/ Ubuntu

Disable MySQL auto-update on Ubuntu

We have used Ubuntu as the main distribution for our persistent server, like databases and services that should run for a long time. One type of these servers is database instances with MySQL on board and it works very smooth with cloud-init. Except for the situation, when applications weren’t able to connect to a database for a small fraction of time that didn’t depend on part of the day, the average load or background tasks.

The first idea that pops up in my mind was that the server was rebooted because of OOM error.

But after a brief research, I found something unusual.

Aug 02 06:02:51 database-service systemd[1]: Started ACPI event daemon.
Aug 02 06:02:51 database-service systemd[1]: Stopping MySQL Community Server...
Aug 02 06:02:55 database-service systemd[1]: Stopped MySQL Community Server.
Aug 02 06:02:56 database-service audit[13853]: AVC apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/mysqld" pid=13853 comm="apparmor_parser"
Aug 02 06:02:56 database-service kernel: audit: type=1400 audit(1533189776.003:140): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/mysqld" pid=13853 comm="apparmor_parser"
Aug 02 06:02:56 database-service audit[13871]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/13871/status" pid=13871 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Aug 02 06:02:56 database-service audit[13871]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=13871 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Aug 02 06:02:56 database-service audit[13871]: AVC apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/13871/status" pid=13871 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Aug 02 06:02:56 database-service kernel: audit: type=1400 audit(1533189776.543:141): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/13871/status" pid=13871 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Aug 02 06:02:56 database-service kernel: audit: type=1400 audit(1533189776.543:142): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/sys/devices/system/node/" pid=13871 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Aug 02 06:02:56 database-service kernel: audit: type=1400 audit(1533189776.543:143): apparmor="DENIED" operation="open" profile="/usr/sbin/mysqld" name="/proc/13871/status" pid=13871 comm="mysqld" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Aug 02 06:02:57 database-service audit[13885]: AVC apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/mysqld" pid=13885 comm="apparmor_parser"
Aug 02 06:02:57 database-service kernel: audit: type=1400 audit(1533189777.103:144): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/mysqld" pid=13885 comm="apparmor_parser"
Aug 02 06:02:57 database-service systemd[1]: Reloading.
Aug 02 06:02:57 database-service systemd[1]: Started ACPI event daemon.
Aug 02 06:02:57 database-service systemd[1]: Reloading.
Aug 02 06:02:57 database-service systemd[1]: Started ACPI event daemon.
Aug 02 06:02:57 database-service systemd[1]: Starting MySQL Community Server...

Ubuntu makes a periodical update of the packages using system timer apt-daily.timer and apt-daily-upgrade.timer. These services trigger an update of the system and every time when new MySQL update incoming the service is restarted.

The best solution, in this case, is to disable updated of the MySQL server only and don’t disable auto update of the system.

sudo apt-mark hold <package>

But in case you really want to stop system updates, which I don’t recommend you can run

sudo systemctl stop apt-daily.timer
sudo systemctl disable apt-daily.timer
sudo systemctl mask apt-daily.service
sudo systemctl daemon-reload