diff options
| author | Shane Bradley <sbradley@redhat.com> | 2016-02-02 09:13:30 -0500 |
|---|---|---|
| committer | Bryn M. Reeves <bmr@redhat.com> | 2016-02-05 16:17:04 +0000 |
| commit | a30a4181d85985d2d7bbb4e4d31cf2b857954643 (patch) | |
| tree | c0ed33b7ea222099feb607c4a78e665b343b7ffd | |
| parent | abc766fe147c532e2ecacb16b2d66d4263efcb9c (diff) | |
| download | sos-a30a4181d85985d2d7bbb4e4d31cf2b857954643.tar.gz | |
[ipa] Capture more cert information and other fixes
More cert information is captured, the "ipa-replica-manage"
commands removed because they would timeout because
a password was needed, sanitize some collected data,
and some logs with wildcards were not properly collected
is now fixed.
Fixes: #754, #755.
Signed-off-by: Shane Bradley <sbradley@redhat.com>
| -rw-r--r-- | sos/plugins/ipa.py | 32 |
1 files changed, 21 insertions, 11 deletions
diff --git a/sos/plugins/ipa.py b/sos/plugins/ipa.py index dae78234..73b2f8af 100644 --- a/sos/plugins/ipa.py +++ b/sos/plugins/ipa.py @@ -15,6 +15,7 @@ # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. from sos.plugins import Plugin, RedHatPlugin +from glob import glob class Ipa(Plugin, RedHatPlugin): @@ -56,34 +57,33 @@ class Ipa(Plugin, RedHatPlugin): "/etc/dirsrv/slapd-*/dse.ldif", "/etc/dirsrv/slapd-*/schema/99user.ldif", "/etc/hosts", - "/etc/named.*" + "/etc/named.*", + "/etc/pki-ca/CS.cfg", + "/etc/ipa/ca.crt", + "/etc/ipa/default.conf", + "/var/lib/certmonger/requests/[0-9]*", + "/var/lib/certmonger/cas/[0-9]*" ]) self.add_forbidden_path("/etc/pki/nssdb/key*") self.add_forbidden_path("/etc/pki-ca/flatfile.txt") self.add_forbidden_path("/etc/pki-ca/password.conf") self.add_forbidden_path("/var/lib/pki-ca/alias/key*") - self.add_forbidden_path("/etc/dirsrv/slapd-*/key*") self.add_forbidden_path("/etc/dirsrv/slapd-*/pin.txt") self.add_forbidden_path("/etc/dirsrv/slapd-*/pwdfile.txt") - self.add_forbidden_path("/etc/named.keytab") self.add_cmd_output([ "ls -la /etc/dirsrv/slapd-*/schema/", - "ipa-getcert list", + "getcert list", + "certutil -L -d /var/lib/pki-ca/alias", "certutil -L -d /etc/httpd/alias/", - "certutil -L -d /etc/dirsrv/slapd-*/", "klist -ket /etc/dirsrv/ds.keytab", "klist -ket /etc/httpd/conf/ipa.keytab" ]) - - hostname = self.call_ext_prog('hostname')['output'] - self.add_cmd_output([ - "ipa-replica-manage -v list", - "ipa-replica-manage -v list %s" % hostname - ], timeout=30) + for certdb_directory in glob("/etc/dirsrv/slapd-*/"): + self.add_cmd_output(["certutil -L -d %s" % certdb_directory]) return def postproc(self): @@ -91,5 +91,15 @@ class Ipa(Plugin, RedHatPlugin): subst = r"\1********" self.do_file_sub("/etc/named.conf", match, subst) + self.do_cmd_output_sub("getcert list", + r"(pin=)'(\d+)'", + r"\1'***'") + + request_logs = "/var/lib/certmonger/requests/[0-9]*" + for request_log in glob(request_logs): + self.do_file_sub(request_log, + r"(key_pin=)(\d+)", + r"\1***") + # vim: set et ts=4 sw=4 : |