Interactive prompt during non-interactive install

Bug #1833013 reported by Victor Engmark
42
This bug affects 7 people
Affects Status Importance Assigned to Milestone
ansible (Ubuntu)
Incomplete
Undecided
Unassigned
openssl (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

`apt-get install -y -qq ansible` runs `whiptail --backtitle Package configuration --title Configuring libssl1.1:amd64 --output-fd 11 --defaultno --yesno -- There are services installed on your system which need to be restarted when certain libraries, such as libpam, libc, and libssl, are upgraded. Since these restarts may cause interruptions of service for the system, you will normally be prompted on each upgrade for the list of services you wish to restart. You can choose this option to avoid being prompted; instead, all necessary restarts will be done for you automatically so you can avoid being asked questions on each library upgrade. Restart services during package upgrades without asking? 16 77`, causing a non-interactive installation to be impossible.

Also reported to the Ansible Local Vagrant provisioner because they will probably have to work around this in the short term: https://github.com/hashicorp/vagrant/issues/10914

Revision history for this message
Victor Engmark (victor-engmark) wrote :

Ah, looks like this is a fault with apt-get for not detecting a non-interactive install.

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in ansible (Ubuntu):
status: New → Confirmed
Revision history for this message
ugmoe2000 (ericpulvino) wrote :

This bug hits me via an automated install of Ansible which brings in libssl as a dependency. There is a functional workaround mentioned here which works for me --> https://github.com/hashicorp/vagrant/issues/10914#issuecomment-503055527 but it is a bit ugly.

Revision history for this message
Diego (diego-for-launchpad) wrote :

This exact problem seem to appear in appears in AWS when launching an EC2 instance with the Ubuntu Server 18.04 LTS (HVM), SSD Volume Type - ami-0c55b159cbfafe1f0 (64-bit x86) / ami-0f2057f28f0a44d06 (64-bit Arm)

Revision history for this message
Dmitrii Shcherbakov (dmitriis) wrote :
Revision history for this message
Robie Basak (racb) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better.

> `apt-get install -y -qq ansible`

This does not guarantee a non-interactive run. If you want a non-interactive run, you must use all the necessary parameters. For example:

UCF_FORCE_CONFOLD=1 DEBIAN_FRONTEND=noninteractive apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -qq -y install ansible

See the dpkg and ucf documentation to set the default behaviour as you actually want it.

Perhaps this could be better documented in apt-get(8). The -y option there refers to apt-get itself only and does not apply to underlying dpkg behaviour and debconf and ucf calls that might be called from maintainer scripts that need to interact with the user.

Unfortunately my example above isn't a complete answer either, since there is no unified "must run non-interactively" directive that individual package maintainer scripts must follow. In general though they tend to use dpkg's built-in handling, debconf and ucf when prompting the user is required, so this should cover most (99%+?) cases.

It's valid to say that we could do with a better unified way of achieving non-interactivity. However, in today's current design, if you're not calling apt-get with the appropriate parameters as in my example above, then it's your script that isn't correctly calling for non-interactivity. All configuration management tooling that expects non-interactivity needs to be doing this, and this isn't a workaround - it's the official CLI interface.

Bug 1747464 is related, though that relates to the default conffile state in our cloud images, so is a more specific instance of the problem where _interactive_ use causes unnecessary prompts.

This bug is not valid for openssl, because it isn't a bug for it to prompt in itself. It is perhaps valid for ansible if ansible itself incorrectly assumes non-interactivity without requesting it correctly - I don't if that's the case specifically with Ubuntu's ansible package; if it is, please describe the detail and change that bug status back to New.

It would be a valid feature request for Ubuntu to request a more unified way of requesting non-interactivity, though that would be a major effort as it would require changes across the stack, and wouldn't be of particularly high priority as we have a good enough (if non-obvious) way of achieving the same thing today (my example above). Specific requests to make this clear in documentation would also be valid. Please file separate bugs for those if you wish. I hope though that I've described adequately above why the behaviour you describe isn't itself a bug in the base packages.

Changed in openssl (Ubuntu):
status: New → Invalid
Changed in ansible (Ubuntu):
status: Confirmed → Incomplete
Revision history for this message
Felipe Micaroni Lalli (micaroni) wrote :

I have some automatic scripts stopped to work recently. This is not a feature, this is a bug and should be fixed.

Revision history for this message
Elvis Stansvik (elvstone) wrote :

Robie: We had one of our automated builds start failing due to this. We were using only -y and DEBIAN_FRONTEND=noninteractive (wrongly thinking that was enough).

I've now changed to

sudo apt-get -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" -y install $(cat requirements-ubuntu.txt)

and with DEBCONF_NONINTERACTIVE_SEEN=true, DEBIAN_FRONTEND=noninteractive and UCF_FORCE_CONFOLD=1 in the environment. But the prompt when configuring libssl1.1 still shows up, so the job hangs :(

Revision history for this message
Elvis Stansvik (elvstone) wrote :

Robie: Nevermind, I was not setting up the env vars correctly. Sorry for the noise.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.