When you install systems semi-manually, when updates get done matters

May 5, 2022

One of our little irritations with the modern Ubuntu server installer is that after it has installed your base system from the packages on the ISO image, it always installs at least security updates (unless it has no network connection to the outside world, which it probably does). A way of turning this off has been a long standing request for the new installer, and when the issue is raised one reaction I've seen is to ask why wouldn't you want to install all the available (security) updates. Well, I have an answer for that.

We absolutely do want to install updates. But we don't to install them from the Ubuntu installer, because our use of the Ubuntu installer is only partially automated and thus require us to sit at the server console (or visit it periodically) until it's done. Our goal is to get this forced console presence portion over with as fast as possible. The faster the system gets booted and on the network, the sooner we can go back to our desks, log in remotely, and get on with the rest of the install as well as our other work. The more work the installer forces to happen during this process, the more irritating it is. We want to postpone everything possible to the system's first boot so we get there as fast as possible.

(This would be different if we were rich enough to buy servers with dedicated BMC/IPMI network ports and KVM over IP licenses, or if the Ubuntu installer let you mirror the installation over a SSH connection so you could start it on the server console then finish it from your desk.)

The reality is that "pre-boot" system installers are a very special environment that suffers from unusual limitations. They are limited and awkward, and often constrain how (and where) you can interact with them. Generally they operate strictly sequentially, even if some of what you want to do could be done in parallel. As a result of this, these installers should offer a way to let them get their work done and get out of the way as fast as possible (ie, booting into the installed system), and this means at least providing the option to do a minimum of work.

Written on 05 May 2022.
« The temptation of smartctl's JSON output format given NVMe SSDs
Filtering Prometheus metrics with deliberately repeated labels »

Page tools: View Source, Add Comment.
Login: Password:
Atom Syndication: Recent Comments.

Last modified: Thu May 5 22:51:56 2022
This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.