37

I'm using Packer to create an AWS AMI based on an Ubuntu 16.04 image. In the beginning, I'm doing an upgrade:

sudo apt-get update
sudo apt-get upgrade -y

Here is the relevant part of my provisioners section:

"provisioners": [
  {
    "type": "shell",
    "inline": [
      "sudo apt-get update",
      "sudo apt-get upgrade -y"
    ]
  }
]

This breaks the automatization, however, as an interactive dialog pops up:

amazon-ebs: Found kernel: /boot/vmlinuz-4.4.0-72-generic
amazon-ebs: A new version of /boot/grub/menu.lst is available, but the version installed
amazon-ebs: currently has been locally modified.
amazon-ebs:
amazon-ebs: 1. install the package maintainer's version
amazon-ebs: 2. keep the local version currently installed
amazon-ebs: 3. show the differences between the versions
amazon-ebs: 4. show a side-by-side difference between the versions
amazon-ebs: 5. show a 3-way difference between available versions
amazon-ebs: 6. do a 3-way merge between available versions (experimental)
amazon-ebs: 7. start a new shell to examine the situation

I also tried to set export DEBIAN_FRONTEND=noninteractive before (as recommended in this answer). Unfortunately, it makes no difference.

Questions:

  • Is there a way to get past the iteractive dialog (selecting option 1 would be fine)?
  • Is it instead better to avoid upgrades and instead trust that the AMIs are up to date and contain the critical security patches?

Background: This is the relevant part of my "builders" section, where I configured it to use the latest available AMI:

"builders": [{
  "type": "amazon-ebs",
  "region": "eu-central-1",
    ...
    "source_ami_filter": {
        "filters": {
            "virtualization-type": "hvm",
            "name": "*ubuntu-xenial-16.04-amd64-server-*",
            "root-device-type": "ebs"
        },
        "owners": ["099720109477"],
        "most_recent": true
    },
  ...
}]

Note: Turns out that the noniteractive mode works if you run apt-get update with both the -y and the -q flag.

Pierre.Vriens
  • 7,225
  • 14
  • 39
  • 84
Philipp Claßen
  • 1,675
  • 3
  • 18
  • 30

5 Answers5

26

This sequence of commands works for me:

apt-get update
DEBIAN_FRONTEND=noninteractive apt-get upgrade -yq

So, DEBIAN_FRONTEND=noninteractive is correct but you also need the -q flag.

Source: https://github.com/moby/moby/issues/4032

Philipp Claßen
  • 1,675
  • 3
  • 18
  • 30
13

Your problem is that grub file change adhere to ucf and not debconf, as per this incident on apt list you're not alone.

As workaround I found this answer on askunbuntu. Removing the menu.lst from the UCF configuration system should be enough, for your case:

"provisioners": [
  {
    "type": "shell",
    "inline": [
      "sudo ucf --purge /boot/grub/menu.lst",
      "sudo apt-get update",
      "sudo UCF_FORCE_CONFFNEW=YES apt-get upgrade -y"
    ]
  }
]

This should avoid the grub question. Be warned that any other package using ucf will also use the maintainer package version, for a creation from a base ami this should not be a problem, but it worth being noted.

Tensibai
  • 11,416
  • 2
  • 37
  • 63
3

To add to Philipp's answer, if you are using sudo then you need to make sure to set the DEBIAN_FRONTEND variable afterwards, like so:

apt-get update
sudo DEBIAN_FRONTEND=noninteractive apt-get upgrade -yq
Christos Dimitroulas
  • 131
  • 1
1

I didn't notice any difference using -y or -q. Maybe because the question is about using "packer" ? (I use bare scripts)

Anyway, in my case, I got rid of the dialogs for apt upgrade using the following sed commands around it :

sed -i "s/#\ conf_force_conffold=YES/conf_force_conffold=YES/g" /etc/ucf.conf
apt-get -y upgrade
sed -i "s/conf_force_conffold=YES/#conf_force_conffold=YES/g" /etc/ucf.conf

My change is limited to the time of the upgrade.
Technically, it disables the questions about keeping or not an existing configuration when upgrading grub, but only for the time of the upgrade, to avoid side effects.

OS : Ubuntu 16.04 LTS

Hope this helps

Balmipour
  • 111
  • 2
0

You're omitting the -y parameter from your apt-get update command. If you include it, prompt should go away.

I've built an Ubuntu image with Packer as well. Here is the shell script I use to perform the update:

https://github.com/devopskatas/learningvm/blob/master/script/update.sh

This is derived from a great, well-maintained library of Ubuntu Packer builds:

https://github.com/boxcutter/ubuntu

Dave Swersky
  • 4,068
  • 2
  • 21
  • 33