[Bug 1615482] Re: apt-daily timer runs at random hours of the day
Florian Jerusalem
1615482 at bugs.launchpad.net
Fri Nov 11 18:32:03 UTC 2016
I came to the conclusion that to manually control unattended upgrades it
currently the "easiest" (sarcasm tag on) way to only let the timer
update your package list and manually run unattended-upgrades via cron
at your desired time.
To do so:
# apt-get install unattended-upgrades update-notifier-common
# rm /etc/apt/apt.conf.d/20auto-upgrades /etc/apt/apt.conf.d/10periodic
# rm /var/log/unattended-upgrades/*
# vi /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "0";
# vi /etc/apt/apt.conf.d/local
Dpkg::Options {
"--force-confdef";
"--force-confold";
}
# vi /etc/apt/apt.conf.d/50unattended-upgrades
(Thanks to ansible-role at https://github.com/jnv/ansible-role-
unattended-upgrades)
Ubuntu:
#######
// Unattended-Upgrade::Origins-Pattern controls which packages are
// upgraded.
Unattended-Upgrade::Origins-Pattern {
"origin=Ubuntu,archive=${distro_codename}-security";
//"o=Ubuntu,a=${distro_codename}";
//"o=Ubuntu,a=${distro_codename}-updates";
//"o=Ubuntu,a=${distro_codename}-proposed-updates";
};
// List of packages to not update (regexp are supported)
Unattended-Upgrade::Package-Blacklist {
};
// Do automatic removal of new unused dependencies after the upgrade
// (equivalent to apt-get autoremove)
Unattended-Upgrade::Remove-Unused-Dependencies "true";
// Automatically reboot *WITHOUT CONFIRMATION* if a
// the file /var/run/reboot-required is found after the upgrade
//Unattended-Upgrade::Automatic-Reboot "true";
// Use apt bandwidth limit feature, this example limits the download
// speed to 70kb/sec
//Acquire::http::Dl-Limit "70";
Acquire::http::Dl-Limit "350";
Debian:
#######
// Unattended-Upgrade::Origins-Pattern controls which packages are
// upgraded.
Unattended-Upgrade::Origins-Pattern {
"origin=Debian,codename=${distro_codename},label=Debian-Security";
//"o=Debian,codename=${distro_codename},label=Debian";
//"o=Debian,codename=${distro_codename},a=proposed-updates";
};
// List of packages to not update (regexp are supported)
Unattended-Upgrade::Package-Blacklist {
};
// Do automatic removal of new unused dependencies after the upgrade
// (equivalent to apt-get autoremove)
Unattended-Upgrade::Remove-Unused-Dependencies "true";
// Automatically reboot *WITHOUT CONFIRMATION* if a
// the file /var/run/reboot-required is found after the upgrade
//Unattended-Upgrade::Automatic-Reboot "true";
// Use apt bandwidth limit feature, this example limits the download
// speed to 70kb/sec
//Acquire::http::Dl-Limit "70";
Acquire::http::Dl-Limit "350";
# vi /opt/unattended-upgrade-manual.sh
#!/bin/bash
sleep $((RANDOM \% 1800))
apt-get update
unattended-upgrade -d
apt-get -y clean
# chmod +x /opt/unattended-upgrade-manual.sh
# vi /etc/cron.d/unattended-upgrade
SHELL=/bin/bash
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
30 03 * * * root /opt/unattended-upgrade-manual.sh
Fuck the systemd-timers, fuck cron.daily - I'm in charge... :P
Improvements are welcome.
Best regards
Florian
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1615482
Title:
apt-daily timer runs at random hours of the day
Status in apt package in Ubuntu:
Triaged
Bug description:
apt, from 1.2.10 onwards (ie any version in Xenial, onwards) uses a
systemd timer instead of a cron.daily job. This is a good thing,
decoupling apt daily runs from the rest of cron, and ensuring other
cron.daily jobs are not blocked by up to half an hour by the default
settings of unattended-upgrades.
However the policy chosen is to have the apt daily script run at a
random hour of the day in a wrong headed attempt to reduce server
load. This has the side effect of running unattended-upgrades at
random hours of the day — such as business hours — rather than being
confined to between 6:25am and 6:55am, using the defaults.
A better policy would be to have the script activate at 6:00am plus an
interval of 20 minutes at one second intervals reducing the impact of
timezone population spikes, while still allowing unattended-upgrades
to run within a predictable interval, before 7am.
At the very least, some sort of note in the NEWS file detailing the
new behaviour would be welcome.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1615482/+subscriptions
More information about the foundations-bugs
mailing list