Dear Maintainer,
when the apt-all plugin is loaded (what is automatic on Debian because of
the package install script), then two cron lines in /etc/cron.d/munin-node
*/5 * * * * root if [ -x /etc/munin/plugins/apt_all ]; then
/etc/munin/plugins/apt_all update 7200 12 >/dev/null; elif [ -x
/etc/munin/plugins/apt ]; then /etc/munin/plugins/apt update 7200 12
*/10 * * * * root lslocks -o PATH | grep -e "^/var/lib/dpkg/lock$"
/etc/munin/plugins/apt_all update 7200 12 >/dev/null; elif [ -x
/etc/munin/plugins/apt ]; then /etc/munin/plugins/apt update 7200 12
when root is already runnin an installation or system update
or
when computer is offline.
They have a third side effect: if user tries to start installing a package
just after those lines started to run, then, root will receive the error
message "lock already locked by an other process", what is a missleading
message. The very first time I got this message, I checked all my
consoles: "in which console am I already running apt ?" then, after
founding none "am I being hacked ?". And when I restarted the same
command, it worked => "why does it work now ? I did nothing to release the
lock". And this may be very missleading for an experienced debian admin
who is just starting to learn about munin.
The case I had this weekend: a production server was offline because of a
faulty cable. The server is a gateway for a full room of machines. Every
single machine generated one email per hour, for two days ... those
machines are designed to send only one message per week; so getting one
message per hour blew up the SMTP.
Here is a typical error email:
W: Failed to fetch http://ftp.fr.debian.org/debian/dists/stretch/InRelease Temporary failure resolving 'ftp.fr.debian.org'
W: Failed to fetch http://security.debian.org/dists/stretch/updates/InRelease Temporary failure resolving 'security.debian.org'
W: Failed to fetch http://ftp.fr.debian.org/debian/dists/stretch-updates/InRelease Temporary failure resolving 'ftp.fr.debian.org'
W: Failed to fetch http://www.ubnt.com/downloads/unifi/debian/dists/unifi5/InRelease Temporary failure resolving 'www.ubnt.com'
W: Some index files failed to download. They have been ignored, or old ones used instead.
1: installation of package should inform admin about the fact these two cron lines may lock apt a few seconds per hour.
2: you need to find a way to EASILY let admin customise if he want to run those lines, or use an alternate way to update apt (I have seen some propositions in other bugs)
3: create a conf file that will let admin choose
- if those lines should be completely silent (add 2>/dev/null)
- at which frequency they should be run
4: ideally I would like those commands to not lock apt; but I know it's not possible in Debian. Gentoo is designed to minimise the time laps when the locks are created, and allows parallel execution of installation procedures. Debian locks every thing all the time; and this bug is not asking to change this behaviour. But this bug need to workaround the fact a random cron task may randomly prevent admin from working, or may randomly prevent correct execution of admin scripts/interfaces. An old working debian may suddenly break just after installing munin.
The apt-all plugin may be interesting and helpfull; but that cron bit is toxic for me.
In particular, the plugin has a small design flaw: it only produces warnings when updates are available. It should also provide critical state when security updates are available !!! This would be very usefull !!!
While I am suggesting the creation of a conf file for apt-all and it's cron file, a conf file for this plugin would also help fixing several other bugs pending; like the one or two bugs about Debian Version.
There are good ideas in this plugin; but poorly implemented.
What I am wondering is: should be remove this plugin from automatic installation ? (keep the plugin in the repo, but do not automatically enable it during package install). I thinck it should be removed from automatic installation before we make it cleaner, more user friendly, and remove it's side effects. Or at the very least, rapidly add a warning during installation, or a curses pop-up question.
http://benoit.demaine.info <http://benoit.demaine.info/>/
If computing were an exact science, IT engineers would'nt have work \_o<
"So all that's left, Is the proof that love's not only blind but deaf."
(FAKE TALES OF SAN FRANCISCO, Arctic Monkeys)