Taming apt timers in Ubuntu 18.04

August 5, 2020 – Samuli Seppänen

Ubuntu 18.04 AWS images - and probably other Cloud images as well - have automated upgrades turned on. This is done via two systemd timers, apt-daily.timer and apt-daily-upgrade.timer. The timers kick of periodically as well as when an instance is rebooted. This sounds reasonable until you are provisioning something: you're unable to install or configure any packages while apt and/or dpkg are running. With a really fresh cloud base image this may not be an issue, but when the base image gets sufficiently old then apt-get upgrade starts taking enough time to cause issues.

There are two approaches to solving this problem. The first is make your provisioning scripts wait until all the apt and dpkg processes have finished. This is what our wait_for_apt.sh script does. Unfortunately that script is currently unable to catch cases where the debconf database is locked.

Another option is to override some of the apt-daily.timer settings to delay the launch of the commands that would lock apt, dpkg and debconf. This can be done by creating an override file, /etc/systemd/system/apt-daily.timer.d/override.conf, with contents like this (courtesy of AskUbuntu):

[Timer]
OnBootSec=15min
OnUnitActiveSec=1d
AccuracySec=1h
RandomizedDelaySec=30min

The timer that actually runs "apt-get upgrade" does not need to be modified, because it is configured to start after apt-daily.timer.

Want to talk to an expert?

If you want to reach us, just send us a message or book a free call!
Categories

Tags

#aad #Access #acl #alertmanager #ansible #ansible module development #Apache #API #augeas #authentication #authorization #automation #automatization #aws #azure #backup #bash #bitbucket #buildbot #cache #centos #cloud #cloud-init #cloudflare #cloudfront #cluster #connectionsJpa #control repo #custom fact #database #debian #devops #digital sovereignty #DNS #docker #domain mode #duplo #ejabberd #email #encryption #erb #europe #eyaml #fabric #facter #facts #fargate #fedora #file #finnish #foreman #freeipa #git #github #gitlab #gnome #google #grafana #hammer #hiera #IAM #import #infinispan #Infrastructure as Code #ipmi #irc #jboss #jdk #jenkins #JMESPath #kanban #keycloak #librarian-puppet #librenms #linkedin #Linux #Location #loop #marketing #mautic #Mellon #mfa #monitoring #mysql #nagios #network-manager #oauth #oauth2 #office365 #open source #openvpn #oxygen #packer #paranormal #pdk #people #php #pkcs7 #pomodoro #Powershell #preseed #presentation #profiles #prometheus #provisioning #puppet #puppet-bolt #puppet-litmus #puppetboard #puppetdb #Puppetfile #puppetserver #puppet types and providers #pxeboot #qemu #quality #r10k #recruitment #redirect #Restrict #Reverse Proxy #roles #rspec #ruby #SAML #sem #shell #showsql #snmp #snmpd #software developement #spam #ssh #sso #standardization #systemd #systemd-resolved #teams #terraform #ubuntu #user-data #vagrant #vanity awards #variable #vim #virtualbox #visualstudio #webdevelopment #wildfly #Windows #wireguard #wordpress #workflow #x11 #xmpp #zimbra
We are
 Puppeteers
menucross-circle