Check command “check_apt”

Hi, if i try to run apt-get update befor the check_command “check_apt”, I get the following error:

‘/usr/bin/apt-get -q update’ exited with non-zero status."

Service:

apply Service "linux-apt" {
  display_name = "apt"
  max_check_attempts = 5
  check_interval = 12h
  retry_interval = 30m
  check_command = "linux-apt"
  vars.apt_update = "true"
  vars.no_graph = "true"
  assign where host.vars.os == "linux"
}

Command:

object CheckCommand "linux-apt" {
        command = [ PluginDir + "/check_apt" ]

        arguments = {
                "--extra-opts" = {
                        value = "$apt_extra_opts$"
                        description = "Read options from an ini file."
                }
                "--upgrade" = {
                        value = "$apt_upgrade$"
                        description = "[Default] Perform an upgrade. If an optional OPTS argument is provided, apt-get will be run with these command line options instead of the default."
                }
                "--dist-upgrade" = {
                        value = "$apt_dist_upgrade$"
                        description = "Perform a dist-upgrade instead of normal upgrade. Like with -U OPTS can be provided to override the default options."
                }
                "--include" = {
                        value = "$apt_include$"
                        description = "Include only packages matching REGEXP. Can be specified multiple times the values will be combined together."
                }
                "--exclude" = {
                        value = "$apt_exclude$"
                        description = "Exclude packages matching REGEXP from the list of packages that would otherwise be included. Can be specified multiple times."
                }
                "--critical" = {
                        value = "$apt_critical$"
                        description = "If the full package information of any of the upgradable packages match this REGEXP, the plugin will return CRITICAL status. Can be specified multiple times."
                }
                "--timeout" = {
                        value = "$apt_timeout$"
                        description = "Seconds before plugin times out (default: 10)."
                }
                "--only-critical" = {
                        set_if = "$apt_only_critical$"
                        description = "Only warn about critical upgrades."
                }
                "-u" = {
                        set_if = "$apt_update$"
                        description = "First perform an apt-get update."
                }

        }

        timeout = 5m
}

Is there a way to check for updates without a cronjob on each server?

Kind regards
Robert

Hi,

is there a specific reason to clone the existing apt check command from the ITL?

Why exactly would you run apt-get update manually before that check?

Cheers,
Michael

Hi,
in the original ITL check command is no -u switch.

-u, --update=OPTS
First perform an ‘apt-get update’. An optional OPTS parameter overrides
the default options. Note: you may also need to adjust the global
timeout (with -t) to prevent the plugin from timing out if apt-get
upgrade is expected to take longer than the default timeout.

I only want to have a current number of updates. By default, check_apt will only display the number of updates in the “cache”.

Regards,
Robert

Ah, ok. This can be simplified with importing the command, and not duplicating anything. You might also want to send a PR on GitHub to allow this being updated :slight_smile:

object CheckCommand "linux-apt" {
  import "apt"

  arguments += {
     "-u" = {
      set_if = "$apt_update$"
      description = "First perform an apt-get update."
     }
  }
} 

It seems though that this either runs into a timeout, or has other problems. Can you inspect the executed command line and test that as Icinga user on the shell?

Cheers,
Michael

Hi, great trick with import “apt”. Thank you. :wink:

When i run the command apt-get update as icinga user, then i get the following error:

W: chmod 0700 of directory /var/lib/apt/lists/partial failed - SetupAPTPartialDirectory (1: Operation not permitted)
E: Could not open lock file /var/lib/apt/lists/lock - open (13: Permission denied)
E: Unable to lock directory /var/lib/apt/lists/
W: Problem unlinking the file /var/cache/apt/pkgcache.bin - RemoveCaches (13: Permission denied)
W: Problem unlinking the file /var/cache/apt/srcpkgcache.bin - RemoveCaches (13: Permission denied)

I think it’s easier to set up a cronjob?

Ragrds,
Robert

Seems this requires root permissions … I don’t know how check_apt handles this, would it execute apt-get update with sudo permissions?

Actually, it doesn’t from the man pages.

The following options require root privileges and should be used with care:

 -u, --update=OPTS
    First perform an 'apt-get update'.  An optional OPTS parameter overrides
    the default options.  Note: you may also need to adjust the global
    timeout (with -t) to prevent the plugin from timing out if apt-get
    upgrade is expected to take longer than the default timeout.

A cron job is doable, but not too often - updating the cache is rather expensive. Still it is better outside of the plugin not letting it run into a timeout.

Cheers,
Michael

Hmm, ok. Then the cronjob. Thanks for the quick support.

Greetings,
Robert