unattended-upgrades and debconf #175
Comments
|
+1 for this issue, is not working when package is already installed. |
|
@rmoriz / @fabn Can you elaborate on this a bit more. I'm trying to understand exactly what wouldn't work here. I was under the impression from reading the Debian docs that all you needed was the proper config in the 20auto-upgrades file to get the contents of the 50unattended-upgrades to be respected. If the user has the attribute set to enable upgrades they're getting true set in the seed file, but also APT::Periodic::Unattended-Upgrade set as well in 20auto-upgrades. |
|
I don't really remember the details, but the chef seed file is ignored if the package is already installed. Even when the |
|
I believe that this is a problem with the implementation of the :reconfig action in the package provider. Idempotency is enforced only by checking that the seed file has not changed. The actual state of the configuration database is not checked. Thus, the :reconfig action is not actually enforcing compliance. The relevant code seems to be here; |
|
In the case of https://github.com/chef-cookbooks/apt/blob/master/recipes/unattended-upgrades.rb#L28 the
If, after a successfull seed+install, something changes the config db (as you describe), it will not fix and reconfigure. But IMO this is a rare case because it requires active "destruction" after chef took over the management of the node. In my case, the problem starts before Chef is bootstrapped and run. Here is some in-house hack I'm using to deal with the situation: auto_updates_enabled = !node['apt']['unattended_upgrades']['enable'].nil?
execute 'debconf_seeding_unattended_upgrades' do
command "echo 'unattended-upgrades unattended-upgrades/enable_auto_updates boolean #{auto_updates_enabled}' | debconf-set-selections"'
cwd '/tmp'
not_if "debconf-show unattended-upgrades | grep 'enable_auto_updates: #{auto_updates_enabled}'"
notifies :run, 'execute[reconfigure_unattended_upgrades]', :immediately
end
execute 'reconfigure_unattended_upgrades' do
command 'dpkg-reconfigure unattended-upgrades'
environment(
'DEBIAN_FRONTEND' => 'noninteractive'
)
action :nothing
end |
If the
unattended_upgradespackage is already installed, the debconf seed never gets seeded and auto-updates will never get enabled:https://github.com/chef-cookbooks/apt/blob/master/recipes/unattended-upgrades.rb#L27
Systems initially provisioned by
cloud-init(like recently at DigitalOcean) already haveunattended_upgradesinstalled and auto-update disabled.The text was updated successfully, but these errors were encountered: