Ubuntu
needrestart package

needrestart should avoid restarting runner-provisioner.service

  1. Noble (24.04)
  2. Bug #2067800
Bug #2067800 reported by Simon Déziel
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
needrestart (Ubuntu)
Status tracked in Oracular
Noble
New
Undecided
Unassigned
Oracular
Fix Released
Undecided
Unassigned

Bug Description

[ Impact ]

On GitHub action runners, if there is an update that causes needrestart to restart the runner-provisioner.service, the action job will immediately fail.
While GitHub seem to have tweaked their image to workaround the issue (see https://bugs.launchpad.net/ubuntu/+source/needrestart/+bug/2067800/comments/2)
users of self-hosted runners might have images lacking the workaround.

The fix is to add `runner-provisioner.service` to the override/exclusion list to prevent automatic restart of that service.

[ Test Plan ]

Since GitHub patched the main configuration file to do the exclusion, this needs to be undone before doing the verification.
The verification itself should ideally be done on a GitHub runner

1) Undo GitHub config workaround:
sudo sed -i '/^\s*qr(^runner-provisioner)\s*=>\s*0,$/d' /etc/needrestart/needrestart.conf

2) Install fixed package from proposed
echo "deb http://archive.ubuntu.com/ubuntu noble-proposed main" | sudo tee /etc/apt/sources.list
sudo apt update
sudo apt install -y -t noble-proposed needrestart

3) Reinstall something that would cause the runner-provisioner.service unit to be restarted:
sudo apt reinstall libc6
sleep 5
echo Success

Those instructions are available in this workflow:

https://github.com/simondeziel/needrestart-ghaction/blob/main/.github/workflows/blank.yml

[ Where problems could occur ]

It is possible that other environment (non GitHub runners) have a systemd unit by the same name and excluding the service from the restart-able list would prevent their service from being restarted automatically.

The packages in the Ubuntu archive don't contain any systemd unit by that name so this risk is only for "external" packages.

[ Original bug description ]

On GitHub action runners, if there is an update that causes needrestart to restart the runner-provisioner.service, the action job will immediately fail.

```
Restarting services...
 /etc/needrestart/restart.d/systemd-manager
 systemctl restart packagekit.service php8.3-fpm.service runner-provisioner.service systemd-journald.service systemd-networkd.service systemd-resolved.service systemd-udevd.service udisks2.service walinuxagent.service
Terminated
```

While the above shows multiple services being restarted, "artificially" restarting just runner-provisioner.service has shown to cause an immediate failure (as seen in https://github.com/canonical/lxd-ci/actions/runs/9323021640/job/25665299316?pr=178)

```
+ sudo systemctl restart runner-provisioner.service
Error: Process completed with exit code 143.
```

If needrestart has a way to exclude services from being restarted, runner-provisioner.service should be added to the list.

See original description
Simon Chopin (schopin)
tags: added: foundations-todo
Simon Chopin (schopin)
Changed in needrestart (Ubuntu Oracular):
status: New → Fix Committed
Revision history for this message
Simon Déziel (sdeziel) wrote :

Thanks @schopin! Looking forward for the SRU to Noble ;)

Revision history for this message
Simon Déziel (sdeziel) wrote :

Thanks @schopin for also discovering that GitHub folks have apparently worked around the bug by tweaking needrestart config to not restart the runner-provisioner unit. https://github.com/schopin-pro/needrestart-ghaction/actions/runs/9518941463/job/26241023047#step:3:163:

```
# Override container default selection (hash of regex).
$nrconf{override_cont} = {
    qr(^runner-provisioner) => 0,
};
```

Simon Déziel (sdeziel)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package needrestart - 3.6-8ubuntu3

---------------
needrestart (3.6-8ubuntu3) oracular; urgency=medium

  * d/p/ubuntu-mode.patch: Don't touch /run/reboot-required on kernel updates
    (LP: #2065863)
  * Ubuntu mode: disable it if restart mode has been explicitly set
    (LP: #2068543)
  * Add some inline documentation for the Ubuntu mode (LP: #2068573)
  * Don't restart the google-guest-agent service (LP: #2063442)
  * Don't restart the GH runner provisioner (LP: #2067800)
  * tests: guard against looping when failing.

 -- Simon Chopin <email address hidden> Fri, 14 Jun 2024 11:57:11 +0200

Changed in needrestart (Ubuntu Oracular):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.