aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #187 from FlaPer87/issue/182Bryn M. Reeves2013-09-072-15/+54
|\ | | | | Split Glance out of openstack's plugin
| * Split Glance out of openstack's plugin. #182Flaper Fesp2013-09-072-15/+54
| | | | | | | | Signed-off-by: Flavio Percoco <flaper87@gmail.com>
* | Merge pull request #194 from wenjianhn/import-sysAdam Stokes2013-09-041-0/+1
|\ \ | |/ |/| import sys - Module sys is used but it is not imported.
| * import sysJian Wen2013-09-041-0/+1
|/ | | | Module sys is used but not imported.
* Make semange use stdout instead of output pathBryn M. Reeves2013-08-221-2/+1
| | | | | | | | | | The semanage tool fails to write to a path within the temporary report tree on some distributions due to an SELinux AVC denial. Force the command to write data to stdout instead by passing '-o -'. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Add Plugin method to build command output pathsBryn M. Reeves2013-08-212-6/+15
| | | | | | | | | | | | | Add a convenience method to construct an absolute path for command output from a relative path or file name. This can be used for e.g. to pass an output path to an external program that produces output at a named path rather than on stdout and can be used internally by the Plugin.make_cmd_dirs() method. Convert the SELinux plug-in to use the new method when passing output paths to the semanage command. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Add Plugin method to create new command output directoriesBryn M. Reeves2013-08-211-0/+5
| | | | | | | | | | | | Some plug-ins want to store command output in subdirectories of their 'sos_commands/<plugin>/' directory. Currently there are various hand-rolled methods to build this in different plug-ins. Add a single method to the base Plugin class that builds the correct path string and recursively creates the directories via os.makedirs() in a single step. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Rename Plugin.get_cmd_dir() to get_cmd_path()Bryn M. Reeves2013-08-216-9/+9
| | | | | | | | | | The method to retrieve the path into which a plug-in's collected command output returns a path as a string rather than a directory object. Make this clear by renaming the method to 'get_cmd_path()'. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Add ausearch and semange customisations to SELinux plug-inBryn M. Reeves2013-08-211-0/+5
| | | | Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Add crm_report support to cluster plug-inBryn M. Reeves2013-08-141-0/+3
| | | | | | | | | | Recent cluster stacks using the pacemaker stack include a crm_report script to generate debugging information for the cluster. Call it in single-node mode in the cluster module. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Remove legacy system support from cluster plug-inBryn M. Reeves2013-08-141-71/+29
| | | | | | | | | | | The cluster plug-in attempted to support three prior generations of cluster components in a single plug-in. These will never be required today since all current versions where sos-3.x would be used are all using much later packages. Remove this code and simplify the overall plug-in organisation. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Remove obsolete checks and exception handling from s390 plug-inBryn M. Reeves2013-08-141-7/+3
| | | | | | | | | | | | The s390 plug-in has some strange checks on the distribution version before collecting a couple of s390-specific commands. The entire code block is also wrapped in try/except. Remove this: all add_cmd_output() succeed without exceptions even if the command does not exist or cannot be run. The exception handling also does nothing useful. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Do not attempt to read use-gss-proxy file in procfsBryn M. Reeves2013-08-141-0/+2
| | | | | | | | | | | | | | The networking plug-in scoops up /proc/net. There are some pseudo- files in here that we should avoid touching. These either have side-effects or hang the reading process. Add a forbidden path for the /proc/net/rpc/*/{channel,flush} files as these will cause side-effects for RPC applications running on the host. Forward port of commit 61585d4 on rhel-6 branch. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Do not attempt to read use-gss-proxy file in procfsBryn M. Reeves2013-08-141-0/+1
| | | | | | | | | | The networking plug-in scoops up /proc/net. There are some pseudo- files in here that we should avoid touching. These either have side-effects or hang the reading process. Add a forbidden path for the /proc/net/rpc/use-gss-proxy file. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Add new patterns to the RPM plug-in verify listBryn M. Reeves2013-08-131-1/+7
| | | | Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Collect saved vmcore-dmesg.txt files in kdump plug-inBryn M. Reeves2013-08-131-3/+5
| | | | | | | | | Recent versions of kexec-utils automatically generate a text file containing the dmesg buffer of the captured vmcore. This is useful for first-fault debugging and should be included. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Make 'ipsec barf' collection non-default in openswan plug-inBryn M. Reeves2013-08-131-1/+5
| | | | | | | | | | | | | The 'ipsec barf' debugging command has a nasty bug where it runs grep on /var/log/lastlog. Since this can be a multi-gigabyte sparse file this doesn't work very well and consumes huge amounts of memory. This can lead to timeouts and aborts when running sos since the openswan plug-in calls this command by default. The barf information is seldom useful anyway - turn it off by default to avoid this problem. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Add pam_ldap.conf collection to ldap plug-inBryn M. Reeves2013-08-131-4/+9
| | | | | | | Add the pam_ldap.conf file to the data collected by the ldap plug-in and tidy up substitution strings for this plug-in. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Improve readability of add_copy_specs() usage in ldap.pyBryn M. Reeves2013-08-131-3/+10
| | | | | | | Use multi-line style for add_copy_specs() invocations in the ldap plug-in per the recommendations in Issue #173. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Rationalise lvm2 plug-in lvmdump optionsBryn M. Reeves2013-08-131-7/+11
| | | | | | | | | | | The lvm2 lvmdump options were a bit crazy, allowing the user to specify a default ('lvmdump'), or an advanced collection ('lvmdump-a') but not the raw metadata ('-m') option which is often useful for support purposes. Replace 'lvmdump-a' with 'lvmdump-am' to collect both. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Make lvm2 plugin lvmdump option collect metadataBryn M. Reeves2013-08-131-2/+2
| | | | | | | | | | The lvmdump-a option currently collects 'advanced' data but not raw metadata. Since it's off by default and the metadata is often of interest in support cases rename the option to lvmdump-am and have it also pass the '-m' (raw metadata) option to the lvmdump script. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Collect /var/log/squid in squid plug-inBryn M. Reeves2013-08-121-1/+2
| | | | Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Add file substitution rule for openhpiclient.confBryn M. Reeves2013-08-121-0/+3
| | | | Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Add new plug-in to gather OpenHPI configurationBryn M. Reeves2013-08-121-0/+34
| | | | | | | | | New plug-in to collect OpenHPI configuration files. These files may contain passwords; a regex substitution rule has been added based on information from the reporter but this needs testing with a range of actual configuration files. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Collect /proc/self/mountstats and /proc/self/mountinfoBryn M. Reeves2013-08-121-0/+2
| | | | Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Update utilities_tests.pyAdam Stokes2013-08-091-2/+2
| | | Update unittests to reflect 4a594b6dce129f8d9837c0d93768576badf2b2b7
* Strip trailing newline from command outputBryn M. Reeves2013-08-061-0/+2
| | | | | | | | This commit brings sos-3.x behaviour into line with earlier releases and produces captured command output that is consistent with typical shell redirection use. Resolves: bz971420
* Do not collect krb5.keytabBryn M. Reeves2013-08-012-4/+2
| | | | | | | | | | | | Avoid collecting kerberos keytabs to prevent unintended information disclosures. Instead retrieve a list using the klist command. Also remove the duplicative collection of this information from the ipa plug-in (which should only be collecting non-system keytabs that are specific to the IPA tools). Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Split kerberos data collection into separate plug-inBryn M. Reeves2013-08-012-17/+31
| | | | | | | | | The krb5 data collection in the samba plug-in is misplaced. Since this is collecting information about the system keytab move it to its own plug-in that can be activated on any kerberos enabled system. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Merge pull request #178 from battlemidget/patch-debian-updatesAdam Stokes2013-07-313-1/+14
|\ | | | | Update debian changelog and watch file
| * Merge branch 'master' into patch-debian-updatesAdam Stokes2013-07-313-5/+18
| |\ | |/ |/|
* | Add restricted rpm verifyBryn M. Reeves2013-07-301-0/+8
| | | | | | | | | | | | | | | | | | | | | | Add a default call to rpm -V/--verify for a targeted subset of packages. This greatly reduces the time taken relative to rpm -Va while still capturing important diagnostic information. In future this capability could be made a feature of the PackageManager class interface and available to all ports/modules. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* | Restrict wbinfo collection to the current domain.Bryn M. Reeves2013-07-301-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The samba module calls the wbinfo command to collect user and group information. This by default will search all domains to which the host has access. In a large AD environment with a number of trusted domains this causes the winbindd process to consume excessive CPU and memory resources. The Samba developers have commented that fixing this would require a complete rewrite of the winbind protocol and wbinfo client. Since listing out the _entire_ set of visible users is unlikely to be of any use anyway pass the --domain='.' option to restrict the search to the current domain of the system. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* | Update README.mdAdam Stokes2013-07-291-3/+8
| | | | | | Now that sosreport is in Debian unstable and Ubuntu 13.10 update the readme to reflect a more 'official' way to install this application
| * add additional information into changelog update watch file to point to latestAdam Stokes2013-07-262-1/+11
| | | | | | | | | | | | release. Signed-off-by: Adam Stokes <adam.stokes@ubuntu.com>
| * Add watch file and closes bugAdam Stokes2013-07-263-1/+4
|/ | | | Signed-off-by: Adam Stokes <adam.stokes@ubuntu.com>
* Merge pull request #177 from battlemidget/feature-distutils-3Adam Stokes2013-07-2610-10/+127
|\ | | | | Add support for distutils
| * Add support for distutilsAdam Stokes2013-07-2610-10/+127
|/ | | | | | | | | | - We are planning on moving to python distutils for future packaging however, we still want to keep our current build infrastructure around until we are able to test the builds overtime. For now distutils will live alongside the current build process and slowly replace the Makefiles once deemed fit. Signed-off-by: Adam Stokes <adam.stokes@ubuntu.com>
* Correct sources URL in sos.specBryn M. Reeves2013-07-261-1/+1
| | | | | | | | | | The release URL has been temporarily moved to people.redhat.com until we can find a way to make a good release infrastructure with github (tarball names are nasty - other projects seem to host their releases on fedorahosted which is what I'm looking into for this). Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Merge pull request #175 from battlemidget/patch-debian-fixesAdam Stokes2013-07-256-2/+42
|\ | | | | Patch debian fixes
| * Merge branch 'master' into patch-debian-fixesAdam Stokes2013-07-258-148/+258
| |\ | |/ |/|
* | Merge pull request #174 from sosreport/patch-fix-unittestsAdam Stokes2013-07-253-64/+69
|\ \ | | | | | | Correct archive unittests and pep8 conformity in archive class
| * | Correct archive unittests and pep8 conformity in archive classAdam Stokes2013-07-253-64/+69
|/ / | | | | | | Signed-off-by: Adam Stokes <adam.stokes@ubuntu.com>
* | Fix add_copy_specs(string) bugs in openstack.pyBryn M. Reeves2013-07-251-7/+9
| | | | | | | | | | | | | | | | | | | | | | OpenStack was full of the add_copy_specs(string) anti-pattern. While we should address this properly these instances all need fixing to avoid collecting the whole file system. They should also have been tested before being put forward as a pull request. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* | Delete bogus dist checks from RedHatOpenStackBryn M. Reeves2013-07-251-5/+0
| | | | | | | | | | | | | | | | We already know we are running on RHEL or Fedora if we are executing a plug-in class tagged with RedHatPlugin. Do not check for /etc/*-release. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* | Fix broken binary checks in openstack.pyBryn M. Reeves2013-07-251-33/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The OpenStack plug-in attempts to check for the presence of binaries before running them. To do this it passes a relative path to os.path.exists(); clearly this will never succeed. Ideally plug-ins should never need to do these checks. If the binary exists we'll run it and if not we won't (with no harmful side-effects). This is how sos is currently designed and if there is a need for plug-ins to ever do this we should add a method to the base plug-in class e.g. Plugin.find_command() to do this properly (i.e. evaluating the policy-supplied PATH). For now, just make all of this unconditional. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* | Fix API usage in openstack plug-inBryn M. Reeves2013-07-251-1/+1
| | | | | | | | | | | | | | | | One call in openstack.py used the old addCopySpecs() method. This will fail with current sos-3.x code. Update it to use the new add_copy_specs() method instead. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* | Merge pull request #168 from jnpkrn/patch-luciBryn M. Reeves2013-07-251-2/+5
|\ \ | | | | | | cluster plugin: restrictions wrt. luci
| * | cluster plugin: restrict data collected for luciJan Pokorný2013-07-201-2/+3
| | | | | | | | | | | | | | | | | | | | | Notably, avoid server cert being added. On the other hand, allow collection of rotated log files for luci. Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
| * | cluster plugin: add obfuscation of luci secretsJan Pokorný2013-07-181-0/+2
| | | | | | | | | | | | Signed-off-by: Jan Pokorný <jpokorny@redhat.com>