Option to automatically reboot Ubuntu for security updates
-
@Lonk This is partly discussed (with reboots not working well) in this thread here: https://forum.cloudron.io/topic/3130/ubuntu-reboot-to-install-updates-left-some-apps-not-responding?_=1601066258800 - just linking for completeness.
-
Thanks for sharing that @d19dotca. Personally, my apps eventually all come on, but not before a few “down” notifications and 10 - 15 minutes. If I reboot the OS from within the VPS control panel. There’s never an issue. So I thought it was related to the security updates themselves or maybe the reboot function within the Cloudon app is doing something it shouldn’t. Or not doing something it should.
-
Isn't it simply that the server takes a long time to shut down, but a normal time to boot up ? I guess it would explain all these symptoms. When rebooting from the VPS control panel, it's a hard shutdown, so there's no time lost.
I guess someone who has a server at home could test this hypothesis.
-
We removed the explicit
sync
in the reboot script now: https://git.cloudron.io/cloudron/box/-/commit/dd75cdb37ed751b31c35755e5e8c2f96daeec81bLets see if this fixes the slow reboots at least. As mentioned in that commit, running
sync
on a system which is busy using the disks, it can take a long time. So usually first the processes have to be terminated and then thesync
should be issued. This is what happens from now on then. I don't even remember why we put thatsync
there in the first place. -
@mehdi You know what, I probably thought the virtual VPS screen was showing me a boot up animation instead it what it was actually showing me, the shut down animation. TIL I have no idea what the current Ubuntu startup animation looks like.
Also, I've wanted to ask ya, @nebulon, I know the Docker base image is based on 20.04 (Bionic?), but the Cloudron platform is built on 18.04. Is there a plan to update that one day or do you feel as long as Ubuntu supports it with security updates, there are no benefits to update?
-
The base image is on Bionic Beaver which is actually 18.04 LTS http://releases.ubuntu.com/18.04/
There is no technical reason to have the base image be the same Ubuntu version or even the same Linux distribution as the host system.Ubuntu 20.04 support will come soon for the host system, but the base image will remain on 18.04 for some time, since changing that requires retesting and fixing all app packages for no real reason at the moment.
The most important aspect is that the versions are still supported for security updates.
-
@nebulon So it was completely the other way around. You're updating the host version (what Cloudron runs on) to 20.04 (Focal), but leaving the DOCKERIMAGE
FROM
base version at 18.04 (Bionic) until at least security patch support stops coming out for it. Did I get that correct this time?Sorry, new to the Ubuntu world.
-
-
Wow. 🤯
It's WAY faster now.
Like, lightning fast.
I just did a reboot to finish a Ubuntu security update and everything was back up and running in less than 60 seconds.
I almost couldn't believe it!
Thanks!
-
@DanTheMan
Likely due to improvements in 18.04.4 and above.@Lonk
To avoid having to reboot the box, you can run your tests in a docker container using the sysbox-runc for full OS (machine image) capability in a docker container.Then just reboot the sysbox container.
See requirements: https://github.com/nestybox/sysbox-ee/blob/master/docs/distro-compat.md -
Yep. For those cases it shouldn't be too bad: The fixed timeslots/dates can be communicated/planned accordingly and if it's on demand and no admin is available, the users can get told that they should be worried only if downtime is >1h or something like that. That's at least better than no patched server and in worst case coming home and finding a disaster .
-
-
@nebulon just for information - livepatch doesn't mean you don't have to reboot - it just lets you postpone that moment as convenient.
For
sync
- a good practice on old good *nix is to issuesync
twice before reboot - to make sure the buffers dumped for sure.On the reboot automation using third-party apps - it's doable; everything is, but why, if you can just add it inside of the system?