Re: Get list of restarted services during upgrade

[Denis Witt <denis.witt@concepts-and-training.de>]

Am 01.07.2013 um 22:15 schrieb Bob Proulx <bob@proulx.com>:

> Ah...  And so the plot thickens!  Quick monitoring, sense a failure,
> trigger a restart on a different node.  And of course I think that
> would all work fine but it would generate a lot of noise to wade
> through when there are upgrades that restart daemons.

Hi Bob,

exactly. My monitored services are depending on each other, so if one fails all other will be migrated too.

>> That is a nice idea, thanks.

> Another idea.  There is probably an apt post hook (untried) such as
> APT::Update::Post-Invoke-Success that could be used at the very end to
> return the node back to normal service.  I know that apt-show-versions
> uses it to run an update script after apt has finished.

rkhunter does this as well, yes. etckeeper hooks in apt/aptitude also. But I like your idea better. When policy-rc.d only exit with 101 when a monitored service should be restarted another "problem" will be solved: If you install a new package which brings his own new daemon this daemon will be started without any problems and you don't have to investigate which services you have to start after the installation (checkrestart will not tell as it wasn't running before). Of course you should know that anyway if you want to run this service, but may avoid problems with installation scripts who expect a running service to configure them(self).

> If you are doing this then you really want to run 'checkrestart' (from
> the debian-goodies package) on a regular basis and deal with what it

*g*

This is my current proof of concept script (written on June 28th):

------------------------------------------------------------------

#!/bin/bash

check_active_node() {
   crm_status=$(crm_mon -1 | grep -i Masters:)
   active_node=`echo $crm_status  | awk -F" " '{print $3}'`

   if [ ${active_node} = `hostname` ]; then
       echo "FATAL: This node is the active node, you cannot update the active node..."
	exit 1
   fi
}

if [ -f "/usr/sbin/crm_mon" ]; then
   check_active_node
fi

if [ ! -f "/usr/sbin/checkrestart" ]; then
   apt-get install debian-goodies
fi

apt-get update

echo ""
echo "The following actions are pending:"
echo ""

apt-get upgrade -s

echo ""
echo "Press any key to continue... (Press Ctrl+C to cancel.)"
read -N 1 foobar

if [ ! -f "/usr/sbin/policy-rc.d" ]; then
   echo "Disable Service-Restart during upgrade"
   cat << EOF > /usr/sbin/policy-rc.d
#!/bin/sh
echo $@
exit 101
EOF
   chmod +x /usr/sbin/policy-rc.d
fi

apt-get upgrade | tee /var/log/cat_apt.log

echo ""
echo "The following services needs to be restarted:"
echo ""
checkrestart

------------------------------------------------------------------

> reports.  Because otherwise the daemons may be vulnerable to security
> vulnerabilities that were fixed by the upgrade and installed but never
> restarted to take effect.

Seems that I'm on a good way. Nice to see that we are heading in the same direction.

Thanks for your input. Have a nice day.

Best regards
Denis Witt