Deactivate temporally needrestart during a system upgrade

[ludovic-gasc]

Hi,

Thanks a lot for needrestart, we install this package by default on all Debian servers.
However, we have a small question: We use also Ansible to upgrade and deploy new software on the servers.
Time to time, we would avoid to restart all daemons just after the upgrade and we want to launch needrestart after the end of playbook.
Is it possible to pass a parameter to disable temporally needrestart via an environment variable for example ?
I see nothing like that inside the hooks for apt and dpkg.

Thanks for your answer.

Regards.

[ludovic-gasc]

Gentle ping ;-)

[liske]

It is currently not possible to override needrestart's behavior (w/o changing config files). You could prevent needrestart to restart any services by using Debian's policy layer (invoke-rc.d) - but that would also block any service (re)starts from the install/upgrade scripts.

A way to implement such a feature might be to add a checking for an environment variable within /usr/lib/needrestart/apt-pinvoke to prevent the starting of needrestart (this script is executed by /etc/apt/apt.conf.d/99needrestart). To check if needrestart is required to run due to apt operations we could check for the presence of the /run/needrestart/unpacked file to trigger an Ansible handler.

[ludovic-gasc]

@liske Thank you a lot, it confirms what we are thinking to do.
If we have some interesting to show, we will do a PR.

Regards.

[geor-g]

@GMLudo A MR implementing this feature would be highly appreciated!

[Farom]

This feature would be really helpful. I would write it in the described way, but my last perl experience was 15 years ago ... so better not.

[pmorch]

We've also come up with a different method: Put this in /etc/needrestart/conf.d/disable.conf:

# Restart services (l)ist only, (i)nteractive or (a)utomatically. 
$nrconf{restart} = 'l'; 
# Disable hints on pending kernel upgrades. 
$nrconf{kernelhints} = 0; 

Now it doesn't interrupt apt with interactive queries. Does anybody see holes in this or some way this becomes interactive anyway?

One problem with this is that needrestart -k ("check for obsolete kernel") no longer works. needrestart -b does show the kernel needing a restart, though.

Another alternative to consider is to use dpkg-divert to move /etc/apt/apt.conf.d/99needrestart somewhere else.

I don't think just modifying /usr/lib/needrestart/apt-pinvoke or /etc/apt/apt.conf.d/99needrestart without dpkg-divert is a good idea, because later, when the needrestart package itself is upgraded, any modifications will be overwritten with the contents of the new upstream files and you'll be back to the original behaviour.

DEBIAN_FRONTEND=noninteractive apt-get bla bla bla

Also does the trick, apparently.

Personally, I'd like to see a clean, simple and supported way to avoid needrestart changing the behaviour of apt at all though, so it just works as a CLI tool.

[pmorch]

What we actually ended up doing was:

mkdir /etc/apt/disabled.apt.conf.d/
dpkg-divert --divert /etc/apt/disabled.apt.conf.d/99needrestart  --rename /etc/apt/apt.conf.d/99needrestart

[liske]

You now can disable to apt-get hook which runs needrestart if a package was installed or updated by setting the environment variable NEEDRESTART_SUSPEND to a non-empty value. Should work with ansible's environment: keyword.

[Sieboldianus]

You can also add NEEDRESTART_MODE: automatically, see #35497

[jonathanMelly]

You can also add NEEDRESTART_MODE: automatically, see #35497

this gives me ERROR: Unknown restart option 'automatically'! (it works but logs the error)

But "NEEDRESTART_SUSPEND=y" works without logging an error (message that restart is suspended)