diff options
author | Lev Veyde <lveyde@redhat.com> | 2021-01-12 17:39:17 +0200 |
---|---|---|
committer | Jake Hunsaker <jhunsake@redhat.com> | 2021-01-27 10:43:54 -0500 |
commit | cbe728cb999a4df17d3e8e902bf4e7e89c3941d6 (patch) | |
tree | 557595f1296969bfc135f4eb92fe2e77b577c789 | |
parent | 3973d0df276564142cd42a69569e33dc8a78fbe6 (diff) | |
download | sos-cbe728cb999a4df17d3e8e902bf4e7e89c3941d6.tar.gz |
[ovirt] Updated the ovirt plugin to collect additional data
The plugin now collects information from certificates
that were generated by oVirt.
Related: RHBZ#1845877
Signed-off-by: Lev Veyde <lveyde@redhat.com>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
-rw-r--r-- | sos/report/plugins/ovirt.py | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/sos/report/plugins/ovirt.py b/sos/report/plugins/ovirt.py index 127c971c..132d6c74 100644 --- a/sos/report/plugins/ovirt.py +++ b/sos/report/plugins/ovirt.py @@ -1,3 +1,4 @@ +# Copyright (C) 2021 Red Hat, Inc., Lev Veyde <lveyde@redhat.com> # Copyright (C) 2014 Red Hat, Inc., Sandro Bonazzola <sbonazzo@redhat.com> # Copyright (C) 2014 Red Hat, Inc., Bryn M. Reeves <bmr@redhat.com> # Copyright (C) 2010 Red Hat, Inc. @@ -87,11 +88,38 @@ class Ovirt(Plugin, RedHatPlugin): self.add_forbidden_path('/var/log/ovirt-engine/dump') self.add_cmd_output('ls -l /var/log/ovirt-engine/dump/') + certificates = [ + '/etc/pki/ovirt-engine/ca.pem', + '/etc/pki/ovirt-engine/apache-ca.pem', + '/etc/pki/ovirt-engine/certs/engine.cer', + '/etc/pki/ovirt-engine/certs/apache.cer', + '/etc/pki/ovirt-engine/certs/websocket-proxy.cer', + '/etc/pki/ovirt-engine/certs/jboss.cer', + '/etc/pki/ovirt-engine/certs/imageio-proxy.cer', + '/etc/pki/ovirt-engine/certs/ovirt-provider-ovn.cer', + ] + + keystores = [ + ('mypass', '/etc/pki/ovirt-engine/.truststore'), + ('changeit', '/var/lib/ovirt-engine/external_truststore'), + ] + self.add_cmd_output([ # Copy all engine tunables and domain information "engine-config --all", # clearer diff from factory defaults (only on ovirt>=4.2.8) - "engine-config -d" + "engine-config -d", + ]) + + self.add_cmd_output([ + # process certificate files + "openssl x509 -in %s -text -noout" % c for c in certificates + ]) + + self.add_cmd_output([ + # process TrustStore certificates + "keytool -list -storepass %s -rfc -keystore %s" % + (p, c) for (p, c) in keystores ]) # 3.x line uses engine-manage-domains, 4.x uses ovirt-aaa-jdbc-tool |