unattended-upgrades on Ubuntu Server 20.04 not working, stuck in shutdown/wait-for-signal
I got myself a VPS a few months back and provisioned it with Ubuntu Server 20.04. I didn't modify any system settings as far as I can remember, certainly nothing that affects unattended-upgrades since I actually want that.
It is my understanding that Ubuntu 20.04 ships with unattended-upgrades enabled by default, so it performs apt update + upgrade on a daily basis to keep the system up to date without the user having to do anything.
I just found out that it has never worked on my VPS in the few months I've had it, so I'm months behind on updates, and I'd like to understand why.
I looked at /var/log/apt/history.log.*, and the only entries there are explicit apt install commands I ran over the past few months. And there's nothing in /var/log/unattended-upgrades/.
A look at systemctl status unattended-upgrades.service
shows it's been waiting for a TERM signal before starting operation for 5 months. (see below)
System info:
$ lsb_release --all
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 20.04.1 LTS
Release: 20.04
Codename: focal
$ uname -a
Linux vps-713122 5.4.0-28-generic #32-Ubuntu SMP Wed Apr 22 17:40:10 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Unattended-upgrades is running, but waiting for something:
$ sudo systemctl status unattended-upgrades.service
● unattended-upgrades.service - Unattended Upgrades Shutdown
Loaded: loaded (/lib/systemd/system/unattended-upgrades.service; enabled; vendor preset: enabled)
Active: active (running) since Thu 2020-11-12 20:46:13 GMT; 5 months 4 days ago
Docs: man:unattended-upgrade(8)
Main PID: 867 (unattended-upgr)
Tasks: 2 (limit: 1111)
Memory: 2.5M
CGroup: /system.slice/unattended-upgrades.service
└─867 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
Nov 12 20:46:13 vps-713122 systemd[1]: Started Unattended Upgrades Shutdown.
190 packages out of date:
$ apt list --upgradable | wc -l
WARNING: apt does not have a stable CLI interface. Use with caution in scripts.
190
(Example upgradable package: #linux-generic/focal-updates,focal-security 5.4.0.72.75 amd64 [upgradable from: 5.4.0.53.56] The Ubuntu changelog shows that 5.4.0.53.56 dates from October 2020. There has since been a dozen updates, the most recent being April 12.)
At this point I ran "apt upgrade" manually to update my packages, and rebooted the server. When I checked on unattended-upgrades, it was still stuck:
$ sudo systemctl status unattended-upgrades.service
● unattended-upgrades.service - Unattended Upgrades Shutdown
Loaded: loaded (/lib/systemd/system/unattended-upgrades.service; enabled; vendor preset: enabled)
Active: active (running) since Sun 2021-04-18 21:23:29 BST; 5min ago
Docs: man:unattended-upgrade(8)
Main PID: 513 (unattended-upgr)
Tasks: 2 (limit: 1110)
Memory: 10.3M
CGroup: /system.slice/unattended-upgrades.service
└─513 /usr/bin/python3 /usr/share/unattended-upgrades/unattended-upgrade-shutdown --wait-for-signal
Apr 18 21:23:29 vps-713122 systemd[1]: Started Unattended Upgrades Shutdown.
Solution 1:
I figured it out. According to https://ubuntu.com/server/docs/package-management, "To enable automatic updates, edit /etc/apt/apt.conf.d/20auto-upgrades and set the appropriate apt configuration options".
This file did not exist on my system. Why? I'm not sure. Perhaps my cloud provider has modified the Ubuntu Server 20.04 image they use to provision. Perhaps it was a bug in the previous version of the unattended-upgrades package. Perhaps I got hacked and they deleted it. I'm not motivated enough to look into it.
So the solution is to create that file. Two easy options:
- Copy it from the default file:
sudo cp /usr/share/unattended-upgrades/20auto-upgrades /etc/apt/apt.conf.d/20auto-upgrades
- (WARNING: this will overwrite all existing configuration files for unattended-upgrades) Do a clean reinstall of the package by doing
sudo apt purge unattended-upgrades
followed bysudo apt install unattended-upgrades
. Confirm that the file /etc/apt/apt.conf.d/20auto-upgrades now exists.
I went with #2 to be safe.