[ovirt] Updated the ovirt plugin to collect additional data

The plugin now collects information from certificates that were generated by oVirt. Related: RHBZ#1845877 Signed-off-by: Lev Veyde <lveyde@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
author: Lev Veyde <lveyde@redhat.com> 2021-01-12 17:39:17 +0200
committer: Jake Hunsaker <jhunsake@redhat.com> 2021-01-27 10:43:54 -0500
commit: cbe728cb999a4df17d3e8e902bf4e7e89c3941d6 (patch)
tree: 557595f1296969bfc135f4eb92fe2e77b577c789
parent: 3973d0df276564142cd42a69569e33dc8a78fbe6 (diff)
download: sos-cbe728cb999a4df17d3e8e902bf4e7e89c3941d6.tar.gz
1 files changed, 29 insertions, 1 deletions
diff --git a/sos/report/plugins/ovirt.py b/sos/report/plugins/ovirt.py
index 127c971c..132d6c74 100644
--- a/sos/report/plugins/ovirt.py
+++ b/sos/report/plugins/ovirt.py
@@ -1,3 +1,4 @@
+# Copyright (C) 2021 Red Hat, Inc., Lev Veyde <lveyde@redhat.com>
 # Copyright (C) 2014 Red Hat, Inc., Sandro Bonazzola <sbonazzo@redhat.com>
 # Copyright (C) 2014 Red Hat, Inc., Bryn M. Reeves <bmr@redhat.com>
 # Copyright (C) 2010 Red Hat, Inc.
@@ -87,11 +88,38 @@ class Ovirt(Plugin, RedHatPlugin):
             self.add_forbidden_path('/var/log/ovirt-engine/dump')
             self.add_cmd_output('ls -l /var/log/ovirt-engine/dump/')
 
+        certificates = [
+            '/etc/pki/ovirt-engine/ca.pem',
+            '/etc/pki/ovirt-engine/apache-ca.pem',
+            '/etc/pki/ovirt-engine/certs/engine.cer',
+            '/etc/pki/ovirt-engine/certs/apache.cer',
+            '/etc/pki/ovirt-engine/certs/websocket-proxy.cer',
+            '/etc/pki/ovirt-engine/certs/jboss.cer',
+            '/etc/pki/ovirt-engine/certs/imageio-proxy.cer',
+            '/etc/pki/ovirt-engine/certs/ovirt-provider-ovn.cer',
+        ]
+
+        keystores = [
+            ('mypass', '/etc/pki/ovirt-engine/.truststore'),
+            ('changeit', '/var/lib/ovirt-engine/external_truststore'),
+        ]
+
         self.add_cmd_output([
             # Copy all engine tunables and domain information
             "engine-config --all",
             # clearer diff from factory defaults (only on ovirt>=4.2.8)
-            "engine-config -d"
+            "engine-config -d",
+        ])
+
+        self.add_cmd_output([
+            # process certificate files
+            "openssl x509 -in %s -text -noout" % c for c in certificates
+        ])
+
+        self.add_cmd_output([
+            # process TrustStore certificates
+            "keytool -list -storepass %s -rfc -keystore %s" %
+            (p, c) for (p, c) in keystores
         ])
 
         # 3.x line uses engine-manage-domains, 4.x uses ovirt-aaa-jdbc-tool
author	Lev Veyde <lveyde@redhat.com>	2021-01-12 17:39:17 +0200
committer	Jake Hunsaker <jhunsake@redhat.com>	2021-01-27 10:43:54 -0500
commit	cbe728cb999a4df17d3e8e902bf4e7e89c3941d6 (patch)
tree	557595f1296969bfc135f4eb92fe2e77b577c789
parent	3973d0df276564142cd42a69569e33dc8a78fbe6 (diff)
download	sos-cbe728cb999a4df17d3e8e902bf4e7e89c3941d6.tar.gz