I have installed some packages (Docker, Kubeadm, Kubelet, Kubectl) for my Kubernetes cluster on Ubuntu 18.04 LTS.
I don't want these packages to get auto updated because there will be some issue arises between them when the update happens between one another.
I just want to update manually when they are stable.
What is the correct command for stop packages update automatically?
Commands I have used to install them on Ubuntu 18.04
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
sudo add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
sudo apt-get update
sudo apt-get install -y docker-ce=18.06.1~ce~3-0~ubuntu
curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -
cat << EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/ kubernetes-xenial main
EOF
sudo apt-get update
sudo apt-get install -y kubelet=1.12.7-00 kubeadm=1.12.7-00 kubectl=1.12.7-00
Motivation: You don't want to take any risks over sensitive packages on your linux machine (It happens when your application is in production and customers use it, or some important task running inside, newer version can break changes and accidentally can cause a downtime). In this situation - you want to pin specific versions to your packages and make sure no upgrade happens without explicit action and approval from your side.
Solution: You should disable the unattended-upgrades feature and pin your package into the current version you use (in other words - keep this version).
step 1: disable automatic upgrade (aka unattended-upgrades)
$ sudo vim /etc/apt/apt.conf.d/20auto-upgrades
#edit these lines - which disabling the upgrade feature.
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "0";
step 2: hold and freeze the specific package you want prevent from self upgrading:
sudo apt-mark hold <package-name>
You can use the hold status for a package (or set of packages) to not involve it upgrades. That gives you the more fine-tuned ability to decide on a per-package basis what should, or should not, upgrade. Very helpful during known digressions, bugs, and subtle changes in behaviour.
From the manual page for dpkg and edited / indented:
--get-selections [package-name-pattern...]
Get list of package selections, and write it to stdout. Without a pattern,
non-installed packages (i.e. those which have been previously purged) will
not be shown.
--set-selections
Set package selections using file read from stdin. This file should be in
the format “package state”, where state is one of install, hold, deinstall
or purge. Blank lines and comment lines beginning with ‘#’ are also
permitted.
The available file needs to be up-to-date for this command to be useful,
otherwise unknown packages will be ignored with a warning. See the
--update-avail and --merge-avail commands for more information.
The format is arguably a little weird -- but this is very powerful and helpful. I relied on it a few times during my twenty-five years (!!) with Debian/Ubuntu. I may have a shell script helper somwhere but I may need to dig.
Find of the day :). Ubuntu apt gives you the command to hold the auto update of the package. Thanks to Dirk for giving me the hint.
sudo apt-mark hold docker-ce kubelet kubeadm kubectl
apt doesn't have yum like flags --enable-repo and --disablerepo while performing install or update. A way to manage repos is shown here
But for your case the way you have added the repositories they have been appended to /etc/apt/sources.list therefore you can use sed to comment out the repository lines which you have added to install docker and kubernetes.
Note: you should comment out lines after installation and before performing sudo apt-get update
Example:To disable docker repo:
sed -i 's/^deb.*docker.*/# &/g' /etc/apt/sources.list
Enable the docker repo for manual update:
sed -i '/^# deb .*docker.*/s/^# //' /etc/apt/sources.list
Related
I want to remove Kubernetes from a Debian machine (I didn't do the setup)
I followed the instructions from How to completely uninstall kubernetes
kubeadm reset
sudo apt-get purge kubeadm kubectl kubelet kubernetes-cni kube*
sudo apt-get autoremove
sudo rm -rf ~/.kube
But it seems to be still installed:
# which kubeadm
/usr/local/bin/kubeadm
# which kubectl
/usr/local/bin/kubectl
# which kubelet
/usr/local/bin/kubelet
Also, apt list --installed | grep kube* does not return anything, so it make me think it was not installed via apt
Do you know how to clean this machine ? Should I just rm /usr/local/bin/kubectl etc ? I don't really like this idea..
Thanks for help
The method suggested by Rib47 on the answer you indicated is correct to completely remove and clean Kubernetes installed with apt-get.
As mentioned by underscore_d, /usr/local/bin/ isn't the directory where the packages installed by apt-get are placed.
For example, when you install kubectl using apt-get, it's placed on /usr/bin/kubectl and that's what is going to be removed by apt-get purge.
I tested it on my kubeadm cluster lab and I don't have these files at /usr/local/bin/.
You have to revisit all the steps you followed during the install process to know how exactly these files got there.
If you run kubeadm reset, I would say it's safe to remove these files. I suggest you to check if they are being used before removing using the command fuser. This command might not be installed in your linux and you can install it by running sudo apt-get install psmisc. After installing you can run it as in this example:
$ sudo fuser /usr/bin/kubelet
/usr/bin/kubelet: 21167e
It means this file is being used by process number 21167.
Checking this process we can see what's using it:
$ ps -aux | grep 21167
root 21167 4.1 0.5 788164 88696 ? Ssl 08:50 0:07 /usr/bin/kubelet --bootstrap-kubeconfig=/etc/kubernetes/bootstrap-kubelet.conf --kubeconfig=/etc/kubernetes/kubelet.conf --config=/var/lib/kubelet/config.yaml --cgroup-driver=cgroupfs --network-plugin=cni --pod-infra-container-image=k8s.gcr.io/pause:3.2
If the files related to kubernetes you have under /usr/local/bin/ are not in use, I would remove them with no worries.
I want to create .deb file that could be installed on a out-of-box Ubuntu.
I have prepeared control, preinst, postinst files. But when I try to install my package on a fresh Ubuntu it says that "Could not get lock /var/lib/dpkg/lock". I know that it is a common problem when people want to install different software at the same time. But how do I install python3-pip and nginx?
Sure, I can create 2 files: mysofr.deb and install.sh. But the point is to have only one file, so user could install my soft with only one command.
Here is my preinst:
dpkg -s "python3-pip" >/dev/null 2>&1 && {
echo "python3-pip is installed."
echo
} || {
echo "ERROR: python3-pip is not installed. Now it will be installed from default repo"
# rm /var/lib/dpkg/lock
# dpkg --configure -a
sudo apt install python3-pip
}
As you can see, I have tried to unlock dpkg. But it was a bad idea to do it during installation.
Here is my postinst:
#!/bin/bash
cd *directory*
dpkg -i nginx_1.14.2-1_stretch_amd64.deb
rm nginx_1.14.2-1_stretch_amd64.deb
systemctl enable nginx
service nginx start
In short: I want to create deb that could check if there is a python3-pip and nginx and if there is no such software - install it: nginx from .deb file, python3-pip from default repo.
You should declare these dependencies in the control file, as Depends. See the documentation on those fields in man deb-control.
Installing from within the maintainer scripts is completely unsupported and trying to force that via the removal of the lock file is going to damage the dpkg database or the installation, don't do that.
if you get comments like that, it means that before you cancel the installation, for this problem you can use the following command "$rm /var/lib/dpkg/lock",
My morning so far has been banging my head against trying to get the docker installation to work, so far I have had no luck.
The guide I have been following: https://docs.docker.com/install/linux/docker-ce/ubuntu/
Here is the steps of what happens.
First:
sudo apt-get remove docker docker-engine docker.io containerd runc
Which is good! The next step is a sudo apt-get update which returns something less good. A lot of documentation I have read does not seem to help me solve this, so I plug on to see if something will correct this later.
Third step is
sudo apt-get install apt-transport-https ca-certificates curl gnupg-agent software-properties-common
No issues here.
Fourth step is the docker fingerprint key
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -
Which just outputs OK
Fifth step I do is the sudo apt-key fingerprint 0EBFCD88 which outputs the key as it is shown in the docker installation documentation.
Sixth step is the repository:
sudo add-apt-repository \
"deb [arch=amd64] https://download.docker.com/linux/ubuntu \
$(lsb_release -cs) \
stable"
No output is shown just brings me to a new command line.
Seventh step is sudo apt-get update which shows the same output as in step 2.
Eigth step is the actual install. sudo apt-get install docker-ce docker-ce-cli containerd.io
Which outputs:
I am not sure of what files to edit. But every line is spelled correctly and it still throws issues my way and I am at a loss. If anyone has any tips thatd be fantastic.
If you are not sure which steps error, I suggest you to ease the process of the docker install using official convenience script, see this:
Main steps as next:
$ curl -fsSL https://get.docker.com -o get-docker.sh
$ sudo sh get-docker.sh
Super simple way to install, as this is a common problem:
Download the most recent docker-ce, docker cli and container.d file from here:
https://download.docker.com/linux/ubuntu/dists/xenial/pool/stable/amd64/
Then just run dpkg -i <containerd package name> <docker-ce package name> <docker cli package name>
That's it, Docker away
sometimes it is blocked through the DNS, You can try by changing DNS address to 8.8.8.8.
you can change DNS address through /etc/resolve.conf temporarily
or if you need permanent you can change here /etc/resolvconf/resolv.conf.d/base
I am a newbie on openSUSE. I needed to get build-essential for the system but could not get it using sudo apt-get install build-essential or even by using sudo apt-get update and then following it with the previous code. I found a way to install most packages of build essential through sudo zypper install -t pattern devel_basis. But however, I am not able to obtain libframe package !! I can't directly download it because mine is an account on the office computer and I don't have the root access.
I am also attaching the screenshot of my terminal.. The error is towards the end.
Screenshot
zypper info -t pattern devel_basis to see what packages have the pattern
zypper install -t pattern devel_basis to install these packages
thanks to what-is-build-essentials-for-opensuse
I'm not sure if this requires root login or just maybe sudo privileges. These can be granted by ur system administrator. You may just need to ask for them.
You need to add the repository first before trying the zypper install
The command is
zypper ar -f URL alias
where
ar is short form of addrepo command
-f instruction to zypper to add autorefresh flag to newly added repo
URL is URL of the repo which you type in a browser to visit repo
in this case (itc): http://download.opensuse.org/distribution/leap/42.2/repo/oss/
alias is name that is easy to remember. itc: openSUSE:Leap:42.2
so...
zypper ar -f http://download.opensuse.org/distribution/leap/42.2/repo/oss/ openSUSE:Leap:42.2
I had a similar problem with ubuntu/debian command.
sudo apt-get build-essential libssl-devel
it turns out in Suse build-essential and libssl-devel would be devel_basis and openssl-devel respectively. to install I then searched on google for just openssl-devel (as it was all that I needed at that time), and followed the link from https://software.opensuse.org. Hope this helps
I installed the open sourced version of Swift from swift.org for Ubuntu 15.10, but I am running Ubuntu 15.04 in my machine. Now when I executed the swift command in the terminal it raising the following error.
swift/usr/bin/repl_swift:error while loading shared libraries:
libicuuc.so.55: cannot open shared object file: No such file or
directory
error: failed to stop process at REPL breakpoint
I ran the following command to ensure libicu52 is installed.
sudo apt-get install libicu52
Please help me to sort out this problem.
Thanks in advance.
Try this one
wget http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu55_55.1-7_amd64.deb
sudo dpkg -i libicu55_55.1-7_amd64.deb
It worked for me
For newer versions where it complains about libicuuc.so.57: cannot open shared object file (version 57), use the following:
sudo wget http://security.ubuntu.com/ubuntu/pool/main/i/icu/libicu57_57.1-6ubuntu0.3_amd64.deb
sudo dpkg -i libicu57_57.1-6ubuntu0.3_amd64.deb
In general, you can search here for the version you need.
I tried this as well
apt-get install libicu-dev
It worked for me
You don't need libicu-dev unless you are building Swift from source. The problem is that, as pointed out by gengisdave, libicu52 is installed on the machine, but libicu55 is required. A few things you might try:
See if apt-get install libicu55 is going to install the needed version.
Install the binary distribution intended for Ubuntu 14.04. That one requires libicu52, which you do have on the system. This may or may not work, and if it does at first, it may break unexpectedly later depending on what you are doing.
This is even worse, but you might try it if you are just experimenting. Use dpkg -L libicu52 to find out where libicuuc.so.52 is located and create a symlink to it, named libicuuc.so.55, in the same directory.
Before the 8th of December this used to work
echo "deb http://security.ubuntu.com/ubuntu xenial-security main" | sudo tee --
append /etc/apt/sources.list
sudo apt-get update
sudo apt-get install libicu55