Hi,
I wonder if someone has a suggestion how to monitor that an Ubuntu server can realy reach repositories configured in the server?
Basically I would like to secure that there is no errors when running “apt update”.
I think you could also just use the APT Upgrade plugin?
Or would the APT Service always be ok, if the server can’t reach any repos (and therefore doesn’t ‘know’ that any upgrades actually are available)
Hi,
Are you using the plugin mk_apt ?
In essence it will add monitoring to/for package updates, and will to do so trigger an apt update.
It is my assumption that when apt update fails (untested) it will report issues when apt update fails.
Plugin should be placed in /usr/lib/check_mk_agent/plugins
Added: i put this in a subdirectory 3600, so package updates are only checked once every hour.
- Glowsome
Hi,
I am using that plugin and it works fine.
But as you say I think it will just show “no updates available” if for instance a firewall suddenly blocks acccess to the repository.
It would have been nice to get a warning if “apt update fail”
As you are using the APT -plugin ( mk_apt), this might become a bit doubled.
A quick test of mine (deliberately blocking a repository on a Debian box of mine by poiting it to 127.0.0.1 in my /etc/hosts):
The command apt-get update -o APT::Update::Error-Mode=any (forcing it to error also on warnings), will if you query the result -code after to 100
apt-get update -o APT::Update::Error-Mode=any
Ign:1 http://download.proxmox.com/debian/pve bookworm InRelease
Hit:2 http://deb.debian.org/debian bookworm InRelease
Hit:3 http://deb.debian.org/debian bookworm-updates InRelease
Hit:4 http://security.debian.org/debian-security bookworm-security InRelease
Ign:1 http://download.proxmox.com/debian/pve bookworm InRelease
Ign:1 http://download.proxmox.com/debian/pve bookworm InRelease
Err:1 http://download.proxmox.com/debian/pve bookworm InRelease
Could not connect to download.proxmox.com:80 (127.0.0.1). - connect (111: Conn ection refused)
Reading package lists... Done
E: Failed to fetch http://download.proxmox.com/debian/pve/dists/bookworm/InRelea se Could not connect to download.proxmox.com:80 (127.0.0.1). - connect (111: Co nnection refused)
E: Some index files failed to download. They have been ignored, or old ones used instead.
root@node01:/etc/apt/sources.list.d# echo $?
100
While a (non-blocked) will result in a status 0
apt-get update -o APT::Update::Error-Mode=any
root@node01:/etc/apt/sources.list.d# nano /etc/hosts
root@node01:/etc/apt/sources.list.d# apt-get update -o APT::Update::Error-Mode=any
Hit:1 http://security.debian.org/debian-security bookworm-security InRelease
Hit:2 http://deb.debian.org/debian bookworm InRelease
Hit:3 http://deb.debian.org/debian bookworm-updates InRelease
Hit:4 http://download.proxmox.com/debian/pve bookworm InRelease
Reading package lists... Done
root@node01:/etc/apt/sources.list.d# echo $?
0
This could quickly be translated into a local plugin.
Ofcourse, a preferred way would be that the currently (provided) plugin was extended to incorporate this.
- Glowsome
I have taken a bit of a look at the mk_apt -code , and i cannot see any detection as to (if the parameter $DO_UPDATE is set to true checks if something was unreachable, or better said if the update went fine.
So a bit of a midnight-burner i fiddled around with the code/function and came up with a way to, but its incomplete.
I will work on this further as soon as i have a/the time for it.
This should in general solve/send the correct message to the CMK server ( again as long as the $DO_UPDATE is set to ‘yes’)
Now do mind, i have not looked at the CMK-serverside of what is expected at all.
Most likely to put all the pieces together - and reflect the correct status of this introduced message needs to also be configured over there.
- Glowsome
Thanks for the answers.
Is this something that could be raised as a feature request to get the plugin updated?
I mean, the plugin is already there for the reason of checking available updates.
But if it does not check that the repository is reachable it can give you the impression that the server is updated when it really is not.
hi @e95fja
the Ideas Portal is your friend: https://ideas.checkmk.com/
Maybe someone even already had a similar idea that you can support by upvoting.
For a very quick and simple localcheck you can use the following script, placing it in :/usr/lib/check_mk_agent/local ( i named it apt-repotest.sh )and making it executable ( chmod +x <scriptname> ):
#!/bin/bash
apt-get update -o 'APT::Update::Error-Mode=any' -qq 2>/dev/null
if [ $? -ne 0 ]; then
echo "2 \"APT Repository Check\" - APT update finished unsuccessful, please investigate"
else
echo "0 \"APT Repository Check\" - APT update finished successful"
fi
This will introduce a new service to a/the system, which depending on success will either reports OK, or CRIT.
I see this as a quick ‘patch’ for the thing you are after, as explained above i prefer an extension of the already provided mk_apt plugin.
- Glowsome
Hi,
Thanks for the suggestion. The script works fine and deploying it via Agent Bakery is smooth.
But it lead me to a follow up question.
This is typically a check that should run once per day. But now it becomes executed by the Check_MK service and that runs very often.
Is there a way to configure a local check to only run once per day?
Hi,
Create a subdirectory in /usr/lib/check_mk_agent/local with the number of seconds you want to delay a/the check, and move the script into that directory.
As example /usr/lib/check_mk_agent/local/3600/ if you want the check to be done only once an hour.
- Glowsome
This works very nice.
But I created a Feature request since it would be nice as you say in the already existing plugin.
Vote on it if you think the same 
1 Like