WIP: newkernel script #80
28
newkernel/.kitchen.yml
Normal file
28
newkernel/.kitchen.yml
Normal file
|
@ -0,0 +1,28 @@
|
|||
---
|
||||
driver:
|
||||
name: docker
|
||||
privileged: true
|
||||
use_sudo: false
|
||||
|
||||
provisioner:
|
||||
name: ansible_playbook
|
||||
hosts: test-kitchen
|
||||
roles_path: ../
|
||||
ansible_verbose: true
|
||||
require_ansible_source: false
|
||||
require_chef_for_busser: false
|
||||
idempotency_test: true
|
||||
|
||||
platforms:
|
||||
- name: debian
|
||||
driver_config:
|
||||
image: evolix/ansible:2.2.1
|
||||
|
||||
suites:
|
||||
- name: default
|
||||
provisioner:
|
||||
name: ansible_playbook
|
||||
playbook: ./tests/test.yml
|
||||
|
||||
transport:
|
||||
max_ssh_sessions: 6
|
7
newkernel/README.md
Normal file
7
newkernel/README.md
Normal file
|
@ -0,0 +1,7 @@
|
|||
# listupgrade
|
||||
|
||||
Install and configure a script not help manage Debian package updates.
|
||||
|
||||
## Tasks
|
||||
|
||||
Installation and configuration are performed via `tasks/main.yml`.
|
3
newkernel/defaults/main.yml
Normal file
3
newkernel/defaults/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
|||
---
|
||||
general_alert_email: "root@localhost"
|
||||
listupgrade_alert_email: Null
|
67
newkernel/files/newkernel.sh
Normal file
67
newkernel/files/newkernel.sh
Normal file
|
@ -0,0 +1,67 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
configFile="/etc/evolinux/newkernel.cnf"
|
||||
|
||||
template=$(mktemp --tmpdir=/tmp evoupdate.XXX)
|
||||
clientmail=$(grep EVOMAINTMAIL /etc/evomaintenance.cf | cut -d'=' -f2)
|
||||
mailto=$clientmail
|
||||
date="Ce jeudi entre 18h00 et 23h00."
|
||||
hostname=$(grep HOSTNAME /etc/evomaintenance.cf | cut -d'=' -f2)
|
||||
hostname=${hostname%%.evolix.net}
|
||||
# If hostname is composed with -, remove the first part.
|
||||
if [[ $hostname =~ "-" ]]; then
|
||||
hostname=$(echo $hostname | cut -d'-' -f2-)
|
||||
fi
|
||||
# Edit $configFile to override some variables.
|
||||
[ -r $configFile ] && . $configFile
|
||||
|
||||
# Remove temporary files on exit.
|
||||
trap "rm $template" EXIT
|
||||
|
||||
# No updates? Exit!
|
||||
nextKernel=$(grep -m1 -aEo "#1 SMP Debian .* \([0-9]{4}-[0-9]{2}-[0-9]{2}\)" /vmlinuz)
|
||||
currentKernel=$(uname -v)
|
||||
if [ "$nextKernel" = "$currentKernel" ]; then
|
||||
exit 0
|
||||
fi
|
||||
|
||||
#To: ${clientmail}
|
||||
cat << EOT > $template
|
||||
Content-Type: text/plain; charset="utf-8"
|
||||
Reply-To: equipe@evolix.fr
|
||||
From: equipe@evolix.net
|
||||
To: bserie@evolix.fr
|
||||
Subject: Prochain creneau pour mise a jour de votre serveur $hostname
|
||||
X-Date: $date
|
||||
|
||||
Bonjour,
|
||||
|
||||
Le noyau de votre serveur doit être mis à jour. Pour cela nous devons
|
||||
redémarrer votre machine ${hostname}.
|
||||
|
||||
Sauf indication contraire de votre part,
|
||||
le prochain créneau prévu pour
|
||||
intervenir manuellement pour réaliser ces mises-à-jour est :
|
||||
${date}
|
||||
|
||||
Si nous intervenons, un redémarrage complet du serveur sera réalisé, entraînant
|
||||
plusieurs minutes de coupures. Nous nous assurerons de vérifier le bon
|
||||
démarrage de la machin ainsi que de ses services. Si nous ne sommes pas
|
||||
intervenus sur ce créneau, vous recevrez une nouvelle notification le mois
|
||||
prochain.
|
||||
|
||||
Votre version actuelle du noyau : $currentKernel
|
||||
Après redémarrage votre version sera : $nextKernel
|
||||
|
||||
N'hésitez pas à nous faire toute remarque sur ce créneau d'intervention le plus
|
||||
tôt possible.
|
||||
|
||||
Cordialement,
|
||||
--
|
||||
Équipe Evolix <equipe@evolix.fr>
|
||||
Evolix - Hébergement et Infogérance Open Source http://www.evolix.fr/
|
||||
EOT
|
||||
|
||||
<$template /usr/sbin/sendmail $mailto
|
28
newkernel/meta/main.yml
Normal file
28
newkernel/meta/main.yml
Normal file
|
@ -0,0 +1,28 @@
|
|||
galaxy_info:
|
||||
author: Evolix
|
||||
description: Installation and configuration of the listupgrade script
|
||||
|
||||
issue_tracker_url: https://gitea.evolix.org/evolix/ansible-roles/issues
|
||||
|
||||
license: GPLv2
|
||||
|
||||
min_ansible_version: 2.2
|
||||
|
||||
platforms:
|
||||
- name: Debian
|
||||
versions:
|
||||
- jessie
|
||||
|
||||
galaxy_tags: []
|
||||
# List tags for your role here, one per line. A tag is
|
||||
# a keyword that describes and categorizes the role.
|
||||
# Users find roles by searching for tags. Be sure to
|
||||
# remove the '[]' above if you add tags to this list.
|
||||
#
|
||||
# NOTE: A tag is limited to a single word comprised of
|
||||
# alphanumeric characters. Maximum 20 tags per role.
|
||||
|
||||
dependencies: []
|
||||
# List your role dependencies here, one per line.
|
||||
# Be sure to remove the '[]' above if you add dependencies
|
||||
# to this list.
|
54
newkernel/tasks/main.yml
Normal file
54
newkernel/tasks/main.yml
Normal file
|
@ -0,0 +1,54 @@
|
|||
---
|
||||
|
||||
- include_role:
|
||||
name: remount-usr
|
||||
|
||||
- name: Scripts dir is present
|
||||
file:
|
||||
path: "/usr/share/scripts"
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0700"
|
||||
|
||||
- name: Copy listupgrade script
|
||||
template:
|
||||
src: listupgrade.sh.j2
|
||||
dest: "/usr/share/scripts/listupgrade.sh"
|
||||
mode: "0700"
|
||||
owner: root
|
||||
group: root
|
||||
force: yes
|
||||
|
||||
- name: Create /etc/evolinux
|
||||
file:
|
||||
path: /etc/evolinux
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0700"
|
||||
|
||||
- name: Copy listupgrade config
|
||||
template:
|
||||
src: listupgrade.cnf.j2
|
||||
dest: /etc/evolinux/listupgrade.cnf
|
||||
mode: "0600"
|
||||
owner: root
|
||||
group: root
|
||||
force: no
|
||||
|
||||
- name: Cron.d is present
|
||||
file:
|
||||
path: "/etc/cron.d"
|
||||
state: directory
|
||||
mode: "0755"
|
||||
owner: root
|
||||
group: root
|
||||
|
||||
- name: Enable listupgrade cron
|
||||
template:
|
||||
src: listupgrade_cron.j2
|
||||
dest: /etc/cron.d/listupgrade
|
||||
mode: "0600"
|
||||
owner: root
|
||||
group: root
|
4
newkernel/templates/listupgrade.cnf.j2
Normal file
4
newkernel/templates/listupgrade.cnf.j2
Normal file
|
@ -0,0 +1,4 @@
|
|||
#date="Ce jeudi entre 18h00 et 23h00."
|
||||
#clientmail="client@evolix.net"
|
||||
#mailto="{{ listupgrade_alert_email or general_alert_email | mandatory }}"
|
||||
#hostname=""
|
222
newkernel/templates/listupgrade.sh.j2
Normal file
222
newkernel/templates/listupgrade.sh.j2
Normal file
|
@ -0,0 +1,222 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Exit codes :
|
||||
# - 30 : $skip_releases or $skip_packages is set to "all"
|
||||
# - 40 : current release is in $skip_releases list
|
||||
# - 50 : all upgradable packages are in the $skip_packages list
|
||||
# - 60 : current release is not in the $r_releases list
|
||||
# - 70 : at least an upgradable package is not in the $r_packages list
|
||||
|
||||
set -e
|
||||
|
||||
configFile="/etc/evolinux/listupgrade.cnf"
|
||||
|
||||
packages=$(mktemp --tmpdir=/tmp evoupdate.XXX)
|
||||
packagesHold=$(mktemp --tmpdir=/tmp evoupdate.XXX)
|
||||
servicesToRestart=$(mktemp --tmpdir=/tmp evoupdate.XXX)
|
||||
template=$(mktemp --tmpdir=/tmp evoupdate.XXX)
|
||||
clientmail=$(grep EVOMAINTMAIL /etc/evomaintenance.cf | cut -d'=' -f2)
|
||||
mailto=$clientmail
|
||||
date="Ce jeudi entre 18h00 et 23h00."
|
||||
hostname=$(grep HOSTNAME /etc/evomaintenance.cf | cut -d'=' -f2)
|
||||
hostname=${hostname%%.evolix.net}
|
||||
# If hostname is composed with -, remove the first part.
|
||||
if [[ $hostname =~ "-" ]]; then
|
||||
hostname=$(echo $hostname | cut -d'-' -f2-)
|
||||
fi
|
||||
# Edit $configFile to override some variables.
|
||||
[ -r $configFile ] && . $configFile
|
||||
|
||||
# Remove temporary files on exit.
|
||||
trap "rm $packages $packagesHold $servicesToRestart $template" EXIT
|
||||
|
||||
# Parse line in retrieved upgrade file and ensure there is no malicious values.
|
||||
get_value() {
|
||||
file="$1"
|
||||
variable="$2"
|
||||
value="$(grep "^$2:" $1 |head -n 1 |cut -d ':' -f 2 |sed 's/^ //')"
|
||||
if echo "$value" |grep -q -E '^[-.: [:alnum:]]*$'; then
|
||||
echo $value
|
||||
else
|
||||
printf >&2 "Error parsing value \"$value\" for variable $variables.\n"
|
||||
fi
|
||||
}
|
||||
|
||||
# Fetch which packages/releases will be upgraded.
|
||||
fetch_upgrade_info() {
|
||||
upgradeInfo=$(mktemp --tmpdir=/tmp evoupdate.XXX)
|
||||
wget -q -O $upgradeInfo https://upgrades.evolix.org/upgrade
|
||||
r_releases="$(get_value $upgradeInfo "releases")"
|
||||
r_skip_releases="$(get_value $upgradeInfo "skip_releases")"
|
||||
r_packages="$(get_value $upgradeInfo "packages")"
|
||||
r_skip_packages="$(get_value $upgradeInfo "skip_packages")"
|
||||
rm $upgradeInfo
|
||||
}
|
||||
|
||||
# Check if element $element is in (space separated) list $list.
|
||||
is_in() {
|
||||
list="$1"
|
||||
element="$2"
|
||||
|
||||
for i in $list; do
|
||||
if [ "$element" = "$i" ]; then
|
||||
return 0
|
||||
fi
|
||||
done
|
||||
return 1
|
||||
}
|
||||
|
||||
|
||||
if [[ "$1" != "--cron" ]]; then
|
||||
echo "À quel date/heure allez vous planifier l'envoi ?"
|
||||
echo "Exemple : le jeudi 6 mars entre 18h00 et 23h00"
|
||||
echo -n ">"
|
||||
read date
|
||||
echo "À qui envoyer le mail ?"
|
||||
echo -n ">"
|
||||
read mailto
|
||||
fi
|
||||
|
||||
# Update APT cache and get packages to upgrade and packages on hold.
|
||||
apt -q2 update 2>&1 | (egrep -ve '^(Listing|WARNING|$)' -e upgraded -e 'up to date' || true )
|
||||
apt-mark showhold > $packagesHold
|
||||
apt list --upgradable 2>&1 | grep -v -f $packagesHold | egrep -v '^(Listing|WARNING|$)' > $packages
|
||||
packagesParsable=$(cut -f 1 -d / <$packages |tr '\n' ' ')
|
||||
|
||||
# No updates? Exit!
|
||||
test ! -s $packages && exit 0
|
||||
test ! -s $packagesHold && echo 'Aucun' > $packagesHold
|
||||
|
||||
fetch_upgrade_info
|
||||
local_release=$(cut -f 1 -d . </etc/debian_version)
|
||||
|
||||
# Exit if skip_releases or skip_packages in upgrade info file are set to all.
|
||||
([ "$r_skip_releases" = "all" ] || [ "$r_skip_packages" = "all" ]) && exit 30
|
||||
|
||||
# Exit if the server's release is in skip_releases.
|
||||
[ -n "$r_skip_releases" ] && is_in "$r_skip_releases" "$local_release" && exit 40
|
||||
|
||||
# Exit if all packages to upgrade are listed in skip_packages:
|
||||
# we remove each package to skip from the $packageToUpgrade list. At the end,
|
||||
# if there is no additional packages to upgrade, we can exit.
|
||||
if [ -n "$r_skip_packages" ]; then
|
||||
packageToUpgrade="$packagesParsable"
|
||||
for pkg in $r_skip_packages; do
|
||||
packageToUpgrade="${packageToUpgrade/$pkg}"
|
||||
done
|
||||
packageToUpgrade=$(echo $packageToUpgrade |sed 's/ \+//g')
|
||||
if [ -z "$packageToUpgrade" ]; then
|
||||
exit 50
|
||||
fi
|
||||
fi
|
||||
|
||||
# Exit if the server's release is not in releases.
|
||||
if [ -n "$r_releases" ] && [ "$r_releases" != "all" ]; then
|
||||
is_in "$r_releases" "$local_release" || exit 60
|
||||
fi
|
||||
|
||||
# Exit if there is packages to upgrades that are not in packages list:
|
||||
# we exit at the first package encountered that is not in packages list.
|
||||
if [ -n "$r_packages" ] && [ "$r_packages" != "all" ]; then
|
||||
for pkg in $packagesParsable; do
|
||||
is_in "$r_packages" "$pkg" || exit 70
|
||||
done
|
||||
fi
|
||||
|
||||
# Guess which services will be restarted.
|
||||
for pkg in $packagesParsable; do
|
||||
if echo "$pkg" |grep -qE "^(lib)?apache2"; then
|
||||
echo "Apache2" >>$servicesToRestart
|
||||
elif echo "$pkg" |grep -q "^nginx"; then
|
||||
echo "Nginx" >>$servicesToRestart
|
||||
elif echo "$pkg" |grep -q "^php5-fpm"; then
|
||||
echo "PHP FPM" >>$servicesToRestart
|
||||
elif echo "$pkg" |grep -q "^mysql-server"; then
|
||||
echo "MySQL" >>$servicesToRestart
|
||||
elif echo "$pkg" |grep -q "^mariadb-server"; then
|
||||
echo "MariaDB" >>$servicesToRestart
|
||||
elif echo "$pkg" |grep -qE "^postgresql-[[:digit:]]+\.[[:digit:]]+$"; then
|
||||
echo "PostgreSQL" >>$servicesToRestart
|
||||
elif echo "$pkg" |grep -qE "^tomcat[[:digit:]]+$"; then
|
||||
echo "Tomcat" >>$servicesToRestart
|
||||
elif [ "$pkg" = "redis-server" ]; then
|
||||
echo "redis-server" >>$servicesToRestart
|
||||
elif [ "$pkg" = "mongodb-server" ]; then
|
||||
echo "redis-server" >>$servicesToRestart
|
||||
elif echo "$pkg" |grep -qE "^courier-(pop|imap)"; then
|
||||
echo "Courier POP/IMAP" >>$servicesToRestart
|
||||
elif echo "$pkg" |grep -qE "^dovecot-(pop|imap)d"; then
|
||||
echo "Dovecot POP/IMAP" >>$servicesToRestart
|
||||
elif [ "$pkg" = "samba" ]; then
|
||||
echo "Samba" >>$servicesToRestart
|
||||
elif [ "$pkg" = "slapd" ]; then
|
||||
echo "OpenLDAP" >>$servicesToRestart
|
||||
elif [ "$pkg" = "bind9" ]; then
|
||||
echo "Bind9" >>$servicesToRestart
|
||||
elif [ "$pkg" = "postfix" ]; then
|
||||
echo "Postfix" >>$servicesToRestart
|
||||
elif [ "$pkg" = "haproxy" ]; then
|
||||
echo "HAProxy" >>$servicesToRestart
|
||||
elif [ "$pkg" = "varnish" ]; then
|
||||
echo "Varnish" >>$servicesToRestart
|
||||
elif [ "$pkg" = "squid" ]; then
|
||||
echo "Squid" >>$servicesToRestart
|
||||
|
||||
elif [ "$pkg" = "libc6" ]; then
|
||||
echo "Tous les services (mise à jour de libc6)." >$servicesToRestart
|
||||
break
|
||||
elif [ "$pkg" = "libstdc++6" ]; then
|
||||
echo "Tous les services (mise à jour de libstdc++6)." >$servicesToRestart
|
||||
break
|
||||
elif echo "$pkg" |grep -q "^libssl"; then
|
||||
echo "Tous les services (mise à jour de libssl)." >$servicesToRestart
|
||||
break
|
||||
fi
|
||||
done
|
||||
test ! -s $servicesToRestart && echo "Aucun" >$servicesToRestart
|
||||
|
||||
cat << EOT > $template
|
||||
Content-Type: text/plain; charset="utf-8"
|
||||
Reply-To: equipe@evolix.fr
|
||||
From: equipe@evolix.net
|
||||
To: ${clientmail}
|
||||
Subject: Prochain creneau pour mise a jour de votre serveur $hostname
|
||||
X-Debian-Release: $local_release
|
||||
X-Packages: $packagesParsable
|
||||
X-Date: $date
|
||||
|
||||
Bonjour,
|
||||
|
||||
Des mises-à-jour de sécurité ou mineures sont à réaliser sur votre serveur
|
||||
${hostname}.
|
||||
Sauf indication contraire de votre part, le prochain créneau prévu pour
|
||||
intervenir manuellement pour réaliser ces mises-à-jour est :
|
||||
${date}
|
||||
|
||||
Si nous intervenons, un redémarrage des éventuels services concernés sera
|
||||
réalisé, entraînant a priori quelques secondes de coupure. Si nous ne sommes
|
||||
pas intervenus sur ce créneau, vous recevrez une nouvelle notification la
|
||||
semaine prochaine.
|
||||
|
||||
Voici la listes de packages qui seront mis à jour :
|
||||
|
||||
$(cat $packages)
|
||||
|
||||
Liste des packages dont la mise-à-jour a été manuellement suspendue :
|
||||
|
||||
$(cat $packagesHold)
|
||||
|
||||
Liste des services qui seront redémarrés :
|
||||
|
||||
$(cat $servicesToRestart)
|
||||
|
||||
N'hésitez pas à nous faire toute remarque sur ce créneau d'intervention le plus
|
||||
tôt possible.
|
||||
|
||||
Cordialement,
|
||||
--
|
||||
Équipe Evolix <equipe@evolix.fr>
|
||||
Evolix - Hébergement et Infogérance Open Source http://www.evolix.fr/
|
||||
EOT
|
||||
|
||||
<$template /usr/sbin/sendmail $mailto
|
1
newkernel/templates/listupgrade_cron.j2
Normal file
1
newkernel/templates/listupgrade_cron.j2
Normal file
|
@ -0,0 +1 @@
|
|||
42 9 * * 2 root /usr/share/scripts/listupgrade.sh --cron
|
4
newkernel/tests/test.yml
Normal file
4
newkernel/tests/test.yml
Normal file
|
@ -0,0 +1,4 @@
|
|||
---
|
||||
- hosts: test-kitchen
|
||||
roles:
|
||||
- role: listupgrade
|
Loading…
Reference in a new issue