diff options
| author | Bryn M. Reeves <bmr@redhat.com> | 2014-07-01 18:41:49 +0100 |
|---|---|---|
| committer | Bryn M. Reeves <bmr@redhat.com> | 2014-07-01 18:41:49 +0100 |
| commit | 5d1225e947b69c622fc171c61a2ae74f4ebd383f (patch) | |
| tree | fbaaf5d48ac6815584ede01d54b105b170741c84 | |
| parent | bfc51b959d546f5fa8c6741b8283b9cc88942893 (diff) | |
| download | sos-5d1225e947b69c622fc171c61a2ae74f4ebd383f.tar.gz | |
[libvirt] restrict configuration and log collection
Collect specific libvirt configuration and log files by glob
instead of scoopting up whole directories from /etc and /var and
add blacklisting for the libvirt SASL authentication databases.
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
| -rw-r--r-- | sos/plugins/libvirt.py | 33 |
1 files changed, 31 insertions, 2 deletions
diff --git a/sos/plugins/libvirt.py b/sos/plugins/libvirt.py index 55d8bb16..1ec4ba46 100644 --- a/sos/plugins/libvirt.py +++ b/sos/plugins/libvirt.py @@ -19,14 +19,43 @@ class Libvirt(Plugin, RedHatPlugin, UbuntuPlugin, DebianPlugin): """libvirt-related information """ + option_list = [( + "all_logs", "collect all logs regardless of size", "", False + )] plugin_name = 'libvirt' def setup(self): + libvirt_keytab = "/etc/libvirt/krb5.tab" + + # authentication databases used for libvirt SASL authentication + self.add_forbidden_path("/etc/libvirt/passwd.db") + self.add_forbidden_path("/etc/libvirt/krb5.tab") + self.add_copy_specs([ - "/etc/libvirt/", - "/var/log/libvirt*" + "/etc/libvirt/libvirt.conf", + "/etc/libvirt/libvirtd.conf", + "/etc/libvirt/lxc.conf", + "/etc/libvirt/nwfilter/*.xml", + "/etc/libvirt/qemu/*.xml", + "/etc/libvirt/qemu/networks/*.xml", + "/etc/libvirt/qemu/networks/autostart/*.xml", + "/etc/libvirt/storage/*.xml", + "/etc/libvirt/storage/autostart/*.xml", + "/etc/libvirt/qemu-lockd.conf", + "/etc/libvirt/virtlockd.conf" ]) + if not self.get_option("all_logs"): + self.add_copy_spec_limit("/var/log/libvirt/libvirtd.log", sizelimit=5) + self.add_copy_spec_limit("/var/log/libvirt/qemu/*.log", sizelimit=5) + self.add_copy_spec_limit("/var/log/libvirt/lxc/*.log", sizelimit=5) + self.add_copy_spec_limit("/var/log/libvirt/uml/*.log", sizelimit=5) + else: + self.add_copy_spec("/var/log/libvirt") + + if os.path.exists(libvirt_keytab): + self.add_cmd_output("klist -ket %s" % libvirt_keytab) + def postproc(self): for xmlfile in glob.glob("/etc/libvirt/qemu/*.xml"): self.do_file_sub(xmlfile, |