Saturday, May 29, 2010

yum update script

SkyHi @ Saturday, May 29, 2010

So the other week I have been working on my dedicated box, just to make it a bit easier to work with in the future. One of the things I was trying to understand and learn was yum update and bash scripting. So why not combine the two? Right.. This blog entry is the result, hopefully also of some use to others.


I am on a CentOS 5 (5.2) 32bit Server, and I use yum to automatically update, delete, upgrade, and install packages. This way that’s a bit easier for me to run my server and keep it up to date. For example, when there’s one or more updates you can type yum update, or yum upgrade to get everything. Anyway, look into that if you’re interested. http://prefetch.net/articles/yum.html


So once in a while when you log into your box you can do yum upgrade and have it do it’s thing. This should help you fix known bugs, upgrade to newer releases, and fix known security issues. This doesn’t sound like a bad thing.


But when I log into SSH2 I am not a root user, and I am there for other tasks, so it is really easy to forget. And because I don’t trust to have a crontab entry auto upgrade and overwrite config files, etc .. I prefer to actually “be there” when it happens and have the choice to y/n to questions.


What I can do is install a crontab entry that runs a script daily. This script can check if there are updates, and emails me if that’s the case. This way I don’t have to think about it really and it just goes to my Gmail “server” label.


In my crontab I put the following:


0 0 * * * /etc/scripts/checkyum


And the checkyum script looks like this:


#!/bin/sh

#

# Program: E-mail available yum updates <checkyum>

#

# Original Author: Matty < matty91 at gmail dot com >

# Updated by Floris for personal use.

#

# Current Version: 1.2.Floris

#

# License:

#   This program is distributed in the hope that it will be useful,

#   but WITHOUT ANY WARRANTY; without even the implied warranty of

#   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

#


PATH=/bin:/usr/bin:/sbin:/usr/sbin

export PATH


# Locations of binaries

GREP=”/bin/grep”

HOST=`hostname`

MAIL=”/bin/mail”

MKTEMP=”/bin/mktemp”

YUM=”/usr/bin/yum”


# Who to E-mail with new updates

ADMIN=”YOUR@EMAIL”


if [ ! -f ${YUM} ]

then

echo “Cannot find ${YUM}”

exit 1

fi


if [ ! -f ${MKTEMP} ]

then

echo “Cannot find ${MKTEMP}”

exit 1

fi


if [ ! -f ${MAIL} ]

then

echo “Cannot find ${MAIL}”

exit 1

fi


if [ ! -f ${GREP} ]

then

echo “Cannot find ${GREP}”

exit 1

fi


# Dump the yum results to a safe working file

WORK=`${MKTEMP} /tmp/yum.results.XXXXXX`


${YUM} -e0 -d0 check-update > ${WORK}


# If there are updates available, E-mail them

if [ -s ${WORK} ]

then

REPORT=`${MKTEMP} /tmp/yum.report.XXXXXX`

echo “==== The following updates are available for ${HOST} ===” > ${REPORT}

cat ${WORK} >> ${REPORT}

cat ${REPORT} | mail YOUR@EMAIL

fi


# Cleanup temporary files

rm ${REPORT} ${WORK}


There’s nothing else to it, and every so often you get an email that looks like this:


==== The following updates are available for YOUR_SERVER ===

nss_ldap.i386                            253-13.el5_2.1         updates


Which you can ignore, or you can go into the box, and run yum upgrade to process it.


Hm, I likey!


REFERENCES

http://mrfloris.com/blogs/yum-update-script/