Services restarted by unattended upgrades because of /etc/needrestart/restart.d/systemd-manager

Wed Jun 5 12:46:55 UTC 2024

On mer. 05 juin 2024 13:34:11, Wiebe Cazemier wrote:
> ----- Original Message -----
> > From: "Simon Chopin" <simon.chopin at canonical.com>
> > To: "Wiebe Cazemier" <wiebe at halfgaar.net>
> > Cc: ubuntu-devel-discuss at lists.ubuntu.com
> > Sent: Wednesday, 5 June, 2024 20:54:37
> > Subject: RE: Services restarted by unattended upgrades because of /etc/needrestart/restart.d/systemd-manager
> >
> > Hi Wiebe,
> >
> > The default behaviour of needrestart *when invoked via APT* was indeed
> > changed in 24.0, as mentioned in the release notes[0] and a dedicated
> > Discourse thread[1].
> >
> > Now, I agree that we probably should amend the comments in the
> > configuration file to reflect this. I also tried to make any explicit
> > setting take precedence over the custom Ubuntu behaviour, so if
> > you in fact have uncommented that line, that's indeed a bug.
> >
> > Would you mind reporting this on Launchpad, though?
> >
> > Cheers,
> > Simon
> >
> > [0]:
> > https://discourse.ubuntu.com/t/ubuntu-24-04-lts-noble-numbat-release-notes/39890#services-restart-on-unattended-upgrade-27
> > [1]:
> > https://discourse.ubuntu.com/t/needrestart-changes-in-ubuntu-24-04-service-restarts/44671
>
> So, basically the default was changed from 'i' to 'a'?

It's a bit more complex than that, but from the perspective of service
restarts, yes.

>
> Hmm, while I understand the reasoning, also considering the xz hack relating to linked objects that seem insignificant, it's not really a welcome change for me. One of the services was Redis as you saw, not exposed to the internet. An extra problem was that the 20 GB database took too long to load and systemd's start timeout expired, causing a never-ending start loop. The provided unit file does not cater to large deployments. The stop/start cycle takes about 7 minutes. I guess that deserves its own bug report.

Yes, bug reports are the best way to track this kind of issues.

>
> I did not have "$nrconf{restart} = 'i'" uncommented. But when I do this
>
> > # cat /etc/needrestart/conf.d/disable-restart.conf
> > $nrconf{restart} = 'l';
>
> and reinstall libssl (apt reinstall libssl3t64), it still restarts everything, without asking. Was that the proper way to disable it that warrants a bug report?

That's not the documented way to disable it, but yes I agree with you
that from a user's perspective it should have that effect. However, I
enjoin you to actually read the documentation I linked to, since it also
explains how to selectively disable restarts for specific services while
still retaining the default behaviour for the rest of the system.

Cheers,
Simon