Since there are some Linux systems in my environment which need regular updates I built a little routine for that. If you like to take over any parts of it, feel free.
I assume that you know how to setup KACE scripting, Custom Inventory Rules and labels, so I just provide the snippets.
It consists of a regulary running script which does a Detect of patches, a Deployment of patches, cleaning out old downloaded patches and logs it, so I can review errors.
In addition it updates the search database so the newly installed versions can be found and be used in internal scripts.
Prerequisites:
1. all Linux systems have the agent installed2. a local mirror is setup (optional, if not done, the updates are taken from the official mirrors)
3. all Linux systems have an interactive root-account
Setting up the script:
#!/bin/bash
apt update;
update=$?;
apt upgrade -y;
upgrade=$?;
apt dist-upgrade -y;
dist-upgrade=$?;
apt autoremove -y;
remove=$?;
apt autoclean -y;
clean=$?;
updatedb;
search=$?;
rm /root/upgrade.result
echo "last run: " >>/root/upgrade.result
date >>/root/upgrade.result
echo "Results:" >>/root/upgrade.result
echo "updating the patch list: " >>/root/upgrade.result
echo $update >>/root/upgrade.result
echo "run the patches: " >>/root/upgrade.result
echo $upgrade >>/root/upgrade.result
echo "distribution patches: " >>/root/upgrade.result
echo $dist-upgrade >>/root/upgrade.result
echo "Housekeeping: " >>/root/upgrade.result
echo "remove old updates: " >>/root/upgrade.result
echo $remove >>/root/upgrade.result
echo "clean the logs and results: " >>/root/upgrade.result
echo $clean>>/root/upgrade.result
echo "updating the database: " >>/root/upgrade.result
echo $search >>/root/upgrade.result
cat /var/run/reboot-required >>/root/upgrade.result
If needed the script can be split in multiple scripts, so a detect ( apt update ), deploy (apt upgrade and apt dist-upgrade) and the housekeeping steps (apt autoremove and apt autoclean) are split in single scripts.
Result handling and automatic reboot
To have the results directly in the SMA there was simply a small CIR needed:
ShellCommandTextReturn( cat /root/upgrade.result )
The second CIR is needed for getting the info which services need a reboot:
ShellCommandTextReturn( cat /var/run/reboot-required.pkgs )
The third CIR is needed for getting all systems which need to be rebooted:
FileExists (/var/run/reboot-required )
This one is linked to a smart label, which regulary reboots the systems out of hours.
Note: /var/run/reboot-required and /var/run/reboot-required.pkgs are automaticly deleted after a reboot, so rebooted systems fall out of the labels.
Note: the log contains only the last run and brings down the error codes from apt directly. If you need more speaking error messages, just add the translation to the script.
Comments