在 Ubuntu Server 22.04 中禁用 snapd 的正确方法是什么?

在 Ubuntu Server 22.04 中禁用 snapd 的正确方法是什么?

我对 Ubuntu 很陌生。我有几个 Raspberry Pi 用于 Kubernetes 集群,其中装有 Ubuntu Server 22.04 LTS (64-pit),使用其 Imager 工具安装并在 SSD 上运行:

# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.3 LTS
Release:    22.04
Codename:   jammy

我的目标是优化操作系统的性能并删除 Kubernetes 集群环境中不需要的任何依赖项。

我目前执行的步骤:

  1. 禁用atime目录和文件:
# cat /etc/fstab
LABEL=writable  /   ext4    discard,noatime,errors=remount-ro   0 1
LABEL=system-boot       /boot/firmware  vfat    defaults        0 1
  1. 禁用cloud-init(使启动时间从3分钟缩短至20秒):
# touch /etc/cloud/cloud-init.disabled
  1. 最后,我想禁用snapd
# snap list
Name    Version        Rev    Tracking       Publisher   Notes
core20  20230622       1977   latest/stable  canonical✓  base
lxd     5.0.2-838e1b2  24326  5.0/stable/…   canonical✓  -
snapd   2.60.4         20298  latest/stable  canonical✓  snap

我尝试禁用每个快照并重新启动服务器,但挂载仍然存在:

# for i in core20 lxd snapd; do snap disable $i; done
# for j in snapd.service snapd.seeded.service snapd.socket; do systemctl disable $j; done
# reboot
# df -ah | grep loop
/dev/loop0       60M   60M     0 100% /snap/core20/1977
/dev/loop1      110M  110M     0 100% /snap/lxd/24326
/dev/loop2       47M   47M     0 100% /snap/snapd/19459
/dev/loop3       36M   36M     0 100% /snap/snapd/20298

我临时启动了 snapd 服务来查看 snap 服务是否被正确禁用:

# for i in snapd.socket snapd.service snapd.seeded.service; do systemctl start $i; done
# snap list --all
Name    Version        Rev    Tracking       Publisher   Notes
core20  20230622       1977   latest/stable  canonical✓  base,disabled
lxd     5.0.2-838e1b2  24326  5.0/stable/…   canonical✓  disabled
snapd   2.59.5         19459  latest/stable  canonical✓  snapd,disabled
snapd   2.60.4         20298  latest/stable  canonical✓  snapd,disabled

你能告诉我为什么不拆除支架吗?

我没有看到任何使用这些挂载的进程,删除这些挂载的正确方法是什么?

# lsof | grep loop

就我的情况而言,是否建议从操作系统中完全卸载 snap?

答案1

sudo systemctl stop snapd
sudo systemctl mask snapd

答案2

经过进一步调查,发现挂载点与已安装的 snap 包相关联,在重启后,删除它们也会删除挂载点。由于我正在使用 Ansible 自动化 Kubernetes 集群部署,因此以下是 OP 中提到的相关任务:

- name: Ubuntu Configuration
  notify: Reboot
  block:
    - name: Disable access time updates
      ansible.builtin.replace:
        path: /etc/fstab
        regexp: 'discard,errors'
        replace: 'discard,noatime,errors'

    - name: Disable cloud-init service
      ansible.builtin.file:
        path: /etc/cloud/cloud-init.disabled
        access_time: preserve
        modification_time: preserve
        state: touch
        owner: root
        group: root
        mode: '0644'

    - name: Set service facts
      ansible.builtin.service_facts:

    - name: Remove Snap Packages
      when:
        - ansible_facts.services['snapd.service'] is defined
        - ansible_facts.services['snapd.service'].state == 'running'
      block:
        - name: Get snap packages
          ansible.builtin.command:
            cmd: snap list
          changed_when: false
          register: snap_packages

        - name: Remove snap packages
          community.general.snap:
            name: '{{ item | split | first }}'
            state: absent
          loop: '{{ snap_packages.stdout_lines[1:] }}'
          when: snap_packages.stdout_lines[1:] is iterable

    - name: Disable snapd services
      ansible.builtin.systemd_service:
        name: '{{ item }}'
        state: stopped
        enabled: false
      loop:
        - snapd.service
        - snapd.seeded.service
        - snapd.socket

上面发布的优化使我将启动时间从 3 分钟以上缩短到不到 10 秒:

# systemd-analyze
Startup finished in 6.679s (kernel) + 3.239s (userspace) = 9.918s
graphical.target reached after 3.196s in userspace

是的,我可以继续深入研究,进一步删除 snapd 文件和目录,甚至阻止进一步安装 snap 包。但是,我的目标是只对操作系统设计进行最小程度的更改,以避免升级时可能出现的问题。

值得注意的是,如果卸载,snapd依赖项将会中断apparmor。因此,我选择仅禁用相关服务。

# apt rdepends --installed snapd
snapd
Reverse Depends:
  Recommends: ubuntu-server-raspi
  Recommends: ubuntu-server
  Breaks: apparmor (<< 2.44.3+20.04~)
  Recommends: ubuntu-server-raspi
  Recommends: ubuntu-server
  Breaks: apparmor (<< 2.44.3+20.04~)
  Suggests: command-not-found

相关内容