Automatic periodic upgrades as part of the base layer

Stuart Bishop stuart.bishop at canonical.com
Tue Mar 8 10:08:12 UTC 2016


On 8 March 2016 at 05:24, Marco Ceppi <marco.ceppi at canonical.com> wrote:
> This is definitely more an operator decision than a charm decision. There
> are two existing charms to address this. An unattended-upgrades charm and
> landscape-client. Check those out first to see if the fit your needs.
>
> Marco

I've been toying with the idea of a package upgrade action in the apt
layer. It would unhold held packages if necessary, set state giving
your handlers the opportunity for pre/post upgrade hooks (like
shutting daemons down and restarting them), run apt-get dist-upgrade,
and rehold packages if necessary. This would require implementing
action support into charms.reactive, which has been discussed a bit on
github.

Landscape takes care of most day to day updates, but the most
important packages tend to get held to ensure unattended upgrades
don't take down the service.



> On Mon, Mar 7, 2016, 5:16 PM Mark Shuttleworth <mark at ubuntu.com> wrote:
>>
>> On 07/03/16 13:29, Merlijn Sebrechts wrote:
>> > What is your experience with upgrades. Do they have a tendency to break
>> > things? Should this be enabled by default, added in as a configurable
>> > switch or not added at all?
>>
>> In 16.04, if unattended-upgrades is installed you will by default get
>> security updates automatically and can opt in to additional updates.
>> Common practice is just to turn them on, with some percentage of
>> machines also enabling the "proposed" pocket (where stuff goes before it
>> gets to the updates pocket). Machines with "proposed" act as canaries
>> for incoming updates. Security tends to land hard and fast because,
>> well, security, but then it gets a lot more QA and the changes are
>> generally tiny.
>>
>> Mark

-- 
Stuart Bishop <stuart.bishop at canonical.com>



More information about the Juju mailing list