Allow updates for modules to not be checked during nagios check.

Here's an alternative Drupal 7 patch. We've been working on a more elegant way of achieving this, and this patch adds an 'Ignore from nagios' link to all modules on the modules page (if user has the correct permissions), so you can select the modules you do NOT want to be warned about. We've tested this and it will be committed. It achieves the same thing as these patches.

Committed the Drupal 7 change, needs back-porting to Drupal 6.

Here's my D6 work for this evening. Almost done, ignore checkboxes appear on the modules page and settings get saved to variable as expected, same format as with the D7 version. Just the Nagios bit to do.

Final patch attached. I've been running this on a Drupal 6 site for a few hours, I'll leave it a day or two to watch for any unwanted side-effects, but the patch attached should allow checkboxes on the system modules page, as per the Drupal 7 patch, on Drupal 6 sites so you can exclude modules from the requirements check.

Sorry, better testing exposed a problem with the D6 version. This patch is definitely not complete...

Oops, posted twice. *facepalm*

To expand on the above, in Drupal 7 it seems calling module_invoke() against each module in turn also does the update status checks. In Drupal 6 this is not the case. In fact, I'm no longer convinced it's the case in Drupal 7 and want to test again, but certainly for the Drupal 6 version the update status check will need re-writing in the Nagios module, as the way it functions now won't permit what we're trying to achieve here.

OK, I think we're there. Sorry this took so long, it was actually really fiddly. New patch is against latest 7.x-1.x-dev, we have no plans to make a D6 version, but patches welcome.

This patch:

• Adds an "Ignore this module" link against all modules on the modules page in the Drupal admin UI
• Provides an additional drush command for getting a list of *not* ignored modules (which you can pass to drush, e.g. modules=$(drush nagios-updates) && drush up $modules

As far as we can tell, it works fine, but more eyeballs always welcome.

Re-posting patch, not sure how I got the issue number so wrong!

Also hiding obsolete patches.

On my test install using the patch from #13, the available updates page showed the following:

With nagios set to ignore nothing, and with drush 7.0-dev:

drush 7.0-dev$ drush nagios-check requirements
ADMIN CRITICAL - Module and theme update status, CTools CSS Cache
drush 7.0-dev$ drush nagios-updates
ctools devel views

Ignoring ctools from nagios, using the checkbox on /admin/modules:

drush 7.0-dev$ drush nagios-check requirements
ADMIN CRITICAL - Module and theme update status
drush 7.0-dev$ drush nagios-updates
devel views

Ignoring ctools and views from nagios, using the checkbox on /admin/modules:

drush 7.0-dev$ drush nagios-check requirements
ADMIN CRITICAL - Module and theme update status
drush 7.0-dev$ drush nagios-updates
devel

Repeating the above with drush 6.3 and drush 5.9 gave exactly the same output in each case.

Looks good to me.

Hmm, I posted but it disappeared! Was saying there's another scenario to try, which I tested but another pair of eyes wouldn't hurt - that's having a module with security updates and a module with normal updates, and make sure when you ignore the normal updates module you get ADMIN CRITICAL and when you ignore just the module with security updates you get ADMIN WARNING. Worked for me, but worth a second check!

Good thinking!

On a test install, I had two modules showing available updates:

Devel
Installed version 7.x-1.3
Recommended update to 7.x-1.5

Views
Installed version 7.x-3.6
Security update to 7.x-3.8

With no modules ignored:

drush 7.0-dev$ drush nagios-check requirements
ADMIN CRITICAL - Module and theme update status
drush 7.0-dev$ drush nagios-updates
devel views

With devel ignored, views not ignored:

drush 7.0-dev$ drush nagios-check requirements
ADMIN CRITICAL - Module and theme update status
drush 7.0-dev$ drush nagios-updates
views

With views ignored, devel not ignored:

drush 7.0-dev$ drush nagios-check requirements
ADMIN CRITICAL - Module and theme update status
drush 7.0-dev$ drush nagios-updates
devel

Again, I got exactly the same output using drush 6.3.0 and 5.9.0.

So I still get the CRITICAL warning, even when the only non-ignored update is just a recommended update, not a security update.

Hmm, curious. I *thought* this worked for me. Will have to have another look! Thanks!

Hi Greg - in your last post you said you were going to take another look at this code - just wondering if you had a chance to do so?

Thanks,
Jon

I've just been digging into this a bit more and the permanent CRITICAL I was getting in #17 seems to be down to the Administration menu Toolbar style module that I had enabled on my test install.

I dpm'd the $reqs array inside nagios_check_requirements() immediately before the 'Check the requirements as to the most severe status' comment and with the Administration menu Toolbar style module enabled, $reqs['update_contrib'] contained:

$reqs['update_contrib'] = array(
  'title' => 'Module and theme update status',
  'reason' => NULL,
  'description' => 'See the <a href="/admin/reports/updates/update">available updates</a> page for more information and to install your missing updates.',
  'severity' => 2,
  'value' => '<a href="/admin/reports/updates/update">Up to date</a>',
  'name' => 'admin_menu_toolbar',
);

If I check the available updates at /admin/reports/updates, the only update available is a recommended update for Devel 7.x-1.3 to 7.x-1.5 (2014-May-01).

Ticking the Nagios ignore box for the Administration menu Toolbar style module and re-running nagios_check_requirements(), $reqs['update_contrib'] contained:

$reqs['update_contrib'] = array(
  'title' => 'Module and theme update status',
  'reason' => 4,
  'description' => 'There are updates available for one or more of your modules or themes. To ensure the proper functioning of your site, you should update as soon as possible. See the <a href="/admin/reports/updates/update">available updates</a> page for more information and to install your missing updates.',
  'severity' => 1,
  'value' => '<a href="/admin/reports/updates/update">Out of date</a>',
  'name' => 'devel',
);

Which is what we want to see.

I could also replicate this behaviour with the views_ui module, so it seems to be a sub-module issue.

I eventually tracked it back to how we're using _update_requirement_check(). This is supposed to be passed a project array, as returned by update_calculate_project_data(), that includes a status key. For sub-modules, that status key was missing.

As the status of sub-modules can't be checked (they come under the check for their parent module), I've simply skipped them. It would be nice revisit the modules page ignore checkbox logic now though so that the ignore option is only shown for full modules, not sub-modules, although I can't see a simple way to do this.

Repeating the tests from #17, I started with the available updates page showing:

Ctools
Installed version 7.x-1.2
Security update to 7.x-1.4

Devel
Installed version 7.x-1.3
Recommended update to 7.x-1.5

Views
Installed version 7.x-3.6
Security update to 7.x-3.8

With no modules ignored:

drush 7.0-dev$ drush nagios-check requirements
ADMIN CRITICAL - Module and theme update status
drush 7.0-dev$ drush nagios-updates
ctools devel views

With devel ignored, ctools and views not ignored:

drush 7.0-dev$ drush nagios-check requirements
ADMIN CRITICAL - Module and theme update status
drush 7.0-dev$ drush nagios-updates
ctools views

With ctools and views ignored, devel not ignored:

drush 7.0-dev$ drush nagios-check requirements
ADMIN WARNING - Module and theme update status
drush 7.0-dev$ drush nagios-updates
devel

and with ctools, devel and views all ignored:

drush 7.0-dev$ drush nagios-check requirements
ADMIN OK - No known issues at this time.
drush 7.0-dev$ drush nagios-updates

Testing with drush 5.9.0 and 6.3.0 gave exactly the same results.

Looking at how we could handle only displaying the ignore checkbox by non-sub-modules on the module page, I came across update_get_projects().

This function returns an array of the modules that we're after. If the update_check_disabled variable is set to true, the array contains information on disabled modules too.

If we used this function, we might need to expire the update cache before calling it in order to get the latest data. I can imagine people enabling a new module, then wanting to ignore it from nagios straight away.

I've attached an updated patch that I think handles this ok.

It turns out that we don't need to worry about the update module cache, as it's always rebuilt when loading the /admin/modules page. See update_project_cache() for the actual code.

The patch modifies the form alter so that the ignore checkbox is only shown against enabled modules that aren't sub-modules. This means that it will always be consistent, regardless of how the update_check_disabled variable is set.

As an example, this is what I see now for the admin menu module:

Thanks for your work on this, galooph!

I noticed that the new ignore functionality lets one ignore module updates, but not theme updates. Am I missing an existing way to do that, or is it not yet possible to configure Nagios to ignore themes that need updates?

I can answer for galooph - our focus has been on modules, but I don't see any reason why this couldn't be extended to include themes. I will commit the work to date and create a new issue though, so we don't get held up on this...

Committed this to 7.x-1.x, it'll be in the dev snapshot at some point today. Yay!

@jackalope: feature request logged here, if you want to follow it or submit patches. :-)

#2377241: Expand "ignore" feature to include themes

Just catching up on this issue; thanks @greg.harvey!