26

I like to use "knife cloudstack server create ..." to build a new VM. My bootstrap template starts off with an "apt-get update" and "apt-get -y upgrade".

The upgrade then halts with:

10.190.113.11 Configuration file `/etc/nscd.conf'
10.190.113.11  ==> Modified (by you or by a script) since installation.
10.190.113.11  ==> Package distributor has shipped an updated version.
10.190.113.11    What would you like to do about it ?  Your options are:
10.190.113.11     Y or I  : install the package maintainer's version
10.190.113.11     N or O  : keep your currently-installed version
10.190.113.11       D     : show the differences between the versions
10.190.113.11       Z     : start a shell to examine the situation
10.190.113.11  The default action is to keep your current version.
10.190.113.11 *** nscd.conf (Y/I/N/O/D/Z) [default=N] ?

So there are really two problems:

Firstly, can I get apt-get to do something by default? Obviously there's no way to provide an answer.

Secondly, I don't even know what the right answer to the question should be. The config file it's replacing came from a template. I haven't yet looked up what "nscd" even does. (Presumably "Y" is the correct answer, but the research involved at the time of the question is daunting.)

Mojo
  • 925
  • 1
  • 9
  • 24

2 Answers2

28

You can pass arguments to avoid getting prompts. This works for me;

apt-get update
apt-get --yes --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" upgrade
apt-get --yes --force-yes -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" dist-upgrade

--force-confold (my choice) will make these "What do you want to do about modified configuration file" questions default to N (keep your currently-installed version)

--force-confold: do not modify the current configuration file, the new version is installed with a .dpkg-dist suffix. With this option alone, even configuration files that you have not modified are left untouched. You need to combine it with --force-confdef to let dpkg overwrite configuration files that you have not modified.
--force-confnew: always install the new version of the configuration file, the current version is kept in a file with the .dpkg-old suffix.
--force-confdef: ask dpkg to decide alone when it can and prompt otherwise. This is the default behavior of dpkg and this option is mainly useful in combination with --force-confold.
--force-confmiss: ask dpkg to install the configuration file if it’s currently missing (for example because you have removed the file by mistake).

Warning - some modified configuration files can break your system if kept back & not compatible with updated package version. Please test it before deploying in automation solutions.

Jossef Harush Kadouri
  • 451
  • 5
  • 11
10

If you absolutely do not want to answer any interactive questions, then set the DEBIAN_FRONTEND front end variable to noninteractive.

This can be as easy as DEBIAN_FRONTEND=noninteractive apt-get upgrade.

You will get no messages and the defaults will be chosen. In most cases, this means your configuration files will not be changed, and you will be left with files named like *.dpkg-new for all the places where a configuration file was untouched. You can then manually resolve the changes, or push your local configuration to the system using a configuration management system or whatever.

Secondly, I don't even know what the right answer to the question should be

Hitting the D key will display the difference, which you can then inspect. If you are certain that you have never manually changed that file, choosing Y to replace it is probably safe (you have verified your backups upgrading RIGHT!!). Choosing N just keeps the old file which is also safe 95% of the time, unless the package had major changes, which are usually covered in the changelog/release notes which you also have read before you ran the upgrade/dist-upgrade command.

Past that, simply try the command first in your test environment. See if things don't work. If you are really not sure get the diff, and read the documentation for the package and research.

Zoredache
  • 128,755
  • 40
  • 271
  • 413
  • You advise DEBIAN_FRONTEND=noninteractive over --force-yes? It sounds like that defaults to NO, and "yes" is more likely correct in this instance. (I can't hit any keys since there's no stdin.) – Mojo Aug 01 '13 at 15:26
  • Wow! Thanks @Zoredache. This is the first tip that actually worked. The other suggestions about using "--force" still were getting interrupted by an interactive interface when running a dist-upgrade on ubuntu 18.01. – Lance Kind May 20 '20 at 00:14
  • @Mojo Yes, the defaults were "no" when used thusly: DEBIAN_FRONTEND=noninteractive apt-get upgrade – Lance Kind May 20 '20 at 00:16
  • At this moment, I can't get the effect of -o Dpkg::Options::="--force-confnew" to combine with DEBIAN_FRONTEND=noninteractive. – Lance Kind May 20 '20 at 00:25
  • You might need to post your problem as a new question, but it sure seems like it should work. – Zoredache May 20 '20 at 00:52
  • By comparison (for some updates) I've found I need both `noninteractive` (I've been using this a long time - eg tzdata installs) and `--force-confold` so this question was quite a help – Greg Mar 02 '22 at 03:26