Server maintenance / updates

What is the recommended way to keep a Trellis/Ansible provisioned server up to date with the latest packages and in particular security updates?

Can I simply add:

  - apt: update_cache=yes
  - apt: upgrade=yes

to the server.yml file? And regularly run ansible-playbook -i hosts/<environment> server.yml
Or does this conflict with the intended Trellis workflow?


Yes that would work but you should also test this on development/staging first. Package updates could obviously change their behaviour but they could also break things in Trellis. For example if a newer version changes the location of a path/file that Trellis references.

1 Like

This happened to me, actually–nginx changed some configuration and reprovisioning resulted in a white screen, so definitely test locally first.

Would love to hear how you are managing things these days @richardwilis

I’ve installed the unattended upgrades package for security upgrades on the staging and live servers sudo apt-get install unattended-upgrades. I believe you can configure it to perform automatic security updates, but I just manually run sudo unattended-upgrades -d.

Occassionally I manually update the non-security packages. First on local and staging, then on the live server.