diff options
Diffstat (limited to 'sos/report/plugins/openshift.py')
| -rw-r--r-- | sos/report/plugins/openshift.py | 156 |
1 files changed, 156 insertions, 0 deletions
diff --git a/sos/report/plugins/openshift.py b/sos/report/plugins/openshift.py new file mode 100644 index 00000000..e31040c3 --- /dev/null +++ b/sos/report/plugins/openshift.py @@ -0,0 +1,156 @@ +# This file is part of the sos project: https://github.com/sosreport/sos +# +# This copyrighted material is made available to anyone wishing to use, +# modify, copy, or redistribute it subject to the terms and conditions of +# version 2 of the GNU General Public License. +# +# See the LICENSE file in the source distribution for further information. + +from sos.plugins import Plugin, RedHatPlugin +import os.path + + +# This plugin handles OpenShift Enterprise versions up to 2.x +# which are based in the upstream code of OpenShift Origin M4 +# located here: https://github.com/openshift/origin-server +# +# For later of OpenShift Origin based on: https://github.com/openshift/origin +# like OpenShift Enterprise 3.x see the origin.py plugin +class Openshift(Plugin, RedHatPlugin): + """Openshift 2.x node and broker""" + + plugin_name = "openshift" + profiles = ('virt', 'openshift') + + # The 'broker' and 'node' options are obsolete but are maintained + # here for compatibility with external programs that call sosreport + # with these names. + option_list = [("broker", "Gathers broker specific files", "slow", False), + ("node", "Gathers node specific files", "slow", False)] + + ruby = "ruby193" + vendor = "rh" + mco_config_dir = "/opt/%s/%s/root/etc/mcollective" % (vendor, ruby) + + gear_base_dir = "/var/lib/openshift" + node_settings_dir = os.path.join(gear_base_dir, ".settings") + node_proxy_dir = os.path.join(gear_base_dir, ".httpd.d") + httpd_config_dir = "/etc/httpd/conf.d" + + def is_broker(self): + return os.path.exists("/etc/openshift/broker.conf") + + def is_node(self): + return os.path.exists("/etc/openshift/node.conf") + + def setup(self): + self.add_copy_spec([ + "/etc/openshift-enterprise-release", + "/var/log/openshift", + "/etc/openshift/*.conf", + "/etc/openshift/upgrade", + ]) + + self.add_cmd_output("oo-diagnostics -v") + + if self.is_broker(): + self.add_copy_spec([ + "/etc/openshift/quickstarts.json", + "/etc/openshift/plugins.d/*.conf", + os.path.join(self.mco_config_dir, "client.cfg"), + "/var/www/openshift/broker/httpd/httpd.conf", + "/var/www/openshift/broker/httpd/conf.d/*.conf", + "/var/www/openshift/console/httpd/httpd.conf", + "/var/www/openshift/console/httpd/conf.d/*.conf", + ]) + + self.add_cmd_output([ + "oo-accept-broker -v", + "oo-admin-chk -v", + "oo-mco ping", + ]) + + if self.is_node(): + self.add_copy_spec([ + "/etc/openshift/node-plugins.d/*.conf", + "/etc/openshift/cart.conf.d", + "/etc/openshift/iptables.*.rules", + "/etc/openshift/env", + os.path.join(self.httpd_config_dir, + "openshift-vhost-logconf.include"), + os.path.join(self.httpd_config_dir, + "openshift-http-vhost.include"), + os.path.join(self.httpd_config_dir, + "openshift_restorer.include"), + os.path.join(self.mco_config_dir, "server.cfg"), + os.path.join(self.mco_config_dir, "facts.yaml"), + os.path.join(self.node_settings_dir, "district.info"), + os.path.join(self.node_proxy_dir, "*.conf"), + os.path.join(self.node_proxy_dir, "aliases.txt"), + os.path.join(self.node_proxy_dir, "nodes.txt"), + os.path.join(self.node_proxy_dir, "idler.txt"), + os.path.join(self.node_proxy_dir, "sts.txt"), + os.path.join(self.node_proxy_dir, "routes.json"), + os.path.join(self.node_proxy_dir, "geardb.json"), + os.path.join(self.node_proxy_dir, "sniproxy.json"), + "/var/log/httpd/openshift_log", + "/var/log/mcollective.log", + "/var/log/node-web-proxy/access.log", + "/var/log/node-web-proxy/error.log", + "/var/log/node-web-proxy/websockets.log", + "/var/log/node-web-proxy/supervisor.log", + ]) + + self.add_cmd_output([ + "oo-accept-node -v", + "oo-admin-ctl-gears list", + "ls -laZ %s" % self.gear_base_dir, + "ls -la %s" % self.node_proxy_dir + ]) + + def postproc(self): + # Redact broker's MongoDB credentials: + # MONGO_PASSWORD="PasswordForOpenshiftUser" + self.do_file_sub('/etc/openshift/broker.conf', + r"(MONGO_PASSWORD\s*=\s*)(.*)", + r"\1*******") + + # Redact session SHA keys: + # SESSION_SECRET=0c31...a7c8 + self.do_file_sub('/etc/openshift/broker.conf', + r"(SESSION_SECRET\s*=\s*)(.*)", + r"\1*******") + self.do_file_sub('/etc/openshift/console.conf', + r"(SESSION_SECRET\s*=\s*)(.*)", + r"\1*******") + + # Redact passwords of the form: + # plugin.activemq.pool.1.password = Pa$sW0Rd + self.do_file_sub(os.path.join(self.mco_config_dir, "server.cfg"), + r"(.*password\s*=\s*)\S+", + r"\1********") + self.do_file_sub(os.path.join(self.mco_config_dir, "client.cfg"), + r"(.*password\s*=\s*)\S+", + r"\1********") + + # Redact DNS plugin credentials + # Dynect DNS: DYNECT_PASSWORD=s0ME-p4$_w0RD._ + plugin_dir = '/etc/openshift/plugins.d/' + self.do_file_sub(plugin_dir + 'openshift-origin-dns-dynect.conf', + r"(DYNECT_PASSWORD\s*=\s*)(.*)", + r"\1********") + # Fog cloud: FOG_RACKSPACE_API_KEY="apikey" + self.do_file_sub(plugin_dir + 'openshift-origin-dns-fog.conf', + r"(FOG_RACKSPACE_API_KEY\s*=\s*)(.*)", + r"\1********") + # ISC bind: BIND_KEYVALUE="rndc key" + self.do_file_sub(plugin_dir + 'openshift-origin-dns-nsupdate.conf', + r"(BIND_KEYVALUE\s*=\s*)(.*)", + r"\1********") + # LDAP authentication: AuthLDAPBindPassword "IShouldNotBeHere" + ldap_paths = '/var/www/openshift/(broker|console)/httpd/conf.d/.*' + self.do_path_regex_sub(ldap_paths, + r"(AuthLDAPBindPassword)\s*(.*)", + r"\1********") + +# vim: set et ts=4 sw=4 : |