9 months ago

Forge & Digital Ocean - package updates

Posted 9 months ago by jan_zikmund

Hi, everytime I log to my Forge server, I am greeted with the message like: 150 packages can be updated ,1 update is a security update, so I am wondering how to address this.

On Digital Ocean, they recommend quite complex procedure with shutting the server down, making a snapshot while switched off, then switch back on and do sudo apt-update and sudo apt-upgrade.

I've been reading how often people usually do this and seems like often they do it even several times a week, which would be quite annoying if done always this way. Plus we also have production data there, so we obviously don't want to have outages that often. So what I am generally wondering is:

  1. How often shall I update server packages to have some compromise between security and downtime?
  2. Is it generally safe to avoid the Digital Ocean recommended switch off & snapshot before each update? I reckon Ubuntu must be pretty solid here and must run its updates even on hosts where this snapshots feature doesn't exist, so I think it is mostly DO covering themselves and recommending the most secure way, while it is not really necessary?
  3. Is it safe to let CRON do this, eg. once a week at 2am? Or shall I rather do it manually? Perhaps make an alias to to call apt-update && apt-upgrade && reboot , and call it myself?

Thanks a lot

Please sign in or create an account to participate in this conversation.