| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
Since kernel-4, iptables / ip6tables is newly provided by nf_tables
kernel module. Therefore, collecting ip[,6]tables commands should
be gated by presence of also this kernel module.
Resolves: #2054
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
Signed-off-by: Bryan Quigley <bryan.quigley@canonical.com>
|
|
|
|
|
|
|
|
|
| |
Skip just collecting some SSL stuff (not required, potentially sensitive).
Resolves: #2075
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
nfsserver plugin enabledness relies on legacy init scripts. A more
appropriate way to idenfity a NFS server is via nfs-utils package
(though it could be present also on a NFS client).
As that package enables nfs plugin, it is reasonable to merge the
plugins into one.
Closes: #2061
Resolves: #2073
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
'general' plugin was replaced by 'host' plugin years ago.
Let update an example in man pages accordingly.
Resolves: #2072
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This allows inspection of the rule order, as well as insert/edit/delete of
the rules by that numbered id (ufw delete 23).
More details can be found here: https://help.ubuntu.com/community/UFW
Resolves: #2065
Signed-off-by: David A. Desrosiers <setuid@gmail.com>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The documentation references ./sosreport , but
the command now lives inside ./bin, so this
commit updates such references.
Resolves: #2060
Signed-off-by: Jose Castillo <jcastillo@redhat.com>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add the ability to collect data/info about rootless podman/buildah
containers, in particular:
- containers_common plugopt 'rootlessusers' as a list of users to inspect
- for each user, collect:
- its containers config
- [podman|buildah] info and [UID|GID] map
- collect user-status and few user-related config files
Resolves: #2055
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Moving tmpdir specifications out of policy gave us the ability to have
logging within `Policy`, however it was unnoticed before that this
stopped the redirection from container filesystem to host filesystem
when sos was running in a container (and we wanted to save the archive
to the host and not the container).
Fix this by standardizing a check for a `HOST` environment variable,
when a `container` env var is set as well. This has been used by the Red
Hat policy for some time to determine chroot locations for when we're
running in a container, and has been working well. The `container`
environment variable should be set at container setup by modern
container runtimes.
If either the `container` or `HOST` environment variable is not set, but
we are running in a container, then we will continue to write to the
container's filesystem (while policy will still determine any chroot
requirements separately).
Resolves: #2041
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
Signed-off-by: Bryan Quigley <bryan.quigley@canonical.com>
|
|
|
|
|
|
|
|
| |
Related to #2048, but not a true fix.
Resolves: #2067
Signed-off-by: Bryan Quigley <bryan.quigley@canonical.com>
|
|
|
|
|
|
|
| |
Resolves: #1853
Signed-off-by: Dominika Hodovska <dhodovsk@redhat.com>
Signed-off-by: Bryan Quigley <bryan.quigley@canonical.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Fixing convert_copyspec_scl method which returned
// instead of /. That caused in some cases that
some files was not collected by plugins.
Resolves: #2016
Signed-off-by: Jan Jansky <jjansky@redhat.com>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
As preparation for Satellite 7 configuration and log
collection adding collection of rh-redis32 from scl.
Resolves: #2016
Signed-off-by: Jan Jansky <jjansky@redhat.com>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
To fix regression in 8a2a765:
Could not initialize 'report':
local variable 'flog' referenced before assignment
Resolves: #2057
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Addresses an issue where size limiting was not being applied to whole
directory specifications, as we would only stat the directory directly
when it was returned from a glob. Now, if the given copyspec is just a
directory path, recurse into it with an explicit '*' match.
Updates the forbidden path check to account for the newly extended files
list to match against the directory-only forbidden specifications. This
may result in more log entries for deep directory structures whose
parent directory/directories is/are forbidden.
Closes: #1750
Resolves: #2035
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
| |
Resolves: #2056
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, "insights-client --offline" stdout is stored in filename like
insights-client_--offline_--output-dir_.var.tmp.sos.cbl0ox16. (and so on)
Let make the filename unified and deterministic.
Also add the trailing vim expand tabs comment.
Resolves: #2058
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
Signed-off-by: Bryan Quigley <bryan.quigley@canonical.com>
|
|
|
|
|
|
|
|
|
|
|
| |
systemd-resolve command starts systemd-resolved service when that is
not running; thus we should call the command only under the relevant
predicate.
Resolves: #2059
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
Signed-off-by: Bryan Quigley <bryan.quigley@canonical.com>
|
|
|
|
|
|
|
|
|
|
|
| |
In some use cases, "rabbitmqctl report" run in a container can hung
due to missing terminal. Let workaround it for now by running the
command with --foreground timeout option.
Resolves: #2047
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The check function in CozPolicy class hits the ValueError exception
if we have empty lines in /etc/os-release file.
Updated the list comprehension used to parse the /etc/os-release file
with a if condition to take care of empty lines.
Closes: #2045
Resolves: #2046
Signed-off-by: Sourabh Jain <sourabhjain@linux.ibm.com>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
| |
Resolves: #2043
Signed-off-by: Dr. Jason Breitweg <jason@breitweg.com>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Use latest api-version when querying the metadata service; Additionally
switch to use /instance/compute instead of only /instance, as this
contains more information (eg. network config)
Resolves: #2019
Signed-off-by: Oliver Falk <ofalk@redhat.com>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
9 exisiting plugins already works on Container-Optimized OS. Marking it
to reflect that.
Resolves: #1419
Signed-off-by: Xuewei Zhang <xueweiz@google.com>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Add a basic policy class for Container-Optimized OS (COS).
A new CosPlugin tagging class is introduced for COS-specific plugin
cases.
Signed-off-by: Xuewei Zhang <xueweiz@google.com>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Updates the release line we try to match against for identifying CoreOS
hosts to the syntax now used by Red Hat CoreOS.
Resolves: #2042
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move collection of whole /etc/containers and /usr/share/containers to
one containers_common plugin enabled by the package of the same name.
Since the package is a common dependency for buildah and podman, no regression
in default data collection happens.
Resolves: #2040
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Timing - see how long each test takes
Summary - output the key results at the end
Use /dev/shm to store temporary files
Make since command actually meaningful
Resolves: #2039
Signed-off-by: Bryan Quigley <bryan.quigley@canonical.com>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Removes the enablement override for the plugin and instead relies on the
default architecture checks by specifying the `s390` arch in the
`architectures` tuple.
Resolves: #2038
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
Signed-off-by: Bryan Quigley <bryan.quigley@canonical.com>
|
|
|
|
|
|
|
|
|
|
| |
When a plugin, such as the `powerpc` plugin, only defines an
architecture enablement trigger and no files, commands, packages, etc...
our current enablement checks would return false. When the 'normal'
trigger restrictions are all empty, but there is an architecture
trigger, now properly enable based solely on that architecture.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
| |
Resolves: #2037
Signed-off-by: Bryan Quigley <bryan.quigley@canonical.com>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Converts all current plugin docstrings into a `short_desc` attribute,
that is now referenced by `Plugin.get_description()`.
Closes: #1960
Resolves: #2036
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Attempting to run sosreport in a container currently will always
traceback unless ENV_HOST_SYSROOT is set to '/'.
Allow default NoneType sysroot to function as well.
Resolves: #2028
Signed off by: Robb Manes <rmanes@redhat.com>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Only set the logging handler that prints ERROR level messages to console
if we're running in quiet mode, as otherwise we'll double log from the
normal console handler.
Closes: #1999
Resolves: #2033
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
From 2.7.0 onwards, MAAS is using snaps for it's releases, and this
changes the location of files and logs.
Resolves: #1964
Signed-off-by: Adam Collard <adam.collard@canonical.com>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When `collect` is unavailable locally, we should always print the
unavailable message in all cases. However, due to the way the parser was
configured, any options passed to `sos collect` would trigger argparse's
"Unknown argument" error output instead.
Now, capture the unknown args when we perform the first parsing to
capture the component, then for cases where `collect` is unavailable,
simply ignore the parser to always force our own error message to be
printed.
This commit marks the end of the patchset for collect integration into
sos.
Closes: #1988
Resolves: #2017
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
| |
Properly catch a keyboard interrupt during the prompt used in the
disclaimer text when --batch is not used.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Removes the header formatted for error level messages, as these are
printed to console directly. Additionally improves the formatting of the
error message used when we could not get a list of nodes from the
cluster.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Since hooking into Policy(), checking the version of sos installed in a
container on a containerized host was failing. Add an explicit override
check for this to the policies that need it, rather than bending
PackageManager to also allow container based checks since all other
package checks will still need to be done against the host and not the
container.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
| |
Simplifies the node enumeration from the db query using the `copy`
function of psql to dump the results to stdout without the DB
header/footer.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
| |
Skip the sos info checks for local execution for --no-local is used.
Still load the local policy for package checks however.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
| |
Fixes an issue where even though we weren't collecting from local host
if --no-local was specified, we would still display it in the list of
nodes to collect from.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Replaces the previous `--threads` option in collect with a `--jobs`
option to determine the number of concurrent collections to run.
Uses `--threads` as a passthru option now if the node supports it
(sos-3.6+), in an effort to unify option meanings between components.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
| |
Ensures that the parsed values for any of the plugin enablement or
plugin option options are parsed as a list, by changing their parser
action to 'extend', like we do with report.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
| |
Rather than leave spurious temp directories on the filesystem from
gracefully failed runs, always run cleanup().
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes the way collector adds options to the parser, such that they are
now logically grouped together. Options that modify how report is run on
nodes are now under a 'Report Passthru' group, while collector-specific
options are listed under a 'Collector' group. This should make --help
easier to consume by users.
Additionally adds the default global options to a 'Global' group.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
| |
Following flake8 review, replace the * import of exceptions, and instead
explicitly import each exception used in sosnode.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
| |
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Under specific circumstances, we previously could end up prompting for
SSH passwords for nodes that would then be overridden by
--password-per-node, which in turn could potentially cause issues for
use cases where sudo was used both locally and remotely where the sudo
passwords differed (as indicated by password-per-node).
Adjust prompting and setting of the sudo passwords so that we prompt the
user the correct (minimal) amount of times, and the correct passwords
are used for sudo usage (when needed).
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
| |
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Adds support for newer sos report options like `allow_system_changes`
and `plugin_timeout` to collector. These options are version dependent,
so they are evaluated on a per-node basis during final sos command
construction.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Fixes an issue where we would still attempt to run through local sos
report setup if we need sudo but the password was not given. This final
catch is done right before sosreport is called on connected nodes, so
it will catch any future conditions where no_local gets set after the
initial configuration check.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|