aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* [virtwho] collect /etc/virt-who.confPavel Moravec2019-10-081-2/+3
| | | | | | | | The most basic config file also matters :) Resolves: #1778 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [Plugin] simplify file and command cert substitution methodsBryn M. Reeves2019-10-081-41/+24
| | | | | | | | | | Simplify the methods for substituting file and command certificate data, and add a "desc" keyword argument allowing plugins to add a description of the data that was removed. Related: #1690 Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [Plugin] Add method to scrub certs/keys from collected filesJake Hunsaker2019-10-081-0/+29
| | | | | | | | | | | | | | | | | | | | | | | This adds a new do_file_private_sub() method to the Plugin class to allow for easy, and standardized scrubbing of private data such as certificates or key pairs from files collected by sos, in much the same way that do_cmd_private_sub() provides that functionality for command output. This method only takes a path or path regex representing the filename/pattern to match against. Matches are replaced with "-----SCRUBBED $thing" where $thing is the specific type of content being replaced as provided in the collected file content. For example, a private key would be replaced with "-----SCRUBBED RSA PRIVATE KEY-----". This is done so that support representatives can still know the type of information that was collected, without knowing the actual sensitive content. Resolves: #1690 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [ovn_central] dont add db outputs when no table is found in schemaPavel Moravec2019-10-031-0/+2
| | | | | | | | | | When get_tables_from_schema method returns None (i.e. due to a parsing error or missing config file), add_database_output tries to iterate over None object, what raises an exception. Resolves: #1808 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [autofs]: obfuscate password in autofs maps.Rohan Sable2019-10-031-0/+7
| | | | | | | | | | | | | | This patch adds password scrubbing for autofs maps. Before patch: /etc/auto.test:test -fstype=cifs,username=test,password=passwd,test-opt /mnt After patch: /etc/auto.test:test -fstype=cifs,username=test,password=******,test-opt /mnt Resolves: #1809 Signed-off-by: Rohan Sable <rohanjsable@yahoo.com>
* [sosreport] calculate report digest incrementallyBryn M. Reeves2019-10-031-1/+6
| | | | | | | | | | Avoid reading the entire report archive into memory to calculate the archive digest: instead, read 1MiB at a time and update the in-memory checksum. Related: #1317, #1777 Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [sosreport] Fix unhandled Out of Memory exceptionJose Castillo2019-10-031-4/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | This patches attempts to address the Memory Error exception thrown by sosreport when it attempts to compress the sosreport file. An example of the backtrace thrown is the following: Creating compressed archive... [archive:TarFileArchive] An error occurred compressing the archive: [Errno 12] Cannot allocate memory Traceback (most recent call last): File "/usr/sbin/sosreport", line 25, in <module> main(sys.argv[1:]) File "/usr/lib/python2.7/site-packages/sos/sosreport.py", line 1637, in main sos.execute() File "/usr/lib/python2.7/site-packages/sos/sosreport.py", line 1616, in execute return self.final_work() File "/usr/lib/python2.7/site-packages/sos/sosreport.py", line 1529, in final_work checksum = self._create_checksum(archive, hash_name) File "/usr/lib/python2.7/site-packages/sos/sosreport.py", line 1469, in _create_checksum digest.update(archive_fp.read()) MemoryError Closes: #1317 Resolves: #1777 Signed-off-by: Jose Castillo <jose.mfcastillo@gmail.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [ceph] collect journal logs for ceph servicesPavel Moravec2019-10-031-0/+12
| | | | | | | | | Enable the plugin also by presence of either service, and collect journal logs of the services. Resolves: #1776 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [satellite] remove plugin for spacewalkPavel Moravec2019-10-031-77/+0
| | | | | | | | | | | | | | Spacewalk has and rhn has been replaced in favour of foreman/katello/candlepin/pulp. Currently the only usage of the plugin is on Satellite5 on RHEL6 and nowhere else. Other distros dont use it, spacewalk upstream does not use sosreport, so the removal wont affect anybody. And last but not least, the plugin name is confusing as it has nothing in common with Satellite6. Resolves: #1775 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [mrggrid,mrgmessg] remove obsolete pluginsPavel Moravec2019-10-032-51/+0
| | | | | | | | | | mrggrid was used for Condor / HTCondor but it hasn't been used for years. mrgmessg was meant for qpid C++ broker, what is covered by qpid plugin. Resolves: #1774 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [gluster] collect statedumps from /run directlyPavel Moravec2019-10-031-1/+1
| | | | | | | | | As /run being the default runtime directory for units, we should methodically generate statedumps to /run instead of /var/run. Resolves: #1773 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [gluster] process files only from a statedump dirPavel Moravec2019-10-021-1/+3
| | | | | | | | | Traversing statedump dir for statedump files must skip subdirectories (where the dump files won't appear). Resolves: #1812 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [grafana] Updates Grafana plugin to work on Debian and Ubuntu.Chris Johnston2019-10-011-3/+3
| | | | | | | | Closes: #1771 Resolves: #1772 Signed-off-by: Chris Johnston <chris.johnston@canonical.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [last] split lastlog per UID rangesEric Desrochers2019-10-011-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | lastlog by default reports all users regardless of their UID and doesn't give any hints about UID. In some context, such as users obfuscation inside SOSCleaner, it is useful to know which users are part of which UID range so that we can then decide if this need to be obfuscated or not. Splitting the file by UID range will highly benefit SOSCleaner but I'm sure it could benefit other purposes as well. Reserves for dynamically allocated system users and groups. "lastlog -u 0-999" Min/max values for automatic uid selection in useradd. "lastlog -u 1000-60000", Centrally and statically allocates users and groups. "lastlog -u 60001-65536" Further reservations. "lastlog -u 65537-4294967295" https://en.wikipedia.org/wiki/User_identifier "The majority of modern Unix-like systems (e.g., Solaris-2.0 in 1990, Linux 2.4 in 2001) have switched to 32-bit UIDs, allowing 4,294,967,296 (232) unique IDs." Closes: #1743 Resolves: #1770 Signed-off-by: Eric Desrochers <eric.desrochers@canonical.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [openstack_manila] Collect db version and protect passwordsGoutham Pacha Ravi2019-10-011-6/+18
| | | | | | | | | | | | | | - It'd be helpful to collect the database version used by the deployment for debug. - The password protection regex did not include all the plaintext password configuration options. - Add support to collect package versions for the verify mode of report collection. Resolves: #1759 Signed-off-by: Goutham Pacha Ravi <gouthampravi@gmail.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [nginx] add new pluginMikel Olasagasti Uranga2019-10-011-0/+39
| | | | | | | | | | This adds a plugin for Nginx, a web server which can also be used as a reverse proxy, load balancer, mail proxy and HTTP cache. Resolves: #1735 Signed-off-by: Mikel Olasagasti Uranga <mikel@olasagasti.info> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [maas] obfuscate database passwordFelipe Reyes2019-10-011-0/+5
| | | | | | | | | | regiond.conf file contains the password used to connect to maas database, this change will remove it from the generated output. Resolves: #1734 Signed-off-by: Felipe Reyes <felipe.reyes@canonical.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [libreswan] New plugin for "libreswan" IPsecStepan Broz2019-10-011-7/+30
| | | | | | | | | | | | | | | | | | | | | | | The "libreswan" package is replacing "openswan" in many distributions. This plugin is replacing the original "openswan" plugin that it is based on. This plugin will now run for both "libreswan" and "openswan" packages, or when the configuration file "/etc/ipsec.conf" is present. Data collected now include configuration, current status, XFRM policy and state, XFRM statistics, basic information about certificates and the NSS database. No private data (keys, certificates, secrets) are collected, authenti- cation and encryption keys are removed from the output of "ip xfrm state", and also from "ipsec barf" when running with the "ipsec-barf" option set. Resolves: #1733 Signed-off-by: Stepan Broz <sbroz@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [ceph] Ceph commands output enhancementDaniel Alvarez2019-10-011-13/+27
| | | | | | | | | | Add json-pretty output for most of the useful commands for easier consumption by Automation tools Resolves: #1726 Signed-off-by: Robin Cernin rcerninr@redhat.com Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [kernel] Don't collect trace file by defaultPavel Moravec2019-10-011-1/+5
| | | | | | | | | | | | | | Updates the plugin to don't collect trace file by default. Collecting trace file may take a lot of time, so trace file is not collected by default, and use the new plug-in option when collecting. Original author: MIZUTA Takeshi <mizuta.takeshi@fujitsu.com> Closes: #1688 Resolves: #1800 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [plugins] Change forbidden_path from partial-match to exact-matchMIZUTA Takeshi2019-10-011-1/+1
| | | | | | | | | | | forbidden_path is evaluated on partial-match. However, it will be correct to evaluate on exact-match. Closes: #1692 Resolves: #1695 Signed-off-by: MIZUTA Takeshi <mizuta.takeshi@fujitsu.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [process] collect /proc/[0-9]*/smaps via process.smaps .optionPavel Moravec2019-09-271-1/+5
| | | | | | | | | | | Usefull to identify e.g. swapiness of individual processes. Must be enabled via -k process.smaps. Resolves: #1725 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [process] Specify 20 for wchan lengthTomofumi Yoshida2019-09-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | wchan column is now truncated because there are many columns. It is impossible to distinguish the symbol name if there are many similar symbol names. Therefore, specify wchan size. In this commit, we choose 20 for the wchan size but there could be better value. Let's change this if it turns out that in the future. Example: here is an output of ps command when plymouthd process got hanged: F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND 5 0 159 1 20 0 44644 1696 n_tty_ S ? 0:04 /bin/plymouthd --attach-to-session The prefix n_tty_ is used in tty device driver of linux kernel as follows: struct tty_ldisc_ops tty_ldisc_N_TTY = { .magic = TTY_LDISC_MAGIC, .name = "n_tty", .open = n_tty_open, .close = n_tty_close, .flush_buffer = n_tty_flush_buffer, .chars_in_buffer = n_tty_chars_in_buffer, .read = n_tty_read, .write = n_tty_write, .ioctl = n_tty_ioctl, .set_termios = n_tty_set_termios, .poll = n_tty_poll, .receive_buf = n_tty_receive_buf, .write_wakeup = n_tty_write_wakeup, .fasync = n_tty_fasync, }; As you can see, it is impossible to find the symbol name of the kernel function where plymouthd process slept from n_tty_. Resolves: #1722 Signed-off-by: Tomofumi Yoshida <yoshida.tomo@fujitsu.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [ipa] copy httpd cert from new locationThorsten Scherf2019-09-271-0/+1
| | | | | | | | | | | | | With the FreeIPA 4.7.0 release, httpd moved from mod_nss to mod_ssl. As a result the httpd X.509 certificate is now no longer stored in NSS DB but as plain PEM text file: /var/lib/ipa/certs/httpd.crt. The plugin needs to copy this file into the sos archive. Closes: #1715 Resolves: #1716 Signed-off-by: Thorsten Scherf <tscherf@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [kernel] collect "bpftool net list"Pavel Moravec2019-09-251-0/+4
| | | | | | | | List bpf program attachments in the kernel networking subsystem. Resolves: #1712 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [python] collect pip listWilliam Clark2019-09-251-0/+2
| | | | | | | Resolves: #1708 Signed-off-by: William Bradford Clark <wclark@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [openvswitch] Capture additional OVS informationRobin Cernin2019-09-251-0/+4
| | | | | | | | | | Capture list of all OVS interfaces Capture detailed information about OVS Bridges Resolves: #1698 Signed-off-by: Robin Cernin rcernin@redhat.com Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [nvidia] Add New PluginJake Hunsaker2019-09-251-0/+34
| | | | | | | | | | | Adds a new plugin for obtaining GPU information from nvidia cards with the nvidia-smi utility. Fixes: #1685 Resolves: #1697 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [lxd] adapting the plugin to support lxd 3.0.X seriesEric Desrochers2019-09-251-5/+16
| | | | | | | | | | | Enable proper collection for LXD 3.0.X, while staying backward compatible with LXD 2.0.X which can still be used with Xenial/16.04 LTS only. Resolves: #1659 Signed-off-by: Eric Desrochers eric.desrochers@canonical.com Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [targetcli] use add_service_status()Bryn M. Reeves2019-09-241-1/+1
| | | | | | Related: #1667 Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [snappy] use add_service_status()Bryn M. Reeves2019-09-241-1/+1
| | | | | | Related: #1667 Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [gdm,lightdm] use add_service_status()Bryn M. Reeves2019-09-242-2/+2
| | | | | | Related: #1667 Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [apache] use add_service_status()Bryn M. Reeves2019-09-241-2/+2
| | | | | | Related: #1667 Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [autofs] use add_service_status()Bryn M. Reeves2019-09-241-1/+1
| | | | | | Related: #1667 Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [Plugin] Add method to collect service status based on InitSystemJake Hunsaker2019-09-241-0/+22
| | | | | | | | | | | | | Adds a method to Plugin() to allow plugins to capture service status information based on a policy-defined InitSystem() to use. This will allow plugins to not need to account for host installation when trying to collect service information, such as from 'systemctl status' commands. Resolves: #1667 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [apache] Add syntax test and runtime status informationEric Desrochers2019-09-241-2/+7
| | | | | | | | | | | | | 'apachectl -t' (AKA configtest) parse the configuration files and report information about particular syntax error. 'systemctl status <service>' show runtime status information about apache unit. Resolves: #1658 Signed-off-by: Eric Desrochers eric.desrochers@canonical.com Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [kubernetes] Enable Ubuntu kubectl cmd from any k8s nodesEric Desrochers2019-09-241-4/+10
| | | | | | | | | Enable Ubuntu kubectl command, delivered as a SNAP, on any k8s nodes using CDK installation. CDK stands for Charmed Distribution of Kubernetes. Signed-off-by: Eric Desrochers <eric.desrochers@canonical.com>
* [cloud_init] Add New PluginJake Hunsaker2019-09-242-1/+30
| | | | | | | | | | Adds a new plugin for cloud-init. Fixes: #1584 Resolves: #1630 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [InitSystem] Cache service status informationJake Hunsaker2019-09-241-9/+14
| | | | | | | | | | | | | | | | With the addition of predicates, there is the very real possibility that plugins can end up gating multiple add_cmd_output() or similar calls around the same predicate, such as service enablement. Previously, this meant every single check of the predicate resulted in a new InitSystem._query_service() call was made. Now, we only call _query_service() once and save the results, since status is unlikely to change during the course of plugin execution. Resolves: #1629 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [ovn_host] Add support for containerized setupsDaniel Alvarez2019-09-111-7/+14
| | | | | | | | | | | | | | Prior to this patch, ovn_host was disabled on containerized setups due to the fact that ovn-controller package is not installed in the host. This patch fixes it by checking if the ovn-controller process is running. Resolves: #1767 Signed-off-by: Daniel Alvarez <dalvarez@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [ovn_central] Add support to containerized setupsDaniel Alvarez2019-09-111-25/+69
| | | | | | | | | | | This patch is adding support in ovn_central plugin to containerized setups. Now it's detecting if the OVN central services are running in container and execute the relevant commands inside it. The support covers both podman and docker runtimes. Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
* [ovn_host] fix Open_vSwitch table nameDaniel Alvarez2019-09-111-1/+1
| | | | | Signed-off-by: Daniel Alvarez <dalvarez@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [ovn_central] add additional show commandsDaniel Alvarez2019-09-111-0/+2
| | | | | | | | This patch is adding 'show' commands for both OVN NorthBound and SouthBound databases. Signed-off-by: Daniel Alvarez <dalvarez@redhat.com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* [sos] bump release3.8Pavel Moravec2019-08-272-3/+12
| | | | | | And make sos.spec up to date. Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [pep8] Fix E501 line too longJake Hunsaker2019-08-261-2/+5
| | | | | | Fix pep8 issues from increasing indentation. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [containers_log] Fetch all container logsCédric Jeanneret2019-08-2624-89/+37
| | | | | | | | | | | | | | | | | | | | | | Until now, we didn't have a central plugin for collecting service container logs. Each service was managing its own things, and this lead to missing log files in the past. Ensuring we fetch the content of /var/log/containers on its own ensures we won't forget to add possible new directories, like the "stdouts" we recently added in OpenStack in order to get the container STDOUT written on the disk. Therefore, this commit does 2 main things: - cleanup all the /var/logs/containers custom copy - create a central plugin that takes care of this location on its own. It's active by default and ensure the location actually exists. Resolves: #1668 Signed-off-by: Cédric Jeanneret <cjeanner@redhat.com> Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [ipvs] Only run ipvsadm commands if the ip_vs kernel module is loadedPatrick Talbert2019-08-261-2/+2
| | | | | | | | | | | Running any ipvsadm command can cause the kernel to autoload the ip_vs module. So only run ipvsadm commands if the ip_vs kernel module is found to already be loaded on the system. Resolves: #1634 Signed-off-by: Patrick Talbert <ptalbert@redhat.com> Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [openvswitch] Capture DPDK PMD performance countersEelco Chaudron2019-08-261-1/+3
| | | | | | | Resolves: #1686 Signed-off-by: Eelco Chaudron <echaudro@redhat.com> Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [ceph] Add additional commands to capture dataAshish Singh2019-08-261-1/+3
| | | | | | | | | Add addtional commands to ceph plugin. Resolves: #1694 Signed-off-by: Ashish Singh <assingh@redhat.com> Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [openstack_*] Remove duplicate rpm verify from OpenStack pluginsJake Hunsaker2019-08-2614-40/+0
| | | | | | | | | | | | | | A number of openstack plugins were calling 'rpm -V' against their own package lists as part of their setup() method when the --verify option is given to sos. This is already done in normal plugin execution, so there is no need to duplicate the calls. This change removes these calls from the openstack plugins. Resolves: #1696 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com> Signed-off-by: Pavel Moravec <pmoravec@redhat.com>