Home / server / Questions / 144368
In Process
andreas-h
Asked: 2010-05-23 04:42:39 +0800 CST

How to set up a staging apt repository to securely manage upgrades

  • 772

I would like to be able to run automatic apt-get upgrade (once per hour) on our servers (Ubuntu 10.04), so that I don't have to do it manually on all of them (about 15). However, for production machines, that's not a good idea ...

So here's my idea:

Set up a local repository for all 'approved' updates for critical packages. I would then push updated packages from upstream to our local repo after I tested them, and all servers could automatically (apt-cron?) upgrade from this repository.

So my question is this: How do I configure apt on the clients so that they use the local repository only for all packages which exist on the local repository, and the upstream one for all other packages?

Does this actually make sense? Or am I missing something?

Anyways, thanks for your insight!

Andreas.

apt repository

1 Answers

  1. I'm not an expert but I think you can do the with apt pinning.

    if you have a local repo at http://my.local.repo/ called myrepo

    then your /etc/apt/sources.list on you servers will look like this

    deb http://my.local.repo/ myrepo main contrib non-free

deb http://ftp.debian.org/debian/ stable main contrib non-free

    then in the /etc/apt/preferences will look like this

    Package: *
Pin: release a=myrepo
Pin-Priority: 700

Package: *
Pin: release a=stable
Pin-Priority: 600

    then apt will favour the packets from you local repo

    hope this make sense and/or works

    • 1