Join Log in
Score:3
John Doe Smith avatar Ubuntu

Is it necessary to activate automatic reboot for unattended upgrade on a webserver?

US flag
John Doe Smith

I’m running a Ubuntu 22.04.1 LTS web server. My apps run with docker.

Is it necessary to activate automatic reboot for unattended upgrade on a web server by setting Unattended-Upgrade::Automatic-Reboot to true in /etc/apt/apt.conf.d/50unattended-upgrades?

If I don’t activate automatic reboot, the upgrades won’t apply?

Is it save to reboot a production web server?

460
1 + 4
David avatar
cn flag
David
Knowing the version of Ubuntu you are using will maybe give a better answer.
0
Reply
John Doe Smith avatar
md
John Doe Smith
@David 22.04 stable version
0
Reply
David avatar
cn flag
David
Not sure what you mean by stable version 22.04 has been considered and is stable since release. 22.04.1 is the version will the first large update applied.
0
Reply
John Doe Smith avatar
md
John Doe Smith
@David Ubuntu 22.04.1 LTS
0
Reply
Score:4
Artur Meinild avatar Ubuntu
vn flag
Artur Meinild

Disclaimer: I don't work with IT production, so this is my personal (and not purely professional) take on the subject.

There are rather few packages that require a reboot to be applied. The ones I can think of are:

  • Kernel upgrades (that are not livepatched)
  • libc6, openssl and dbus upgrades (if you know others, please let me know)

It is perfectly fine to let these packages upgrade without rebooting, and then rebooting the server whenever it's appropriate. For a production server (depending on its role), I would reboot during a service window.

I don't believe automatically rebooting a production server is ever a good idea (unless you have a fixed service window for it). For instance, I'm booting my own server every sunday night (if it's needed) - but at least I know precisely if and when it's rebooted.

If a production server is critical to operation, I would assume there is some clustering/load balancing/failover mechanism in place (in addition to a robust backup strategy) - but this is another discussion altogether.

There is also a reason professional livepatching services exist (like Canonical Livepatch, KernelCare etc.). This is exactly to prevent disruption of critical services.

+ 2
in flag
matigo
I *do* work with production servers that span across the globe and your answer is correct. Even for systems that have zero "official" maintenance window, there's nothing stopping boxes from being removed from a load balancer, restarted, and re-added
1
Reply
Artur Meinild avatar
vn flag
Artur Meinild
Thanks for the heads up!
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.