17

Is there a canonical way to find out the last time that yum update was run on a system?

Our set up is that we have staging servers that run automatic updates, and provided they don't fall over, we will manually update our production servers about once a month (barring critical updates). (I say manually, ideally I want to manually trigger an update across all of them, but that's another issue).

But you get busy, tasks slip etc. So I want to set up a nagios check that will start bothering us if we've left it too long.

Searching the web hasn't got me very far. Poking around the system, the best thing I've found so far would be something like:

grep Updated /var/log/yum.log | tail -1 | cut -d' ' -f 1-2

which gives me something like Mar 12 which I can then convert into a date. There are a few minor complications about whether the date is this year or last year, and I'd also need to check /var/log/yum.log.1 in case of checking immediately after a logrotate. But that is just scripting details.

This can of course be 'fooled' by an update to a single package rather than a general update.

So is there a more canonical way to see when yum update was run?

Edit: I've now written a Nagios NRPE plugin that uses the idea I put forward in the question. You can grab it from https://github.com/aptivate/check_yum_last_update

Hamish Downer
  • 9,142
  • 6
  • 36
  • 49

5 Answers5

26

The yum history option allows the user to view what has happened in past transactions. To make it more simple you can grep Update from yum history

# yum  history
Loaded plugins: fastestmirror, refresh-packagekit
ID     | Login user               | Date and time    | Action(s)      | Altered
-------------------------------------------------------------------------------
    41 | root <root>              | 2012-04-27 20:17 | Install        |   19   
    40 | root <root>              | 2011-11-20 10:09 | Install        |   10   
    39 | root <root>              | 2011-11-20 08:14 | Install        |    1 E<
    38 | root <root>              | 2011-11-19 15:46 | Update         |    1 
Hamish Downer
  • 9,142
  • 6
  • 36
  • 49
Chakri
  • 1,070
  • 6
  • 8
  • 1
    What version of yum are you using - I don't appear to have the `history` command available. (We're mostly still using CentOS 5). Actually, just tried and CentOS 6 does have it. But it is not universal enough for our purposes - but looks useful for others. – Hamish Downer May 16 '12 at 14:04
  • 1
    Yes this is on centos 6.x with yum version 3.2.29. Thank you – Chakri May 16 '12 at 14:14
  • 1
    Note that if there was a combination of Install and Update, the Action column says `I, U` making the grep slightly more complicated. This can happen if an updated package depends on a new package, causing the new package to be installed. – Hamish Downer May 17 '12 at 09:29
  • 1
    Since sometimes updates happen while installing something else, if you want to see those too, might pass the output through grep like this: yum history | grep ' U' which will catch all runs involving an update. – JJC Jun 15 '16 at 15:23
2

I think the only way you can be absolutely sure is by running psacct.

This will allow you to run lastcomm yum. If you parse this, you will know who ran it and when.

Bart De Vos
  • 17,761
  • 6
  • 62
  • 81
1

I am guessing you are pointing a set of 'Dev' servers to a Dev yum repo?

You could do the auto upgrade in a cron/puppet/chef script, which upon success, writes to a file. (say /etc/yum_last)

Then you could use yum check-update periodically in cron/other on the Dev servers to see if any updates are available. If this command says > 0 number of updates are available, you compare the current date with the timestamp of file you create when you last did a auto yum upgrade.

If this date difference grows in days, you can have Nagios alert.

You can also look at Pulp if it fits your needs.

Not Now
  • 3,532
  • 17
  • 18
1

The following command lists recently installed or updated RPM packages:

rpm -qa --last  | head

It may includes packages installed outside YUM too. This command can also run without root privilege.

Seff
  • 246
  • 2
  • 4
0

You can query this info directly from the Yum History SQLite DB with root privileges using this statement:

SELECT datetime( max(dt_end), 'unixepoch', 'localtime') FROM trans WHERE cmdline LIKE '%update%'

The SQLite file to query has 2 likely locations:

  • /var/lib/dnf/history.sqlite
  • /var/lib/yum/history.sqlite

Example: https://bigfix.me/relevance/details/3022966

Related: https://unix.stackexchange.com/questions/224627/find-last-time-yum-update-was-run

jgstew
  • 86
  • 9