A short introduction to cron-apt
Posted by joe on Tue 14 Jun 2005 at 01:19
I've seen cron-apt mentioned a few times here so I thought I would post a little introduction to it incase anyone was curious as to how to use it, or hadn't heard of it before.
Basically, cron-apt is a very flexible program that can manage automating apt via cron (I suppose thats how it got its name...). You can install it like so:
apt-get install cron-apt
You can configure cron-apt in the /etc/cron-apt directory and you can specify when it runs in the /etc/cron.d/cron-apt file. Personally, I just have everything set to default except for one line in /etc/cron-apt/config:
Just as it would imply, it will email me the results of the nightly run no matter what.
By default, cron-apt will only download updates -- it will not install them. I know other packages for other distributions like up2date will automatically install the updates for you, but I've learned to like this and that in the long run, automatically installing updates is a Bad Thing. Why? Well when I was experimenting with auto-installs, I ran into problems:
- Even though I told apt to say Yes to everything, it still prompted me for input on config file conflicts (was I doing something wrong?). This caused the script to hang indefinitely in the background until it was killed.
- Auto-accepting configuration changes can ruin your day. With Debian, it's fairly easy to back out of a change and hopefully you have a backup copy of the config file, but that's not the point. Good System Administration means you should never be in that position in the first place. "OK, what if I just deny all configuration changes and leave my copy?", you ask. Well, what if the upgraded program uses new syntax in its config file. Your program is now broke and you're in the exact opposite position as you were with auto-accepting.
- Just as you should always review configuration file changes, always review what packages are being installed. If you know that installing that new version of Samba will mean some extra work in other places, don't install it yet.
Bottom line: Yes, it can be very tedious to manually review each update batch -- especially if you have several servers -- but that is part of your job when you are running a server. Deal with it!
OK, with that rant done with, lets get back to cron-apt.
So right now we have cron-apt downloading updates for us every day and emailing us about them. Each morning I review the updates to see if there's anything critical that needs updated (like if I've seen a security advisory on BugTraq or something). If not, I usually wait until I have time on the weekend to do the update. If anything, the daily emails serve as a nagging reminder to update your server.
I simply run:
I do one final review and then install the packages and clean up any config file conflict during installation.
That's really it. As mentioned before, cron-apt is very flexible. If you read over the example config in /usr/share/doc/cron-apt/examples, you'll get a better understanding for this flexibility.
For example, you can specify a different package repository to download from at night than when you use apt daily on the command line. Or you can add different arguments or even use completely different programs to do the actual downloading. Out of the box, it works just fine, but if you have some weird special need, it can do it for you.
Questions, comments, and flames are more than welcomed!