[Bug 1686470] Re: Apt updates that are uniformly spread across all timezones, with predictable application windows

Dimitri John Ledkov launchpad at surgut.co.uk
Wed Sep 6 10:07:30 UTC 2017 

Test of  0.93.1ubuntu2.3 &  1.4.6~17.04.1 together are fine. please
release the two together.

@mikini - it is prudent from OS vendor point of view to enable and
install security updates by default, as most users neglect to set it up
themselves. unattanded-upgrades is one way to do this, but it is an
optional component of the system and many users use other means to keep
their systems secure. The constraints on randomising downloads is due to
mirror load spikes. The constraint on consistent and predicable
application of updates is due to unexpected behavior experienced by our
user base when random application of updates was in place. Overall it is
a sensible default. We do monitor crash and error rates, and that data
suggests to us that people routinely postpone upgrades or delay them. As
for key crashes we reach 90% of updates applied within 2 weeks. Thus
defaults to apply updates within a day are sensible. Please note that
adjusting .timer frequency alone will not be sufficient as apt has its
own internal timestamps too which throttle unattanded upgrades. If you
want full control of upgrades do execute / automate them in a manner
that is appropriate for your deployment. There is nothing in place that
would prevent you from doing that. Many people use other mechanisms for
upgrades, e.g. landscape.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to apt in Ubuntu.
https://bugs.launchpad.net/bugs/1686470

Title:
  Apt updates that are uniformly spread across all timezones, with
  predictable application windows

Status in apt package in Ubuntu:
  Fix Released
Status in unattended-upgrades package in Ubuntu:
  Fix Released
Status in apt source package in Xenial:
  Fix Released
Status in unattended-upgrades source package in Xenial:
  Fix Released
Status in apt source package in Yakkety:
  Won't Fix
Status in unattended-upgrades source package in Yakkety:
  Won't Fix
Status in apt source package in Zesty:
  Fix Committed
Status in unattended-upgrades source package in Zesty:
  Fix Committed
Status in apt source package in Artful:
  Fix Released
Status in unattended-upgrades source package in Artful:
  Fix Released
Status in apt package in Debian:
  Fix Released
Status in unattended-upgrades package in Debian:
  Fix Released

Bug description:
  [ Impact ]

   * unattended-upgrades are enabled by default in Ubuntu 16.04 and
  later

   * Currently the following three things happen as a monolithic event:
     - metadata updates: apt update
     - download of updates: apt upgrade --download-only
     - application of updates: apt upgrade

   * For the long running instances, all of the above happens at random
     times throughout the day.

   * If systems were poweredoff / suspended, this happens on boot /
  resume

   * End-users would like to have predictable timing, and control over when
     the updates happen.

  Considering all of the above, the following new behavior is proposed
  which should address all concerns in question. It combines all the
  desired properties from both end-user and mirror perspectives.

  [ Proposed Default Behavior ]

   * Decouple unattended-upgrades application, from apt update

   * apt update:
     - shall be a systemd timer based unit, triggered every 12h with a
       random delay of 12h, therefore executed randomly twice a day.
     - if unattened-upgrades (default on), or download-upgreadaeble-packages
       are enabled, it should result in updates being downloaded aka
       `apt upgrade --download-only`

   * unattended-upgrades:
     - shall be a separate systemd timer based unit triggered at 6am local
       time with a random delay of 1h, therefore executed between 6am and
       7am local time.

   * On boot / resume:
     - if we have missed one, or more, apt update timers,
       apt update / download upgrades / unattended-upgrade will happen in
       sequence. This may result in mirror spikes, but we do want to secure
       cold/stale-booted systems as soon as possible.

  [Test Case]

   * Run system for more than 24h, and check that apt updates were
     automatically executed twice.

   * Check that unattended upgrades were triggered to be applied at
     6am..7am window, if any.

   * Poweroff the machine over the period when apt-get update was
     scheduled, poweron and observe that apt-get update / download /
     unattended upgrade are all performed on boot.

   * Downgrade systemd to the release version of the package (from
     -security). Remove apt periodic stamp files rm /var/lib/apt/periodic/*.
     Then run 'sudo systemctl start apt-daily.service'.
     Confirm that the systemd package is downloaded, but not upgraded.

  [Regression Potential]

   * The newly proposed behavior is a mix of Pre-xenial behavior of "do
     everything at 6am..6:30am window" and the xenial+ behavior of "do
     everything at random times throughout the day". If there are specific
     deployments that rely on the previous types of behaviour they will be
     able to adjust manually the systemd timers with the overrides to be
     executed exactly as they wish; or match the .0 release behaviour that
     they prefer.

   * If timers behavior is coded wrongly the proposed behaviour might not be
     executed as intended, thus requiring further SRUs to bring us in-line
     with the great expectations.

  [Other Info]

    * Related bug reports and history:
      - bug #1615482
      - bug #1554848

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apt/+bug/1686470/+subscriptions

More information about the foundations-bugs mailing list