grahame at angrygoats.net
Sun Mar 19 01:55:54 WST 2006
I've just set up some software I developed in spare time for ITS use. It's a
pretty simple system I've named "Phonehome". On the server side (mooneye) a
page to show the results, and a page to accept updates via SOAP.
Plugins are trivial. They should be written (and tested) on the server, see
/usr/local/phonehome/client/plugins on mooneye. When you're happy a plugin
should be pushed out, cd /usr/local/phonehome && ./updateall.zsh - you'll
need to forward an SSH agent through or whatever though.
The client is run out of cron.daily overnight. Current plugins;
- run apt-get update && apt-get dist-upgrade -d -u, which downloads any
new packages but doesn't install them. Then uses apt-listchanges to
determine the necessity of the upgrades.
- bunches of informational plugins
- there's a plugin to check afbackup and make sure dumps are happening;
someone should write something to check up on amanda.
... Etc, etc.
I've found this really helpful at ITS, as I just check it routinely to see
if there are any important updates my machines are missing. Same goes for
UCC; it'll be useful as long as it gets looked at.
Anyway, if there are any questions just mail me. If a host shows up as
"possibly down" it means the last time it gave any results was > 48 hours
ago. Oh, and someone more confident they won't break stuff should go through
and do the security updates it has found.
Access to the site is currently limited by IP, you pretty much need to be on
22.214.171.124/24 to get in. Someone could set up user auth if they felt like
it, just make sure not to break access to the service.py script :-)
There is a password in /usr/local/phonehome/etc/client.pass which should be
different on most machines (with exception of pitch/velvet.) That gets
cross-referenced against /usr/local/phonehome/etc/passphrases on mooneye.
Anyway, hopefully it'll be useful.
More information about the tech