eksa-admin node should include unattended-upgrades

Question

eksa-admin node should include unattended-upgrades

Closed this issue 2 years ago · 4 comments

The EKS-A Admin node is running Ubuntu 20.04. We should ensure the latest updates are installed and continue to be installed through use of the unattended-upgrades package.

Answer 1 · 2022-09-21T19:10:17.000Z

Adding the following to the cloud-init should do it.

in packages:

unattended-upgrades
packages_update: true
packages_upgrade: true
package_reboot_if_required: true

in runcmd:

- sed 's,//      "${distro_id}:${distro_codename}-updates";,        "${distro_id}:${distro_codename}-updates";,' /etc/apt/apt.conf.d/50unattended-upgrades
- sed 's,//Unattended-Upgrade::Automatic-Reboot "false";,Unattended-Upgrade::Automatic-Reboot "true";,' /etc/apt/apt.conf.d/50unattended-upgrades

Answer 2 · 2022-09-21T19:49:23.000Z

We'll also want to ensure (somehow) that the node isn't rebooted while the cluster is coming up for the first time.
Maybe we can disable it at install and at schedule the enablement for a few hours later.

Answer 3 · 2022-09-21T19:58:57.000Z

Options:

disable autoreboot
Set reboot time to 2AM
Do your at scheme.
Calculate the autoreboot time to be 2 hours (or some other offset) from current time.

Answer 4 · 2022-09-21T20:29:31.000Z

Looks like the upfront upgrade (package_upgrade: true) may be a bad idea. Just had it hang and never complete.