Nathan and I were discussing yesterday the lack of a good way to visualize all of the updates waiting to be installed across a server cluster. I wrote a another knife script to do this, and Seth Falcon helped me clean it up.
# Knife exec script to search for and describe systems needing updates # 2011-01-11 - Bryan McLellan <btm@loftninjas.org> gem "net-ssh", ">= 2.0.23" require 'net/ssh/multi' class AptSsh < Chef::Knife::Ssh # Override configure_session so we can specify where to get the query def configure_session @longest = 0 # Set in Chef::Knife::Ssh.run q = Chef::Search::Query.new @action_nodes = q.search(:node, ARGV[2])[0] fqdns = @action_nodes.map { |item| item.fqdn } if fqdns.empty? Chef::Log.fatal("No nodes returned from search!") exit 10 end session_from_list(fqdns) end def capture_command(command, subsession=nil) host_data = Hash.new { |h, k| h[k] = "" } subsession ||= session command = fixup_sudo(command) subsession.open_channel do |ch| ch.request_pty ch.exec command do |ch, success| raise ArgumentError, "Cannot execute #{command}" unless success ch.on_data do |ichannel, data| host_data[ichannel[:host]] << data if data =~ /^knife sudo password: / ichannel.send_data("#{get_password}\n") end end end end session.loop return host_data end end abort("usage: knife exec apt.knife QUERY") unless ARGV[2] ssh = AptSsh.new ssh.configure_session # install apt-show-versions if it isn't installed install_show_versions = <<EOH if [ ! -e /usr/bin/apt-show-versions ] ; then echo INSTALLING APT-SHOW-VERSIONS ; sudo apt-get install apt-show-versions -y fi EOH ssh.ssh_command(install_show_versions) apt_data = ssh.capture_command('apt-show-versions -u -b') apt_data.each do |host, data| puts "#{host} - #{data.count("\n")} updates, #{data.scan("-security").length} of which are security updates" data.each_line do |line| puts " #{line}" end end # Prevents knife from trying to execute any command line arguments as addtional script files, see CHEF-1973 exit 0
Given a search query, this provides an output of:
$ knife exec apt.knife role:dev webui-dev.example.org - 6 updates, 6 of which are security updates libc-bin/lucid-security libc-dev-bin/lucid-security libc6/lucid-security libc6-dev/lucid-security libc6-i686/lucid-security libc6-xen/lucid-security monitoring-dev.example.orgs - 6 updates, 6 of which are security updates libc-bin/lucid-security libc-dev-bin/lucid-security libc6/lucid-security libc6-dev/lucid-security libc6-i686/lucid-security libc6-xen/lucid-security rabbitmq-dev.example.org - 6 updates, 6 of which are security updates libc-bin/lucid-security libc-dev-bin/lucid-security libc6/lucid-security libc6-dev/lucid-security libc6-i686/lucid-security libc6-xen/lucid-security couchdb-dev.example.org - 7 updates, 7 of which are security updates libc-bin/lucid-security libc-dev-bin/lucid-security libc6/lucid-security libc6-dev/lucid-security xulrunner-1.9.2/lucid-security xulrunner-1.9.2-dev/lucid-security xulrunner-dev/lucid-security
Lets say that you didn’t want to upgrade the couch box, you could modify the search query to not include that box and run again to confirm. Then reuse that search string to trigger the update.
$ knife exec apt.knife "role:dev NOT hostname:couchdb-dev" $ knife ssh "role:dev NOT hostname:couchdb-dev" "sudo apt-get upgrade -y"