tag 803249 upstream fixed-upstream -moreinfo
thanks
Hi,
On Fri, Jan 22, 2016 at 06:26:04PM -0700, Stephen Dowdy wrote:
> Thomas,
>
> Summary:
> - using an auxiliary conf.d file seems to mostly work
but it was not perfect... it disables auto restart mode in case of
running noninteractive.
> - 'needrestart' should, however flag 'systemctl restart' notice with
> 'skipping' in this case?
It just lists the commands for copy'n'paste-on-demand ("Services to be
restarted:").
> - 'needrestart' should not prompt to read <RETURN> on 'consider
> rebooting kernel' notification in this case
ACK
I've added a simple check in needrestart to handle debconf's
noninteractive frontend correctly. If noninteractive is used,
needrestart now behaves like there is no TTY attached to /dev/std*.
HTH,
Thomas
> (hostname)# cat /etc/needrestart/conf.d/debian_frontend_noninteractive.conf
> # Switch to list mode if debconf is running noninteractive
> # Ref: Bug#803249: needrestart: Restarts services in debconf noninteractive
> # Thomas Liske <tho...@fiasko-nw.net>
>
> $nrconf{restart} = ( ($ENV{DEBIAN_FRONTEND} // '') eq 'noninteractive' ?
> 'l' : 'i');
>
> 1;
> (changed it a tiny bit)
>
> I ran an update on a system that hasn't been updated for quite some time,
> with :
>
> 19 DEBIAN_FRONTEND=noninteractive aptitude upgrade 2>&1 | tee
> /tmp/aptup.log
> 20 grep -i -e restart -e systemctl /tmp/aptup.log
>
> and nothing appeared in the log. :-)
>
> (hostname)# DEBIAN_FRONTEND='noninteractive' needrestart
> Scanning processes...
> Scanning candidates...
> Scanning kernel images...
> Services to be restarted:
> Skipping dbus.service...
> Skipping getty@tty1.service...
> Skipping kdm.service...
> Skipping NetworkManager.service...
> Skipping systemd-journald.service...
> systemctl restart acpid.service atd.service autofs.service
> console-kit-daemon.service cron.service dirmngr.service gpm.service
> inetd.service irqbalance.service mcelog.service mdmonitor.service
> nfs-common.service nis.service packagekit.service polkitd.service
> rpcbind.service sendmail.service smartd.service ssh.service udisks2.service
> upower.service user@0.service user@115.service user@3619.service
>
> Looks like it's in list-only mode (still disconcerting to see the
> 'systemctl restart' line without a "Skipping"/"DEBUG" or other flagging
> prefix, but clearly it's not actually issuing restarts:
>
> pomelo2:~# systemctl status acpid.service
> * acpid.service - ACPI event daemon
> Loaded: loaded (/lib/systemd/system/acpid.service; disabled)
> Active: active (running) since Sat 2015-11-28 10:30:26 MST; 1 months 24
> days ago
> ...
>
>
> (hostname)# needrestart
> Scanning processes...
> Scanning candidates...
> Scanning kernel images...
>
> Graphic (curses) UI comes up, queries if i want to restart various services
> (i hit CANCEL)
>
> BUT!
> (hostname)# DEBIAN_FRONTEND='noninteractive' needrestart -v
> ...
> Restarting the system to load the new kernel will not be handled
> automatically, so you should consider rebooting. [Return]
> ...
>
> So, it still blocks there on a terminal read -- which it should not do if
> we're truly noninteractive (but, it obviously "Does The Right Thing(tm)"if
> stdin redirected from /dev/null. Just would be nice if it did NOT prompt
> if it's non-interactive (even in verbose mode).
>
> --stephen
>
> On Fri, Jan 22, 2016 at 4:21 PM, Thomas Liske <tho...@fiasko-nw.net> wrote:
>
> > Hi Stephen,
> >
> > On Fri, Jan 22, 2016 at 11:44:30AM -0700, Stephen Dowdy wrote:
> > > I believe the Felix is saying that 'needrestart' appears to be unaware of
> > > the common explicit DEBIAN_FRONTEND=noninteractive setting used to
> > indicate
> > > that package management should be non-interactive (and if not, then *I*
> > am)
> > >
> > > I will often use 'pdsh' to run forced package updates like so:
> > >
> > > $ cut -d: -f1 vulnerable.log | WCOLL=- pdsh -lroot 'aptitude update -q=2;
> > > DEBIAN_FRONTEND=noninteractive aptitude -q=2 safe-upgrade --assume-yes -o
> > > Dpkg::Options::="--force-confold" </dev/null'
> > >
> > > Unfortunately, 'needrestart's 'isatty' style checks are insufficient for
> > my
> > > needs here, as STDERR/STDOUT are attached to a pty associated with the
> > > 'ssh' hitting all the systems i am updating... I have no way of then
> > > telling 'needrestart' to not restart services
> > >
> > > So, i unexpectedly got a bunch of systemctl restart invocations, and i
> > find
> > > that often borks things badly.
> > >
> > > If 'needrestart' could also check ${DEBIAN_FRONTEND}, that would be
> > awesome.
> > >
> > > Otherwise, i suppose i will have to cfengine out a "Default No"
> > > needrestart.conf configuration to all my systems.
> >
> > you could try to put something like
> >
> > cat <<EOF
> > # Switch to list mode if debconf is running noninteractive
> > $nrconf{restart} = (exists($ENV{DEBIAN_FRONTEND}) &&
> > $ENV{DEBIAN_FRONTEND} eq 'noninteractive' ? 'l' : 'i');
> >
> > 1;
> > EOF
> >
> > into /etc/needrestart/conf.d/noninteractive.conf. If it works we might
> > should add it upstream...
> >
> >
> > > So, indeed 'unattended-upgrades' runs are also triggering needrestart to
> > > believe it is running interactively, and thus it restarts things.
> > > 'unattended-upgrade' appears to buy into the "DEBIAN_FRONTEND" notion of
> > > noninteractivity as well:
> > >
> > > # grep -i interactive /usr/bin/unattended-upgrade
> > > # set debconf to NON_INTERACTIVE, redirect output
> > > os.putenv("DEBIAN_FRONTEND", "noninteractive")
> > > env["DEBIAN_FRONTEND"] = "noninteractive"
> >
> > So the fix should work for unattended-upgrades, too.
> >
> >
> > Thx & HTH,
> > Thomas
> >
> > --
> >
> > :: WWW: https://fiasko-nw.net/~thomas/ ::
> > ::: Jabber: xmpp:tho...@jabber.fiasko-nw.net :::
> > :: flickr: https://www.flickr.com/photos/laugufe/ ::
> >
>
>
>
> --
> Stephen Dowdy - Systems Administrator - NCAR/RAL
> 303.497.2869 - sdo...@ucar.edu - http://www.ral.ucar.edu/~sdowdy/
--
:: WWW: https://fiasko-nw.net/~thomas/ ::
::: Jabber: xmpp:tho...@jabber.fiasko-nw.net :::
:: flickr: https://www.flickr.com/photos/laugufe/ ::
