diff options
author | Marek Czernek <marek.czernek@suse.com> | 2023-10-27 09:49:41 +0200 |
---|---|---|
committer | Jake Hunsaker <jacob.r.hunsaker@gmail.com> | 2023-10-30 06:49:18 -0700 |
commit | 99f17199c8312ebb43b6236ef000e1a1baabb46e (patch) | |
tree | 18ad7a7d82dc361e4ff97741dc3641a3dcd68480 | |
parent | aafb03e83af45fc725d57736019cec36b352f34e (diff) | |
download | sos-99f17199c8312ebb43b6236ef000e1a1baabb46e.tar.gz |
[salt] gather more data, e.g. services, grains, pillars, and more
Signed-off-by: Marek Czernek <marek.czernek@suse.com>
-rw-r--r-- | sos/report/plugins/salt.py | 36 | ||||
-rw-r--r-- | sos/report/plugins/saltmaster.py | 32 |
2 files changed, 64 insertions, 4 deletions
diff --git a/sos/report/plugins/salt.py b/sos/report/plugins/salt.py index bad5e3a6..b3b113d2 100644 --- a/sos/report/plugins/salt.py +++ b/sos/report/plugins/salt.py @@ -5,6 +5,7 @@ # version 2 of the GNU General Public License. # # See the LICENSE file in the source distribution for further information. +import re from sos.report.plugins import Plugin, IndependentPlugin @@ -16,7 +17,7 @@ class Salt(Plugin, IndependentPlugin): plugin_name = 'salt' profiles = ('sysmgmt',) - packages = ('salt', 'salt-minion', 'salt-common',) + packages = ('salt', 'salt-minion', 'venv-salt-minion', 'salt-common',) def setup(self): all_logs = self.get_option("all_logs") @@ -26,12 +27,41 @@ class Salt(Plugin, IndependentPlugin): else: self.add_copy_spec("/var/log/salt") - self.add_copy_spec("/etc/salt") - self.add_forbidden_path("/etc/salt/pki/*/*.pem") + self.add_copy_spec([ + "/var/log/venv-salt-minion.log", + "/var/log/salt-ssh.log", + ]) + + self.add_copy_spec([ + "/etc/salt", + "/etc/venv-salt-minion/", + "/usr/local/etc/salt", + ]) + self.add_forbidden_path([ + "/etc/salt/pki/*/*.pem", + "/etc/venv-salt-minion/pki/*/*.pem", + "/usr/local/etc/salt/pki/*/*.pem", + ]) + + self.add_cmd_output([ + "systemctl --full status salt-minion", + "systemctl --full status venv-salt-minion", + "salt-minion --versions-report", + "venv-salt-minion --versions-report", + "salt-call --local grains.items --out yaml", + "venv-salt-call --local grains.items --out yaml", + ], timeout=30) def postproc(self): regexp = r'(^\s+.*(pass|secret|(?<![A-z])key(?![A-z])).*:\ ).+$' subst = r'\1******' self.do_path_regex_sub("/etc/salt/*", regexp, subst) + # Obfuscate grain entries like `password: mypass` or + # `secret: mysecret` + grain_regexp = re.compile("(^.*(pass|secret|key).*:)(.*)$", + re.MULTILINE) + self.do_cmd_output_sub("salt-call", grain_regexp, subst) + self.do_cmd_output_sub("venv-salt-call", grain_regexp, subst) + # vim: set et ts=4 sw=4 : diff --git a/sos/report/plugins/saltmaster.py b/sos/report/plugins/saltmaster.py index 99c750ba..e836d96f 100644 --- a/sos/report/plugins/saltmaster.py +++ b/sos/report/plugins/saltmaster.py @@ -5,6 +5,8 @@ # version 2 of the GNU General Public License. # # See the LICENSE file in the source distribution for further information. +import glob +import yaml from sos.report.plugins import Plugin, IndependentPlugin @@ -26,7 +28,35 @@ class SaltMaster(Plugin, IndependentPlugin): self.add_copy_spec("/etc/salt") self.add_forbidden_path("/etc/salt/pki/*/*.pem") - self.add_cmd_output("salt-key --list all") + + self.add_pillar_roots() + self.add_cmd_output([ + "salt-master --version", + "systemctl --full status salt-master", + "systemctl --full status salt-api", + "salt-key --list all", + "salt-run jobs.list_jobs --out=yaml", + "salt-run manage.list_state --out=yaml", + "salt-run manage.list_not_state --out=yaml", + "salt-run manage.joined --out=yaml", + ], timeout=30) + + def add_pillar_roots(self): + cfgs = glob.glob("/etc/salt/master.d/*conf") + main_cfg = "/etc/salt/master" + + if self.path_exists(main_cfg): + cfgs.append(main_cfg) + + all_pillar_roots = [] + for cfg in cfgs: + with open(cfg, "r") as f: + cfg_pillar_roots = ( + yaml.safe_load(f).get("pillar_roots", {}).get("base", []) + ) + all_pillar_roots.extend(cfg_pillar_roots) + + self.add_copy_spec(all_pillar_roots) def postproc(self): regexp = r'(^\s+.*(pass|secret|(?<![A-z])key(?![A-z])).*:\ ).+$' |