Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adjust timing of daily apt tasks #5853

Closed
wants to merge 1 commit into from
Closed

Adjust timing of daily apt tasks #5853

wants to merge 1 commit into from

Conversation

rmol
Copy link
Contributor

@rmol rmol commented Mar 5, 2021
edited
Loading

Status

Work in progress (timing needs to honor sdconfig options)

Description of Changes

Fixes #5851.

Adjusts the timing of the apt-daily systemd timer so that updates are downloaded about every three hours.

Adjusts the timing of the apt-daily-upgrade timer so that the updates are applied at a random time between 0400 and 0500.

Testing

  • make build-debs-focal && make staging-focal
  • On each server, check that:
    • An override.conf file is present in both of:
      • /etc/systemd/system/apt-daily.timer.d
      • /etc/systemd/system/apt-daily-upgrade.timer.d
    • The CalendarOn and RandomizedDelaySec entries in those files match what's reported by:
      • systemctl show apt-daily.timer
      • systemctl show apt-daily-upgrade.timer

Deployment

This should ensure that updates are more reliably noticed and applied every day.

Checklist

If you made changes to the system configuration:

If you made non-trivial code changes:

  • I have written a test plan and validated it for this PR

Choose one of the following:

  • I have opened a PR in the docs repo for these changes, or will do so later
  • I would appreciate help with the documentation
  • These changes do not require documentation

@zenmonkeykstop
Copy link
Contributor

zenmonkeykstop commented Mar 8, 2021
edited
Loading

I'm trying this out applied manually as part of RC3 testing (don't wanna wait overnight to see if it's applied) and it does not appear to trigger updates or upgrades. I think /etc/apt/apt.conf.d/20auto-upgrades would have to change as well to change the APT::Periodic::* values to "always".

@rmol
Copy link
Contributor Author

rmol commented Mar 8, 2021

That's surprising. All it does is change the schedule of the timers. I don't know why it would require other configuration changes.

@zenmonkeykstop
Copy link
Contributor

https://wiki.debian.org/UnattendedUpgrades describes the timer format in a bit of detail but it's describing a case where you want to move the daily run from 6,1800 with a randomized delay of 12 hours to 1am precisely, and what actually happens is that the timer triggers apt-daily.service, which checks the delta between now and its last runtime against the interval defined in the APT::Periodic::* values above, and only actually does something if said delta is bigger than the interval.

So! in order to be able to trigger updates and upgrades (which are 2 separate timers) arbitrarily, you'd need to set those APT::Periodic:: values to "always", which appears to be a keyword meaning "always run when asked", which the developers probably had to add because "0" can't mean "0 interval" as it already means "don't ever run".

@conorsch
Copy link
Contributor

conorsch commented Mar 9, 2021
edited
Loading

you'd need to set those APT::Periodic:: values to "always", which appears to be a keyword meaning "always run when asked"

@zenmonkeykstop Where are you seeing that "always" is a permissible value? For APT::Periodic::Unattended-Upgrade my understanding is that the value must be an integer, where 0 is disabled, and any positive int is the frequency, in days, that the update should be run.

@zenmonkeykstop
Copy link
Contributor

Docs are a little sparse, it's true. The apt.conf man page will redirect you to /usr/lib//apt/apt.systemd.dailywhich documents the N for N days or 0 for off behaviour. But if you grep for "always" in said script you will find the check_stamp function that does the actual interval checking, with logic to short-circuit the check if the interval is set to "always".

Most apt.systemd.daily operations will only run if the interval since they last ran is greater than the defined interval in the APT::Periodic:: settings, so if you want to run them arbitrarily (say for testing purposes) you need to override that behaviour.

@zenmonkeykstop
Copy link
Contributor

On further review/discussion - we can get the desired test behaviour (rerunning apt.systemd.daily on demand) by removing timestamp files in /var/lib/apt/periodic - so actually yes, we don't need the changes in /etc/apt/apt.conf.d/, just the timer settings above. That'll get us a reliable run - my preference would be (reboot time - 1hr with a 30min fuzz) for the update and (reboot time - 30min with a 30min fuzz) for the upgrade, but do what works!

conorsch pushed a commit that referenced this pull request Mar 9, 2021
Configures apt timers via Ansible
cc45e8e 
Builds on the work by @rmol in #5853. Slots in overrides
to the apt-daily{,-upgrade} timers, shipped with the 'apt' package, to
provide fine-grained control over the update and reboot times.
Ensures that the apt lists are updated approximately 1h prior to the
package upgrade. Lowered the time-fuzzing to 20m on each action, so that
even at the extremes, there's still a 20m window for an apt update to
complete. Uses a modulus to determine the sooner update time.
conorsch pushed a commit that referenced this pull request Mar 9, 2021
Configures apt timers via Ansible
34fdc7a 
Builds on the work by @rmol in #5853. Slots in overrides
to the apt-daily{,-upgrade} timers, shipped with the 'apt' package, to
provide fine-grained control over the update and reboot times.
Ensures that the apt lists are updated approximately 1h prior to the
package upgrade. Lowered the time-fuzzing to 20m on each action, so that
even at the extremes, there's still a 20m window for an apt update to
complete. Uses a modulus to determine the sooner update time.
@conorsch conorsch mentioned this pull request Mar 9, 2021
Merged
@rmol
Copy link
Contributor Author

rmol commented Mar 9, 2021

closing in favor of #5855

@rmol rmol closed this Mar 9, 2021
emkll pushed a commit that referenced this pull request Mar 10, 2021
@emkll
Configures apt timers via Ansible
20996b5 
Builds on the work by @rmol in #5853. Slots in overrides
to the apt-daily{,-upgrade} timers, shipped with the 'apt' package, to
provide fine-grained control over the update and reboot times.
Ensures that the apt lists are updated approximately 1h prior to the
package upgrade. Lowered the time-fuzzing to 20m on each action, so that
even at the extremes, there's still a 20m window for an apt update to
complete. Uses a modulus to determine the sooner update time.

(cherry picked from commit 34fdc7a)
@rmol rmol deleted the adjust-apt-timers branch June 23, 2021 13:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@conorsch conorsch Awaiting requested review from conorsch

@emkll emkll Awaiting requested review from emkll

@kushaldas kushaldas Awaiting requested review from kushaldas

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Override unattended-upgrade timers to make updates more closely aligned with cron-apt behaviour
3 participants
@rmol @zenmonkeykstop @conorsch