[Bug 1906364] Re: unattended-upgrade still restarts blacklisted daemons
sascha arthur
1906364 at bugs.launchpad.net
Tue Dec 1 09:38:26 UTC 2020
Sorry but im not really on your side here and it also doesnt really
solve the problem.
I added docker.io to the blacklist because i want to take care manually
about the upgrades, it should leave in any case this package alone.
Adding here dependencies (containerd) for the packages will never solve
the issue, also i have to maintain this list, because dependencies (at
least in theorie) could change over time.
Just to prevent docker.io from restart i have to add a huge set of
packages (out of the list here
https://packages.ubuntu.com/focal/docker.io) to prevent it from
updating.
On top i have to go through all of the first level packages, to check if
it has dependencies on the next level, because those could trigger a
restart of the first level package, which will chain on the package
which i try to prevent.
As far as i get it currently, if unattended-upgrades is not considering
dependencies of blacklisted packages, theres no way except building an
incredibly huge list of packages which you dont want to update, and
regulary recalculate this list, because of maybe changed dependencies..
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to unattended-upgrades in Ubuntu.
https://bugs.launchpad.net/bugs/1906364
Title:
unattended-upgrade still restarts blacklisted daemons
Status in containerd package in Ubuntu:
New
Status in docker.io package in Ubuntu:
New
Status in unattended-upgrades package in Ubuntu:
Won't Fix
Bug description:
Hello,
Today plenty of our systems running ubuntu 20.04 were restarting the
docker daemon, even if i blacklisted the docker package. Since docker
has an dependency on containerd thats the reason why it was restarted.
IMO the blacklist should also check the full tree of dependencies...
This should NOT happen!
From the log you find:
2020-12-01 06:40:13,881 INFO Starting unattended upgrades script
2020-12-01 06:40:13,882 INFO Allowed origins are: o=Ubuntu,a=focal, o=Ubuntu,a=focal-security, o=UbuntuESMApps,a=focal-apps-security, o=UbuntuESM,a=focal-infra-security
2020-12-01 06:40:13,882 INFO Initial blacklist: docker docker.io
2020-12-01 06:40:13,882 INFO Initial whitelist (not strict):
2020-12-01 06:40:19,139 INFO Packages that will be upgraded: containerd qemu-block-extra qemu-kvm qemu-system-common qemu-system-data qemu-system-gui qemu-system-x86 qemu-utils
2020-12-01 06:40:19,140 INFO Writing dpkg log to /var/log/unattended-upgrades/unattended-upgrades-dpkg.log
2020-12-01 06:40:46,996 INFO All upgrades installed
2020-12-01 06:40:50,732 INFO Starting unattended upgrades script
2020-12-01 06:40:50,732 INFO Allowed origins are: o=Ubuntu,a=focal, o=Ubuntu,a=focal-security, o=UbuntuESMApps,a=focal-apps-security, o=UbuntuESM,a=focal-infra-security
2020-12-01 06:40:50,733 INFO Initial blacklist: docker docker.io
2020-12-01 06:40:50,733 INFO Initial whitelist (not strict):
Also this happened for us on plenty of our servers almost at the same
(why the unattended updates are not spread over time?), which
destroyed the second time an production environment.
This is not how unattended-upgraded should be, sadly this package lost
our trust and we disable it and schedule the 'unattended updates' now
on our own.
PS: Not to say that on some servers the docker daemon did not even
restart..
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/containerd/+bug/1906364/+subscriptions
More information about the foundations-bugs
mailing list