search

Linuxfabrik / lfops

LFOps is an Ansible Collection of generic Roles, Playbooks and Plugins for managing Linux-based Cloud Infrastructures.
https://linuxfabrik.ch
The Unlicense
52 stars 13 forks source link

role:system_update: some packages are not upgraded on Debian #128

Closed NavidSassan closed 1 year ago

NavidSassan commented 1 year ago

for example, the server has the following upgradable packages:

root@debian11:~# cat /tmp/check-update
Please reply to this mail if you have any concerns.
A reboot might be necessary and will be done
automatically after updating your components.
---------------------------------------------------

Listing...
graylog-server/stable 5.0.9-1 amd64 [upgradable from: 5.0.8-1]
icinga2-bin/icinga-bullseye 2.13.7-1+debian11 amd64 [upgradable from: 2.12.3-1]
icinga2-common/icinga-bullseye 2.13.7-1+debian11 all [upgradable from: 2.12.3-1]
icinga2/icinga-bullseye 2.13.7-1+debian11 amd64 [upgradable from: 2.12.3-1]
linux-image-amd64/oldstable-security 5.10.179-1 amd64 [upgradable from: 5.10.162-1]

after update-and-reboot ran, only graylog-server was updated:

root@debian11:~# apt list --upgradable
Listing... Done
icinga2-bin/icinga-bullseye 2.13.7-1+debian11 amd64 [upgradable from: 2.12.3-1]
icinga2-common/icinga-bullseye 2.13.7-1+debian11 all [upgradable from: 2.12.3-1]
icinga2/icinga-bullseye 2.13.7-1+debian11 amd64 [upgradable from: 2.12.3-1]
linux-image-amd64/oldstable-security 5.10.179-1 amd64 [upgradable from: 5.10.162-1]

when trying to run the command manually, the packages are "held back":

root@debian11:~# apt-get -o DPkg::options::=--force-confdef -o DPkg::options::=--force-confold upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following package was automatically installed and is no longer required:
  icinga2-doc
Use 'apt autoremove' to remove it.
The following packages have been kept back:
  icinga2 icinga2-bin icinga2-common linux-image-amd64
0 upgraded, 0 newly installed, 0 to remove and 4 not upgraded.

using full-upgrade instead of upgrade works, but could have unwanted side effects, as it allows the removal of packages. instead, one should use --with-new-pkgs:

root@debian11:~# apt-get -o DPkg::options::=--force-confdef -o DPkg::options::=--force-confold --with-new-pkgs upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following NEW packages will be installed:
  libboost-iostreams1.74.0 linux-image-5.10.0-23-amd64
The following packages will be upgraded:
  icinga2 icinga2-bin icinga2-common linux-image-amd64
4 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.