aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Rationalise lvm2 plug-in lvmdump optionsBryn M. Reeves2013-08-131-7/+11
| | | | | | | | | | | The lvm2 lvmdump options were a bit crazy, allowing the user to specify a default ('lvmdump'), or an advanced collection ('lvmdump-a') but not the raw metadata ('-m') option which is often useful for support purposes. Replace 'lvmdump-a' with 'lvmdump-am' to collect both. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Make lvm2 plugin lvmdump option collect metadataBryn M. Reeves2013-08-131-2/+2
| | | | | | | | | | The lvmdump-a option currently collects 'advanced' data but not raw metadata. Since it's off by default and the metadata is often of interest in support cases rename the option to lvmdump-am and have it also pass the '-m' (raw metadata) option to the lvmdump script. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Collect /var/log/squid in squid plug-inBryn M. Reeves2013-08-121-1/+2
| | | | Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Add file substitution rule for openhpiclient.confBryn M. Reeves2013-08-121-0/+3
| | | | Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Add new plug-in to gather OpenHPI configurationBryn M. Reeves2013-08-121-0/+34
| | | | | | | | | New plug-in to collect OpenHPI configuration files. These files may contain passwords; a regex substitution rule has been added based on information from the reporter but this needs testing with a range of actual configuration files. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Collect /proc/self/mountstats and /proc/self/mountinfoBryn M. Reeves2013-08-121-0/+2
| | | | Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Update utilities_tests.pyAdam Stokes2013-08-091-2/+2
| | | Update unittests to reflect 4a594b6dce129f8d9837c0d93768576badf2b2b7
* Strip trailing newline from command outputBryn M. Reeves2013-08-061-0/+2
| | | | | | | | This commit brings sos-3.x behaviour into line with earlier releases and produces captured command output that is consistent with typical shell redirection use. Resolves: bz971420
* Do not collect krb5.keytabBryn M. Reeves2013-08-012-4/+2
| | | | | | | | | | | | Avoid collecting kerberos keytabs to prevent unintended information disclosures. Instead retrieve a list using the klist command. Also remove the duplicative collection of this information from the ipa plug-in (which should only be collecting non-system keytabs that are specific to the IPA tools). Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Split kerberos data collection into separate plug-inBryn M. Reeves2013-08-012-17/+31
| | | | | | | | | The krb5 data collection in the samba plug-in is misplaced. Since this is collecting information about the system keytab move it to its own plug-in that can be activated on any kerberos enabled system. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Merge pull request #178 from battlemidget/patch-debian-updatesAdam Stokes2013-07-313-1/+14
|\ | | | | Update debian changelog and watch file
| * Merge branch 'master' into patch-debian-updatesAdam Stokes2013-07-313-5/+18
| |\ | |/ |/|
* | Add restricted rpm verifyBryn M. Reeves2013-07-301-0/+8
| | | | | | | | | | | | | | | | | | | | | | Add a default call to rpm -V/--verify for a targeted subset of packages. This greatly reduces the time taken relative to rpm -Va while still capturing important diagnostic information. In future this capability could be made a feature of the PackageManager class interface and available to all ports/modules. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* | Restrict wbinfo collection to the current domain.Bryn M. Reeves2013-07-301-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The samba module calls the wbinfo command to collect user and group information. This by default will search all domains to which the host has access. In a large AD environment with a number of trusted domains this causes the winbindd process to consume excessive CPU and memory resources. The Samba developers have commented that fixing this would require a complete rewrite of the winbind protocol and wbinfo client. Since listing out the _entire_ set of visible users is unlikely to be of any use anyway pass the --domain='.' option to restrict the search to the current domain of the system. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* | Update README.mdAdam Stokes2013-07-291-3/+8
| | | | | | Now that sosreport is in Debian unstable and Ubuntu 13.10 update the readme to reflect a more 'official' way to install this application
| * add additional information into changelog update watch file to point to latestAdam Stokes2013-07-262-1/+11
| | | | | | | | | | | | release. Signed-off-by: Adam Stokes <adam.stokes@ubuntu.com>
| * Add watch file and closes bugAdam Stokes2013-07-263-1/+4
|/ | | | Signed-off-by: Adam Stokes <adam.stokes@ubuntu.com>
* Merge pull request #177 from battlemidget/feature-distutils-3Adam Stokes2013-07-2610-10/+127
|\ | | | | Add support for distutils
| * Add support for distutilsAdam Stokes2013-07-2610-10/+127
|/ | | | | | | | | | - We are planning on moving to python distutils for future packaging however, we still want to keep our current build infrastructure around until we are able to test the builds overtime. For now distutils will live alongside the current build process and slowly replace the Makefiles once deemed fit. Signed-off-by: Adam Stokes <adam.stokes@ubuntu.com>
* Correct sources URL in sos.specBryn M. Reeves2013-07-261-1/+1
| | | | | | | | | | The release URL has been temporarily moved to people.redhat.com until we can find a way to make a good release infrastructure with github (tarball names are nasty - other projects seem to host their releases on fedorahosted which is what I'm looking into for this). Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* Merge pull request #175 from battlemidget/patch-debian-fixesAdam Stokes2013-07-256-2/+42
|\ | | | | Patch debian fixes
| * Merge branch 'master' into patch-debian-fixesAdam Stokes2013-07-258-148/+258
| |\ | |/ |/|
* | Merge pull request #174 from sosreport/patch-fix-unittestsAdam Stokes2013-07-253-64/+69
|\ \ | | | | | | Correct archive unittests and pep8 conformity in archive class
| * | Correct archive unittests and pep8 conformity in archive classAdam Stokes2013-07-253-64/+69
|/ / | | | | | | Signed-off-by: Adam Stokes <adam.stokes@ubuntu.com>
* | Fix add_copy_specs(string) bugs in openstack.pyBryn M. Reeves2013-07-251-7/+9
| | | | | | | | | | | | | | | | | | | | | | OpenStack was full of the add_copy_specs(string) anti-pattern. While we should address this properly these instances all need fixing to avoid collecting the whole file system. They should also have been tested before being put forward as a pull request. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* | Delete bogus dist checks from RedHatOpenStackBryn M. Reeves2013-07-251-5/+0
| | | | | | | | | | | | | | | | We already know we are running on RHEL or Fedora if we are executing a plug-in class tagged with RedHatPlugin. Do not check for /etc/*-release. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* | Fix broken binary checks in openstack.pyBryn M. Reeves2013-07-251-33/+30
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The OpenStack plug-in attempts to check for the presence of binaries before running them. To do this it passes a relative path to os.path.exists(); clearly this will never succeed. Ideally plug-ins should never need to do these checks. If the binary exists we'll run it and if not we won't (with no harmful side-effects). This is how sos is currently designed and if there is a need for plug-ins to ever do this we should add a method to the base plug-in class e.g. Plugin.find_command() to do this properly (i.e. evaluating the policy-supplied PATH). For now, just make all of this unconditional. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* | Fix API usage in openstack plug-inBryn M. Reeves2013-07-251-1/+1
| | | | | | | | | | | | | | | | One call in openstack.py used the old addCopySpecs() method. This will fail with current sos-3.x code. Update it to use the new add_copy_specs() method instead. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* | Merge pull request #168 from jnpkrn/patch-luciBryn M. Reeves2013-07-251-2/+5
|\ \ | | | | | | cluster plugin: restrictions wrt. luci
| * | cluster plugin: restrict data collected for luciJan Pokorný2013-07-201-2/+3
| | | | | | | | | | | | | | | | | | | | | Notably, avoid server cert being added. On the other hand, allow collection of rotated log files for luci. Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
| * | cluster plugin: add obfuscation of luci secretsJan Pokorný2013-07-181-0/+2
| | | | | | | | | | | | Signed-off-by: Jan Pokorný <jpokorny@redhat.com>
* | | Merge pull request #167 from ivoks/jujuBryn M. Reeves2013-07-252-76/+72
|\ \ \ | | | | | | | | Refactored OpenStack plugin
| * | | Rearrange openstack plugin so that distribution OpenStack classAnte Karamatic2013-07-081-76/+69
| | | | | | | | | | | | | | | | | | | | | | | | | | | | contains all non-distribution specific details. Also dropped all logrotate parts since those are collected by logrotate plugin. Signed-off-by: Ante Karamatic <ante.karamatic@canonical.com>
| * | | Add juju status and get-constraints outputsAnte Karamatic2013-07-081-0/+3
| |/ / | | | | | | | | | Signed-off-by: Ante Karamatic <ante.karamatic@canonical.com>
* | | Added XFS pluginPierguido Lambri2013-07-251-0/+40
| | | | | | | | | | | | Signed-off-by: Pierguido Lambri <plambri@redhat.com>
* | | Add Openshift plug-inBryn M. Reeves2013-07-091-0/+72
|/ / | | | | | | | | | | | | | | | | | | Add an sos plug-in for openshift to gathers several directories and command output sepcific to Openshift systems. Passwords and secrets are scrubbed for privacy reasons. Signed-off-by: Nick Harvey <niharvey at redhat dot com> Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
| * Debian policy fixesAdam Stokes2013-07-216-2/+42
|/ | | | | | | | | - Made sure to include both companies AND individuals in AUTHORS file. - Fixed a copyright issue on kernelrt plugin which is GPL-2 and not GPL-2 (or later) - Treat the sosreport package as a private python module (currently a public one as defined by the Debian python policy) Signed-off-by: Adam Stokes <adam.stokes@ubuntu.com>
* Merge pull request #159 from battlemidget/patch-include-tempfile-moduleBryn M. Reeves2013-06-191-0/+1
|\ | | | | import tempfile into policies
| * import tempfile into policiesAdam Stokes2013-06-101-0/+1
| | | | | | | | Signed-off-by: Adam Stokes <adam.stokes@ubuntu.com>
* | Merge pull request #157 from battlemidget/patch-deb-updationBryn M. Reeves2013-06-192-3/+3
|\ \ | | | | | | Make debian packaging 'non-native'
| * \ Merge branch 'master' into patch-deb-updationAdam Stokes2013-06-1013-201/+544
| |\ \
| * | | update diffAdam Stokes2013-06-102-3/+3
| | | | | | | | | | | | | | | | Signed-off-by: Adam Stokes <adam.stokes@ubuntu.com>
* | | | New optional data collection for SELinux plug-inBryn M. Reeves2013-06-181-3/+10
| |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The SELinux plug-in can now optionally collect object lists from the semanage command. Since this command loads the SELinux python run time (~4s/command) it can add considerably to the overall run time of sosreport - for this reason these commands are disabled by default and may be enabled via the selinux.list option: # sosreport -k selinux.list With the option turned on we also collect: semanage fcontext -l semanage login -l semanage port -l semanage user -l Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* | | Fix policy classes for --tmp-dirBryn M. Reeves2013-06-102-0/+2
| | | | | | | | | | | | | | | | | | | | | Policy classes need to return the user-supplied temporary directory if they decide not to override it. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* | | Reduce level of 'could not run' messages info->debugBryn M. Reeves2013-06-101-1/+1
| |/ |/| | | | | | | | | | | We expect not to find all commands; don't output a log message on each missing binary. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* | Bump versionr3.03.0Bryn M. Reeves2013-06-101-1/+1
| | | | | | | | Increment the spec file version to 3.0
* | Spec file updatesBryn M. Reeves2013-06-101-27/+305
| |
* | Test for symlink existence before creationBryn M. Reeves2013-06-101-1/+2
| | | | | | | | | | | | | | | | There are cases where we may attempt to add a symlink to the archive more than once. Since this will fail for paths that already exist test for their presence first. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* | Set umask when creating final archive fileBryn M. Reeves2013-06-101-0/+2
| | | | | | | | | | | | | | | | | | | | | | The temporary trees used by sos are set up with correct permissions but tarfile.open() uses the default mode and umask settings. Set the umask to deny group and other permissions for the archive to avoid leaking data to unprivileged users. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
* | Revert use of PAX archivesBryn M. Reeves2013-06-101-2/+1
| | | | | | | | | | | | | | | | | | | | Revert the use of POSIX PAX archive format in TarFileArchive. The code to capture SELinux file contexts is currently disabled in master due to the undesirable affects on archive extraction. Since this is the main reason for using the PAX format revert to automatic format selection to allow the widest compatibility. Signed-off-by: Bryn M. Reeves <bmr@redhat.com>