bundles/apt: add monitoring for unattended upgrades
This commit is contained in:
parent
3088ae0ba0
commit
420cea15d2
GPG key ID:
12E3D2136B818350
4 changed files with 54 additions and 12 deletions
32
bundles/apt/files/check_unattended_upgrades
Normal file
32
bundles/apt/files/check_unattended_upgrades
Normal file
|
|
@ -0,0 +1,32 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
statusfile=/var/tmp/unattended_upgrades.status
|
||||||
|
if ! [[ -f "$statusfile" ]]
|
||||||
|
then
|
||||||
|
echo "Status file not found"
|
||||||
|
exit 3
|
||||||
|
fi
|
||||||
|
|
||||||
|
mtime=$(stat -c %Y $statusfile)
|
||||||
|
now=$(date +$s)
|
||||||
|
if (( $now - $mtime > 60*60*8 ))
|
||||||
|
then
|
||||||
|
echo "Status file is older than 8 days!"
|
||||||
|
exit 3
|
||||||
|
fi
|
||||||
|
|
||||||
|
exitcode=$(cat $statusfile)
|
||||||
|
case "$exitcode" in
|
||||||
|
abort_ssh)
|
||||||
|
echo "Upgrades skipped due to active SSH login"
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
0)
|
||||||
|
echo "OK"
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Last exitcode was $exitcode"
|
||||||
|
exit 2
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
@ -16,11 +16,15 @@ then
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
statusfile=/var/tmp/unattended_upgrades.status
|
||||||
|
# Workaround, because /var/tmp is usually 1777
|
||||||
|
[[ "$UID" == 0 ]] && chown root:root "$statusfile"
|
||||||
|
|
||||||
logins=$(ps h -C sshd -o euser | awk '$1 != "root" && $1 != "sshd"')
|
logins=$(ps h -C sshd -o euser | awk '$1 != "root" && $1 != "sshd" && $1 != "sshmon"')
|
||||||
if [[ -n "$logins" ]]
|
if [[ -n "$logins" ]]
|
||||||
then
|
then
|
||||||
echo "Will abort now, there are active SSH logins: $logins"
|
echo "Will abort now, there are active SSH logins: $logins"
|
||||||
|
echo "abort_ssh" > "$statusfile"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
@ -32,21 +36,15 @@ printf '{"comment": "UPDATE", "date": %s, "expiry": %s, "id": "UNATTENDED", "ite
|
||||||
>"$softlockdir"/UNATTENDED
|
>"$softlockdir"/UNATTENDED
|
||||||
trap 'rm -f "$softlockdir"/UNATTENDED' EXIT
|
trap 'rm -f "$softlockdir"/UNATTENDED' EXIT
|
||||||
|
|
||||||
apt-get update
|
(
|
||||||
|
apt-get update
|
||||||
ret=$?
|
DEBIAN_FRONTEND=noninteractive apt-get -y -q -o Dpkg::Options::=--force-confold -o Dpkg::Options::=--force-confdef dist-upgrade
|
||||||
if (( $ret != 0 ))
|
)
|
||||||
then
|
|
||||||
echo "apt-get update exited $ret"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
DEBIAN_FRONTEND=noninteractive apt-get -y -q -o Dpkg::Options::=--force-confold -o Dpkg::Options::=--force-confdef dist-upgrade
|
|
||||||
|
|
||||||
ret=$?
|
ret=$?
|
||||||
if (( $ret != 0 ))
|
if (( $ret != 0 ))
|
||||||
then
|
then
|
||||||
echo "apt-get dist-upgrade exited $ret"
|
echo "apt-get dist-upgrade exited $ret"
|
||||||
|
echo "$ret" > "$statusfile"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -23,6 +23,9 @@ actions = {
|
||||||
}
|
}
|
||||||
|
|
||||||
files = {
|
files = {
|
||||||
|
'/usr/local/share/icinga/plugins/check_unattended_upgrades': {
|
||||||
|
'mode': '0755',
|
||||||
|
},
|
||||||
'/usr/local/sbin/upgrade-and-reboot': {
|
'/usr/local/sbin/upgrade-and-reboot': {
|
||||||
'content_type': 'mako',
|
'content_type': 'mako',
|
||||||
'mode': '0700',
|
'mode': '0700',
|
||||||
|
|
|
||||||
|
|
@ -4,4 +4,13 @@ defaults = {
|
||||||
minute=node.magic_number % 30,
|
minute=node.magic_number % 30,
|
||||||
),
|
),
|
||||||
},
|
},
|
||||||
|
'icinga2_api': {
|
||||||
|
'apt': {
|
||||||
|
'services': {
|
||||||
|
'UNATTENDED UPGRADES': {
|
||||||
|
'command_on_monitored_host': '/usr/local/share/icinga/plugins/check_unattended_upgrades',
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue