Ubuntu
unattended-upgrades package

Unattended-upgrades may keep running after unmounting local filesystems in InstallOnShutdown mode

Bug #1803137 reported by Balint Reczey
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
unattended-upgrades (Ubuntu)
Fix Released
Undecided
Balint Reczey
Cosmic
Fix Released
Undecided
Unassigned

Bug Description

[Impact]

 * Unattended-upgrades may keep running during shutdown even beyond unmounting local filesystems potentially leaving a broken installation behind.
 * The fix reverts the original fix of LP: #1778219 and applies a different one starting unattended-upgrades-shutdown _before_ the shutdown transaction starts/

[Test Case]

 * Run unattended-upgrades in InstallOnShutdown mode and observe it being finished installing a few packages _before_ the shutdown transaction starts:

$ lxc launch ubuntu:18.10 cc-uu-onshutdown
Creating cc-uu-onshutdown
Starting cc-uu-onshutdown
$ lxc shell cc-uu-onshutdown
mesg: ttyname failed: No such device
root@cc-uu-onshutdown:~# apt update -qq
33 packages can be upgraded. Run 'apt list --upgradable' to see them.
root@cc-uu-onshutdown:~# echo 'Unattended-Upgrade::InstallOnShutdown "true";' > /etc/apt/apt.conf.d/51unattended-upgrades-on-shutdown
root@cc-uu-onshutdown:~# dbus-send --system --print-reply --dest=org.freedesktop.login1 /org/freedesktop/login1 "org.freedesktop.login1.Manager.Reboot" boolean:false
method return time=1542112922.046290 sender=:1.4 -> destination=:1.13 serial=27 reply_serial=2

Session terminated, terminating shell...$
$ lxc shell cc-uu-onshutdown
mesg: ttyname failed: No such device
root@cc-uu-onshutdown:~# journalctl -l
...
Nov 13 12:50:10 cc-uu-shutdown systemd[1]: Started Unattended Upgrades Shutdown.
Nov 13 12:51:17 cc-uu-shutdown systemd-logind[228]: System is rebooting.

...
root@cc-uu-shutdown:~# cat /var/log/unattended-upgrades/unattended-upgrades-shutdown.log
...
2018-11-13 12:51:13,835 WARNING - Running unattended-upgrades in shutdown mode
2018-11-13 12:51:13,852 WARNING - Unattended-upgrade in progress during shutdown, please don't turn off the computer
2018-11-13 12:51:15,482 WARNING - Unattended-upgrade in progress during shutdown, please don't turn off the computer
2018-11-13 12:51:17,151 WARNING - Unattended-upgrade in progress during shutdown, please don't turn off the computer
2018-11-13 12:51:17,166 INFO - All upgrades installed

[Regression Potential]

 * The change reverts the behavior of unattended-upgrades-shutdown to be close to the behavior observed in Ubuntu 18.04, blocking the shutdown process reliably until is unattended-upgrades finished, but it starts _before_ shutdown triggered by the PrepareForShutdown() signal. Due to the shutdown not fully starting yet users may not get visual notification of unattended-upgrades running.

In my testing on Bionic when a logged-in user shuts down the system when InstallOnShutdown is configured the user is dropped out to the login manager and nothing shows that u-u is running behind the screens for 30s, when the inhibition timer expires and u-u is starting to gracefully stop and the usual text appears after the login manager exits and plymouth shutdown screen is shown. The fix would be the login manager also monitoring PrepareForShutdown() and exiting (LP: #1803581).

On Xenial (with Unity) starting shutdown from the graphical session does not log the user out nor show any progress on the shutdown until the inhibition timer expires which is confusing. Users should be logged out on PrepareForShutdown() (LP: #1803581).

 * The reversion of unattended-upgrades.service was not complete in u-u 1.7 and needed a further fix in 1.7ubuntu1 (which fix is already included in 1.5ubuntu4). This part may be source of potential regressions.

 * The fix itself rewrites big part of unattended-upgrades-shutdown and this rewrite could cause regressions in running unattended-upgrades in InstallOnShutdown mode, but also this mode was extensively tested.

 * The fix includes increasing logind's InhibitDelayMaxSec to 30s to give u-u enough time to gracefully stop in normal mode and install packages in InstallOnShutdown mode. The delay is global, thus any other program holding the lock can delay shutdown or sleep by 30s instead of the original 5s default. This regression is hard to avoid and the 30s was chosen to minimize the regression potential while still giving more than 5s to u-u to finish actions. Bugs reporting increased delay to sleep or shutdown should be monitored to catch other programs misbehaving with this new default.

* There is a rarely occurring new crash caused by this fix tracked in LP: #1806487.

[Other Info]

This is a regression of introduced in LP: #1778219 and can be observed in a cosmic lxd container easily:

$ lxc launch ubuntu:18.10 cc-uu-onshutdown
Creating cc-uu-onshutdown
Starting cc-uu-onshutdown
$ lxc shell cc-uu-onshutdown
mesg: ttyname failed: No such device
root@cc-uu-onshutdown:~# apt update -qq
33 packages can be upgraded. Run 'apt list --upgradable' to see them.
root@cc-uu-onshutdown:~# echo 'Unattended-Upgrade::InstallOnShutdown "true";' > /etc/apt/apt.conf.d/51unattended-upgrades-on-shutdown
root@cc-uu-onshutdown:~# dbus-send --system --print-reply --dest=org.freedesktop.login1 /org/freedesktop/login1 "org.freedesktop.login1.Manager.Reboot" boolean:false
method return time=1542112922.046290 sender=:1.4 -> destination=:1.13 serial=27 reply_serial=2

Session terminated, terminating shell...$
$ lxc shell cc-uu-onshutdown
mesg: ttyname failed: No such device
root@cc-uu-onshutdown:~# journalctl -l
...
Nov 13 12:42:02 cc-uu-onshutdown systemd[1]: Stopped target Local File Systems.
Nov 13 12:42:02 cc-uu-onshutdown systemd[1]: unattended-upgrades.service: Failed to reset devices.list: Operation not permitted
Nov 13 12:42:02 cc-uu-onshutdown systemd[1]: Starting Unattended Upgrades Shutdown...
..

See original description
Revision history for this message
Balint Reczey (rbalint) wrote :

The fix is already released in 1.7ubuntu1.

Changed in unattended-upgrades (Ubuntu):
assignee: nobody → Balint Reczey (rbalint)
status: New → Fix Released
Balint Reczey (rbalint)
description: updated
Balint Reczey (rbalint)
description: updated
Balint Reczey (rbalint)
description: updated
Balint Reczey (rbalint)
description: updated
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Please test proposed package

Hello Balint, or anyone else affected,

Accepted unattended-upgrades into cosmic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/unattended-upgrades/1.5ubuntu3.18.10.0 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested and change the tag from verification-needed-cosmic to verification-done-cosmic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-cosmic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in unattended-upgrades (Ubuntu Cosmic):
status: New → Fix Committed
tags: added: verification-needed verification-needed-cosmic
Revision history for this message
Balint Reczey (rbalint) wrote :
Download full text (5.6 KiB)

Verified with unattended-upgrades 1.5ubuntu3.18.10.0:

oot@cc-uu-onshutdown:~# service unattended-upgrades status
● unattended-upgrades.service - Unattended Upgrades Shutdown
   Loaded: loaded (/lib/systemd/system/unattended-upgrades.service; enabled; vendor preset: enabled)
   Active: active (running) since Tue 2018-11-27 22:05:20 UTC; 6s ago
     Docs: man:unattended-upgrade(8)
 Main PID: 2198 (unattended-upgr)
    Tasks: 2 (limit: 4915)
   Memory: 8.1M
   CGroup: /system.slice/unattended-upgrades.service
           └─2198 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal

Nov 27 22:05:20 cc-uu-onshutdown systemd[1]: Started Unattended Upgrades Shutdown.
root@cc-uu-onshutdown:~# vi /etc/apt/sources.list
root@cc-uu-onshutdown:~# echo 'Unattended-Upgrade::InstallOnShutdown "true";' > /etc/apt/apt.conf.d/51unattended-upgrades-on-shutdown
root@cc-uu-onshutdown:~# dbus-send --system --print-reply --dest=org.freedesktop.login1 /org/freedesktop/login1 "org.freedesktop.login1.Manager.Reboot" boolean:false
method return time=1543356364.788282 sender=:1.4 -> destination=:1.14 serial=32 reply_serial=2
root@cc-uu-onshutdown:~# logout
rbalint@yogi:~/tmp$ lxc shell cc-uu-onshutdown
mesg: ttyname failed: No such device
root@cc-uu-onshutdown:~# uptime
 22:06:50 up 0 min, 0 users, load average: 0.39, 0.44, 0.36
root@cc-uu-onshutdown:~# journalctl -l | grep -B5 -A5 Unatt
Nov 27 22:05:20 cc-uu-onshutdown systemd[1]: snapd.seeded.service: Failed to reset devices.list: Operation not permitted
Nov 27 22:05:20 cc-uu-onshutdown systemd[1]: systemd-user-sessions.service: Failed to reset devices.list: Operation not permitted
Nov 27 22:05:20 cc-uu-onshutdown systemd[1]: systemd-sysctl.service: Failed to reset devices.list: Operation not permitted
Nov 27 22:05:20 cc-uu-onshutdown systemd[1]: snap.mount: Failed to reset devices.list: Operation not permitted
Nov 27 22:05:20 cc-uu-onshutdown systemd[1]: unattended-upgrades.service: Failed to reset devices.list: Operation not permitted
Nov 27 22:05:20 cc-uu-onshutdown systemd[1]: Started Unattended Upgrades Shutdown.
Nov 27 22:06:06 cc-uu-onshutdown systemd-logind[190]: System is rebooting.
Nov 27 22:06:06 cc-uu-onshutdown systemd[1]: Stopping Availability of block devices...
Nov 27 22:06:06 cc-uu-onshutdown systemd[1]: Removed slice system-getty.slice.
Nov 27 22:06:06 cc-uu-onshutdown systemd[1]: Stopping Session c1 of user root.
Nov 27 22:06:06 cc-uu-onshutdown su[1160]: pam_unix(su:session): session closed for user root
--
...
root@cc-uu-onshutdown:~# cat /var/log/unattended-upgrades/unattended-upgrades
unattended-upgrades-dpkg.log unattended-upgrades-shutdown.log unattended-upgrades.log
root@cc-uu-onshutdown:~# cat /var/log/unattended-upgrades/unattended-upgrades-shutdown.log
2018-11-27 22:06:04,792 WARNING - Running unattended-upgrades in shutdown mode
2018-11-27 22:06:04,804 WARNING - Unattended-upgrade in progress during shutdown, please don't turn off the computer
2018-11-27 22:06:06,457 WARNING - Unattended-upgrade in progress during shutdown, please don't turn off the computer
2018-11-27 22:06:06,473 INFO - All upgrades installed
root@cc-uu-onshutd...

Read more...

tags: added: verification-done-cosmic
removed: verification-needed-cosmic
tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package unattended-upgrades - 1.5ubuntu3.18.10.0

---------------
unattended-upgrades (1.5ubuntu3.18.10.0) cosmic; urgency=medium

  * Revert to running unattended-upgrades.service in multi-user.target
  * Trigger unattended-upgrade-shutdown actions with PrepareForShutdown()
    Performing upgrades in service's ExecStop did not work when the upgrades
    involved restarting services because systemd blocked other stop/start
    actions making maintainer scripts time out and be killed leaving a broken
    system behind.
    Running unattended-upgrades.service before shutdown.target as a oneshot
    service made it run after unmounting filesystems and scheduling services
    properly on shutdown is a complex problem and adding more services to the
    mix make it even more fragile.
    The solution of monitoring PrepareForShutdown() signal from DBus
    allows Unattended Upgrade to run _before_ the jobs related to shutdown are
    queued thus package upgrades can safely restart services without
    risking causing deadlocks or breaking part of the shutdown actions.
    Also ask running unattended-upgrades to stop when shutdown starts even in
    InstallOnShutdown mode and refactor most of unattended-upgrade-shutdown to
    UnattendedUpgradesShutdown class. (LP: #1778219, LP: #1803137)
  * Handle reverting to WantedBy=multi-user.target
  * Increase logind's InhibitDelayMaxSec to 30s.
    This allows more time for unattended-upgrades to shut down gracefully
    or even install a few packages in InstallOnShutdown mode, but is still a
    big step back from the 30 minutes allowed for InstallOnShutdown previously.
    Users enabling InstallOnShutdown mode are advised to increase
    InhibitDelayMaxSec even further possibly to 30 minutes.
  * Cache polling result for PreparingForShutdown after it becomes true
  * debian/tests/test-systemd.py: Reboot system with dbus call to honor
    inhibitor locks
  * Add NEWS entry about increasing InhibitDelayMaxSec and InstallOnShutdown
    changes
  * Stop using ActionGroups, they interfere with apt.Cache.clear()
    causing all autoremovable packages to be handled as newly autoremovable ones
    and be removed by default. Dropping ActionGroup usage does not slow down the
    most frequent case of not having anything to upgrade and when ther are
    packages to upgrade the gain is small compared to the actual package
    installation.
    Also collect autoremovable packages before adjusting candidates because that
    also changed .is_auto_removable attribute of some of them. (LP: #1803749)
    (Closes: #910874)

 -- Balint Reczey <email address hidden> Mon, 26 Nov 2018 12:28:55 +0100

Changed in unattended-upgrades (Ubuntu Cosmic):
status: Fix Committed → Fix Released
Revision history for this message
Łukasz Zemczak (sil2100) wrote : Update Released

The verification of the Stable Release Update for unattended-upgrades has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Balint Reczey (rbalint)
description: updated
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.