Self-Driving Debian
:linux::debian:December 1st, 2019
For my home server I’ve come to appreciate using it rather than maintaining it π
After replacing some parts starting over I really wanted it to be fully “self-driving” to the extent possible – primarily meaning totally unattended and automatic updates. No manual maintenance.
Automated Updates
Debian 10 “Buster” πΆ ships with the unattended-upgrades package installed out of the box, but it needs a little configuring to achieve what we want.
Namely:
- Upgrade all packages regularly (by default only certain repos / packages are)
- Reboot when necessary (kernel updates)
- Cleanup unused packages (we don’t want to clog the disk!)
The Debian wiki page for this unattended upgrades is pretty good, starting from there I’ve hacked up a basic configuration to do this.
Running the following bash snippet as root (su) will configure this:
1#!/usr/bin/env bash
2# this scipt configures debian to automatically upgrade all the things
3set -o errexit -o nounset -o pipefail
4
5# configure options for automatic updates
6cat <<EOF >/etc/apt/apt.conf.d/50unattended-upgrades
7Unattended-Upgrade::Origins-Pattern {
8 // auto-upgrade all the things
9 "origin=*";
10}
11
12// cleanup unused dependencies
13Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
14Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
15Unattended-Upgrade::Remove-Unused-Dependencies "true";
16
17// Automatically reboot when necessary, even if users are logged in
18Unattended-Upgrade::Automatic-Reboot "true";
19Unattended-Upgrade::Automatic-Reboot-WithUsers "true";
20EOF
21
22# configure upgrade interval
23cat <<EOF >/etc/apt/apt.conf.d/20auto-upgrades
24APT::Periodic::Update-Package-Lists "1";
25APT::Periodic::Download-Upgradeable-Packages "1";
26APT::Periodic::AutocleanInterval "7";
27APT::Periodic::Unattended-Upgrade "1";
28EOF
29
30# go ahead and upgrade once
31unattended-upgrade -d
Automated Everything
To achieve the rest of “self-driving” I’ve embarked on the time-honored tradition of writing a bunch of custom shell scripts to automate configuring / provisioning my setup. :bash:
None of this should be particularly surprising, but I think it bears re-iterating:
- Automate your setup. Start with a script when you go to do each install / setup task. Don’t do things manually, you’ll need to do them again someday.
- Keep data storage on it’s own disk(s) if you can. If not, at least a separate partition. You should be able to totally scrap the host OS and start over whenever you need.
- Keep your (non-secret!) configs, scripts etc. in git.
- Take notes! You’ll want them later π
Addendum
I should also note: I am not yet using Kubernetes for the initial (re)setup unlike last time. For a single-node, single-admin server in my apartment running a few simple services I expect less maintenance without it currently.
I’ll revisit this when my usage changes such that leveraging it is more favorable, or when a GKE-like upgrade experience becomes available for my lowly home usage.
The promise of my computers truly working for me still eludes me … I’ve noticed that a few computing devices manage to do this (e.g. chromecasts), but generally I still feel like I spend way too much time updatinng computers, doing their bidding.
Someday we’ll all have self-driving computing, and then us software developers can focus on making it all too complicated again π