The other day I found out that my Docker container had been killed as the docker daemon had been automatically upgraded on an AWS box I was running.
journald showed these messages in the relevant time slot:
Aug 06 05:56:01 ip-192-168-3-117 systemd[1]: Starting Daily apt download activities...
Aug 06 05:56:11 ip-192-168-3-117 systemd[1]: Started Daily apt download activities.
Aug 06 06:06:39 ip-192-168-3-117 systemd[1]: Starting Daily apt upgrade and clean activities...
Aug 06 06:06:48 ip-192-168-3-117 systemd[1]: Reloading.
Aug 06 06:06:48 ip-192-168-3-117 systemd[1]: Starting Message of the Day...
Aug 06 06:06:48 ip-192-168-3-117 systemd[1]: Reloading.
Aug 06 06:06:49 ip-192-168-3-117 systemd[1]: Reloading.
Aug 06 06:06:49 ip-192-168-3-117 systemd[1]: Stopping Docker Application Container Engine...
How can I know when this is scheduled to run? I looked through the various cron jobs in /etc and I thought /etc/cron.daily/apt-compat was involved, since it contained this at the end:
# delay the job execution by a random amount of time
random_sleep
# ensure we don't do this on battery
check_power || exit 0
# run daily job
exec /usr/lib/apt/apt.systemd.daily
but it turns out it never gets that far, as it actually just uses systemd. I overlooked this at the start of cron.daily/apt-compat:
# Systemd systems use a systemd timer unit which is preferable to
# run. We want to randomize the apt update and unattended-upgrade
# runs as much as possible to avoid hitting the mirrors all at the
# same time. The systemd time is better at this than the fixed
# cron.daily time
if [ -d /run/systemd/system ]; then
exit 0
fi
So somehow systemd schedules this to run instead.
That file, /usr/lib/apt/apt.systemd.daily, basically seems like the script responsible, although I cannot find any of the strings above, like "Starting .* activities".
So systemd is scheduling this, but where is this stored? Where does is it told to run /usr/lib/apt/apt.systemd.daily?
