On Thu, Jul 28, 2011 at 05:20:35PM -0400, James Antill wrote: > *nods*, pushed these ... more patches please :).
Cool. Here's one more, which _should_ only be cosmetic and have no changes in functionality. The caveat is that I've only tested it lightly -- like, in the past fifteen minutes. So it may have some accidentally-introduced bugs, which in any case I promise to smooth out quickly. (It's now running live on a couple of test systems, so I should find out.) If you want to wait to push this one I understand. :) -- Matthew Miller [email protected] <http://mattdm.org/>
>From 0c50ecaa5618d451dcf2ae29cfb3952ac0cb8ddf Mon Sep 17 00:00:00 2001 From: Matthew Miller <[email protected]> Date: Thu, 28 Jul 2011 17:23:55 -0400 Subject: [PATCH 3/3] Make yum-cron code and config files prettier. Added comments (including important clarifications for config options). Also includes some somewhat-gratuitous formatting changes, but should have no differences in functionality --- yum-cron/yum-cleanup.cron.sh | 11 ++- yum-cron/yum-cron.sh | 135 ++++++++++++++++++++++++++---------------- yum-cron/yum-cron.sysconfig | 124 +++++++++++++++++++++++--------------- yum-cron/yum-cron.sysvinit | 19 +++--- yum-cron/yum-update.cron.sh | 13 +++-- 5 files changed, 185 insertions(+), 117 deletions(-) diff --git a/yum-cron/yum-cleanup.cron.sh b/yum-cron/yum-cleanup.cron.sh index 0842135..e38e80f 100755 --- a/yum-cron/yum-cleanup.cron.sh +++ b/yum-cron/yum-cleanup.cron.sh @@ -1,23 +1,26 @@ #!/bin/bash -# Only run if this flag file is set (by /etc/rc.d/init.d/yum-cron) +# Only run if this flag is set. The flag is created by the yum-cron init +# script when the service is started -- this allows one to use chkconfig and +# the standard "service stop|start" commands to enable or disable yum-cron. if [[ ! -f /var/lock/subsys/yum-cron ]]; then exit 0 fi -# Grab config settings +# Read configuration settings from the sysconfig directory. if [[ -f /etc/sysconfig/yum-cron ]]; then source /etc/sysconfig/yum-cron fi -# Only run on certain days of the week +# Only run on certain days of the week, based on the +# settings in the above-mentioned sysconfig file. dow=`date +%w` DAYS_OF_WEEK=${DAYS_OF_WEEK:-0123456} if [[ "${DAYS_OF_WEEK/$dow/}" == "${DAYS_OF_WEEK}" ]]; then exit 0 fi -# And only _clean_ on a subset of that +# And only _clean_ on a subset of the configured days. CLEANDAY=${CLEANDAY:-0} if [[ "${CLEANDAY/$dow/}" == "${CLEANDAY}" ]]; then exit 0 diff --git a/yum-cron/yum-cron.sh b/yum-cron/yum-cron.sh index d1a32ec..1b690f1 100755 --- a/yum-cron/yum-cron.sh +++ b/yum-cron/yum-cron.sh @@ -1,110 +1,143 @@ #!/bin/bash +# This script is designed to be run from cron to automatically keep your +# system up to date with the latest security patches and bug fixes. It +# can download and/or apply package updates as configured in +# /etc/sysconfig/yum-cron. + + +# These are used by /etc/init.d/yum-cron on shutdown to protect against +# abruptly shutting down mid-transaction. Therefore, you shouldn't change +# them without changing that. LOCKDIR=/var/lock/yum-cron.lock -LOCKFILE=$LOCKDIR/pidfile +PIDFILE=$LOCKDIR/pidfile TSLOCK=$LOCKDIR/ts.lock + + +# This is the home of the yum scripts which power the various actions the +# yum-cron system performs. SCRIPTDIR=/usr/share/yum-cron/ -if [ -z "$1" ]; then +# If no command line options were given, exit with a usage message. +if [[ -z "$1" ]]; then echo "Usage: yum-cron {update|cleanup|...}" exit 1 else ACTION=$1 fi +# If a command line option was given, it must match a yum script. YUMSCRIPT=${SCRIPTDIR}/${ACTION}.yum -if [ ! -r $YUMSCRIPT ]; then +if [[ ! -r $YUMSCRIPT ]]; then echo "Script for action \"$ACTION\" is not readable in $SCRIPTDIR." exit 1 fi -# Grab config settings -if [ -f /etc/sysconfig/yum-cron ]; then + +# Read the settings from our config file. +if [[ -f /etc/sysconfig/yum-cron ]]; then source /etc/sysconfig/yum-cron fi -# set default for SYSTEMNAME -[ -z "$SYSTEMNAME" ] && SYSTEMNAME=$( hostname ) -# if DOWNLOAD_ONLY is set then we force CHECK_ONLY too. -# Gotta check before one can download! -if [ "$DOWNLOAD_ONLY" == "yes" ]; then - CHECK_ONLY=yes -fi +# If no system name is set, use the hostname +[[ -z "$SYSTEMNAME" ]] && SYSTEMNAME=$( hostname ) + +# If DOWNLOAD_ONLY is set, then we force CHECK_ONLY too. +# Gotta check for updates before we can possibly download them. +[[ "$DOWNLOAD_ONLY" == "yes" ]] && CHECK_ONLY=yes +# This holds the output from the "meat" of this script, so that it can +# be nicely mailed to the configured destination when we're done. YUMTMP=$(mktemp /var/run/yum-cron.XXXXXX) touch $YUMTMP -[ -x /sbin/restorecon ] && /sbin/restorecon $YUMTMP +# Yay SELinux. +[[ -x /sbin/restorecon ]] && /sbin/restorecon $YUMTMP -# Note - the lockfile code doesn't try and use YUMTMP to email messages nicely. -# Too many ways to die, this gets handled by normal cron error mailing. -# Try mkdir for the lockfile, will test for and make it in one atomic action +# Here is the gigantic block of lockfile logic. +# +# Note: the lockfile code doesn't currently try and use YUMTMP to email +# messages nicely, so this gets handled by normal cron error mailing. +# + +# We use mkdir for the lockfile, as this will test for and if possible +# create the lock in one atomic action. (So there's no race condition.) if mkdir $LOCKDIR 2>/dev/null; then - # store the current process ID in there so we can check for staleness later - echo "$$" >"${LOCKFILE}" - # and clean up locks and tempfile if the script exits or is killed - trap "{ rm -f $LOCKFILE $TSLOCK; rmdir $LOCKDIR 2>/dev/null; rm -f $YUMTMP; exit 255; }" INT TERM EXIT + # Store the current process ID in the lock directory so we can check for + # staleness later. + echo "$$" >"${PIDFILE}" + # And, clean up locks and tempfile when the script exits or is killed. + trap "{ rm -f $PIDFILE $TSLOCK; rmdir $LOCKDIR 2>/dev/null; rm -f $YUMTMP; exit 255; }" INT TERM EXIT else - # lock failed, check if process exists. First, if there's no PID file - # in the lock directory, something bad has happened, we can't know the - # process name, so clean up the old lockdir and restart - if [ ! -f $LOCKFILE ]; then + # Lock failed -- check if a running process exists. + # First, if there's no PID file in the lock directory, something bad has + # happened. We can't know the process name, so, clean up the old lockdir + # and restart. + if [[ ! -f $PIDFILE ]]; then rmdir $LOCKDIR 2>/dev/null - echo "yum-cron: no lock PID, clearing and restarting myself" >&2 + echo "yum-cron: no lock PID; clearing and restarting myself." >&2 exec $0 "$@" fi - OTHERPID="$(cat "${LOCKFILE}")" + OTHERPID="$(cat "${PIDFILE}")" # if cat wasn't able to read the file anymore, another instance probably is # about to remove the lock -- exit, we're *still* locked - if [ $? != 0 ]; then - echo "yum-cron: lock failed, PID ${OTHERPID} is active" >&2 + if [[ $? != 0 ]]; then + echo "yum-cron: lock failed. PID ${OTHERPID} is active." >&2 exit 0 fi if ! kill -0 $OTHERPID &>/dev/null; then - # lock is stale, remove it and restart - echo "yum-cron: removing stale lock of nonexistant PID ${OTHERPID}" >&2 + # Lock is stale. Remove it and restart. + echo "yum-cron: removing stale lock of nonexistant PID ${OTHERPID}." >&2 rm -rf "${LOCKDIR}" - echo "yum-cron: restarting myself" >&2 + echo "yum-cron: restarting myself." >&2 exec $0 "$@" else - # Remove stale (more than a day old) lockfiles + # Remove lockfiles more than a day old -- they must be stale. find $LOCKDIR -type f -name 'pidfile' -amin +1440 -exec rm -rf $LOCKDIR \; - # if it's still there, it wasn't too old, bail - if [ -f $LOCKFILE ]; then - # lock is valid and OTHERPID is active - exit, we're locked! - echo "yum-cron: lock failed, PID ${OTHERPID} is active" >&2 + # If it's still there, it *wasn't* too old. Bail! + if [[ -f $PIDFILE ]]; then + # Lock is valid and OTHERPID is active -- exit, we're locked! + echo "yum-cron: lock failed. PID ${OTHERPID} is active." >&2 exit 0 else - # lock was invalid, restart - echo "yum-cron: removing stale lock belonging to stale PID ${OTHERPID}" >&2 - echo "yum-cron: restarting myself" >&2 + # Lock was invalid. Restart. + echo "yum-cron: removing stale lock belonging to stale PID ${OTHERPID}." >&2 + echo "yum-cron: restarting myself." >&2 exec $0 "$@" fi fi fi -# Now, do the actual work; we special case "update" because it has -# complicated conditionals; for everything else we just run yum with the -# right parameters and corresponding script. Right now, that's just -# "cleanup" but theoretically there could be other actions. +# Now, do the actual work. + +# We special case "update" because it has complicated conditionals; for +# everything else we just run yum with the right parameters and +# corresponding script. Right now, that's just "cleanup" but theoretically +# there could be other actions. { case "$ACTION" in update) - if [ "$CHECK_ONLY" == "yes" ]; then + # There's three broad possibilties here: + # CHECK_ONLY (possibly with DOWNLOAD_ONLY) + # CHECK_FIRST (exits _silently_ if we can't access the repos) + # nothing special -- just do it + + if [[ "$CHECK_ONLY" == "yes" ]]; then + # TSLOCK is used by the safe-shutdown code in the init script. touch $TSLOCK /usr/bin/yum $YUM_PARAMETER -e 0 -d 0 -y check-update 1> /dev/null 2>&1 case $? in 1) exit 1;; 100) echo "New updates available for host $SYSTEMNAME"; /usr/bin/yum $YUM_PARAMETER -e ${ERROR_LEVEL:-0} -d ${DEBUG_LEVEL:-0} -y -C check-update - if [ "$DOWNLOAD_ONLY" == "yes" ]; then + if [[ "$DOWNLOAD_ONLY" == "yes" ]]; then /usr/bin/yum $YUM_PARAMETER -e ${ERROR_LEVEL:-0} -d ${DEBUG_LEVEL:-0} -y --downloadonly update echo "Updates downloaded. Use \"yum -C update\" manually to install them." fi ;; esac - elif [ "$CHECK_FIRST" == "yes" ]; then - # Don't run if we can't access the repos + elif [[ "$CHECK_FIRST" == "yes" ]]; then + # Don't run if we can't access the repos. touch $TSLOCK /usr/bin/yum $YUM_PARAMETER -e 0 -d 0 check-update 2>&- case $? in @@ -126,11 +159,11 @@ fi } >> $YUMTMP 2>&1 -if [ ! -z "$MAILTO" ] && [ -x /bin/mail ]; then -# if MAILTO is set, use mail command (ie better than standard mail with cron output) - [ -s "$YUMTMP" ] && mail -s "System update: $SYSTEMNAME" $MAILTO < $YUMTMP +if [[ ! -z "$MAILTO" && -x /bin/mail ]]; then +# If MAILTO is set, use mail command for prettier output. + [[ -s "$YUMTMP" ]] && mail -s "System update: $SYSTEMNAME" $MAILTO < $YUMTMP else -# default behavior is to use cron's internal mailing of output from cron-script +# The default behavior is to use cron's internal mailing of output. cat $YUMTMP fi rm -f $YUMTMP diff --git a/yum-cron/yum-cron.sysconfig b/yum-cron/yum-cron.sysconfig index 5b40237..a689446 100644 --- a/yum-cron/yum-cron.sysconfig +++ b/yum-cron/yum-cron.sysconfig @@ -1,64 +1,92 @@ -# Pass any given paramter to yum, as run in all the scripts invoked -# by this package. Be aware that this is global, and yum is invoked in -# several modes by these scripts for which your own parameter might not -# be appropriate +# This is the configuration file for yum-cron, a simple system for +# keeping your machine up to date. These options are used variously by +# the main script, by the cron scripts, and by the init script. + +# Main Options +#-------------------------------------------------------------------------- + +# Pass any given parameter to yum, as run in all the scripts invoked by +# this package. Be aware that this is global, and yum is invoked in +# several modes by these scripts, and your parameter might not be +# appropriate in all cases. YUM_PARAMETER= -# Don't install, just check (valid: yes|no) +# Don't install; just check and report. +# (Valid options: yes|no) CHECK_ONLY=no -# Check to see if you can reach the repos before updating (valid: yes|no) +# Don't install; just check for and download any pending updates. This +# implies CHECK_ONLY=yes, as we've gotta check first to see what to +# download. +# (Valid options: yes|no) +DOWNLOAD_ONLY=no + +# Check to see if we can reach the repos before attempting an update. +# If there is an error, exit silently with no output. You might want +# this if you know your network connectivity is sporadic. +# (Valid options: yes|no) CHECK_FIRST=no -# Don't install, just check and download (valid: yes|no) -# Implies CHECK_ONLY=yes (gotta check first to see what to download) -DOWNLOAD_ONLY=no -# Error level, practical range 0-10, 0 means print only critical errors which -# you must be told, 1 means print all errors, even ones that are not important -# Level 0 is the default -# ERROR_LEVEL=0 - -# Debug level, practical range 0-10, higher number means more output -# Level 1 is a useful level if you want to see what's been done and -# don't want to read /var/log/yum.log -# Level 0 is the default -# DEBUG_LEVEL=1 - -# Wait a random time before applying updates. -# With a value of 60, yum-cron will waits random time from 1 to 60 minutes. -# The value must not be zero -# Note that this parameter affects the daily cron script; if you change that -# file or run yum-cron in a different way it will have no effect. -RANDOMWAIT="60" - -# if MAILTO is set and the mail command is available, the mail command -# is used to deliver yum output - -# by default MAILTO is unset, so crond mails the output by itself -# example: MAILTO=root -MAILTO= - -# you may set SYSTEMNAME if you want your yum emails tagged differently -# default is output of hostname command -# this variable is used only if MAILTO is set too +# Yum error level. The practical range is 0-10, where 0 means print +# only critical errors, and 10 means print all errors, even ones that +# are not important. Level 0 is the default if nothing is set. +ERROR_LEVEL=0 + +# Yum debug level. The practical range is 0-10; a higher number means +# more output. Level 1 is a useful level if you want to see what's been +# done and don't want to read /var/log/yum.log. Level 0 is the default +# if no value is set here. +DEBUG_LEVEL=1 + +# If MAILTO is set and the /bin/mail command is available, the mail +# command is used to deliver yum output. If MAILTO is unset, crond will +# send the output by itself, usually to root (but with a less useful +# subject line). +MAILTO=root + +# The reports generated by this command generally use the hostname of +# the system as reported by the hostname command. If you'd prefer to +# use something else, you can set that here. #SYSTEMNAME="" -# you may set DAYS_OF_WEEK to the days of the week you want to run -# default is every day -# Note that this parameter affects the daily cron script; if you change that -# file or run yum-cron in a different way it will have no effect. +# Scheduling Options (used by the default cron scripts, +# /etc/cron.daily/yum-cleanup.cron and /etc/cron.daily/yum-update.cron) +# +# Note that if you use a different cron configuration (for example, +# removing the default scripts and adding an entry in /etc/cron.d), +# these values will have no effect -- unless you read and act on them +# in your new configuration. +#-------------------------------------------------------------------------- + +# Wait for a random time up to the given number of minutes before +# applying updates. With a value of 60, yum-cron will delay between 1 +# and 60 minutes. A value of 0 will result in no delay, which is handy +# if you want to ensure that updates happen at a known time, but could +# be bad for update servers to be hit by all clients at exactly the +# same time. +RANDOMWAIT=60 + +# You may set DAYS_OF_WEEK to the numeric days of the week you want to +# run, where 0 is Sunday and 6 is Saturday. The default is to run every +# day. #DAYS_OF_WEEK="0123456" -# which day should it do cleanup on? defaults to 0 (Sunday). If this day isn't in the -# DAYS_OF_WEEK above, it'll never happen -# Note that this parameter affects the daily cron script; if you change that -# file or run yum-cron in a different way it will have no effect. +# The cleanup task (which clears the package cache) can run on a subset +# of the days above. (If the value chosen here doesn't appear in +# DAYS_OF_WEEK, the cleanup task will never happen.) CLEANDAY="0" -# set to yes to make the yum-cron service to wait for transactions to complete +# Init System Options (used by /etc/init.d/yum-cron) +#-------------------------------------------------------------------------- + +# If SERVICE_WAITS is set to "yes", and a transaction is in progress +# when the yum-cron service is stopped, the init script will wait +# up to SERVICE_WAIT_TIME seconds before killing the task. Without +# this, system shutdown continues as normal, potentially breaking +# in-progress transactions. +# (Valid options: yes|no) SERVICE_WAITS=yes -# set maximum time period (in seconds) for the yum-cron service to wait for -# transactions to complete. The default is 300 seconds (5 minutes) +# 300 is the default. SERVICE_WAIT_TIME=300 diff --git a/yum-cron/yum-cron.sysvinit b/yum-cron/yum-cron.sysvinit index 63c5ec0..084dd32 100755 --- a/yum-cron/yum-cron.sysvinit +++ b/yum-cron/yum-cron.sysvinit @@ -1,12 +1,13 @@ #!/bin/bash # -# yum-cron This shell script enables the automatic use of YUM -# -# Author: Seth Vidal <[email protected]> +# yum-cron Enable or disable scheduled yum system updates. # # chkconfig: - 50 01 # -# description: Enable daily run of yum, a program updater. +# description: This controls whether yum-cron runs. If this service is \ +# off, the yum-cron scripts in /etc/cron.daily exit \ +# immediately; otherwise, they download and/or apply package \ +# updates as configured in /etc/sysconfig/yum-cron. # processname: yum-cron # config: /etc/yum/yum-daily.yum # @@ -23,14 +24,14 @@ yumcronpid=/var/lock/yum-cron.lock/pidfile RETVAL=0 start() { - echo -n $"Enabling nightly yum update: " + echo -n $"Enabling scheduled yum updates: " touch "$lockfile" && success || failure RETVAL=$? echo } stop() { - echo -n $"Disabling nightly yum update: " + echo -n $"Disabling scheduled yum updates: " if [ -f "$yumcronpid" -a "$SERVICE_WAITS" = "yes" ]; then yum_done=0 if [ ! -f $tslock ]; then @@ -39,7 +40,7 @@ stop() { yum_done=1 fi if [ $yum_done -eq 0 ]; then - echo -n $"Waiting for yum " + echo -n $"Waiting for in-progress yum transaction " if [ -z "$SERVICE_WAIT_TIME" ]; then SERVICE_WAIT_TIME=300 fi @@ -87,10 +88,10 @@ case "$1" in ;; status) if [ -f $lockfile ]; then - echo $"Nightly yum update is enabled." + echo $"Scheduled yum updates are enabled." RETVAL=0 else - echo $"Nightly yum update is disabled." + echo $"Scheduled yum updates are disabled." RETVAL=3 fi ;; diff --git a/yum-cron/yum-update.cron.sh b/yum-cron/yum-update.cron.sh index 1801a11..c439ad3 100755 --- a/yum-cron/yum-update.cron.sh +++ b/yum-cron/yum-update.cron.sh @@ -1,25 +1,28 @@ #!/bin/bash -# Only run if this flag file is set (by /etc/rc.d/init.d/yum-cron) +# Only run if this flag is set. The flag is created by the yum-cron init +# script when the service is started -- this allows one to use chkconfig and +# the standard "service stop|start" commands to enable or disable yum-cron. if [[ ! -f /var/lock/subsys/yum-cron ]]; then exit 0 fi -# Grab config settings +# Read configuration settings from the sysconfig directory. if [[ -f /etc/sysconfig/yum-cron ]]; then source /etc/sysconfig/yum-cron fi -# Only run on certain days of the week +# Only run on certain days of the week, based on the +# settings in the above-mentioned sysconfig file. dow=`date +%w` DAYS_OF_WEEK=${DAYS_OF_WEEK:-0123456} if [[ "${DAYS_OF_WEEK/$dow/}" == "${DAYS_OF_WEEK}" ]]; then exit 0 fi -# Random wait +# Wait a random number of minutes, again based on +# the setting in the sysconfig file. [[ $RANDOMWAIT -gt 0 ]] && sleep $(( $RANDOM % ($RANDOMWAIT * 60) + 1 )) # Action! exec /usr/sbin/yum-cron update - -- 1.7.6
_______________________________________________ Yum-devel mailing list [email protected] http://lists.baseurl.org/mailman/listinfo/yum-devel
