blog:remote_debian_updates_using_apt-dater

Remote debian updates using apt-dater

Apt-dater is a relatively new utility that allows easy package management of multiple Debian servers from a central control server. I wrote up the necessary steps below, as the existing instructions (http://www.ibh.de/apt-dater/) are slightly unclear on a couple of things.

We run Debian stable (currently lenny) on many servers. Apt-dater is new enough that it is currently only available via the lenny-backports repository. (NB: in what follows I assume knowledge of basic package management and ssh configuration. Help with both of these is widely available on the 'Net.)

enable the lenny-backports repository

#lenny backports
deb http://www.backports.org/debian lenny-backports main

add the backports repo key

apt-get update; apt-get install debian-backports-keyring; apt-get update;

install apt-dater

apt-get install apt-dater

generate an ssh key for the apt-dater control user

ssh-keygen -t rsa

configure apt-dater (config files are located in ~/.config/apt-dater by default; running apt-dater as the apt-dater user will generate them in the correct location)

in apt-dater.conf, add the options that allow ssh-agent to use your ssh key (modify for your username and keyfile, of course):

SpawnAgent=true    
AddKeys=/home/apt-dater/.ssh/id_rsa

in hosts.conf, create host groups and hosts as desired

enable the lenny-backports repository and install the repo key (as above)

install the apt-dater host program

apt-get install apt-dater-host

create a user account to run the apt-dater commands (the following assumes the user is called 'apt-dater')

  copy the public key from the control server user to the apt-dater user's ~/.ssh/authorized_keys file
  give the apt-date user password-less sudo access to the required privileged commands by adding the following to sudoers
# apt-dater remote updates
apt-dater ALL=NOPASSWD: /usr/bin/apt-get, /usr/bin/aptitude

If you have just added a new host and have not connected to it via ssh before, either ssh directly to the host to accept its host key before starting apt-dater or use 'c' to connect to the host from within apt-dater.

Once your ssh connection works, you should be able to run apt-dater and see the hosts grouped according to your setup in hosts.conf. Refresh the status report on a given host or group of hosts by hitting 'g'; update using 'u'. The '?' key gives you a full list of commands.

Using apt-dater you can install or update individual packages or all packages for individual hosts or groups of hosts. I've just started working with it, but it promises to make my job of staying on top of 10+ Debian servers a whole lot easier.

Ref:

~~LINKBACK~~ ~~DISCUSSION~~

  • blog/remote_debian_updates_using_apt-dater.txt
  • Last modified: 2011/10/01 17:45
  • by brb