How to stop/disable/hold automatic updates for packages in linux?

Question

I have installed some packages (Docker, Kubeadm, Kubelet, Kubectl) for my Kubernetes cluster on Ubuntu 18.04 LTS.

I don't want these packages to get auto updated because there will be some issue arises between them when the update happens between one another. I just want to update manually when they are stable.

What is the correct command for stop packages update automatically?

Commands I have used to install them on Ubuntu 18.04

curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -

sudo add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/ubuntu \
   $(lsb_release -cs) \
   stable"

sudo apt-get update

sudo apt-get install -y docker-ce=18.06.1~ce~3-0~ubuntu

curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key add -

cat << EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list
deb https://apt.kubernetes.io/ kubernetes-xenial main
EOF

sudo apt-get update

sudo apt-get install -y kubelet=1.12.7-00 kubeadm=1.12.7-00 kubectl=1.12.7-00

Answer 1

Motivation: You don't want to take any risks over sensitive packages on your linux machine (It happens when your application is in production and customers use it, or some important task running inside, newer version can break changes and accidentally can cause a downtime). In this situation - you want to pin specific versions to your packages and make sure no upgrade happens without explicit action and approval from your side.

Solution: You should disable the unattended-upgrades feature and pin your package into the current version you use (in other words - keep this version).

step 1: disable automatic upgrade (aka unattended-upgrades)

$ sudo vim /etc/apt/apt.conf.d/20auto-upgrades

#edit these lines - which disabling the upgrade feature.

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "0";

step 2: hold and freeze the specific package you want prevent from self upgrading:

sudo apt-mark hold <package-name>

Answer 2

Find of the day :). Ubuntu apt gives you the command to hold the auto update of the package. Thanks to Dirk for giving me the hint.

sudo apt-mark hold docker-ce kubelet kubeadm kubectl

Answer 3

You can use the hold status for a package (or set of packages) to not involve it upgrades. That gives you the more fine-tuned ability to decide on a per-package basis what should, or should not, upgrade. Very helpful during known digressions, bugs, and subtle changes in behaviour.

From the manual page for dpkg and edited / indented:

   --get-selections [package-name-pattern...]
          Get list of package selections, and write it to stdout. Without a pattern,
          non-installed packages (i.e. those which have been previously purged) will
          not be shown.

   --set-selections
          Set package selections using file read from stdin. This file should be in
          the format “package state”, where state is one of install, hold, deinstall 
          or purge. Blank lines and comment lines beginning with ‘#’ are also 
          permitted.

          The available file needs to be up-to-date for this command to be useful, 
          otherwise unknown packages will be ignored with a warning. See the 
          --update-avail and  --merge-avail  commands  for more information.

The format is arguably a little weird -- but this is very powerful and helpful. I relied on it a few times during my twenty-five years (!!) with Debian/Ubuntu. I may have a shell script helper somwhere but I may need to dig.

Answer 4

apt doesn't have yum like flags --enable-repo and --disablerepo while performing install or update. A way to manage repos is shown here

But for your case the way you have added the repositories they have been appended to /etc/apt/sources.list therefore you can use sed to comment out the repository lines which you have added to install docker and kubernetes.
Note: you should comment out lines after installation and before performing sudo apt-get update

Example:

To disable docker repo:
sed -i 's/^deb.*docker.*/# &/g' /etc/apt/sources.list

Enable the docker repo for manual update:
sed -i '/^# deb .*docker.*/s/^# //' /etc/apt/sources.list