Thomas,
Summary:
- using an auxiliary conf.d file seems to mostly work
- 'needrestart' should, however flag 'systemctl restart' notice with
'skipping' in this case?
- 'needrestart' should not prompt to read <RETURN> on 'consider
rebooting kernel' notification in this case
(hostname)# cat /etc/needrestart/conf.d/debian_frontend_noninteractive.conf
# Switch to list mode if debconf is running noninteractive
# Ref: Bug#803249: needrestart: Restarts services in debconf noninteractive
# Thomas Liske <tho...@fiasko-nw.net>
$nrconf{restart} = ( ($ENV{DEBIAN_FRONTEND} // '') eq 'noninteractive' ?
'l' : 'i');
1;
(changed it a tiny bit)
I ran an update on a system that hasn't been updated for quite some time,
with :
19 DEBIAN_FRONTEND=noninteractive aptitude upgrade 2>&1 | tee
/tmp/aptup.log
20 grep -i -e restart -e systemctl /tmp/aptup.log
and nothing appeared in the log. :-)
(hostname)# DEBIAN_FRONTEND='noninteractive' needrestart
Scanning processes...
Scanning candidates...
Scanning kernel images...
Services to be restarted:
Skipping dbus.service...
Skipping getty@tty1.service...
Skipping kdm.service...
Skipping NetworkManager.service...
Skipping systemd-journald.service...
systemctl restart acpid.service atd.service autofs.service
console-kit-daemon.service cron.service dirmngr.service gpm.service
inetd.service irqbalance.service mcelog.service mdmonitor.service
nfs-common.service nis.service packagekit.service polkitd.service
rpcbind.service sendmail.service smartd.service ssh.service udisks2.service
upower.service user@0.service user@115.service user@3619.service
Looks like it's in list-only mode (still disconcerting to see the
'systemctl restart' line without a "Skipping"/"DEBUG" or other flagging
prefix, but clearly it's not actually issuing restarts:
pomelo2:~# systemctl status acpid.service
* acpid.service - ACPI event daemon
Loaded: loaded (/lib/systemd/system/acpid.service; disabled)
Active: active (running) since Sat 2015-11-28 10:30:26 MST; 1 months 24
days ago
...
(hostname)# needrestart
Scanning processes...
Scanning candidates...
Scanning kernel images...
Graphic (curses) UI comes up, queries if i want to restart various services
(i hit CANCEL)
BUT!
(hostname)# DEBIAN_FRONTEND='noninteractive' needrestart -v
...
Restarting the system to load the new kernel will not be handled
automatically, so you should consider rebooting. [Return]
...
So, it still blocks there on a terminal read -- which it should not do if
we're truly noninteractive (but, it obviously "Does The Right Thing(tm)"if
stdin redirected from /dev/null. Just would be nice if it did NOT prompt
if it's non-interactive (even in verbose mode).
--stephen
On Fri, Jan 22, 2016 at 4:21 PM, Thomas Liske <tho...@fiasko-nw.net> wrote:
> Hi Stephen,
>
> On Fri, Jan 22, 2016 at 11:44:30AM -0700, Stephen Dowdy wrote:
> > I believe the Felix is saying that 'needrestart' appears to be unaware of
> > the common explicit DEBIAN_FRONTEND=noninteractive setting used to
> indicate
> > that package management should be non-interactive (and if not, then *I*
> am)
> >
> > I will often use 'pdsh' to run forced package updates like so:
> >
> > $ cut -d: -f1 vulnerable.log | WCOLL=- pdsh -lroot 'aptitude update -q=2;
> > DEBIAN_FRONTEND=noninteractive aptitude -q=2 safe-upgrade --assume-yes -o
> > Dpkg::Options::="--force-confold" </dev/null'
> >
> > Unfortunately, 'needrestart's 'isatty' style checks are insufficient for
> my
> > needs here, as STDERR/STDOUT are attached to a pty associated with the
> > 'ssh' hitting all the systems i am updating... I have no way of then
> > telling 'needrestart' to not restart services
> >
> > So, i unexpectedly got a bunch of systemctl restart invocations, and i
> find
> > that often borks things badly.
> >
> > If 'needrestart' could also check ${DEBIAN_FRONTEND}, that would be
> awesome.
> >
> > Otherwise, i suppose i will have to cfengine out a "Default No"
> > needrestart.conf configuration to all my systems.
>
> you could try to put something like
>
> cat <<EOF
> # Switch to list mode if debconf is running noninteractive
> $nrconf{restart} = (exists($ENV{DEBIAN_FRONTEND}) &&
> $ENV{DEBIAN_FRONTEND} eq 'noninteractive' ? 'l' : 'i');
>
> 1;
> EOF
>
> into /etc/needrestart/conf.d/noninteractive.conf. If it works we might
> should add it upstream...
>
>
> > So, indeed 'unattended-upgrades' runs are also triggering needrestart to
> > believe it is running interactively, and thus it restarts things.
> > 'unattended-upgrade' appears to buy into the "DEBIAN_FRONTEND" notion of
> > noninteractivity as well:
> >
> > # grep -i interactive /usr/bin/unattended-upgrade
> > # set debconf to NON_INTERACTIVE, redirect output
> > os.putenv("DEBIAN_FRONTEND", "noninteractive")
> > env["DEBIAN_FRONTEND"] = "noninteractive"
>
> So the fix should work for unattended-upgrades, too.
>
>
> Thx & HTH,
> Thomas
>
> --
>
> :: WWW: https://fiasko-nw.net/~thomas/ ::
> ::: Jabber: xmpp:tho...@jabber.fiasko-nw.net :::
> :: flickr: https://www.flickr.com/photos/laugufe/ ::
>
--
Stephen Dowdy - Systems Administrator - NCAR/RAL
303.497.2869 - sdo...@ucar.edu - http://www.ral.ucar.edu/~sdowdy/
