File check_zypper.pl of Package nagios-plugins-zypper
#!/usr/bin/perl -w
# nagios: -epn
#
# check_zypper - nagios plugin
#
# Copyright (C) 2008-2009, Novell, Inc.
# Author: Lars Vogdt
#
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# * Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
#
# * Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# * Neither the name of the Novell nor the names of its contributors may be
# used to endorse or promote products derived from this software without
# specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
#
# $Id$
#
use strict;
use warnings;
use Getopt::Long;
use vars qw($PROGNAME $VERSION $DEBUG);
# cleanup the environment
$ENV{'PATH'} = '/bin:/usr/bin:/sbin:/usr/sbin:';
$ENV{'BASH_ENV'} = '';
$ENV{'ENV'} = '';
# constants
$PROGNAME = "check_zypper";
$VERSION = "1.26";
$DEBUG = 0;
# variables
our $zypper = "/usr/bin/zypper";
our $zypperopt = "--non-interactive --no-gpg-checks xml-updates";
our $sudo = "/usr/bin/sudo";
our $refresh_wrapper = "/usr/sbin/zypp-refresh-wrapper";
our $use_sudo = "unset LANG; ";
our $releasefile = "/etc/SuSE-release";
our $release = "11.2";
our $dist = "openSUSE";
our $patchlevel = 0;
our ( $opt_V, $opt_h, $opt_i, $opt_w, $opt_c, $opt_f, $opt_o, $opt_p, $opt_r, $opt_s, $opt_t, $opt_v );
our $exitcode = 0;
our %ERRORS = ( 'OK' => 0, 'WARNING' => 1, 'CRITICAL' => 2, 'UNKNOWN' => 3, 'DEPENDENT' => 4 );
our %REVERSE = ( 4 => 'DEPENDENT', 3 => 'UNKNOWN', 2 => 'CRITICAL', 1 => 'WARNING', 0 => 'OK' );
our $TIMEOUT = 120;
our @patchignore = ();
our @packageignore = ();
$opt_w = "recommended,optional";
$opt_c = "security";
$opt_f = "$releasefile";
$opt_t = "120";
$opt_v = 0;
$opt_o = 0;
$opt_p = 1;
$opt_s = 0;
#######################################################################
# Functions
#######################################################################
sub print_myrevision ($$) {
my $commandName = shift;
my $pluginRevision = shift;
print "$commandName v$pluginRevision\n";
}
sub mysupport () {
print "Please use https://bugzilla.novell.com to submit patches or suggest improvements.\n";
print "Please include version information with all correspondence (when possible,\n";
print "use output from the --version option of the plugin itself).\n";
}
sub usage ($) {
my $format = shift;
printf( $format, @_ );
exit $ERRORS{'UNKNOWN'};
}
sub get_distribution($) {
my $file = shift || "$releasefile";
open( RELEASE, "<$file" ) || warn("Could not open $file\n");
while (<RELEASE>) {
if (/^SUSE Linux Enterprise/) {
$dist = "SLE";
}
if (/^VERSION/) {
($release) = $_ =~ m/VERSION = (.*)/;
}
if (/^PATCHLEVEL/) {
($patchlevel) = $_ =~ m/PATCHLEVEL = (.*)/;
}
}
close(RELEASE);
return ( $dist, $release, $patchlevel );
}
sub print_usage () {
print "This plugin checks for software updates on systems that use package\n";
print "management systems based on the zypper command found in openSUSE.\n\n";
print "It checks for security, recommended and optional patches and also for\n";
print "optional package updates.\n\n";
print "You can define the status by patch category. Use a commata to list more\n";
print "than one category to a state. Possible values are recommended,optional,security\n";
print "and packages\n\n";
print "If you like to know the names of available patches and packages, use\n";
print "the \"-v\" option.\n\n";
print "Usage:\n";
print " $PROGNAME [-w <category>] [-c <category>] [-t <timeout>] [-v]\n";
print " $PROGNAME [-h | --help]\n";
print " $PROGNAME [-V | --version]\n";
print "\n\nOptions:\n";
print " -c, --critical\n";
print " A patch with this category result in critical status.\n";
print " Default: $opt_c\n";
print " -f, --releasefile\n";
print " Use the given file to get informations about the distribution.\n";
print " Default: $releasefile\n";
print " -h, --help\n";
print " Print detailed help screen\n";
print " -i, --ignore <file>\n";
print " Ignore patches/packages that are mentioned in <file>\n";
print " Just list one patch/package per line - example:\n\n";
print " patch:libtiff-devel\n";
print " # comment\n";
print " package:libtiff3\n";
print " package:libtiff-devel\n\n";
print " -o, --ignore_outdated\n";
print " Don't warn if a repository is outdated.\n";
print " -p, --no_perfdata\n";
print " Print no perfdata\n";
print " -r, --refresh_repos\n";
print " Tries to refresh the repositories before checking for updates.\n";
print " Note: this maybe needs an entry in /etc/sudoers like:\n";
print " nagios ALL = NOPASSWD: /usr/bin/zypper ref\n";
print " (and additional lines for the \'-s\' Option) if no check-zypp-wrapper is available.\n";
print " -s, --use_sudo\n";
print " Zypper needs root privileges on some distributions (known: 10.1 and SLE10).\n";
print " You can enable the script to use $sudo to start zypper.\n";
print " But don't forget to enable nopasswd sudo for the user starting $PROGNAME\n";
print " Via lines like the two below on in /etc/sudoers:\n";
print " nagios ALL = NOPASSWD: /usr/bin/zypper sl, \\ \n";
print " /usr/bin/zypper $zypperopt\n";
print " -t, --timeout\n";
print " Just in case of problems, let's not hang Nagios and define a timeout.\n";
print " Default value is: $opt_t seconds\n";
print " -v, --verbose_output\n";
print " Print more information (useful only with Nagios v3.x).\n";
print " -w, --warning\n";
print " A patch with this category result in warning status.\n";
print " Default: $opt_w\n";
print "\n";
print " -V, --version\n";
print " Print version information\n";
print "\n";
print " -d, --debug\n";
print " Print debug output to STDERR\n";
}
sub print_help {
my $exit = shift || undef;
print "Copyright (c) 2009, Novell, Inc.\n\n";
print_usage();
print "\n";
mysupport();
exit $exit if ( defined($exit) );
}
sub check_zypper() {
if ( -x "$zypper" ) {
print STDERR "INFO: Trying $use_sudo $zypper sl 2>/dev/null 1>&2\n" if ($DEBUG);
return ( system("$use_sudo $zypper sl 2>/dev/null 1>&2") );
}
else {
return 1;
}
}
sub refresh_zypper() {
if ( -x "$refresh_wrapper" ) {
print STDERR "Trying: $refresh_wrapper 2>/dev/null 1>&2\n" if ($DEBUG);
if ( open( WRAPPER, "$refresh_wrapper 2>&1 |" ) ) {
my @wrapper_out = <WRAPPER>;
close(WRAPPER);
foreach my $line (@wrapper_out) {
chomp $line;
print STDERR "LINE: $line\n" if ($DEBUG);
# error handling
return ( "ERROR: " . xml_re_escape($line), $ERRORS{'ERROR'} ) if ( $line =~ /Could not refresh repository.*/ );
return ( "ERROR: " . xml_re_escape($line), $ERRORS{'ERROR'} ) if ( $line =~ /Digest verification failed.*/ );
return ( "ERROR: " . xml_re_escape($line), $ERRORS{'ERROR'} ) if ( $line =~ /refusing file.*wrong digest.*/ );
}
return ( "Refresh OK", $ERRORS{'OK'} );
}
}
elsif ( -x "$zypper" ) {
print STDERR "Trying: $sudo $zypper ref 2>/dev/null 1>&2\n" if ($DEBUG);
if ( ( "$release" eq "10.2" ) || ( ( "$dist" eq "SLE" ) && ( "$release" eq "10" ) ) ) {
my $res = system("$sudo $zypper ref 2>/dev/null 1>&2");
return ( "ERROR: Unable to refresh the repositories", $ERRORS{'ERROR'} ) if !($res);
}
elsif ( open( ZYPPER, "$sudo $zypper ref 2>&1 |" ) ) {
my @wrapper_out = <ZYPPER>;
close(ZYPPER);
foreach my $line (@wrapper_out) {
chomp $line;
print STDERR "LINE: $line\n" if ($DEBUG);
return ( "ERROR: " . xml_re_escape($line), $ERRORS{'ERROR'} ) if ( $line =~ /Could not refresh repository.*/ );
}
return ( "Refresh OK", $ERRORS{'OK'} );
}
}
else {
return ( "ERROR: Could not refresh the repositories - binary not found", $ERRORS{'ERROR'} );
}
}
sub check_errorcode($) {
my $status = shift;
my $level = 0;
my $returnvalue = "OK";
$returnvalue = "WARNING" if ( "$opt_w" =~ /$status/ );
$returnvalue = "CRITICAL" if ( "$opt_c" =~ /$status/ );
$level = $ERRORS{"$returnvalue"};
$exitcode = $level if ( $level gt $exitcode );
$returnvalue = $REVERSE{"$exitcode"};
return "$returnvalue";
}
sub xml_re_escape($) {
my ($text) = @_;
$text =~ s/&/&/sg;
$text =~ s/</</sg;
$text =~ s/>/>/sg;
$text =~ s/"/"/sg;
$text =~ s/'/'/sg;
return $text;
}
sub trim($) {
my ($text) = @_;
$text =~ s/^\s+//;
$text =~ s/\s+$//;
return $text;
}
sub check() {
my ( $status, $ret_str, $error );
my $secstr = "";
my $recstr = "";
my $optstr = "";
my $pacstr = "";
my $warnstr = "";
my $update_avail = 0;
my %packagelist;
print STDERR "INFO: Trying $use_sudo $zypper $zypperopt\n" if ($DEBUG);
if ( open( FH, "$use_sudo $zypper $zypperopt 2>&1 |" ) ) {
while (<FH>) {
chomp;
my $category = "unknown";
print STDERR "LINE: $_\n" if ($DEBUG);
# error handling
return ( "UNKNOWN: " . xml_re_escape($_), "UNKNOWN" ) if (/not found on medium/);
return ( "UNKNOWN: " . xml_re_escape($_), "UNKNOWN" ) if (/I\/O error: Can't provide/);
return ( "UNKNOWN: " . xml_re_escape($_), "UNKNOWN" ) if (/Error message:/);
return ( "UNKNOWN: " . xml_re_escape($_), "UNKNOWN" ) if (/A ZYpp transaction is already in progress./);
return ( "UNKNOWN: " . xml_re_escape($_), "UNKNOWN" ) if (/System management is locked/);
if (/out-of-date/) {
print STDERR "WARNING: outdated repository found\n" if ($DEBUG);
if ( !$opt_o ) {
$error = check_errorcode("security");
$warnstr = "At least one of your Repositories is out of date. Please run \"zypper refresh\" as root to update it. ";
$warnstr .= "\n" if ($opt_v);
}
}
if (/<message type=\"warning\">(.*)<\/message>/) {
$update_avail = 1;
$error = check_errorcode("security");
$warnstr = xml_re_escape($1) . " ";
$warnstr .= "\n" if ($opt_v);
}
if ( ( "$release" eq "10.2" ) || ( ( "$dist" eq "SLE" ) && ( "$release" eq "10" ) ) ) {
my ( $url, $name, $version, $category, $status ) = split( '\s*\|\s*', $_, 5 ); # just for reference - perhaps we need the variables later
if ( defined($name) ) {
if ( grep {/\Q$name\E/} @patchignore ) {
print STDERR "WARNING: ignoring $name as it is in \@patchignore\n" if ($DEBUG);
next;
}
}
$category = "optional" if (/\|\s*optional\s*\|\s*Needed/);
$category = "recommended" if (/\|\s*recommended\s*\|\s*Needed/);
$category = "security" if (/\|\s*security\s*\|\s*Needed/);
$packagelist{"$category"}{"$name"}{'category'} = "$category" if defined($category);
$packagelist{"$category"}{"$name"}{'status'} = "$status" if defined($status);
$packagelist{"$category"}{"$name"}{'name'} = "$name" if defined($name);
}
else {
if (/<update /) {
my ($name) = $_ =~ /name="(.*?)"/;
if (/kind="patch"/) { # line contains patch
if ( grep {/\Q$name\E/} @patchignore ) {
print STDERR "WARNING: ignoring $name as it is in \@patchignore\n" if ($DEBUG);
next;
}
$category = "optional" if (/category="optional"/);
$category = "recommended" if (/category="recommended"/);
$category = "security" if (/category="security"/);
}
elsif (/kind="package"/) {
if ( grep {/\Q$name\E/} @packageignore ) {
print STDERR "WARNING: ignoring $name as it is in \@packageignore\n" if ($DEBUG);
next;
}
$category = "package";
}
$packagelist{"$category"}{"$name"}{'category'} = "$category";
$packagelist{"$category"}{"$name"}{'name'} = "$name";
$packagelist{"$category"}{"$name"}{'status'} = "Needed";
}
}
}
if ($DEBUG) {
print STDERR "INFO: Packages (paccount): " . scalar( keys %{ ( $packagelist{'package'} ) } ) . "\n";
print STDERR "INFO: Optional (optcount): " . scalar( keys %{ ( $packagelist{'optional'} ) } ) . "\n";
print STDERR "INFO: Recommended (reccount): " . scalar( keys %{ ( $packagelist{'recommended'} ) } ) . "\n";
print STDERR "INFO: Security (seccount): " . scalar( keys %{ ( $packagelist{'security'} ) } ) . "\n";
use Data::Dumper;
print STDERR Data::Dumper->Dump( [ \%packagelist ] );
}
if ( defined( $packagelist{'package'} ) && ( scalar( keys %{ ( $packagelist{'package'} ) } ) ne 0 ) ) {
$update_avail = 1;
$error = check_errorcode("packages");
$pacstr = scalar( keys %{ ( $packagelist{'package'} ) } ) . " package update(s);";
}
if ( defined( $packagelist{'optional'} ) && ( scalar( keys %{ ( $packagelist{'optional'} ) } ) ne 0 ) ) {
$update_avail = 1;
$error = check_errorcode("optional");
$optstr = scalar( keys %{ ( $packagelist{'optional'} ) } ) . " optional update(s);";
}
if ( defined( $packagelist{'recommended'} ) && ( scalar( keys %{ ( $packagelist{'recommended'} ) } ) ne 0 ) ) {
$update_avail = 1;
$error = check_errorcode("recommended");
$recstr = scalar( keys %{ ( $packagelist{'recommended'} ) } ) . " recommended update(s);";
}
if ( defined( $packagelist{'security'} ) && ( scalar( keys %{ ( $packagelist{'security'} ) } ) ne 0 ) ) {
$update_avail = 1;
$error = check_errorcode("security");
$secstr = scalar( keys %{ ( $packagelist{'security'} ) } ) . " security update(s);";
}
if ($update_avail) {
$ret_str .= "$error : " . trim("$warnstr $secstr $recstr $optstr $pacstr") . " ";
my @packagelist = ();
if ($opt_v) {
foreach my $cat ( 'security', 'recommended', 'optional', 'package' ) {
for my $key ( sort( keys %packagelist ) ) {
if ( "$key" eq "$cat" ) {
for my $name ( sort( keys %{ $packagelist{$key} } ) ) {
if ( "$cat" eq "package" ) {
push @packagelist, $packagelist{$key}{$name}{'name'};
}
else {
$ret_str .= "\n$cat patch: " . $packagelist{$key}{$name}{'name'};
}
}
}
}
}
$ret_str .= "\npackages: " . join( ' ', @packagelist ) if @packagelist;
$ret_str .= "\nIgnored Patches : " . join( ' ', @patchignore ) . " " if @patchignore;
$ret_str .= "\nIgnored Packages: " . join( ' ', @packageignore ) . " " if @packageignore;
}
}
else {
$error = "OK";
$ret_str = "OK: no updates available ";
if ($opt_v) {
$ret_str .= "\nIgnored Patches : " . join( ' ', @patchignore ) . " " if @patchignore;
$ret_str .= "\nIgnored Packages: " . join( ' ', @packageignore ) . " " if @packageignore;
}
}
$ret_str
.= "| security="
. scalar( keys %{ ( $packagelist{'security'} ) } )
. ";;;; recommended="
. scalar( keys %{ ( $packagelist{'recommended'} ) } )
. ";;;; optional="
. scalar( keys %{ ( $packagelist{'optional'} ) } )
. ";;;; packages="
. scalar( keys %{ ( $packagelist{'package'} ) } )
. ";;;;\n"
if ($opt_p);
}
close(FH);
return ( "$ret_str", "$error" );
}
#######################################################################
# Main
#######################################################################
Getopt::Long::Configure('bundling');
GetOptions(
"V" => \$opt_V,
"version" => \$opt_V,
"h" => \$opt_h,
"help" => \$opt_h,
"d" => \$DEBUG,
"debug" => \$DEBUG,
"i=s" => \$opt_i,
"ignore=s" => \$opt_i,
"w=s" => \$opt_w,
"warning=s" => \$opt_w,
"c=s" => \$opt_c,
"critical=s" => \$opt_c,
"f=s" => \$opt_f,
"releasefile=s" => \$opt_f,
"o" => \$opt_o,
"ignore_outdated" => \$opt_o,
"p:0" => \$opt_p,
"no_perfdata:0" => \$opt_p,
"r" => \$opt_r,
"refresh_repos" => \$opt_r,
"t=i" => \$opt_t,
"timeout=i" => \$opt_t,
"v" => \$opt_v,
"verbose_output" => \$opt_v,
"s" => \$opt_s,
"use_sudo" => \$opt_s
) or print_help(2);
$TIMEOUT = $opt_t if ($opt_t);
# Just in case of problems, let's not hang Nagios
$SIG{'ALRM'} = sub {
print "UNKNOWN - Plugin timed out\n";
exit $ERRORS{"UNKNOWN"};
};
alarm($TIMEOUT);
if ($opt_V) {
print_myrevision( $PROGNAME, "$VERSION" );
exit $ERRORS{'OK'};
}
( $dist, $release, $patchlevel ) = get_distribution("$opt_f");
if ($DEBUG) {
use English;
use Data::Dumper;
print STDERR "INFO: check_zypper version: $VERSION\n";
print STDERR "INFO: userid : " . getlogin() . "\n";
foreach my $gid ( split( / /, "$GID" ) ) {
print STDERR "INFO: groupid: " . getgrgid($gid) . "\n";
}
print STDERR "INFO: $dist,$release,$patchlevel\n";
}
$zypperopt = "--non-interactive --no-gpg-checks list-updates" if ( "$release" eq "10.2" );
$zypperopt = "--xmlout --non-interactive list-updates -t package -t patch" if ( $release gt 11.0 );
if ( "$dist" eq "SLE" ) {
if ( ( "$release" eq "10" ) && ( $patchlevel gt 0 ) ) {
$zypperopt = "--non-interactive --no-gpg-checks --terse list-updates";
}
else {
$zypperopt = "--xmlout --non-interactive list-updates -t package -t patch";
}
}
$use_sudo .= "$sudo" if ($opt_s);
if ($opt_h) {
print_help();
exit $ERRORS{'OK'};
}
if ($opt_i) {
if ( !-r "$opt_i" ) {
print "Updates CRITICAL - can't find file '$opt_i' - perhaps you should not use option '-i'?\n";
exit $ERRORS{"CRITICAL"};
}
else {
open( IGNORES, "<$opt_i" ) or die "Could not open $opt_i: $!\n";
print "INFO: Ignoring the following patches/packages:\n" if ($DEBUG);
while (<IGNORES>) {
next if /^#/;
next if /^\s*$/;
chomp;
if ( (/^patch:/) || (/^Patch:/) ) {
my ( $foo, $toadd ) = split( ':', $_, 2 );
$toadd =~ s/\s*//g; # Patch names have no whitespaces
print "INFO: + Patch : $toadd\n" if ($DEBUG);
push @patchignore, "$toadd";
}
elsif ( (/^package:/) || (/^Package:/) ) {
my ( $foo, $toadd ) = split( ':', $_, 2 );
$toadd =~ s/\s*//g; # Package names have no whitespaces
print "INFO: + Package: $toadd\n" if ($DEBUG);
push @packageignore, "$toadd";
}
}
close(IGNORES);
}
}
if ($opt_r) {
my ( $ret_str, $error ) = refresh_zypper();
if ($error) {
print "$ret_str\n";
exit $ERRORS{"UNKNOWN"};
}
}
alarm(0);
if ( check_zypper() ) {
print "Updates UNKNOWN - system does not allow to execute zypper\n";
exit $ERRORS{"UNKNOWN"};
}
else {
my ( $ret_str, $error ) = check();
print "Updates $ret_str";
$exitcode = $ERRORS{$error};
print STDERR "INFO: Exit-Code: " . $exitcode . "\n" if ($DEBUG);
exit $exitcode;
}
