3 # Check what packages are needed to get upgraded on all machines
5 # Depends heavily on having ssh key authentication set up to all
6 # boxes. That's why I run it on my own workstation.
8 # Regular debian upgrades are detected by running
10 # on every machine, and parsing the output.
12 # We have decided to maintain some packages manually on some
13 # machines, so that system-level upgrades will not disturb
14 # applications, which may need more hand-holding. These are
15 # extracted from our apt repository, and queried on every
16 # server with apt-cache policy. This way, as soon as a package
17 # is released on our repo, it will get listed here.
19 # 11-Mar-2011 Heikki: Started this
20 # 22-Mar-2011 Heikki: Adding manually maintained packages
22 # TODO: Assumes that we release our restricted packages for all versions
23 # and architectures at the same time. Gets only the highest version from
24 # all, and reports anything less than this. Good enough for now.
28 my $debug= $ARGV[0] || 0; # 0=none, 1=some, 2=more, 3=much
30 my $wikilink = 'http://twiki.indexdata.dk/cgi-bin/twiki/view/ID/';
31 my $restrictedpackages = "ssh -q kebab cat /home/ftp/pub/debian/dists/*/restricted/*/Packages";
33 #### Get list of hosts
34 # I could use a hard-coded list, but I would forget to maintain it.
35 # Nagios knows most of our hosts. It even knows which are worth
36 # checking, they have a command to check apts!
38 my $hostlist = `ssh nagios grep -l Apt /etc/nagios3/indexdata-conf.d/*.cfg`
39 or die "Could not get host list";
41 print "Got list:\n$hostlist\n" if $debug>2;
43 ###### Get list of packages that can be manually maintained
44 print "getting restricted package versions\n" if $debug;
46 my $restplines = `$restrictedpackages`
47 or die "Could not get the list of restricted packages " .
48 "from $restrictedpackages: $! ";
49 print "Got package list: \n$restplines\n" if $debug>2;
52 for my $pline ( split("\n",$restplines) ) {
54 $pname = $1 if $pline =~ /^Package:\s+(\S*)\s*$/;
55 $pver = $1 if $pline =~ /^Version:\s+(\S*)\s*$/;
56 print "$pline: p=$pname v=$pver\n" if $debug>2;
57 if ( $pname && $pver ) {
58 print "\nPackage $pname version $pver \n" if $debug>2;
59 if ( ! $restrpkgs{$pname} ) {
60 $restrpkgs{$pname} = $pver;
61 print "found $pname, first version $pver\n" if $debug>1;
63 my $bver = $restrpkgs{$pname};
64 `dpkg --compare-versions $bver lt $pver`;
66 print "found $pname, better version $pver (better than $bver)\n"
68 $restrpkgs{$pname} = $pver;
70 print "found $pname, but version $pver is no better than $bver\n"
74 $pname = ""; # clear for the next one.
80 print "got " . scalar(keys(%restrpkgs)) . " restricted packages\n";
81 for $pname ( sort (keys(%restrpkgs)) ) {
82 print " $pname " . $restrpkgs{$pname} . "\n";
88 my ( %sechosts, %secpkgs );
89 my ( %ownhosts, %ownpkgs );
90 my ( %manhosts, %manpkgs );
91 my ( %normhosts, %normpkgs );
100 my $table = "<table>\n";
102 for my $hline ( split("\n",$hostlist) ) {
103 next unless ( $hline =~ /\/([a-z0-9-]+)\.cfg$/ );
105 next if ($H =~ /^commands/ );
106 next if ($H =~ /^servicegroups/ );
107 print "Checking $H\n" if $debug;
109 my $cmd1 = "apt-cache -q policy " . join(" ",sort(keys(%restrpkgs)));
110 my $cmd2 = "apt-get upgrade -s -o 'Debug::NoLocking=true' ";
111 # Note, do not append -qq, we want some output even when nothing to do
112 my $apt = `ssh -q $H "$cmd1 ; $cmd2 " 2>/dev/null`;
114 $table .= "<tr><td colspan='3'> </td></tr>\n";
115 $table .= "<tr><td colspan='3'><b><u>$H</u></b> (skipped)\n";
119 print "Got apts for $H: \n$apt\n" if $debug>2;
120 my $det = ""; # detail lines
128 for my $p ( split("\n",$apt) ) {
129 # parse apt-cache output
130 $restrname = $1 if $p =~ /^(\S+):$/;
131 $restrinst = $1 if $p =~ /^\s+Installed:\s+(\S+)$/;
132 $restrcand = $1 if $p =~ /^\s+Candidate:\s+(\S+)$/;
133 if ( $p =~ /^\s+Version table:/ ) { # have all for that package
134 my $bver = $restrpkgs{$restrname};
135 if ( ( $restrinst eq $restrcand ) &&
136 ( $restrinst ne $bver ) ) {
137 # if different, it is a regular apt upgrade, and will be seen
138 # later. AND we want to have a different version in our repo
139 `dpkg --compare-versions $bver lt $restrinst`;
140 if ( $? ) { # It was not a downgrade
141 # manual packages may be ahead of the repo!
146 $manpkgs{$restrname} = 1;
148 $det .= "<td> <b>$restrname (M)</b></td>";
149 $det .= "<td>". strdiff($bver,$restrinst)."</td>";
150 $det .= "<td>". strdiff($restrinst,$bver)."</td>";
152 if ( !$summary{$restrname} ) {
153 $summary{$restrname} = "";
155 $summary{$restrname} .= "$H ";
158 $restrname = ""; # clear for next round
163 /^Inst ([^ ]+) \[([^]]+)\] \(([^ ]+) ([^:]+):/;
164 my ( $pkg,$cur,$new,$src ) = ( $1,$2,$3,$4 );
165 print "$H: $pkg: $cur -> $new ($src)\n" if $debug>1;
166 $det .= "<tr><td> ";
169 if ( $src =~ /Security/ ) {
170 $det .= "<b>$pkg (s)</b> ";
175 } elsif ( $src =~ /Indexdata/ ) {
176 $det .= "<i><b>$pkg</b> (id) </i>";
187 if ( !$summary{$key} ) {
190 $summary{$key} .= "$H ";
191 $new = strdiff($cur,$new);
192 $cur = strdiff($new,$cur);
194 $det .= "<td>$cur</td> ";
195 $det .= "<td>$new</td> ";
198 $table .= "<tr><td colspan='3'> </td></tr>\n";
199 $table .= "<tr><td colspan='3'><a name='$H'><b><u>$H</u></b></a> \n";
201 $table .= "<b>$pkgs</b> packages to upgrade. ";
202 $table .= "<b>$secs security</b>. " if $secs;
203 $table .= " $own from indexdata. " if $own;
204 $table .= " $man manual. " if $man;
209 my $updlink = $wikilink . ucfirst($H) . "Updates" . $year;
210 # Fix some pages that do not follow the convention.
211 # Mostly because the host names would not make proper WikiWords
212 $updlink =~ s/Bugzilla3Updates/BugzillaUpdates/;
213 $updlink =~ s/Opencontent-solrUpdates/OpenContentSolrUpdates/;
214 $table .= " <a href='$updlink' >Upd</a>";
215 $table .= "</td></tr>\n";
216 $table .= $det if $pkgs;
217 print "\n$table\n" if $debug>2;
218 last if $H =~/dart/ && $debug;
220 $table .= "</table>\n";
223 my $outfile = "/tmp/aptcheck.html";
225 or die "Could not open $outfile for writing: $!";
227 print F "<head><title>Apt upgrade status</title></head>\n";
229 print F "<H1>Apt package status</H1>\n";
232 # Summary table: one row for per host group
234 print F "<table border='1' >\n";
235 print F "<tr><td> </td>" ;
236 print F "<td><b>Hosts</b></td>\n";
237 print F "<td><b>Packages</b></td></tr>\n";
240 print F "<tr><td><b>Security</b><br/>" . scalar(keys(%sechosts)) .
241 " / " . scalar(keys(%secpkgs)) . " / $sectot </td>\n" ;
243 for my $HH ( sort(keys(%sechosts)) ) {
244 print F "<a href='#$HH'><b>$HH</b></a> ";
248 for my $PP ( sort(keys(%secpkgs)) ) {
249 print F "<a href='#$PP'>$PP</a> ";
255 print F "<tr><td><b>Indexdata</b><br/>" . scalar(keys(%ownhosts)) .
256 " / " . scalar(keys(%ownpkgs)) . " / $owntot </td>\n" ;
258 for my $HH ( sort(keys(%ownhosts)) ) {
259 print F "<a href='#$HH'><b>$HH</b></a> ";
263 for my $PP ( sort(keys(%ownpkgs)) ) {
264 print F "<a href='#$PP'>$PP</a> ";
270 print F "<tr><td><b>Manual</b><br/>" . scalar(keys(%manhosts)) .
271 " / " . scalar(keys(%manpkgs)) . " / $mantot </td>\n" ;
273 for my $HH ( sort(keys(%manhosts)) ) {
274 print F "<a href='#$HH'><b>$HH</b></a> ";
278 for my $PP ( sort(keys(%manpkgs)) ) {
279 print F "<a href='#$PP'>$PP</a> ";
285 print F "<tr><td>Normal<br/>" . scalar(keys(%normhosts)) .
286 " / " . scalar(keys(%normpkgs)) . " / $normtot </td>\n" ;
288 for my $HH ( sort(keys(%normhosts)) ) {
289 print F "<a href='#$HH'><b>$HH</b></a> ";
293 for my $PP ( sort(keys(%normpkgs)) ) {
294 print F "<a href='#$PP'>$PP</a> ";
300 print F "<tr><td>Skipped " . scalar(keys(%skiphosts)) . "</td>\n";
301 print F "<td colspan='2'>";
302 for my $HH ( sort(keys(%skiphosts)) ) {
303 print F "<a href='#$HH'><b>$HH</b></a> ";
305 print F "</td></tr>\n";
308 print F "<tr><td>Ok " . scalar(keys(%okhosts)) . "</td>\n";
309 print F "<td colspan='2'>";
310 for my $HH ( sort(keys(%okhosts)) ) {
311 print F "<a href='#$HH'><b>$HH</b></a> ";
313 print F "</td></tr>\n";
315 print F "</table>\n";
322 print F "<p/><b><u>Packages</u></b>\n";
324 for my $P ( sort(keys(%summary)) ) {
326 $PN = "<b>$P (s)</b>" if ($secpkgs{$P});
327 $PN = "$P (id)" if ($ownpkgs{$P});
328 print F "<tr><td><a name='$P'/>$PN</td>\n";
330 for my $HH ( split(' ',$summary{$P} )) {
331 print F "<a href=#$HH>$HH</a> ";
336 print F "</table>\n";
338 print F "<p/>Produced " . `date`.
339 " on " . `hostname` . " by " . `whoami` .
341 print F "</body></html>\n";
344 or die "Could not close $outfile: $!";
346 system "scp -q $outfile nagios:/var/www/heikki/index.html";
350 # Helper to take two strings and highligt that part of the second
351 # that is different from the first.
355 print "strdiff: '$x' '$y' \n" if $debug>2;
357 return "$x <b>??</b>";
360 while ( $a < length($y) &&
361 substr($x,$a,1) eq substr($y,$a,1) ) {
364 if ( $a == length($y) ) {
368 while ( $b < length($y)-$a &&
369 substr($x,-$b,1) eq substr($y, -$b,1) ) {
372 my $c = length($y) - $b +1;
373 print "strdiff: a=$a " . substr($y,0,$a) ."\n" if $debug>2;
374 print "strdiff: b=$b " . "\n" if $debug>2;
375 print "strdiff: c=$c " . substr($y,$c) ."\n" if $debug>2;
376 print "strdiff: " . substr($y,$a, $c-$a) ."\n" if $debug>2;
377 my $z = substr($y,0,$a) .
378 "<b>" . substr($y,$a, $c-$a) . "</b>" .
380 print "strdiff: " . $z ."\n" if $debug>2;
381 print "\n" if $debug>2;