[Bug 1897778] Re: DistUpgradeController to release apt lock during PostInstallScripts
Chad Smith
1897778 at bugs.launchpad.net
Sat Oct 10 02:40:30 UTC 2020
SRU validation do-release-upgrade bionic to focal where UA-Tools
"Upgrade LTS contract" performs apt operations without retries/errors on
apt lock during runPostInstall
** Description changed:
- === Begin SRU Template ===
- [Impact]
-
- Any Ubuntu Advantage apt-based service is enbled via a PPA. If those PPAs are not listed as valid mirrors in mirrors.cfg the PPAs get disabled across upgrade.
+ === Begin SRU Template ===
+ [Impact]
+
+ Any Ubuntu Advantage apt-based service is enbled via a PPA. If those
+ PPAs are not listed as valid mirrors in mirrors.cfg the PPAs get
+ disabled across upgrade.
UA-client has a script which will enable those PPAs across upgrade path,
but needs the apt cache lock released during runPostInstallScripts.
Validate Ubuntu Advantage apt access is retained across do-release-
upgrade path so customers to not lose access to security updates after
performing an upgrade.
-
- [Test Case]
-
+ [Test Case]
#!/bin/bash
-
- """
- SRU Verification ubuntu-release-upgrader + ubuntu=advantage-tools
-
- Test procedure:
- - launch container Trusty, Xenial or Bionic
- - Attach container to UA subscription (which activates a number of commerical PPAs
- - download and run -proposed ubuntu-release-upgrader tool for upgrade release
- - Assert successful upgrade
- - Confirm valid mirrors not disabled
- - Confirm third party non-commercial PPA URLs still disabled
- - Confirm third party UA commercial URLs still disabled
- (due to expected feature gap)
- - Confirm UA status reports esm-infra still disabled (known feature gap)
- """
+ #
+ # SRU Verification ubuntu-release-upgrader + ubuntu=advantage-tools
+ # Test procedure:
+ # - launch container Trusty, Xenial or Bionic
+ # - Attach container to UA subscription (which activates a number of commerical PPAs
+ # - download and run -proposed ubuntu-release-upgrader tool for upgrade release
+ # - Assert successful upgrade
+ # - Confirm valid mirrors not disabled
+ # - Confirm third party non-commercial PPA URLs still disabled
+ # - Confirm third party UA commercial URLs still disabled
+ # (due to expected feature gap)
+ # - Confirm UA status reports esm-infra still disabled (known feature gap)
set -ex
UA_TOKEN=$1
if [ -z "$1" ]; then
echo "Usage: $0 <contractTOKEN>"
exit 1
fi
+ # sources:
+ # ua.proposed:
+ # source: deb http://ppa.launchpad.net/ua-client/proposed/ubuntu \$RELEASE main
+ # keyid: 6E34E7116C0BC933
cat > test-uru.yaml <<EOF
#cloud-config
package_update: true
package_upgrade: true
+ apt:
apt_sources:
- source: "deb http://ppa.launchpad.net/ua-client/proposed/ubuntu trusty main"
- apt:
- sources:
- ua.proposed:
- source: deb http://ppa.launchpad.net/ua-client/proposed/ubuntu \$RELEASE main
+ keyid: 6E34E7116C0BC933
EOF
# ua.list:
# source: deb http://ppa.launchpad.net/canonical-server/ua-client-daily/ubuntu \$RELEASE main
# keyid: 94E187AD53A59D1847E4880F8A295C4FB8B190B7
cat > checkaptpolicy.sh <<EOF
#!/bin/bash
set -x
RELEASE=\`lsb_release -sc\`
echo -n "Current release: $RELEASE"
echo "Assert no disabled valid mirrors in /eta/apt/sources.list"
! grep disable /etc/apt/sources.list || echo "FAILURE: found disabled valid mirror urls"
echo "Checking commercial Ubuntu Advantage PPAs apt policy and config"
apt-cache policy | grep esm.ubuntu.com
for file in \`ls /etc/apt/sources.list.d/ubuntu-*.list\`; do
echo "--- file: \${file}"
cat \${file}
done
EOF
chmod 755 checkaptpolicy.sh
declare -A NEXTDIST=( [bionic]=focal [xenial]=bionic [trusty]=xenial )
+ wait_for_boot() {
+ local vm=$1 release=$2
+ echo "--- Wait for cloud-init to finish"
+ if [ "${release}" = "trusty" ]; then
+ while [ "N 2" != "$(lxc exec ${vm} -- runlevel)" ]; do
+ echo "waiting on runlevel 2"
+ sleep 5
+ done
+ status=$(lxc exec ${vm} -- test -f /var/run/cloud-init/result.json && echo "done" || echo "running" )
+ while [ "done" != "${status}" ]; do
+ status=$(lxc exec ${vm} -- test -f /var/run/cloud-init/result.json && echo "done" || echo "running" )
+ echo -n '.'
+ sleep 5
+ done
+
+ else
+ lxc exec ${vm} -- cloud-init status --wait --long
+ fi
+ }
+
for release in trusty; do
vm=test-sru-$release
echo "--- Launch cloud-init with ${release}-proposed enabled"
- #lxc launch ubuntu-daily:${release} ${vm} -c user.user-data="$(cat test-uru.yaml)"
- #lxc launch daily:$release -n $vm --cloud-init test-uru.yaml
+ lxc launch ubuntu-daily:${release} ${vm} -c user.user-data="$(cat test-uru.yaml)"
upgraderelease=${NEXTDIST[$release]}
- echo "--- Wait for cloud-init to finish"
- if [ "${release}" = "trusty" ]; then
- while [ "N 2" != "$(lxc exec ${vm} -- runlevel)" ]; do
- echo "waiting on runlevel 2"
- sleep 5
- done
- else
- lxc exec ${vm} -- cloud-init status --wait --long
- fi
+ wait_for_boot ${vm} ${release}
echo "--- Attach Ubuntu-Advantage and enable services"
- lxc exec ${vm} -- sudo ua attach ${UA_TOKEN}
- lxc exec ${vm} -- sudo ua status | tee ua-status.orig
+ lxc exec ${vm} -- ua attach ${UA_TOKEN}
+ lxc exec ${vm} -- ua status --wait | tee ua-status.orig
lxc file push checkaptpolicy.sh ${vm}/
- lxc exec ${vm} -- /checkaptpolicy.sh
+ lxc exec ${vm} -- /checkaptpolicy.sh > policy.orig
lxc exec ${vm} -- wget http://archive.ubuntu.com/ubuntu/dists/$upgraderelease-proposed/main/dist-upgrader-all/current/$upgraderelease.tar.gz
lxc exec ${vm} -- tar xzvf $upgraderelease.tar.gz
- #lxc exec ${vm} -- wget https://git.launchpad.net/~chad.smith/ubuntu/+source/ubuntu-release-upgrader/plain/DistUpgrade/DistUpgradeController.py?h=uru-xenial-ubuntu-advantage -O DistUpgradeController.py
- #lxc exec ${vm} -- wget https://git.launchpad.net/~chad.smith/ubuntu/+source/ubuntu-release-upgrader/plain/data/mirrors.cfg?h=uru-xenial-ubuntu-advantage -O mirrors.cfg
+ echo "--- Add proposed PPA to valid mirrors to exercise ua-tools do-release-upgrade"
+ lxc file pull ${vm}/root/mirrors.cfg .
+ sed -i 's/stable/proposed/' mirrors.cfg
+ lxc file push mirrors.cfg ${vm}/root/
+ lxc exec ${vm} -- /root/$upgraderelease --datadir=/root --frontend DistUpgradeViewNonInteractive
+ lxc exec ${vm} -- reboot || true
+ wait_for_boot ${vm} ${upgraderelease}
echo "--- Validate UA APT sources after upgrade"
- lxc exec ${vm} -- /checkaptpolicy.sh
- echo "--- Ensure UA status reports ESM enabled"
- lxc exec ${vm} -- sudo ua status | tee ua-status.upgrade
- echo "--- Expect no diffs in original and upgrade status"
+ lxc exec ${vm} -- /checkaptpolicy.sh > policy.upgrade
+ lxc exec test-sru-bionic grep disable /etc/apt/sources.list && "FAILURE: valid mirrors got disabled" || echo "SUCCESS: no valid mirrors disabled"
+ echo "--- Ensure UA status reports ESM disabled due to pending RT"
+ lxc exec ${vm} -- ua status --wait | tee ua-status.upgrade
+ egrep 'esm-infra.*disabled' ua-status.upgrade || echo "FAILURE: unexpected enabled esm-infra"
+ echo "--- Expect disable reason to be no Release file in esm PPA"
+ lxc exec test-sru-bionic grep disable /var/log/dist-upgrade/main.log || echo "FAILURE: didn't find disabled update logs for esm"
+ echo "--- Expect disabled esm-infra in diffs from original and upgrade status"
diff -urN ua-status.orig ua-status.upgrade
done
- [Regression Potential]
- None as UA support is not yet officially introduced in Xenial or later. Customers currently have to manually re-enable apt config across upgrades.
+ [Regression Potential]
+ None as UA support is not yet officially introduced in Xenial or later.
+ This patch only allows anyone currently overriding PostUpgradeScripts in DistUpgrade.cfg to perform apt update|install operations, which were previously prohibited due to apt lock.
=== End SRU Template ===
-
==== Original Description ===
In order for custom PostInstallScript to add/remove apt packages and
call apt update, DistUpgradecontroller needs to release the apt cache
directory lock before that stage.
If the lock is still in place,
DistUpgradeController.runPostUpgradeScripts hits errors such as:
E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)
E: Unable to lock directory /var/lib/apt/lists/
** Attachment added: "uru-upgrade-to-focal-sru.log"
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1897778/+attachment/5420256/+files/uru-upgrade-to-focal-sru.log
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-release-upgrader in
Ubuntu.
https://bugs.launchpad.net/bugs/1897778
Title:
DistUpgradeController to release apt lock during PostInstallScripts
Status in ubuntu-release-upgrader package in Ubuntu:
Fix Released
Status in ubuntu-release-upgrader source package in Xenial:
Fix Committed
Status in ubuntu-release-upgrader source package in Bionic:
Fix Committed
Status in ubuntu-release-upgrader source package in Focal:
Fix Committed
Bug description:
=== Begin SRU Template ===
[Impact]
Any Ubuntu Advantage apt-based service is enbled via a PPA. If those
PPAs are not listed as valid mirrors in mirrors.cfg the PPAs get
disabled across upgrade.
UA-client has a script which will enable those PPAs across upgrade
path, but needs the apt cache lock released during
runPostInstallScripts.
Validate Ubuntu Advantage apt access is retained across do-release-
upgrade path so customers to not lose access to security updates after
performing an upgrade.
[Test Case]
#!/bin/bash
#
# SRU Verification ubuntu-release-upgrader + ubuntu=advantage-tools
# Test procedure:
# - launch container Trusty, Xenial or Bionic
# - Attach container to UA subscription (which activates a number of commerical PPAs
# - download and run -proposed ubuntu-release-upgrader tool for upgrade release
# - Assert successful upgrade
# - Confirm valid mirrors not disabled
# - Confirm third party non-commercial PPA URLs still disabled
# - Confirm third party UA commercial URLs still disabled
# (due to expected feature gap)
# - Confirm UA status reports esm-infra still disabled (known feature gap)
set -ex
UA_TOKEN=$1
if [ -z "$1" ]; then
echo "Usage: $0 <contractTOKEN>"
exit 1
fi
# sources:
# ua.proposed:
# source: deb http://ppa.launchpad.net/ua-client/proposed/ubuntu \$RELEASE main
# keyid: 6E34E7116C0BC933
cat > test-uru.yaml <<EOF
#cloud-config
package_update: true
package_upgrade: true
apt:
apt_sources:
- source: "deb http://ppa.launchpad.net/ua-client/proposed/ubuntu trusty main"
keyid: 6E34E7116C0BC933
EOF
# ua.list:
# source: deb http://ppa.launchpad.net/canonical-server/ua-client-daily/ubuntu \$RELEASE main
# keyid: 94E187AD53A59D1847E4880F8A295C4FB8B190B7
cat > checkaptpolicy.sh <<EOF
#!/bin/bash
set -x
RELEASE=\`lsb_release -sc\`
echo -n "Current release: $RELEASE"
echo "Assert no disabled valid mirrors in /eta/apt/sources.list"
! grep disable /etc/apt/sources.list || echo "FAILURE: found disabled valid mirror urls"
echo "Checking commercial Ubuntu Advantage PPAs apt policy and config"
apt-cache policy | grep esm.ubuntu.com
for file in \`ls /etc/apt/sources.list.d/ubuntu-*.list\`; do
echo "--- file: \${file}"
cat \${file}
done
EOF
chmod 755 checkaptpolicy.sh
declare -A NEXTDIST=( [bionic]=focal [xenial]=bionic [trusty]=xenial )
wait_for_boot() {
local vm=$1 release=$2
echo "--- Wait for cloud-init to finish"
if [ "${release}" = "trusty" ]; then
while [ "N 2" != "$(lxc exec ${vm} -- runlevel)" ]; do
echo "waiting on runlevel 2"
sleep 5
done
status=$(lxc exec ${vm} -- test -f /var/run/cloud-init/result.json && echo "done" || echo "running" )
while [ "done" != "${status}" ]; do
status=$(lxc exec ${vm} -- test -f /var/run/cloud-init/result.json && echo "done" || echo "running" )
echo -n '.'
sleep 5
done
else
lxc exec ${vm} -- cloud-init status --wait --long
fi
}
for release in trusty; do
vm=test-sru-$release
echo "--- Launch cloud-init with ${release}-proposed enabled"
lxc launch ubuntu-daily:${release} ${vm} -c user.user-data="$(cat test-uru.yaml)"
upgraderelease=${NEXTDIST[$release]}
wait_for_boot ${vm} ${release}
echo "--- Attach Ubuntu-Advantage and enable services"
lxc exec ${vm} -- ua attach ${UA_TOKEN}
lxc exec ${vm} -- ua status --wait | tee ua-status.orig
lxc file push checkaptpolicy.sh ${vm}/
lxc exec ${vm} -- /checkaptpolicy.sh > policy.orig
lxc exec ${vm} -- wget http://archive.ubuntu.com/ubuntu/dists/$upgraderelease-proposed/main/dist-upgrader-all/current/$upgraderelease.tar.gz
lxc exec ${vm} -- tar xzvf $upgraderelease.tar.gz
echo "--- Add proposed PPA to valid mirrors to exercise ua-tools do-release-upgrade"
lxc file pull ${vm}/root/mirrors.cfg .
sed -i 's/stable/proposed/' mirrors.cfg
lxc file push mirrors.cfg ${vm}/root/
lxc exec ${vm} -- /root/$upgraderelease --datadir=/root --frontend DistUpgradeViewNonInteractive
lxc exec ${vm} -- reboot || true
wait_for_boot ${vm} ${upgraderelease}
echo "--- Validate UA APT sources after upgrade"
lxc exec ${vm} -- /checkaptpolicy.sh > policy.upgrade
lxc exec test-sru-bionic grep disable /etc/apt/sources.list && "FAILURE: valid mirrors got disabled" || echo "SUCCESS: no valid mirrors disabled"
echo "--- Ensure UA status reports ESM disabled due to pending RT"
lxc exec ${vm} -- ua status --wait | tee ua-status.upgrade
egrep 'esm-infra.*disabled' ua-status.upgrade || echo "FAILURE: unexpected enabled esm-infra"
echo "--- Expect disable reason to be no Release file in esm PPA"
lxc exec test-sru-bionic grep disable /var/log/dist-upgrade/main.log || echo "FAILURE: didn't find disabled update logs for esm"
echo "--- Expect disabled esm-infra in diffs from original and upgrade status"
diff -urN ua-status.orig ua-status.upgrade
done
[Regression Potential]
None as UA support is not yet officially introduced in Xenial or later.
This patch only allows anyone currently overriding PostUpgradeScripts in DistUpgrade.cfg to perform apt update|install operations, which were previously prohibited due to apt lock.
=== End SRU Template ===
==== Original Description ===
In order for custom PostInstallScript to add/remove apt packages and
call apt update, DistUpgradecontroller needs to release the apt cache
directory lock before that stage.
If the lock is still in place,
DistUpgradeController.runPostUpgradeScripts hits errors such as:
E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)
E: Unable to lock directory /var/lib/apt/lists/
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1897778/+subscriptions
More information about the foundations-bugs
mailing list