I believe the Felix is saying that 'needrestart' appears to be unaware of
the common explicit DEBIAN_FRONTEND=noninteractive setting used to indicate
that package management should be non-interactive (and if not, then *I* am)

I will often use 'pdsh' to run forced package updates like so:

$ cut -d: -f1 vulnerable.log | WCOLL=- pdsh -lroot 'aptitude update -q=2;
DEBIAN_FRONTEND=noninteractive aptitude -q=2 safe-upgrade --assume-yes -o
Dpkg::Options::="--force-confold" </dev/null'

Unfortunately, 'needrestart's 'isatty' style checks are insufficient for my
needs here, as STDERR/STDOUT are attached to a pty associated with the
'ssh' hitting all the systems i am updating...  I have no way of then
telling 'needrestart' to not restart services

So, i unexpectedly got a bunch of systemctl restart invocations, and i find
that often borks things badly.

If 'needrestart' could also check ${DEBIAN_FRONTEND}, that would be awesome.

Otherwise, i suppose i will have to cfengine out a "Default No"
needrestart.conf configuration to all my systems.

Also, i see:

# zgrep -i systemctl *
unattended-upgrades-dpkg.log.1.gz:systemctl restart cron.service
ntp.service sendmail.service ssh.service
unattended-upgrades-dpkg.log.1.gz:systemctl restart ntp.service
sendmail.service ssh.service
unattended-upgrades-dpkg.log.1.gz:systemctl restart autofs.service
upower.service
unattended-upgrades-dpkg.log.1.gz:systemctl restart autofs.service
upower.service
unattended-upgrades-dpkg.log.2.gz:systemctl restart nfs-common.service
rpcbind.service ssh.service
unattended-upgrades-dpkg.log.4.gz:systemctl restart sendmail.service
unattended-upgrades-dpkg.log.4.gz:systemctl restart sendmail.service
unattended-upgrades-dpkg.log.5.gz:systemctl restart polkitd.service
unattended-upgrades-dpkg.log.5.gz:systemctl restart polkitd.service
unattended-upgrades-dpkg.log.5.gz:systemctl restart polkitd.service
unattended-upgrades-dpkg.log.6.gz:systemctl restart cron.service
polkitd.service
unattended-upgrades-dpkg.log.6.gz:systemctl restart polkitd.service


So, indeed 'unattended-upgrades' runs are also triggering needrestart to
believe it is running interactively, and thus it restarts things.
'unattended-upgrade' appears to buy into the "DEBIAN_FRONTEND" notion of
noninteractivity as well:

# grep -i interactive /usr/bin/unattended-upgrade
    # set debconf to NON_INTERACTIVE, redirect output
    os.putenv("DEBIAN_FRONTEND", "noninteractive")
            env["DEBIAN_FRONTEND"] = "noninteractive"

thanks,
--stephen



-- 
Stephen Dowdy  -  Systems Administrator  -  NCAR/RAL
303.497.2869   -  [email protected]        -  http://www.ral.ucar.edu/~sdowdy/

Reply via email to