Skip to main content

Apt-dater - Remote package update management

454 words·
Apt-dater Linux
Table of Contents

Administrative Server
#

Prerequisites
#

In case you don’t use a dedicated DNS server, add the DNS names from the remote hosts to the local hosts file: vi /etc/hosts

127.0.0.1 localhost

192.168.30.101  Remote-Host-1
192.168.30.102  Remote-Host-2

Setup & Config
#

Install Apt-dater on the server that is used to control the remote hosts:
sudo apt install apt-dater -y

Start and quit Apt-dater without root privileges to create the config file.
Start Apt-dater: apt-dater
Quit Apt-dater: q

Apt-dater paths:
General config: vi ~/.config/apt-dater/apt-dater.xml
Hosts config: vi ~/.config/apt-dater/hosts.xml
SSH keys path: cd ~/.config/apt-dater/sshkeys


SSH Key
#

Create a SSH keypair for the connection to the remote hosts:

mkdir -p ~/.config/apt-dater/sshkeys
ssh-keygen -f ~/.config/apt-dater/sshkeys/apt-dater-key
chmod 700 ~/.config/apt-dater/sshkeys

Change Apt-dater config vi ~/.config/apt-dater/apt-dater.xml uncomment the “[SSH]” section and change the following paramters:

SpawnAgent=true #Set to true
AddKeys=/home/ubuntu/.config/apt-dater/sshkeys/apt-dater-key:q! #Path to SSH key

It should look like this:

<ssh
    cmd="/usr/bin/ssh"
    opt-cmd-flags="-t"
    sftp-cmd="/usr/bin/sftp"
    spawn-agent="true">
    <add-key fn="/home/ubuntu/.config/apt-dater/sshkeys/apt-dater-key"/>
</ssh>

Remote Hosts
#

The Apt-dater agent is run from the user remoteupdate and can only run two commands: apt-get & needrestart

Install Agent:
sudo apt install apt-dater-host -y

If necessary install needrestart:
sudo apt install needrestart -y

Create user:

sudo adduser --home=/usr/local/lib/apt-dater-home --shell=/bin/bash --gid=65534 \
--disabled-login remoteupdate

Edit sudoes file
#

Edit sudo vi /etc/sudoers.d/apt-dater-host

Add the following lines:

Defaults:remoteupdate   env_keep=MAINTAINER 
remoteupdate    ALL=NOPASSWD: /usr/bin/apt-get,/usr/sbin/needrestart,/usr/sbin/reboot

SSH Key
#

Add SSH key from Administrative Server

sudo mkdir /usr/local/lib/apt-dater-home/.ssh 
sudo vi /usr/local/lib/apt-dater-home/.ssh/authorized_keys # Add SSH key
sudo chown -R remoteupdate:nogroup /usr/local/lib/apt-dater-home/.ssh/

Administrative Server
#

SSH Connection
#

Establish SSH connection to remote host to accept the SSH Key:
ssh -i ~/.config/apt-dater/sshkeys/apt-dater-key remoteupdate@DNS


Local Host
#

Note: In order to use Apt-dater to manage the packages on the administrative server, the same steps from the remote hosts must be done.

Establish SSH connection to local host:
slogin -i ~/.config/apt-dater/sshkeys/apt-dater-key remoteupdate@localhost


Hosts Config
#

Add the remote host to the hosts configuration file:
vi ~/.config/apt-dater/hosts.xml

  <group name="Apt-dater">
    <host name="localhost" comment="Edit ~/.config/apt-dater/hosts.xml!"/>
  </group>
  <group name="Server Group 1">
          <host name="Remote-Host-1" ssh-user="remoteupdate" comment="IP"/>
          <host name="Remote-Host-2" ssh-user="remoteupdate" comment="IP"/>
  </group>
  <group name="Server Group 2">
          <host name="Remote-Host-3" ssh-user="remoteupdate" comment="IP"/>
  </group>

Note: The remote hosts are stored in groups, the comment="IP" is optional and only used for debugging.


Apt-dater Commands
#

apt-dater Start Apt-dater
q Quit Apt-dater
q Back
? Help / Commands
Hosts
g Refresh Host
u Upgrade Host
i Install single package
m Host details
e Failure diagnostic
Tmux
c Attach Tmux Session
Strg + b + q Quit tmux session

After adding a new host the host is listed in “Unknown”, use g to check for necessary updates:

After refreshing the host it moves to “Updates pending” or “Up to date”. Use u to upgrade the packages.

Note: After an upgrade it is necessary to quit the tmux session:
Strg + b + q