diff options
| author | Shane Bradley <sbradley@redhat.com> | 2015-05-06 15:47:07 -0400 |
|---|---|---|
| committer | Bryn M. Reeves <bmr@redhat.com> | 2015-05-11 13:47:50 +0100 |
| commit | 0d2dd0d9ccc3242dd2dd4513924c8f308000242e (patch) | |
| tree | 8e8b1b9ed379b9f3b6fcf5b2b54ee0e3386ed881 | |
| parent | 5506e19bfd6735eadbc1fbf01be6208184f945ac (diff) | |
| download | sos-0d2dd0d9ccc3242dd2dd4513924c8f308000242e.tar.gz | |
[cluster] enable crm_report password scrubbing
Default to specifying a password pattern of 'passw.*' when calling
the crm_report script. This causes matching strings to be elided
from the report data.
Since this scrubbing can affect the use of pacemaker state machine
snapshots for debugging the behaviour is controlled by a new option
that defaults to enabled: cluster.crm_scrub
This can be used to obtain an sosreport containing virgin crm_report
data with no password scrubbing:
# sosreport -k cluster.crm_scrub=False
Signed-off-by: Shane Bradley <sbradley@redhat.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
| -rw-r--r-- | sos/plugins/cluster.py | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/sos/plugins/cluster.py b/sos/plugins/cluster.py index 8dd9a4df..084c0307 100644 --- a/sos/plugins/cluster.py +++ b/sos/plugins/cluster.py @@ -25,10 +25,12 @@ class Cluster(Plugin, RedHatPlugin): plugin_name = 'cluster' profiles = ('cluster',) + option_list = [ ("gfs2lockdump", 'gather output of gfs2 lockdumps', 'slow', False), ("crm_from", 'specify the start time for crm_report', 'fast', False), - ('lockdump', 'gather dlm lockdumps', 'slow', False) + ('lockdump', 'gather dlm lockdumps', 'slow', False), + ('crm_scrub', 'enable password scrubbing for crm_report', '', True), ] packages = [ @@ -112,8 +114,14 @@ class Cluster(Plugin, RedHatPlugin): "default" % self.get_option('crm_from')) crm_dest = self.get_cmd_output_path(name='crm_report', make=False) - self.add_cmd_output('crm_report -S -d --dest %s --from "%s"' - % (crm_dest, crm_from)) + crm_scrub = '-p "passw.*"' + if not self.get_option("crm_scrub"): + crm_scrub = '' + self._log_warn("scrubbing of crm passwords has been disabled:") + self._log_warn("data collected by crm_report may contain" + " sensitive values.") + self.add_cmd_output('crm_report %s -S -d --dest %s --from "%s"' + % (crm_scrub, crm_dest, crm_from)) def do_lockdump(self): if self._mount_debug(): |