Using icinga's (nagios'?) apt CheckCommand I can get warned if there are package updates available. I noticed that there is also an --upgrade argument in the apt CheckCommand.
Is it possible to perform apt-get upgrade on remote hosts using icinga2?
If yes, what would be the approach? I wouldn't like package upgrades done completely automatic, but rather use icinga to perform an upgrade of all hosts on demand.
The apt CheckCommand (Script) looks like this:
object CheckCommand "apt" {
import "plugin-check-command"
command = [ PluginDir + "/check_apt" ]
timeout = 5m
arguments += {
"--critical" = {
description = "If the full package information of any of the upgradable packages match this REGEXP, the plugin will return CRITICAL status. Can be specified multiple times."
value = "$apt_critical$"
}
"--dist-upgrade" = {
description = "Perform a dist-upgrade instead of normal upgrade. Like with -U OPTS can be provided to override the default options."
value = "$apt_dist_upgrade$"
}
"--exclude" = {
description = "Exclude packages matching REGEXP from the list of packages that would otherwise be included. Can be specified multiple times."
value = "$apt_exclude$"
}
"--extra-opts" = {
description = "Read options from an ini file."
value = "$apt_extra_opts$"
}
"--include" = {
description = "Include only packages matching REGEXP. Can be specified multiple times the values will be combined together."
value = "$apt_include$"
}
"--timeout" = {
description = "Seconds before plugin times out (default: 10)."
value = "$apt_timeout$"
}
"--upgrade" = {
description = "[Default] Perform an upgrade. If an optional OPTS argument is provided, apt-get will be run with these command line options instead of the default."
value = "$apt_upgrade$"
}
}
}
I may have answered this already at monitoring-portal.org but will add it here too.
Icinga is not a lifecycle management tool which actively ensures that your systems are in a specified state, i.e. package version => latest. Icinga is for Monitoring this fact and to alert a person who is responsible for the system.
The reason why you shoudn't run upgrades in an automated fashion - package updates sometimes require data migration, or service restarts. That may harm your operative business, if no maintenance window is scheduled (best example: apache and sessions, or mysql server connections).
Look into management tools like Foreman in combination with Puppet, Ansible. Katello could be interesting too in terms of package management.