diff options
-rw-r--r-- | sos/plugins/ovirt.py | 136 |
1 files changed, 136 insertions, 0 deletions
diff --git a/sos/plugins/ovirt.py b/sos/plugins/ovirt.py new file mode 100644 index 00000000..3e645382 --- /dev/null +++ b/sos/plugins/ovirt.py @@ -0,0 +1,136 @@ +## Copyright (C) 2014 Red Hat, Inc., Sandro Bonazzola <sbonazzo@redhat.com> +## Copyright (C) 2014 Red Hat, Inc., Bryn M. Reeves <bmr@redhat.com> +## Copyright (C) 2010 Red Hat, Inc. + +### This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +import os +import re +import signal + + +from sos.plugins import Plugin, RedHatPlugin + + +# Class name must be the same as file name and method names must not change +class Ovirt(Plugin, RedHatPlugin): + """oVirt Engine related information""" + + DB_PASS_FILES = re.compile( + flags=re.VERBOSE, + pattern=r""" + ^ + /etc/ + (rhevm|ovirt-engine)/ + engine.conf + (\.d/.+.conf)? + $ + """ + ) + + DEFAULT_SENSITIVE_KEYS = ( + 'ENGINE_DB_PASSWORD:ENGINE_PKI_TRUST_STORE_PASSWORD:' + 'ENGINE_PKI_ENGINE_STORE_PASSWORD' + ) + + plugin_name = "ovirt" + + option_list = [ + ('jbosstrace', 'Enable oVirt Engine JBoss stack trace collection', '', True), + ('sensitive_keys', 'Sensitive keys to be masked', '', DEFAULT_SENSITIVE_KEYS) + ] + + def setup(self): + if self.get_option('jbosstrace'): + engine_pattern = "^ovirt-engine\ -server.*jboss-modules.jar" + pgrep = "pgrep -f '%s'" % engine_pattern + lines = self.call_ext_prog(pgrep)[1].splitlines() + engine_pids = [int(x) for x in lines] + if not engine_pids: + self.soslog.error('Unable to get ovirt-engine pid') + self.add_alert('Unable to get ovirt-engine pid') + for pid in engine_pids: + try: + # backtrace written to '/var/log/ovirt-engine/console.log + os.kill(pid, signal.SIGQUIT) + except OSError as e: + self.soslog.error('Unable to send signal to %d' % pid, e) + + self.add_forbidden_path('/etc/ovirt-engine/.pgpass') + self.add_forbidden_path('/etc/rhevm/.pgpass') + # Copy engine config files. + self.add_copy_specs([ + "/etc/ovirt-engine", + "/etc/rhevm", + "/var/log/ovirt-engine", + "/var/log/rhevm", + "/etc/sysconfig/ovirt-engine", + "/usr/share/ovirt-engine/conf", + "/var/log/ovirt-guest-agent", + "/var/lib/ovirt-engine/setup-history.txt", + "/var/lib/ovirt-engine/setup/answers", + "/var/lib/ovirt-engine/external_truststore", + "/var/tmp/ovirt-engine/config" + ]) + + def postproc(self): + """ + Obfuscate sensitive keys. + """ + self.do_file_sub( + "/etc/ovirt-engine/engine-config/engine-config.properties", + r"Password.type=(.*)", + r"Password.type=********" + ) + self.do_file_sub( + "/etc/rhevm/rhevm-config/rhevm-config.properties", + r"Password.type=(.*)", + r"Password.type=********" + ) + + engine_files = ( + 'ovirt-engine.xml', + 'ovirt-engine_history/current/ovirt-engine.v1.xml', + 'ovirt-engine_history/ovirt-engine.boot.xml', + 'ovirt-engine_history/ovirt-engine.initial.xml', + 'ovirt-engine_history/ovirt-engine.last.xml', + ) + for filename in engine_files: + self.do_file_sub( + "/var/tmp/ovirt-engine/config/%s" % filename, + r"<password>(.*)</password>", + r"<password>********</password>" + ) + + self.do_file_sub( + "/etc/ovirt-engine/redhatsupportplugin.conf", + r"proxyPassword=(.*)", + r"proxyPassword=********" + ) + + sensitive_keys = self.DEFAULT_SENSITIVE_KEYS + #Handle --alloptions case which set this to True. + keys_opt = self.get_option('sensitive_keys') + if keys_opt and keys_opt is not True: + sensitive_keys = keys_opt + key_list = [x for x in sensitive_keys.split(':') if x] + for key in key_list: + self.do_path_regex_sub( + self.DB_PASS_FILES, + r'{key}=(.*)'.format(key=key), + r'{key}=********'.format(key=key) + ) + +# vim: expandtab tabstop=4 shiftwidth=4 |