Redhat RHN 網絡及Satellite服務器主要是部署在企業內部,爲企業內部的Redhat Linux提供安全補丁,bug fix,以及YUM源等功能,您所有的Redhat Linux服務器需要通過手工或者腳本來註冊進入RHN。通過Redhat RHN Satellite,可以非常直觀的瞭解到當前環境中部署的Linux server的安全狀態,在Redhat發佈新的安全升級或補丁後,您本地的satellite server會第一時間收到更新。您可以通過登錄satellite server的web頁面來直觀的,全自動化的進行補丁升級。
在實際的使用中,我們發現每天登錄satellite服務器來檢查補丁是一件重複勞動,希望能夠每天定期收到來自satellite服務器的報告,主要報告內容爲:當前有多少服務器註冊進入了RHN, 多少服務器沒有及時報告狀態,當前需要的critical security patch的數量及條目。
通過查詢文檔,satellite服務器的CLI提供了rhn-entitlement-report,rhn-satellite-exporter 等命令可以部分實現上述功能,但我們需要更爲詳細的報告。考慮到satellite 服務器內置了Oracle數據庫,所有的記錄都是登記在Oracle數據庫中,於是我嘗試通過查詢oracle數據庫來導出需要的報告。
oracle數據庫默認的instance,user,password可以在/etc/rhn/rhn.conf 問查看,默認爲rhnsat,rhnsat,rhnsat,默認端口1521. 腳本如下:
#!/usr/bin/perl -w
# Ken Zhang, 2013-08-07
# This script is used for satellite daily reporting.
use strict;
use DBI;
my $oraclehost = "satellite_server_name";
my $oracleins = "rhnsat";
my $oracleuser = "rhnsat";
my $oraclepasswd = "rhnsat";
my $oracleport = "1521";
my $sql_last_checkin_list = qq {select server_name from rhnserveroverview WHERE last_checkin_days_ago > '1' order by server_id};
#my $sql_last_checkin_list = qq {select server_name from rhnserveroverview order by server_name};
my $sql_total_servers = qq {select count(*) as TOTAL_CLIENTS from rhnserveroverview};
my $sql_critical_list = qq {select * from (SELECT E.advisory_name, E.advisory_type, E.update_date, E.synopsis as advisory_synopsis,(SELECT COUNT(DISTINCT S.id) FROM rhnServerNeededErrataCache SNEC, rhnServer S, rhnUserServerPerms USP WHERE USP.user_id =1 AND USP.server_id = S.ID AND S.id = SNEC.server_id AND EXISTS (SELECT 1 FROM rhnServerFeaturesView SFV WHERE SFV.server_id = SNEC.server_id AND SFV.label = 'ftr_errata_updates') AND SNEC.errata_id = E.id) AS AFFECTED_SYSTEM_COUNT FROM rhnErrata E where E.synopsis LIKE 'Critical%') where AFFECTED_SYSTEM_COUNT>=1 order by update_date desc};
my $oracle_dbh = DBI->connect("dbi:Oracle:host=$oraclehost;sid=$oracleins",$oracleuser,$oraclepasswd,{RaiseError=>1, AutoCommit=>0}) or die "Cannot connect to database!$!\n";
my $sth1 = $oracle_dbh->prepare($sql_last_checkin_list);
$sth1->execute();
open OUTPUT, '>', 'temp.out';
print OUTPUT "These servers are not reporting in last one day.\n\n";
while (my @output = $sth1->fetchrow_array()){
print OUTPUT "@output\n";
}
my $sth2 = $oracle_dbh->prepare($sql_total_servers);
$sth2->execute();
my $totalservers = $sth2->fetchrow_array();
print OUTPUT "\n================================================\n";
print OUTPUT "There are $totalservers servers registered with satellite.\n\n";
print OUTPUT "\n================================================\n";
print OUTPUT "Advisory_Name | Advisory_Type | Update_Date | Synopsis | System_Counts\n" ;
my $sth3 = $oracle_dbh->prepare($sql_critical_list);
$sth3->execute();
my $critical_cnt = 0;
my @criticallist;
while (@criticallist = $sth3->fetchrow_array()){
print OUTPUT "@criticallist.\n";
$critical_cnt++;
if ($criticallist[0] !~ /^RHSA.*/ ) {$critical_cnt--;}
}
print OUTPUT "\nThere is\/are total $critical_cnt critical patch(es) needed today.",`date +%F`;
$sth1->finish;
$sth2->finish;
$sth3->finish;
close OUTPUT;
$oracle_dbh->disconnect();
# Print out the file content.
open INPUT,'<','temp.out';
while(<INPUT>){
print;
}
close INPUT;
腳本運行結果如下:
These servers are not reporting in last one day.
================================================
There are 532 servers registered with satellite.
================================================
Advisory_Name | Advisory_Type | Update_Date | Synopsis | System_Counts
There is/are total 0 critical patch(es) needed today.2014-01-15
然後我們可以將temp.out的內容通過email和crontab,每天定時發送到郵箱,上班的第一時間就可以查看到當前的補丁及系統狀態了