docker停止服务原因排查，Ubuntu自动更新服务加白

服务器443端口突然停止服务，登上去看docker停止了，在/var/log下grep docker，查看/var/log/syslog.*、/var/log/unattended-upgrades/unattended-upgrades.log、/var/log/apt/history.log发现是因为unattended-upgrades服务升级导致的-_-!

 87 Start-Date: 2021-07-27  06:42:24
 88 Commandline: /usr/bin/unattended-upgrade
 89 Upgrade: docker-doc:amd64 (19.03.6-0ubuntu1~18.04.2, 20.10.2-0ubuntu1~18.04.3)
 90 End-Date: 2021-07-27  06:42:33
 91
 92 Start-Date: 2021-07-27  06:42:41
 93 Commandline: /usr/bin/unattended-upgrade
 94 Upgrade: docker.io:amd64 (19.03.6-0ubuntu1~18.04.2, 20.10.2-0ubuntu1~18.04.3)
 95 End-Date: 2021-07-27  06:43:15
...
117 Start-Date: 2021-07-27  06:43:52
118 Commandline: /usr/bin/unattended-upgrade
119 Upgrade: runc:amd64 (1.0.0~rc93-0ubuntu1~18.04.2, 1.0.0~rc95-0ubuntu1~18.04.2)
120 End-Date: 2021-07-27  06:43:54
...
127 Start-Date: 2021-07-27  06:44:04
128 Commandline: /usr/bin/unattended-upgrade
129 Upgrade: containerd:amd64 (1.3.3-0ubuntu1~18.04.2, 1.5.2-0ubuntu1~18.04.2)
130 End-Date: 2021-07-27  06:44:16

修改/etc/apt/apt.conf.d/50unattended-upgrades对docker相关的软件包加白

20 // List of packages to not update (regexp are supported)
21 Unattended-Upgrade::Package-Blacklist {
22 //  "vim";
23 //  "libc6";
24 //  "libc6-dev";
25 //  "libc6-i686";
26     "docker*";
27     "containerd";
28     "runc";
29 };

或者配置apt将软件包设置为不更新（手动upgrade也不更新，不推荐）

#使用 apt
apt-mark hold package_name  # 恢复 apt-mark unhold package_name 

#使用 dpkg
echo "package_name hold" | sudo dpkg --set-selections  # 恢复 echo "package_name install" | sudo dpkg --set-selections

#使用 aptitude
aptitude hold package_name	# 恢复 aptitude unhold package_name 

#查看已经hold的软件包
dpkg --get-selections | grep "hold" 

或者重新配置unattended-upgrade服务

dpkg-reconfigure unattended-upgrades

或者直接关闭unattended-upgrade服务

systemctl status apt-daily-upgrade.timer
systemctl stop apt-daily-upgrade.timer
systemctl disable --now apt-daily-upgrade.timer
systemctl daemon-reload

或者卸载

apt remove unattended-upgrades