devconfig: disable debian unattended-upgrades

mcgrof · mcgrof · commit a7c1ab793700 · 2024-10-23T16:12:52.000-07:00
Experience has shown that for CIs the biggest recurring issue is apt running into conflicts with unattended-upgrades running in the background. unattended-upgrades [0] is enabled by default as of Debian 9 (Stretch), and I verified its being enabled also on the debian 13 images we are using. This is probably one of the most counter productive things we can have when we want automation so be sure to kill this. I logged into a system and tried to remove it, but the systemd service was still running, and one could not stop it unless you reload the systemd daemon so the order should be: * apt-get remove unattended-upgrades * systemctl daemon-reload * systemctl stop unattended-upgrades.service Sadly the removal of the package does not stop the service so we need to all these things manually. While at it, let's just go bananas and try to stop and kill all related automated things which are just going to get in our way. [0] https://wiki.debian.org/UnattendedUpgrades root@0e62-xarray ~ # ps -ef| grep una root 721 1 0 Oct21 ? 00:00:33 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal root 10435 10393 0 16:05 ttyS0 00:00:00 grep una root@0e62-xarray ~ # systemctl status unattended-upgrades.service ● unattended-upgrades.service - Unattended Upgrades Shutdown Loaded: loaded (/usr/lib/systemd/system/unattended-upgrades.service; enabl> Active: active (running) since Mon 2024-10-21 20:57:03 PDT; 1 day 19h ago Invocation: 767324a9c6c84fca80fdc0287f0c615d Docs: man:unattended-upgrade(8) Main PID: 721 (unattended-upgr) Tasks: 1 (limit: 4532) Memory: 20.7M (peak: 22M) CPU: 33.724s CGroup: /system.slice/unattended-upgrades.service └─721 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-u> Oct 21 20:57:03 0e62-xarray systemd[1]: Started unattended-upgrades.service - U> root@0e62-xarray ~ # apt-get remove unattended-upgrades Reading package lists... Done Building dependency tree... Done Reading state information... Done The following packages were automatically installed and are no longer required: eject netcat-openbsd python3-attr python3-blinker python3-configobj python3-distro-info python3-jinja2 python3-json-pointer python3-jsonpatch python3-jsonschema python3-jsonschema-specifications python3-jwt python3-markupsafe python3-oauthlib python3-referencing python3-rpds-py python3-serial Use 'apt autoremove' to remove them. The following packages will be REMOVED: unattended-upgrades 0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded. After this operation, 314 kB disk space will be freed. Do you want to continue? [Y/n] y (Reading database ... 45366 files and directories currently installed.) Removing unattended-upgrades (2.11+nmu1) ... Processing triggers for man-db (2.13.0-1) ... root@0e62-xarray ~ # systemctl daemon-reload [155354.258076] systemd-ssh-generator[10507]: Binding SSH to AF_VSOCK vsock::22. [155354.294551] systemd-ssh-generator[10507]: → connect via 'ssh vsock/4294967295' from host [155354.332191] systemd-ssh-generator[10507]: Binding SSH to AF_UNIX socket /run/ssh-unix-local/socket. [155354.372956] systemd-ssh-generator[10507]: → connect via 'ssh .host' locally root@0e62-xarray ~ # systemctl status unattended-upgrades.service ● unattended-upgrades.service Loaded: not-found (Reason: Unit unattended-upgrades.service not found.) Active: active (running) since Mon 2024-10-21 20:57:03 PDT; 1 day 19h ago Invocation: 767324a9c6c84fca80fdc0287f0c615d Main PID: 721 (unattended-upgr) Tasks: 1 (limit: 4532) Memory: 20.7M (peak: 22M) CPU: 33.732s CGroup: /system.slice/unattended-upgrades.service └─721 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-u> Oct 21 20:57:03 0e62-xarray systemd[1]: Started unattended-upgrades.service - U> root@0e62-xarray ~ # systemctl stop unattended-upgrades.service root@0e62-xarray ~ # systemctl status unattended-upgrades.service Unit unattended-upgrades.service could not be found. Signed-off-by: Luis Chamberlain <mcgrof@kernel.org>
diff --git a/playbooks/roles/devconfig/tasks/install-deps/debian/main.yml b/playbooks/roles/devconfig/tasks/install-deps/debian/main.yml
@@ -1,4 +1,43 @@
 ---
+- name: Remove unattended-upgrades package
+  become: yes
+  become_flags: 'su - -c'
+  become_method: sudo
+  apt:
+    name: unattended-upgrades
+    state: absent
+
+- name: Remove optional unattended-upgrades configuration files if they exist
+  become: yes
+  become_flags: 'su - -c'
+  become_method: sudo
+  file:
+    path: "{{ item }}"
+    state: absent
+  loop:
+    - /etc/apt/apt.conf.d/20auto-upgrades
+    - /etc/apt/apt.conf.d/02periodic
+    - /etc/apt/apt.conf.d/50unattended-upgrades
+    - /etc/apt/apt.conf.d/52unattended-upgrades-local
+  ignore_errors: yes
+
+- name: Stop and disable unattended-upgrades related services
+  become: yes
+  become_flags: 'su - -c'
+  become_method: sudo
+  systemd:
+    name: "{{ item }}"
+    state: stopped
+    enabled: no
+    daemon_reload: yes
+  loop:
+    - unattended-upgrades
+    - apt-daily.service
+    - apt-daily.timer
+    - apt-daily-upgrade.service
+    - apt-daily-upgrade.timer
+  ignore_errors: yes
+
 - name: Allow for distro source change / upgrade
   become: yes
   become_flags: 'su - -c'
