X-Git-Url: http://git.indexdata.com/?a=blobdiff_plain;f=aptcheck%2Faptcheck.pl;h=627eb2ae7d375e403446b3ed05ffff27073b32b5;hb=f23a522439343470ed9e0df49d4d1efe222b3e44;hp=2dac01abd5ab355bd2efde5739224563e38b1fa7;hpb=90e817a4e409512818d48db9abbaa55f11b3abf6;p=git-tools-moved-to-github.git diff --git a/aptcheck/aptcheck.pl b/aptcheck/aptcheck.pl index 2dac01a..627eb2a 100755 --- a/aptcheck/aptcheck.pl +++ b/aptcheck/aptcheck.pl @@ -21,14 +21,20 @@ # 15-Aug-2011 Heikki: Adding a total in the headline, for nagiosgrapher # 21-May-2012 Heikki: Added a date since when a package has been pending # 31-May-2012 Heikki: Pointing to the new wiki +# 01-Jan-2013 Heikki: Get hosts from nagios-us as well. # # TODO: Assumes that we release our restricted packages for all versions # and architectures at the same time. Gets only the highest version from # all, and reports anything less than this. Good enough for now. # -# TODO: Get the dates from ls --full-time /var/cache/apt/archives/ -# and display next to the packages, so we can see how long they have -# been lingering. Boldface them if older than some limit +# TODO: Check CentOs systems too +# Need a check_rpm plugin, and nagios checks defined on the CentOs machines, +# then we can grep for that check in nagios configs, and find rpm machines +# that way. Or, check all machines listed in nagios, determine what they +# run, and use proper commands to check for packages. +# +# TODO: Summary section for hosts that have too old updates still pending +# - those that are marked with (!) #### Init use strict; @@ -37,6 +43,7 @@ my $year =`date +%Y`; #my $wikilink = 'http://twiki.indexdata.dk/cgi-bin/twiki/view/ID/'; my $wikilink = 'https://twiki.indexdata.com/twiki/bin/view/ID/'; my $restrictedpackages = "ssh -q kebab cat /home/ftp/pub/debian/dists/*/restricted/*/Packages"; +my $updlink="-u"; # to display after a name, liking to the upd page #### Host comments my %hostcomments = ( @@ -52,10 +59,16 @@ my %hostcomments = ( # I could use a hard-coded list, but I would forget to maintain it. # Nagios knows most of our hosts. It even knows which are worth # checking, they have a command to check apts! +print "Getting hostlist from nagios\n" if $debug; +my $hostlist1 = `ssh nagios grep -l \\"define host\\" /etc/nagios3/indexdata-conf.d/*.cfg` + or die "Could not get host list from nagios (dk)"; -my $hostlist = `ssh nagios grep -l Apt /etc/nagios3/indexdata-conf.d/*.cfg` - or die "Could not get host list"; +print "Getting hostlist from nagios-us\n" if $debug; +#my $hostlist2 = `ssh nagios-us grep -l Apt /etc/nagios3/indexdata-conf.d/*.cfg` +my $hostlist2 = `ssh nagios-us grep -l \\"define host\\" /etc/nagios3/indexdata-conf.d/*.cfg` + or die "Could not get host list from nagios (us)"; +my $hostlist = $hostlist1 . $hostlist2; print "Got list:\n$hostlist\n" if $debug>2; ###### Get list of packages that can be manually maintained @@ -123,6 +136,8 @@ my %newdates; # To be written in the new version of the file my $datefilename = "aptcheck.data"; my $dateoldfilename = "aptcheck.old"; my $thisdate = "*"; # indicates really old stuff +my $warndate; # Older than this will be boldfaced + if ( -f $datefilename ) { print "Reading dates from $datefilename\n" if $debug; open F, $datefilename or die "Could not open date file $datefilename: $!"; @@ -136,6 +151,9 @@ if ( -f $datefilename ) { close F; $thisdate = `date +%F`; chomp($thisdate); + $warndate = `date +%F -d "30 days ago"` ; ; + chomp($warndate); + print "Dates: now: '$thisdate' warn: '$warndate'\n" if $debug; } else { print "No datefile $datefilename found, starting from scratch\n"; } @@ -143,24 +161,42 @@ if ( -f $datefilename ) { my $table = "\n"; -for my $hline ( split("\n",$hostlist) ) { +HOSTLOOP: +for my $hline ( sort( split("\n",$hostlist) ) ) { next unless ( $hline =~ /\/([a-z0-9-]+)\.cfg$/ ); my $H = $1; + print "Checking $H\n" if $debug; + next if ($H =~ /^xdummy/ ); next if ($H =~ /^commands/ ); + next if ($H =~ /^contacts/ ); next if ($H =~ /^servicegroups/ ); - print "Checking $H\n" if $debug; + next if ($H =~ /^hostgroups/ ); + next if ($H =~ /^host-/ ); + last if ($H =~/cookie/) && $debug; $allhosts{$H}=1; + my $cmd = + "if test -f /etc/debian_version; " . + "then " . + " cat /etc/debian_version; " . + " apt-cache -q policy " . join(" ",sort(keys(%restrpkgs))) .";" . + " apt-get upgrade -s -o 'Debug::NoLocking=true'; " . + "else " . + " cat /etc/redhat-release; " . + # " yum check-update -q; ". + " echo done ;". # to be sure we have one "real" line + "fi " ; + my $cmd0 = "cat /etc/debian_version"; my $cmd1 = "apt-cache -q policy " . join(" ",sort(keys(%restrpkgs))); my $cmd2 = "apt-get upgrade -s -o 'Debug::NoLocking=true' "; # Note, do not append -qq, we want some output even when nothing to do - print "ssh -q $H \"$cmd0; $cmd1 ; $cmd2 \" 2>/dev/null \n" if ($debug>1); - my $apt = `ssh -q $H "$cmd0; $cmd1 ; $cmd2 " 2>/dev/null`; + print "ssh -q $H \"$cmd\" 2>/dev/null \n" if ($debug>1); + my $apt = `ssh -q $H "$cmd" 2>/dev/null`; if ( !$apt ) { $table .= "\n"; - $table .= "\n"; $skiphosts{$H}=1; - next; + next HOSTLOOP; } print "Got apts for $H: \n$apt\n" if $debug>2; my $det = ""; # detail lines @@ -171,17 +207,32 @@ for my $hline ( split("\n",$hostlist) ) { my $restrname = ""; my $restrinst = ""; my $restrcand = ""; - my $debver = 0; + my $versionseen = 0; + my $is_debian = 0; for my $p ( split("\n",$apt) ) { - if ( !$debver ) { # first line - $debver = 1; - $p =~ s/(5[0-9.]+)/$1 LENNY !!!/; - $p =~ s/(6[0-9.]+)/$1 squeeze/; - $p =~ s/(7[0-9.]+)/$1 wheezy/; - $p = " Debian $p"; - $debversions{$H} = $p; - print "Deb version for $H is $p\n" if ($debug>1); - next; + if ( !$versionseen ) { # first line + $versionseen = 1; + if ( $p =~ /Centos/i ) { + print "CentOs version for $H is $p\n" if ($debug>1); + $debversions{$H} = $p; + } else { # must be Debian + $p =~ s/(5[0-9.]+)/$1 LENNY !!!/; + $p =~ s/(6[0-9.]+)/$1 squeeze/; + $p =~ s/(7[0-9.]+)/$1 wheezy/; + $p = " Debian $p"; + $debversions{$H} = $p; + $is_debian = 1; + print "Deb version for $H is $p\n" if ($debug>1); + } + next; + } + if ( ! $is_debian ) { + $table .= "\n"; + $table .= "\n"; + $table .= "\n"; + $skiphosts{$H}=1; + next HOSTLOOP; } # parse apt-cache output $restrname = $1 if $p =~ /^(\S+):$/; @@ -211,7 +262,12 @@ for my $hline ( split("\n",$hostlist) ) { } else { $newdates{$datekey} = $thisdate; } - $det .= ""; + my $dispdate = $newdates{$datekey}; + # if ( $dispdate lt $warndate ) { + if ( 0 ) { # manual packages don't need to be highlighted + $dispdate = "$dispdate !"; + } + $det .= ""; $det .= "\n"; my $key = "$restrname"; if ( !$summary{$key} ) { @@ -264,7 +320,11 @@ for my $hline ( split("\n",$hostlist) ) { } else { $newdates{$datekey} = $thisdate; } - $det .= ""; + my $dispdate = $newdates{$datekey}; + if ( ( $dispdate lt $warndate ) && ( $src =~ /Security/) ) { + $dispdate = "$dispdate !"; + } + $det .= ""; $det .= "\n"; } @@ -292,19 +352,22 @@ for my $hline ( split("\n",$hostlist) ) { if ( $hostcomments{$H} ); $table .= $det if $pkgs; print "\n$table\n" if $debug>2; - last if $H =~/diane/ && $debug; } $table .= "


$H (skipped)\n"; + $table .= "
$H (skipped)

$H (skipped)
Looks like Centos, " . + "not yet implemented
" . $newdates{$datekey} . "	" . $dispdate . "
" . $newdates{$datekey} . "	" . $dispdate . "

\n"; # Save the date file -`mv -f $datefilename $dateoldfilename`; -open F, ">$datefilename" or die "Could not open date file $datefilename for writing"; -for my $k (sort(keys(%newdates)) ) { - print F "$k " . $newdates{$k}. "\n"; - print "date for '$k' '" . $newdates{$k}. "'\n" if $debug; +if ( ! $debug ) { + `mv -f $datefilename $dateoldfilename`; + open F, ">$datefilename" or die "Could not open date file $datefilename for writing"; + for my $k (sort(keys(%newdates)) ) { + print F "$k " . $newdates{$k}. "\n"; + print "date for '$k' '" . $newdates{$k}. "'\n" if $debug; + } + close F + or die "Could not close date file $datefilename: $!"; +} else { + print "Not updating the date file, this is a debug run\n"; } -close F - or die "Could not close date file $datefilename: $!"; # Page header my $outfile = "/tmp/aptcheck.html"; @@ -313,7 +376,7 @@ open F, ">$outfile" print F "\n"; print F "Apt upgrade status\n"; print F "\n"; -print F "

Apt package status

\n"; +print F "

Package status

\n"; print F "" . ( $sectot + $owntot + $mantot + $normtot ) . " packages pending ($sectot critical) \n"; @@ -334,7 +397,7 @@ if ( $sectot ) { print F ""; for my $HH ( sort(keys(%sechosts)) ) { my $upd = $updlinks{$HH} || "#" ; - print F "$HH, "; + print F "$HH$updlink "; } print F ""; print F ""; @@ -350,7 +413,7 @@ if ( $owntot ) { print F ""; for my $HH ( sort(keys(%ownhosts)) ) { my $upd = $updlinks{$HH} || "#" ; - print F "$HH, "; + print F "$HH$updlink "; #print F "$HH "; } print F ""; @@ -367,7 +430,7 @@ if ( $mantot ) { print F ""; for my $HH ( sort(keys(%manhosts)) ) { my $upd = $updlinks{$HH} || "#" ; - print F "$HH, "; + print F "$HH$updlink "; #print F "$HH "; } print F ""; @@ -384,7 +447,7 @@ if ( $normtot ) { print F ""; for my $HH ( sort(keys(%normhosts)) ) { my $upd = $updlinks{$HH} || "#" ; - print F "$HH, "; + print F "$HH$updlink "; #print F "$HH "; } print F ""; @@ -401,18 +464,18 @@ if ( %skiphosts ) { for my $HH ( sort(keys(%skiphosts)) ) { my $upd = $updlinks{$HH} || $wikilink . ucfirst($HH) . "Updates" . $year; - print F "$HH, "; + print F "$HH$updlink "; #print F "$HH "; } print F "\n"; } -#if ( %okhosts ) { if ( 1 ) { - print F "Ok " . scalar(keys(%okhosts)) . "\n"; + print F "Ok
" . scalar(keys(%okhosts)) . + " of " . scalar(keys(%allhosts)) . "\n"; print F ""; for my $HH ( sort(keys(%okhosts)) ) { my $upd = $updlinks{$HH} || "#" ; - print F "$HH, "; + print F "$HH$updlink "; #print F "$HH "; } if ( !%okhosts ) { @@ -422,6 +485,9 @@ if ( 1 ) { } print F "\n"; +print F "

" . ( $sectot + $owntot + $mantot + $normtot ) . + " packages pending ($sectot critical) \n"; + # Graph #my $secs = 60*60*24 * 7 * 2; # 2 weeks in secods #my $secs = "1m"; # one month, let nagios do the math @@ -458,8 +524,6 @@ for my $P ( sort(keys(%summary)) ) { } print F "\n"; -print F "

Packages marked with * are from the time before started to " . - "track package dates \n"; print F "

Produced " . `date`. " on " . `hostname` . " by " . `whoami` . "
\n";