| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
The most basic config file also matters :)
Resolves: #1778
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Simplify the methods for substituting file and command certificate
data, and add a "desc" keyword argument allowing plugins to add a
description of the data that was removed.
Related: #1690
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a new do_file_private_sub() method to the Plugin class to
allow for easy, and standardized scrubbing of private data such as
certificates or key pairs from files collected by sos, in much the same
way that do_cmd_private_sub() provides that functionality for command
output.
This method only takes a path or path regex representing the
filename/pattern to match against. Matches are replaced with
"-----SCRUBBED $thing" where $thing is the specific type of content
being replaced as provided in the collected file content. For example, a
private key would be replaced with "-----SCRUBBED RSA PRIVATE KEY-----".
This is done so that support representatives can still know the type of
information that was collected, without knowing the actual sensitive
content.
Resolves: #1690
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
When get_tables_from_schema method returns None (i.e. due to a
parsing error or missing config file), add_database_output tries
to iterate over None object, what raises an exception.
Resolves: #1808
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds password scrubbing for autofs maps.
Before patch:
/etc/auto.test:test -fstype=cifs,username=test,password=passwd,test-opt /mnt
After patch:
/etc/auto.test:test -fstype=cifs,username=test,password=******,test-opt /mnt
Resolves: #1809
Signed-off-by: Rohan Sable <rohanjsable@yahoo.com>
|
|
|
|
|
|
|
|
|
|
| |
Avoid reading the entire report archive into memory to calculate
the archive digest: instead, read 1MiB at a time and update the
in-memory checksum.
Related: #1317, #1777
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patches attempts to address the Memory Error exception thrown
by sosreport when it attempts to compress the sosreport file.
An example of the backtrace thrown is the following:
Creating compressed archive...
[archive:TarFileArchive] An error occurred compressing the archive: [Errno 12] Cannot allocate memory
Traceback (most recent call last):
File "/usr/sbin/sosreport", line 25, in <module>
main(sys.argv[1:])
File "/usr/lib/python2.7/site-packages/sos/sosreport.py", line 1637, in main
sos.execute()
File "/usr/lib/python2.7/site-packages/sos/sosreport.py", line 1616, in execute
return self.final_work()
File "/usr/lib/python2.7/site-packages/sos/sosreport.py", line 1529, in final_work
checksum = self._create_checksum(archive, hash_name)
File "/usr/lib/python2.7/site-packages/sos/sosreport.py", line 1469, in _create_checksum
digest.update(archive_fp.read())
MemoryError
Closes: #1317
Resolves: #1777
Signed-off-by: Jose Castillo <jose.mfcastillo@gmail.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Enable the plugin also by presence of either service, and collect
journal logs of the services.
Resolves: #1776
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Spacewalk has and rhn has been replaced in favour of
foreman/katello/candlepin/pulp. Currently the only usage of the plugin
is on Satellite5 on RHEL6 and nowhere else. Other distros dont use it,
spacewalk upstream does not use sosreport, so the removal wont affect anybody.
And last but not least, the plugin name is confusing as it has nothing
in common with Satellite6.
Resolves: #1775
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
mrggrid was used for Condor / HTCondor but it hasn't been used for years.
mrgmessg was meant for qpid C++ broker, what is covered by qpid plugin.
Resolves: #1774
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
|
|
|
|
|
|
|
|
| |
As /run being the default runtime directory for units, we should
methodically generate statedumps to /run instead of /var/run.
Resolves: #1773
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Traversing statedump dir for statedump files must skip
subdirectories (where the dump files won't appear).
Resolves: #1812
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
|
|
|
|
|
|
|
| |
Closes: #1771
Resolves: #1772
Signed-off-by: Chris Johnston <chris.johnston@canonical.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
lastlog by default reports all users regardless of their UID
and doesn't give any hints about UID.
In some context, such as users obfuscation inside SOSCleaner, it is
useful to know which users are part of which UID range so that we
can then decide if this need to be obfuscated or not.
Splitting the file by UID range will highly benefit SOSCleaner
but I'm sure it could benefit other purposes as well.
Reserves for dynamically allocated system users and groups.
"lastlog -u 0-999"
Min/max values for automatic uid selection in useradd.
"lastlog -u 1000-60000",
Centrally and statically allocates users and groups.
"lastlog -u 60001-65536"
Further reservations.
"lastlog -u 65537-4294967295"
https://en.wikipedia.org/wiki/User_identifier
"The majority of modern Unix-like systems (e.g., Solaris-2.0 in 1990,
Linux 2.4 in 2001) have switched to 32-bit UIDs, allowing 4,294,967,296
(232) unique IDs."
Closes: #1743
Resolves: #1770
Signed-off-by: Eric Desrochers <eric.desrochers@canonical.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- It'd be helpful to collect the database version
used by the deployment for debug.
- The password protection regex did not include all the
plaintext password configuration options.
- Add support to collect package versions for the verify mode
of report collection.
Resolves: #1759
Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
This adds a plugin for Nginx, a web server which can also be used as a
reverse proxy, load balancer, mail proxy and HTTP cache.
Resolves: #1735
Signed-off-by: Mikel Olasagasti Uranga <mikel@olasagasti.info>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
regiond.conf file contains the password used to connect to maas
database, this change will remove it from the generated output.
Resolves: #1734
Signed-off-by: Felipe Reyes <felipe.reyes@canonical.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The "libreswan" package is replacing "openswan" in many distributions.
This plugin is replacing the original "openswan" plugin that it is
based on.
This plugin will now run for both "libreswan" and "openswan" packages,
or when the configuration file "/etc/ipsec.conf" is present.
Data collected now include configuration, current status, XFRM policy
and state, XFRM statistics, basic information about certificates and
the NSS database.
No private data (keys, certificates, secrets) are collected, authenti-
cation and encryption keys are removed from the output of
"ip xfrm state", and also from "ipsec barf" when running with the
"ipsec-barf" option set.
Resolves: #1733
Signed-off-by: Stepan Broz <sbroz@redhat.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Add json-pretty output for most of the useful commands
for easier consumption by Automation tools
Resolves: #1726
Signed-off-by: Robin Cernin rcerninr@redhat.com
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Updates the plugin to don't collect trace file by default. Collecting
trace file may take a lot of time, so trace file is not collected
by default, and use the new plug-in option when collecting.
Original author: MIZUTA Takeshi <mizuta.takeshi@fujitsu.com>
Closes: #1688
Resolves: #1800
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
forbidden_path is evaluated on partial-match.
However, it will be correct to evaluate on exact-match.
Closes: #1692
Resolves: #1695
Signed-off-by: MIZUTA Takeshi <mizuta.takeshi@fujitsu.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Usefull to identify e.g. swapiness of individual processes.
Must be enabled via -k process.smaps.
Resolves: #1725
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
wchan column is now truncated because there are many columns.
It is impossible to distinguish the symbol name if there are many
similar symbol names. Therefore, specify wchan size.
In this commit, we choose 20 for the wchan size but there could be
better value. Let's change this if it turns out that in the future.
Example: here is an output of ps command when plymouthd process
got hanged:
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
5 0 159 1 20 0 44644 1696 n_tty_ S ? 0:04 /bin/plymouthd --attach-to-session
The prefix n_tty_ is used in tty device driver of linux kernel
as follows:
struct tty_ldisc_ops tty_ldisc_N_TTY = {
.magic = TTY_LDISC_MAGIC,
.name = "n_tty",
.open = n_tty_open,
.close = n_tty_close,
.flush_buffer = n_tty_flush_buffer,
.chars_in_buffer = n_tty_chars_in_buffer,
.read = n_tty_read,
.write = n_tty_write,
.ioctl = n_tty_ioctl,
.set_termios = n_tty_set_termios,
.poll = n_tty_poll,
.receive_buf = n_tty_receive_buf,
.write_wakeup = n_tty_write_wakeup,
.fasync = n_tty_fasync,
};
As you can see, it is impossible to find the symbol name of the
kernel function where plymouthd process slept from n_tty_.
Resolves: #1722
Signed-off-by: Tomofumi Yoshida <yoshida.tomo@fujitsu.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the FreeIPA 4.7.0 release, httpd moved from mod_nss to mod_ssl. As a
result the httpd X.509 certificate is now no longer stored in NSS DB but as
plain PEM text file: /var/lib/ipa/certs/httpd.crt. The plugin needs to copy
this file into the sos archive.
Closes: #1715
Resolves: #1716
Signed-off-by: Thorsten Scherf <tscherf@redhat.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
| |
List bpf program attachments in the kernel networking subsystem.
Resolves: #1712
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
|
|
|
|
|
|
| |
Resolves: #1708
Signed-off-by: William Bradford Clark <wclark@redhat.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Capture list of all OVS interfaces
Capture detailed information about OVS Bridges
Resolves: #1698
Signed-off-by: Robin Cernin rcernin@redhat.com
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a new plugin for obtaining GPU information from nvidia cards with
the nvidia-smi utility.
Fixes: #1685
Resolves: #1697
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Enable proper collection for LXD 3.0.X, while
staying backward compatible with LXD 2.0.X which can still
be used with Xenial/16.04 LTS only.
Resolves: #1659
Signed-off-by: Eric Desrochers eric.desrochers@canonical.com
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
| |
Related: #1667
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
| |
Related: #1667
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
| |
Related: #1667
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
| |
Related: #1667
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
| |
Related: #1667
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a method to Plugin() to allow plugins to capture service status
information based on a policy-defined InitSystem() to use. This will
allow plugins to not need to account for host installation when trying
to collect service information, such as from 'systemctl status'
commands.
Resolves: #1667
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
'apachectl -t' (AKA configtest) parse the configuration files
and report information about particular syntax error.
'systemctl status <service>' show runtime status information
about apache unit.
Resolves: #1658
Signed-off-by: Eric Desrochers eric.desrochers@canonical.com
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Enable Ubuntu kubectl command, delivered as a SNAP,
on any k8s nodes using CDK installation.
CDK stands for Charmed Distribution of Kubernetes.
Signed-off-by: Eric Desrochers <eric.desrochers@canonical.com>
|
|
|
|
|
|
|
|
|
|
| |
Adds a new plugin for cloud-init.
Fixes: #1584
Resolves: #1630
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the addition of predicates, there is the very real possibility that
plugins can end up gating multiple add_cmd_output() or similar calls
around the same predicate, such as service enablement.
Previously, this meant every single check of the predicate resulted in a
new InitSystem._query_service() call was made. Now, we only call
_query_service() once and save the results, since status is unlikely to
change during the course of plugin execution.
Resolves: #1629
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prior to this patch, ovn_host was disabled on containerized
setups due to the fact that ovn-controller package is not
installed in the host.
This patch fixes it by checking if the ovn-controller process
is running.
Resolves: #1767
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is adding support in ovn_central plugin to containerized
setups.
Now it's detecting if the OVN central services are running in
container and execute the relevant commands inside it. The support
covers both podman and docker runtimes.
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
|
|
|
|
|
| |
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
|
|
| |
This patch is adding 'show' commands for both OVN
NorthBound and SouthBound databases.
Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
|
|
|
| |
And make sos.spec up to date.
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
|
|
|
|
|
| |
Fix pep8 issues from increasing indentation.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Until now, we didn't have a central plugin for collecting
service container logs. Each service was managing its own
things, and this lead to missing log files in the past.
Ensuring we fetch the content of /var/log/containers on its
own ensures we won't forget to add possible new directories,
like the "stdouts" we recently added in OpenStack in order
to get the container STDOUT written on the disk.
Therefore, this commit does 2 main things:
- cleanup all the /var/logs/containers custom copy
- create a central plugin that takes care of this location on
its own. It's active by default and ensure the location
actually exists.
Resolves: #1668
Signed-off-by: Cédric Jeanneret <cjeanner@redhat.com>
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Running any ipvsadm command can cause the kernel to autoload the
ip_vs module. So only run ipvsadm commands if the ip_vs kernel module
is found to already be loaded on the system.
Resolves: #1634
Signed-off-by: Patrick Talbert <ptalbert@redhat.com>
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
|
|
|
|
|
|
| |
Resolves: #1686
Signed-off-by: Eelco Chaudron <echaudro@redhat.com>
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Add addtional commands to ceph plugin.
Resolves: #1694
Signed-off-by: Ashish Singh <assingh@redhat.com>
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A number of openstack plugins were calling 'rpm -V' against their own
package lists as part of their setup() method when the --verify option
is given to sos. This is already done in normal plugin execution, so
there is no need to duplicate the calls.
This change removes these calls from the openstack plugins.
Resolves: #1696
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|