[Bug 2019089] Re: shutdown-scripts service is restarted on package upgrade - causing any configured shutdown scripts to be run

Wed Jun 14 00:47:29 UTC 2023

This bug was fixed in the package google-guest-agent -
20230426.00-0ubuntu2~20.04.0

---------------
google-guest-agent (20230426.00-0ubuntu2~20.04.0) focal; urgency=medium

  * No-change rebuild for Focal.

google-guest-agent (20230426.00-0ubuntu2) mantic; urgency=medium

  * d/rules: Add --no-stop-on-upgrade for upgrade path
    to enforce no stop of the services on package upgrade.
    This has the desired side-effect of not stopping, starting or
    restarting the services as a part of the upgrade (LP: #2019089)
  * d/{rules,install}: ship gce-workload-cert-refresh.timer.

 -- Utkarsh Gupta <utkarsh at ubuntu.com>  Thu, 25 May 2023 13:16:13 +0530

** Changed in: google-guest-agent (Ubuntu Bionic)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to google-guest-agent in Ubuntu.
https://bugs.launchpad.net/bugs/2019089

Title:
  shutdown-scripts service is restarted on package upgrade - causing any
  configured shutdown scripts to be run

Status in google-guest-agent package in Ubuntu:
  Fix Released
Status in google-guest-agent source package in Bionic:
  Fix Released
Status in google-guest-agent source package in Focal:
  Fix Released
Status in google-guest-agent source package in Jammy:
  Fix Released
Status in google-guest-agent source package in Kinetic:
  Fix Released
Status in google-guest-agent source package in Lunar:
  Fix Released
Status in google-guest-agent source package in Mantic:
  Fix Released

Bug description:
  [Impact]
  ========

  Initially reported @ https://github.com/GoogleCloudPlatform/guest-
  agent/issues/119

  Basically anytime the google-guest-agent package is updated, these
  services are restarted which means the customer scripts are run at a
  time they are not supposed to be. This caused an outage for one
  customer who had some logic in their shutdown script that basically
  turned off their services.

  The issue is most certainly in the autogenerated preinst script which
  should not be there. Stopping the shutdown service will invoke the
  shutdown script. This wasn't there in previous Ubuntu versions.

  Ubuntu 22.04 preinst script
  ```
  #!/bin/sh
  set -e
  # Automatically added by dh_installdeb/13.6ubuntu1
  dpkg-maintscript-helper rm_conffile /etc/defaults/instance_configs.cfg 20200617.00-0ubuntu2\~ -- "$@"
  # End automatically added section
  # Automatically added by dh_installsystemd/13.6ubuntu1
  if [ -z "${DPKG_ROOT:-}" ] && [ "$1" = upgrade ] && [ -d /run/systemd/system ] ; then
  deb-systemd-invoke stop 'google-shutdown-scripts.service' 'google-startup-scripts.service' >/dev/null || true
  fi
  # End automatically added section
  ```

  Ubuntu 20.04 preinst script

  ```
  root at ubu2004:/tmp/DEBIAN# cat preinst
  #!/bin/sh
  set -e
  # Automatically added by dh_installdeb/12.10ubuntu1
  dpkg-maintscript-helper rm_conffile /etc/defaults/instance_configs.cfg 20200617.00-0ubuntu2\~ -- "$@"
  # End automatically added section
  ```

  One reason this issue was of concern as the latest google-guest-agent
  update was a rebuild promoted by golang-1.18 being updated to address
  CVEs prompting a rebuild of all packages dependant on golang-1.18 and
  publication of those rebuilds to the -security pocket. unattended-
  upgrades then upgraded google-guest-agent in the background which
  restarted the shutdown-scripts.

  We do want the services to be enabled on initial installation and to
  be started on instance start but they should not be restarted/stopped
  during the lifetime of the instance.

  [Test Plan]
  ===========

  After having the fixes in, we'll run the reproducer and the test
  script mentioned in the first comment:
  https://bugs.launchpad.net/ubuntu/+source/google-guest-
  agent/+bug/2019089/comments/1.

  This will help us validate that the fix is indeed working as it
  should.

  A demonstration of that reproducer script is shown in the 2nd comment:
  https://bugs.launchpad.net/ubuntu/+source/google-guest-agent/+bug/2019089/comments/2.

  Further, we'll also build the images and run the CTF tests (internal
  tests) on them on our side and then ask Google to validate these
  images to make sure they also confirm that the bug is indeed fix and
  there's no regression or fallout with this update.

  Once Google comes back with the validation, we'll assume enough
  testing and verification has been done and will mark the bug with the
  same.

  [Where Problems Could Occur]
  ============================

  The patch just adds "--no-stop-on-upgrade" to the already existing "--
  no-start --no-restart-after-upgrade". So if somebody is relying on
  that behavior or has a workaround that somehow, it'll break the setup
  for them. But this update should bring them the right fix. I don't
  expect a lot of users to regress because of that, though.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/google-guest-agent/+bug/2019089/+subscriptions