Sorry if this thread sounds condescending, but I urge everyone running LXD in a production environment to disable snap auto-refresh immediately! Due to some bugs in LXCFS, the recent snap update from LXD 3.14 to 3.15 has caused many hundreds of production containers to go offline. Personally, I have +700 containers running that are affected by the LXCFS bug, and I see a number of other uses having similar issues. To make matters worse, there is no way to completely disable the auto-refresh process. This means your system is at risk for any future updates if you allow snap updates to occur.
That said, there are a few workarounds to fool the snap tool from auto updating. Simply run the following commands on ALL your LXD servers:
snap set system proxy.http="http://127.0.0.1:1111" snap set system proxy.https="http://127.0.0.1:1111"
You can run these IPTables commands:
iptables -F iptables -A OUTPUT -d api.snapcraft.io -j DROP iptables-save
Please note: I have been a big supporter of LXD for >2yrs and appreciate and support all the LXD work done by Stephane, Christian, and team. They have created a remarkable tool that gives us an excellent container environment for free. However, we should always vet any software updates on test servers before going into production. Relying on someone else’s test tools to validate production software is a huge risk - especially when our livelihoods depend on uptime and stability.
The inability to completely disable snap auto updates is the root cause of all these issues (https://forum.snapcraft.io/t/disabling-automatic-refresh-for-snap-from-store/707/250). It seems the snap developers don’t really care about production environments…