Ubuntu Desktop 16.04: /usr/bin/systemd.apt.daily causing apt-get update to fail when vagrant provisioning starts

[tknerr]

I have a simple Vagrantfile here:

Vagrant.configure("2") do |config|

  config.vm.box = "boxcutter/ubuntu1604-desktop"
  config.vm.box_version = "2.0.18"
  config.vm.box_check_update = false

  config.vm.provider "virtualbox" do |vbox|
    vbox.name = "Developer VM"
    vbox.cpus = 4
    vbox.memory = 2048
  end

  config.vm.provision "shell", privileged: false, inline: <<-EOF
    sudo apt-get update
    sudo apt-get install git -y
  EOF
end

Upon vagrant up it fails immediately with this error:

W:\dev>vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Importing base box 'boxcutter/ubuntu1604-desktop'...
==> default: Matching MAC address for NAT networking...
==> default: Setting the name of the VM: Developer VM
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
    default: Adapter 1: nat
==> default: Forwarding ports...
    default: 22 (guest) => 2222 (host) (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
    default: SSH address: 127.0.0.1:2222
    default: SSH username: vagrant
    default: SSH auth method: private key
    default: Warning: Remote connection disconnect. Retrying...
    default: Warning: Remote connection disconnect. Retrying...
    default:
    default: Vagrant insecure key detected. Vagrant will automatically replace
    default: this with a newly generated keypair for better security.
    default:
    default: Inserting generated public key within guest...
    default: Removing insecure key from the guest if it's present...
    default: Key inserted! Disconnecting and reconnecting using new SSH key...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
==> default: Mounting shared folders...
    default: /vagrant => W:/dev
==> default: Running provisioner: shell...
==> default: Reading package lists...
==> default: E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)
==> default: E: Unable to lock directory /var/lib/apt/lists/
The SSH command responded with a non-zero exit status. Vagrant
assumes that this means the command failed. The output for this command
should be in the log above. Please read the output to determine what
went wrong.

I suspect this is because as soon as the VM starts either an unattended auto upgrade or the /usr/lib/apt/apt.systemd.daily is running concurrently:

Also, same behaviour after vagrant up --no-provision and then in the vm via vagrant ssh

vagrant@vagrant:~$ sudo apt-get update
Hit:1 http://security.ubuntu.com/ubuntu xenial-security InRelease
Hit:2 http://us.archive.ubuntu.com/ubuntu xenial InRelease
Hit:3 http://us.archive.ubuntu.com/ubuntu xenial-updates InRelease
Hit:4 http://us.archive.ubuntu.com/ubuntu xenial-backports InRelease
E: Could not get lock /var/lib/dpkg/lock - open (11: Resource temporarily unavailable)
E: Unable to lock the administration directory (/var/lib/dpkg/), is another process using it?

vagrant@vagrant:~$ ps aux | grep apt
root       625  0.0  0.0   4508  1784 ?        Ss   08:24   0:00 /bin/sh /usr/lib/apt/apt.systemd.daily
_apt      2760 13.2  0.2  45604  5456 ?        S    08:28   0:03 /usr/lib/apt/methods/http
vagrant   2789  0.0  0.0  16576  1964 pts/8    S+   08:28   0:00 grep --color=auto apt

A while later ps aux | apt shows this:

vagrant@vagrant:~$ ps aux | grep apt
root       625  0.0  0.0   4508  1784 ?        Ss   08:24   0:00 /bin/sh /usr/lib/apt/apt.systemd.daily
root      3252 22.6  1.9  62976 40532 pts/9    Rs+  08:32   0:08 /usr/bin/dpkg --status-fd 10 --unpack --auto-deconfigure /var/cache/apt/archives/libxml2_2.9.3+dfsg1-1ubuntu0.1_amd64.deb /var/cache/apt/archives/libreoffice-calc_1%3a5.1.4-0ubuntu1_amd64.deb /var/cache/apt/archives/libreoffice-gnome_1%3a5.1.4-0ubuntu1_amd64.deb /var/cache/apt/archives/libreoffice-gtk_1%3a5.1.4-0ubuntu1_amd64.deb /var/cache/apt/archives/libreoffice-writer_1%3a5.1.4-0ubuntu1_amd64.deb /var/cache/apt/archives/uno-libs3_5.1.4-0ubuntu1_amd64.deb /var/cache/apt/archives/libreoffice-ogltrans_1%3a5.1.4-0ubuntu1_amd64.deb /var/cache/apt/archives/ure_5.1.4-0ubuntu1_amd64.deb /var/cache/apt/archives/libreoffice-style-breeze_1%3a5.1.4-0ubuntu1_all.deb /var/cache/apt/archives/libreoffice-style-elementary_1%3a5.1.4-0ubuntu1_all.deb /var/cache/apt/archives/libreoffice-style-galaxy_1%3a5.1.4-0ubuntu1_all.deb /var/cache/apt/archives/libreoffice-common_1%3a5.1.4-0ubuntu1_all.deb /var/cache/apt/archives/libreoffice-pdfimport_1%3a5.1.4-0ubuntu1_amd64.deb /var/cache/apt/archives/python3-uno_1%3a5.1.4-0ubuntu1_amd64.deb /var/cache/apt/archives/libreoffice-base-core_1%3a5.1.4-0ubuntu1_amd64.deb /var/cache/apt/archives/libreoffice-math_1%3a5.1.4-0ubuntu1_amd64.deb /var/cache/apt/archives/libreoffice-avmedia-backend-gstreamer_1%3a5.1.4-0ubuntu1_amd64.deb /var/cache/apt/archives/libreoffice-draw_1%3a5.1.4-0ubuntu1_amd64.deb /var/cache/apt/archives/libreoffice-impress_1%3a5.1.4-0ubuntu1_amd64.deb /var/cache/apt/archives/libreoffice-core_1%3a5.1.4-0ubuntu1_amd64.deb /var/cache/apt/archives/fonts-opensymbol_2%3a102.7+LibO5.1.4-0ubuntu1_all.deb /var/cache/apt/archives/libexpat1_2.1.0-7ubuntu0.16.04.2_amd64.deb /var/cache/apt/archives/tzdata_2016f-0ubuntu0.16.04_all.deb /var/cache/apt/archives/distro-info-data_0.28ubuntu0.1_all.deb /var/cache/apt/archives/libssl1.0.0_1.0.2g-1ubuntu4.1_amd64.deb /var/cache/apt/archives/libtasn1-6_4.7-3ubuntu0.16.04.1_amd64.deb /var/cache/apt/archives/dosfstools_3.0.28-2ubuntu0.1_amd64.deb /var/cache/apt/archives/openssl_1.0.2g-1ubuntu4.1_amd64.deb /var/cache/apt/archives/wget_1.17.1-1ubuntu1.1_amd64.deb /var/cache/apt/archives/dnsmasq-base_2.75-1ubuntu0.16.04.1_amd64.deb /var/cache/apt/archives/firefox_47.0+build3-0ubuntu0.16.04.1_amd64.deb /var/cache/apt/archives/libusbmuxd4_1.0.10-2ubuntu0.1_amd64.deb /var/cache/apt/archives/libimobiledevice6_1.2.0+dfsg-3~ubuntu0.2_amd64.deb /var/cache/apt/archives/linux-image-4.4.0-28-generic_4.4.0-28.47_amd64.deb /var/cache/apt/archives/linux-image-extra-4.4.0-28-generic_4.4.0-28.47_amd64.deb /var/cache/apt/archives/linux-generic_4.4.0.28.30_amd64.deb /var/cache/apt/archives/linux-image-generic_4.4.0.28.30_amd64.deb /var/cache/apt/archives/linux-headers-4.4.0-28_4.4.0-28.47_all.deb /var/cache/apt/archives/linux-headers-4.4.0-28-generic_4.4.0-28.47_amd64.deb /var/cache/apt/archives/linux-headers-generic_4.4.0.28.30_amd64.deb /var/cache/apt/archives/linux-libc-dev_4.4.0-28.47_amd64.deb /var/cache/apt/archives/liboxideqt-qmlplugin_1.15.8-0ubuntu0.16.04.1_amd64.deb /var/cache/apt/archives/liboxideqtquick0_1.15.8-0ubuntu0.16.04.1_amd64.deb /var/cache/apt/archives/liboxideqtcore0_1.15.8-0ubuntu0.16.04.1_amd64.deb /var/cache/apt/archives/oxideqt-codecs_1.15.8-0ubuntu0.16.04.1_amd64.deb
root      3630  0.0  0.0  16276  1096 pts/9    S+   08:32   0:00 dpkg-deb --fsys-tarfile /var/cache/apt/archives/tzdata_2016f-0ubuntu0.16.04_all.deb
root      3631  0.0  0.0  16276   140 pts/9    S+   08:32   0:00 dpkg-deb --fsys-tarfile /var/cache/apt/archives/tzdata_2016f-0ubuntu0.16.04_all.deb
root      3632  0.0  0.0  24472  1704 pts/9    S+   08:32   0:00 dpkg-deb --fsys-tarfile /var/cache/apt/archives/tzdata_2016f-0ubuntu0.16.04_all.deb
vagrant   3634  0.0  0.1  16576  2208 pts/8    S+   08:32   0:00 grep --color=auto apt

Mor evidence in /var/log/unattended-upgrades/unattended-upgrades.log:

2016-07-11 08:25:18,637 INFO Initial blacklisted packages:
2016-07-11 08:25:18,638 INFO Initial whitelisted packages:
2016-07-11 08:25:18,638 INFO Starting unattended upgrades script
2016-07-11 08:25:18,639 INFO Allowed origins are: ['o=Ubuntu,a=xenial-security']

Imho unattended-upgrades should be disabled by default for vagrant baseboxes, otherwise it's likely the provisioning fails due to such behaviour.

Box version is 2.0.18 (Virtualbox) of ubuntu1604-desktop.json, downloaded via Atlas

[tknerr]

Looking at the scripts that should run for the Ubuntu 16.04 desktop box.

Found https://github.com/boxcutter/ubuntu/blob/2.0.18/script/update.sh#L5 to disable release upgrades. This looks good and is still happening, the config is there with Prompt=never

[tknerr]

Looks like Ubuntu 16.04 introduces unattended upgradey by default via a systemd timer:
http://www.hiroom2.com/2016/05/18/ubuntu-16-04-auto-apt-update-and-apt-upgrade/

I can find the relevant files here:

• /lib/systemd/system/apt-daily.service
• /lib/systemd/system/apt-daily.timer

To disable the above systemd service / timer:

$ sudo systemctl disable apt-daily.service # disable run when system boot
$ sudo systemctl disable apt-daily.timer   # disable timer run

[tknerr]

PR #74 is ready and fixes the issue by disabling the automatic / periodic updates and unattended upgrades

[annawake]

A version of this has been merged