I believe the Felix is saying that 'needrestart' appears to be unaware of
the common explicit DEBIAN_FRONTEND=noninteractive setting used to indicate
that package management should be non-interactive (and if not, then *I* am)
I will often use 'pdsh' to run forced package updates like so:
$ cut -d: -f1 vulnerable.log | WCOLL=- pdsh -lroot 'aptitude update -q=2;
DEBIAN_FRONTEND=noninteractive aptitude -q=2 safe-upgrade --assume-yes -o
Dpkg::Options::="--force-confold" </dev/null'
Unfortunately, 'needrestart's 'isatty' style checks are insufficient for my
needs here, as STDERR/STDOUT are attached to a pty associated with the
'ssh' hitting all the systems i am updating... I have no way of then
telling 'needrestart' to not restart services
So, i unexpectedly got a bunch of systemctl restart invocations, and i find
that often borks things badly.
If 'needrestart' could also check ${DEBIAN_FRONTEND}, that would be awesome.
Otherwise, i suppose i will have to cfengine out a "Default No"
needrestart.conf configuration to all my systems.
Also, i see:
# zgrep -i systemctl *
unattended-upgrades-dpkg.log.1.gz:systemctl restart cron.service
ntp.service sendmail.service ssh.service
unattended-upgrades-dpkg.log.1.gz:systemctl restart ntp.service
sendmail.service ssh.service
unattended-upgrades-dpkg.log.1.gz:systemctl restart autofs.service
upower.service
unattended-upgrades-dpkg.log.1.gz:systemctl restart autofs.service
upower.service
unattended-upgrades-dpkg.log.2.gz:systemctl restart nfs-common.service
rpcbind.service ssh.service
unattended-upgrades-dpkg.log.4.gz:systemctl restart sendmail.service
unattended-upgrades-dpkg.log.4.gz:systemctl restart sendmail.service
unattended-upgrades-dpkg.log.5.gz:systemctl restart polkitd.service
unattended-upgrades-dpkg.log.5.gz:systemctl restart polkitd.service
unattended-upgrades-dpkg.log.5.gz:systemctl restart polkitd.service
unattended-upgrades-dpkg.log.6.gz:systemctl restart cron.service
polkitd.service
unattended-upgrades-dpkg.log.6.gz:systemctl restart polkitd.service
So, indeed 'unattended-upgrades' runs are also triggering needrestart to
believe it is running interactively, and thus it restarts things.
'unattended-upgrade' appears to buy into the "DEBIAN_FRONTEND" notion of
noninteractivity as well:
# grep -i interactive /usr/bin/unattended-upgrade
# set debconf to NON_INTERACTIVE, redirect output
os.putenv("DEBIAN_FRONTEND", "noninteractive")
env["DEBIAN_FRONTEND"] = "noninteractive"
thanks,
--stephen
--
Stephen Dowdy - Systems Administrator - NCAR/RAL
303.497.2869 - [email protected] - http://www.ral.ucar.edu/~sdowdy/