How to check when yum update was last run
Is there a canonical way to find out the last time that yum update
was run on a system?
Our set up is that we have staging servers that run automatic updates, and provided they don't fall over, we will manually update our production servers about once a month (barring critical updates). (I say manually, ideally I want to manually trigger an update across all of them, but that's another issue).
But you get busy, tasks slip etc. So I want to set up a nagios check that will start bothering us if we've left it too long.
Searching the web hasn't got me very far. Poking around the system, the best thing I've found so far would be something like:
grep Updated /var/log/yum.log | tail -1 | cut -d' ' -f 1-2
which gives me something like Mar 12
which I can then convert into a date. There are a few minor complications about whether the date is this year or last year, and I'd also need to check /var/log/yum.log.1
in case of checking immediately after a logrotate. But that is just scripting details.
This can of course be 'fooled' by an update to a single package rather than a general update.
So is there a more canonical way to see when yum update
was run?
Edit: I've now written a Nagios NRPE plugin that uses the idea I put forward in the question. You can grab it from https://github.com/aptivate/check_yum_last_update
Solution 1:
The yum history option allows the user to view what has happened in past transactions. To make it more simple you can grep Update from yum history
# yum history
Loaded plugins: fastestmirror, refresh-packagekit
ID | Login user | Date and time | Action(s) | Altered
-------------------------------------------------------------------------------
41 | root <root> | 2012-04-27 20:17 | Install | 19
40 | root <root> | 2011-11-20 10:09 | Install | 10
39 | root <root> | 2011-11-20 08:14 | Install | 1 E<
38 | root <root> | 2011-11-19 15:46 | Update | 1
Solution 2:
I think the only way you can be absolutely sure is by running psacct
.
This will allow you to run lastcomm yum
. If you parse this, you will know who ran it and when.
Solution 3:
I am guessing you are pointing a set of 'Dev' servers to a Dev yum repo?
You could do the auto upgrade in a cron/puppet/chef script, which upon success, writes to a file. (say /etc/yum_last
)
Then you could use yum check-update
periodically in cron/other on the Dev servers to see if any updates are available. If this command says > 0 number of updates are available, you compare the current date with the timestamp of file you create when you last did a auto yum upgrade.
If this date difference grows in days, you can have Nagios alert.
You can also look at Pulp if it fits your needs.