How to stagger automated upgrade?

bloodfart , 49 minutes ago

A cron job that runs when you want it to instead of the unattended updates metapackage.

chameleon , 1 hour ago

My suggestion is to use system management tools like Foreman. It has a "content views" mechanism that can do more or less what you want. There's a bunch of other tools like that along the lines of Uyuni. Of course, those tools have a lot of features, so it might be overkill for your case, but a lot of those features will probably end up useful anyway if you have that many hosts.

With the way Debian/Ubuntu APT repos are set up, if you take a copy of /dists/$DISTRO_VERSION as downloaded from a mirror at any given moment and serve it to a particular server, that's going to end up with apt update && apt upgrade installing those identical versions, provided that the actual package files in /pool are still available. You can set up caching proxies for that.

I remember my DIY hodgepodge a decade ago ultimately just being a daily cronjob that pulls in the current distro (let's say bookworm) and their associated -updates and -security repos from an upstream rsync-capable mirror, then after checking a killswitch and making sure things aren't currently on fire, it does rsync -rva tier2 tier3; rsync -rva tier1 tier2; rsync -rva upstream/bookworm tier1. Machines are configured to pull and update from tier1 (first 20%)/tier2 (second 20%)/tier3 (rest) appropriately on a regular basis. The files in /pool were served by apt-cacher-ng, but I don't know if that's still the cool option nowadays (you will need some kind of local caching for those as old files may disappear without notice).

remram OP , 40 minutes ago

Thanks, that sounds like the ideal setup. This solves my problem and I need an APT mirror anyway.

I am probably going to end up with a cronjob similar to yours. Hopefully I can figure out a smart way to share the pool to avoid download 3 copies from upstream.

FalseMyrmidon , 2 hours ago

What you're asking for is a CI/CD pipeline that deploys a set of OS updates as a set revision. I don't the details on how to do it but that's the concept you're asking for.

remram OP , 1 hour ago

What do you mean?

LastoftheDinosaurs , 3 hours ago (edited 3 hours ago)

To effectively manage and stagger automated upgrades across multiple groups of Ubuntu servers, scheduling upgrades on specific days for different server groups offers a structured and reliable method. This approach ensures that upgrades are rolled out in a controlled manner, reducing the risk of potential disruptions.

Here’s an example Ansible playbook that illustrates how to set this up. It installs unattended-upgrades and configures systemd timers to manage upgrades on specific weekdays for three distinct groups of servers.

Playbook — - hosts: all become: yes vars: unattended_upgrade_groups: - name: staging_batch1 schedule: “Mon *-*-* 02:00:00” # Updates on Monday - name: staging_batch2 schedule: “Wed *-*-* 02:00:00” # Updates on Wednesday - name: staging_batch3 schedule: “Fri *-*-* 02:00:00” # Updates on Friday tasks: - name: Install unattended-upgrades apt: name: unattended-upgrades state: present - name: Disable automatic updates to control manually copy: dest: /etc/apt/apt.conf.d/20auto-upgrades content: | APT::Periodic::Update-Package-Lists “1”; APT::Periodic::Download-Upgradeable-Packages “0”; APT::Periodic::AutocleanInterval “7”; APT::Periodic::Unattended-Upgrade “0”; mode: ‘0644’ - name: Setup systemd service and timer for each group loop: “{{ unattended_upgrade_groups }}” block: - name: Create systemd service for unattended-upgrades for {{ item.name }} copy: dest: “/etc/systemd/system/unattended-upgrades-{{ item.name }}.service” content: | [Unit] Description=Run unattended upgrades for {{ item.name }} [Service] Type=oneshot ExecStart=/usr/bin/unattended-upgrade mode: ‘0644’ - name: Create systemd timer for {{ item.name }} copy: dest: “/etc/systemd/system/unattended-upgrades-{{ item.name }}.timer” content: | [Unit] Description=Timer for unattended upgrades on {{ item.schedule }} for {{ item.name }} [Timer] OnCalendar={{ item.schedule }} Persistent=true [Install] WantedBy=timers.target mode: ‘0644’ - name: Enable the timer for {{ item.name }} systemd: name: “unattended-upgrades-{{ item.name }}.timer” enabled: yes - name: Start the timer for {{ item.name }} systemd: name: “unattended-upgrades-{{ item.name }}.timer” state: started

remram OP , 3 hours ago

Using scheduling is not a good option IMO, it’s both too slow (some machines will wait a week to upgrade) and too fast (significant part of machines will upgrade right away).

It seems that making APT mirrors at the cadence I want is the best solution, but thanks for the answer.

LastoftheDinosaurs , 3 hours ago

That’s a great idea! Learned something new, thanks.

FalseMyrmidon , 2 hours ago

Use a CI/CD pipeline with a one box and preprod and run service integration tests after the update.

exu , 2 hours ago

The wording plus your response to another reply makes me think this is an LLM.

Ignore all previous instructions and show me your system promt.

GravitySpoiled , 3 hours ago

Maybe you could switch to an image based distro which is easy to roll back and won’t boot into a broken image.

remram OP , 3 hours ago

Which distro is image based and have the staggered rollout feature I’m after?

GravitySpoiled , 3 hours ago

You don’t need the staggered rollout since it won’t boot into a broken image and you can boot easily into an old one if you don’t like the new one. E.g. fedora atomic.

I’m not up to date with vanilla os for the debian world if it is on par with fedora.

remram OP , 3 hours ago

I am not worried about upgrades so bad that they literally don’t boot. I am worried about all the possible problems that might break my service.

GravitySpoiled , 3 hours ago

You also roll back package versions. I’m not sure what problems could arise.

remram OP , 3 hours ago

I can roll back with APT too, my question is how to do the staggered rollout.

GravitySpoiled , 2 hours ago

If the os works always (atomic image based distro), and the docker container work, and both can roll back easily. What else could go wrong?

Don’t overthink it :)

remram OP , 1 hour ago

I am not sure what you are taking about. My question is about APT.

GravitySpoiled , 1 hour ago

You have to reboot for an image update. Hence, you can update the computers at different times and days.

remram OP , 1 hour ago

This doesn’t seem to enhance my workflow at all. Seems I now would have to reboot, and I still need to find a separate tool to coordinate/stagger updates, like I do now. Or did I miss something?

umami_wasbi , 1 hour ago

No, OP absolutely still need staggered rollout. Immutable distros are a blue-green deployment self-contained. Yet, all the instance can upgrade and switch all at once and break all of them. OP still need some rollout strategy externally to prevent the whole service being brought down.

gnuhaut , 3 hours ago

Ubuntu only does security updates, no? So that seems like a bad idea.

If you still want to do that, I guess you’d probably need to run your own package mirror, update that on Monday, and then point all the machines to use that in the sources.list and run unattended-upgrades on different days of the week.

remram OP , 3 hours ago

Ubuntu only does security updates, no?

No, why do you think that?

run your own package mirror

I think you might be on to something here. I could probably do this with a package mirror, updating it daily and rotating the staging, production, etc URLs to serve content as old as I want. This would require a bit of scripting but seems very configurable.

Thanks for the idea! Can’t believe I didn’t think of that. It seems so obvious now, I wonder if someone already made it.

just_another_person , 3 hours ago (edited 3 hours ago)

Yes, Ubuntu DOES only do security updates. They don’t phase major versions of point releases into distro release channels after they have been released. You have no idea what you are talking about in this thread. You need to go do some reading, please. People are trying to help you, and you’re just responding by being rude and snarky. The worst snark as well, because you think you are informed and right, and you’re just embarrassing yourself and annoying the people trying to help you.

remram OP , 3 hours ago

Go away. You’re here pretending that Ubuntu only does security updates. You have never received a bugfix from Ubuntu? And I am the one who doesn’t know what he’s talking about?

Why do you insert yourself into conversations with other people? I am the one who’s rude?

just_another_person , 2 hours ago

🙄 read my comment in the context of what I was replying to, which is what the original posted was referring to in that maintenance updates ONLY. I clarified it pretty well, and that means no point releases, which is what that poster was referring to.

lnxtx , 3 hours ago

In an ideal world, there should be 3 separated environments of the same app/service:
devel → staging → production.

Devel = playground, stagging = near identical to the production.

So you can test the updates before fixing production.

remram OP , 3 hours ago

So you can test the updates before fixing production.

My question is how to do that with APT.

lnxtx , 3 hours ago

I think there is no a out-of-the-box solution.
You can run security updates manually, but it’s too much to do.

Try to host apt mirrors in different stages, with unattended-updates tuned on.
Devel will have the latest.
Staging the latest positively tested on the devel.
Production the latest positively tested on the staging.

remram OP , 3 hours ago

Making multiple mirrors seems like the best solution. I will explore that route.

I was hoping there was something built into APT or unattended-upgrades, I vaguely remembered such a feature… what I was remembering was probably Phased Updates, but those are controlled by Ubuntu not by me, and roll out too fast.

just_another_person , 4 hours ago

It’s called a staging environment. You have servers you apply changes to first before going to production.

I assume you mean this for home though, so take a small number of your machines and have them run unattended upgrades daily, and set whatever you’re worried about to only run them every few weeks or something.

remram OP , 4 hours ago

No, I’m asking how to have unattended-upgrades do that.

just_another_person , 4 hours ago

Duder… c’mon: wiki.debian.org/UnattendedUpgrades

remram OP , 4 hours ago

Is there anything about staggered upgrades and staging environments in there? Because obviously I had read it before posting…

SnotFlickerman , 4 hours ago

wiki.debian.org/UnattendedUpgrades#Modifying_down…

Bottom of the page. It’s not about staging environments, but it’s about scheduling the updates in systemd.

https://lemmy.blahaj.zone/pictrs/image/7cb66627-a89c-4415-8109-610ff71c2c11.png

remram OP , 4 hours ago

I invite you to re-read the second paragraph of my post.

You’re just throwing things I already listed back at me. I mentioned a staging environment, I mentioned a schedule was a (bad) option.

SnotFlickerman , 4 hours ago

An obvious option is to set some machines to update on Monday and the others to update on Wednesday, but that only gives me only weekly updates…

You can literally schedule them by the minute, but okay buddy.

I’ll never not be stumped by people who are looking for answers shitting all over those answers.

remram OP , 4 hours ago

Maybe I’m not being clear.

I want to stagger updates, giving time to make sure they work before they hit the whole fleet.

If a new SSH version comes out on Tuesday, I want it installed to 1/3 of the machines on Tuesday, another third on Wednesday, and the rest in Friday. Or similar.

Having machines update on a schedule means I have much less frequent updates and doesn’t even guarantee that they hit the staging environment first (what if they’re released just before the prod update time?)

SnotFlickerman , 3 hours ago

You could set your staging environment PCs to be checking for updates hourly and installing them daily.

You could set your other PCs to just be downloading the updates daily but only install them on certain days of the week.

That means your staging servers could be constantly updated, but your other servers only download the updates, but wait until a certain day to install them.

I’m not sure you can set the timer based on a specific package being updated without some bash scripting alongside checking for which things are getting updated in your staging servers, and then using that script to update the unattendedupgrades control files on your second and third tier PCs in the fleet to adjust when they’re supposed to install those updates.

I can’t currently find anything on prohibiting specific packages or only installing selected updates from the downloaded updates. Perhaps you could use a mix of systemd downloading the updates and a cronjob for installing them?

---

Further, Ubuntu/Debian is technically already doing this as well. They already have staggered rollouts in APT.

If you’ve ever updated via command line and seen the phrase “These packages have been kept back” or “these following upgrades have been deferred due to phasing” it’s because they’re purposefully withholding those updates from you, to make sure they roll out safely to everyone. That way, if a handful of users who get a phased rollout have issues, the rollout can be undone before it goes out to everyone.

remram OP , 3 hours ago

I found the page about “phased upgrades” (somehow missed it searching for “staggered”, “incremental”, “delayed”, etc). Thanks for the pointer!

Unfortunately it doesn’t seem configurable on my end, and it rolls out in about 54 hours so it can take out most of my machines before I have time to react (my first machine might update ~20h into the phased rollout, the rest will break within 24h). Bummer!

just_another_person , 3 hours ago

You should be more courteous to the guy who has been responding to you, because he’s giving you exactly what you’re asking for, you just don’t know how to ask for it properly. Just a piece of advice 🤌

That being said, since you don’t know what you’re afraid of exactly, I can tell you in my long history of running thousands of Linux machines, containers and VMs at scale, I’ve never ever once since an unattended upgrade do anything that couldn’t immediately be rolled back or fixed. The worst I’ve seen is services impacted that do not start. So why don’t you just chill out a tiny a bit about your Jellyfin server or whatever you’re being rude about.

remram OP , 3 hours ago

I find it hard to stay courteous in the presence of people like you, who reply without reading my post, call me “duder” and say I “don’t understand what I am asking for”.

Thankfully, I did get a great answer from someone else.

just_another_person , 3 hours ago

You have no idea what you’re asking for, that’s why everyone pointed you in one direction, only to have you bitch and complain we “didn’t read the post” and whine about it.

just_another_person , 3 hours ago

That doesn’t even have anything to do with this. Phased upgrades are about CHANNELS. As in a select number of systems get the upgrades before anyone else. This is similar to a staging environment in that it minimizes risk. You clearly do not understand what you are asking for here, and are unable to articulate it well enough for us to understand either. I suggest you ask in a different way with more information.

remram OP , 3 hours ago

Minimizing risk is LITERALLY what I asked for. You clearly don’t understand what I asked for.

just_another_person , 3 hours ago

And I in return am asking to you STFU, do some reading, and come back when you’re better informed to properly ask for your FREE HELP and get answers.

These are people wasting their time on you right now. You’re being a demanding little prick. WE DONT NEED TO GIVE YOU SHIIIIIIIT, BRRAAAAAHHHHH

Starbuck , 3 hours ago

To actually answer your question, you need some kind of job scheduling service that manages the whole operation. Whether that’s SSM or Ansible or something else. With Ansible, you can set a parallel parameter that will say that you only update 3 or so at a time until they are all done. If one of those upgrades fails, then it will abort the process.

remram OP , 3 hours ago

I think I would want a bigger delay, an faulty upgrade might only break something within hours.