bundles/apt: add monitoring for unattended upgrades

2020-11-10 09:50:20 +01:00 · 2020-11-10 09:50:20 +01:00 · 420cea15d2
commit 420cea15d2
parent 3088ae0ba0
4 changed files with 54 additions and 12 deletions
--- a/bundles/apt/files/upgrade-and-reboot
+++ b/bundles/apt/files/upgrade-and-reboot
@ -16,11 +16,15 @@ then
    fi
 fi

+statusfile=/var/tmp/unattended_upgrades.status
+# Workaround, because /var/tmp is usually 1777
+[[ "$UID" == 0 ]] && chown root:root "$statusfile"

-logins=$(ps h -C sshd -o euser | awk '$1 != "root" && $1 != "sshd"')
+logins=$(ps h -C sshd -o euser | awk '$1 != "root" && $1 != "sshd" && $1 != "sshmon"')
 if [[ -n "$logins" ]]
 then
    echo "Will abort now, there are active SSH logins: $logins"
+    echo "abort_ssh" > "$statusfile"
    exit 1
 fi

@ -32,21 +36,15 @@ printf '{"comment": "UPDATE", "date": %s, "expiry": %s, "id": "UNATTENDED", "ite
    >"$softlockdir"/UNATTENDED
 trap 'rm -f "$softlockdir"/UNATTENDED' EXIT

-apt-get update
-
-ret=$?
-if (( $ret != 0 ))
-then
-    echo "apt-get update exited $ret"
-    exit 1
-fi
-
-DEBIAN_FRONTEND=noninteractive apt-get -y -q -o Dpkg::Options::=--force-confold -o Dpkg::Options::=--force-confdef dist-upgrade
-
+(
+    apt-get update
+    DEBIAN_FRONTEND=noninteractive apt-get -y -q -o Dpkg::Options::=--force-confold -o Dpkg::Options::=--force-confdef dist-upgrade
+)
 ret=$?
 if (( $ret != 0 ))
 then
    echo "apt-get dist-upgrade exited $ret"
+    echo "$ret" > "$statusfile"
    exit 1
 fi