** Description changed:

+ [SRU justification]
+ This fix is needed to make sure that the system does not hang on shutdown 
when /var is a speparate file system
+ 
+ [Impact]
+ System can hang up to 10 minutes if not fixed.
+ 
+ [Fix]
+ Change the systemd unit's ExecStart to an ExecStop so the unit is correctly 
sequenced.
+ 
+ [Test Case]
+ In a VM with /var separated from the / file system, shutdown the VM. It will 
hang for 10 minutes
+ 
+ [Regression]
+ None to be expected. A ExecStop unit will be sequenced before the Before= 
units which is earlier than previously.
+ 
+ [Original description of the problem]
  The systemd unit file unattended-upgrades.service is used to stop a running 
unattended-upgrade
  process during shutdown. This unit file is running together with all 
filesystem
  unmount services.
  
  The unattended-upgrades service checks if the lockfile for unattended-upgrade
  (in /var/run) exists, and if it does, there is an unattended-upgrade in 
progress
  and the service will wait until it finishes (and therefore automatically wait 
at
  shutdown).
  
  However, if /var is a separate filesystem, it will get unmounted even though 
/var/run
  is a tmpfs that's still mounted on top of the /var/run directory in the /var 
filesystem.
  The unattended-upgrade script will fail to find lockfile, sleeps for 5 
seconds, and
  tries to check the lockfile again. After 10 minutes (the default timeout), it 
will finally
  exit and the system will continue shutdown.
  
  The problem is the error handling in 
/usr/share/unattended-upgrades/unattended-upgrade-shutdown
  where it tries to lock itself:
  
-     while True:
-         res = apt_pkg.get_lock(options.lock_file)
-         logging.debug("get_lock returned %i" % res)
-         # exit here if there is no lock
-         if res > 0:
-             logging.debug("lock not taken")
-             break
-         lock_was_taken = True
+     while True:
+         res = apt_pkg.get_lock(options.lock_file)
+         logging.debug("get_lock returned %i" % res)
+         # exit here if there is no lock
+         if res > 0:
+             logging.debug("lock not taken")
+             break
+         lock_was_taken = True
  
  The function apt_pkg.get_lock() either returns a file descriptor, or -1 on an 
error.
  File descriptors are just C file descriptors, so they are always positive 
integers.
  The code should check the result to be negative, not positive. I have 
attached a patch
  to reverse the logic.
  
  Additional information:
  
  1)
  Description:  Ubuntu 16.04.1 LTS
  Release:      16.04
  
  2)
  unattended-upgrades:
-   Installed: 0.90ubuntu0.3
-   Candidate: 0.90ubuntu0.3
-   Version table:
-  *** 0.90ubuntu0.3 500
-         500 http://nl.archive.ubuntu.com/ubuntu xenial-updates/main amd64 
Packages
-         500 http://nl.archive.ubuntu.com/ubuntu xenial-updates/main i386 
Packages
-         100 /var/lib/dpkg/status
-      0.90 500
-         500 http://nl.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
-         500 http://nl.archive.ubuntu.com/ubuntu xenial/main i386 Packages
+   Installed: 0.90ubuntu0.3
+   Candidate: 0.90ubuntu0.3
+   Version table:
+  *** 0.90ubuntu0.3 500
+         500 http://nl.archive.ubuntu.com/ubuntu xenial-updates/main amd64 
Packages
+         500 http://nl.archive.ubuntu.com/ubuntu xenial-updates/main i386 
Packages
+         100 /var/lib/dpkg/status
+      0.90 500
+         500 http://nl.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
+         500 http://nl.archive.ubuntu.com/ubuntu xenial/main i386 Packages
  3)
  Fast reboot
  4)
  Very slow reboot (after a 10 minutes timeout)

** Changed in: unattended-upgrades (Ubuntu Xenial)
       Status: Confirmed => In Progress

** Changed in: unattended-upgrades (Ubuntu Yakkety)
       Status: Confirmed => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to unattended-upgrades in
Ubuntu.
https://bugs.launchpad.net/bugs/1654600

Title:
  unattended-upgrade-shutdown hangs when /var is a separate filesystem

Status in unattended-upgrades package in Ubuntu:
  Fix Released
Status in unattended-upgrades source package in Xenial:
  In Progress
Status in unattended-upgrades source package in Yakkety:
  In Progress
Status in unattended-upgrades package in Debian:
  New

Bug description:
  [SRU justification]
  This fix is needed to make sure that the system does not hang on shutdown 
when /var is a speparate file system

  [Impact]
  System can hang up to 10 minutes if not fixed.

  [Fix]
  Change the systemd unit's ExecStart to an ExecStop so the unit is correctly 
sequenced.

  [Test Case]
  In a VM with /var separated from the / file system, shutdown the VM. It will 
hang for 10 minutes

  [Regression]
  None to be expected. A ExecStop unit will be sequenced before the Before= 
units which is earlier than previously.

  [Original description of the problem]
  The systemd unit file unattended-upgrades.service is used to stop a running 
unattended-upgrade
  process during shutdown. This unit file is running together with all 
filesystem
  unmount services.

  The unattended-upgrades service checks if the lockfile for unattended-upgrade
  (in /var/run) exists, and if it does, there is an unattended-upgrade in 
progress
  and the service will wait until it finishes (and therefore automatically wait 
at
  shutdown).

  However, if /var is a separate filesystem, it will get unmounted even though 
/var/run
  is a tmpfs that's still mounted on top of the /var/run directory in the /var 
filesystem.
  The unattended-upgrade script will fail to find lockfile, sleeps for 5 
seconds, and
  tries to check the lockfile again. After 10 minutes (the default timeout), it 
will finally
  exit and the system will continue shutdown.

  The problem is the error handling in 
/usr/share/unattended-upgrades/unattended-upgrade-shutdown
  where it tries to lock itself:

      while True:
          res = apt_pkg.get_lock(options.lock_file)
          logging.debug("get_lock returned %i" % res)
          # exit here if there is no lock
          if res > 0:
              logging.debug("lock not taken")
              break
          lock_was_taken = True

  The function apt_pkg.get_lock() either returns a file descriptor, or -1 on an 
error.
  File descriptors are just C file descriptors, so they are always positive 
integers.
  The code should check the result to be negative, not positive. I have 
attached a patch
  to reverse the logic.

  Additional information:

  1)
  Description:  Ubuntu 16.04.1 LTS
  Release:      16.04

  2)
  unattended-upgrades:
    Installed: 0.90ubuntu0.3
    Candidate: 0.90ubuntu0.3
    Version table:
   *** 0.90ubuntu0.3 500
          500 http://nl.archive.ubuntu.com/ubuntu xenial-updates/main amd64 
Packages
          500 http://nl.archive.ubuntu.com/ubuntu xenial-updates/main i386 
Packages
          100 /var/lib/dpkg/status
       0.90 500
          500 http://nl.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
          500 http://nl.archive.ubuntu.com/ubuntu xenial/main i386 Packages
  3)
  Fast reboot
  4)
  Very slow reboot (after a 10 minutes timeout)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/unattended-upgrades/+bug/1654600/+subscriptions

-- 
Mailing list: https://launchpad.net/~touch-packages
Post to     : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to