CentOS - May 2011 - yum check-updates script not working correctly

Hi all...

A few weeks ago, I installed (and configured) the three recommended scripts to
run yum update check via cron.daily on my CentOS 5.6
server (a Dell 2650).  Although it is clearly configured to "check
only", it appears to be updating, instead.  Has something
(environmentally?) changed between the version of CentOS under which those
scripts were originally authored and version 5.6, or do I
have something (and please, tell me what!) mis-configured somewhere??


Every couple of days (when there are updates, obviously) I'll see something
like this in my Logwatch report:

  --------------------- yum Begin ------------------------

  Packages Updated:
     nss_ldap-253-37.el5_6.1.i386
     poppler-0.5.4-4.4.el5_6.17.i386
     ksh-20100202-1.el5_6.5.i386
     poppler-utils-0.5.4-4.4.el5_6.17.i386

  ---------------------- yum End -------------------------


The scripts are set up as follows:

in /etc/cron.daily/yum.cron:

--------------------- yum.cron --------------------------
#!/bin/sh

# Pull in sysconfig settings

. /etc/sysconfig/yum-check


if [ -f /var/lock/subsys/yum ]; then

          if [ ${CHECKONLY} = "yes" ];then

                 /usr/bin/yum-check
          fi
          else
                 /usr/bin/yum -R 10 -e 0 -d 0 -y update yum
                 /usr/bin/yum -R 120 -e 0 -d 0 -y update
fi
----------------------------------------------------------


in /etc/sysconfig/yum-check:
---------------------- yum-check -------------------------
# yes sets yum to check for updates and mail only if patches are available
# no does enable autoupdate if /var/lock/subsys/yum is available
CHECKONLY="yes"
# defaults to root, leave empty if .forward/alias in place for root
MAILTO=""
# Set to yes for debugging only! You'll get a mail for each run!
CHECKWRK="no"
# Seconds to randomize startup, if running from cron to balance load
RANGE="3600"
----------------------------------------------------------


and, in /usr/bin/yum-check:
---------------------- yum-check -------------------------
#!/bin/sh
#
# Name:         yum-check
# Author:       Michael Heiming - 2005-03-11
# Function:     Run from cron to check for yum updates
#               and mail results
# Version:      0.7 (initial)
# 2005-03-12    0.8 randomize startup (cron only)
# Config:       /etc/sysconfig/yum

# Pull in sysconfig settings

. /etc/sysconfig/yum-check

maila=${MAILTO:=root}
yumdat="/tmp/yum-check-update.$$"
yumb="/usr/bin/yum"

#  wait a random interval if there is not a controlling terminal,
#  for load management
if ! [ -t ]
then
          num=$RANDOM
          let "num %= ${RANGE:=1}"
          sleep $num
fi

rm -f ${yumdat%%[0-9]*}*

$yumb check-update >& $yumdat

yumstatus="$?"

case $yumstatus in
          100)
                   cat $yumdat |\
                   mail -s "Alert ${HOSTNAME} updates available!"
$maila
                   exit 0
;;
          0)
                  # Only send mail if debug is turned on
                  if [ ${CHECKWRK} = "yes" ];then
                  cat $yumdat |\
                  mail -s "Yum check succeeded ${HOSTNAME} zero patches
available." $maila
                  fi
                  exit 0
;;
          *)
                  # Unexpected yum return status
                  (echo "Undefined, yum return status: ${yumstatus}"
&& \
                  [ -e "${yumdat}" ] && cat
"${yumdat}" )|\
                  mail -s "Alert ${HOSTNAME} problems running yum."
$maila
esac

[ -e "${yumdat}" ] && rm ${yumdat}
----------------------------------------------------------

brian wrote:
> #!/bin/sh
> 
> # Pull in sysconfig settings
> 
> . /etc/sysconfig/yum-check
> 
> 
> if [ -f /var/lock/subsys/yum ]; then
> 
>           if [ ${CHECKONLY} = "yes" ];then
> 
>                  /usr/bin/yum-check
>           fi
>           else
>                  /usr/bin/yum -R 10 -e 0 -d 0 -y update yum
>                  /usr/bin/yum -R 120 -e 0 -d 0 -y update
For starters, there is DEBUG option so turn it ON.

Then for testing, change above code from optional check to mandatory by 
disabling scripts ability to install updates.

There could be something preventing script to get ${CHECKONLY} 
environment variable. Add code to echo that variable, to check for this.

Ljubomir

Brian,

you have a syntax error in the second if. The yum update is being
executed every time. Move the fi just before the else to the end.

Daniel.

* brian <turbo at talstar.com> [05/24/2011 18:53]:
> if [ -f /var/lock/subsys/yum ]; then
> 
>           if [ ${CHECKONLY} = "yes" ];then
> 
>                  /usr/bin/yum-check
>           fi
>           else
>                  /usr/bin/yum -R 10 -e 0 -d 0 -y update yum
>                  /usr/bin/yum -R 120 -e 0 -d 0 -y update
> fi

Hello Brian,

On Tue, 2011-05-24 at 18:52 -0400, brian wrote:
> if [ -f /var/lock/subsys/yum ]; then
> 
>           if [ ${CHECKONLY} = "yes" ];then
> 
>                  /usr/bin/yum-check
>           fi
>           else
>                  /usr/bin/yum -R 10 -e 0 -d 0 -y update yum
>                  /usr/bin/yum -R 120 -e 0 -d 0 -y update
> fi
> in /etc/sysconfig/yum-check:
> ---------------------- yum-check -------------------------
> # yes sets yum to check for updates and mail only if patches are available
> # no does enable autoupdate if /var/lock/subsys/yum is available
> CHECKONLY="yes"
Seems like poor logic nesting if you read the comment above. Auto update
should only happen if both $CHECKONLY is set to "no"
*and* /var/lock/subsys/yum is a file.

if [ $CHECKONLY == "yes" ]; then
	/usr/bin/yum-check
else
	if [ -f /var/lock/subsys/yum ]; then
		/usr/bin/yum -R 10 -e 0 -d 0 -y update yum
		/usr/bin/yum -R 120 -e 0 -d 0 -y update
	fi
fi

is how this should read according to that comment. If you set CHECKONLY
to "no" you still have to touch /var/lock/subsys/yum to actually have
yum autoupdate.

Regards,
Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research