Due to other questions in the forum, if its possible to monitor for OPNsense updates with monit, I thought I will share this as well as a HOWTO.
Makes it easier to find a solution when someone is searching for it.
1. create a script for instance in /usr/local/bin/check_opnsense_update.sh
#!/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
# Aktuelle installierte Version abrufen und nur die Versionsnummer extrahieren
CURRENT_VERSION=$(opnsense-version | awk '{print $2}')
# Verfügbare Version aus dem Repository abrufen
AVAILABLE_VERSION=$(pkg rquery '%v' opnsense)
if [ "$CURRENT_VERSION" = "$AVAILABLE_VERSION" ]; then
# Keine neue Version verfügbar
# echo "NO_UPDATE: Current version: $CURRENT_VERSION"
exit 0
else
# Update verfügbar
# echo "UPDATE_AVAILABLE: Current version: OPNsense $CURRENT_VERSION, Available version: OPNsense $AVAILABLE_VERSION"
Monit Configuration:
Service Test Settings:
Name: check_opnsense_update
Condition: status != 0
Action: Alert
Service Settings:
Name: OPNsense_Update_Check
Type: custom
Path: /usr/local/bin/check_opnsense_update.sh
Tests: check_opnsense_update
Poll Time: 0 0 * * *
Note: for daily checks at 0:00
Alert Settings:
Recipient: e@mail.com
Events: status failed
Mail Format:
from: [FW@lalelu.com]
reply-to: [e@mail.com]
subject: Monit Alert -- $EVENT
message: $EVENT Service $SERVICE
Date: $DATE
Action: $ACTION
Host: $HOST
Description: $DESCRIPTION
Cheers,
Monit
Reminder: 3600
Due to the update yesterday to 24.7.10_1 I could verify it works as expected. A mail will be sent out.
Hope that helps.
Cheers,
fb
Hi,
thanks for sharing!
I wanted to reply to the other topic discussing this but it's a bit intense this quarter.
Anyway, there are some other scripts to consider for a lightweight approach and I've added a commit to help with that:
https://github.com/opnsense/core/commit/dbeed6fb7
# configctl firmware changelog current
24.1
# configctl firmware changelog latest
24.1.10
So you only need to compare the two. :)
Cheers,
Franco
That would be cool. Hope it make it in the next release :) I'll adapt the script then
Yes, this will land in 24.7.11 for sure.
Note this "lightweight" approach uses the changelogs publication mechanism so it's not exact to the hour but I'd rather like this to have a time offset anyway (and it's the same metric we use in the dashboard to display that updates are available).
Cheers,
Franco
@franco
I've tried the new approach. Unfortunatelly your commit does not give the full output.
e.g
root@fw:~ # configctl firmware changelog current
25.1.5
root@fw:~ # configctl firmware changelog latest
25.1.5
I would expect as output: 25.1.5_4
At least to have monit working properly to notify about a new version.
I did not read through the complete commit, but it would be nice if the complete version can be shown.
Hi Fastboot,
we are currently using your script with the Business Edition of OPNsense.
To make it work with our setup, we've modified the following line:
AVAILABLE_VERSION=$(pkg rquery '%v' opnsense-business)
Is it also possible to detect major updates using your script?
For example, we currently have a system running OPNsense 24.10.2_8, and it is awaiting an update to 25.4 however, this doesn't seem to be picked up.
Greetings from Germany,
Nils