//Cloudogu EcoSystem Docs

Configuration of unattended upgrades

This article describes how to enable and configure unattended upgrades in the CES setup. can be enabled. The unattended upgrades allow an automatic update of Ubuntu packages on the host machine. host machine. It is possible to configure some aspects of the upgrades, including:

  • Whether unattended upgrades are allowed to be performed in general.
  • Whether only security-related packages, or all possible packages should be upgraded.
  • Whether an automatic reboot of the host machine is allowed, and at what time it should occur.
  • Whether an e-mail should be sent as a notification after the successful or failed execution of the unattended upgrades. upgrades should be sent.

Note about a potential upgrade of Docker.

Note: As part of enabling the unattended upgrades, Docker's live restore is enabled. Therefore an automatic upgrade of Docker should not result in any downtime for Dogus. This behavior is not guaranteed by Docker, however, is not guaranteed. For more information, please refer to Docker's documentation: https://docs.docker.com/config/containers/live-restore/#impact-of-live-restore-on-running-containers

Prerequisites for unattended upgrades

The following prerequisites must be met for unattended upgrades.

Installation via web interface

  • For the use of email notifications, a Mail Relayhost must be configured in the Naming section of ces-setup. must be configured.

Installation via setup.json (unattended setup)

  • For using e-mail notifications, in the naming section of setup.json a Mail Relayhost must be configured. must be configured.
  • For using email notifications, the dogu section of setup.json must have official/postfix configured. must be entered as the dogu to be installed.

If one of these requirements is not met, the setup will abort and give an appropriate error message.

Configuration in setup.json

For importing projects, an upgrades block in setup.json must be configured in the following way.

"upgrades": {
    "enabled": true,
    "period": 1,
    "onlySecurity": true,
    "emailEnabled": true,
    "emailSender": "test@mail.de",
    "emailRecipients": "test@mail.de,test@mail.com",
    "emailOnlyOnErrors": true,
    "reboot": true,
    "rebootTime": "10:00"
}

General properties

enabled
  • Data type: Boolean
  • Accepted values: true or false.
  • Contents: Specifies whether unattended upgrades should be performed automatically.
period
  • Data type: Integer.
  • Accepted values: The value must be an integer greater than 0. (period > 0)
  • Optional: Requires that unattended upgrades are enabled (enabled=true).
  • Content: Specifies the period in days during which the unattended upgrades should be performed.
onlySecurity
  • Data type: Boolean
  • Accepted values: true or false.
  • Optional: Requires that unattended upgrades are enabled (enabled=true).
  • Contents: Only security-related upgrades are performed if this option is enabled. Otherwise all upgrades are performed.

Properties for automatic reboot

reboot
  • Data type: Boolean
  • Accepted values: true or false.
  • Optional: Requires that unattended upgrades are enabled (enabled=true).
  • Contents: Specifies whether the host machine is allowed to restart automatically after an unattended upgrade. The machine is rebooted only if it is required by an upgrade.
rebootTime
  • Data type: String.
  • Accepted values: The value must be an integer greater than 0. (period > 0)
  • Optional: Requires that the unattended upgrades (enabled=true) and the automatic reboot (reboot=true) are enabled.
  • Content: Specifies the time period in days during which the unattended upgrades should be performed.

Properties for the email notifications

emailEnabled
  • Data type: Boolean
  • Accepted values: true or false.
  • Optional: Requires that unattended upgrades are enabled (enabled=true).
  • Content: Specifies whether the host machine automatically sends an email after an unattended upgrade. The email contains information about the upgrade process. (e.g. if a restart of the host machine is required)
emailOnlyOnErrors
  • Data type: Boolean
  • Accepted values: true or false.
  • Optional: Requires that the unattended upgrades (enabled=true) and the email notifications (emailEnabled=true) are enabled.
  • Content: An email is sent only if an error occurred during the upgrades. Otherwise, an email is sent upgrade an email is sent.
emailSender
  • Data type: String
  • Accepted values: The value must be a valid email.
  • Optional: Requires that the unattended upgrades (enabled=true) and the email notifications (emailEnabled=true) are enabled.
  • Content: Sets the sender address of the email.
emailRecipients
  • Data type: String
  • Accepted values: the value must be a list of comma separated valid emails. Example: recipient1@test.de,recipient2@test.com
  • Optional: Requires that the unattended upgrades (enabled=true) and the email notifications (emailEnabled=true) are enabled.
  • Content: Sets the recipient addresses of the email.

Installation via script

Unattended upgrades can also be configured manually by script. The script activateUnattendedUpgrades.sh can be found under /usr/local/bin/.

Note: When enabling unattended upgrades, Docker's live restore is enabled. This can lead to downtimes.

Description of parameters

# {$1} - Apt Config File. Name of the apt config file which defines the behaviour of the unattended upgrades.
# {$2} - Update-Period. Interval for unattended updates in days (0=disabled).
# {$3} - Origin-flag. If this value is true, the system just uses the security origin.
# {$4} - Reboot-flag. If this value is true, the system does a reboot on an successful update.
# {$5} - Reboot time. Specifies the time when the system should reboot. If the value is unset, it reboots instantly.
#        Format: HH:MM
# {$6} - Mail on error. If this value is set, the mail notification is only send when an error occurred.
# {$7} - Mail recipient. If this value is set, the mail notification is active and sends mails to this address.
# {$8} - Mail sender. Configures a sender mail address.
# {$9} - Mail server address. IP with Port.

Examples

  • Deactivation

    /activateUnattendedUpgrades.sh /etc/apt/apt.conf.d/99_disable_periodic_update 0
  • Activation with reboot at 2 a.m. and emailing

    /activateUnattendedUpgrades.sh /etc/apt/apt.conf.d/99_disable_periodic_update 7 true true "02:00" false "sender@ces.com" "recipient1@ces.com,recipient2@ces.com"
  • Activation without reboot with emailing

    /activateUnattendedUpgrades.sh /etc/apt/apt.conf.d/99_disable_periodic_update 7 true false "" false "sender@ces.com" "recipient1@ces.com,recipient2@ces.com"