Description
When building a new AMI using a base image that is behind on security packages (e.g., ubuntu16.04 sql server image), there is oftentimes a race condition between the daily update routine in the AMIs and installing new software. E.g., as the instance is booting, you could run into a situation where the daily update kicks in in the background and starts updating the packages (which may total 100+), conflicting with other install scripts that try to install additional packages.
When we first encountered this problem we tried to resolve it with a script that you can call to wait for all apt-get locks to be released (#4), but this doesn't quite work because when the daily update routine kicks in is non-deterministic. As such, the wait script may run before the daily update happens, and thus move past the check even though an update routine kicks off in the background at a later point during the AMI build process.
An alternative solution is to run the dynamic-ubuntu-wait.sh routine every time you want to call apt-get. Having a function in bash-commons that expose this logic would be useful to create more robust install scripts for packages.