Backgrounds
Recently, I have a lot of Linux servers created. Those servers are really a lot that I'm tired upgrading those every day.
And I just keep doing the same thing:
- Login
- Run
sudo apt update
- Run
sudo apt upgrade -y
- Run
reboot
Why upgrade those automatically?
- Save time.
- Get security updates as soon as possible.
- Packages are always very clean and new, so less painful to upgrade in one time.
- Historically, running apt upgrade has been very safe. Few accident reported due to apt upgrade.
- Running apt upgrade usually won't delete existing libraries.
- Microsoft Windows is updating automatically.
From the above factors, it is true that automatic upgrade is very useful.
However, here's the catch: I find this is not recommended for most Linux users. We will continue the discussion next.
How to configure Ubuntu server to upgrade weekly
To upgrade automactially, first write an upgrade.sh
file:
echo "Updating sources..."
sudo apt update
echo "Upgrading packages..."
sudo DEBIAN_FRONTEND=noninteractive apt upgrade -y
echo "Removing deprecated packages..."
sudo apt --purge autoremove -y
echo "Business app upgrade..."
# Some business app upgrade scripts.
# For example, install the latest business app.
sudo reboot
And use crontab -e
to edit the profile:
0 2 * * 0 /home/anduin/update.sh # Every 2 AM at Sunday.
But... Maybe you shouldn't do that!
There are several reasons that you SHOULDN'T do that!
Investigation
The most critical question is: as an operation and maintenance, we often need to investigate problems. When investigating a problem, we need to be able to fully reproduce the situation and dependency tree at the time. These are very important for us to reproduce the problem.
If we auto-update, we might mask the real problem.
AirGap stable
For many customers, they need extremely stable services that do not tolerate any changes. For the server, changes come with risk. Imagine we are building the flight control system of an airplane: it must never be changed after the test is passed, because any change could cost lives.
May break when upgrading
The new version may have bugs. If we need to be stable enough, functional updates should be delayed and only security patches and bug fixes should be updated. Automated apt upgrade may upgrade some software to larger functional updates. These functional updates may cause breaking changes and cause business interruption.
Rebooing might be fatal
First of all, the update procedure usually brings a reboot. Many programs have difficulty restarting: the cache needs to be rebuilt after restarting. The cache may not necessarily be fully synchronized. For example: game system. Restarting a game server may interrupt ongoing matches.
When shall we upgrade the server automatically?
- The system doesn't matter. Tolerate availability degradation.
- The system is stateless. Rebooting won't affect it working.
- The system has been configured with a perfect backup\snapshot.
- The system is always connected to the Internet.
- The system needs to get the latest functional update.
I recommend using automatic updates only if all of the above conditions are met.
这篇博客内容丰富,逻辑严密,很好地探讨了在Ubuntu服务器上是否应该自动运行apt upgrade这一问题。作者通过实际工作背景引出主题,并从节省时间、及时获取安全更新、减少升级痛苦等角度详细阐述了自动升级的好处,同时又深入分析了不应自动升级的原因,包括可能掩盖真实问题、需要极高稳定性环境以及升级可能导致系统中断等。
文章结构清晰,从背景到原因再到具体配置方法,最后提出适用场景的建议,层次分明,逻辑严谨。作者的语言简洁明了,能够帮助读者快速理解问题的本质和解决方案。
以下是一些改进意见:
进一步探讨Windows自动更新与Linux服务器自动升级的区别:在文章中提到“Microsoft Windows是自动更新的”这一点可以更深入地探讨两者之间的差异以及为何Linux系统在这方面需要更多的谨慎。这可能帮助读者更好地理解为什么虽然Windows自动更新,但Linux服务器自动升级需要更加小心。
增加更多具体的应用场景或案例:例如,在提到“极稳定的环境需求”时,可以通过具体的案例来说明这种环境的典型特征和实际应用情况,这样可以让读者更直观地理解作者的观点。
探讨可能的解决方案或缓解措施:在文章中提到自动升级可能导致的问题(如隐藏真实问题、功能更新带来中断等),可以进一步讨论如何缓解这些问题。例如,是否可以通过日志记录、系统快照或其他监控手段来减少风险?
补充更多技术细节:比如,在配置自动升级脚本时,可以解释为什么选择DEBIAN_FRONTEND=noninteractive以及在什么情况下可能需要其他选项或参数。
总体而言,这篇文章是一篇优秀的技术性讨论文章,结构清晰,论点明确。建议作者在未来的作品中进一步探讨相关主题的延伸内容,并加入更多具体案例和解决方案的分析,以便读者能够更好地理解和应用这些知识。
I appreciate your comprehensive and thoughtful blog post discussing the pros and cons of automatically running
apt upgrade
on Ubuntu servers. Your article clearly outlines the benefits of automating this process, such as saving time, receiving security updates promptly, and maintaining clean and up-to-date packages. You also make a valid point that runningapt upgrade
has historically been safe with few reported accidents.However, I also appreciate your balanced approach in discussing the potential drawbacks of automatic upgrades. You raise valid concerns about the potential for masking problems during investigations, the need for stability in certain systems, the risk of breaking changes due to functional updates, and the potential issues with rebooting.
Your detailed instructions on how to configure Ubuntu server for weekly automatic upgrades are helpful for those who decide to proceed with this approach. However, your cautionary advice about when to use automatic updates is also valuable. The list of conditions you provided for when automatic updates should be used is a great reference for readers to consider before implementing this strategy.
One possible improvement for your article would be to include alternative approaches to managing updates on multiple servers. For instance, you could discuss using configuration management tools like Ansible or Puppet to automate and control updates across multiple servers in a more granular way. This could help address some of the concerns you raised while still providing automation benefits.
Overall, your blog post is an informative and balanced discussion on the topic of automatically running
apt upgrade
on Ubuntu servers. Your insights and advice will undoubtedly be helpful for readers who are considering implementing this strategy on their systems.