On Sat, 22 Nov 2014 12:07:00 -0600 Frank Cox <theatre at melvilletheatre.com> wrote:> On Sat, 22 Nov 2014 15:32:32 +0100 > Gabriele Pohl wrote: > > > As written in my other mail, the intention is > > to get triggered when security updates are pending. > > why not set up something to watch the centos-announce list, > parse the subject lines for "Security", and then > do whatever you need to do after that.because I want the alert for my individual machines. So the proposed method is no solution for an automagical trigger :) As said in my earlier mail I use Munin for system monitoring and want the raven to croak when a node has pending security updates: http://gallery.munin-monitoring.org/distro/plugins/node.d.linux/yum.html But thanks for sharing your idea ~ Cheers, Gabriele
On Sat, 22 Nov 2014 19:52:30 +0100 Gabriele Pohl wrote:> > because I want the alert for my individual machines. > So the proposed method is no solution > for an automagical trigger :)You still can do that without expending too much effort. One way would be to monitor centos-announce, parse the subject lines, copy the security update filenames to a text or database file. (sqlite is made for this kind of thing.) You can either keep a list on each machine or have a central data repository, whichever suits you best. Then all you need to do is have each machine run "yum check-update" on whatever timed basis you wish. Capture the list of pending updates, compare it against your database, and then do your thing. -- MELVILLE THEATRE ~ Real D 3D Digital Cinema ~ www.melvilletheatre.com
On Sat, 22 Nov 2014 13:17:59 -0600 Frank Cox <theatre at melvilletheatre.com> wrote:> On Sat, 22 Nov 2014 19:52:30 +0100 > Gabriele Pohl wrote: > > > > because I want the alert for my individual machines. > > So the proposed method is no solution > > for an automagical trigger :) > > You still can do that without expending too much effort.Although the proposal you made is /possible/ to implement, I will not do it, because I think that this is the wrong way to solve the issue.> One way would be to monitor centos-announce, parse the subject lines, > copy the security update filenames to a text or database file. > (sqlite is made for this kind of thing.) > You can either keep a list on each machine or have a central data repository, > whichever suits you best.Pardon me, but I think it is madness to maintain the info outside of yum. And your method is not suitable to use within Munin monitoring. And a Munin capable solution is what I am looking for with highest priority.> Then all you need to do is have each machine run "yum check-update" > on whatever timed basis you wish. Capture the list of pending updates, > compare it against your database, and then do your thing.I don't like to spend time in creating ugly workarounds.. and therefore would highly appreciate if the CentOS-Developers will add the data to the yum repositories. Then I can use Munin to monitor the pending security packages also for CentOS as now only for my RHEL machines. All the best and thanks again, Gabriele