Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

You are not....it's Ubuntu.

Not Linux, not Debian, Ubuntu.

Debian (provided you don't just dump a bunch of 3rd party repos) just upgrades cleanly, we have hundreds of servers that just run unattended-upgrade and get upgraded to new Debian version every 2 years.

The few Ubuntus we had had more problems.



I used to have this Debian box (which was a PowerMac G4) in my hallway. It had a 1000+ day uptime, back when this kind of uptime was still cool, or at least I thought it was. At some point it was two major versions behind, and I decided to dist-upgrade it. To my amazement, the upgrade went flawlessly, and the system booted without problems afterward. Debian is just great like that.


How to upgrade Debian unattended if it's not a rolling release


Not the Grand Poster, but we use the Debian package "unattended-upgrades" to install security updates automatically on our servers, and send an email if a reboot is required to complete the process (kernel upgrade).

Unattended upgrades could be configured to install more than the security release. Even with the stable release, one can add the official APT source for the Debian backports.


Back to OpenBSD... realize that it has no "unattended upgrades" capability. Until syspatch(8) appeared in 6.x you had to download patches and rebuild kernel and userland to get security fixes. Today, you could run syspatch(8) in a cron job but that only covers the base system. You'd need to handle any installed packages separately. And only the current and immediately previous release are supported at all. There are two releases a year, so you have to upgrade every ~6 months to stay in the support window.

Fortunately, with the introduction of the syspatch(8) and sysupgrade(8) utilities this is much simpler than it used to be. And, release numbers are just sequential with one point number, i.e. 7.0 was just the next release after 6.9, nothing more is implied by the "major" number ticking up.


Just curious, how do you manage service restarts, just restart as the update finishes?

I think I’m a bit scarred when a docker upgrade took my entire stack down because of an api mismatch with portainer, so I’m trying to be present during upgrades.

Edit: I’m talking about Debian of course. I’m not familiar with OpenBSD.


Use needrestart, you can mostly automate those restarts with it.


Debian still has security fixes, and point releases. unattended-upgrades is the package that automates their install.

I think you can also do unattended release upgrades by using the 'stable' release alias in sources. That will probably result in some stuff breaking since there will be package and configuration churn.


In case you are talking about automated upgrades between releases, there are some ideas for that here:

https://wiki.debian.org/AutomatedUpgrade

It is feasible to do if you prepare ahead of time, and you can even do automated offline upgrades with apt-offline and some scripting.


I use unattended-upgrades with Debian's rolling release (aka testing).

Mostly works fine apart from bugs in unattended-upgrades, or when my boot partition runs out of disk.


Maybe they run Debian Testing. Testing and Unstable (sid) are rolling, and the stable release cut from the testing branch (through some process)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: