search

kontena / pharos-host-upgrades

Kube DaemonSet for host OS upgrades
Apache License 2.0
40 stars 1 forks source link

Ubuntu unattended-upgrades config #10

Closed SpComb closed 6 years ago

SpComb commented 6 years ago

Allow overriding the unattended-upgrades.conf from the kube configmap.

Requires some trickery to override the Unattended-Upgrade::Allowed-Origins instead of just merging it with the default system /etc/apt/apt.conf.d/50unattended-upgrades: use a generated APT_CONFIG=... file that overrides Dir::Etc::main to load our own config after the /etc/apt/apt.conf.d files, using the #clear directive to reset the Unattended-Upgrade::Allowed-Origins. This means that any /etc/apt/apt.conf file will get ignored, but that file is not used in a default Ubuntu xenial install.

SpComb commented 6 years ago

Testing with the example unattended-upgrades.conf that expands the allowed origins:

2018/05/23 11:31:33 Load config from --config-path=/etc/host-upgrades
2018/05/23 11:31:33 Copying configs to --host-mount=/run/host-upgrades
2018/05/23 11:31:33 hosts/ubuntu probe success: systemd.HostInfo{KernelName:"Linux", Hostname:"ubuntu-xenial", OperatingSystemPrettyName:"Ubuntu 16.04.4 LTS", KernelVersion:"#148-Ubuntu SMP Wed May 2 13:00:18 UTC 2018", KernelRelease:"4.4.0-124-generic"}
2018/05/23 11:31:33 Probed host: hosts.HostInfo{OperatingSystem:"Ubuntu", OperatingSystemRelease:"16.04.4", Kernel:"Linux", KernelRelease:"4.4.0-124-generic"}
2018/05/23 11:31:33 hosts/ubuntu: using copied unattended-upgrades.conf at /run/host-upgrades/unattended-upgrades.conf
2018/05/23 11:31:33 Using --kube-namespace=kube-system --kube-daemonset=host-upgrades --kube-node=ubuntu-xenial
2018/05/23 11:31:33 kube/lock kube-system/daemonsets/host-upgrades: get
2018/05/23 11:31:33 kube/lock kube-system/daemonsets/host-upgrades: test pharos-host-upgrades.kontena.io/lock=: free
2018/05/23 11:31:33 Using kube lock kube-system/daemonsets/host-upgrades (acquired=false, value=)
2018/05/23 11:31:33 Using --schedule="0 * * * *", first upgrade at: 2018-05-23 11:32:00 +0000 UTC (in 26.476307705s)

2018/05/23 11:32:00 Acquiring kube lock...
2018/05/23 11:32:00 kube/lock kube-system/daemonsets/host-upgrades: wait
2018/05/23 11:32:00 kube/lock kube-system/daemonsets/host-upgrades: get
2018/05/23 11:32:00 kube/lock kube-system/daemonsets/host-upgrades: test pharos-host-upgrades.kontena.io/lock=: free
2018/05/23 11:32:00 kube/lock kube-system/daemonsets/host-upgrades: acquire
2018/05/23 11:32:00 kube/lock kube-system/daemonsets/host-upgrades: set pharos-host-upgrades.kontena.io/lock=ubuntu-xenial
2018/05/23 11:32:00 kube/lock kube-system/daemonsets/host-upgrades: update
2018/05/23 11:32:00 Running host upgrades...
2018/05/23 11:32:00 hosts/ubuntu upgrade...
2018/05/23 11:32:00 systemd/exec host-upgrades-update.service: systemd.ExecOptions{Cmd:[]string{"/usr/bin/apt-get", "update"}, Env:[]string(nil)}
2018/05/23 11:32:00 systemd/exec host-upgrades-update.service: reset
2018/05/23 11:32:00 systemd/exec host-upgrades-update.service: start []dbus.Property{dbus.Property{Name:"Type", Value:dbus.Variant{sig:dbus.Signature{str:"s"}, value:"oneshot"}}, dbus.Property{Name:"Environment", Value:dbus.Variant{sig:dbus.Signature{str:"as"}, value:[]string(nil)}}, dbus.Property{Name:"ExecStart", Value:dbus.Variant{sig:dbus.Signature{str:"a(sasb)"}, value:[]dbus.execStart{dbus.execStart{Path:"/usr/bin/apt-get", Args:[]string{"/usr/bin/apt-get", "update"}, UncleanIsFailure:false}}}}}
2018/05/23 11:32:00 systemd/exec host-upgrades-update.service: wait
2018/05/23 11:32:03 systemd/exec host-upgrades-update.service: journal 2018-05-23 11:32:00.837642 +0000 UTC: Hit:1 http://archive.ubuntu.com/ubuntu xenial InRelease
2018/05/23 11:32:03 systemd/exec host-upgrades-update.service: journal 2018-05-23 11:32:00.883447 +0000 UTC: Hit:2 http://archive.ubuntu.com/ubuntu xenial-updates InRelease
2018/05/23 11:32:03 systemd/exec host-upgrades-update.service: journal 2018-05-23 11:32:00.937267 +0000 UTC: Hit:3 http://archive.ubuntu.com/ubuntu xenial-backports InRelease
2018/05/23 11:32:03 systemd/exec host-upgrades-update.service: journal 2018-05-23 11:32:00.955618 +0000 UTC: Hit:4 http://security.ubuntu.com/ubuntu xenial-security InRelease
2018/05/23 11:32:03 systemd/exec host-upgrades-update.service: journal 2018-05-23 11:32:01.010875 +0000 UTC: Hit:5 https://download.docker.com/linux/ubuntu xenial InRelease
2018/05/23 11:32:03 systemd/exec host-upgrades-update.service: journal 2018-05-23 11:32:01.689507 +0000 UTC: Hit:6 https://packages.cloud.google.com/apt kubernetes-xenial InRelease
2018/05/23 11:32:03 systemd/exec host-upgrades-update.service: journal 2018-05-23 11:32:03.448134 +0000 UTC: Reading package lists...
2018/05/23 11:32:03 systemd/exec host-upgrades-update.service: done
2018/05/23 11:32:03 systemd/exec host-upgrades.service: systemd.ExecOptions{Cmd:[]string{"/usr/bin/unattended-upgrade", "-v"}, Env:[]string{"APT_CONFIG=/run/host-upgrades/apt.conf"}}
2018/05/23 11:32:03 systemd/exec host-upgrades.service: reset
2018/05/23 11:32:03 systemd/exec host-upgrades.service: start []dbus.Property{dbus.Property{Name:"Type", Value:dbus.Variant{sig:dbus.Signature{str:"s"}, value:"oneshot"}}, dbus.Property{Name:"Environment", Value:dbus.Variant{sig:dbus.Signature{str:"as"}, value:[]string{"APT_CONFIG=/run/host-upgrades/apt.conf"}}}, dbus.Property{Name:"ExecStart", Value:dbus.Variant{sig:dbus.Signature{str:"a(sasb)"}, value:[]dbus.execStart{dbus.execStart{Path:"/usr/bin/unattended-upgrade", Args:[]string{"/usr/bin/unattended-upgrade", "-v"}, UncleanIsFailure:false}}}}}
2018/05/23 11:32:03 systemd/exec host-upgrades.service: wait
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:03.838198 +0000 UTC: Initial blacklisted packages:
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:03.838839 +0000 UTC: Initial whitelisted packages:
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:03.839251 +0000 UTC: Starting unattended upgrades script
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:03.840142 +0000 UTC: Allowed origins are: ['o=Ubuntu,a=xenial', 'o=Ubuntu,a=xenial-security', 'o=UbuntuESM,a=xenial', 'o=Ubuntu,a=xenial-updates']
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:11.137747 +0000 UTC: Packages that will be upgraded: grub-common grub-pc grub-pc-bin grub2-common
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:11.138214 +0000 UTC: Writing dpkg log to '/var/log/unattended-upgrades/unattended-upgrades-dpkg.log'
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:11.408975 +0000 UTC: Preconfiguring packages ...
(Reading database ... 82483 files and directories currently installed.)-23 11:32:11.857764 +0000 UTC: (Reading database ... 
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:11.858848 +0000 UTC: Preparing to unpack .../grub-pc_2.02~beta2-36ubuntu3.18_amd64.deb ...
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:11.913793 +0000 UTC: Unpacking grub-pc (2.02~beta2-36ubuntu3.18) over (2.02~beta2-36ubuntu3.17) ...
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:11.937827 +0000 UTC: Preparing to unpack .../grub-pc-bin_2.02~beta2-36ubuntu3.18_amd64.deb ...
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:12.044436 +0000 UTC: Unpacking grub-pc-bin (2.02~beta2-36ubuntu3.18) over (2.02~beta2-36ubuntu3.17) ...
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:12.15564 +0000 UTC: Preparing to unpack .../grub2-common_2.02~beta2-36ubuntu3.18_amd64.deb ...
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:12.256841 +0000 UTC: Unpacking grub2-common (2.02~beta2-36ubuntu3.18) over (2.02~beta2-36ubuntu3.17) ...
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:12.274312 +0000 UTC: Preparing to unpack .../grub-common_2.02~beta2-36ubuntu3.18_amd64.deb ...
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:13.101424 +0000 UTC: Unpacking grub-common (2.02~beta2-36ubuntu3.18) over (2.02~beta2-36ubuntu3.17) ...
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:14.607464 +0000 UTC: Processing triggers for man-db (2.7.5-1) ...
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:15.855485 +0000 UTC: Processing triggers for install-info (6.1.0.dfsg.1-5) ...
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:16.102131 +0000 UTC: Processing triggers for systemd (229-4ubuntu21.2) ...
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:16.19013 +0000 UTC: Processing triggers for ureadahead (0.100.0-19) ...
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:16.39748 +0000 UTC: Setting up grub-common (2.02~beta2-36ubuntu3.18) ...
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:16.510759 +0000 UTC: update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:16.746725 +0000 UTC: Setting up grub2-common (2.02~beta2-36ubuntu3.18) ...
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:16.749687 +0000 UTC: Setting up grub-pc-bin (2.02~beta2-36ubuntu3.18) ...
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:16.752317 +0000 UTC: Setting up grub-pc (2.02~beta2-36ubuntu3.18) ...
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:17.358436 +0000 UTC: Installing for i386-pc platform.
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:17.559204 +0000 UTC: Installation finished. No error reported.
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:17.761404 +0000 UTC: Generating grub configuration file ...
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:17.76159 +0000 UTC: Found linux image: /boot/vmlinuz-4.4.0-127-generic
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:17.862024 +0000 UTC: Found initrd image: /boot/initrd.img-4.4.0-127-generic
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:17.962239 +0000 UTC: Found linux image: /boot/vmlinuz-4.4.0-124-generic
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:17.962381 +0000 UTC: Found initrd image: /boot/initrd.img-4.4.0-124-generic
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:18.099433 +0000 UTC: done
2018/05/23 11:32:20 systemd/exec host-upgrades.service: journal 2018-05-23 11:32:19.442513 +0000 UTC: All upgrades installed
2018/05/23 11:32:20 systemd/exec host-upgrades.service: done
2018/05/23 11:32:20 kube/lock kube-system/daemonsets/host-upgrades: get
2018/05/23 11:32:21 kube/lock kube-system/daemonsets/host-upgrades: release
2018/05/23 11:32:21 kube/lock kube-system/daemonsets/host-upgrades: clear pharos-host-upgrades.kontena.io/lock=ubuntu-xenial
2018/05/23 11:32:21 kube/lock kube-system/daemonsets/host-upgrades: update
2018/05/23 11:32:21 Schedule run completed in 21.015311145s, next upgrade at: 2018-05-23 11:33:00 +0000 UTC (in 38.983179459s)