Re: Question on Unattended Upgrades

To: debian-user@lists.debian.org
Subject: Re: Question on Unattended Upgrades
From: Gene Heskett <gheskett@shentel.net>
Date: Wed, 13 May 2020 00:45:52 -0400
Message-id: <[🔎] 202005130045.52186.gheskett@shentel.net>
In-reply-to: <[🔎] ef62db33-f576-f3d2-5a61-cd14ecb0c4f1@comcast.net>
References: <[🔎] 202005121105.55095.gheskett@shentel.net> <[🔎] ef62db33-f576-f3d2-5a61-cd14ecb0c4f1@comcast.net>

On Tuesday 12 May 2020 22:49:48 Tom Dial wrote:

> On 5/12/20 09:05, Gene Heskett wrote:
> > On Tuesday 12 May 2020 10:30:04 Celejar wrote:
> >> On Tue, 12 May 2020 06:03:52 -0400
> >>
> >> Gene Heskett <gheskett@shentel.net> wrote:
> >>> On Tuesday 12 May 2020 05:07:04 l0f4r0@tuta.io wrote:
> >>>> Hi,
> >>>>
> >>>> 12 mai 2020 à 08:22 de keifer.bly@gmail.com:
> >>>>> Is there a way to configure it to automatically restart when a
> >>>>> package that needs to be restarted is upgraded?
> >>>>
> >>>> I think 'Unattended-Upgrade::Automatic-Reboot "true";' should do
> >>>> it in /etc/apt/apt.conf.d/50unattended-upgrades. If I were you, I
> >>>> would check /etc/apt/apt.conf.d/20auto-upgrades as well because
> >>>> those are the 2 most important configuration files for
> >>>> unattended-upgrades.
> >>>>
> >>>> Best regards,
> >>>> l0f4r0
> >>>
> >>> I can see a major disaster in the making, what if that reboot was
> >>> commanded in the middle of your nightly backup run, leaving your
> >>> backup program with a totally bogus database it cannot recover
> >>> from?
> >>
> >> That would be unfortunate - but surely a serious backup program
> >> would be designed to be robust enough that ending up "with a
> >> totally bogus database it cannot recover from" should never happen?
> >> What if you have some sort of system crash during a backup? Do you
> >> have a specific backup system in mind?
> >
> > You are trying to justify an automatic reboot, very bad idea.
> > Granted, most such would be ok, and will leave a requester popup to
> > advise the admin, doing its normal routine in the meantime.
> >
> > I happen to use amanda to backup 5 machines here, but any backup
> > suite that maintains a recovery database is going to be in deep
> > doodoo if it gets rebooted in the middle of a backup.  I probably do
> > better than most but a worst case scenario here if everything in
> > place works, would only lose me that days data because I do keep
> > separate copies of that data. But 60 days of that is 33GB, the
> > biggest single entry in my nearly 70 items long list.
>
> I don't know about Amanda other than understanding it to be a
> commercial quality backup system. In my working days as an
> administrator, my organization used HP Data Protector (now Micro
> Focus). As I recall, it had a proprietary transactional database that
> should have been up to date as of the last successfully completed file
> backups before a crash. It also, at least in our usage, backed up its
> database as the first action in a cycle, so in the worst case,
> reloading the database and rerunning the faulted backup would restore
> synchronization of the database and data. And if all else failed, I
> think there were procedures for rebuilding the database from the
> tapes. I wonder if Amanda does not provide similar features.
>
> We also did not do automatic updates, there being organizational
> requirements to test configuration changes before installing them on
> production systems.
>
> I don't consider automatic updates a very good idea, although out of
> laziness in retirement I allow automatic security updates. Unplanned
> reboots seem an even worse idea inasmuch as they occasionally will
> either fail or affect system function. (Updating without rebooting
> also may do that, of course).
>
> >>> Frankly the update shouldn't be allowed if your backup is actually
> >>> running.  So it might be safer to schedule the update and reboot
> >>> if needed before the backup starts.  That means one cron driven
> >>> script does it all in the sequence desired.
>
> With respect, I would run the backup first and schedule upgrades and
> possible reboots to follow, and perhaps depend on success of, the
> backup.
>
> Regards,
> Tom Dial
>
We are in violent agreement on that. I've never done an "automatic" 
upgrade, although apt does do a update to keep its database as to whats 
available automaticly.  The only fault with the list --upgradeable 
output is that it does not filter out what is pinned, which on the other 
4 machines here, is the kernel and its libs because its a special 
realtime built kernel for running cnc machinery.  So they don't often 
get rebooted unless something has obviously screwed the moose. X related 
stuff for instance often qualifies.  Although x development's pace has 
slowed, the gui's it makes possible hasn't.

As far as amanda's database is concerned, until the backup has been done, 
that database is effectively yesterdays, so I wrote a wrapper that 
appends that now up to date database to the just completed backup so the 
database in THAT backup is up to date.  Gives me a little more peace of 
mind.

Thanks, stay well and safe now.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>

Reply to:

References:
- Re: Question on Unattended Upgrades
  - From: Gene Heskett <gheskett@shentel.net>
- Re: Question on Unattended Upgrades
  - From: Tom Dial <tddial@comcast.net>

Prev by Date: Re: Question on Unattended Upgrades
Next by Date: Re: Smallest Usable EFI Partition?
Previous by thread: Re: Question on Unattended Upgrades
Next by thread: Re: Question on Unattended Upgrades
Index(es):
- Date
- Thread