From 67043dca9fb6e5a50c0a0bc27433057f73ae2ad1 Mon Sep 17 00:00:00 2001
From: Davanum Srinivas <davanum@gmail.com>
Date: Tue, 3 Feb 2026 16:48:22 -0500
Subject: [PATCH] disable unnecessary Ubuntu services during node bootstrap

Mask and stop services that compete with apt operations or are not
needed for Kubernetes nodes:

- apt-news.service/timer: fetches APT news, holds apt lock
- esm-cache.service: Ubuntu Pro cache updates
- snapd.service/socket: Snap package manager
- lxd-installer.socket: LXD container helper
- ubuntu-advantage.service: Ubuntu Pro auto-attach
- unattended-upgrades.service: automatic security updates
- motd-news.timer: MOTD news fetching
- update-notifier-motd.timer: "new Ubuntu version" checks
- update-notifier-download.timer: failed package retry

This addresses CI timeouts where apt-news.service running concurrently
with apt-get update caused the master node to take ~5 minutes for
package index downloads (vs ~5-9 seconds on worker nodes).

Signed-off-by: Davanum Srinivas <davanum@gmail.com>
---
 cluster/gce/gci/master.yaml | 2 ++
 cluster/gce/gci/node.yaml   | 2 ++
 2 files changed, 4 insertions(+)

diff --git a/cluster/gce/gci/master.yaml b/cluster/gce/gci/master.yaml
index 75cf541c98f..adde05a3570 100644
--- a/cluster/gce/gci/master.yaml
+++ b/cluster/gce/gci/master.yaml
@@ -129,6 +129,8 @@ write_files:
       WantedBy=multi-user.target
 
 runcmd:
+ - systemctl mask apt-news.service apt-news.timer esm-cache.service snapd.service snapd.socket lxd-installer.socket ubuntu-advantage.service unattended-upgrades.service motd-news.timer update-notifier-motd.timer update-notifier-download.timer || true
+ - systemctl stop unattended-upgrades.service || true
  - systemctl daemon-reload
  - systemctl enable kube-bootstrap-logs-forwarder.service
  - systemctl enable kube-master-installation.service
diff --git a/cluster/gce/gci/node.yaml b/cluster/gce/gci/node.yaml
index 3d03df211b7..dabaf9145bf 100644
--- a/cluster/gce/gci/node.yaml
+++ b/cluster/gce/gci/node.yaml
@@ -87,6 +87,8 @@ write_files:
       options sunrpc max_resvport=986
 
 runcmd:
+ - systemctl mask apt-news.service apt-news.timer esm-cache.service snapd.service snapd.socket lxd-installer.socket ubuntu-advantage.service unattended-upgrades.service motd-news.timer update-notifier-motd.timer update-notifier-download.timer || true
+ - systemctl stop unattended-upgrades.service || true
  - systemctl daemon-reload
  - systemctl enable kube-node-installation.service
  - systemctl enable kube-node-configuration.service