How to automate changed config files during apt-get upgrade in Ubuntu 12
I like to use "knife cloudstack server create ..." to build a new VM. My bootstrap template starts off with an "apt-get update" and "apt-get -y upgrade".
The upgrade then halts with:
10.190.113.11 Configuration file `/etc/nscd.conf'
10.190.113.11 ==> Modified (by you or by a script) since installation.
10.190.113.11 ==> Package distributor has shipped an updated version.
10.190.113.11 What would you like to do about it ? Your options are:
10.190.113.11 Y or I : install the package maintainer's version
10.190.113.11 N or O : keep your currently-installed version
10.190.113.11 D : show the differences between the versions
10.190.113.11 Z : start a shell to examine the situation
10.190.113.11 The default action is to keep your current version.
10.190.113.11 *** nscd.conf (Y/I/N/O/D/Z) [default=N] ?
So there are really two problems:
Firstly, can I get apt-get to do something by default? Obviously there's no way to provide an answer.
Secondly, I don't even know what the right answer to the question should be. The config file it's replacing came from a template. I haven't yet looked up what "nscd" even does. (Presumably "Y" is the correct answer, but the research involved at the time of the question is daunting.)
You can pass arguments to avoid getting prompts. This works for me;
apt-get update
apt-get --yes --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" upgrade
apt-get --yes --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" dist-upgrade
--force-confold (my choice) will make these "What do you want to do about modified configuration file" questions default to N (keep your currently-installed version)
--force-confold: do not modify the current configuration file, the new version is installed with a .dpkg-dist suffix. With this option alone, even configuration files that you have not modified are left untouched. You need to combine it with --force-confdef to let dpkg overwrite configuration files that you have not modified.
--force-confnew: always install the new version of the configuration file, the current version is kept in a file with the .dpkg-old suffix.
--force-confdef: ask dpkg to decide alone when it can and prompt otherwise. This is the default behavior of dpkg and this option is mainly useful in combination with --force-confold.
--force-confmiss: ask dpkg to install the configuration file if it’s currently missing (for example because you have removed the file by mistake).
- source
Warning - some modified configuration files can break your system if kept back & not compatible with updated package version. Please test it before deploying in automation solutions.
If you absolutely do not want to answer any interactive questions, then set the DEBIAN_FRONTEND front end variable to noninteractive.
This can be as easy as DEBIAN_FRONTEND=noninteractive apt-get upgrade.
You will get no messages and the defaults will be chosen. In most cases, this means your configuration files will not be changed, and you will be left with files named like *.dpkg-new for all the places where a configuration file was untouched. You can then manually resolve the changes, or push your local configuration to the system using a configuration management system or whatever.
Secondly, I don't even know what the right answer to the question should be
Hitting the D key will display the difference, which you can then inspect. If you are certain that you have never manually changed that file, choosing Y to replace it is probably safe (you have verified your backups upgrading RIGHT!!). Choosing N just keeps the old file which is also safe 95% of the time, unless the package had major changes, which are usually covered in the changelog/release notes which you also have read before you ran the upgrade/dist-upgrade command.
Past that, simply try the command first in your test environment. See if things don't work. If you are really not sure get the diff, and read the documentation for the package and research.