-
Notifications
You must be signed in to change notification settings - Fork 20
Fix check_yum for excluded packages in RHEL 7 #26
base: master
Are you sure you want to change the base?
Conversation
In our case, there were lots of lines like `--> libuuid-2.23.2-22.el7_1.i686 from rhel-7-server-rpms excluded (updateinfo)` in the output of `yum --security check-update` which triggered the test for `len(output) > number_total_updates + 25`. This simply sets a flag when at least one entry like this is found and then skips that test. I am aware that this may falsely match when a package or repo are named including something like excluded.
This fixed my issue, thanks you @moschlar |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Fixes for me too, why not include it in default branch?
for line in output: | ||
if "excluded" in line: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know you mentioned about this falsely matching, but adding a space on either side should improve this. I have a couple other ideas that I'll mention elsewhere.
I have a related one with lines like this:
I wonder if something like the attached might not be better, for several reasons Not sure if the behavior should be configurable or not (so that people can choose whether they want packages marked as "excluded" or "removed" counted? Or even changed so that it counts excluded packages explicitly so that people can be warned even if there are security updates for packages that are somehow pinned or otherwise excluded? On an unrelated note, the standard for Python is 4 space soft-tabs /ducks |
This fixed my issue on AWS Linux 2, thanks you @moschlar |
Have you guys tried the original version of this code which is still maintained and has received a lot more updates at https://github.com/HariSekhon/Nagios-Plugins I tend to avoid things that will just skip the test and instead use the outputs from other people's servers to update matching logic. |
In our case, there were lots of lines like
--> libuuid-2.23.2-22.el7_1.i686 from rhel-7-server-rpms excluded (updateinfo)
in the output ofyum --security check-update
whichtriggered the test for
len(output) > number_total_updates + 25
.This simply sets a flag when at least one entry like this is found and
then skips that test.
I am aware that this may falsely match when a package or repo are named
including something like excluded.