# and architectures at the same time. Gets only the highest version from
# all, and reports anything less than this. Good enough for now.
#
-# TODO: Get the dates from ls --full-time /var/cache/apt/archives/
-# and display next to the packages, so we can see how long they have
-# been lingering. Boldface them if older than some limit
+# TODO: Check CentOs systems too
+# Need a check_rpm plugin, and nagios checks defined on the CentOs machines,
+# then we can grep for that check in nagios configs, and find rpm machines
+# that way. Or, check all machines listed in nagios, determine what they
+# run, and use proper commands to check for packages.
+#
+# TODO: Summary section for hosts that have too old updates still pending
+# - those that are marked with (!)
#### Init
use strict;
#my $wikilink = 'http://twiki.indexdata.dk/cgi-bin/twiki/view/ID/';
my $wikilink = 'https://twiki.indexdata.com/twiki/bin/view/ID/';
my $restrictedpackages = "ssh -q kebab cat /home/ftp/pub/debian/dists/*/restricted/*/Packages";
+my $updlink="<i>-u</i>"; # to display after a name, liking to the upd page
#### Host comments
my %hostcomments = (
# Nagios knows most of our hosts. It even knows which are worth
# checking, they have a command to check apts!
print "Getting hostlist from nagios\n" if $debug;
-my $hostlist1 = `ssh nagios grep -l Apt /etc/nagios3/indexdata-conf.d/*.cfg`
+my $hostlist1 = `ssh nagios grep -l \\"define host\\" /etc/nagios3/indexdata-conf.d/*.cfg`
or die "Could not get host list from nagios (dk)";
print "Getting hostlist from nagios-us\n" if $debug;
-my $hostlist2 = `ssh nagios-us grep -l Apt /etc/nagios3/indexdata-conf.d/*.cfg`
- or die "Could not get host list from nagios (dk)";
+#my $hostlist2 = `ssh nagios-us grep -l Apt /etc/nagios3/indexdata-conf.d/*.cfg`
+my $hostlist2 = `ssh nagios-us grep -l \\"define host\\" /etc/nagios3/indexdata-conf.d/*.cfg`
+ or die "Could not get host list from nagios (us)";
my $hostlist = $hostlist1 . $hostlist2;
print "Got list:\n$hostlist\n" if $debug>2;
my $datefilename = "aptcheck.data";
my $dateoldfilename = "aptcheck.old";
my $thisdate = "*"; # indicates really old stuff
+my $warndate; # Older than this will be boldfaced
+
if ( -f $datefilename ) {
print "Reading dates from $datefilename\n" if $debug;
open F, $datefilename or die "Could not open date file $datefilename: $!";
close F;
$thisdate = `date +%F`;
chomp($thisdate);
+ $warndate = `date +%F -d "30 days ago"` ; ;
+ chomp($warndate);
+ print "Dates: now: '$thisdate' warn: '$warndate'\n" if $debug;
} else {
print "No datefile $datefilename found, starting from scratch\n";
}
my $table = "<table>\n";
-for my $hline ( split("\n",$hostlist) ) {
+HOSTLOOP:
+for my $hline ( sort( split("\n",$hostlist) ) ) {
next unless ( $hline =~ /\/([a-z0-9-]+)\.cfg$/ );
my $H = $1;
+ print "Checking $H\n" if $debug;
+ next if ($H =~ /^xdummy/ );
next if ($H =~ /^commands/ );
+ next if ($H =~ /^contacts/ );
next if ($H =~ /^servicegroups/ );
- print "Checking $H\n" if $debug;
+ next if ($H =~ /^hostgroups/ );
+ next if ($H =~ /^host-/ );
+ last if ($H =~/cookie/) && $debug;
$allhosts{$H}=1;
+ my $cmd =
+ "if test -f /etc/debian_version; " .
+ "then " .
+ " cat /etc/debian_version; " .
+ " apt-cache -q policy " . join(" ",sort(keys(%restrpkgs))) .";" .
+ " apt-get upgrade -s -o 'Debug::NoLocking=true'; " .
+ "else " .
+ " cat /etc/redhat-release; " .
+ # " yum check-update -q; ".
+ " echo done ;". # to be sure we have one "real" line
+ "fi " ;
+
my $cmd0 = "cat /etc/debian_version";
my $cmd1 = "apt-cache -q policy " . join(" ",sort(keys(%restrpkgs)));
my $cmd2 = "apt-get upgrade -s -o 'Debug::NoLocking=true' ";
# Note, do not append -qq, we want some output even when nothing to do
- print "ssh -q $H \"$cmd0; $cmd1 ; $cmd2 \" 2>/dev/null \n" if ($debug>1);
- my $apt = `ssh -q $H "$cmd0; $cmd1 ; $cmd2 " 2>/dev/null`;
+ print "ssh -q $H \"$cmd\" 2>/dev/null \n" if ($debug>1);
+ my $apt = `ssh -q $H "$cmd" 2>/dev/null`;
if ( !$apt ) {
$table .= "<tr><td colspan='3'> </td></tr>\n";
- $table .= "<tr><td colspan='3'><b><u>$H</u></b> (skipped)\n";
+ $table .= "<tr><td colspan='3'><b><u>$H</u></b> (skipped)</td></tr>\n";
$skiphosts{$H}=1;
- next;
+ next HOSTLOOP;
}
print "Got apts for $H: \n$apt\n" if $debug>2;
my $det = ""; # detail lines
my $restrname = "";
my $restrinst = "";
my $restrcand = "";
- my $debver = 0;
+ my $versionseen = 0;
+ my $is_debian = 0;
for my $p ( split("\n",$apt) ) {
- if ( !$debver ) { # first line
- $debver = 1;
- $p =~ s/(5[0-9.]+)/$1 LENNY !!!/;
- $p =~ s/(6[0-9.]+)/$1 squeeze/;
- $p =~ s/(7[0-9.]+)/$1 wheezy/;
- $p = " Debian $p";
- $debversions{$H} = $p;
- print "Deb version for $H is $p\n" if ($debug>1);
- next;
+ if ( !$versionseen ) { # first line
+ $versionseen = 1;
+ if ( $p =~ /Centos/i ) {
+ print "CentOs version for $H is $p\n" if ($debug>1);
+ $debversions{$H} = $p;
+ } else { # must be Debian
+ $p =~ s/(5[0-9.]+)/$1 LENNY !!!/;
+ $p =~ s/(6[0-9.]+)/$1 squeeze/;
+ $p =~ s/(7[0-9.]+)/$1 wheezy/;
+ $p = " Debian $p";
+ $debversions{$H} = $p;
+ $is_debian = 1;
+ print "Deb version for $H is $p\n" if ($debug>1);
+ }
+ next;
+ }
+ if ( ! $is_debian ) {
+ $table .= "<tr><td colspan='3'> </td></tr>\n";
+ $table .= "<tr><td colspan='3'><b><u>$H</u></b> (skipped)</td></tr>\n";
+ $table .= "<tr><td colspan='3'>Looks like Centos, " .
+ "not yet implemented </td></tr>\n";
+ $skiphosts{$H}=1;
+ next HOSTLOOP;
}
# parse apt-cache output
$restrname = $1 if $p =~ /^(\S+):$/;
} else {
$newdates{$datekey} = $thisdate;
}
- $det .= "<td>" . $newdates{$datekey} . "</td>";
+ my $dispdate = $newdates{$datekey};
+ # if ( $dispdate lt $warndate ) {
+ if ( 0 ) { # manual packages don't need to be highlighted
+ $dispdate = "<b>$dispdate !</b>";
+ }
+ $det .= "<td>" . $dispdate . "</td>";
$det .= "</tr>\n";
my $key = "$restrname";
if ( !$summary{$key} ) {
} else {
$newdates{$datekey} = $thisdate;
}
- $det .= "<td>" . $newdates{$datekey} . "</td>";
+ my $dispdate = $newdates{$datekey};
+ if ( ( $dispdate lt $warndate ) && ( $src =~ /Security/) ) {
+ $dispdate = "<b>$dispdate !</b>";
+ }
+ $det .= "<td>" . $dispdate . "</td>";
$det .= "</tr>\n";
}
if ( $hostcomments{$H} );
$table .= $det if $pkgs;
print "\n$table\n" if $debug>2;
- last if $H =~/diane/ && $debug;
}
$table .= "</table>\n";
# Save the date file
-`mv -f $datefilename $dateoldfilename`;
-open F, ">$datefilename" or die "Could not open date file $datefilename for writing";
-for my $k (sort(keys(%newdates)) ) {
- print F "$k " . $newdates{$k}. "\n";
- print "date for '$k' '" . $newdates{$k}. "'\n" if $debug;
+if ( ! $debug ) {
+ `mv -f $datefilename $dateoldfilename`;
+ open F, ">$datefilename" or die "Could not open date file $datefilename for writing";
+ for my $k (sort(keys(%newdates)) ) {
+ print F "$k " . $newdates{$k}. "\n";
+ print "date for '$k' '" . $newdates{$k}. "'\n" if $debug;
+ }
+ close F
+ or die "Could not close date file $datefilename: $!";
+} else {
+ print "Not updating the date file, this is a debug run\n";
}
-close F
- or die "Could not close date file $datefilename: $!";
# Page header
my $outfile = "/tmp/aptcheck.html";
print F "<html>\n";
print F "<head><title>Apt upgrade status</title></head>\n";
print F "<body>\n";
-print F "<H1>Apt package status</H1>\n";
+print F "<H1>Package status</H1>\n";
print F "<b>" . ( $sectot + $owntot + $mantot + $normtot ) .
"</b> packages pending (<b>$sectot</b> critical) \n";
print F "<td>";
for my $HH ( sort(keys(%sechosts)) ) {
my $upd = $updlinks{$HH} || "#" ;
- print F "<a href='#$HH'><b>$HH</b></a><a href='$upd'>,</a> ";
+ print F "<a href='#$HH'><b>$HH</b></a><a href='$upd'>$updlink</a> ";
}
print F "</td>";
print F "<td>";
print F "<td>";
for my $HH ( sort(keys(%ownhosts)) ) {
my $upd = $updlinks{$HH} || "#" ;
- print F "<a href='#$HH'><b>$HH</b></a><a href='$upd'>,</a> ";
+ print F "<a href='#$HH'><b>$HH</b></a><a href='$upd'>$updlink</a> ";
#print F "<a href='#$HH'><b>$HH</b></a> ";
}
print F "</td>";
print F "<td>";
for my $HH ( sort(keys(%manhosts)) ) {
my $upd = $updlinks{$HH} || "#" ;
- print F "<a href='#$HH'><b>$HH</b></a><a href='$upd'>,</a> ";
+ print F "<a href='#$HH'><b>$HH</b></a><a href='$upd'>$updlink</a> ";
#print F "<a href='#$HH'><b>$HH</b></a> ";
}
print F "</td>";
print F "<td>";
for my $HH ( sort(keys(%normhosts)) ) {
my $upd = $updlinks{$HH} || "#" ;
- print F "<a href='#$HH'><b>$HH</b></a><a href='$upd'>,</a> ";
+ print F "<a href='#$HH'><b>$HH</b></a><a href='$upd'>$updlink</a> ";
#print F "<a href='#$HH'><b>$HH</b></a> ";
}
print F "</td>";
for my $HH ( sort(keys(%skiphosts)) ) {
my $upd = $updlinks{$HH} ||
$wikilink . ucfirst($HH) . "Updates" . $year;
- print F "<a href='#$HH'><b>$HH</b></a><a href='$upd'>,</a> ";
+ print F "<a href='#$HH'><b>$HH</b></a><a href='$upd'>$updlink</a> ";
#print F "<a href='#$HH'><b>$HH</b></a> ";
}
print F "</td></tr>\n";
}
-#if ( %okhosts ) {
if ( 1 ) {
- print F "<tr><td>Ok " . scalar(keys(%okhosts)) . "</td>\n";
+ print F "<tr><td>Ok <br/>" . scalar(keys(%okhosts)) .
+ " of " . scalar(keys(%allhosts)) . "</td>\n";
print F "<td colspan='2'>";
for my $HH ( sort(keys(%okhosts)) ) {
my $upd = $updlinks{$HH} || "#" ;
- print F "<a href='#$HH'><b>$HH</b></a><a href='$upd'>,</a> ";
+ print F "<a href='#$HH'><b>$HH</b></a><a href='$upd'>$updlink</a> ";
#print F "<a href='#$HH'><b>$HH</b></a> ";
}
if ( !%okhosts ) {
}
print F "</table>\n";
+print F "<p/><b>" . ( $sectot + $owntot + $mantot + $normtot ) .
+ "</b> packages pending (<b>$sectot</b> critical) \n";
+
# Graph
#my $secs = 60*60*24 * 7 * 2; # 2 weeks in secods
#my $secs = "1m"; # one month, let nagios do the math
}
print F "</table>\n";
-print F "<p/>Packages marked with * are from the time before started to " .
- "track package dates \n";
print F "<p/>Produced " . `date`.
" on " . `hostname` . " by " . `whoami` .
"<br/>\n";