At work, I needed to come up with a script that allows non-admin users to install security updates on CentOS servers.
The only real dependency is yum-utils (because it uses the binary needs-restart to check the status of things) but you should also create a folder to store the script and of course a sudo command for the users to run.
Please also note the creative accumulation of several copied scripts to create the multiple choice menus…. I patched together some code samples found on the usual websites where coding is discussed.
HTH someone out there…
#!/bin/bash
######################################
## only root can run this (or sudo) ##
######################################
# Make sure only root can run our script
if [[ $EUID -ne 0 ]]; then
echo “This script must be run using sudo (“sudo /opt/yumcleanup/restartsetupscript”) or as root. Exiting…” 1>&2
exit 1
fi
###############
## functions ##
###############
display_help () {
echo “The script can be run without interaction using the following”
echo “command line option: –non-interactive”
echo “This will silently install security updates only and restart”
echo “affected services.”
echo ” ”
echo “Calling the script with –help will also display this help text”
echo “as does calling the script with an unknown option.”
exit
}
set_exports () {
export http_proxy=”http://my.proxy.server.local:11111″
export https_proxy=”http://my.proxy.server.local:11111″
export proxy=”http://my.proxy.server.local:11111″
}
unset_exports () {
unset http_proxy
unset https_proxy
unset proxy
}
outputs_preparation () {
`rm -f $outputs`
touch $outputs
chmod 600 $outputs
}
outputr_preparation () {
`rm -f $outputr`
touch $outputr
chmod 600 $outputr
}
outputs_filling () {
`$mybin -s >> $outputs`
}
outputr_filling () {
`$mybin -r >> $outputr`
}
services_restart () {
while read line
do
# Restarting $line
`/bin/systemctl stop $line`
`/bin/systemctl start $line`
done < $outputs
}
#################
## getopt test ##
#################
getopt –test > /dev/null
if [[ $? -ne 4 ]]; then
echo “I’m sorry, `getopt –test` failed in this environment.”
exit 1
fi
#######################
## setting variables ##
#######################
outputs=/tmp/myoutputs
outputr=/tmp/myoutputr
mybin=/bin/needs-restarting
getopt –test > /dev/null
if [[ $? -ne 4 ]]; then
echo “I’m sorry, `getopt –test` failed in this environment.”
exit 1
fi
LONGOPTIONS=non-interactive,help
PARSED=$(getopt –options=$OPTIONS –longoptions=$LONGOPTIONS –name “$0” — “$@”)
if [[ $? -ne 0 ]]; then
# e.g. $? == 1
# then getopt has complained about wrong arguments to stdout
echo “something wrong, showing help instead in one second”
display_help
exit 2
fi
# echo “$PARSED”
# read getopt’s output this way to handle the quoting right:
eval set — “$PARSED”
# now enjoy the options in order and nicely split until we see —
while true; do
case “$1” in
–non-interactive)
n=y
# echo “doing silent stuff now… TODO: disable this line”
# should do these steps: (probably better to put this in its own function)
set_exports
`yum -y -d0 –security update`
outputs_preparation
outputs_filling
services_restart
unset_exports
exit
shift
;;
–help)
h=y
# echo “displaying help in two seconds”
display_help
shift
;;
–)
#echo “instead of — showing help in three seconds”
#display_help
shift
break
;;
*)
echo “Programming error”
echo “displaying help instead in four seconds”
display_help
exit 3
;;
esac
done
set_exports
#export http_proxy=”http://my.proxy.server.local:11111″
#export https_proxy=”http://my.proxy.server.local:11111″
#export proxy=”http://my.proxy.server.local:11111″
# cleanup before we do anything
#`rm -f $outputs`
#`rm -f $outputr`
# install updates, ask user which type of updating he wants to do
echo “”
echo “Please select the type of updates you want to install: ”
echo “”
PS3=’Enter your choice: ‘
options=(“All updates (will most certainly require a reboot)” “Security updates only (reboot probably not required)” “All updates except kernel and kernel-related packages (reboot might be required)” “Quit (you will need to run the script again later)”)
select opt in “${options[@]}”
do
case $opt in
#”Option 1″)
“All updates (will most certainly require a reboot)”)
echo “Installing all updates… please wait”
`yum -y -d0 update` &
PIDD=`ps -ef|grep yum | grep -v yumclean |grep -v grep | awk ‘{print $2}’`
while sleep 8; do echo “still installing…” && kill -0 $PIDD 2>/dev/null || break; done
break
;;
#”Option 2″)
“Security updates only (reboot probably not required)”)
echo “Installing only security updates…. please wait”
`yum -y -d0 –security update` &
PIDD=`ps -ef|grep yum | grep -v yumclean |grep -v grep | awk ‘{print $2}’`
while sleep 8; do echo “still installing…” && kill -0 $PIDD 2>/dev/null || break; done
break
;;
#”Option 3″)
“All updates except kernel and kernel-related packages (reboot might be required)”)
echo “Installing all updates except kernel and kernel-related packages… please wait”
`yum –exclude=kernel* -y -d0 update` &
PIDD=`ps -ef|grep yum | grep -v yumclean |grep -v grep | awk ‘{print $2}’`
while sleep 8; do echo “still installing…” && kill -0 $PIDD 2>/dev/null || break; done
break
;;
#”Quit”)
“Quit (you will need to run the script again later)”)
echo “Quitting… bye!”
exit
;;
*) echo “invalid option $REPLY”;;
esac
done
unset_exports
#unset http_proxy
#unset https_proxy
#unset proxy
##############################
## section services restart ##
##############################
outputs_preparation
outputs_filling
# `$mybin -s >> $outputs`
# chmod 600 $outputs
if [ `wc -l $outputs | awk ‘{ print $1 }’` -ge 1 ]; then
echo “”
echo “The following services should be restarted:”
echo “******************************”
cat $outputs
echo “******************************”
while true
do
read -p “Do you want to restart the above services? (y/N)” answer
case $answer in
[yY]* ) #
echo “restarting services….”
while read line
do
echo Restarting $line
`/bin/systemctl stop $line`
`/bin/systemctl start $line`
done < $outputs
break;;
[nN]* )echo “exiting…” && break ;;
* ) echo “Please enter Y or N”;;
esac
done
else
echo “******************************”
echo “No services need to be restarted.”
echo “******************************”
fi
# section reboot
outputr_preparation
outputr_filling
# `$mybin -r >> $outputr`
# chmod 600 $outputr
echo “”
echo “Please check the following output and decide whether a reboot is required:”
echo “***************”
cat $outputr
echo “***************”
while true
do
echo “If you need to disable some kind of monitoring before rebooting the server,”
echo “please cancel this script (Ctrl+c) and disable the monitoring now,”
echo “then re-run this script again.”
read -p “Do you want to reboot the server in 60 seconds? (y/N)” answer
case $answer in
[yY]* ) #
echo “Scheduling reboot….”
shutdown -r -t 1
break;;
[nN]* )echo “exiting…” && exit;;
* ) echo “Please enter Y or N”;;
esac
done