Search
j0ke.net Open Build Service
>
Projects
>
server:monitoring
>
nagios-plugins-zypper
> check_zypper.pl.old
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File check_zypper.pl.old of Package nagios-plugins-zypper (Revision 11)
Currently displaying revision
11
,
show latest
#!/usr/bin/perl -w # nagios: -epn # # check_zypper - nagios plugin # # Copyright (C) 2008-2009, Novell, Inc. # Author: Lars Vogdt # # All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # * Redistributions of source code must retain the above copyright notice, this # list of conditions and the following disclaimer. # # * Redistributions in binary form must reproduce the above copyright notice, # this list of conditions and the following disclaimer in the documentation # and/or other materials provided with the distribution. # # * Neither the name of the Novell nor the names of its contributors may be # used to endorse or promote products derived from this software without # specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE # LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. # # $Id$ # use strict; use warnings; use Getopt::Long; use vars qw($PROGNAME $VERSION $DEBUG); # cleanup the environment $ENV{'PATH'} = '/bin:/usr/bin:/sbin:/usr/sbin:'; $ENV{'BASH_ENV'} = ''; $ENV{'ENV'} = ''; # constants $PROGNAME = "check_zypper"; $VERSION = "1.26"; $DEBUG = 0; # variables our $zypper = "/usr/bin/zypper"; our $zypperopt = "--non-interactive --no-gpg-checks xml-updates"; our $sudo = "/usr/bin/sudo"; our $refresh_wrapper = "/usr/sbin/zypp-refresh-wrapper"; our $use_sudo = "unset LANG; "; our $releasefile = "/etc/SuSE-release"; our $release = "11.2"; our $dist = "openSUSE"; our $patchlevel = 0; our ( $opt_V, $opt_h, $opt_i, $opt_w, $opt_c, $opt_f, $opt_o, $opt_p, $opt_r, $opt_s, $opt_t, $opt_v ); our $exitcode = 0; our %ERRORS = ( 'OK' => 0, 'WARNING' => 1, 'CRITICAL' => 2, 'UNKNOWN' => 3, 'DEPENDENT' => 4 ); our %REVERSE = ( 4 => 'DEPENDENT', 3 => 'UNKNOWN', 2 => 'CRITICAL', 1 => 'WARNING', 0 => 'OK' ); our $TIMEOUT = 120; our @patchignore = (); our @packageignore = (); $opt_w = "recommended,optional"; $opt_c = "security"; $opt_f = "$releasefile"; $opt_t = "120"; $opt_v = 0; $opt_o = 0; $opt_p = 1; $opt_s = 0; ####################################################################### # Functions ####################################################################### sub print_myrevision ($$) { my $commandName = shift; my $pluginRevision = shift; print "$commandName v$pluginRevision\n"; } sub mysupport () { print "Please use https://bugzilla.novell.com to submit patches or suggest improvements.\n"; print "Please include version information with all correspondence (when possible,\n"; print "use output from the --version option of the plugin itself).\n"; } sub usage ($) { my $format = shift; printf( $format, @_ ); exit $ERRORS{'UNKNOWN'}; } sub get_distribution($) { my $file = shift || "$releasefile"; open( RELEASE, "<$file" ) || warn("Could not open $file\n"); while (<RELEASE>) { if (/^SUSE Linux Enterprise/) { $dist = "SLE"; } if (/^VERSION/) { ($release) = $_ =~ m/VERSION = (.*)/; } if (/^PATCHLEVEL/) { ($patchlevel) = $_ =~ m/PATCHLEVEL = (.*)/; } } close(RELEASE); return ( $dist, $release, $patchlevel ); } sub print_usage () { print "This plugin checks for software updates on systems that use package\n"; print "management systems based on the zypper command found in openSUSE.\n\n"; print "It checks for security, recommended and optional patches and also for\n"; print "optional package updates.\n\n"; print "You can define the status by patch category. Use a commata to list more\n"; print "than one category to a state. Possible values are recommended,optional,security\n"; print "and packages\n\n"; print "If you like to know the names of available patches and packages, use\n"; print "the \"-v\" option.\n\n"; print "Usage:\n"; print " $PROGNAME [-w <category>] [-c <category>] [-t <timeout>] [-v]\n"; print " $PROGNAME [-h | --help]\n"; print " $PROGNAME [-V | --version]\n"; print "\n\nOptions:\n"; print " -c, --critical\n"; print " A patch with this category result in critical status.\n"; print " Default: $opt_c\n"; print " -f, --releasefile\n"; print " Use the given file to get informations about the distribution.\n"; print " Default: $releasefile\n"; print " -h, --help\n"; print " Print detailed help screen\n"; print " -i, --ignore <file>\n"; print " Ignore patches/packages that are mentioned in <file>\n"; print " Just list one patch/package per line - example:\n\n"; print " patch:libtiff-devel\n"; print " # comment\n"; print " package:libtiff3\n"; print " package:libtiff-devel\n\n"; print " -o, --ignore_outdated\n"; print " Don't warn if a repository is outdated.\n"; print " -p, --no_perfdata\n"; print " Print no perfdata\n"; print " -r, --refresh_repos\n"; print " Tries to refresh the repositories before checking for updates.\n"; print " Note: this maybe needs an entry in /etc/sudoers like:\n"; print " nagios ALL = NOPASSWD: /usr/bin/zypper ref\n"; print " (and additional lines for the \'-s\' Option) if no check-zypp-wrapper is available.\n"; print " -s, --use_sudo\n"; print " Zypper needs root privileges on some distributions (known: 10.1 and SLE10).\n"; print " You can enable the script to use $sudo to start zypper.\n"; print " But don't forget to enable nopasswd sudo for the user starting $PROGNAME\n"; print " Via lines like the two below on in /etc/sudoers:\n"; print " nagios ALL = NOPASSWD: /usr/bin/zypper sl, \\ \n"; print " /usr/bin/zypper $zypperopt\n"; print " -t, --timeout\n"; print " Just in case of problems, let's not hang Nagios and define a timeout.\n"; print " Default value is: $opt_t seconds\n"; print " -v, --verbose_output\n"; print " Print more information (useful only with Nagios v3.x).\n"; print " -w, --warning\n"; print " A patch with this category result in warning status.\n"; print " Default: $opt_w\n"; print "\n"; print " -V, --version\n"; print " Print version information\n"; print "\n"; print " -d, --debug\n"; print " Print debug output to STDERR\n"; } sub print_help { my $exit = shift || undef; print "Copyright (c) 2009, Novell, Inc.\n\n"; print_usage(); print "\n"; mysupport(); exit $exit if ( defined($exit) ); } sub check_zypper() { if ( -x "$zypper" ) { print STDERR "INFO: Trying $use_sudo $zypper sl 2>/dev/null 1>&2\n" if ($DEBUG); return ( system("$use_sudo $zypper sl 2>/dev/null 1>&2") ); } else { return 1; } } sub refresh_zypper() { if ( -x "$refresh_wrapper" ) { print STDERR "Trying: $refresh_wrapper 2>/dev/null 1>&2\n" if ($DEBUG); if ( open( WRAPPER, "$refresh_wrapper 2>&1 |" ) ) { my @wrapper_out = <WRAPPER>; close(WRAPPER); foreach my $line (@wrapper_out) { chomp $line; print STDERR "LINE: $line\n" if ($DEBUG); # error handling return ( "ERROR: " . xml_re_escape($line), $ERRORS{'ERROR'} ) if ( $line =~ /Could not refresh repository.*/ ); return ( "ERROR: " . xml_re_escape($line), $ERRORS{'ERROR'} ) if ( $line =~ /Digest verification failed.*/ ); return ( "ERROR: " . xml_re_escape($line), $ERRORS{'ERROR'} ) if ( $line =~ /refusing file.*wrong digest.*/ ); } return ( "Refresh OK", $ERRORS{'OK'} ); } } elsif ( -x "$zypper" ) { print STDERR "Trying: $sudo $zypper ref 2>/dev/null 1>&2\n" if ($DEBUG); if ( ( "$release" eq "10.2" ) || ( ( "$dist" eq "SLE" ) && ( "$release" eq "10" ) ) ) { my $res = system("$sudo $zypper ref 2>/dev/null 1>&2"); return ( "ERROR: Unable to refresh the repositories", $ERRORS{'ERROR'} ) if !($res); } elsif ( open( ZYPPER, "$sudo $zypper ref 2>&1 |" ) ) { my @wrapper_out = <ZYPPER>; close(ZYPPER); foreach my $line (@wrapper_out) { chomp $line; print STDERR "LINE: $line\n" if ($DEBUG); return ( "ERROR: " . xml_re_escape($line), $ERRORS{'ERROR'} ) if ( $line =~ /Could not refresh repository.*/ ); } return ( "Refresh OK", $ERRORS{'OK'} ); } } else { return ( "ERROR: Could not refresh the repositories - binary not found", $ERRORS{'ERROR'} ); } } sub check_errorcode($) { my $status = shift; my $level = 0; my $returnvalue = "OK"; $returnvalue = "WARNING" if ( "$opt_w" =~ /$status/ ); $returnvalue = "CRITICAL" if ( "$opt_c" =~ /$status/ ); $level = $ERRORS{"$returnvalue"}; $exitcode = $level if ( $level gt $exitcode ); $returnvalue = $REVERSE{"$exitcode"}; return "$returnvalue"; } sub xml_re_escape($) { my ($text) = @_; $text =~ s/&/&/sg; $text =~ s/</</sg; $text =~ s/>/>/sg; $text =~ s/"/"/sg; $text =~ s/'/'/sg; return $text; } sub trim($) { my ($text) = @_; $text =~ s/^\s+//; $text =~ s/\s+$//; return $text; } sub check() { my ( $status, $ret_str, $error ); my $secstr = ""; my $recstr = ""; my $optstr = ""; my $pacstr = ""; my $warnstr = ""; my $update_avail = 0; my %packagelist; print STDERR "INFO: Trying $use_sudo $zypper $zypperopt\n" if ($DEBUG); if ( open( FH, "$use_sudo $zypper $zypperopt 2>&1 |" ) ) { while (<FH>) { chomp; my $category = "unknown"; print STDERR "LINE: $_\n" if ($DEBUG); # error handling return ( "UNKNOWN: " . xml_re_escape($_), "UNKNOWN" ) if (/not found on medium/); return ( "UNKNOWN: " . xml_re_escape($_), "UNKNOWN" ) if (/I\/O error: Can't provide/); return ( "UNKNOWN: " . xml_re_escape($_), "UNKNOWN" ) if (/Error message:/); return ( "UNKNOWN: " . xml_re_escape($_), "UNKNOWN" ) if (/A ZYpp transaction is already in progress./); return ( "UNKNOWN: " . xml_re_escape($_), "UNKNOWN" ) if (/System management is locked/); if (/out-of-date/) { print STDERR "WARNING: outdated repository found\n" if ($DEBUG); if ( !$opt_o ) { $error = check_errorcode("security"); $warnstr = "At least one of your Repositories is out of date. Please run \"zypper refresh\" as root to update it. "; $warnstr .= "\n" if ($opt_v); } } if (/<message type=\"warning\">(.*)<\/message>/) { $update_avail = 1; $error = check_errorcode("security"); $warnstr = xml_re_escape($1) . " "; $warnstr .= "\n" if ($opt_v); } if ( ( "$release" eq "10.2" ) || ( ( "$dist" eq "SLE" ) && ( "$release" eq "10" ) ) ) { my ( $url, $name, $version, $category, $status ) = split( '\s*\|\s*', $_, 5 ); # just for reference - perhaps we need the variables later if ( defined($name) ) { if ( grep {/\Q$name\E/} @patchignore ) { print STDERR "WARNING: ignoring $name as it is in \@patchignore\n" if ($DEBUG); next; } } $category = "optional" if (/\|\s*optional\s*\|\s*Needed/); $category = "recommended" if (/\|\s*recommended\s*\|\s*Needed/); $category = "security" if (/\|\s*security\s*\|\s*Needed/); $packagelist{"$category"}{"$name"}{'category'} = "$category" if defined($category); $packagelist{"$category"}{"$name"}{'status'} = "$status" if defined($status); $packagelist{"$category"}{"$name"}{'name'} = "$name" if defined($name); } else { if (/<update /) { my ($name) = $_ =~ /name="(.*?)"/; if (/kind="patch"/) { # line contains patch if ( grep {/\Q$name\E/} @patchignore ) { print STDERR "WARNING: ignoring $name as it is in \@patchignore\n" if ($DEBUG); next; } $category = "optional" if (/category="optional"/); $category = "recommended" if (/category="recommended"/); $category = "security" if (/category="security"/); } elsif (/kind="package"/) { if ( grep {/\Q$name\E/} @packageignore ) { print STDERR "WARNING: ignoring $name as it is in \@packageignore\n" if ($DEBUG); next; } $category = "package"; } $packagelist{"$category"}{"$name"}{'category'} = "$category"; $packagelist{"$category"}{"$name"}{'name'} = "$name"; $packagelist{"$category"}{"$name"}{'status'} = "Needed"; } } } if ($DEBUG) { print STDERR "INFO: Packages (paccount): " . scalar( keys %{ ( $packagelist{'package'} ) } ) . "\n"; print STDERR "INFO: Optional (optcount): " . scalar( keys %{ ( $packagelist{'optional'} ) } ) . "\n"; print STDERR "INFO: Recommended (reccount): " . scalar( keys %{ ( $packagelist{'recommended'} ) } ) . "\n"; print STDERR "INFO: Security (seccount): " . scalar( keys %{ ( $packagelist{'security'} ) } ) . "\n"; use Data::Dumper; print STDERR Data::Dumper->Dump( [ \%packagelist ] ); } if ( defined( $packagelist{'package'} ) && ( scalar( keys %{ ( $packagelist{'package'} ) } ) ne 0 ) ) { $update_avail = 1; $error = check_errorcode("packages"); $pacstr = scalar( keys %{ ( $packagelist{'package'} ) } ) . " package update(s);"; } if ( defined( $packagelist{'optional'} ) && ( scalar( keys %{ ( $packagelist{'optional'} ) } ) ne 0 ) ) { $update_avail = 1; $error = check_errorcode("optional"); $optstr = scalar( keys %{ ( $packagelist{'optional'} ) } ) . " optional update(s);"; } if ( defined( $packagelist{'recommended'} ) && ( scalar( keys %{ ( $packagelist{'recommended'} ) } ) ne 0 ) ) { $update_avail = 1; $error = check_errorcode("recommended"); $recstr = scalar( keys %{ ( $packagelist{'recommended'} ) } ) . " recommended update(s);"; } if ( defined( $packagelist{'security'} ) && ( scalar( keys %{ ( $packagelist{'security'} ) } ) ne 0 ) ) { $update_avail = 1; $error = check_errorcode("security"); $secstr = scalar( keys %{ ( $packagelist{'security'} ) } ) . " security update(s);"; } if ($update_avail) { $ret_str .= "$error : " . trim("$warnstr $secstr $recstr $optstr $pacstr") . " "; my @packagelist = (); if ($opt_v) { foreach my $cat ( 'security', 'recommended', 'optional', 'package' ) { for my $key ( sort( keys %packagelist ) ) { if ( "$key" eq "$cat" ) { for my $name ( sort( keys %{ $packagelist{$key} } ) ) { if ( "$cat" eq "package" ) { push @packagelist, $packagelist{$key}{$name}{'name'}; } else { $ret_str .= "\n$cat patch: " . $packagelist{$key}{$name}{'name'}; } } } } } $ret_str .= "\npackages: " . join( ' ', @packagelist ) if @packagelist; $ret_str .= "\nIgnored Patches : " . join( ' ', @patchignore ) . " " if @patchignore; $ret_str .= "\nIgnored Packages: " . join( ' ', @packageignore ) . " " if @packageignore; } } else { $error = "OK"; $ret_str = "OK: no updates available "; if ($opt_v) { $ret_str .= "\nIgnored Patches : " . join( ' ', @patchignore ) . " " if @patchignore; $ret_str .= "\nIgnored Packages: " . join( ' ', @packageignore ) . " " if @packageignore; } } $ret_str .= "| security=" . scalar( keys %{ ( $packagelist{'security'} ) } ) . ";;;; recommended=" . scalar( keys %{ ( $packagelist{'recommended'} ) } ) . ";;;; optional=" . scalar( keys %{ ( $packagelist{'optional'} ) } ) . ";;;; packages=" . scalar( keys %{ ( $packagelist{'package'} ) } ) . ";;;;\n" if ($opt_p); } close(FH); return ( "$ret_str", "$error" ); } ####################################################################### # Main ####################################################################### Getopt::Long::Configure('bundling'); GetOptions( "V" => \$opt_V, "version" => \$opt_V, "h" => \$opt_h, "help" => \$opt_h, "d" => \$DEBUG, "debug" => \$DEBUG, "i=s" => \$opt_i, "ignore=s" => \$opt_i, "w=s" => \$opt_w, "warning=s" => \$opt_w, "c=s" => \$opt_c, "critical=s" => \$opt_c, "f=s" => \$opt_f, "releasefile=s" => \$opt_f, "o" => \$opt_o, "ignore_outdated" => \$opt_o, "p:0" => \$opt_p, "no_perfdata:0" => \$opt_p, "r" => \$opt_r, "refresh_repos" => \$opt_r, "t=i" => \$opt_t, "timeout=i" => \$opt_t, "v" => \$opt_v, "verbose_output" => \$opt_v, "s" => \$opt_s, "use_sudo" => \$opt_s ) or print_help(2); $TIMEOUT = $opt_t if ($opt_t); # Just in case of problems, let's not hang Nagios $SIG{'ALRM'} = sub { print "UNKNOWN - Plugin timed out\n"; exit $ERRORS{"UNKNOWN"}; }; alarm($TIMEOUT); if ($opt_V) { print_myrevision( $PROGNAME, "$VERSION" ); exit $ERRORS{'OK'}; } ( $dist, $release, $patchlevel ) = get_distribution("$opt_f"); if ($DEBUG) { use English; use Data::Dumper; print STDERR "INFO: check_zypper version: $VERSION\n"; print STDERR "INFO: userid : " . getlogin() . "\n"; foreach my $gid ( split( / /, "$GID" ) ) { print STDERR "INFO: groupid: " . getgrgid($gid) . "\n"; } print STDERR "INFO: $dist,$release,$patchlevel\n"; } $zypperopt = "--non-interactive --no-gpg-checks list-updates" if ( "$release" eq "10.2" ); $zypperopt = "--xmlout --non-interactive list-updates -t package -t patch" if ( $release gt 11.0 ); if ( "$dist" eq "SLE" ) { if ( ( "$release" eq "10" ) && ( $patchlevel gt 0 ) ) { $zypperopt = "--non-interactive --no-gpg-checks --terse list-updates"; } else { $zypperopt = "--xmlout --non-interactive list-updates -t package -t patch"; } } $use_sudo .= "$sudo" if ($opt_s); if ($opt_h) { print_help(); exit $ERRORS{'OK'}; } if ($opt_i) { if ( !-r "$opt_i" ) { print "Updates CRITICAL - can't find file '$opt_i' - perhaps you should not use option '-i'?\n"; exit $ERRORS{"CRITICAL"}; } else { open( IGNORES, "<$opt_i" ) or die "Could not open $opt_i: $!\n"; print "INFO: Ignoring the following patches/packages:\n" if ($DEBUG); while (<IGNORES>) { next if /^#/; next if /^\s*$/; chomp; if ( (/^patch:/) || (/^Patch:/) ) { my ( $foo, $toadd ) = split( ':', $_, 2 ); $toadd =~ s/\s*//g; # Patch names have no whitespaces print "INFO: + Patch : $toadd\n" if ($DEBUG); push @patchignore, "$toadd"; } elsif ( (/^package:/) || (/^Package:/) ) { my ( $foo, $toadd ) = split( ':', $_, 2 ); $toadd =~ s/\s*//g; # Package names have no whitespaces print "INFO: + Package: $toadd\n" if ($DEBUG); push @packageignore, "$toadd"; } } close(IGNORES); } } if ($opt_r) { my ( $ret_str, $error ) = refresh_zypper(); if ($error) { print "$ret_str\n"; exit $ERRORS{"UNKNOWN"}; } } alarm(0); if ( check_zypper() ) { print "Updates UNKNOWN - system does not allow to execute zypper\n"; exit $ERRORS{"UNKNOWN"}; } else { my ( $ret_str, $error ) = check(); print "Updates $ret_str"; $exitcode = $ERRORS{$error}; print STDERR "INFO: Exit-Code: " . $exitcode . "\n" if ($DEBUG); exit $exitcode; }