Add include all and help options and improve validation

miraheze · Feb 23, 2025 · 2959a1d · 2959a1d
1 parent c14a7fc
commit 2959a1d
Showing 1 changed file with 56 additions and 2 deletions.
diff --git a/modules/salt/files/bin/upgrade-packages.sh b/modules/salt/files/bin/upgrade-packages.sh
@@ -5,10 +5,24 @@ skip_confirm=false
 dry_run=false
 server_pattern='.*'  # Default: Match all servers
 include_kernel=false # Default: Exclude kernel updates
+include_all=false    # Default: Only security updates
 
 # Trap SIGINT (CTRL+C) to exit the entire script
 trap "echo -e '\nScript terminated by user'; exit 1" SIGINT
 
+# Display help message
+function show_help() {
+  echo "Usage: $0 [OPTIONS]"
+  echo "Options:"
+  echo "  --yes, -y           Skip confirmation prompts"
+  echo "  --dry-run, -d       Show what would be done without making changes"
+  echo "  --servers, -s       Specify target servers using a pattern"
+  echo "  --include-kernel, -k Include kernel updates (requires system reboot to take effect)"
+  echo "  --include-all, -a   Include all package updates (requires maintenance window)"
+  echo "  --help, -h          Show this help message"
+  exit 0
+}
+
 # Parse command-line arguments
 while [[ $# -gt 0 ]]; do
   case "$1" in
@@ -25,6 +39,12 @@ while [[ $# -gt 0 ]]; do
     --include-kernel|-k)
       include_kernel=true
       ;;
+    --include-all|-a)
+      include_all=true
+      ;;
+    --help|-h)
+      show_help
+      ;;
     *)
       echo "Unknown option: $1"
       exit 1
@@ -33,6 +53,23 @@ while [[ $# -gt 0 ]]; do
   shift
 done
 
+# Confirm before proceeding if including kernel or all updates
+if $include_all; then
+  echo "WARNING: You have chosen to include all package updates. This type of update can never be done without a maintenance window. Proceeding may cause unexpected system behavior."
+  read -p "Are you sure you want to proceed? (yes/no): " user_confirm
+  if [[ "$user_confirm" != "yes" ]]; then
+    echo "Operation cancelled."
+    exit 1
+  fi
+elif $include_kernel; then
+  echo "WARNING: You have chosen to include kernel updates. This will require a system reboot to take effect."
+  read -p "Are you sure you want to proceed? (yes/no): " user_confirm
+  if [[ "$user_confirm" != "yes" ]]; then
+    echo "Operation cancelled."
+    exit 1
+  fi
+fi
+
 # Get a list of target servers based on the provided pattern
 servers=$(sudo salt-ssh -E "$server_pattern" test.ping --out=json | jq -r 'keys[]')
 
@@ -41,8 +78,10 @@ for server in $servers; do
   hostname=$(echo $server | awk -F '.' '{print $1}')
   echo "Checking packages for upgrade on $hostname..."
 
-  # Get the list of security upgrades (excluding kernal upgrades unless the flag is specified)
-  if $include_kernel; then
+  # Get the list of upgrades
+  if $include_all; then
+    packages=$(sudo salt-ssh "$server" cmd.run 'apt-get -s dist-upgrade | grep "^Inst" | awk -F " " {"print $2"}' | awk '{printf "%s ", $2}')
+  elif $include_kernel; then
     packages=$(sudo salt-ssh "$server" cmd.run 'apt-get -s dist-upgrade | grep "^Inst" | grep -i securi | awk -F " " {"print $2"}' | awk '{printf "%s ", $2}')
   else
     packages=$(sudo salt-ssh "$server" cmd.run 'apt-get -s dist-upgrade | grep "^Inst" | grep -i securi | grep -v "linux-image" | awk -F " " {"print $2"}' | awk '{printf "%s ", $2}')
@@ -66,6 +105,21 @@ for server in $servers; do
       continue
     fi
 
+    # Check if a reboot will be required before upgrading (if there are kernal upgrades)
+    reboot_required=$(echo "$packages" | grep -q "linux-image" && echo "yes" || echo "no")
+
+    # Warn about reboot if necessary
+    if [[ "$reboot_required" == "yes" ]]; then
+      echo "WARNING: Upgrading kernel on $hostname will require a system reboot. However, this script will not automatically perform a reboot. Please plan accordingly."
+      if ! $skip_confirm; then
+        read -p "Are you sure you want to proceed with these upgrades? (yes/no): " reboot_confirm
+        if [[ "$reboot_confirm" != "yes" ]]; then
+          echo "Skipping upgrade on $hostname..."
+          continue
+        fi
+      fi
+    fi
+
     # Prompt for confirmation unless --yes or -y is provided
     if ! $skip_confirm; then
       read -p "Upgrading packages $packages_list on $hostname; press enter to confirm or type 'skip' to skip this server... " user_input