The immediate reaction when you see that your DigitalOcean packages need updates could be:

“I’m busy now, will do it later.” OR “Update can break my working apps, I will update, but not now!”

Unfortunately, these excuses can make your server a perfect target for hackers.

At Bobcares, we help cloud server owners to update the server packages as part of our Manged Cloud Services.

Today, we’ll see how our Cloud Engineers update DigitalOcean Droplets without breaking the server. Additionally, we’ll see common errors seen while updating and how we fix them.

Steps to update DigitalOcean packages

Just like any other server, updating DigitalOcean packages keep your Droplet safe from known security holes. When updates are available in the Droplets, it shows the following message.

186 packages can be updated.
119 updates are security updates.

Now, let’s see how our Cloud Engineers do this update.

1. Backup the Droplet

First and foremost, we take a backup of the Droplet. It is rather easy to restore a Droplet from backups than fix a broken Droplet. So, its really critical to have a valid backup.

2.Package update commands

To perform the package update, our Cloud Engineers login to the server as root user. We verify the working of repositories from where the files are fetched.

We then begin by updating the package list. For this, we execute:

apt-get update

Next step is to upgrade installed packages to their latest available versions. This is done by

apt-get upgrade

Upon executing this, we’ll see a list of upgrades, and we can choose how to continue.

Once it finishes, we use the dist-upgrade command. This will perform upgrades involving changing dependencies, adding or removing new packages, etc. Additionally, it will handle a set of upgrades which was not done by the upgrade command earlier.

apt-get dist-upgrade

After executing these commands, server will have all packages updated.

Common errors while package updates and their fixes

From our experience in managing cloud servers, we often get requests from customers to fix broken Droplets.

There can be many reasons for DigitalOcean package update failure. And, the error message varies in each case.

Now, let’s have a look at the top errors that we see and their fixes.

1. Conflict with package lists

Often, when doing package update, there can be conflict with package lists.

For instance, recently we found the following error in a Ubuntu Droplet.

Reading package lists... Error!
E: Encountered a section with no Package: header
E: Problem with MergeList /var/lib/apt/lists/mirrors.digitalocean.com_ubuntu_dists_trusty_universe_i18n_Translation-en%5fUS
E: The package lists or status file could not be parsed or opened.

This happened due to the problems with the package cache file in the Droplet. To fix this, our Support Engineers removed the cached package list files at /var/lib/apt/lists folder and downloaded them again. After that update worked correctly.

2. Memory shortage

Similarly, DigitalOcean package update can fail due to memory issues as well. When the server do not have enough memory, the package update process cannot function properly.

To fix this, first we find out the process consuming more memory on the server. Then, depending on the server requirement, we either stop the process or add more memory to the Droplet.

3. 404 errors when fetching packages

During package update, the files are fetched from remote location. And, sometimes we see “file not found” or 404 errors when the source files do not exist.

The error shown while package update was:

Err http://mirrors.digitalocean.com utopic-updates/restricted Sources 
404 Not Found
Err http://mirrors.digitalocean.com utopic-updates/universe Sources 
404 Not Found

Here, the requested file was not available and it was moved to a different location. To make the server update the files, we had to edit the /etc/apt/sources.list with working repository location.

4. Bad resolver configuration

Again, bad resolver configuration of Droplet can affect the package update process. Here, the error looks like:

W: Failed to fetch http://security.ubuntu.com/ubuntu/dists/trusty-security/Release.gpg Could not resolve 'security.ubuntu.com'
W: Failed to fetch http://mirrors.digitalocean.com/ubuntu/dists/trusty/Release.gpg Could not resolve 'mirrors.digitalocean.com'
W: Failed to fetch http://mirrors.digitalocean.com/ubuntu/dists/trusty-updates/Release.gpg Could not resolve 'mirrors.digitalocean.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.

In this Ubuntu Droplet, the connection to hosts like security.ubuntu.com, mirrors.digitalocean.com, etc. were failing. As a result, package download was not happening.

To fix the error, our Cloud Specialists corrected the resolver configuration by editing the file /etc/resolv.conf. And, after this, update worked perfectly.

5. Firewall blocks

Similarly, firewall blocks also can prevent the updates from happening.

Recently, a customer reported problem with updating his Droplet. When we checked, we found that server firewall was blocking all ports except 22 and 80. This blocked the package updates too.

To make the update working, our Cloud Support Engineers disabled server firewall temporarily with the command

sudo ufw disable

After that, update worked correctly. Then, we enabled the firewall on the server again.

Conclusion

For security reasons, package updates should be done on DigitalOcean Droplets promptly. Today, we’ve seen how our Cloud Engineers execute the updates without breaking the server. We also discussed the common errors that happens during update and how we fix them.