Hi all...
A few weeks ago, I installed (and configured) the three recommended scripts to run yum update check via cron.daily on my CentOS 5.6 server (a Dell 2650). Although it is clearly configured to "check only", it appears to be updating, instead. Has something (environmentally?) changed between the version of CentOS under which those scripts were originally authored and version 5.6, or do I have something (and please, tell me what!) mis-configured somewhere??
Every couple of days (when there are updates, obviously) I'll see something like this in my Logwatch report:
--------------------- yum Begin ------------------------
Packages Updated: nss_ldap-253-37.el5_6.1.i386 poppler-0.5.4-4.4.el5_6.17.i386 ksh-20100202-1.el5_6.5.i386 poppler-utils-0.5.4-4.4.el5_6.17.i386
---------------------- yum End -------------------------
The scripts are set up as follows:
in /etc/cron.daily/yum.cron:
--------------------- yum.cron -------------------------- #!/bin/sh
# Pull in sysconfig settings
. /etc/sysconfig/yum-check
if [ -f /var/lock/subsys/yum ]; then
if [ ${CHECKONLY} = "yes" ];then
/usr/bin/yum-check fi else /usr/bin/yum -R 10 -e 0 -d 0 -y update yum /usr/bin/yum -R 120 -e 0 -d 0 -y update fi ----------------------------------------------------------
in /etc/sysconfig/yum-check: ---------------------- yum-check ------------------------- # yes sets yum to check for updates and mail only if patches are available # no does enable autoupdate if /var/lock/subsys/yum is available CHECKONLY="yes" # defaults to root, leave empty if .forward/alias in place for root MAILTO="" # Set to yes for debugging only! You'll get a mail for each run! CHECKWRK="no" # Seconds to randomize startup, if running from cron to balance load RANGE="3600" ----------------------------------------------------------
and, in /usr/bin/yum-check: ---------------------- yum-check ------------------------- #!/bin/sh # # Name: yum-check # Author: Michael Heiming - 2005-03-11 # Function: Run from cron to check for yum updates # and mail results # Version: 0.7 (initial) # 2005-03-12 0.8 randomize startup (cron only) # Config: /etc/sysconfig/yum
# Pull in sysconfig settings
. /etc/sysconfig/yum-check
maila=${MAILTO:=root} yumdat="/tmp/yum-check-update.$$" yumb="/usr/bin/yum"
# wait a random interval if there is not a controlling terminal, # for load management if ! [ -t ] then num=$RANDOM let "num %= ${RANGE:=1}" sleep $num fi
rm -f ${yumdat%%[0-9]*}*
$yumb check-update >& $yumdat
yumstatus="$?"
case $yumstatus in 100) cat $yumdat |\ mail -s "Alert ${HOSTNAME} updates available!" $maila exit 0 ;; 0) # Only send mail if debug is turned on if [ ${CHECKWRK} = "yes" ];then cat $yumdat |\ mail -s "Yum check succeeded ${HOSTNAME} zero patches available." $maila fi exit 0 ;; *) # Unexpected yum return status (echo "Undefined, yum return status: ${yumstatus}" && \ [ -e "${yumdat}" ] && cat "${yumdat}" )|\ mail -s "Alert ${HOSTNAME} problems running yum." $maila esac
[ -e "${yumdat}" ] && rm ${yumdat} ----------------------------------------------------------
brian wrote:
#!/bin/sh
# Pull in sysconfig settings
. /etc/sysconfig/yum-check
if [ -f /var/lock/subsys/yum ]; then
if [ ${CHECKONLY} = "yes" ];then /usr/bin/yum-check fi else /usr/bin/yum -R 10 -e 0 -d 0 -y update yum /usr/bin/yum -R 120 -e 0 -d 0 -y update
For starters, there is DEBUG option so turn it ON.
Then for testing, change above code from optional check to mandatory by disabling scripts ability to install updates.
There could be something preventing script to get ${CHECKONLY} environment variable. Add code to echo that variable, to check for this.
Ljubomir
Brian,
you have a syntax error in the second if. The yum update is being executed every time. Move the fi just before the else to the end.
Daniel.
* brian turbo@talstar.com [05/24/2011 18:53]:
if [ -f /var/lock/subsys/yum ]; then
if [ ${CHECKONLY} = "yes" ];then /usr/bin/yum-check fi else /usr/bin/yum -R 10 -e 0 -d 0 -y update yum /usr/bin/yum -R 120 -e 0 -d 0 -y updatefi
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Daniel De Marco Sent: Thursday, May 26, 2011 8:42 To: CentOS mailing list Subject: Re: [CentOS] yum check-updates script not working correctly
Brian,
you have a syntax error in the second if. The yum update is being executed every time. Move the fi just before the else to the end.
Make that, a probable, two syntax errors in the second if. The single '=' sign does assignment, a double '==' does string compare.
Plus I think there is a simpler way to control yum, than adding all these scripts that I don't think came in the base install. Modify /etc/yum/yum-updates.conf, which comes in the yum-updatesd package, and `ckconfig yum-updatesd on` #note you probably only want one or the other of either yum-updatesd or the scripts you have.
On some of the systems I run, the run_interval is set ~22000 and do_update is set to no, which achieves near what I think the OP was after. I am not sure if setting emit_via to email or syslog would get the final bit of what the OP was after.
Daniel.
- brian turbo@talstar.com [05/24/2011 18:53]:
if [ -f /var/lock/subsys/yum ]; then
if [ ${CHECKONLY} = "yes" ];then /usr/bin/yum-check fi else /usr/bin/yum -R 10 -e 0 -d 0 -y update yum /usr/bin/yum -R 120 -e 0 -d 0 -y updatefi
Hello Tod,
On Thu, 2011-05-26 at 10:53 -0400, Denniston, Todd A CIV NAVSURFWARCENDIV Crane wrote:
The single '=' sign does assignment, a double '==' does string compare.
No, with the spaces around the '=' and the dollar before the variable name this actually is a test not an assignment. But using double '=' is more clear, agreed. Try
#!/bin/sh C="no" if [ $C = "yes" ]; then echo "1: $C" fi if [ $C="yes" ]; then echo "2: $C" fi
This will return: 2: no
Bash is very peculiar ;)
Regards, Leonard.
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Leonard den Ottolander Sent: Thursday, May 26, 2011 12:23 To: CentOS mailing list Subject: Re: [CentOS] yum check-updates script not working correctly
Hello Tod,
On Thu, 2011-05-26 at 10:53 -0400, Denniston, Todd A CIV NAVSURFWARCENDIV Crane wrote:
The single '=' sign does assignment, a double '==' does string
compare.
No, with the spaces around the '=' and the dollar before the variable name this actually is a test not an assignment. But using double '='
is
more clear, agreed. Try
Thanks for the info.
On 5/26/2011 11:22 AM, Leonard den Ottolander wrote:
if [ $C="yes" ]; then echo "2: $C" fi
This will return: 2: no
Bash is very peculiar ;)
No, it should tokenize this into fields, breaking on the elements in $IFS (normally white space). So you end up with one field and according to 'man test', STRING is equivalent to -n STRING. If you want it to tokenize into more fields so the test sees 2 strings and and operator, you have some white space there.
On 05/26/2011 08:41 AM, Daniel De Marco wrote:
Brian,
you have a syntax error in the second if. The yum update is being executed every time. Move the fi just before the else to the end.
Daniel.
- brianturbo@talstar.com [05/24/2011 18:53]:
if [ -f /var/lock/subsys/yum ]; then
if [ ${CHECKONLY} = "yes" ];then /usr/bin/yum-check fi else /usr/bin/yum -R 10 -e 0 -d 0 -y update yum /usr/bin/yum -R 120 -e 0 -d 0 -y updatefi
Daniel --
ah.. thanks! I will correct that on my copy of the script. As a side note, it's not my scripting error -- I copied the whole set of scripts directly off the CentOS Wiki, so somebody with editing privs there might want to make the same correction...
- Brian
Hello Brian,
On Tue, 2011-05-24 at 18:52 -0400, brian wrote:
if [ -f /var/lock/subsys/yum ]; then
if [ ${CHECKONLY} = "yes" ];then /usr/bin/yum-check fi else /usr/bin/yum -R 10 -e 0 -d 0 -y update yum /usr/bin/yum -R 120 -e 0 -d 0 -y updatefi
in /etc/sysconfig/yum-check: ---------------------- yum-check ------------------------- # yes sets yum to check for updates and mail only if patches are available # no does enable autoupdate if /var/lock/subsys/yum is available CHECKONLY="yes"
Seems like poor logic nesting if you read the comment above. Auto update should only happen if both $CHECKONLY is set to "no" *and* /var/lock/subsys/yum is a file.
if [ $CHECKONLY == "yes" ]; then /usr/bin/yum-check else if [ -f /var/lock/subsys/yum ]; then /usr/bin/yum -R 10 -e 0 -d 0 -y update yum /usr/bin/yum -R 120 -e 0 -d 0 -y update fi fi
is how this should read according to that comment. If you set CHECKONLY to "no" you still have to touch /var/lock/subsys/yum to actually have yum autoupdate.
Regards, Leonard.
Leonard den Ottolander wrote:
Hello Brian,
On Tue, 2011-05-24 at 18:52 -0400, brian wrote:
if [ -f /var/lock/subsys/yum ]; then
if [ ${CHECKONLY} = "yes" ];then /usr/bin/yum-check fi else /usr/bin/yum -R 10 -e 0 -d 0 -y update yum /usr/bin/yum -R 120 -e 0 -d 0 -y updatefi
in /etc/sysconfig/yum-check: ---------------------- yum-check ------------------------- # yes sets yum to check for updates and mail only if patches are available # no does enable autoupdate if /var/lock/subsys/yum is available CHECKONLY="yes"
Seems like poor logic nesting if you read the comment above. Auto update should only happen if both $CHECKONLY is set to "no" *and* /var/lock/subsys/yum is a file.
if [ $CHECKONLY == "yes" ]; then /usr/bin/yum-check else if [ -f /var/lock/subsys/yum ]; then /usr/bin/yum -R 10 -e 0 -d 0 -y update yum /usr/bin/yum -R 120 -e 0 -d 0 -y update fi fi
is how this should read according to that comment. If you set CHECKONLY to "no" you still have to touch /var/lock/subsys/yum to actually have yum autoupdate.
Regards, Leonard.
OP never answered my question if $CHECKONLY is in fact not empty.
So:
echo "CHECKONLY is $CHECKONLY" echo "{CHECKONLY} is ${CHECKONLY}" is for starters.
And I would change this to:
if [ $CHECKONLY == "no" ]; then if [ -f /var/lock/subsys/yum ]; then /usr/bin/yum -R 10 -e 0 -d 0 -y update yum /usr/bin/yum -R 120 -e 0 -d 0 -y update fi else /usr/bin/yum-check fi
This way, if $CHECKONLY is empty script will just check, not update.
Ljubomir
-
brian -
Daniel De Marco -
Denniston, Todd A CIV NAVSURFWARCENDIV Crane -
Leonard den Ottolander -
Les Mikesell -
Ljubomir Ljubojevic