Is there any serious plan on implementing an automated upgrade?

openinternet

Let's be serious here, it's not viable to having to SSH into your server and run apt update -y && apt upgrade -y every time there is an update with Enhance.

It is very time consuming and cumbersome when you have to wait for each server to finish.

There is a thread almost two years ago Link, and I'm actually shocked this is not a priority.

Someone actually have the audacity to called this "This is normal systems admin." is utterly ridiculous.

On the roadmap page, the only thing I see related is, Ability to view versions of apt/deb packages installed on the system and to selectively update packages.. Is this it?

What is Enhance's roadmap in regards to an automated upgrade system?

net

openinternet

Very simple. Just add this to the cron and be done with it:

0 2 * * * /usr/bin/apt update -y && /usr/bin/apt upgrade -y && /usr/bin/apt autoremove -y > /var/log/apt-upgrade.log 2>&1

or with automatic reboot:

0 2 * * * /usr/bin/apt update -y && /usr/bin/apt upgrade -y && /usr/bin/apt autoremove -y && [ -f /var/run/reboot-required ] && /sbin/reboot

nhybgtvfr

why not just configure unattended-upgrades?

create eg 51unattended-upgrades (so it doesn't get overwritten by system updates to the default 50unattended-upgrades) in /etc/apt/apt.conf.d/

Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}";
        "${distro_id}:${distro_codename}-security";
        "${distro_id}:${distro_codename}-updates";
}

Unattended-Upgrade::Origins-Pattern {
        "origin=Enhance,codename=${distro_codename}";
        "origin=LiteSpeedTech,codename=${distro_codename}";
}
Unattended-Upgrade::Mail "***@****.**";
Unattended-Upgrade::MinimalSteps "true";
Unattended-Upgrade::MailReport "always";
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";

then copy /usr/lib/systemd/system/apt-daily-upgrade.timer to /etc/systemd/system/
and edit that to configure when upgrades get applied.
can also do that with apt-daily.timer as well to configure when apt update runs, but that runs often enough by default that there's little benefit in changing that one.
if you edit apt-daily-upgrade.timer in /usr/lib/systemd/system/ it will definitely get overwritten by system updates,
the copy in /etc/systemd/system/ will keep your changes

you'll get email notifications when it completes, with details of what got installed, and if a reboot is needed.
you could also configure it to reboot automatically if needed. i prefer to leave that as a manual step.

and if ssh'ing into each server and running apt update and apt upgrade is too cumbersome and time consuming for you to do for updates to enhance, how do you currently handle normal ubuntu updates, which are larger and way more frequent?

openinternet

nhybgtvfr why not just configure unattended-upgrades?

The point is that this should be included with Enhance, not a custom task you have to configure.

nhybgtvfr and if ssh'ing into each server and running apt update and apt upgrade is too cumbersome and time consuming for you to do for updates to enhance, how do you currently handle normal ubuntu updates, which are larger and way more frequent?

I think this is where the disconnect is. Some people just want to run a business and if you are paying for a product, such product should so some things at a minimum. And there are some people who just want to role play sys admins.

JohnB

openinternet I think this is where the disconnect is. Some people just want to run a business and if you are paying for a product, such product should so some things at a minimum. And there are some people who just want to role play sys admins.

Right that's called reseller hosting when you want the Enhance product but don't want to manage the servers. That's what you're looking for.

Let's be serious here, it's not viable to having to SSH into your server and run apt update -y && apt upgrade -y every time there is an update with Enhance.

Allow me to be more serious here.... If SSHing into your server's a few times a month is bothering you, you got bigger problems than not updating enhance. Like not having a sysadmin.

It is very time consuming and cumbersome when you have to wait for each server to finish.

Makes me a bit worried for your customers if there isn’t a sysadmin involved, yet you have enough customer/servers to have this issue. Please hire a sysadmin while you focus on running the business or put in the time to learn the basics before your customers get screwed.

nhybgtvfr

so, suppose enhance included an easy, non-repo way of updating itself?

would you bother ever running apt update and apt upgrade on your servers then because it's too cumbersome and time consuming and gets in the way of 'running a business'?
or would you just not install any OS updates for months/years? after all, the enhance software itself is up-to-date, so it's all good... right...

enhance provides updates via a repo, so it's easy to include it in the already built in update method in the OS, why waste time building another, completely separate update method? it's just adding complexity for no reason and something else that could go wrong.

ubuntu gives you the option, by default, to manually update whenever you're ready and able.
or you can choose to enable unattended-upgrades, and let it update itself at random times..
or you can further configure it to run on a specific schedule, so you know exactly when updates will get applied.
ubuntu leaves it under your control, to set it how you want, that's how it should be.
if you can't be bothered to set it, that's your call, don't blame others for it.

yes, some people just 'want to run a business' and part of running a business is properly configuring the tools you use. the OS is one of those tools.
if a companies attitude is that installing updates to help secure your servers is 'cumbersome' or not part of 'normal systems admin' i would not want any site i cared about hosted on that companies servers.

openinternet

nhybgtvfr would you bother ever running apt update and apt upgrade on your servers then because it's too cumbersome and time consuming and gets in the way of 'running a business'?

I think you pretty much answered your own question.

You want to role play sys admin and I'm pretty sure 90% of enhance customer don't want to.

But please, if you have nothing else to contribute other than what if this and what if that scenario. Dont post anything further. I'm not here to debate what you like to do with your free time and what you want to customize your system with.

As a paying customer of a hosting control panel in 2026, having a automated updated system is pretty a small ask.

webdig

Personally, I solved this by creating a small automated update system via cron instead of relying entirely on unattended-upgrades.

This gives me:

automatic updates;
logging;
reboot control;
automatic cleanup;
prevention of APT conflicts;
and the possibility of adding optional integrations.

In my case, I use something similar to this:

1. Create the script

sudo nano /usr/local/sbin/daily-apt-update.sh

2. Make it executable

sudo chmod +x /usr/local/sbin/daily-apt-update.sh

3. Full script

#!/usr/bin/env bash

set -Eeuo pipefail

LOGFILE="/var/log/apt-autoupdate.log"
LOCKFILE="/var/run/apt-autoupdate.lock"

log() {
    echo "[$(date '+%Y-%m-%d %H:%M:%S')] $*" | tee -a "$LOGFILE"
}

trap 'log "ERROR: Line $LINENO exited with code $?"; echo "--------------------------------------------------" >> "$LOGFILE"' ERR

# Prevent multiple executions
exec 9>"$LOCKFILE"

if ! flock -n 9; then
    log "Another execution is already running. Exiting."
    exit 0
fi

log "Starting automatic update process"

IONICE="ionice -c3"
NICE="nice -n 10"

export DEBIAN_FRONTEND=noninteractive

# Wait for APT locks
log "Checking APT locks..."

while fuser /var/lib/dpkg/lock-frontend >/dev/null 2>&1 || \
      fuser /var/lib/apt/lists/lock >/dev/null 2>&1 || \
      fuser /var/cache/apt/archives/lock >/dev/null 2>&1; do

    log "APT is locked by another process. Waiting 30 seconds..."
    sleep 30
done

log "Running: apt-get update"

$IONICE $NICE /usr/bin/apt-get update >> "$LOGFILE" 2>&1

log "Running: apt-get upgrade"

$IONICE $NICE /usr/bin/apt-get -y \
    -o Dpkg::Options::="--force-confdef" \
    -o Dpkg::Options::="--force-confold" \
    upgrade >> "$LOGFILE" 2>&1

log "Running: apt-get autoremove"

$IONICE $NICE /usr/bin/apt-get -y autoremove >> "$LOGFILE" 2>&1

log "Running: apt-get clean"

$IONICE $NICE /usr/bin/apt-get clean >> "$LOGFILE" 2>&1

# Optional example for security software updates
# security-software --update

log "Update process completed successfully."

if [ -f /var/run/reboot-required ]; then

    log "Reboot required."

    if [ -f /var/run/reboot-required.pkgs ]; then

        log "Packages requiring reboot:"

        while IFS= read -r pkg; do
            log "  - $pkg"
        done < /var/run/reboot-required.pkgs
    fi

else

    log "No reboot required."

fi

echo "--------------------------------------------------" >> "$LOGFILE"

4. Test manually

sudo /usr/local/sbin/daily-apt-update.sh

5. Check logs

sudo tail -f /var/log/apt-autoupdate.log

6. Configure cron

sudo crontab -e

Then:

# Daily updates at 03:30
30 3 * * * /usr/local/sbin/daily-apt-update.sh

# Automatic reboot at 04:30 only if required
30 4 * * * [ -f /var/run/reboot-required ] && /sbin/reboot

One important thing:

I do NOT recommend rebooting only 10 minutes after the upgrade process starts, because some upgrades can take quite a long time, especially on larger servers.

I also avoid automatically using:

apt full-upgrade

or:

apt dist-upgrade

on production servers.

I prefer sticking with:

apt upgrade

because it tends to be more predictable and safer in hosting environments.

Another important detail in my case:

I intentionally chose low-traffic hours to minimize any possible impact during heavier upgrades or reboots.

Also, since I run multiple servers, not all of them perform updates at the same time.

I stagger update schedules across different nodes to avoid:

simultaneous reboots;
I/O spikes;
excessive infrastructure load;
or maintenance happening at the same time on multiple critical services.

For example:

some servers update at 03:30;
others at 04:00;
others at 04:30;
etc.

Especially in environments with:

web nodes;
mail nodes;
DNS servers;
databases;
proxies/load balancers;

I think it is very important to avoid having the entire infrastructure entering maintenance mode simultaneously.

7. Log rotation

sudo nano /etc/logrotate.d/apt-autoupdate

Content:

/var/log/apt-autoupdate.log {
    weekly
    rotate 4
    compress
    missingok
    notifempty
    create 0640 root adm
}

This does not completely replace a centralized update management system in the panel itself, but honestly, it has worked very well for me and gives much more control over the entire process.

openinternet

webdig Personally, I solved this by creating a small automated update system via cron instead of relying entirely on unattended-upgrades.

sikmo We have ansible with semaphore UI and templates. It has all functionality we need including inviting people to help.

They are cool and all, but these customize script and update system shouldn't even be needed in the first place.

sikmo

We have ansible with semaphore UI and templates. It has all functionality we need including inviting people to help.

I doubt enhance would have this much control and logic we currently have, so personally for us this is much better as is.

JohnB

openinternet No babe.

I don't swing that way.

openinternet Or how about a concept of having the system automatically update itself?

In the amount of time you've spent on this thread you could have learned how to write the cron script to do this yourself. Or set it up properly like Zoinkies mentioned.

openinternet What worries me here is your assumptions and blanket statements. You know nothing about me and yet trying to make me sound like I don't know what you are doing.

Everything I've learned about you is from your replies here. If a resturant owner is complaining that the kitchen doesn't clean itself and that its a big pain to do it manually... I can safely assume the kitchen isn't getting cleaned well and the owner is incompetent. Especially if they keep insisting the kitchen should auto clean.

You also make comments like this:

openinternet You want to role play sys admin

openinternet what you like to do with your free time

Your attitude is basically "lol nerds wanna play in terminal but I'm a smart business man with things to do" Such arrogance.

Nickske00

I can only say, if this is something you need you didn't do your research/testing of Enhance before deciding to go with it. There are other panels on the market, maybe one of those better suits your needs.

openinternet

Nickske00 I can only say, if this is something you need you didn't do your research/testing of Enhance before deciding to go with it. There are other panels on the market, maybe one of those better suits your needs.

Automated updates should be pretty much a given in 2026 for a web hosting control panel, no?

openinternet

JohnB Right that's called reseller hosting when you want the Enhance product but don't want to manage the servers. That's what you're looking for.

No babe.

JohnB Allow me to be more serious here.... If SSHing into your server's a few times a month is bothering you, you got bigger problems than not updating enhance. Like not having a sysadmin.

Or how about a concept of having the system automatically update itself?

JohnB Makes me a bit worried for your customers if there isn’t a sysadmin involved, yet you have enough customer/servers to have this issue. Please hire a sysadmin while you focus on running the business or put in the time to learn the basics before your customers get screwed.

What worries me here is your assumptions and blanket statements. You know nothing about me and yet trying to make me sound like I don't know what you are doing.

Buddy, get a grip.

openinternet

net Very simple. Just add this to the cron and be done with it:

0 2 * * * /usr/bin/apt update -y && /usr/bin/apt upgrade -y && /usr/bin/apt autoremove -y > /var/log/apt-upgrade.log 2>&1

or with automatic reboot:

0 2 * * * /usr/bin/apt update -y && /usr/bin/apt upgrade -y && /usr/bin/apt autoremove -y && [ -f /var/run/reboot-required ] && /sbin/reboot

The issue here isn't about how easy or hard it is.

Once again, is this not something Enhance should have as an option. If you don't want to use it that's fine. Have a toggle to do "Manual Updates" only, right?

slimx

It is super easy, but i understand what OP is saying. THE OLD ENHANCE had a built in updater in the panel lol. I dont get why new one doesnt

Kosta

I have an app (noc, SIEM, , observability, status page platform)
That emails me when enhance release new update and I click on my email button respond and allow update then my app does setting maintenance window for hosts and sets automatically the update at the scheduled time… easy as that one email notification and boom server self update at 02:00 while I am sleeping.
Same with kernels…
Many features you all need…! As NOC platform not into Enhance

Soon I will offer it as product so you can all enjoy it, and relax any one will be able to install and set with couple clicks…

Nickske00

Look, Enhance is just an apt package. Like others have pointed out you can automate this in a lot of ways, not sure why you are going so crazy about this.

openinternet

Nickske00 Look, Enhance is just an apt package. Like others have pointed out you can automate this in a lot of ways, not sure why you are going so crazy about this.

Sigh, you are still missing the point.

The question isn't whether I can or cannot personally automate this.

But to counter-argue your point, if it's as easy as "just an apt package". Why can't Enhance add this and then add an toggle to do automated or manual? And if they did, are you still going to stick with Manual only?

Please....

Nickske00

Can be. But it starts with this, then the complaints start coming in (probably from you too):

I do not want the updater to run during these timeframes
I do not want the updater to run on day x
I do not want the updater to install updates immediately, but wait a week
I want it to wait two weeks
I want it to...

openinternet

Nickske00 Can be. But it starts with this, then the complaints start coming in (probably from you too):
I do not want the updater to run during these timeframes
I do not want the updater to run on day x
I do not want the updater to install updates immediately, but wait a week
I want it to wait two weeks
I want it to...

There you go! I knew you'd see the light.

The point I'm bringing up here is a bunch of you aren't willing to allow a product to be better to push for the developer to integrate something that is pretty integral for a functional system.

Instead bunch of old head sys admins just wanna keep doing what they've been told.

Or are you trying to imply having an automated option would be somehow bad to Enhance? Is there something wrong having a scheduler?

I've never heard someone say, "This is a great product because it doesn't have XYZ function"