summaryrefslogtreecommitdiffstats
path: root/hosts/profitbricks-build6-i386/usr
diff options
context:
space:
mode:
authorHolger Levsen <holger@layer-acht.org>2016-03-25 14:04:17 -0400
committerHolger Levsen <holger@layer-acht.org>2016-03-25 14:04:17 -0400
commitd4a521c6aadfb2b86d8a278d8d850050d14315ee (patch)
treed33fce16704be09d60892a3c33764912ce0e4c8d /hosts/profitbricks-build6-i386/usr
parentc4e034a518e8d034a2fa5d9127579d774e8f6e79 (diff)
downloadjenkins.debian.net-d4a521c6aadfb2b86d8a278d8d850050d14315ee.tar.xz
reproducible debian: pb-build2+6-amd64 have been reinstalled and renamed to pb-build2+6-i386
Diffstat (limited to 'hosts/profitbricks-build6-i386/usr')
-rwxr-xr-xhosts/profitbricks-build6-i386/usr/local/bin/dsa-check-running-kernel252
-rwxr-xr-xhosts/profitbricks-build6-i386/usr/local/sbin/nagios-check-libs204
2 files changed, 456 insertions, 0 deletions
diff --git a/hosts/profitbricks-build6-i386/usr/local/bin/dsa-check-running-kernel b/hosts/profitbricks-build6-i386/usr/local/bin/dsa-check-running-kernel
new file mode 100755
index 00000000..80f45bfb
--- /dev/null
+++ b/hosts/profitbricks-build6-i386/usr/local/bin/dsa-check-running-kernel
@@ -0,0 +1,252 @@
+#!/bin/bash
+
+# Check if the running kernel has the same version string as the on-disk
+# kernel image.
+
+# Copyright 2008,2009,2011,2012,2013,2014 Peter Palfrader
+# Copyright 2009 Stephen Gran
+# Copyright 2010,2012,2013 Uli Martens
+# Copyright 2011 Alexander Reichle-Schmehl
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+OK=0;
+WARNING=1;
+CRITICAL=2;
+UNKNOWN=3;
+
+get_offset() {
+ local file needle
+
+ file="$1"
+ needle="$2"
+
+ perl -e '
+ undef $/;
+ $i = 0; $k=<>;
+ while (($i = index($k, "'"$needle"'", $i)) >= 0) {
+ print $i++,"\n";
+ }; ' < "$file"
+}
+
+get_avail() {
+ # This is wrong, but leaves room for when we have to care for machines running
+ # myfirstunix-image-0.1-dsa-arm
+ local prefix="$1"; shift
+
+ local kervers=$(uname -r)
+
+ local metavers=''
+
+ # DSA uses kernel versions of the form 2.6.29.3-dsa-dl380-oldxeon, where
+ # Debian uses versions of the form 2.6.29-2-amd64
+ if [ "${kervers#3}" != "$kervers" ]; then
+ metavers=$(echo $kervers | sed -r -e 's/^3\.[0-9]+(\.[0-9])?+-[A-Za-z0-9\.]+-(.*)/\2/')
+ elif [ "${kervers//dsa}" != "$kervers" ]; then
+ metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+([\.0-9]+?)-(.*)/2.\1-\3/')
+ else
+ metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+-[A-Za-z0-9\.]+-(.*)/2.\1-\2/')
+ fi
+
+ # Attempt to track back to a metapackage failed. bail
+ if [ "$metavers" = "$kervers" ]; then
+ return 2
+ fi
+
+ # We're just going to give up if we can't find a matching metapackage
+ # I tried being strict once, and it just caused a lot of headaches. We'll see how
+ # being lax does for us
+
+ local output=$(apt-cache policy ${prefix}-image-${metavers} 2>/dev/null)
+ local metaavailvers=$(echo "$output" | grep '^ Candidate:' | awk '{print $2}')
+ local metainstavers=$(echo "$output" | grep '^ Installed:' | awk '{print $2}')
+
+ if [ -z "$metaavailvers" ] || [ "$metaavailvers" = '(none)' ]; then
+ return 2
+ fi
+ if [ -z "$metainstavers" ] || [ "$metainstavers" = '(none)' ]; then
+ return 2
+ fi
+
+ if [ "$metaavailvers" != "$metainstavers" ] ; then
+ echo "${prefix}-image-${metavers} $metaavailvers available but $metainstavers installed"
+ return 1
+ fi
+
+ local imagename=0
+ # --no-all-versions show shows only the candidate
+ for vers in $(apt-cache --no-all-versions show ${prefix}-image-${metavers} | sed -n 's/^Depends: //p' | tr ',' '\n' | tr -d ' ' | grep ${prefix}-image | awk '{print $1}' | sort -u); do
+ if dpkg --compare-versions "1.$vers" gt "1.$imagename"; then
+ imagename=$vers
+ fi
+ done
+
+ if [ -z "$imagename" ] || [ "$imagename" = 0 ]; then
+ return 2
+ fi
+
+ if [ "$imagename" != "${prefix}-image-${kervers}" ]; then
+ if dpkg --compare-versions 1."$imagename" lt 1."${prefix}-image-${kervers}"; then
+ return 2
+ fi
+ echo "$imagename" != "${prefix}-image-${kervers}"
+ return 1
+ fi
+
+ local availvrs=$(apt-cache policy ${imagename} 2>/dev/null | grep '^ Candidate' | awk '{print $2}')
+ local kernelversion=$(apt-cache policy ${prefix}-image-${kervers} 2>/dev/null | grep '^ Installed:' | awk '{print $2}')
+
+ if [ "$availvrs" = "$kernelversion" ]; then
+ return 0
+ fi
+
+ echo "$kernelversion != $availvrs"
+ return 1
+}
+
+cat_vmlinux() {
+ local image header filter hdroff
+
+ image="$1"
+ header="$2"
+ filter="$3"
+ hdroff="$4"
+
+ get_offset "$image" $header | head -n 5 | while read off; do
+ (if [ "$off" != 0 ]; then
+ dd ibs="$((off+hdroff))" skip=1 count=0
+ fi &&
+ dd bs=512k) < "$image" 2>/dev/null | $filter 2>/dev/null
+ done
+}
+
+get_image_linux() {
+ local image
+
+ image="$1"
+
+ # gzip compressed image
+ cat_vmlinux "$image" "\x1f\x8b\x08\x00" "zcat" 0
+ cat_vmlinux "$image" "\x1f\x8b\x08\x08" "zcat" 0
+ # lzma compressed image
+ cat_vmlinux "$image" "\x00\x00\x00\x02\xff" "xzcat" -1
+ cat_vmlinux "$image" "\x00\x00\x00\x04\xff" "xzcat" -1
+ # xz compressed image
+ cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat" 0
+
+ echo "ERROR: Unable to extract kernel image." 2>&1
+ exit 1
+}
+
+
+freebsd_check_running_version() {
+ local imagefile="$1"; shift
+
+ local r="$(uname -r)"
+ local v="$(uname -v| sed -e 's/^#[0-9]*/&:/')"
+
+ local q='@(#)FreeBSD '"$r $v"
+
+ if zcat "$imagefile" | $STRINGS | grep -F -q "$q"; then
+ echo "OK"
+ else
+ echo "not OK"
+ fi
+}
+
+STRINGS="";
+if [ -x "$(which strings)" ]; then
+ STRINGS="$(which strings)"
+elif [ -x "$(which busybox)" -a "$( echo foobar | $(which busybox) strings 2>/dev/null)" = "foobar" ]; then
+ STRINGS="$(which busybox) strings"
+fi
+
+searched=""
+for on_disk in \
+ "/boot/vmlinuz-`uname -r`"\
+ "/boot/vmlinux-`uname -r`"\
+ "/boot/kfreebsd-`uname -r`.gz"; do
+
+ if [ -e "$on_disk" ]; then
+ if [ -z "$STRINGS" ]; then
+ echo "UNKNOWN: 'strings' command missing, perhaps install binutils or busybox?"
+ exit $UNKNOWN
+ fi
+ if [ "${on_disk/vmlinu}" != "$on_disk" ]; then
+ on_disk_version="`get_image_linux "$on_disk" | $STRINGS | grep 'Linux version' | head -n1`"
+ if [ -x /usr/bin/lsb_release ] ; then
+ vendor=$(lsb_release -i -s)
+ if [ -n "$vendor" ] && [ "xDebian" != "x$vendor" ] ; then
+ on_disk_version=$( echo $on_disk_version|sed -e "s/ ($vendor [[:alnum:]\.-]\+ [[:alnum:]\.]\+)//")
+ fi
+ fi
+ [ -z "$on_disk_version" ] || break
+ on_disk_version="`cat "$on_disk" | $STRINGS | grep 'Linux version' | head -n1`"
+ [ -z "$on_disk_version" ] || break
+
+ echo "UNKNOWN: Failed to get a version string from image $on_disk"
+ exit $UNKNOWN
+ else
+ on_disk_version="$(zcat $on_disk | $STRINGS | grep Debian | head -n 1 | sed -e 's/Debian [[:alnum:]]\+ (\(.*\))/\1/')"
+ fi
+ fi
+ searched="$searched $on_disk"
+done
+
+if ! [ -e "$on_disk" ]; then
+ echo "WARNING: Did not find a kernel image (checked$searched) - I have no idea which kernel I am running"
+ exit $WARNING
+fi
+
+if [ "$(uname -s)" = "Linux" ]; then
+ running_version="`cat /proc/version`"
+ if [ -z "$running_version" ] ; then
+ echo "UNKNOWN: Failed to get a version string from running system"
+ exit $UNKNOWN
+ fi
+
+ if [ "$running_version" != "$on_disk_version" ]; then
+ echo "WARNING: Running kernel does not match on-disk kernel image: [$running_version != $on_disk_version]"
+ exit $WARNING
+ fi
+
+ ret="$(get_avail linux)"
+ if [ $? = 1 ]; then
+ echo "WARNING: Kernel needs upgrade [$ret]"
+ exit $WARNING
+ fi
+else
+ image_current=$(freebsd_check_running_version $on_disk)
+ running_version="`uname -s` `uname -r` `uname -v`"
+ if [ "$image_current" != "OK" ]; then
+ approx_time="$(date -d "@`stat -c '%Y' "$on_disk"`" +"%Y-%m-%d %H:%M:%S")"
+ echo "WARNING: Currently running kernel ($running_version) does not match on disk image (~ $approx_time)"
+ exit $WARNING;
+ fi
+
+ ret="$(get_avail linux)"
+ if [ $? = 1 ]; then
+ echo "WARNING: Kernel needs upgrade [$ret]"
+ exit $WARNING
+ fi
+fi
+
+echo "OK: Running kernel matches on disk image: [$running_version]"
+exit $OK
diff --git a/hosts/profitbricks-build6-i386/usr/local/sbin/nagios-check-libs b/hosts/profitbricks-build6-i386/usr/local/sbin/nagios-check-libs
new file mode 100755
index 00000000..77b37805
--- /dev/null
+++ b/hosts/profitbricks-build6-i386/usr/local/sbin/nagios-check-libs
@@ -0,0 +1,204 @@
+#!/usr/bin/perl -w
+
+# Copyright (C) 2005, 2006, 2007, 2008, 2012, 2015 Peter Palfrader <peter@palfrader.org>
+# 2012 Uli Martens <uli@youam.net>
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+use strict;
+use English;
+use Getopt::Long;
+
+$ENV{'PATH'} = '/bin:/sbin:/usr/bin:/usr/sbin';
+delete @ENV{'IFS', 'CDPATH', 'ENV', 'BASH_ENV'};
+
+my $LSOF = '/usr/bin/lsof -F0';
+my $VERSION = '0.2015012901';
+
+# nagios exit codes
+my $OK = 0;
+my $WARNING = 1;
+my $CRITICAL = 2;
+my $UNKNOWN = 3;
+
+my $params;
+my $config;
+
+Getopt::Long::config('bundling');
+
+sub dief {
+ print STDERR @_;
+ exit $UNKNOWN;
+}
+
+if (!GetOptions (
+ '--help' => \$params->{'help'},
+ '--version' => \$params->{'version'},
+ '--quiet' => \$params->{'quiet'},
+ '--verbose' => \$params->{'verbose'},
+ '-v' => \$params->{'verbose'},
+ '--config=s' => \$params->{'config'},
+ )) {
+ dief ("$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n");
+};
+if ($params->{'help'}) {
+ print "$PROGRAM_NAME: Usage: $PROGRAM_NAME [--help|--version] [--verbose] [--quiet] [--config=<CONFIGFILE>]\n";
+ print "Reports processes that are linked against libraries that no longer exist.\n";
+ print "The optional config file can specify ignore rules - see the sample config file.\n";
+ exit (0);
+};
+if ($params->{'version'}) {
+ print "nagios-check-libs $VERSION\n";
+ print "nagios check for availability of debian (security) updates\n";
+ print "Copyright (c) 2005, 2006, 2007, 2008, 2012 Peter Palfrader <peter\@palfrader.org>\n";
+ exit (0);
+};
+
+if (! defined $params->{'config'}) {
+ $params->{'config'} = '/etc/nagios/check-libs.conf';
+} elsif (! -e $params->{'config'}) {
+ dief("Config file $params->{'config'} does not exist.\n");
+}
+
+if (-e $params->{'config'}) {
+ eval "use YAML::Syck; 1" or dief "you need YAML::Syck (libyaml-syck-perl) to load a config file";
+ open(my $fh, '<', $params->{'config'}) or dief "Cannot open config file $params->{'config'}: $!";
+ $config = LoadFile($fh);
+ close($fh);
+ if (!(ref($config) eq "HASH")) {
+ dief("Loaded config is not a hash!\n");
+ }
+} else {
+ $config = {
+ 'ignorelist' => [
+ '$path =~ m#^/proc/#',
+ '$path =~ m#^/var/tmp/#',
+ '$path =~ m#^/SYS#',
+ '$path =~ m#^/drm$# # xserver stuff',
+ '$path =~ m#^/dev/zero#',
+ '$path =~ m#^/dev/shm/#',
+ ]
+ };
+}
+
+if (! exists $config->{'ignorelist'}) {
+ $config->{'ignorelist'} = [];
+} elsif (! (ref($config->{'ignorelist'}) eq 'ARRAY')) {
+ dief("Config->ignorelist is not an array!\n");
+}
+
+
+my %processes;
+
+sub getPIDs($$) {
+ my ($user, $process) = @_;
+ return join(', ', sort keys %{ $processes{$user}->{$process} });
+};
+sub getProcs($) {
+ my ($user) = @_;
+
+ return join(', ', map { $_.' ('.getPIDs($user, $_).')' } (sort {$a cmp $b} keys %{ $processes{$user} }));
+};
+sub getUsers() {
+ return join('; ', (map { $_.': '.getProcs($_) } (sort {$a cmp $b} keys %processes)));
+};
+sub inVserver() {
+ my ($f, $key);
+ if (-e "/proc/self/vinfo" ) {
+ $f = "/proc/self/vinfo";
+ $key = "XID";
+ } else {
+ $f = "/proc/self/status";
+ $key = "s_context";
+ };
+ open(F, "< $f") or return 0;
+ while (<F>) {
+ my ($k, $v) = split(/: */, $_, 2);
+ if ($k eq $key) {
+ close F;
+ return ($v > 0);
+ };
+ };
+ close F;
+ return 0;
+}
+
+my $INVSERVER = inVserver();
+
+print STDERR "Running $LSOF -n\n" if $params->{'verbose'};
+open (LSOF, "$LSOF -n|") or dief ("Cannot run $LSOF -n: $!\n");
+my @lsof=<LSOF>;
+close LSOF;
+if ($CHILD_ERROR) { # program failed
+ dief("$LSOF -n returned with non-zero exit code: ".($CHILD_ERROR / 256)."\n");
+};
+
+my ($process, $pid, $user);
+LINE: for my $line (@lsof) {
+ if ( $line =~ /^p/ ) {
+ my %fields = map { m/^(.)(.*)$/ ; $1 => $2 } grep { defined $_ and length $_ >1} split /\0/, $line;
+ $process = $fields{c};
+ $pid = $fields{p};
+ $user = $fields{L};
+ next;
+ }
+
+ unless ( $line =~ /^f/ ) {
+ dief("UNKNOWN strange line read from lsof\n");
+ # don't print it because it contains NULL characters...
+ }
+
+ my %fields = map { m/^(.)(.*)$/ ; $1 => $2 } grep { defined $_ and length $_ >1} split /\0/, $line;
+
+ my $fd = $fields{f};
+ my $inode = $fields{i};
+ my $path = $fields{n};
+ if ($path =~ m/\.dpkg-/ || $path =~ m/\(deleted\)/ || $path =~ /path inode=/ || $path =~ m#/\.nfs# || $fd eq 'DEL') {
+ my $deleted_in_path = ($path =~ m/\(deleted\)/ || $path =~ m/\.nfs/);
+ next if ($deleted_in_path && $fd =~ /^[0-9]*$/); # Ignore deleted files that are open via normal file handles.
+ next if ($deleted_in_path && $fd eq 'cwd'); # Ignore deleted directories that we happen to be in.
+
+ $path =~ s/^\(deleted\)//; # in some cases "(deleted)" is at the beginning of the string
+ for my $i (@{$config->{'ignorelist'}}) {
+ my $ignore = eval($i);
+ next LINE if $ignore;
+ }
+ next if ($INVSERVER && ($process eq 'init') && ($pid == 1) && ($user eq 'root'));
+ if ( $params->{'verbose'} ) {
+ print STDERR "adding $process($pid) because of [$path]:\n";
+ print STDERR $line;
+ }
+ $processes{$user}->{$process}->{$pid} = 1;
+ };
+};
+
+
+
+my $message='';
+my $exit = $OK;
+if (keys %processes) {
+ $exit = $WARNING;
+ $message = 'The following processes have libs linked that were upgraded: '. getUsers()."\n";
+} else {
+ $message = "No upgraded libs linked in running processes\n" unless $params->{'quiet'};
+};
+
+print $message;
+exit $exit;