Bug 1489595

Summary: dnf-automatic in 2.x is not compatible with 1.x, this is not explained in the docs anywhere, docs for new timer-based approach are unclear
Product: [Fedora] Fedora Reporter: Adam Williamson <awilliam>
Component: dnfAssignee: rpm-software-management
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: unspecified    
Version: 26CC: cdonnell, dhgutteridge, fleite, jmracek, kevin, kparal, lslebodn, mluscon, packaging-team-maint, rpm-software-management, vmukhame
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: dnf-2.6.3-11.fc26 dnf-2.6.3-11.fc27 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-09-14 21:55:18 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Adam Williamson 2017-09-07 20:38:09 UTC 
I just noticed my web server, which was configured to do automatic updates via dnf-automatic, had not been updated for weeks.

After a bit of poking I realized this is since it was upgraded to Fedora 26, and thus to dnf 2.0.

dnf 2.0 changed the way dnf-automatic works quite significantly. Best as I can tell, the `download_updates` and `apply_updates` settings in automatic.conf no longer do anything, and the user is supposed to decide whether they want:

i) only notifications
ii) download, but don't install
iii) download and install

by choosing to enable some combination of three systemd timer units, dnf-automatic-notifyonly.timer , dnf-automatic-download.timer , and dnf-automatic-install.timer .

However, AFAICT, this change is not explained *anywhere* in any documentation. It's not in https://fedoraproject.org/wiki/Changes/DNF-2.0 . It's not in https://dnf.readthedocs.io/en/latest/dnf-1_vs_dnf-2.html . It's not in https://dnf.readthedocs.io/en/latest/automatic.html - which actually still documents the *old* way dnf-automatic worked in 1.x, and doesn't mention the timer units at all, so is rather useless.

This seems like a rather big problem; who knows how many other people who were relying on dnf-automatic to do updates are in the same situation I found myself in?

Additionally, I'll note the timer mechanism is confusing and the documentation doesn't help at all. If I want to download and install updates, do I enable *both* download.timer *and* install.timer, or just install.timer? The docs don't help at all as they don't cover the timers at all, and the comments in the config file are entirely ambiguous on this.
Comment 1 Adam Williamson 2017-09-07 20:41:55 UTC 
As well as this not being documented at all (AFAICT), there doesn't appear to be any effort made at all to provide some kind of warning to the sysadmin. I can think of all sorts of ways to do this: for instance, if `download_updates` or `apply_updates` are set in automatic.conf but no timers are enabled, print a warning any time the admin runs dnf.

Or, include a dummy dnf-automatic.service - the name of the catch-all service from 1.0, which doesn't exist in 2.0 at all any more - which causes some kind of notification about the transition.
Comment 2 Adam Williamson 2017-09-07 20:43:35 UTC 
It is also not mentioned in the Fedora 26 Release Notes: https://docs.fedoraproject.org/f26/release-notes/
Comment 3 Adam Williamson 2017-09-07 20:58:07 UTC 
Marking private for now in case we treat this as a security issue.
Comment 4 Adam Williamson 2017-09-07 21:29:03 UTC 
Sorry, bit of a correction: https://dnf.readthedocs.io/en/latest/automatic.html *does* mention the timer units, but it *also* still covers the config file directives, and doesn't make any attempt to explain why there are two apparently conflicting mechanisms, or reconcile their practical effects.

As nearly as I can tell, when dnf-automatic *does* run, it will still read and respect the config file directives. So this is actually just even more odd. You have to enable one of the function-specific timer units to get dnf-automatic to run automatically at all again - but since the config file directives are still considered, you can't actually guarantee that any of the timer units *actually* only does what it says it does.

By which I mean: if you enable dnf-automatic-notifyonly.timer , despite the name, if your automatic.conf has `apply_updates = yes` in it, then when the timer causes dnf-automatic to run, it will apply the updates.

So really this is just an ungodly mess...
Comment 5 Adam Williamson 2017-09-07 22:17:10 UTC 
My suggestion for fixing this, btw, would be:

* Keep the config file directives
* Make the CLI args boolean (right now they can set True but not False)
* Re-introduce plain dnf-automatic.{service,timer} , which calls the binary with none of the relevant args specified in any way (and thus behaves exactly as the config file says)
* dnf-automatic-notifyonly.service would pass --notify=yes --download=no --install=no (or whatever the exact syntax is)
* dnf-automatic-download.service would pass --notify=yes --download=yes --install=no
* dnf-automatic-install.service would pass --notify=yes --download=yes --install=yes
* Fix up the docs (and config comments) to explain all this properly

This should fix all the problems. Existing configurations would work as they did before (via the resurrected dnf-automatic.service), and the behaviour of the action-specific timers/services would no longer be affected by the configuration files.
Comment 6 Adam Williamson 2017-09-08 06:21:42 UTC 
https://github.com/rpm-software-management/dnf/pull/919
Comment 7 Fedora Update System 2017-09-13 10:14:07 UTC 
dnf-2.6.3-2.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-750b4f0a28
Comment 8 Fedora Update System 2017-09-13 10:14:18 UTC 
dnf-2.6.3-5.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-b629284474
Comment 9 Fedora Update System 2017-09-13 17:12:32 UTC 
dnf-2.6.3-11.fc27 has been submitted as an update to Fedora 27. https://bodhi.fedoraproject.org/updates/FEDORA-2017-f2f4fe090e
Comment 10 Fedora Update System 2017-09-13 17:12:42 UTC 
dnf-2.6.3-11.fc26 has been submitted as an update to Fedora 26. https://bodhi.fedoraproject.org/updates/FEDORA-2017-9fe37c9984
Comment 11 Fedora Update System 2017-09-13 19:25:01 UTC 
dnf-2.6.3-11.fc27 has been pushed to the Fedora 27 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-f2f4fe090e
Comment 12 Fedora Update System 2017-09-14 04:53:16 UTC 
dnf-2.6.3-11.fc26 has been pushed to the Fedora 26 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-9fe37c9984
Comment 13 Fedora Update System 2017-09-14 21:55:18 UTC 
dnf-2.6.3-11.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report.
Comment 14 David H. Gutteridge 2017-09-20 04:24:15 UTC 
Bug https://bugzilla.redhat.com/show_bug.cgi?id=1473892 is likely addressed by this change. I've enquired in that ticket.
Comment 15 Fedora Update System 2017-09-30 06:27:53 UTC 
dnf-2.6.3-11.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report.