diff options
| author | Ken Gaillot <kgaillot@redhat.com> | 2017-09-19 13:40:21 -0500 |
|---|---|---|
| committer | Bryn M. Reeves <bmr@redhat.com> | 2018-04-04 16:35:00 +0100 |
| commit | 3f8ad27ee7284cb1d6a998f7327805eb17464389 (patch) | |
| tree | 9ccb28d139270ef3f8d5776053ac4d88f7949b70 | |
| parent | 52a8fdfa0ccb53a60cec9feb785a43fdd05ff770 (diff) | |
| download | sos-3f8ad27ee7284cb1d6a998f7327805eb17464389.tar.gz | |
[pacemaker] Improve Pacemaker password scrubbing
Scrub the crm shell output as well as the pcs output,
and use an equivalent scrub pattern in all places.
Resolves: #1106
Signed-off-by: Ken Gaillot <kgaillot@redhat.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
| -rw-r--r-- | sos/plugins/pacemaker.py | 26 |
1 files changed, 19 insertions, 7 deletions
diff --git a/sos/plugins/pacemaker.py b/sos/plugins/pacemaker.py index 9576db54..fb511bc1 100644 --- a/sos/plugins/pacemaker.py +++ b/sos/plugins/pacemaker.py @@ -34,6 +34,20 @@ class Pacemaker(Plugin, DebianPlugin, UbuntuPlugin): ("crm_scrub", "enable password scrubbing for crm_report", "", True), ] + def postproc_crm_shell(self): + self.do_cmd_output_sub( + "crm configure show", + r"passw(\S*)=\S+", + r"passw\1=********" + ) + + def postproc_pcs(self): + self.do_cmd_output_sub( + "pcs config", + r"passw(\S*)=\S+", + r"passw\1=********" + ) + def setup(self): self.add_copy_spec([ # Pacemaker cluster configuration file @@ -73,8 +87,9 @@ class Pacemaker(Plugin, DebianPlugin, UbuntuPlugin): "default" % self.get_option("crm_from")) crm_dest = self.get_cmd_output_path(name="crm_report", make=False) - crm_scrub = '-p "passw.*"' - if not self.get_option("crm_scrub"): + if self.get_option("crm_scrub"): + crm_scrub = '-p "passw.*"' + else: crm_scrub = "" self._log_warn("scrubbing of crm passwords has been disabled:") self._log_warn("data collected by crm_report may contain" @@ -100,11 +115,8 @@ class Pacemaker(Plugin, DebianPlugin, UbuntuPlugin): self.add_copy_spec(logfile) def postproc(self): - self.do_cmd_output_sub( - "pcs config", - r"(passwd=|incoming_password=)\S+", - r"\1********" - ) + self.postproc_crm_shell() + self.postproc_pcs() class RedHatPacemaker(Pacemaker, RedHatPlugin): |