An easy way to keep your Ubuntu EC2 instances up to date
Note: this tip can be applied to a lot of Linux distros, but the Ubuntu on EC2 set up is the one I’m using it on. YMMV
So I’m running some pretty stable Ubuntu instances on Amazon’s EC2. They’ve never shut down unexpectedly, and I rarely need to restart them. This means I’m rarely in the console tinkering around with software packages or worrying about software updates. I needed an easy, hands off way to make sure my instances are running the latest, greatest, and shiniest new software out there. An email every day with packages that need updated would be perfect. Enter apticron.
apticron: easy software updates
The docs on apticron are here, but here’s the gist: install apticron (sudo apt-get install apticron) and you’ll get a daily email with a list of packages that need updated. You can then install the packages yourself as you please (see below on how to automate that too), which I prefer. The daily email even contains the required upgrade commands. How easy is that?
Here’s an example email from apticron:
You’ll probably need to customize the email address that apticron sends its reports to. The file that controls that is /etc/apticron/apticron.conf.
Since the EC2 instances I launch are configured from scratch every time they’re launched, I tend to write scripts to install software like apticron. Here’s my script that installs apticron and updates the email address it uses to something more useful (automatically run at start up thanks to the wonderful runurl):
#!/bin/bash -ex export DEBIAN_FRONTEND=noninteractive # Installs apticron # apticron sends an email once a day listing packages that need updated sudo apt-get -y install apticron echo "replacing the default /etc/apticron/apticron.conf with a configured version" sudo touch /etc/apticron/apticron.conf sudo rm /etc/apticron/apticron.conf sudo touch /etc/apticron/apticron.conf echo "EMAIL=\"me@myawesomecompany.com\"" | sudo tee -a /etc/apticron/apticron.conf
(I’ll be the first to admit that my shell scripting skills could use some improvement. Suggestions welcome, but the above will get the job done.)
Oh, and I mentioned that the updates themselves can also be automated. I’m not comfortable with this yet as I’d much rather review the updates before having them applied, but if you’re interested in automatic updates, have a look at unattended-upgrades.
Happy automating!
Enjoyed this post? Click to get future articles delivered by email or get the RSS feed.
