Version 12.14.2 now available

DracoBlue

12.14.2

Fixed

Race condition causing a node.js application, when automatically started via Enhance, not to be placed into the correct control group.
Removed duplicate API call for memory usage on server management dashboard.

Enhanced

/usr/bin/composer is now checked for validity on installation of ecp-core and, if not valid, composer is re-downloaded.
Miscellaneous UI improvements.
Stricter RPC timeouts to DNS sync queue to prevent slow queue processing where some DNS servers in the cluster are offline.

presswizards

Thought I'd share how to get unattended upgrades working on Ubuntu Enhance servers:

Edit the config file, and modify it to trust/include the enhance repo:

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

Remove the Allowed-Origins lines, and replace with these lines:

Unattended-Upgrade::Origins-Pattern {
        // Ubuntu standard
        "o=Ubuntu,a=${distro_codename}";
        "o=Ubuntu,a=${distro_codename}-security";
        "o=UbuntuESMApps,a=${distro_codename}-apps-security";
        "o=UbuntuESM,a=${distro_codename}-infra-security";
        "o=Ubuntu,a=${distro_codename}-updates";
        // Enhance repo
        "o=Enhance,a=${distro_codename}";
};

Then optionally run it with --dry-run to test it:
sudo unattended-upgrade --dry-run --debug

I do this on every Enhance server and it updates automatically daily now.

Or... If you don't like using unattended-upgrades... I used to use this script and scheduled it to run twice a day via crontab. It runs apt update / apt upgrade and then if ran between 1-3am (server time) it compares the kernel running, and if needed it will send an email notification, and reboot the server for you. It is specific to vmlinuz so that part may need to be edited depending on your OS and VM etc:

# will run apt update, apt upgrade, apt autoremove
# if ran between 1am-3am (cron) it will eval kernel and if reboot needed, email and reboot

LOGFILE="/var/log/full-upgrade-reboot.log"
EMAIL="youremail@yourdomain.com"

echo "=== Upgrade started at $(date) ===" >> $LOGFILE

# Save current kernel version
OLD_KERNEL=$(uname -r)

# Update package lists and upgrade everything
apt update >> $LOGFILE 2>&1
DEBIAN_FRONTEND=noninteractive apt upgrade -y >> $LOGFILE 2>&1
apt autoremove -y >> $LOGFILE 2>&1

# Check if kernel upgraded
LATEST_KERNEL=$(ls -1 /boot/vmlinuz-* 2>/dev/null | sort -V | tail -n1)
LATEST_KERNEL=$(basename "$LATEST_KERNEL")
NEW_KERNEL=${LATEST_KERNEL#vmlinuz-}

if [ "$OLD_KERNEL" != "$NEW_KERNEL" ]; then
    echo "Kernel upgraded from: $OLD_KERNEL to: $NEW_KERNEL" >> $LOGFILE

    # Determine current hour
    CURRENT_HOUR=$(date +%H)

    # Auto-reboot window: 01:00–03:00
    if [ "$CURRENT_HOUR" -ge 1 ] && [ "$CURRENT_HOUR" -lt 3 ]; then
        echo "*** Within reboot window. Sending email and rebooting ***" >> $LOGFILE

        # Send email notification
        /usr/sbin/sendmail $EMAIL <<EOF
Subject: [Server: $(hostname)] Kernel Upgrade and Reboot
From: no-reply@$(hostname)
To: $EMAIL

Kernel upgraded on $(hostname) from $OLD_KERNEL to $NEW_KERNEL.
System is rebooting now.
EOF

        # Wait a few seconds to ensure email is sent
        sleep 15

        # Reboot the system (systemd will stop services cleanly)
        /sbin/reboot
    else
        echo "Kernel upgraded but outside reboot window. Manual reboot required." >> $LOGFILE
    fi
else
    echo "No kernel change, reboot not required." >> $LOGFILE
fi

echo "=== Upgrade finished at $(date) ===" >> $LOGFILE

nhybgtvfr

if using unattended-upgrades, i'd also recommend
cp /lib/systemd/system/apt-daily-upgrade.timer /etc/systemd/system/.

then you can edit /etc/systemd/system/apt-daily-upgrade.timer
to configure specific days/dates & times to run so that it runs on a fixed schedule

changes made to /lib/systemd/system/apt-daily-upgrade.timer can get overwritten by system updates, so copying it to /etc/systemd/system and making changes there ensures those changes will survive any service updates.

also, if you edit this file, run 'systemctl daemon-reload' to pick up any schedule changes straight away.

also, rather than directly editing 50unattended-upgrades, create a new file, eg 51unattended-upgrades
and place any differences you want from 50unattended-upgrades in here so they won't get overwritten by service updates.
you don't need to copy any settings that are already correct, only settings you want to alter, unchanged settings in 50unattended-upgrades will still be applied.