diff options
| -rw-r--r-- | sos/report/plugins/foreman.py | 63 | ||||
| -rw-r--r-- | sos/report/plugins/foreman_installer.py | 98 | ||||
| -rw-r--r-- | sos/report/plugins/foreman_proxy.py | 70 | ||||
| -rw-r--r-- | sos/report/plugins/puppet.py | 9 |
4 files changed, 184 insertions, 56 deletions
diff --git a/sos/report/plugins/foreman.py b/sos/report/plugins/foreman.py index 0cd0196b..52fdd9fe 100644 --- a/sos/report/plugins/foreman.py +++ b/sos/report/plugins/foreman.py @@ -10,19 +10,19 @@ # See the LICENSE file in the source distribution for further information. from sos.report.plugins import (Plugin, RedHatPlugin, DebianPlugin, - UbuntuPlugin, SCLPlugin) + UbuntuPlugin) from pipes import quote from re import match class Foreman(Plugin): - short_desc = 'Foreman/Satellite 6 systems management' + short_desc = 'Foreman/Satellite systems management' plugin_name = 'foreman' plugin_timeout = 1800 profiles = ('sysmgmt',) - packages = ('foreman', 'foreman-proxy') + packages = ('foreman',) option_list = [ ('months', 'number of months for dynflow output', 'fast', 1), ('proxyfeatures', 'collect features of smart proxies', 'slow', False), @@ -65,15 +65,13 @@ class Foreman(Plugin): self.add_file_tags({ '/var/log/foreman/production.log.*': 'foreman_production_log', - '/var/log/foreman-proxy/proxy.log.*': 'foreman_proxy_log', - '/etc/foreman-proxy/settings.yml': 'foreman_proxy_conf', '/etc/sysconfig/foreman-tasks': 'foreman_tasks_config', '/etc/sysconfig/dynflowd': 'foreman_tasks_config' }) self.add_forbidden_path([ - "/etc/foreman*/*key.pem", - "/etc/foreman*/encryption_key.rb" + "/etc/foreman/*key.pem", + "/etc/foreman/encryption_key.rb" ]) _hostname = self.exec_cmd('hostname')['output'] @@ -90,12 +88,9 @@ class Foreman(Plugin): # Allow limiting these self.add_copy_spec([ "/etc/foreman/", - "/etc/foreman-proxy/", "/etc/sysconfig/foreman", "/etc/sysconfig/dynflowd", - "/etc/smart_proxy_dynflow_core/settings.yml", "/etc/default/foreman", - "/etc/foreman-installer/", "/var/log/foreman/dynflow_executor*log*", "/var/log/foreman/dynflow_executor*.output*", "/var/log/foreman/apipie_cache*.log*", @@ -103,20 +98,9 @@ class Foreman(Plugin): "/var/log/foreman/db_migrate*log*", "/var/log/foreman/db_seed*log*", "/var/log/foreman/production.log[.-]*", - "/var/log/foreman-proxy/cron*log*", - "/var/log/foreman-proxy/migrate_settings*log*", - "/var/log/foreman-proxy/proxy*log*", - "/var/log/foreman-proxy/smart_proxy_dynflow_core*log*", "/var/log/foreman-selinux-install.log", "/var/log/foreman-proxy-certs-generate*", - "/var/log/foreman-installer/*", - "/var/log/foreman-maintain/*", - "/var/log/syslog*", "/usr/share/foreman/Gemfile*", - "/var/lib/puppet/ssl/certs/ca.pem", - "/etc/puppetlabs/puppet/ssl/certs/ca.pem", - "/etc/puppetlabs/puppet/ssl/certs/{}.pem".format(_hostname), - "/var/lib/puppet/ssl/certs/{}.pem".format(_hostname), "/var/log/{}*/foreman*".format(self.apachepkg), "/var/log/{}*/katello-reverse-proxy_access_ssl.log*".format( self.apachepkg), @@ -128,10 +112,8 @@ class Foreman(Plugin): ]) self.add_cmd_output([ - 'bundle --local --gemfile=/usr/share/foreman/Gemfile*', 'hammer ping', 'foreman-selinux-relabel -nv', - 'foreman-maintain service status', 'passenger-status --show pool', 'passenger-status --show requests', 'passenger-status --show backtraces', @@ -286,42 +268,17 @@ class Foreman(Plugin): return _dbcmd % (self.dbhost, quote(query)) def postproc(self): - install_logs = "/var/log/foreman-installer/" - satreg = r"((foreman.*)?(\"::(foreman(.*?)|katello).*)?((::(.*)::.*" \ - r"(passw|cred|token|secret|key).*(\")?:)|(storepass )" \ - r"|(password =)))(.*)" - self.do_path_regex_sub(install_logs, satreg, r"\1 ********") - # need to do two passes here, debug output has different formatting - sat_debug_reg = (r"(\s)+(Found key: (\"(foreman(.*?)|katello)" - r"::(.*(token|secret|key|passw).*)\") value:) " - r"(.*)") - self.do_path_regex_sub(install_logs, sat_debug_reg, r"\1 \2 ********") - # also hide passwords in yet different formats - self.do_path_regex_sub( - install_logs, - r"(\.|_|-)password(=\'|=|\", \")(\w*)", - r"\1password\2********") - self.do_path_regex_sub( - "/var/log/foreman-installer/foreman-proxy*", - r"(\s*proxy_password\s=) (.*)", - r"\1 ********") - self.do_path_regex_sub( - "/var/log/foreman-maintain/foreman-maintain.log*", - r"(((passw|cred|token|secret)=)|(password ))(.*)", - r"\1********") self.do_path_regex_sub( "/var/log/%s*/foreman-ssl_access_ssl.log*" % self.apachepkg, r"(.*\?(passw|cred|token|secret|key).*=)(.*) (HTTP.*(.*))", r"\1******** \4") - # all scrubbing applied to configs must be applied to installer logs - # as well, since logs contain diff of configs self.do_path_regex_sub( - r"(/etc/foreman(.*)((conf)(.*)?))|(%s)" % install_logs, + r"/etc/foreman/(.*)((conf)(.*)?)", r"((\:|\s*)(passw|cred|token|secret|key).*(\:\s|=))(.*)", r"\1********") # yaml values should be alphanumeric self.do_path_regex_sub( - r"(/etc/foreman(.*)((yaml|yml)(.*)?))|(%s)" % install_logs, + r"/etc/foreman/(.*)((yaml|yml)(.*)?)", r"((\:|\s*)(passw|cred|token|secret|key).*(\:\s|=))(.*)", r'\1"********"') @@ -329,21 +286,17 @@ class Foreman(Plugin): # attr so we can keep all log definitions centralized in the main class -class RedHatForeman(Foreman, SCLPlugin, RedHatPlugin): +class RedHatForeman(Foreman, RedHatPlugin): apachepkg = 'httpd' def setup(self): self.add_file_tags({ - '/var/log/foreman-installer/satellite.log.*': - ['insights_satellite_log' 'satellite_installer_log'], '/usr/share/foreman/.ssh/ssh_config': 'ssh_foreman_config', }) super(RedHatForeman, self).setup() - self.add_cmd_output_scl('tfm', 'gem list', - suggest_filename='scl enable tfm gem list') class DebianForeman(Foreman, DebianPlugin, UbuntuPlugin): diff --git a/sos/report/plugins/foreman_installer.py b/sos/report/plugins/foreman_installer.py new file mode 100644 index 00000000..e74afb4b --- /dev/null +++ b/sos/report/plugins/foreman_installer.py @@ -0,0 +1,98 @@ +# Copyright (C) 2021 Red Hat, Inc., Pavel Moravec <pmoravec@redhat.com> + +# This file is part of the sos project: https://github.com/sosreport/sos +# +# This copyrighted material is made available to anyone wishing to use, +# modify, copy, or redistribute it subject to the terms and conditions of +# version 2 of the GNU General Public License. +# +# See the LICENSE file in the source distribution for further information. + +from sos.report.plugins import (Plugin, RedHatPlugin, DebianPlugin, + UbuntuPlugin) + + +class ForemanInstaller(Plugin, DebianPlugin, UbuntuPlugin): + + short_desc = 'Foreman installer and maintainer' + + plugin_name = 'foreman_installer' + profiles = ('sysmgmt',) + packages = ('foreman-installer', 'rubygem-foreman_maintain') + + def setup(self): + self.add_copy_spec([ + "/etc/foreman-installer/*", + "/var/log/foreman-installer/*", + "/var/log/foreman-maintain/*", + # specifically collect .applied files + # that would be skipped otherwise as hidden files + "/etc/foreman-installer/scenarios.d/*/.applied", + ]) + + # skip collecting individual migration scripts; + # .applied file in each dir is still + self.add_forbidden_path( + "/etc/foreman-installer/scenarios.d/*.migrations/*.rb" + ) + + self.add_cmd_output([ + 'foreman-maintain service status', + ]) + + def postproc(self): + install_logs = "/var/log/foreman-installer/" + logsreg = r"((foreman.*)?(\"::(foreman(.*?)|katello).*)?((::(.*)::.*" \ + r"(passw|cred|token|secret|key).*(\")?:)|(storepass )" \ + r"|(password =)))(.*)" + self.do_path_regex_sub(install_logs, logsreg, r"\1 ********") + # need to do two passes here, debug output has different formatting + logs_debug_reg = (r"(\s)+(Found key: (\"(foreman(.*?)|katello)" + r"::(.*(token|secret|key|passw).*)\") value:) " + r"(.*)") + self.do_path_regex_sub(install_logs, logs_debug_reg, r"\1 \2 ********") + # also hide passwords in yet different formats + self.do_path_regex_sub( + install_logs, + r"(\.|_|-)password(=\'|=|\", \")(\w*)", + r"\1password\2********") + self.do_path_regex_sub( + "/var/log/foreman-installer/foreman-proxy*", + r"(\s*proxy_password\s=) (.*)", + r"\1 ********") + self.do_path_regex_sub( + "/var/log/foreman-maintain/foreman-maintain.log*", + r"(((passw|cred|token|secret)=)|(password ))(.*)", + r"\1********") + # all scrubbing applied to configs must be applied to installer logs + # as well, since logs contain diff of configs + self.do_path_regex_sub( + r"(/etc/foreman-(installer|maintain)/(.*)((conf)(.*)?))|(%s)" + % install_logs, + r"((\:|\s*)(passw|cred|token|secret|key).*(\:\s|=))(.*)", + r"\1********") + # yaml values should be alphanumeric + self.do_path_regex_sub( + r"(/etc/foreman-(installer|maintain)/(.*)((yaml|yml)(.*)?))|(%s)" + % install_logs, + r"((\:|\s*)(passw|cred|token|secret|key).*(\:\s|=))(.*)", + r'\1"********"') + + +# Add Red Hat Insights tags for RedHatPlugin only + +class RedHatForemanInstaller(ForemanInstaller, RedHatPlugin): + + def setup(self): + + self.add_file_tags({ + '/var/log/foreman-installer/satellite.log.*': + ['insights_satellite_log' 'satellite_installer_log'], + '/var/log/foreman-installer/capsule.log.*': + ['insights_capsule_log' 'capsule_installer_log'], + }) + + super(RedHatForemanInstaller, self).setup() + + +# vim: set et ts=4 sw=4 : diff --git a/sos/report/plugins/foreman_proxy.py b/sos/report/plugins/foreman_proxy.py new file mode 100644 index 00000000..297e518d --- /dev/null +++ b/sos/report/plugins/foreman_proxy.py @@ -0,0 +1,70 @@ +# Copyright (C) 2021 Red Hat, Inc., Pavel Moravec <pmoravec@redhat.com> + +# This file is part of the sos project: https://github.com/sosreport/sos +# +# This copyrighted material is made available to anyone wishing to use, +# modify, copy, or redistribute it subject to the terms and conditions of +# version 2 of the GNU General Public License. +# +# See the LICENSE file in the source distribution for further information. + +from sos.report.plugins import (Plugin, RedHatPlugin, DebianPlugin, + UbuntuPlugin) + + +class ForemanProxy(Plugin): + + short_desc = 'Foreman Smart Proxy systems management' + + plugin_name = 'foreman_proxy' + profiles = ('sysmgmt',) + packages = ('foreman-proxy',) + + def setup(self): + self.add_file_tags({ + '/var/log/foreman-proxy/proxy.log.*': 'foreman_proxy_log', + '/etc/foreman-proxy/settings.yml': 'foreman_proxy_conf' + }) + + self.add_forbidden_path([ + "/etc/foreman-proxy/*key.pem" + ]) + + self.add_copy_spec([ + "/etc/foreman-proxy/", + "/etc/smart_proxy_dynflow_core/settings.yml", + "/var/log/foreman-proxy/*log*", + "/var/log/{}*/katello-reverse-proxy_access_ssl.log*".format( + self.apachepkg), + "/var/log/{}*/katello-reverse-proxy_error_ssl.log*".format( + self.apachepkg), + ]) + + # collect http[|s]_proxy env.variables + self.add_env_var(["http_proxy", "https_proxy"]) + + def postproc(self): + self.do_path_regex_sub( + r"/etc/foreman-proxy/(.*)((conf)(.*)?)", + r"((\:|\s*)(passw|cred|token|secret|key).*(\:\s|=))(.*)", + r"\1********") + # yaml values should be alphanumeric + self.do_path_regex_sub( + r"/etc/foreman-proxy/(.*)((yaml|yml)(.*)?)", + r"((\:|\s*)(passw|cred|token|secret|key).*(\:\s|=))(.*)", + r'\1"********"') + + +# Child classes needed to declare the apachepkg attr properly per distro + +class RedHatForemanProxy(ForemanProxy, RedHatPlugin): + + apachepkg = 'httpd' + + +class DebianForemanProxy(ForemanProxy, DebianPlugin, UbuntuPlugin): + + apachepkg = 'apache' + + +# vim: set et ts=4 sw=4 : diff --git a/sos/report/plugins/puppet.py b/sos/report/plugins/puppet.py index 6541c5cb..009414e3 100644 --- a/sos/report/plugins/puppet.py +++ b/sos/report/plugins/puppet.py @@ -20,6 +20,9 @@ class Puppet(Plugin, IndependentPlugin): 'puppetserver', 'puppetmaster', 'puppet-master') def setup(self): + _hostname = self.exec_cmd('hostname')['output'] + _hostname = _hostname.strip() + self.add_copy_spec([ "/etc/puppet/*.conf", "/etc/puppet/rack/*", @@ -33,7 +36,11 @@ class Puppet(Plugin, IndependentPlugin): "/etc/puppetlabs/puppet/ssl/ca/inventory.txt", "/var/log/puppetlabs/puppetserver/*.log*", "/var/lib/puppetlabs/puppet/ssl/ca/inventory.txt", - "/var/lib/puppet/ssl/ca/inventory.txt" + "/var/lib/puppet/ssl/ca/inventory.txt", + "/var/lib/puppet/ssl/certs/ca.pem", + "/etc/puppetlabs/puppet/ssl/certs/ca.pem", + "/etc/puppetlabs/puppet/ssl/certs/{}.pem".format(_hostname), + "/var/lib/puppet/ssl/certs/{}.pem".format(_hostname), ]) self.add_cmd_output([ |