Table of Contents
Remote debian updates using apt-dater
Apt-dater is a relatively new utility that allows easy package management of multiple Debian servers from a central control server. I wrote up the necessary steps below, as the existing instructions (http://www.ibh.de/apt-dater/) are slightly unclear on a couple of things.
We run Debian stable (currently lenny) on many servers. Apt-dater is new enough that it is currently only available via the lenny-backports repository. (NB: in what follows I assume knowledge of basic package management and ssh configuration. Help with both of these is widely available on the 'Net.)
On the apt-dater control server:
enable the lenny-backports repository
#lenny backports deb http://www.backports.org/debian lenny-backports main
add the backports repo key
apt-get update; apt-get install debian-backports-keyring; apt-get update;
install apt-dater
apt-get install apt-dater
generate an ssh key for the apt-dater control user
ssh-keygen -t rsa
configure apt-dater (config files are located in ~/.config/apt-dater by default; running apt-dater as the apt-dater user will generate them in the correct location)
in apt-dater.conf, add the options that allow ssh-agent to use your ssh key (modify for your username and keyfile, of course):
SpawnAgent=true AddKeys=/home/apt-dater/.ssh/id_rsa
in hosts.conf, create host groups and hosts as desired
On the remote machines:
enable the lenny-backports repository and install the repo key (as above)
install the apt-dater host program
apt-get install apt-dater-host
create a user account to run the apt-dater commands (the following assumes the user is called 'apt-dater')
copy the public key from the control server user to the apt-dater user's ~/.ssh/authorized_keys file give the apt-date user password-less sudo access to the required privileged commands by adding the following to sudoers
# apt-dater remote updates apt-dater ALL=NOPASSWD: /usr/bin/apt-get, /usr/bin/aptitude
The magic happens
If you have just added a new host and have not connected to it via ssh before, either ssh directly to the host to accept its host key before starting apt-dater or use 'c' to connect to the host from within apt-dater.
Once your ssh connection works, you should be able to run apt-dater and see the hosts grouped according to your setup in hosts.conf. Refresh the status report on a given host or group of hosts by hitting 'g'; update using 'u'. The '?' key gives you a full list of commands.
Using apt-dater you can install or update individual packages or all packages for individual hosts or groups of hosts. I've just started working with it, but it promises to make my job of staying on top of 10+ Debian servers a whole lot easier.
Ref:
- apt-dater: http://www.ibh.de/apt-dater/
- debian-backports instructions: http://backports.org/dokuwiki/doku.php?id=instructions
- setting up ssh keys: http://www.debianhelp.org/node/1198
~~LINKBACK~~
Discussion