how to disable unattended-upgrades during autoinstall (user-data, cloud-config)

Question

Is there an option to suppress (or forward) the automatic unattended packages upgrade during autoinstall session? I do not want to download the huge data from internet site for each client when we have ubuntu mirror configured locally. Thanks

Answer 1

When you use autoinstall with the Ubuntu live server installer (subiquity) there is no built-in option to disable the package updates. There is an updates key but the only available options are security or all.

However, I have found a couple methods that will effectively skip the updates. I have only tested these methods using the 22.04 installer.

method 1

This method uses apt_preferences to lower the priority of packages in the security repository. This results in all packages in the security repository being ignored during the updates. The apt_preferences configuration is deleted in late-commands. The downside to this approach is that it is harder to install other apt_preferences.

Here is a snippet of the user-data file for this method.

#cloud-config
autoinstall:
  updates: security
  apt:
    preferences:
      - package: "*"
        pin: "release a=jammy-security"
        pin-priority: 200
  late-commands:
    - |
      rm /target/etc/apt/preferences.d/90curtin.pref
      true

method 2

This method configures sources.list without the security repository. The result is that no packages from the security repository will be available and there will be no packages updated. The downside is that the installation will not be configured with the security repository.

Here is a snippet of the user-data file for this method.

#cloud-config
autoinstall:
  updates: security
  apt:
    disable_suites: [security]

alternate option to use your local mirror

If you really just want to use your local mirror then you can configure apt to use it. Here is a snippet of the user-data file configuring apt with a local mirror.

#cloud-config
autoinstall:
  apt:
    primary:
    - arches:
      - default
      uri: http://YOURMIRROR

If the local mirror does not mirror all components and suites then the autoinstall may fail. You may need to include apt keys like

    disable_components: [restricted,multiverse]
    disable_suites: [backports,security]

see also

• Disable auto update at end of autoinstall/cloud-init
• Ubuntu 20.4 autoinstall user-data skip installing security updates

notes

I tested these configurations using Ubuntu 22.04 (subiquity 22.04.2)

Answer 2

I found a much cleaner (IMHO) solution which doesn't involve messing with network settings, APT repositories or DNS resolution: temporarily turn unattended-upgrades into a no-op.

I think it's cleaner because this modifies only the faulty component (namely unattended-upgrades, which, for an unknown reason, stalls for more than one hour when run during the installation... Until Ubuntu deigns fixing curtin and/or subiquity), instead of modifying things that will most probably impact several other steps of the installation.

In the early-commands, create a simple shell loop, running in the background, which will wait for the unattended-upgrades script to appear in the target system's directory, and when it does, insert a new shebang at the top, using /bin/true as an interpreter:

early-commands:
  # Disable unattended-upgrades
  - ( FILE="/target/usr/bin/unattended-upgrade" ; until [ -e "$FILE" ] ; do sleep 1 ; done ; sed -i '1i#!/bin/true' "$FILE" ) &

And in the late-commands, revert the change:

late-commands:
  # Re-enable unattended-upgrades
  - sed -i '\,^#!/bin/true$,d' "/target/usr/bin/unattended-upgrade"

Optionally, we can still do a package upgrade in the late-commands without using unattended-upgrades:

  # Upgrade packages
  - curtin in-target -- apt-get update
  - curtin in-target -- apt-get --yes upgrade

Answer 3

You can also take a look in my answer - https://askubuntu.com/a/1451620/1637750

Tested on Ubuntu 22.04 and it works.

Answer 4

Here's a trick to disable unattended packages upgrade by disable DNS.

autoinstall:
  apt:
    fallback: offline-install
  early-commands:
    - |
      echo $(dig +short geoip.ubuntu.com | grep -v '\.$' | head -1) geoip.ubuntu.com >>/etc/hosts
      sed -i '/^nameserver /d' /etc/resolv.conf

Only affects to the Installer live OS so it's safe.

But the installer needs to get CountryCode from https://geoip.ubuntu.com/lookup and write into /etc/apt/sources.list to speedup apt package operation.

So we resolve the IP in early to make this feature work while DNS disabled.

Answer 5

Subiquity (the installer) uses Curtin, which in turn uses unattended-upgrades. You can remove the package when creating your image:

sudo apt-get -y -qq remove unattended-upgrades

If needed, you can then reinstall it through a late command.