Monitoring Package Installs on Ubuntu

I was surprised how easy this was; tracking every deb package update on Ubuntu.   Knowing what changed and when is a great tool to aid problem identification, and is invaluable if your software delivery is via deb packages.

Visibility

For tracking, I installed visibility on another host. Visibility is designed for continuous delivery pipelines, but can track just about anything with a few simple HTTP requests. It has a simple web interface to track installs.

Configuring the hosts – adding a Pre-Install-Pkgs Hook

First add an apt hook to run a script every time a package (or packages) are installed.

/etc/apt/apt.conf.d/00visibility

Dpkg::Pre-Install-Pkgs {/usr/local/bin/apt-visibility}

Now write that script to read the package filenames which are passed on STDIN by the hook. Here we split the filenames to get out the package and version and pass the information to Visibility using a curl request.

/usr/local/bin/apt-visibility (ensure it has execute permissions)

#!/bin/bash
#
# Takes STDIN from Pre-Install-Pkgs hook
# and monitors package installs
#
# each line of STDIN is a package of format 
# <full path>/<application>_<version>_<architecture>.deb
# e.g. /var/cache/apt/archives/cowsay_3.03+dfsg1-6_all.deb

# Variables (could be read from something in /etc instead)
MONITOR_HOST=visibility.lxc
ENVIRONMENT=dev

while read package
do

  DEB=$(basename $package)
  APPLICATION=$(echo $DEB | cut -d _ -f 1)
  VERSION=$(echo $DEB | cut -d _ -f 2)

  # Output to syslog
  logger Installing $APPLICATION version $VERSION

  # Update Visibility
  curl                                   \
    -d "Deploy.start=now"                \
    -d "Deploy.end=now"                  \
    -d "Deploy.success=1"                \
    -d "Deploy.version=${VERSION}"       \
    -d "Product.name=${APPLICATION}"     \
    -d "Environment.name=${ENVIRONMENT}" \
    -d "Host.name=$(hostname --fqdn)"    \
   "http://${MONITOR_HOST}/dash/new_deploy"

done

Results

Here’s the result on the visibility dashboard, after installing a few packages.  Visibility can show the latest install of each package (so the current status of a system) and track changes. Now it’s easy to track software changes, no matter how large or complicated your estate is.  If you’re going to use this for production, you might want to run a little error checking and harden it in the usual ways.

Thanks to…

This approach was suggested by Justin Rowles, whose blog has nothing to to with IT, but you might find it interesting anyway!

Bookmark the permalink.

Comments are closed