diff options
| author | Justin Stephenson <jstephen@redhat.com> | 2016-10-18 17:17:12 -0400 |
|---|---|---|
| committer | Bryn M. Reeves <bmr@redhat.com> | 2017-01-17 17:39:17 +0000 |
| commit | 1beaeead652d3122075f6ebfde891a70a44c62e4 (patch) | |
| tree | 1e03d1a5859ded24fbb264651283efa4e0291ff5 | |
| parent | 8e63b8e5b1bb907685e2debd169e3e87c360f76b (diff) | |
| download | sos-1beaeead652d3122075f6ebfde891a70a44c62e4.tar.gz | |
[ipa] Handle PKI Directory change and Fedora compatibility fixes
PKI-core services in IPA v4 changed the default log file directory
for Dogtag related logs, sosreport should check if IPA CA is installed
and retrieve useful PKI logs(location is based on IPA version check)
Added functions to check if CA is installed and IPA server(RHEL or fedora)
is installed.
Update packages list to ensure plugin will run on Fedora.
Resolves: #883.
Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
| -rw-r--r-- | sos/plugins/ipa.py | 62 |
1 files changed, 54 insertions, 8 deletions
diff --git a/sos/plugins/ipa.py b/sos/plugins/ipa.py index 73b2f8af..8d6d0bd2 100644 --- a/sos/plugins/ipa.py +++ b/sos/plugins/ipa.py @@ -16,6 +16,7 @@ from sos.plugins import Plugin, RedHatPlugin from glob import glob +from os.path import exists class Ipa(Plugin, RedHatPlugin): @@ -29,7 +30,45 @@ class Ipa(Plugin, RedHatPlugin): ipa_client = False files = ('/etc/ipa',) - packages = ('ipa-server', 'ipa-client') + packages = ('ipa-server', 'ipa-client', 'freeipa-server', 'freeipa-client') + + def check_ipa_server_version(self): + if self.is_installed("pki-server") \ + or exists("/var/lib/pki") \ + or exists("/usr/share/doc/ipa-server-4.2.0"): + return "v4" + elif self.is_installed("pki-common") \ + or exists("/var/lib/pki-ca/"): + return "v3" + + def ca_installed(self): + # Follow the same checks as IPA CA installer code + if exists("%s/conf/ca/CS.cfg" % self.pki_tomcat_dir_v4) \ + or exists("%s/conf/CS.cfg" % self.pki_tomcat_dir_v3): + return True + + def ipa_server_installed(self): + if self.is_installed("ipa-server") \ + or self.is_installed("freeipa-server"): + return True + + def retrieve_pki_logs(self, ipa_version): + if ipa_version == "v4": + self.add_copy_spec([ + "/var/log/pki/pki-tomcat/ca/debug", + "/var/log/pki/pki-tomcat/ca/system", + "/var/log/pki/pki-tomcat/ca/transactions", + "/var/log/pki/pki-tomcat/catalina.*", + "/var/log/pki/pki-ca-spawn.*" + ]) + elif ipa_version == "v3": + self.add_copy_spec([ + "/var/log/pki-ca/debug", + "/var/log/pki-ca/system", + "/var/log/pki-ca/transactions", + "/var/log/pki-ca/catalina.*", + "/var/log/pki/pki-ca-spawn.*" + ]) def check_enabled(self): self.ipa_server = self.is_installed("ipa-server") @@ -37,21 +76,28 @@ class Ipa(Plugin, RedHatPlugin): return Plugin.check_enabled(self) def setup(self): - if self.ipa_server: + self.pki_tomcat_dir_v4 = "/var/lib/pki/pki-tomcat" + self.pki_tomcat_dir_v3 = "/var/lib/pki-ca" + + if self.ipa_server_installed(): + self._log_debug("IPA server install detected") + + ipa_version = self.check_ipa_server_version() + self._log_debug("IPA version is [%s]" % ipa_version) + self.add_copy_spec([ "/var/log/ipaserver-install.log", "/var/log/ipareplica-install.log" ]) - if self.ipa_client: - self.add_copy_spec("/var/log/ipaclient-install.log") + + if self.ca_installed(): + self._log_debug("CA is installed: retrieving PKI logs") + self.retrieve_pki_logs(ipa_version) self.add_copy_spec([ + "/var/log/ipaclient-install.log", "/var/log/ipaupgrade.log", "/var/log/krb5kdc.log", - "/var/log/pki-ca/debug", - "/var/log/pki-ca/catalina.out", - "/var/log/pki-ca/system", - "/var/log/pki-ca/transactions", "/var/log/dirsrv/slapd-*/logs/access", "/var/log/dirsrv/slapd-*/logs/errors", "/etc/dirsrv/slapd-*/dse.ldif", |