ansible-roles/nrpe
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

revue de l'option reset du check_reboot_required (ajout d'un fichier d'exclusion)

Browse Source
This commit is contained in:
Ludovic Cartier
2026-05-23 11:38:21 +02:00
parent 80d5d98c9d
commit a4d214e451
1 changed files with 66 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files
files/nrpe/check_reboot_required
+66 -43
View File
@@ -4,18 +4,21 @@
#
# Supported distributions:
# - Debian / Ubuntu : checks /run/reboot-required (written by unattended-upgrades
# or update-notifier after kernel/libc upgrades)
# or update-notifier after kernel/libc upgrades), then falls back to comparing
# the running kernel with the latest installed kernel package.
#
# Exit codes:
# 0 - OK : No reboot required.
# 0 - OK : No reboot required (or alert acknowledged).
# 1 - WARNING : (not used)
# 2 - CRITICAL : System needs to be rebooted.
# 3 - UNKNOWN : Cannot determine reboot status.
#
# Usage: check_reboot_required [-v] [-r]
# Usage: check_reboot_required [-v] [-r] [-f <ack_file>]
# -v Verbose: also print the list of packages that triggered the requirement.
# -r Reset: remove /run/reboot-required (and .pkgs) to clear the alert.
# Requires root privileges (or sudo).
# -r Acknowledge: create the ack file to suppress the alert until next reboot.
# The ack file is auto-removed once no reboot is needed anymore.
# -f Path to the acknowledgement file
# (default: /var/lib/nagios/reboot_required_ack).
#
# --- Nagios exit codes ---
@@ -25,30 +28,28 @@ STATE_CRITICAL=2
STATE_UNKNOWN=3
VERBOSE=0
RESET=0
ACK=0
ACK_FILE="/var/lib/nagios/reboot_required_ack"
while getopts "vr" opt; do
while getopts "vrf:" opt; do
case $opt in
v) VERBOSE=1 ;;
r) RESET=1 ;;
*) echo "Usage: $0 [-v] [-r]"; exit $STATE_UNKNOWN ;;
r) ACK=1 ;;
f) ACK_FILE="$OPTARG" ;;
*) echo "Usage: $0 [-v] [-r] [-f <ack_file>]"; exit $STATE_UNKNOWN ;;
esac
done
# -----------------------------------------------------------------------
# Reset: remove /run/reboot-required to clear the alert
# Acknowledge mode: create the ack file to suppress the alert
# -----------------------------------------------------------------------
if [ "$RESET" -eq 1 ]; then
if [ ! -f /run/reboot-required ]; then
echo "OK: /run/reboot-required does not exist, nothing to clear."
exit $STATE_OK
fi
rm -f /run/reboot-required /run/reboot-required.pkgs 2>/dev/null
if [ "$ACK" -eq 1 ]; then
touch "$ACK_FILE" && chmod 640 "$ACK_FILE"
if [ $? -eq 0 ]; then
echo "OK: /run/reboot-required cleared successfully."
echo "OK: Reboot alert acknowledged. Alert suppressed until next reboot."
exit $STATE_OK
else
echo "UNKNOWN: Failed to remove /run/reboot-required (permission denied?)"
echo "UNKNOWN: Failed to create acknowledgement file '${ACK_FILE}' (permission denied?)"
exit $STATE_UNKNOWN
fi
fi
@@ -59,7 +60,6 @@ fi
_debian_pkg_list() {
local pkgs_file="/run/reboot-required.pkgs"
if [ -f "$pkgs_file" ] && [ -s "$pkgs_file" ]; then
# Deduplicate, sort, join on commas
sort -u "$pkgs_file" | tr '\n' ',' | sed 's/,$//' | sed 's/,/, /g'
else
echo "(package list unavailable)"
@@ -67,25 +67,30 @@ _debian_pkg_list() {
}
# -----------------------------------------------------------------------
# Debian / Ubuntu path
# -----------------------------------------------------------------------
if [ -f /run/reboot-required ]; then
if [ "$VERBOSE" -eq 1 ]; then
pkg_list=$(_debian_pkg_list)
echo "CRITICAL: Reboot required. Triggering packages: ${pkg_list}"
else
echo "CRITICAL: Reboot required."
fi
exit $STATE_CRITICAL
fi
# -----------------------------------------------------------------------
# Fallback: compare running kernel with installed kernel
# Detect if a reboot is needed
# -----------------------------------------------------------------------
running_kernel=$(uname -r)
reboot_needed=0
reboot_reason=""
# Primary: /run/reboot-required (set by unattended-upgrades / update-notifier)
if [ -f /run/reboot-required ]; then
reboot_needed=1
if [ "$VERBOSE" -eq 1 ]; then
pkg_list=$(_debian_pkg_list)
reboot_reason="Reboot required. Triggering packages: ${pkg_list}"
else
reboot_reason="Reboot required."
fi
fi
# Fallback: compare running kernel with latest installed kernel
if [ "$reboot_needed" -eq 0 ]; then
if ! command -v dpkg >/dev/null 2>&1; then
echo "UNKNOWN: 'dpkg' not found. Cannot determine reboot status."
exit $STATE_UNKNOWN
fi
# Try Debian/Ubuntu kernel package name
if command -v dpkg >/dev/null 2>&1; then
installed_kernel=$(dpkg -l "linux-image-*" 2>/dev/null \
| awk '/^ii/{print $2}' \
| sed 's/linux-image-//' \
@@ -93,14 +98,32 @@ if command -v dpkg >/dev/null 2>&1; then
| sort -V \
| tail -1)
if [ -n "$installed_kernel" ] && [ "$installed_kernel" != "$running_kernel" ]; then
echo "CRITICAL: Reboot required. Running kernel: ${running_kernel}, latest installed: ${installed_kernel}."
exit $STATE_CRITICAL
elif [ -n "$installed_kernel" ]; then
echo "OK: No reboot required. Running kernel: ${running_kernel}."
exit $STATE_OK
if [ -z "$installed_kernel" ]; then
echo "UNKNOWN: No versioned kernel package found via dpkg."
exit $STATE_UNKNOWN
fi
if [ "$installed_kernel" != "$running_kernel" ]; then
reboot_needed=1
reboot_reason="Reboot required. Running kernel: ${running_kernel}, latest installed: ${installed_kernel}."
fi
fi
echo "UNKNOWN: Unable to determine if a reboot is required on this system."
exit $STATE_UNKNOWN
# -----------------------------------------------------------------------
# Evaluate result
# -----------------------------------------------------------------------
if [ "$reboot_needed" -eq 0 ]; then
# Auto-clear the ack file once the system no longer needs a reboot
rm -f "$ACK_FILE" 2>/dev/null
echo "OK: No reboot required. Running kernel: ${running_kernel}."
exit $STATE_OK
fi
# Reboot is needed: check if it has been acknowledged
if [ -f "$ACK_FILE" ]; then
echo "OK: ${reboot_reason} (acknowledged - waiting for reboot)"
exit $STATE_OK
fi
echo "CRITICAL: ${reboot_reason}"
exit $STATE_CRITICAL