected]
[2] http://impressive.net/archives/fogo/[email protected]

The script is:

#######################################################################

#!/bin/sh

PATH=/usr/sbin:/sbin:/usr/bin:/bin

if [ ! "`apt-get -q update | grep ^Get`" ]
then
exit 0
fi

# Packages updated: do an upgrade
apt-get upgrade -q -y | tac | sed '/^0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.$/,/^Reading Package Lists/d' | tac

#######################################################################

Question 1 is about the -y. I always wondered what happens when a
configuration file is about to be overriden. When running interactively,
I usually say "D" (diff) and have a look at what changes are made. The
problem is that no "default" behaviour is good, sometimes you need to
keep your version (when you've made a custom config), but sometimes you
need to accept the newer version (lack of backward-compatibility, not
frequent, but I saw that a couple of time, or just that you don't care,
in which case having the latest-default-version is good).

Hugo, you expressed this concern in you mail [1], too, and said "time
will tell". What did time tell, after all?

I just did a quick test, run apt-get -y dist-upgrade, knowing that it
would want to change /etc/ssh/sshd_config, and... it went interactive,
so I don't have the answer for a non-interactive cron script.

Question 2 is about the choice of apt-get upgrade instead of
dist-upgrade. "If you are not familiar with debian", upgrade only
upgrades packages with new versions and no conflict, while dist-upgrade
tries to be smart and installs new packages if it can solve a conflict.

The main drawback, IMHO, of an auto-upgrade system, is that it makes you
confident and comfortable that "everything is fine, stuff are up to date
and worky", though some conflicts may prevent a package to be upgraded
for months. If you also do some upgrade by hand from time to time,
that's OK, but...

Therefore, I think it would be good to use dist-upgrade instead of
upgrade.

Question 3 : what about monitoring important packages? Inserting
something like:

apt-get -u -s dist-upgrade | grep -v ^Conf

or, if you prefer short cron messages:

apt-get -s dist-upgrade | grep ^Inst

and filter with a list of "crucial" stuff (ssh, libc6, a.s.o). Could be
cool, woundn't it?

Does the "tac/sed" stuff work? I tried, and it seems it doesn't.
An alternative to this would be to use the filter described above, and
trash every output but this and errors.

Question 4 : Why not add a apt-get clean at the end of the script?
Would save disk space...

Thoughts?

Oh, BTW, Gerald, could you subscribe me to the list? Thanks :)

--
Olivier

Re: Auto-upgrade with Debian

from Hugo Haas <[email protected]>, Fri, 27 Jul 2001 07:37:05 -0400

Replies:

None.

Parents:

gerald
ot

[ Sorry for the delay. ]

* Olivier Thereaux <[email protected]> [2001-07-05 14:07+0900]
> Question 1 is about the -y. I always wondered what happens when a
> configuration file is about to be overriden. When running interactively,
> I usually say "D" (diff) and have a look at what changes are made. The
> problem is that no "default" behaviour is good, sometimes you need to
> keep your version (when you've made a custom config), but sometimes you
> need to accept the newer version (lack of backward-compatibility, not
> frequent, but I saw that a couple of time, or just that you don't care,
> in which case having the latest-default-version is good).
>
> Hugo, you expressed this concern in you mail [1], too, and said "time
> will tell". What did time tell, after all?

I am not quite sure I must say. I had once my sshd down because it was
stuck with a question it could not answer. That was... annoying. ;-)

> Question 2 is about the choice of apt-get upgrade instead of
> dist-upgrade. "If you are not familiar with debian", upgrade only
> upgrades packages with new versions and no conflict, while dist-upgrade
> tries to be smart and installs new packages if it can solve a conflict.

The problem is that dist-upgrade installs automatically important
packages IIRC, that I might have deselected on purpose. For example,
on my wireless station, I don't have syslogd nor crond. ;-)

> The main drawback, IMHO, of an auto-upgrade system, is that it makes you
> confident and comfortable that "everything is fine, stuff are up to date
> and worky", though some conflicts may prevent a package to be upgraded
> for months. If you also do some upgrade by hand from time to time,
> that's OK, but...
>
> Therefore, I think it would be good to use dist-upgrade instead of
> upgrade.

On a normal server, without any weird configuration, probably.

> Question 3 : what about monitoring important packages? Inserting
> something like:
>
> apt-get -u -s dist-upgrade | grep -v ^Conf
>
> or, if you prefer short cron messages:
>
> apt-get -s dist-upgrade | grep ^Inst
>
> and filter with a list of "crucial" stuff (ssh, libc6, a.s.o). Could be
> cool, woundn't it?

That could work too. I am lazy though, and I must say that expect my
sshd problem once (that I solved with my SSL telnetd), I never had a
problem.

But yes, for critical machines with administrators doing their job
daily, using -s makes a lot of sense.

> Does the "tac/sed" stuff work? I tried, and it seems it doesn't.
> An alternative to this would be to use the filter described above, and
> trash every output but this and errors.

I think that refers to an improvement by Gerald. I will let him answer
that. ;-)

> Question 4 : Why not add a apt-get clean at the end of the script?
> Would save disk space...

I didn't know apt-get clean. ;-)

> Oh, BTW, Gerald, could you subscribe me to the list? Thanks :)

I am copying you on this in case it hasn't been done yet.

--
Hugo Haas <[email protected]> - http://larve.net/people/hugo/
Me fail English? That's unpossible. -- Ralph Wiggum