[Bug 1897778] Re: DistUpgradeController to release apt lock during PostInstallScripts

Timo Aaltonen 1897778 at bugs.launchpad.net
Fri Oct 9 20:51:42 UTC 2020 

Hello Chad, or anyone else affected,

Accepted ubuntu-release-upgrader into bionic-proposed. The package will
build now and be available at https://launchpad.net/ubuntu/+source
/ubuntu-release-upgrader/1:18.04.40 in a few hours, and then in the
-proposed repository.

Please help us by testing this new package.  See
https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how
to enable and use -proposed.  Your feedback will aid us getting this
update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug,
mentioning the version of the package you tested, what testing has been
performed on the package and change the tag from verification-needed-
bionic to verification-done-bionic. If it does not fix the bug for you,
please add a comment stating that, and change the tag to verification-
failed-bionic. In either case, without details of your testing we will
not be able to proceed.

Further information regarding the verification process can be found at
https://wiki.ubuntu.com/QATeam/PerformingSRUVerification .  Thank you in
advance for helping!

N.B. The updated package will be released to -updates after the bug(s)
fixed by this package have been verified and the package has been in
-proposed for a minimum of 7 days.

** Changed in: ubuntu-release-upgrader (Ubuntu Bionic)
       Status: New => Fix Committed

** Tags added: verification-needed-bionic

** Changed in: ubuntu-release-upgrader (Ubuntu Xenial)
       Status: New => Fix Committed

** Tags added: verification-needed-xenial

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to ubuntu-release-upgrader in
Ubuntu.
https://bugs.launchpad.net/bugs/1897778

Title:
  DistUpgradeController to release apt lock during PostInstallScripts

Status in ubuntu-release-upgrader package in Ubuntu:
  Fix Released
Status in ubuntu-release-upgrader source package in Xenial:
  Fix Committed
Status in ubuntu-release-upgrader source package in Bionic:
  Fix Committed
Status in ubuntu-release-upgrader source package in Focal:
  Fix Committed

Bug description:
  === Begin SRU Template ===      
  [Impact]                                                                        
                 
  Any Ubuntu Advantage apt-based service is enbled via a PPA. If those PPAs are not listed as valid mirrors in mirrors.cfg the PPAs get disabled across upgrade. 

  UA-client has a script which will enable those PPAs across upgrade
  path, but needs the apt cache lock released during
  runPostInstallScripts.

  Validate Ubuntu Advantage apt access is retained across do-release-
  upgrade path so customers to not lose access to security updates after
  performing an upgrade.

  
  [Test Case]                                                                     

  #!/bin/bash

  """
  SRU Verification ubuntu-release-upgrader + ubuntu=advantage-tools

  Test procedure:
    - launch container Trusty, Xenial or Bionic
    - Attach container to UA subscription (which activates a number of commerical PPAs
    - download and run -proposed ubuntu-release-upgrader tool for upgrade release
    - Assert successful upgrade
    - Confirm valid mirrors not disabled
    - Confirm third party non-commercial PPA URLs still disabled
    - Confirm third party UA commercial URLs still disabled
      (due to expected feature gap)
    - Confirm UA status reports esm-infra still disabled (known feature gap)
  """

  set -ex
  UA_TOKEN=$1
  if [ -z "$1" ]; then
   echo "Usage: $0 <contractTOKEN>"
   exit 1
  fi
  cat > test-uru.yaml <<EOF
  #cloud-config
  package_update: true
  package_upgrade: true
  apt_sources:
    - source: "deb http://ppa.launchpad.net/ua-client/proposed/ubuntu trusty main"
  apt:
    sources:
      ua.proposed:
         source: deb http://ppa.launchpad.net/ua-client/proposed/ubuntu \$RELEASE main
  EOF

  #    ua.list:
  #       source: deb http://ppa.launchpad.net/canonical-server/ua-client-daily/ubuntu \$RELEASE main
  #       keyid: 94E187AD53A59D1847E4880F8A295C4FB8B190B7

  cat > checkaptpolicy.sh <<EOF
  #!/bin/bash
  set -x
  RELEASE=\`lsb_release -sc\`
  echo -n "Current release: $RELEASE"
  echo "Assert no disabled valid mirrors in /eta/apt/sources.list"
  ! grep disable /etc/apt/sources.list || echo "FAILURE: found disabled valid mirror urls"
  echo "Checking commercial Ubuntu Advantage PPAs apt policy and config"
  apt-cache policy | grep esm.ubuntu.com
  for file in \`ls /etc/apt/sources.list.d/ubuntu-*.list\`; do                    
      echo "--- file: \${file}"
      cat \${file}
  done      
  EOF
  chmod 755 checkaptpolicy.sh

  declare -A NEXTDIST=( [bionic]=focal [xenial]=bionic [trusty]=xenial )

  for release in trusty; do
    vm=test-sru-$release
    echo "--- Launch cloud-init with ${release}-proposed enabled"
    #lxc launch ubuntu-daily:${release} ${vm} -c user.user-data="$(cat test-uru.yaml)"
    #lxc launch daily:$release -n $vm --cloud-init test-uru.yaml
    upgraderelease=${NEXTDIST[$release]}
    echo "--- Wait for cloud-init to finish"
    if [ "${release}" = "trusty" ]; then
      while [ "N 2" != "$(lxc exec ${vm} -- runlevel)" ]; do
         echo "waiting on runlevel 2"
         sleep 5
      done
    else
      lxc exec ${vm} -- cloud-init status --wait --long
    fi
    echo "--- Attach Ubuntu-Advantage and enable services"
    lxc exec ${vm} -- sudo ua attach ${UA_TOKEN}
    lxc exec ${vm} -- sudo ua status | tee ua-status.orig
    lxc file push checkaptpolicy.sh ${vm}/
    lxc exec ${vm} -- /checkaptpolicy.sh
    lxc exec ${vm} -- wget http://archive.ubuntu.com/ubuntu/dists/$upgraderelease-proposed/main/dist-upgrader-all/current/$upgraderelease.tar.gz
    lxc exec ${vm} -- tar xzvf $upgraderelease.tar.gz
    #lxc exec ${vm} -- wget https://git.launchpad.net/~chad.smith/ubuntu/+source/ubuntu-release-upgrader/plain/DistUpgrade/DistUpgradeController.py?h=uru-xenial-ubuntu-advantage -O DistUpgradeController.py
    #lxc exec ${vm} -- wget https://git.launchpad.net/~chad.smith/ubuntu/+source/ubuntu-release-upgrader/plain/data/mirrors.cfg?h=uru-xenial-ubuntu-advantage -O mirrors.cfg
    echo "--- Validate UA APT sources after upgrade"
    lxc exec ${vm} -- /checkaptpolicy.sh
    echo "--- Ensure UA status reports ESM enabled"
    lxc exec ${vm} -- sudo ua status | tee ua-status.upgrade
    echo "--- Expect no diffs in original and upgrade status"
    diff -urN ua-status.orig ua-status.upgrade
  done

  [Regression Potential]                                                          
  None as UA support is not yet officially introduced in Xenial or later. Customers currently have to manually re-enable apt config across upgrades.

  ===  End SRU Template ===

  
  ==== Original Description ===

  In order for custom PostInstallScript to add/remove apt packages and
  call apt update, DistUpgradecontroller needs to release the apt cache
  directory lock before that stage.

  If the lock is still in place,
  DistUpgradeController.runPostUpgradeScripts hits errors such as:

  E: Could not get lock /var/lib/apt/lists/lock - open (11: Resource temporarily unavailable)
  E: Unable to lock directory /var/lib/apt/lists/

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-release-upgrader/+bug/1897778/+subscriptions

More information about the foundations-bugs mailing list