Friday, 11 July 2014

windows updates could learn a lot from the ubuntu unattended-upgrades package

I was already pretty darn impressed with the ease, and simplicity of upgrading the entire operating system. Seriously, it's as simple as one single command:

sudo do-release-upgrade

But what I now wanted, was a simple way to keep a bunch of ubuntu servers patched up with the latest upgrades. Keeping things nicely up-to-date between major releases. I toyed with some fancy, centrally managed solutions, like the ubuntu landscape offering, even puppet or chef. But ultimately, if you've only got a handful of servers; why not just go for something dead simple...

sudo apt-get install unattended-upgrades

Done. The machines will email you if they need an occasional reboot. But otherwise, they will keep themselves up-to-date, without bothering you too much.

There's a bunch of other stuff you can tweak - nicely detailed on the ubuntu wiki. For bonus points: if you plop your /etc/apt/apt.conf.d/50unattended-upgrades file into dropbox, and symlink it on each server, you can ensure all machines are using the same upgrade settings. Easy peasy...

Actually: to be fair, windows update services is pretty cool too. But for only a handful of machines, it's a bit over the top (imho).

Tuesday, 8 July 2014

howto: send emails from ubuntu server, via gmail, with 2-step verification

I've done this about 10 times over the last few years, and every single time, no matter how hard I try, I always forget something...

Fortunately, there's some nice simple instructions here: http://www.havetheknowhow.com/Configure-the-server/Install-ssmtp.html

While this guide is great, there's two little extra things you will want to check:

  • Are the messages actually being sent? Take a look at /var/log/syslog -- any problems will show up there
  • If you are getting authorization errors, and you know it's the right password -- perhaps you have 2-step verification turned on. In which case, you'll need to create a new application-specific password, and use this in the ssmtp.conf file instead.
Maybe I'll remember next time...
(unlikely)