How to interpret the output of unattended-upgrades#

In Pro Client version 27.14~, we introduced the endpoint. This endpoint is designed to provide users with an overview of the configuration and setup for unattended upgrades on the machine. The expected output follows this JSON example:

  "_schema_version": "v1",
  "data": {
    "attributes": {
      "apt_periodic_job_enabled": true,
      "package_lists_refresh_frequency_days": 1,
      "systemd_apt_timer_enabled": true,
      "unattended_upgrades_allowed_origins": [
      "unattended_upgrades_disabled_reason": null,
      "unattended_upgrades_frequency_days": 1,
      "unattended_upgrades_last_run": null,
      "unattended_upgrades_running": true
    "meta": {
      "environment_vars": [],
      "raw_config": {
        "APT::Periodic::Enable": "1",
        "APT::Periodic::Unattended-Upgrade": "1",
        "APT::Periodic::Update-Package-Lists": "1",
        "Unattended-Upgrade::Allowed-Origins": [
    "type": "UnattendedUpgradesStatus"
  "errors": [],
  "result": "success",
  "version": "27.14~16.04.1",
  "warnings": []

As we can see from this output, there is a variable named unattended_upgrades_running. That variable indicates whether unattended-upgrades is properly configured and running on the machine. The value of this field will only be true if ALL of the following prerequisites are also true:

  • apt_periodic_job_enable is “true”:

    This variable indicates whether the APT::Periodic::Enable configuration variable is turned on. If it is turned off, unattended-upgrades will not automatically run on the machine.

  • package_lists_refresh_frequency_days is non-zero:

    This variable shows the value of APT::Periodic::Package-List-Frequency. This defines the daily frequency for updating package sources in the background. If it has a zero value, this step will never happen and unattended-upgrades might not be able to install new versions of the packages.

  • systemd_apt_timer_enabled is “true”:

    This variable is true if both apt-daily.timer and apt-daily-upgrade.timer are running on the machine. These timers are the ones that control when unattended-upgrades runs. The first job, apt-daily.timer is responsible for triggering the code that downloads the latest package information on the system. The second job, apt-daily-upgrade.timer is responsible for running unattended-upgrades to download the latest version of the packages. If one of these jobs is disabled, unattended-upgrades might not work as expected.

  • unattended_upgrades_allowed_origins is not empty:

    This variable defines the origins that unattended-upgrades can use to install a package. If that list is empty, no packages can be installed and unattended-upgrades will not work as expected.

  • unattended_upgrades_frequency_days is non-zero:

    That variable shows the value of APT::Periodic::Unattended-Upgrade. This configuration defines the daily frequency for running unattended-upgrades in the background. Therefore, if it has a zero value, the command will never run.

If any of these conditions are not met, the variable unattended_upgrades_disabled_reason will contain an object explaining why unattended-upgrades is not running. For example, if package_lists_refresh_frequency_days has a zero value, we will see the following value for unattended_upgrades_disabled_reason:

    "msg": "APT::Periodic::Update-Package-Lists is turned off",
    "code": "unattended-upgrades-cfg-value-turned-off"