diff options
-rwxr-xr-x | nagios-check-apt-updates | 127 |
1 files changed, 80 insertions, 47 deletions
diff --git a/nagios-check-apt-updates b/nagios-check-apt-updates index 2fbade1..a4e4cd6 100755 --- a/nagios-check-apt-updates +++ b/nagios-check-apt-updates @@ -29,10 +29,45 @@ use Getopt::Long; $ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin'; delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'}; +my $APT = '/usr/bin/apt-get'; +my $VERBOSE; + +sub do_check($$$$) { + my ($pre_command, $name, $updates_security, $updates_other) = @_; + + print STDERR "Running $APT update in $name\n" if $VERBOSE; + open (UPDATE, "$pre_command$APT update|") or die ("Cannot run $APT update in $name: $!\n"); + my @ignore=<UPDATE>; + close UPDATE; + if ($CHILD_ERROR) { # program failed + die("$APT update returned with non-zero exit code in $name: ".($CHILD_ERROR / 256)."\n"); + }; + + print STDERR "Running $APT --simulate upgrade | sort -u in $name\n" if $VERBOSE; + open (TODO, "$pre_command$APT --simulate upgrade | sort -u |") or die ("Cannot run $APT --simulate upgrade | sort -u in $name: $!\n"); + my @lines=<TODO>; + close TODO; + if ($CHILD_ERROR) { # program failed + die("$APT --simulate upgrade | sort -u returned with non-zero exit code in $name: ".($CHILD_ERROR / 256)."\n"); + }; + + print STDERR "Processing information for $name\n" if $VERBOSE; + for my $line (@lines) { + if ($line =~ m/^Inst\s+(\S+)\s+/) { + my $package = $1; + if ($line =~ m/^Inst\s+\S+\s+.*security/i) { + push @$updates_security, $package.($name ne '/' ? "($name)" : ''); + } else { + push @$updates_other, $package.($name ne '/' ? "($name)" : ''); + }; + } + } +} + + my $VERSION = '0.0.3 - $Rev$'; -my $APT = '/usr/bin/apt-get'; -my $USE_SUDO = 1; +my $use_sudo = 1; my $params; # nagios exit codes @@ -42,6 +77,7 @@ my $CRITICAL = 2; my $UNKNOWN = 3; $params->{'chroots'} = []; +$params->{'vservers'} = []; Getopt::Long::config('bundling'); if (!GetOptions ( '--help' => \$params->{'help'}, @@ -51,6 +87,7 @@ if (!GetOptions ( '--verbose' => \$params->{'verbose'}, '--warnifupdates' => \$params->{'warnifupdates'}, '--chroot=s' => $params->{'chroots'}, + '--vserver=s' => $params->{'vservers'} )) { die ("Usage: $PROGRAM_NAME [--help|--version] [--sudo|--nosudo] [--verbose]\n"); }; @@ -59,19 +96,22 @@ if ($params->{'help'}) { print "Usage: $PROGRAM_NAME [--help|--version] [--sudo|--nosudo] [--verbose]\n"; print "Reports packages to upgrade, updating the list if necessary.\n"; print "\n"; - print " --help Print this short help.\n"; - print " --version Report version number.\n"; - print " --sudo Use sudo to call apt-get (default).\n"; - print " --nosudo Do not use sudo to call apt-get.\n"; - print " --warnifupdates Exit with a WARNING status if any updates are available.\n"; - print " --verbose Be a little verbose.\n"; - print " --chroot=<path> Run check in path.\n"; + print " --help Print this short help.\n"; + print " --version Report version number.\n"; + print " --sudo Use sudo to call apt-get (default).\n"; + print " --nosudo Do not use sudo to call apt-get.\n"; + print " --warnifupdates Exit with a WARNING status if any updates are available.\n"; + print " --verbose Be a little verbose.\n"; + print " --chroot=<path> Run check in path.\n"; + print " --vserver=<vserver> Run check in vserver.\n"; print "\n"; print "Note that for --sudo (default) you will need entries in /etc/sudoers like these:\n"; - print "nagios ALL=(ALL) NOPASSWD: /usr/bin/apt-get update\n"; - print "nagios ALL=(ALL) NOPASSWD: /usr/bin/apt-get --simulate upgrade\n"; - print "nagios ALL=(ALL) NOPASSWD: /usr/sbin/chroot /chroot-ia32 /usr/bin/apt-get update\n"; - print "nagios ALL=(ALL) NOPASSWD: /usr/sbin/chroot /chroot-ia32 /usr/bin/apt-get --simulate upgrade\n"; + print "nagios ALL=(ALL) NOPASSWD: /usr/bin/apt-get update\n"; + print "nagios ALL=(ALL) NOPASSWD: /usr/bin/apt-get --simulate upgrade\n"; + print "nagios ALL=(ALL) NOPASSWD: /usr/sbin/chroot /chroot-ia32 /usr/bin/apt-get update\n"; + print "nagios ALL=(ALL) NOPASSWD: /usr/sbin/chroot /chroot-ia32 /usr/bin/apt-get --simulate upgrade\n"; + print "nagios ALL=(ALL) NOPASSWD: /usr/sbin/vserver phpserver exec /usr/bin/apt-get update\n"; + print "nagios ALL=(ALL) NOPASSWD: /usr/sbin/vserver phpserver exec /usr/bin/apt-get --simulate upgrade\n"; print "\n"; exit (0); }; @@ -86,20 +126,27 @@ if ($params->{'sudo'} && $params->{'nosudo'}) { die ("$PROGRAM_NAME: --sudo and --nosudo are mutually exclusive.\n"); }; if ($params->{'sudo'}) { - $USE_SUDO = 1; + $use_sudo = 1; }; if ($params->{'nosudo'}) { - $USE_SUDO = 0; + $use_sudo = 0; }; -if (scalar @{$params->{'chroots'}} == 0) { +if (scalar @{$params->{'chroots'}} == 0 && scalar @{$params->{'vservers'}} == 0) { $params->{'chroots'} = ['/']; }; +$VERBOSE = $params->{'verbose'}; + $SIG{'__DIE__'} = sub { print STDERR @_; exit $UNKNOWN; }; + +my @updates_security; +my @updates_other; + + # Make sure chroot paths are nice; my @chroots = (); for my $root (@{$params->{'chroots'}}) { @@ -109,42 +156,28 @@ for my $root (@{$params->{'chroots'}}) { die ("Chroot path $root is not nice.\n"); }; }; - -my @updates_security; -my @updates_other; - for my $root (@chroots) { my $pre_command = ($root ne '/') ? "chroot $root " : ''; - $pre_command = ($USE_SUDO ? 'sudo ' : '').$pre_command; - - print STDERR "Running $APT update in $root\n" if $params->{'verbose'}; - open (UPDATE, "$pre_command$APT update|") or die ("Cannot run $APT update in $root: $!\n"); - my @ignore=<UPDATE>; - close UPDATE; - if ($CHILD_ERROR) { # program failed - die("$APT update returned with non-zero exit code in $root: ".($CHILD_ERROR / 256)."\n"); + $pre_command = ($use_sudo ? 'sudo ' : '').$pre_command; + do_check($pre_command, $root, \@updates_security, \@updates_other); +} + +# Make sure vserver names are nice; +my @vservers = (); +for my $vserver (@{$params->{'vservers'}}) { + if ($vserver =~ m#^([a-zA-Z0-9.-]+)$#) { + push @vservers, $1; + } else { + die ("Vserver name $vserver is not nice.\n"); }; +}; +for my $vserver (@vservers) { + my $pre_command = "/usr/sbin/vserver $vserver exec "; + do_check($pre_command, $vserver, \@updates_security, \@updates_other); +} + - print STDERR "Running $APT --simulate upgrade | sort -u in $root\n" if $params->{'verbose'}; - open (TODO, "$pre_command$APT --simulate upgrade | sort -u |") or die ("Cannot run $APT --simulate upgrade | sort -u in $root: $!\n"); - my @lines=<TODO>; - close TODO; - if ($CHILD_ERROR) { # program failed - die("$APT --simulate upgrade | sort -u returned with non-zero exit code in $root: ".($CHILD_ERROR / 256)."\n"); - }; - print STDERR "Processing information for $root\n" if $params->{'verbose'}; - for my $line (@lines) { - if ($line =~ m/^Inst\s+(\S+)\s+/) { - my $package = $1; - if ($line =~ m/^Inst\s+\S+\s+.*security/i) { - push @updates_security, $package.($root ne '/' ? "($root)" : ''); - } else { - push @updates_other, $package.($root ne '/' ? "($root)" : ''); - }; - } - } -}; my $exit = $OK; |