Update IPA module and related plug-ins

4 files changed, 91 insertions, 7 deletions

diff --git a/sos/plugins/apache.py b/sos/plugins/apache.py
index 10159201..077c5fb7 100644
--- a/sos/plugins/apache.py
+++ b/sos/plugins/apache.py
@@ -28,9 +28,13 @@ class RedHatApache(apache, RedHatPlugin):
 
     def setup(self):
         super(RedHatApache, self).setup()
+
         self.addCopySpecs([
             "/etc/httpd/conf/httpd.conf",
             "/etc/httpd/conf.d/*.conf"])
+
+        self.addForbiddenPath("/etc/httpd/conf/password.conf")
+
         if self.getOption("log"):
             self.addCopySpec("/var/log/httpd/*")
 
diff --git a/sos/plugins/gluster-1.py b/sos/plugins/gluster-1.py
new file mode 100644
index 00000000..ef55b7df
--- /dev/null
+++ b/sos/plugins/gluster-1.py
@@ -0,0 +1,26 @@
+### This program is free software; you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation; either version 2 of the License, or
+## (at your option) any later version.
+
+## This program is distributed in the hope that it will be useful,
+## but WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+## GNU General Public License for more details.
+
+## You should have received a copy of the GNU General Public License
+## along with this program; if not, write to the Free Software
+## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+import os.path
+from sos.plugins import Plugin, RedHatPlugin
+
+class gluster(Plugin, RedHatPlugin):
+    '''gluster related information'''
+
+    files = ('/etc/glusterd',)
+
+    def setup(self):
+        self.addForbiddenPath("/etc/glusterd/geo-replication/secret.pem")
+        self.addCopySpec("/etc/glusterd")
+        self.addCopySpec("/var/log/glusterfs")
diff --git a/sos/plugins/ipa.py b/sos/plugins/ipa.py
index 9678c10d..c095ed05 100644
--- a/sos/plugins/ipa.py
+++ b/sos/plugins/ipa.py
@@ -20,14 +20,58 @@ from os.path import exists
 class ipa(Plugin, RedHatPlugin):
     """IPA diagnostic information
     """
-    # ntp and dirserver stuff are covered in existing sos plugins, so we really only
-    # need to get kerberos and ipa specific addons.
+
+    ipa_server = False
+    ipa_client = False
 
     files = ('/etc/ipa',)
-    packages = ('ipa-server',)
+    packages = ('ipa-server', 'ipa-client')
+
+    def checkenabled(self):
+        self.ipa_server = self.isInstalled("ipa-server")
+        self.ipa_client = self.isInstalled("ipa-client")
+        return Plugin.checkenabled(self)
 
     def setup(self):
-        self.addCopySpec("/etc/dirsrv/ds.keytab")
-        self.addCopySpec("/etc/ipa/ipa.conf")
-        self.addCopySpec("/etc/krb5.conf")
-        self.addCopySpec("/etc/krb5.keytab")
+        if self.ipa_server:
+            self.addCopySpec("/var/log/ipaserver-install.log")
+            self.addCopySpec("/var/log/ipareplica-install.log")
+        if self.ipa_client:
+            self.addCopySpec("/var/log/ipaclient-install.log")
+
+        self.addCopySpecs(["/var/log/ipaupgrade.log",
+                        "/var/log/krb5kdc.log",
+                        "/var/log/pki-ca/debug",
+                        "/var/log/pki-ca/catalina.out",
+                        "/var/log/pki-ca/system",
+                        "/var/log/pki-ca/transactions",
+                        "/var/log/dirsrv/slapd-*/logs/access",
+                        "/var/log/dirsrv/slapd-*/logs/errors",
+                        "/etc/dirsrv/slapd-*/dse.ldif",
+                        "/etc/dirsrv/slapd-*/schema/99user.ldif",
+                        "/etc/hosts",
+                        "/etc/named.*"])
+ 
+        self.addForbiddenPath("/etc/pki/nssdb/key*")
+        self.addForbiddenPath("/etc/pki-ca/flatfile.txt")
+        self.addForbiddenPath("/etc/pki-ca/password.conf")
+        self.addForbiddenPath("/var/lib/pki-ca/alias/key*")
+
+        self.addForbiddenPath("/etc/dirsrv/slapd-*/key*")
+        self.addForbiddenPath("/etc/dirsrv/slapd-*/pin.txt")
+        self.addForbiddenPath("/etc/dirsrv/slapd-*/pwdfile.txt")
+
+        self.addForbiddenPath("/etc/named.keytab")
+
+        self.collectExtOutput("ls -la /etc/dirsrv/slapd-*/schema/")
+
+        self.collectExtOutput("ipa-getcert list")
+
+        self.collectExtOutput("certutil -L -d /etc/httpd/alias/")
+        self.collectExtOutput("certutil -L -d /etc/dirsrv/slapd-*/")
+
+        self.collectExtOutput("klist -ket /etc/dirsrv/ds.keytab")
+        self.collectExtOutput("klist -ket /etc/httpd/conf/ipa.keytab")
+        self.collectExtOutput("klist -ket /etc/krb5.keytab")
+
+        return
diff --git a/sos/plugins/named.py b/sos/plugins/named.py
index 82c4a9cc..e50fabb1 100644
--- a/sos/plugins/named.py
+++ b/sos/plugins/named.py
@@ -38,4 +38,14 @@ class named(Plugin, RedHatPlugin):
                 self.addCopySpec(self.getDnsDir(cfg))
                 self.addForbiddenPath(join(self.getDnsDir(cfg),"chroot/dev"))
                 self.addForbiddenPath(join(self.getDnsDir(cfg),"chroot/proc"))
+
+        self.addCopySpec("/etc/named/")
         self.addCopySpec("/etc/sysconfig/named")
+        self.collectExtOutput("klist -ket /etc/named.keytab")
+        self.addForbiddenPath("/etc/named.keytab")
+        return
+
+    def postproc(self):
+        match = r"(\s*arg \"password )[^\"]*"
+        subst = r"\1******"
+        self.doRegexSub("/etc/named.conf", match, subst)