Marc Saubert
2018-11-22 00:26:53 UTC
Hello there,
I am not currently aware of any working plugin that would properly monitor available DNF updates on Fedora 29. I have previously used the linux_updates Check_Mk plugin submitted by Lance Tost which worked fine up to Fedora Version 28 but it ceased working with the current Fedora version due to some DNF output changes. I very much like the idea of the linux_updates Check_Mk plugin showing me the names of available updates instead of just displaying the number of available updates (as done by the YUM plugin).
There is one annoyance when monitoring available DNF updates on Fedora in general, and that's because Fedora devs release a new kernel every few days regardless of whether there are important fixes or security patches that really need to be installed. Instead, every minor kernel version is being released as this eases the task of providing a state of the art kernel version without having to backport fixes day in, day out. In a Check_MK world, this will mean a hell lot of notifications for a farm running FC29 hosts and will result in a stressed admin trying to realize whether it's really necessary to reboot the Fedora boxes once again or if the notifications should be ignored and keep cluttering.
----------
I have made small modifications to the original linux_updates Check_Mk plugin to do the following:
- Fixed an issue so that it would no longer show a ghost number of available updates for monitored Fedora hosts while there are actually no updates available (this was a parse error that has hit all Fedora hosts since at least version 25 every couple of days or weeks, usually after purging dnf cache). This previously required to manually delete the plugin cache files on the monitored host (/var/cache/mk_linux*) and to re-run the check.
- At the same time we're now supporting Fedora Version 29 (and retain support for earlier versions).
- Don't notify about available kernel updates (and do not show their names). However, the check will turn critical when an available kernel update is actually a security update (it will alert even if there are no other non-suppressed updates available).
- It will also still alert if any kernel update has been installed and the monitored host has not yet been rebooted (fyi, by comparing newest installed kernel vs. currently running kernel version).
----------
Fedora users enjoy! On the Check_MK server you will need to download and install the following plugin from Check_MK exchange:
https://mathias-kettner.de/check_mk-exchange-file.php?&file=linux-updates-1.0.mkp
However, on the monitored Fedora 29 hosts you would use the following check instead:
https://to.to/FzXpA (tar -jxvf mk_linuxupdates_check_fedora29.tar.bz2 and copy to /usr/lib/check_mk_agent/plugins)
Yes, this works with Check_MK Version 1.5.0p7. I've also kept YUM compatibility. I hope this will find good use out there. I am not currently intending to release a .mkp package because this is just a small fix and adds some very specific behaviour, however I invite Lance Trost to include the parse fix from the updated check and release an update of his already existing plugin <3.
----------
To bring it all into one place, I am adding some more (DNF) commands that will be helpful with this update check for your further scripting needs:
- Update the system without installing any kernel updates:
dnf update --exclude=kernel* --refresh -y
- Check if there are actually any kernel updates available (as none were reported by this plugin):
dnf check-update --refresh
- Update the system and install all available kernel updates as well:
dnf update --refresh -y
----------
Feel free to modify.
Marc Saubert
Viprinet Europe GmbH
I am not currently aware of any working plugin that would properly monitor available DNF updates on Fedora 29. I have previously used the linux_updates Check_Mk plugin submitted by Lance Tost which worked fine up to Fedora Version 28 but it ceased working with the current Fedora version due to some DNF output changes. I very much like the idea of the linux_updates Check_Mk plugin showing me the names of available updates instead of just displaying the number of available updates (as done by the YUM plugin).
There is one annoyance when monitoring available DNF updates on Fedora in general, and that's because Fedora devs release a new kernel every few days regardless of whether there are important fixes or security patches that really need to be installed. Instead, every minor kernel version is being released as this eases the task of providing a state of the art kernel version without having to backport fixes day in, day out. In a Check_MK world, this will mean a hell lot of notifications for a farm running FC29 hosts and will result in a stressed admin trying to realize whether it's really necessary to reboot the Fedora boxes once again or if the notifications should be ignored and keep cluttering.
----------
I have made small modifications to the original linux_updates Check_Mk plugin to do the following:
- Fixed an issue so that it would no longer show a ghost number of available updates for monitored Fedora hosts while there are actually no updates available (this was a parse error that has hit all Fedora hosts since at least version 25 every couple of days or weeks, usually after purging dnf cache). This previously required to manually delete the plugin cache files on the monitored host (/var/cache/mk_linux*) and to re-run the check.
- At the same time we're now supporting Fedora Version 29 (and retain support for earlier versions).
- Don't notify about available kernel updates (and do not show their names). However, the check will turn critical when an available kernel update is actually a security update (it will alert even if there are no other non-suppressed updates available).
- It will also still alert if any kernel update has been installed and the monitored host has not yet been rebooted (fyi, by comparing newest installed kernel vs. currently running kernel version).
----------
Fedora users enjoy! On the Check_MK server you will need to download and install the following plugin from Check_MK exchange:
https://mathias-kettner.de/check_mk-exchange-file.php?&file=linux-updates-1.0.mkp
However, on the monitored Fedora 29 hosts you would use the following check instead:
https://to.to/FzXpA (tar -jxvf mk_linuxupdates_check_fedora29.tar.bz2 and copy to /usr/lib/check_mk_agent/plugins)
Yes, this works with Check_MK Version 1.5.0p7. I've also kept YUM compatibility. I hope this will find good use out there. I am not currently intending to release a .mkp package because this is just a small fix and adds some very specific behaviour, however I invite Lance Trost to include the parse fix from the updated check and release an update of his already existing plugin <3.
----------
To bring it all into one place, I am adding some more (DNF) commands that will be helpful with this update check for your further scripting needs:
- Update the system without installing any kernel updates:
dnf update --exclude=kernel* --refresh -y
- Check if there are actually any kernel updates available (as none were reported by this plugin):
dnf check-update --refresh
- Update the system and install all available kernel updates as well:
dnf update --refresh -y
----------
Feel free to modify.
Marc Saubert
Viprinet Europe GmbH