bundlewrap/bundles/apt/files/upgrade-and-reboot

#!/bin/bash

# With systemd, we can force logging to the journal. This is better than
# spamming the world with cron mails. You can then view these logs using
# "journalctl -rat upgrade-and-reboot".
if which logger >/dev/null 2>&1
then
    # Dump stdout to logger, which will then put everything into the
    # journal.
    exec 1> >(logger -t upgrade-and-reboot -p user.info)

    # Make stdout and stderr the same. We don't care about the
    # distinction anyway.
    exec 2>&1
fi

statusfile="/var/tmp/unattended_upgrades.status"
# Workaround, because /var/tmp is usually 1777
[[ "$UID" == 0 ]] && chown root:root "$statusfile"

logins=$(ps h -C sshd -o euser | awk '$1 != "root" && $1 != "sshd" && $1 != "sshmon"')
if [[ -n "$logins" ]]
then
    echo "Will abort now, there are active SSH logins: $logins"
    echo "abort_ssh" > "$statusfile"
    exit 1
fi

softlockdir=/var/lib/bundlewrap/soft-${node.name}
mkdir -p "$softlockdir"
printf '{"comment": "UPDATE", "date": %s, "expiry": %s, "id": "UNATTENDED", "items": ["*"], "user": "root@localhost"}\n' \
    $(date +%s) \
    $(date -d 'now + 30 mins' +%s) \
    >"$softlockdir"/UNATTENDED
trap 'rm -f "$softlockdir"/UNATTENDED' EXIT

(
    apt-get update
    DEBIAN_FRONTEND=noninteractive apt-get -y -q -o Dpkg::Options::=--force-confold -o Dpkg::Options::=--force-confdef dist-upgrade
)
ret=$?

echo "apt-get dist-upgrade exited $ret"
echo "$ret" > "$statusfile"

if (( $ret != 0 ))
then
    exit 1
fi

DEBIAN_FRONTEND=noninteractive apt-get -y -q autoclean
DEBIAN_FRONTEND=noninteractive apt-get -y -q autoremove

if [[ -f /var/run/reboot-required ]]
then
% if 'mail' in data:
    date | mail -s "SYSREBOOTNOW ${node.name}" ${data['mail']}
% endif
    systemctl reboot
fi
bundles/apt: handle unattended-upgrades ourselves 2020-10-18 13:33:41 +00:00			`#!/bin/bash`

			`# With systemd, we can force logging to the journal. This is better than`
			`# spamming the world with cron mails. You can then view these logs using`
			`# "journalctl -rat upgrade-and-reboot".`
bundles/apt: fix logging for upgrade-and-reboot 2021-01-23 10:32:35 +00:00			`if which logger >/dev/null 2>&1`
bundles/apt: handle unattended-upgrades ourselves 2020-10-18 13:33:41 +00:00			`then`
bundles/apt: fix logging for upgrade-and-reboot 2021-01-23 10:32:35 +00:00			`# Dump stdout to logger, which will then put everything into the`
			`# journal.`
			`exec 1> >(logger -t upgrade-and-reboot -p user.info)`

			`# Make stdout and stderr the same. We don't care about the`
			`# distinction anyway.`
			`exec 2>&1`
bundles/apt: handle unattended-upgrades ourselves 2020-10-18 13:33:41 +00:00			`fi`

bundles: fix some icinga checks 2020-11-21 09:30:05 +00:00			`statusfile="/var/tmp/unattended_upgrades.status"`
bundles/apt: add monitoring for unattended upgrades 2020-11-10 08:50:20 +00:00			`# Workaround, because /var/tmp is usually 1777`
			`[[ "$UID" == 0 ]] && chown root:root "$statusfile"`
bundles/apt: handle unattended-upgrades ourselves 2020-10-18 13:33:41 +00:00
bundles/apt: add monitoring for unattended upgrades 2020-11-10 08:50:20 +00:00			`logins=$(ps h -C sshd -o euser \| awk '$1 != "root" && $1 != "sshd" && $1 != "sshmon"')`
bundles/apt: handle unattended-upgrades ourselves 2020-10-18 13:33:41 +00:00			`if [[ -n "$logins" ]]`
			`then`
			`echo "Will abort now, there are active SSH logins: $logins"`
bundles/apt: add monitoring for unattended upgrades 2020-11-10 08:50:20 +00:00			`echo "abort_ssh" > "$statusfile"`
bundles/apt: handle unattended-upgrades ourselves 2020-10-18 13:33:41 +00:00			`exit 1`
			`fi`

			`softlockdir=/var/lib/bundlewrap/soft-${node.name}`
			`mkdir -p "$softlockdir"`
			`printf '{"comment": "UPDATE", "date": %s, "expiry": %s, "id": "UNATTENDED", "items": ["*"], "user": "root@localhost"}\n' \`
			`$(date +%s) \`
			`$(date -d 'now + 30 mins' +%s) \`
			`>"$softlockdir"/UNATTENDED`
			`trap 'rm -f "$softlockdir"/UNATTENDED' EXIT`

bundles/apt: add monitoring for unattended upgrades 2020-11-10 08:50:20 +00:00			`(`
			`apt-get update`
			`DEBIAN_FRONTEND=noninteractive apt-get -y -q -o Dpkg::Options::=--force-confold -o Dpkg::Options::=--force-confdef dist-upgrade`
			`)`
bundles/apt: handle unattended-upgrades ourselves 2020-10-18 13:33:41 +00:00			`ret=$?`
bundles/apt: fix statusfile output of unattended upgrades 2020-11-21 17:07:01 +00:00
			`echo "apt-get dist-upgrade exited $ret"`
			`echo "$ret" > "$statusfile"`

bundles/apt: handle unattended-upgrades ourselves 2020-10-18 13:33:41 +00:00			`if (( $ret != 0 ))`
			`then`
			`exit 1`
			`fi`

bundles/apt: use DEBIAN_FRONTEND=noninteractive everywhere in upgrade-and-reboot 2020-10-23 02:33:01 +00:00			`DEBIAN_FRONTEND=noninteractive apt-get -y -q autoclean`
			`DEBIAN_FRONTEND=noninteractive apt-get -y -q autoremove`
bundles/apt: handle unattended-upgrades ourselves 2020-10-18 13:33:41 +00:00
			`if [[ -f /var/run/reboot-required ]]`
			`then`
bundles/c3voc-addons: add upgrade-and-reboot to bundle 2021-01-17 17:43:30 +00:00			`% if 'mail' in data:`
bundles/apt: use DEBIAN_FRONTEND=noninteractive everywhere in upgrade-and-reboot 2020-10-23 02:33:01 +00:00			`date \| mail -s "SYSREBOOTNOW ${node.name}" ${data['mail']}`
bundles/c3voc-addons: add upgrade-and-reboot to bundle 2021-01-17 17:43:30 +00:00			`% endif`
bundles/apt: handle unattended-upgrades ourselves 2020-10-18 13:33:41 +00:00			`systemctl reboot`
			`fi`