如何配置Ubuntu无人值守升级? 手动操作实现Ubuntu自动升级技巧

一、安装无人值守升级包

sudo apt update
sudo apt install unattended-upgrades

二、基本配置

1. 主要配置文件

编辑主配置文件：

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

2. 关键配置选项

# 允许自动升级的软件源（默认已包含安全更新）
Unattended-Upgrade::Allowed-Origins {
    "${distro_id}:${distro_codename}-security";
    # 如果需要自动升级所有更新，取消以下注释：
    # "${distro_id}:${distro_codename}-updates";
    # "${distro_id}:${distro_codename}-proposed";
    # "${distro_id}:${distro_codename}-backports";
};

# 自动重启（如果需要）
# Unattended-Upgrade::Automatic-Reboot "false";
# 自动重启时间
# Unattended-Upgrade::Automatic-Reboot-Time "02:00";

# 删除不需要的依赖包
Unattended-Upgrade::Remove-Unused-Dependencies "true";

# 自动删除旧内核（建议开启）
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";

# 更新后发送邮件通知（需要安装mailutils）
# Unattended-Upgrade::Mail "admin@example.com";
# Unattended-Upgrade::MailOnlyOnError "true";

三、启用自动升级

编辑自动升级策略文件：

sudo nano /etc/apt/apt.conf.d/20auto-upgrades

添加以下内容：

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";

各项参数说明：

• Update-Package-Lists "1"：每天更新包列表（1=每天）
• Download-Upgradeable-Packages "1"：每天下载可升级包
• AutocleanInterval "7"：每7天自动清理
• Unattended-Upgrade "1"：启用无人值守升级

四、手动操作技巧

1. 测试配置

# 测试配置但不实际执行
sudo unattended-upgrades --dry-run --debug

# 手动立即执行一次升级
sudo unattended-upgrades

2. 查看日志

# 查看升级日志
cat /var/log/unattended-upgrades/unattended-upgrades.log
cat /var/log/unattended-upgrades/unattended-upgrades-dpkg.log

3. 临时禁用

# 临时禁用自动升级
sudo systemctl stop unattended-upgrades
sudo systemctl disable unattended-upgrades

# 重新启用
sudo systemctl enable unattended-upgrades
sudo systemctl start unattended-upgrades

五、高级配置选项

1. 黑白名单配置

在 /etc/apt/apt.conf.d/50unattended-upgrades 中添加：

# 黑名单（不自动升级的包）
Unattended-Upgrade::Package-Blacklist {
    "kernel";
    "mysql-server";
    "nginx";
};

# 白名单（只升级指定的包）
# Unattended-Upgrade::Package-Whitelist {
#     "openssh-server";
#     "nginx";
# };

2. 邮件通知配置

安装邮件工具并配置：

sudo apt install mailutils bsd-mailx

# 在配置文件中添加
Unattended-Upgrade::Mail "your-email@example.com";
Unattended-Upgrade::MailReport "always";  # 可选：on-change, only-on-error

六、定时任务配置

无人值守升级使用 systemd 定时器，查看状态：

# 查看定时器状态
systemctl list-timers | grep unattended

# 查看服务状态
sudo systemctl status unattended-upgrades

七、验证配置

检查配置是否生效：

# 验证配置
sudo unattended-upgrades -v

# 查看APT定时任务配置
cat /etc/cron.daily/apt-compat

注意事项

快速设置脚本

创建一键设置脚本 setup-auto-upgrade.sh：

#!/bin/bash
echo "安装unattended-upgrades..."
sudo apt update
sudo apt install -y unattended-upgrades

echo "配置自动升级..."
sudo sh -c 'cat > /etc/apt/apt.conf.d/20auto-upgrades << EOF
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
EOF'

echo "启用安全更新..."
sudo dpkg-reconfigure --priority=low unattended-upgrades

echo "配置完成！"
echo "查看状态：systemctl status unattended-upgrades"

给脚本执行权限并运行：

chmod +x setup-auto-upgrade.sh
sudo ./setup-auto-upgrade.sh

这样配置后，您的Ubuntu系统将自动处理安全更新，减少手动维护工作量，同时保持系统安全性。