aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* [archive, plugin] avoid recursing on symbolic link loopsBryn M. Reeves2018-09-132-5/+42
| | | | | | | | | | | | | | | | | | | It's possible that symlink loops exist in the host file system, either 'simple' ('a'->'a'), or indirect ('a'->'b'->'a'). We need to avoid recursing on these loops, to avoid exceeding the maximum link or recursion depths, but we should still represent these inodes as accurately as possible in the resulting archive. Detect loops in both the Plugin link handling code and in the new Archive link follow-up code by creating the first requested level of loop, and then skipping the recursive follow-up. This means that the looping links are still created in the archive so long as they are referenced in a copy spec but that we do not attempt to indefinitely recurse while collecting them. Resolves: #1430 Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [archive] canonicalise paths for link follow upBryn M. Reeves2018-09-121-1/+1
| | | | | | | | | Ensure that the canonical path is used when processing link follow up actions: the actual link path may contain one or more levels of symbolic links, leading to broken links if the link target path is assumed to be relative to the containing directory. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [plugin] canonicalize link target path in Plugin._copy_symlink()Bryn M. Reeves2018-09-121-1/+4
| | | | | | | | | | | | Since we may be dealing with paths that contain intermediate symlinked directories, it is necessary to canonicalize the path for the link target in order to eliminate additional levels of symbolic links, and to calculate the correct relative path to use within the archive. Related: #1404 Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [utilities] use correct comparison-to-None styleBryn M. Reeves2018-09-111-1/+1
| | | | Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [archive] fix link rewriting logic in FileCacheArchive.add_link()Bryn M. Reeves2018-09-111-11/+19
| | | | | | | | | | | | | | | When processing link follow up for an original symbolic link, the add_link() logic incorrectly used the _original_ host link name, rather than the to-be-created name when calculating relative path structures. If the prior link is at a greater or lesser level of directory nesting this will lead to broken relative links in the archive (one level too high or too low). In some cases (systemd) this behaviour was masked due to the fact that identically named links exist at multiple levels of the path hierarchy. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [archive] fix local variable name in FileCacheArchive.add_link()Bryn M. Reeves2018-09-111-1/+1
| | | | | | | The 'link_path' local was renamed to 'link_name' to better match other uses in the code. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [utilities] wait until AsyncReader p.poll() returns NoneBryn M. Reeves2018-09-101-1/+2
| | | | | | | | | | | | | | On some systems the pipe used by the AsyncReader() class and the sos_get_command_output() function may still be open at the time the p.poll() call returns. At this time the command exit status is undefined, leading to errors and collection failures for code that tests the command's exit code. Wait explicitly until poll() returns None to avoid this. Resolves: #1417 Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [atomic] Define valid preset for RHEL AtomicJake Hunsaker2018-09-101-1/+14
| | | | | | | | | | | Defines an 'atomic' preset for use with the RedHatAtomic policy for RHEL Atomic Host. Fixes sos being unable to run due to the preset probe returning a string rather than a preset. Resolves: #1418 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [archive] remove unused 'copy' arg from FileCacheArchive.add_dir()Bryn M. Reeves2018-09-101-2/+1
| | | | Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [archive] add link follow-up to FileCacheArchive.add_link()Bryn M. Reeves2018-09-101-3/+35
| | | | | | | | | | | | | | | | | | Creating a link may trigger further actions in the archive: if the link target is a regular file, we must copy that file into the archive, and if the target is a symbolic link, then we must create that link, and copy in the link target. Handle this by calling add_file() or (recursively) add_link() in order to create the missing pieces of the symlink chain. These operations must take place outside of the path lock since they do not modify the archive namespace and will call methods of the Archive object that will attempt to re-acquire this lock. Resolves: #1404 Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [archive] fix leading path creationBryn M. Reeves2018-09-101-7/+34
| | | | | | | | | | | | | | | | Fix the creation of leading path components for both paths that contain intermediate components that are symbolic links (with both absolute and relative targets), and those that contain only directory components. Since symlinks may link to other files, and other symlinks, it is necessary to handle these paths recursively and to include any intermediate symlinked directories, or symlink targets in the set of paths added to the archive. Related: #1404 Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [Plugin] fix exception raise in Plugin._copy_dir()Bryn M. Reeves2018-09-101-1/+1
| | | | | | | | Use a naked 'raise' statement rather than raising the already caught exception in _copy_dir(), so that the original stack and backtrace are avaialable. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [sosreport] trap directly to PDB in handle_exception()Bryn M. Reeves2018-09-101-1/+8
| | | | | | | | | | | | | | | | | | | | | | | | | Now that plugins are run in a threadpool, it is not possible to defer the call to pdb.post_mortem() to the top-level exception handler in the main thread: this is due to the fact that in a pool, exceptions are caught and saved to be re-raised to thread calling the pool when results are returned. When the saved exception is raised to the top-level handler the execution context it relates to is gone: the backtrace and stack frame have been torn down and only very limited information is available from the exception frame. Instead, catch these exceptions _inside_ the thread pool context, and directly trap to the Python debugger. This allows plugin code to be debugged interactively with the full backtrace and with all access to local variables and the execution stack. In addition, this means that after the debugger has handled the exception it is possible to return to the run and continue until report completion. One side effect of this change is that the *-plugin-errors.txt file containng the backtrace is now written into the archive whether or not --debug is given. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [sosreport] ensure ThreadPool exceptions are raisedBryn M. Reeves2018-09-101-2/+6
| | | | | | | | | | | | | | The ThreadPoolExecutor does not raise exceptions to the parent thread immediately: it stores them in-line in the pool's results list, and raises them to the caller on acccess to that slot in the results iterator. Make sure that these exceptions are handled by iterating over all results and asserting that they are non-None (in practice, this code is never executed since the resulting raise will trap to an exception handler, but it is less confusing than a bare 'pass'). Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [openstack-nova] Add missing placement api wsgi logsMikel Olasagasti Uranga2018-09-041-0/+10
| | | | | | | Resolves: #1409 Signed-off-by: Mikel Olasagasti Uranga <mikel@olasagasti.info> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [plugins] Add Support for podman as well as docker.Daniel J Walsh2018-09-034-28/+44
| | | | | | | | | | | | OpenStack daemons can now run in OCI containers launched by both podman and docker. Need to check both locations. Resolves: #1408 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [podman] Add support for gathering information on podman containersDaniel J Walsh2018-09-031-0/+79
| | | | | | | Resolves: #1407. Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [docker] combine docker 'inspect' and 'logs' loopsBryn M. Reeves2018-09-031-3/+1
| | | | | | | | | We're iterating over all the containers: might as well only do it one time. Related: #1406, #1407 Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [crio] Add support for gathering information on cri-o containersDaniel J Walsh2018-09-031-0/+74
| | | | Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>
* [buildah] collect information about container configurationDaniel J Walsh2018-09-031-0/+7
| | | | | | | | | These configuration files can effect the way that buildah works. Resolves: #1405 Signed-off-by: Daniel J Walsh <dwalsh@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [sudo] new pluginPavel Moravec2018-09-031-0/+29
| | | | | | | | Collect /etc/sudo* and scrub bindpw in /etc/sudo-ldap.conf Resolves: #1402 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [megacli] Correct MegaCli commands and enablementJake Hunsaker2018-09-031-13/+9
| | | | | | | | | | | | | | The MegaCli64 command needs to be called using the full path to the binary. Also, correct the -ShowSummary adapter argument. Additionally, use the builtin 'files' check to enable the plugin only if the binary exists. Closes: #403 Resolves: #1392 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [lvm] Add columns to lvs collectionJake Hunsaker2018-09-031-1/+2
| | | | | | | | | | | Adds the lv_(kernel)_read_ahead, stripes, and stripsize columns to lvs output. Closes: #800 Resolves: #1391 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [Policies|Plugins] Add services memberJake Hunsaker2018-09-033-5/+142
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds a services member to facilitate plugin enablement. This is tied to a new InitSystem class that gets attached to policies. The InitSystem class is used to determine services that are present on the system and what those service statuses currently are (e.g. enabled/disable). Plugins can now specify a set of services to enable the plugin on if that service exists on the system, similar to the file, command, and package checks. Additionally, the Plugin class now has methods to check on service states, and make decisions based off of. For example: def setup(self): if self.is_service('foobar'): self.add_cmd_output('barfoo') Currently, only systemd has actual functionality for this. The base InitSystem inherited by policies by default will always return False for service checks, thus resulting in the same behavior as before this change. The Red Hat family of distributions has been set to systemd, as all current versions of those distributions use systemd. Closes: #83 Resolves: #1387 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [ovirt_node] New plugin for oVirt NodeNijin Ashok2018-09-031-0/+41
| | | | | | | | | | | oVirt Node is a small scaled down version used for hosting virtual machines. The plugin collects node specific information like upgrade log, the layer structure etc. Resolves: #1381 Signed-off-by: Nijin Ashok nashok@redhat.com Signed-off-by: Bryn M. Reeves bmr@redhat.com
* [multipath] add multipath -t outputJohn Pittman2018-09-031-0/+1
| | | | | | | | | | | | | | | | | | | | | The 'multipath -t' command prints the internal hardware table of device-mapper-multipath. These are the true, hard-coded defaults that multipath will follow if no other configuration is set. The hardware table is specific to the device-mapper-multipath version that is in use, so it is subject to change across release, making it difficult to track. Prior to the -t flag creation, the user would have to check the source package or /usr/share/doc/device-mapper-multipath for the table. The output is needed as a piece of the puzzle in how the 'multipathd show config' command presents the current, running configuration (it uses the .conf and the hardware table). This makes it very useful in troubleshooting activities. Resolves: #1379 Signed-off-by: John Pittman <jpittman@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [multipath] use -ll for path checker and prio inclusionJohn Pittman2018-09-031-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The 'multipath -l' command, per the man page, shows the topology as 'fetched in sysfs and the device mapper' and 'multipath -ll' shows the topology from 'all available information'. The '-ll' option, among other things, includes useful items such as prio values and path checkers, without adding much more verbosity. For example, prio value ommission seen below: |-+- policy='service-time 0' prio=0 status=active | |- 2:0:1:2 sdh 8:112 active undef unknown | `- 5:0:1:2 sdal 66:80 active undef unknown `-+- policy='service-time 0' prio=0 status=enabled |- 2:0:0:2 sdc 8:32 active undef unknown `- 5:0:0:2 sdag 66:0 active undef unknown |-+- policy='service-time 0' prio=50 status=active | |- 2:0:1:2 sdh 8:112 active ready running | `- 5:0:1:2 sdal 66:80 active ready running `-+- policy='service-time 0' prio=10 status=enabled |- 2:0:0:2 sdc 8:32 active ready running `- 5:0:0:2 sdag 66:0 active ready running Gather 'multipath -ll' instead of 'multipath -l' as the additional information adds value without additional verbosity. Signed-off-by: John Pittman <jpittman@redhat.com>
* [plugins] Add transport_url to protected keysPaul Peereboom2018-09-0313-12/+16
| | | | Signed-off-by: Paul Peereboom <paul.peereboom@duo.nl>
* [pacemaker] Collect stonith and quorum statusJake Hunsaker2018-09-031-0/+5
| | | | | | | | | Adds collection of stonith and quorum states within the cluster to the pacemaker plugin. If either of these are not used in a given cluster, these commands simply report that the resource is not in use so this is safe to run on all clusters. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [grafana] all_logs to collect all log filesPavel Moravec2018-09-031-1/+1
| | | | | | | | not only *.log ones Resolves: #1371 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [archive] replace FileCacheArchive._makedirs()Bryn M. Reeves2018-09-031-8/+64
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Python os.makedirs() implementation is inadequate for sos's needs: it will create leading directories given an intended path destination, but it is not able to reflect cases where some of the intermediate paths are actually symbolic links. Replace the use of os.makedirs() with a method that walks over the path, and either creates directories, or symbolic links (and their directory target) to better correspond with the content of the host file system. This fixes a situation where two plugins can race in the archive, leading to an exception in the plugin that runs last: - /foo/bar exists and is a link to /foo/bar.qux - One plugin attempts to collect /foo/bar - Another plugin attempts to collect a link /foo/qux -> /foo/bar/baz If the 2nd plugin happens to run first it will create the path "/foo/bar" as a _directory_ (via _makedirs()). Since the archive now checks for matching object types when a path collision occurs, the first plugin will arrive at add_dir(), note that "/foo/bar" is present and is not a symbolic link, and will raise an exception. Correct this by ensuring that whichever plugin executes first, the correct link/directory path structure will be set up. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [archive] normalise dest_dir in FileCacheArchive._check_path()Bryn M. Reeves2018-08-311-1/+4
| | | | | | | | Always set a valid dest_dir in _check_path() and do not assume that it can be obtained by splitting the path: in the case of a directory it is the unmodified 'dest' value. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [archive] simplify FileCacheArchive.makedirs()Bryn M. Reeves2018-08-311-4/+4
| | | | | | | | | | | | | Simplify the makedirs() method of FileCacheArchive and have it bypass _check_path() and directly call os.makedirs(): a subsequent patch will restrict the use of the method to setting up the sos_* directories in the archive root. File, directory and other object type add_* methods will use a new method that correctly handles symbolic links in intermediate path components. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [sosreport] properly raise exceptions when --debug is givenBryn M. Reeves2018-08-311-1/+4
| | | | | | | | OSError and IOError exceptions were not raised to the terminal when --debug is in effect since they were silently caught in the generic exception handler. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [archive] Dont copystat /sys and /proc pathsPavel Moravec2018-08-231-6/+7
| | | | | | | | | Stop copying extended attributes of files under /sys and /proc that can raise SELinux denials on that attempt. Resolves: #1399 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [block] collect luksDump for all encrypted devicesPavel Moravec2018-08-231-0/+22
| | | | | | | | Call "cryptsetup luksDump /dev/sd*" for all encrypted devices Resolves: #1390 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [plugins] Add plugin for gssproxyRobbie Harwood2018-08-231-0/+28
| | | | | | | | | | | gssproxy stores its configuration in /etc/gssproxy. Also capture the mech configuration so that we can tell if gssproxy is enabled and any other GSS mechs in use. Resolves: #1386 Signed-off-by: Robbie Harwood <rharwood@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [krb5] Add more files to krb5 pluginRobbie Harwood2018-08-231-4/+22
| | | | | | | | | | | | | | | | Add files for KDC configuration and logging, including kadmin files and a klist of the K/M stash. Gather any additional configuration snippet files in /etc/krb5.conf.d (which is configured by default on Fedora- and RHEL-like systems, and hopefully on Debian systems in the future). The sssd plugin already takes care of /var/lib/sss/pubconf/krb5.include.d/, so don't include that. Resolves: #1385 Signed-off-by: Robbie Harwood <rharwood@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [origin] Collect statistics informationJake Hunsaker2018-08-161-6/+20
| | | | | | | | | Adds collection of 'oc adm top' output for images and imagestreams. Resolves: #1165 Closes: #1383 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [kubernetes] Correct config option syntaxJake Hunsaker2018-08-161-1/+1
| | | | | | | | Versions of kubernetes after 1.5 use --kubeconfig instead of --config to specify a configuration file to use for kubectl commands. Update the kubernetes plugin to use the proper syntax. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [kubernetes|etcd] Support OpenShift 3.10 deploymentsJake Hunsaker2018-08-162-76/+83
| | | | | | | | | The 3.10 version of OCP changes the deployment configurations for etcd and kubernetes components, and additionally changes the way the etcdctl command is called when running in a static pod. Update these plugins to support this new deployment style. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [policies] enable RHOSP preset by presence of rhosp-release packagePavel Moravec2018-08-101-0/+2
| | | | | | Resolves: #1395 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [policies] RHOSP preset with -k process.lsof=offPavel Moravec2018-08-101-1/+3
| | | | | | | | Make lsof calls on OSP systems disabled by default. Relevant to: #1395 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [process] make lsof execution optionalPavel Moravec2018-08-101-2/+4
| | | | | | | | | | | Make calling of lsof command optional (but enabled by default). Also remove "collect lsof-threads when --all-logs" as all-logs has nothing in common. Resolves: #1394 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [policies] sanitize report labelPavel Moravec2018-08-101-6/+3
| | | | | | | | | similarly like we sanitize case id, we should sanitize report label to e.g. exclude spaces from final tarball name. Resolves: #1389 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [rhv_analyzer] make naming consistentBryn M. Reeves2018-08-101-2/+2
| | | | | | Closes: #1380. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [rhv-log-collector-analyzer] Add new plugin for RHVDouglas Schilling Landgraf2018-08-101-0/+40
| | | | | | | | | | This commit adds the plugin rhv-log-collector-analyzer, it will collect: - Output of rhv-log-collector-analyer --json - Generated HTML file from --live Signed-off-by: Douglas Schilling Landgraf <dougsland@redhat.com>
* [apparmor,ceph] fix typo in add_forbidden_pathPavel Moravec2018-08-092-2/+2
| | | | | | | | commit 29a40b7 removed leading '/' from two forbidden paths Resolves: #1388 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [rhui] Fix detection of CDS for RHUI3Pavel Moravec2018-07-121-1/+5
| | | | | | | | | | Detection of CDS node on RHUI 3 cant rely on deprecated pulp-cds package but rather on rhui-mirrorlist one. Resolves: #1375 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [archive] fix stat typoBryan Quigley2018-07-121-4/+4
| | | | | | | | | | | They're just missing the S_ in front of them so if that code gets reached it fails. Fixes: #1373 Resolves: #1374 Signed-off-by: Bryan Quigley <bryan.quigley@canonical.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>