search

HariSekhon / Nagios-Plugins

450+ AWS, Hadoop, Cloud, Kafka, Docker, Elasticsearch, RabbitMQ, Redis, HBase, Solr, Cassandra, ZooKeeper, HDFS, Yarn, Hive, Presto, Drill, Impala, Consul, Spark, Jenkins, Travis CI, Git, MySQL, Linux, DNS, Whois, SSL Certs, Yum Security Updates, Kubernetes, Cloudera etc...
https://www.linkedin.com/in/HariSekhon
Other
1.13k stars 502 forks source link

check_yum plugin shows 0 non-security updates #384

Closed ChaouchKarim closed 2 years ago

ChaouchKarim commented 2 years ago

Hello folks,

The check_yum plugin shows 0 Non-Security Updates Available even though there are hundreds of non-security updates. I don't know if this was intentional but in the script num_total_updates = 0 and that's why I have 0 non-security updates in the output. To have the desired output, I simply changed the script as following:

431       if not summary_line_found:
432            if os.path.exists(DNF) and re.match('Last metadata expiration check: ', ''.join(output)):
433                using_dnf = True
434               num_total_updates = self.get_all_updates() #line changed

...

495        num_other_updates = num_total_updates - num_security_updates

Could you please explain why I have 0 updates with your script ? Cheers, Karim

HariSekhon commented 2 years ago

Thanks for raising this, could you please paste the full output with -v -v -v so that I can debug your exact situation and find out why it's not picking up the non-security updates any more.

It's likely that updates to cover newer releases has broken this recently as this has been known working for many years, or it's possible that the output format has changed.

ChaouchKarim commented 2 years ago

Thanks for the quick response. The following was done on Rocky 8.6

./check_yum -v -v -v Nagios Plugin for Yum updates on RedHat/CentOS systems - Version 0.12.3 Author: Hari Sekhon

setting plugin timeout to 30 seconds running command: /usr/bin/yum --security check-update Returncode: '100' Output: 'Last metadata expiration check: 0:25:01 ago on Tue 07 Jun 2022 02:05:57 PM CEST.

c-ares.x86_64 1.13.0-6.el8 LCSB-BaseOS grub2-common.noarch 1:2.02-123.el8 LCSB-BaseOS grub2-efi-x64.x86_64 1:2.02-123.el8 LCSB-BaseOS grub2-tools.x86_64 1:2.02-123.el8 LCSB-BaseOS grub2-tools-extra.x86_64 1:2.02-123.el8 LCSB-BaseOS grub2-tools-minimal.x86_64 1:2.02-123.el8 LCSB-BaseOS kernel.x86_64 4.18.0-372.9.1.el8 LCSB-BaseOS kernel-core.x86_64 4.18.0-372.9.1.el8 LCSB-BaseOS kernel-modules.x86_64 4.18.0-372.9.1.el8 LCSB-BaseOS kernel-tools.x86_64 4.18.0-372.9.1.el8 LCSB-BaseOS kernel-tools-libs.x86_64 4.18.0-372.9.1.el8 LCSB-BaseOS libsmbclient.x86_64 4.15.5-5.el8 LCSB-BaseOS libssh.x86_64 0.9.6-3.el8 LCSB-BaseOS libssh-config.noarch 0.9.6-3.el8 LCSB-BaseOS libwbclient.x86_64 4.15.5-5.el8 LCSB-BaseOS openssh.x86_64 8.0p1-13.el8 LCSB-BaseOS openssh-clients.x86_64 8.0p1-13.el8 LCSB-BaseOS openssh-server.x86_64 8.0p1-13.el8 LCSB-BaseOS openssl.x86_64 1:1.1.1k-6.el8_5 LCSB-BaseOS openssl-libs.x86_64 1:1.1.1k-6.el8_5 LCSB-BaseOS polkit.x86_64 0.115-13.el8_5.2 LCSB-BaseOS polkit-libs.x86_64 0.115-13.el8_5.2 LCSB-BaseOS python3-perf.x86_64 4.18.0-372.9.1.el8 LCSB-BaseOS samba-client.x86_64 4.15.5-5.el8 LCSB-BaseOS samba-client-libs.x86_64 4.15.5-5.el8 LCSB-BaseOS samba-common.noarch 4.15.5-5.el8 LCSB-BaseOS samba-common-libs.x86_64 4.15.5-5.el8 LCSB-BaseOS Obsoleting Packages grub2-tools.x86_64 1:2.02-123.el8 LCSB-BaseOS grub2-tools.x86_64 1:2.02-106.el8.0.2 @anaconda grub2-tools-efi.x86_64 1:2.02-123.el8 LCSB-BaseOS grub2-tools.x86_64 1:2.02-106.el8.0.2 @anaconda grub2-tools-extra.x86_64 1:2.02-123.el8 LCSB-BaseOS grub2-tools.x86_64 1:2.02-106.el8.0.2 @anaconda grub2-tools-minimal.x86_64 1:2.02-123.el8 LCSB-BaseOS grub2-tools.x86_64 1:2.02-106.el8.0.2 @anaconda ' YUM CRITICAL: 28 Security Updates Available. 0 Non-Security Updates Available | security_updates_available=28 non_security_updates_available=0 total_updates_available=28

But there are many pending non-security updates.

dnf check-update Last metadata expiration check: 0:00:19 ago on Tue 07 Jun 2022 02:33:16 PM CEST.

ModemManager-glib.x86_64 1.18.2-1.el8 LCSB-BaseOS NetworkManager.x86_64 1:1.36.0-4.el8 LCSB-BaseOS NetworkManager-libnm.x86_64 1:1.36.0-4.el8 LCSB-BaseOS NetworkManager-team.x86_64 1:1.36.0-4.el8 LCSB-BaseOS NetworkManager-tui.x86_64 1:1.36.0-4.el8 LCSB-BaseOS ...

Cheers, Karim

HariSekhon commented 2 years ago

Ah, this is because DNF is not outputting a summary line with the non-security updates like yum used to do, even though DNF answers the same call.

If you run like the plugin is doing:

yum --security check-update

you'll see it's not outputting the non-security updates with the --security switch and because it is no longer printing a summary line the plugin can't parse the number of unmentioned updates because the tool literally isn't returning them.

In this case we probably need to make a choice to perhaps not return any mention of non-security updates because that mode of the system command doesn't give us the info we need.

You can work around the issue by running this plugin twice in 2 different checks - once in default mode which will use yum --security and once for --all updates.

ChaouchKarim commented 2 years ago

Thank you for the information @HariSekhon. I'm currently running both checks as suggested.