From 59995ca92eed324809da91b5ab9a8b9438cb1184 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= Date: Fri, 16 Aug 2019 16:48:35 +0200 Subject: [PATCH 01/12] Init newkernel role --- newkernel/.kitchen.yml | 28 +++ newkernel/README.md | 7 + newkernel/defaults/main.yml | 3 + newkernel/files/newkernel.sh | 67 +++++++ newkernel/meta/main.yml | 28 +++ newkernel/tasks/main.yml | 54 ++++++ newkernel/templates/listupgrade.cnf.j2 | 4 + newkernel/templates/listupgrade.sh.j2 | 222 ++++++++++++++++++++++++ newkernel/templates/listupgrade_cron.j2 | 1 + newkernel/tests/test.yml | 4 + 10 files changed, 418 insertions(+) create mode 100644 newkernel/.kitchen.yml create mode 100644 newkernel/README.md create mode 100644 newkernel/defaults/main.yml create mode 100644 newkernel/files/newkernel.sh create mode 100644 newkernel/meta/main.yml create mode 100644 newkernel/tasks/main.yml create mode 100644 newkernel/templates/listupgrade.cnf.j2 create mode 100644 newkernel/templates/listupgrade.sh.j2 create mode 100644 newkernel/templates/listupgrade_cron.j2 create mode 100644 newkernel/tests/test.yml diff --git a/newkernel/.kitchen.yml b/newkernel/.kitchen.yml new file mode 100644 index 00000000..b21cc3db --- /dev/null +++ b/newkernel/.kitchen.yml @@ -0,0 +1,28 @@ +--- +driver: + name: docker + privileged: true + use_sudo: false + +provisioner: + name: ansible_playbook + hosts: test-kitchen + roles_path: ../ + ansible_verbose: true + require_ansible_source: false + require_chef_for_busser: false + idempotency_test: true + +platforms: + - name: debian + driver_config: + image: evolix/ansible:2.2.1 + +suites: + - name: default + provisioner: + name: ansible_playbook + playbook: ./tests/test.yml + +transport: + max_ssh_sessions: 6 diff --git a/newkernel/README.md b/newkernel/README.md new file mode 100644 index 00000000..727ce468 --- /dev/null +++ b/newkernel/README.md @@ -0,0 +1,7 @@ +# listupgrade + +Install and configure a script not help manage Debian package updates. + +## Tasks + +Installation and configuration are performed via `tasks/main.yml`. diff --git a/newkernel/defaults/main.yml b/newkernel/defaults/main.yml new file mode 100644 index 00000000..3f72fbff --- /dev/null +++ b/newkernel/defaults/main.yml @@ -0,0 +1,3 @@ +--- +general_alert_email: "root@localhost" +listupgrade_alert_email: Null diff --git a/newkernel/files/newkernel.sh b/newkernel/files/newkernel.sh new file mode 100644 index 00000000..f7b54122 --- /dev/null +++ b/newkernel/files/newkernel.sh @@ -0,0 +1,67 @@ +#!/bin/bash + +set -e + +configFile="/etc/evolinux/newkernel.cnf" + +template=$(mktemp --tmpdir=/tmp evoupdate.XXX) +clientmail=$(grep EVOMAINTMAIL /etc/evomaintenance.cf | cut -d'=' -f2) +mailto=$clientmail +date="Ce jeudi entre 18h00 et 23h00." +hostname=$(grep HOSTNAME /etc/evomaintenance.cf | cut -d'=' -f2) +hostname=${hostname%%.evolix.net} +# If hostname is composed with -, remove the first part. +if [[ $hostname =~ "-" ]]; then + hostname=$(echo $hostname | cut -d'-' -f2-) +fi +# Edit $configFile to override some variables. +[ -r $configFile ] && . $configFile + +# Remove temporary files on exit. +trap "rm $template" EXIT + +# No updates? Exit! +nextKernel=$(grep -m1 -aEo "#1 SMP Debian .* \([0-9]{4}-[0-9]{2}-[0-9]{2}\)" /vmlinuz) +currentKernel=$(uname -v) +if [ "$nextKernel" = "$currentKernel" ]; then + exit 0 +fi + +#To: ${clientmail} +cat << EOT > $template +Content-Type: text/plain; charset="utf-8" +Reply-To: equipe@evolix.fr +From: equipe@evolix.net +To: bserie@evolix.fr +Subject: Prochain creneau pour mise a jour de votre serveur $hostname +X-Date: $date + +Bonjour, + +Le noyau de votre serveur doit être mis à jour. Pour cela nous devons +redémarrer votre machine ${hostname}. + +Sauf indication contraire de votre part, +le prochain créneau prévu pour +intervenir manuellement pour réaliser ces mises-à-jour est : +${date} + +Si nous intervenons, un redémarrage complet du serveur sera réalisé, entraînant +plusieurs minutes de coupures. Nous nous assurerons de vérifier le bon +démarrage de la machin ainsi que de ses services. Si nous ne sommes pas +intervenus sur ce créneau, vous recevrez une nouvelle notification le mois +prochain. + +Votre version actuelle du noyau : $currentKernel +Après redémarrage votre version sera : $nextKernel + +N'hésitez pas à nous faire toute remarque sur ce créneau d'intervention le plus +tôt possible. + +Cordialement, +-- +Équipe Evolix +Evolix - Hébergement et Infogérance Open Source http://www.evolix.fr/ +EOT + +<$template /usr/sbin/sendmail $mailto diff --git a/newkernel/meta/main.yml b/newkernel/meta/main.yml new file mode 100644 index 00000000..29c56478 --- /dev/null +++ b/newkernel/meta/main.yml @@ -0,0 +1,28 @@ +galaxy_info: + author: Evolix + description: Installation and configuration of the listupgrade script + + issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues + + license: GPLv2 + + min_ansible_version: 2.2 + + platforms: + - name: Debian + versions: + - jessie + + galaxy_tags: [] + # List tags for your role here, one per line. A tag is + # a keyword that describes and categorizes the role. + # Users find roles by searching for tags. Be sure to + # remove the '[]' above if you add tags to this list. + # + # NOTE: A tag is limited to a single word comprised of + # alphanumeric characters. Maximum 20 tags per role. + +dependencies: [] + # List your role dependencies here, one per line. + # Be sure to remove the '[]' above if you add dependencies + # to this list. diff --git a/newkernel/tasks/main.yml b/newkernel/tasks/main.yml new file mode 100644 index 00000000..9bfe764e --- /dev/null +++ b/newkernel/tasks/main.yml @@ -0,0 +1,54 @@ +--- + +- include_role: + name: remount-usr + +- name: Scripts dir is present + file: + path: "/usr/share/scripts" + state: directory + owner: root + group: root + mode: "0700" + +- name: Copy listupgrade script + template: + src: listupgrade.sh.j2 + dest: "/usr/share/scripts/listupgrade.sh" + mode: "0700" + owner: root + group: root + force: yes + +- name: Create /etc/evolinux + file: + path: /etc/evolinux + state: directory + owner: root + group: root + mode: "0700" + +- name: Copy listupgrade config + template: + src: listupgrade.cnf.j2 + dest: /etc/evolinux/listupgrade.cnf + mode: "0600" + owner: root + group: root + force: no + +- name: Cron.d is present + file: + path: "/etc/cron.d" + state: directory + mode: "0755" + owner: root + group: root + +- name: Enable listupgrade cron + template: + src: listupgrade_cron.j2 + dest: /etc/cron.d/listupgrade + mode: "0600" + owner: root + group: root diff --git a/newkernel/templates/listupgrade.cnf.j2 b/newkernel/templates/listupgrade.cnf.j2 new file mode 100644 index 00000000..99b00362 --- /dev/null +++ b/newkernel/templates/listupgrade.cnf.j2 @@ -0,0 +1,4 @@ +#date="Ce jeudi entre 18h00 et 23h00." +#clientmail="client@evolix.net" +#mailto="{{ listupgrade_alert_email or general_alert_email | mandatory }}" +#hostname="" diff --git a/newkernel/templates/listupgrade.sh.j2 b/newkernel/templates/listupgrade.sh.j2 new file mode 100644 index 00000000..c8e6f335 --- /dev/null +++ b/newkernel/templates/listupgrade.sh.j2 @@ -0,0 +1,222 @@ +#!/bin/bash + +# Exit codes : +# - 30 : $skip_releases or $skip_packages is set to "all" +# - 40 : current release is in $skip_releases list +# - 50 : all upgradable packages are in the $skip_packages list +# - 60 : current release is not in the $r_releases list +# - 70 : at least an upgradable package is not in the $r_packages list + +set -e + +configFile="/etc/evolinux/listupgrade.cnf" + +packages=$(mktemp --tmpdir=/tmp evoupdate.XXX) +packagesHold=$(mktemp --tmpdir=/tmp evoupdate.XXX) +servicesToRestart=$(mktemp --tmpdir=/tmp evoupdate.XXX) +template=$(mktemp --tmpdir=/tmp evoupdate.XXX) +clientmail=$(grep EVOMAINTMAIL /etc/evomaintenance.cf | cut -d'=' -f2) +mailto=$clientmail +date="Ce jeudi entre 18h00 et 23h00." +hostname=$(grep HOSTNAME /etc/evomaintenance.cf | cut -d'=' -f2) +hostname=${hostname%%.evolix.net} +# If hostname is composed with -, remove the first part. +if [[ $hostname =~ "-" ]]; then + hostname=$(echo $hostname | cut -d'-' -f2-) +fi +# Edit $configFile to override some variables. +[ -r $configFile ] && . $configFile + +# Remove temporary files on exit. +trap "rm $packages $packagesHold $servicesToRestart $template" EXIT + +# Parse line in retrieved upgrade file and ensure there is no malicious values. +get_value() { + file="$1" + variable="$2" + value="$(grep "^$2:" $1 |head -n 1 |cut -d ':' -f 2 |sed 's/^ //')" + if echo "$value" |grep -q -E '^[-.: [:alnum:]]*$'; then + echo $value + else + printf >&2 "Error parsing value \"$value\" for variable $variables.\n" + fi +} + +# Fetch which packages/releases will be upgraded. +fetch_upgrade_info() { + upgradeInfo=$(mktemp --tmpdir=/tmp evoupdate.XXX) + wget -q -O $upgradeInfo https://upgrades.evolix.org/upgrade + r_releases="$(get_value $upgradeInfo "releases")" + r_skip_releases="$(get_value $upgradeInfo "skip_releases")" + r_packages="$(get_value $upgradeInfo "packages")" + r_skip_packages="$(get_value $upgradeInfo "skip_packages")" + rm $upgradeInfo +} + +# Check if element $element is in (space separated) list $list. +is_in() { + list="$1" + element="$2" + + for i in $list; do + if [ "$element" = "$i" ]; then + return 0 + fi + done + return 1 +} + + +if [[ "$1" != "--cron" ]]; then + echo "À quel date/heure allez vous planifier l'envoi ?" + echo "Exemple : le jeudi 6 mars entre 18h00 et 23h00" + echo -n ">" + read date + echo "À qui envoyer le mail ?" + echo -n ">" + read mailto +fi + +# Update APT cache and get packages to upgrade and packages on hold. +apt -q2 update 2>&1 | (egrep -ve '^(Listing|WARNING|$)' -e upgraded -e 'up to date' || true ) +apt-mark showhold > $packagesHold +apt list --upgradable 2>&1 | grep -v -f $packagesHold | egrep -v '^(Listing|WARNING|$)' > $packages +packagesParsable=$(cut -f 1 -d / <$packages |tr '\n' ' ') + +# No updates? Exit! +test ! -s $packages && exit 0 +test ! -s $packagesHold && echo 'Aucun' > $packagesHold + +fetch_upgrade_info +local_release=$(cut -f 1 -d . >$servicesToRestart + elif echo "$pkg" |grep -q "^nginx"; then + echo "Nginx" >>$servicesToRestart + elif echo "$pkg" |grep -q "^php5-fpm"; then + echo "PHP FPM" >>$servicesToRestart + elif echo "$pkg" |grep -q "^mysql-server"; then + echo "MySQL" >>$servicesToRestart + elif echo "$pkg" |grep -q "^mariadb-server"; then + echo "MariaDB" >>$servicesToRestart + elif echo "$pkg" |grep -qE "^postgresql-[[:digit:]]+\.[[:digit:]]+$"; then + echo "PostgreSQL" >>$servicesToRestart + elif echo "$pkg" |grep -qE "^tomcat[[:digit:]]+$"; then + echo "Tomcat" >>$servicesToRestart + elif [ "$pkg" = "redis-server" ]; then + echo "redis-server" >>$servicesToRestart + elif [ "$pkg" = "mongodb-server" ]; then + echo "redis-server" >>$servicesToRestart + elif echo "$pkg" |grep -qE "^courier-(pop|imap)"; then + echo "Courier POP/IMAP" >>$servicesToRestart + elif echo "$pkg" |grep -qE "^dovecot-(pop|imap)d"; then + echo "Dovecot POP/IMAP" >>$servicesToRestart + elif [ "$pkg" = "samba" ]; then + echo "Samba" >>$servicesToRestart + elif [ "$pkg" = "slapd" ]; then + echo "OpenLDAP" >>$servicesToRestart + elif [ "$pkg" = "bind9" ]; then + echo "Bind9" >>$servicesToRestart + elif [ "$pkg" = "postfix" ]; then + echo "Postfix" >>$servicesToRestart + elif [ "$pkg" = "haproxy" ]; then + echo "HAProxy" >>$servicesToRestart + elif [ "$pkg" = "varnish" ]; then + echo "Varnish" >>$servicesToRestart + elif [ "$pkg" = "squid" ]; then + echo "Squid" >>$servicesToRestart + + elif [ "$pkg" = "libc6" ]; then + echo "Tous les services (mise à jour de libc6)." >$servicesToRestart + break + elif [ "$pkg" = "libstdc++6" ]; then + echo "Tous les services (mise à jour de libstdc++6)." >$servicesToRestart + break + elif echo "$pkg" |grep -q "^libssl"; then + echo "Tous les services (mise à jour de libssl)." >$servicesToRestart + break + fi +done +test ! -s $servicesToRestart && echo "Aucun" >$servicesToRestart + +cat << EOT > $template +Content-Type: text/plain; charset="utf-8" +Reply-To: equipe@evolix.fr +From: equipe@evolix.net +To: ${clientmail} +Subject: Prochain creneau pour mise a jour de votre serveur $hostname +X-Debian-Release: $local_release +X-Packages: $packagesParsable +X-Date: $date + +Bonjour, + +Des mises-à-jour de sécurité ou mineures sont à réaliser sur votre serveur +${hostname}. +Sauf indication contraire de votre part, le prochain créneau prévu pour +intervenir manuellement pour réaliser ces mises-à-jour est : +${date} + +Si nous intervenons, un redémarrage des éventuels services concernés sera +réalisé, entraînant a priori quelques secondes de coupure. Si nous ne sommes +pas intervenus sur ce créneau, vous recevrez une nouvelle notification la +semaine prochaine. + +Voici la listes de packages qui seront mis à jour : + +$(cat $packages) + +Liste des packages dont la mise-à-jour a été manuellement suspendue : + +$(cat $packagesHold) + +Liste des services qui seront redémarrés : + +$(cat $servicesToRestart) + +N'hésitez pas à nous faire toute remarque sur ce créneau d'intervention le plus +tôt possible. + +Cordialement, +-- +Équipe Evolix +Evolix - Hébergement et Infogérance Open Source http://www.evolix.fr/ +EOT + +<$template /usr/sbin/sendmail $mailto diff --git a/newkernel/templates/listupgrade_cron.j2 b/newkernel/templates/listupgrade_cron.j2 new file mode 100644 index 00000000..0c21341c --- /dev/null +++ b/newkernel/templates/listupgrade_cron.j2 @@ -0,0 +1 @@ +42 9 * * 2 root /usr/share/scripts/listupgrade.sh --cron diff --git a/newkernel/tests/test.yml b/newkernel/tests/test.yml new file mode 100644 index 00000000..11de001e --- /dev/null +++ b/newkernel/tests/test.yml @@ -0,0 +1,4 @@ +--- +- hosts: test-kitchen + roles: + - role: listupgrade -- 2.39.2 From 28e5b95be3049a41849636568735fa37ae553f8a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= Date: Thu, 22 Aug 2019 17:03:36 +0200 Subject: [PATCH 02/12] newkernel: Remove kitchen tests --- newkernel/.kitchen.yml | 28 ---------------------------- newkernel/tests/test.yml | 4 ---- 2 files changed, 32 deletions(-) delete mode 100644 newkernel/.kitchen.yml delete mode 100644 newkernel/tests/test.yml diff --git a/newkernel/.kitchen.yml b/newkernel/.kitchen.yml deleted file mode 100644 index b21cc3db..00000000 --- a/newkernel/.kitchen.yml +++ /dev/null @@ -1,28 +0,0 @@ ---- -driver: - name: docker - privileged: true - use_sudo: false - -provisioner: - name: ansible_playbook - hosts: test-kitchen - roles_path: ../ - ansible_verbose: true - require_ansible_source: false - require_chef_for_busser: false - idempotency_test: true - -platforms: - - name: debian - driver_config: - image: evolix/ansible:2.2.1 - -suites: - - name: default - provisioner: - name: ansible_playbook - playbook: ./tests/test.yml - -transport: - max_ssh_sessions: 6 diff --git a/newkernel/tests/test.yml b/newkernel/tests/test.yml deleted file mode 100644 index 11de001e..00000000 --- a/newkernel/tests/test.yml +++ /dev/null @@ -1,4 +0,0 @@ ---- -- hosts: test-kitchen - roles: - - role: listupgrade -- 2.39.2 From 4b5801c5f19e9150392476a50e0dca4d9a7af152 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= Date: Thu, 22 Aug 2019 17:05:40 +0200 Subject: [PATCH 03/12] newkernel: Remove listupgrade scripts --- newkernel/templates/listupgrade.sh.j2 | 222 ------------------ .../{listupgrade.cnf.j2 => newkernel.cnf.j2} | 0 .../newkernel.sh.j2} | 0 ...{listupgrade_cron.j2 => newkernel_cron.j2} | 0 4 files changed, 222 deletions(-) delete mode 100644 newkernel/templates/listupgrade.sh.j2 rename newkernel/templates/{listupgrade.cnf.j2 => newkernel.cnf.j2} (100%) rename newkernel/{files/newkernel.sh => templates/newkernel.sh.j2} (100%) rename newkernel/templates/{listupgrade_cron.j2 => newkernel_cron.j2} (100%) diff --git a/newkernel/templates/listupgrade.sh.j2 b/newkernel/templates/listupgrade.sh.j2 deleted file mode 100644 index c8e6f335..00000000 --- a/newkernel/templates/listupgrade.sh.j2 +++ /dev/null @@ -1,222 +0,0 @@ -#!/bin/bash - -# Exit codes : -# - 30 : $skip_releases or $skip_packages is set to "all" -# - 40 : current release is in $skip_releases list -# - 50 : all upgradable packages are in the $skip_packages list -# - 60 : current release is not in the $r_releases list -# - 70 : at least an upgradable package is not in the $r_packages list - -set -e - -configFile="/etc/evolinux/listupgrade.cnf" - -packages=$(mktemp --tmpdir=/tmp evoupdate.XXX) -packagesHold=$(mktemp --tmpdir=/tmp evoupdate.XXX) -servicesToRestart=$(mktemp --tmpdir=/tmp evoupdate.XXX) -template=$(mktemp --tmpdir=/tmp evoupdate.XXX) -clientmail=$(grep EVOMAINTMAIL /etc/evomaintenance.cf | cut -d'=' -f2) -mailto=$clientmail -date="Ce jeudi entre 18h00 et 23h00." -hostname=$(grep HOSTNAME /etc/evomaintenance.cf | cut -d'=' -f2) -hostname=${hostname%%.evolix.net} -# If hostname is composed with -, remove the first part. -if [[ $hostname =~ "-" ]]; then - hostname=$(echo $hostname | cut -d'-' -f2-) -fi -# Edit $configFile to override some variables. -[ -r $configFile ] && . $configFile - -# Remove temporary files on exit. -trap "rm $packages $packagesHold $servicesToRestart $template" EXIT - -# Parse line in retrieved upgrade file and ensure there is no malicious values. -get_value() { - file="$1" - variable="$2" - value="$(grep "^$2:" $1 |head -n 1 |cut -d ':' -f 2 |sed 's/^ //')" - if echo "$value" |grep -q -E '^[-.: [:alnum:]]*$'; then - echo $value - else - printf >&2 "Error parsing value \"$value\" for variable $variables.\n" - fi -} - -# Fetch which packages/releases will be upgraded. -fetch_upgrade_info() { - upgradeInfo=$(mktemp --tmpdir=/tmp evoupdate.XXX) - wget -q -O $upgradeInfo https://upgrades.evolix.org/upgrade - r_releases="$(get_value $upgradeInfo "releases")" - r_skip_releases="$(get_value $upgradeInfo "skip_releases")" - r_packages="$(get_value $upgradeInfo "packages")" - r_skip_packages="$(get_value $upgradeInfo "skip_packages")" - rm $upgradeInfo -} - -# Check if element $element is in (space separated) list $list. -is_in() { - list="$1" - element="$2" - - for i in $list; do - if [ "$element" = "$i" ]; then - return 0 - fi - done - return 1 -} - - -if [[ "$1" != "--cron" ]]; then - echo "À quel date/heure allez vous planifier l'envoi ?" - echo "Exemple : le jeudi 6 mars entre 18h00 et 23h00" - echo -n ">" - read date - echo "À qui envoyer le mail ?" - echo -n ">" - read mailto -fi - -# Update APT cache and get packages to upgrade and packages on hold. -apt -q2 update 2>&1 | (egrep -ve '^(Listing|WARNING|$)' -e upgraded -e 'up to date' || true ) -apt-mark showhold > $packagesHold -apt list --upgradable 2>&1 | grep -v -f $packagesHold | egrep -v '^(Listing|WARNING|$)' > $packages -packagesParsable=$(cut -f 1 -d / <$packages |tr '\n' ' ') - -# No updates? Exit! -test ! -s $packages && exit 0 -test ! -s $packagesHold && echo 'Aucun' > $packagesHold - -fetch_upgrade_info -local_release=$(cut -f 1 -d . >$servicesToRestart - elif echo "$pkg" |grep -q "^nginx"; then - echo "Nginx" >>$servicesToRestart - elif echo "$pkg" |grep -q "^php5-fpm"; then - echo "PHP FPM" >>$servicesToRestart - elif echo "$pkg" |grep -q "^mysql-server"; then - echo "MySQL" >>$servicesToRestart - elif echo "$pkg" |grep -q "^mariadb-server"; then - echo "MariaDB" >>$servicesToRestart - elif echo "$pkg" |grep -qE "^postgresql-[[:digit:]]+\.[[:digit:]]+$"; then - echo "PostgreSQL" >>$servicesToRestart - elif echo "$pkg" |grep -qE "^tomcat[[:digit:]]+$"; then - echo "Tomcat" >>$servicesToRestart - elif [ "$pkg" = "redis-server" ]; then - echo "redis-server" >>$servicesToRestart - elif [ "$pkg" = "mongodb-server" ]; then - echo "redis-server" >>$servicesToRestart - elif echo "$pkg" |grep -qE "^courier-(pop|imap)"; then - echo "Courier POP/IMAP" >>$servicesToRestart - elif echo "$pkg" |grep -qE "^dovecot-(pop|imap)d"; then - echo "Dovecot POP/IMAP" >>$servicesToRestart - elif [ "$pkg" = "samba" ]; then - echo "Samba" >>$servicesToRestart - elif [ "$pkg" = "slapd" ]; then - echo "OpenLDAP" >>$servicesToRestart - elif [ "$pkg" = "bind9" ]; then - echo "Bind9" >>$servicesToRestart - elif [ "$pkg" = "postfix" ]; then - echo "Postfix" >>$servicesToRestart - elif [ "$pkg" = "haproxy" ]; then - echo "HAProxy" >>$servicesToRestart - elif [ "$pkg" = "varnish" ]; then - echo "Varnish" >>$servicesToRestart - elif [ "$pkg" = "squid" ]; then - echo "Squid" >>$servicesToRestart - - elif [ "$pkg" = "libc6" ]; then - echo "Tous les services (mise à jour de libc6)." >$servicesToRestart - break - elif [ "$pkg" = "libstdc++6" ]; then - echo "Tous les services (mise à jour de libstdc++6)." >$servicesToRestart - break - elif echo "$pkg" |grep -q "^libssl"; then - echo "Tous les services (mise à jour de libssl)." >$servicesToRestart - break - fi -done -test ! -s $servicesToRestart && echo "Aucun" >$servicesToRestart - -cat << EOT > $template -Content-Type: text/plain; charset="utf-8" -Reply-To: equipe@evolix.fr -From: equipe@evolix.net -To: ${clientmail} -Subject: Prochain creneau pour mise a jour de votre serveur $hostname -X-Debian-Release: $local_release -X-Packages: $packagesParsable -X-Date: $date - -Bonjour, - -Des mises-à-jour de sécurité ou mineures sont à réaliser sur votre serveur -${hostname}. -Sauf indication contraire de votre part, le prochain créneau prévu pour -intervenir manuellement pour réaliser ces mises-à-jour est : -${date} - -Si nous intervenons, un redémarrage des éventuels services concernés sera -réalisé, entraînant a priori quelques secondes de coupure. Si nous ne sommes -pas intervenus sur ce créneau, vous recevrez une nouvelle notification la -semaine prochaine. - -Voici la listes de packages qui seront mis à jour : - -$(cat $packages) - -Liste des packages dont la mise-à-jour a été manuellement suspendue : - -$(cat $packagesHold) - -Liste des services qui seront redémarrés : - -$(cat $servicesToRestart) - -N'hésitez pas à nous faire toute remarque sur ce créneau d'intervention le plus -tôt possible. - -Cordialement, --- -Équipe Evolix -Evolix - Hébergement et Infogérance Open Source http://www.evolix.fr/ -EOT - -<$template /usr/sbin/sendmail $mailto diff --git a/newkernel/templates/listupgrade.cnf.j2 b/newkernel/templates/newkernel.cnf.j2 similarity index 100% rename from newkernel/templates/listupgrade.cnf.j2 rename to newkernel/templates/newkernel.cnf.j2 diff --git a/newkernel/files/newkernel.sh b/newkernel/templates/newkernel.sh.j2 similarity index 100% rename from newkernel/files/newkernel.sh rename to newkernel/templates/newkernel.sh.j2 diff --git a/newkernel/templates/listupgrade_cron.j2 b/newkernel/templates/newkernel_cron.j2 similarity index 100% rename from newkernel/templates/listupgrade_cron.j2 rename to newkernel/templates/newkernel_cron.j2 -- 2.39.2 From d8dd5a28470adea95051968d6bbd7d784b216107 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= Date: Thu, 22 Aug 2019 17:09:08 +0200 Subject: [PATCH 04/12] newkernel: Update README --- newkernel/README.md | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/newkernel/README.md b/newkernel/README.md index 727ce468..3f78a091 100644 --- a/newkernel/README.md +++ b/newkernel/README.md @@ -1,6 +1,7 @@ -# listupgrade +# newkernel -Install and configure a script not help manage Debian package updates. +Installs and configures a script to help manages to reboot on a new kernel. +This script will send an mail when a new kernel is available to plan a reboot. ## Tasks -- 2.39.2 From b80801b1e3a7e6238f1285b14828c14111321bfd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= Date: Thu, 22 Aug 2019 17:33:26 +0200 Subject: [PATCH 05/12] newkernel: Compute the date --- newkernel/templates/newkernel.cnf.j2 | 2 +- newkernel/templates/newkernel.sh.j2 | 12 +++++++----- 2 files changed, 8 insertions(+), 6 deletions(-) diff --git a/newkernel/templates/newkernel.cnf.j2 b/newkernel/templates/newkernel.cnf.j2 index 99b00362..473f4813 100644 --- a/newkernel/templates/newkernel.cnf.j2 +++ b/newkernel/templates/newkernel.cnf.j2 @@ -1,4 +1,4 @@ -#date="Ce jeudi entre 18h00 et 23h00." +#date="entre 18h00 et 23h00" #clientmail="client@evolix.net" #mailto="{{ listupgrade_alert_email or general_alert_email | mandatory }}" #hostname="" diff --git a/newkernel/templates/newkernel.sh.j2 b/newkernel/templates/newkernel.sh.j2 index f7b54122..e31fed0a 100644 --- a/newkernel/templates/newkernel.sh.j2 +++ b/newkernel/templates/newkernel.sh.j2 @@ -7,7 +7,9 @@ configFile="/etc/evolinux/newkernel.cnf" template=$(mktemp --tmpdir=/tmp evoupdate.XXX) clientmail=$(grep EVOMAINTMAIL /etc/evomaintenance.cf | cut -d'=' -f2) mailto=$clientmail -date="Ce jeudi entre 18h00 et 23h00." +# By default, plan the reboot in 3 weeks a thursday +date="$(date --date="next thursday + 3 weeks")" +hour="entre 18h00 et 23h00" hostname=$(grep HOSTNAME /etc/evomaintenance.cf | cut -d'=' -f2) hostname=${hostname%%.evolix.net} # If hostname is composed with -, remove the first part. @@ -32,7 +34,7 @@ cat << EOT > $template Content-Type: text/plain; charset="utf-8" Reply-To: equipe@evolix.fr From: equipe@evolix.net -To: bserie@evolix.fr +To: $clientmail Subject: Prochain creneau pour mise a jour de votre serveur $hostname X-Date: $date @@ -42,9 +44,9 @@ Le noyau de votre serveur doit être mis à jour. Pour cela nous devons redémarrer votre machine ${hostname}. Sauf indication contraire de votre part, -le prochain créneau prévu pour -intervenir manuellement pour réaliser ces mises-à-jour est : -${date} +le prochain créneau prévu pour intervenir manuellement pour réaliser ces +mises-à-jour est : +${date}, ${hour}. Si nous intervenons, un redémarrage complet du serveur sera réalisé, entraînant plusieurs minutes de coupures. Nous nous assurerons de vérifier le bon -- 2.39.2 From c4ae3afa89b654646013171ba19bf320f9610d0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= Date: Thu, 22 Aug 2019 17:36:25 +0200 Subject: [PATCH 06/12] newkernel: Oops wrong comment. --- newkernel/templates/newkernel.sh.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/newkernel/templates/newkernel.sh.j2 b/newkernel/templates/newkernel.sh.j2 index e31fed0a..ed84feb9 100644 --- a/newkernel/templates/newkernel.sh.j2 +++ b/newkernel/templates/newkernel.sh.j2 @@ -7,7 +7,7 @@ configFile="/etc/evolinux/newkernel.cnf" template=$(mktemp --tmpdir=/tmp evoupdate.XXX) clientmail=$(grep EVOMAINTMAIL /etc/evomaintenance.cf | cut -d'=' -f2) mailto=$clientmail -# By default, plan the reboot in 3 weeks a thursday +# By default, plan the reboot next month thursday date="$(date --date="next thursday + 3 weeks")" hour="entre 18h00 et 23h00" hostname=$(grep HOSTNAME /etc/evomaintenance.cf | cut -d'=' -f2) -- 2.39.2 From a155bac12c7822adfdc70cf14536cb1f51cdfe74 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= Date: Thu, 22 Aug 2019 17:39:27 +0200 Subject: [PATCH 07/12] newkernel: Text align --- newkernel/templates/newkernel.sh.j2 | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/newkernel/templates/newkernel.sh.j2 b/newkernel/templates/newkernel.sh.j2 index ed84feb9..efdd3456 100644 --- a/newkernel/templates/newkernel.sh.j2 +++ b/newkernel/templates/newkernel.sh.j2 @@ -43,10 +43,9 @@ Bonjour, Le noyau de votre serveur doit être mis à jour. Pour cela nous devons redémarrer votre machine ${hostname}. -Sauf indication contraire de votre part, -le prochain créneau prévu pour intervenir manuellement pour réaliser ces -mises-à-jour est : -${date}, ${hour}. +Sauf indication contraire de votre part, le prochain créneau prévu pour +intervenir manuellement pour réaliser ces mises-à-jour est : +Le ${date}, ${hour}. Si nous intervenons, un redémarrage complet du serveur sera réalisé, entraînant plusieurs minutes de coupures. Nous nous assurerons de vérifier le bon -- 2.39.2 From f93c7bb1c04c5a991131a3536bddaf281e14c6b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= Date: Thu, 22 Aug 2019 17:41:21 +0200 Subject: [PATCH 08/12] newkernel: Better mail text --- newkernel/templates/newkernel.sh.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/newkernel/templates/newkernel.sh.j2 b/newkernel/templates/newkernel.sh.j2 index efdd3456..587765a1 100644 --- a/newkernel/templates/newkernel.sh.j2 +++ b/newkernel/templates/newkernel.sh.j2 @@ -44,12 +44,12 @@ Le noyau de votre serveur doit être mis à jour. Pour cela nous devons redémarrer votre machine ${hostname}. Sauf indication contraire de votre part, le prochain créneau prévu pour -intervenir manuellement pour réaliser ces mises-à-jour est : +mettre à jour le noyau de votre serveur est : Le ${date}, ${hour}. Si nous intervenons, un redémarrage complet du serveur sera réalisé, entraînant plusieurs minutes de coupures. Nous nous assurerons de vérifier le bon -démarrage de la machin ainsi que de ses services. Si nous ne sommes pas +démarrage de la machine ainsi que de ses services. Si nous ne sommes pas intervenus sur ce créneau, vous recevrez une nouvelle notification le mois prochain. -- 2.39.2 From 8dc8cbe432c1d6f691ccc26d2d8732b1c92a3ccd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= Date: Thu, 22 Aug 2019 17:43:09 +0200 Subject: [PATCH 09/12] newkernel: cron running every first day of month --- newkernel/templates/newkernel_cron.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/newkernel/templates/newkernel_cron.j2 b/newkernel/templates/newkernel_cron.j2 index 0c21341c..6636c6cd 100644 --- a/newkernel/templates/newkernel_cron.j2 +++ b/newkernel/templates/newkernel_cron.j2 @@ -1 +1 @@ -42 9 * * 2 root /usr/share/scripts/listupgrade.sh --cron +42 9 1 * * root /usr/share/scripts/newkernel.sh -- 2.39.2 From bb2bf2f4537a89d2c16e9d3363a3f6f24b367edd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= Date: Thu, 22 Aug 2019 17:44:11 +0200 Subject: [PATCH 10/12] newkernel: main.yml using right name --- newkernel/tasks/main.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/newkernel/tasks/main.yml b/newkernel/tasks/main.yml index 9bfe764e..3335224d 100644 --- a/newkernel/tasks/main.yml +++ b/newkernel/tasks/main.yml @@ -11,10 +11,10 @@ group: root mode: "0700" -- name: Copy listupgrade script +- name: Copy newkernel script template: - src: listupgrade.sh.j2 - dest: "/usr/share/scripts/listupgrade.sh" + src: newkernel.sh.j2 + dest: "/usr/share/scripts/newkernel.sh" mode: "0700" owner: root group: root @@ -28,10 +28,10 @@ group: root mode: "0700" -- name: Copy listupgrade config +- name: Copy newkernel config template: - src: listupgrade.cnf.j2 - dest: /etc/evolinux/listupgrade.cnf + src: newkernel.cnf.j2 + dest: /etc/evolinux/newkernel.cnf mode: "0600" owner: root group: root @@ -45,10 +45,10 @@ owner: root group: root -- name: Enable listupgrade cron +- name: Enable newkernel cron template: - src: listupgrade_cron.j2 - dest: /etc/cron.d/listupgrade + src: newkernel_cron.j2 + dest: /etc/cron.d/newkernel mode: "0600" owner: root group: root -- 2.39.2 From bebfd11917d4a157c3a1dadca0a3e24a991394e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= Date: Thu, 22 Aug 2019 17:57:43 +0200 Subject: [PATCH 11/12] newkernel: Fix date and subject in script --- newkernel/templates/newkernel.sh.j2 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/newkernel/templates/newkernel.sh.j2 b/newkernel/templates/newkernel.sh.j2 index 587765a1..1f25f886 100644 --- a/newkernel/templates/newkernel.sh.j2 +++ b/newkernel/templates/newkernel.sh.j2 @@ -8,7 +8,7 @@ template=$(mktemp --tmpdir=/tmp evoupdate.XXX) clientmail=$(grep EVOMAINTMAIL /etc/evomaintenance.cf | cut -d'=' -f2) mailto=$clientmail # By default, plan the reboot next month thursday -date="$(date --date="next thursday + 3 weeks")" +date="$(date --date="next thursday + 3 weeks" +%A\ %d\ %B)" hour="entre 18h00 et 23h00" hostname=$(grep HOSTNAME /etc/evomaintenance.cf | cut -d'=' -f2) hostname=${hostname%%.evolix.net} @@ -35,7 +35,7 @@ Content-Type: text/plain; charset="utf-8" Reply-To: equipe@evolix.fr From: equipe@evolix.net To: $clientmail -Subject: Prochain creneau pour mise a jour de votre serveur $hostname +Subject: Prochain creneau pour redémarrage de votre serveur $hostname X-Date: $date Bonjour, -- 2.39.2 From a66f736cfef781b98035685474da5a75ddf2a9a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Beno=C3=AEt=20S=C3=89RIE?= Date: Thu, 22 Aug 2019 17:59:26 +0200 Subject: [PATCH 12/12] newkernel: No accent in subject --- newkernel/templates/newkernel.sh.j2 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/newkernel/templates/newkernel.sh.j2 b/newkernel/templates/newkernel.sh.j2 index 1f25f886..b8973920 100644 --- a/newkernel/templates/newkernel.sh.j2 +++ b/newkernel/templates/newkernel.sh.j2 @@ -35,7 +35,7 @@ Content-Type: text/plain; charset="utf-8" Reply-To: equipe@evolix.fr From: equipe@evolix.net To: $clientmail -Subject: Prochain creneau pour redémarrage de votre serveur $hostname +Subject: Prochain creneau pour redemarrage de votre serveur $hostname X-Date: $date Bonjour, -- 2.39.2