aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* [networking] collect iptables when proper kernel modules loadedPavel Moravec2020-05-191-10/+13
| | | | | | | | | | | Since kernel-4, iptables / ip6tables is newly provided by nf_tables kernel module. Therefore, collecting ip[,6]tables commands should be gated by presence of also this kernel module. Resolves: #2054 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Bryan Quigley <bryan.quigley@canonical.com>
* [postfix] collect whole /etc/postfixPavel Moravec2020-05-191-3/+7
| | | | | | | | | Skip just collecting some SSL stuff (not required, potentially sensitive). Resolves: #2075 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [nfs] merge nfsserver plugin into nfs onePavel Moravec2020-05-192-56/+12
| | | | | | | | | | | | | | | nfsserver plugin enabledness relies on legacy init scripts. A more appropriate way to idenfity a NFS server is via nfs-utils package (though it could be present also on a NFS client). As that package enables nfs plugin, it is reasonable to merge the plugins into one. Closes: #2061 Resolves: #2073 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [man] update references to 'general' pluginPavel Moravec2020-05-191-2/+2
| | | | | | | | | | | 'general' plugin was replaced by 'host' plugin years ago. Let update an example in man pages accordingly. Resolves: #2072 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [networking] Small change to produce more-useful, numbered ufw rule statusDavid A. Desrosiers2020-05-191-2/+2
| | | | | | | | | | | | This allows inspection of the rule order, as well as insert/edit/delete of the rules by that numbered id (ufw delete 23). More details can be found here: https://help.ubuntu.com/community/UFW Resolves: #2065 Signed-off-by: David A. Desrosiers <setuid@gmail.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [doc] Update path to the sosreport command.Jose Castillo2020-05-191-5/+5
| | | | | | | | | | | The documentation references ./sosreport , but the command now lives inside ./bin, so this commit updates such references. Resolves: #2060 Signed-off-by: Jose Castillo <jcastillo@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [containers_common] collect rootless containers infoPavel Moravec2020-05-191-0/+29
| | | | | | | | | | | | | | | | Add the ability to collect data/info about rootless podman/buildah containers, in particular: - containers_common plugopt 'rootlessusers' as a list of users to inspect - for each user, collect: - its containers config - [podman|buildah] info and [UID|GID] map - collect user-status and few user-related config files Resolves: #2055 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [sos] Write to host filesystem if in container with HOST env var setJake Hunsaker2020-05-131-1/+16
| | | | | | | | | | | | | | | | | | | | | | | | | Moving tmpdir specifications out of policy gave us the ability to have logging within `Policy`, however it was unnoticed before that this stopped the redirection from container filesystem to host filesystem when sos was running in a container (and we wanted to save the archive to the host and not the container). Fix this by standardizing a check for a `HOST` environment variable, when a `container` env var is set as well. This has been used by the Red Hat policy for some time to determine chroot locations for when we're running in a container, and has been working well. The `container` environment variable should be set at container setup by modern container runtimes. If either the `container` or `HOST` environment variable is not set, but we are running in a container, then we will continue to write to the container's filesystem (while policy will still determine any chroot requirements separately). Resolves: #2041 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com> Signed-off-by: Bryan Quigley <bryan.quigley@canonical.com>
* [travis] make ppc failure optionalBryan Quigley2020-05-131-6/+7
| | | | | | | | Related to #2048, but not a true fix. Resolves: #2067 Signed-off-by: Bryan Quigley <bryan.quigley@canonical.com>
* [build] Enable copr builds and add packit configDominika Hodovska2020-05-131-0/+12
| | | | | | | Resolves: #1853 Signed-off-by: Dominika Hodovska <dhodovsk@redhat.com> Signed-off-by: Bryan Quigley <bryan.quigley@canonical.com>
* [plugins] convert_copyspec_scl fixJan Jansky2020-05-121-2/+3
| | | | | | | | | | | Fixing convert_copyspec_scl method which returned // instead of /. That caused in some cases that some files was not collected by plugins. Resolves: #2016 Signed-off-by: Jan Jansky <jjansky@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [redis] Collection of redis from sclJan Jansky2020-05-121-29/+29
| | | | | | | | | | As preparation for Satellite 7 configuration and log collection adding collection of rh-redis32 from scl. Resolves: #2016 Signed-off-by: Jan Jansky <jjansky@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [general] set file logging only when initializedPavel Moravec2020-05-121-2/+5
| | | | | | | | | | | | To fix regression in 8a2a765: Could not initialize 'report': local variable 'flog' referenced before assignment Resolves: #2057 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [Plugin] Apply size limit to directory specsJake Hunsaker2020-05-121-2/+35
| | | | | | | | | | | | | | | | | Addresses an issue where size limiting was not being applied to whole directory specifications, as we would only stat the directory directly when it was returned from a glob. Now, if the given copyspec is just a directory path, recurse into it with an explicit '*' match. Updates the forbidden path check to account for the newly extended files list to match against the directory-only forbidden specifications. This may result in more log entries for deep directory structures whose parent directory/directories is/are forbidden. Closes: #1750 Resolves: #2035 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [nvmetcli] Add new plugin for NVMe Target CLIPavel Moravec2020-05-121-0/+32
| | | | | | | Resolves: #2056 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [insights] collect insights dump output in deterministic filenamePavel Moravec2020-05-121-1/+4
| | | | | | | | | | | | | | Currently, "insights-client --offline" stdout is stored in filename like insights-client_--offline_--output-dir_.var.tmp.sos.cbl0ox16. (and so on) Let make the filename unified and deterministic. Also add the trailing vim expand tabs comment. Resolves: #2058 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Bryan Quigley <bryan.quigley@canonical.com>
* [systemd] gate systemd-resolve commands by systemd-resolved servicePavel Moravec2020-05-121-3/+8
| | | | | | | | | | | systemd-resolve command starts systemd-resolved service when that is not running; thus we should call the command only under the relevant predicate. Resolves: #2059 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Bryan Quigley <bryan.quigley@canonical.com>
* [rabbitmq] Call containerised rabbitmqctl report on foregroundPavel Moravec2020-05-071-1/+2
| | | | | | | | | | | In some use cases, "rabbitmqctl report" run in a container can hung due to missing terminal. Let workaround it for now by running the command with --foreground timeout option. Resolves: #2047 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [policies] Take care of empty lines while parsing /etc/os-releaseSourabh Jain2020-05-071-1/+2
| | | | | | | | | | | | | | The check function in CozPolicy class hits the ValueError exception if we have empty lines in /etc/os-release file. Updated the list comprehension used to parse the /etc/os-release file with a if condition to take care of empty lines. Closes: #2045 Resolves: #2046 Signed-off-by: Sourabh Jain <sourabhjain@linux.ibm.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [auditd] Get auditd plugins.d contentstuxpreacher2020-05-071-1/+2
| | | | | | | Resolves: #2043 Signed-off-by: Dr. Jason Breitweg <jason@breitweg.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [azure] Update metadata service URLOliver Falk2020-05-071-2/+2
| | | | | | | | | | | Use latest api-version when querying the metadata service; Additionally switch to use /instance/compute instead of only /instance, as this contains more information (eg. network config) Resolves: #2019 Signed-off-by: Oliver Falk <ofalk@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [plugins] mark 9 plugins as supported on COSXuewei Zhang2020-05-0510-18/+32
| | | | | | | | | | 9 exisiting plugins already works on Container-Optimized OS. Marking it to reflect that. Resolves: #1419 Signed-off-by: Xuewei Zhang <xueweiz@google.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [policies] add COS policyXuewei Zhang2020-05-051-0/+36
| | | | | | | | | | Add a basic policy class for Container-Optimized OS (COS). A new CosPlugin tagging class is introduced for COS-specific plugin cases. Signed-off-by: Xuewei Zhang <xueweiz@google.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [redhat] Update CoreOS release line matchJake Hunsaker2020-05-051-1/+1
| | | | | | | | | Updates the release line we try to match against for identifying CoreOS hosts to the syntax now used by Red Hat CoreOS. Resolves: #2042 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [containers_common] Add plugin for common containers configsPavel Moravec2020-05-053-14/+27
| | | | | | | | | | | | | Move collection of whole /etc/containers and /usr/share/containers to one containers_common plugin enabled by the package of the same name. Since the package is a common dependency for buildah and podman, no regression in default data collection happens. Resolves: #2040 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [tests] Add Timing, summary, and reduce IO for small filesBryan Quigley2020-05-041-9/+20
| | | | | | | | | | | | Timing - see how long each test takes Summary - output the key results at the end Use /dev/shm to store temporary files Make since command actually meaningful Resolves: #2039 Signed-off-by: Bryan Quigley <bryan.quigley@canonical.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [s390] Convert enablement to using default architecture checkJake Hunsaker2020-05-011-7/+1
| | | | | | | | | | | Removes the enablement override for the plugin and instead relies on the default architecture checks by specifying the `s390` arch in the `architectures` tuple. Resolves: #2038 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com> Signed-off-by: Bryan Quigley <bryan.quigley@canonical.com>
* [Plugin] Fix enablement triggers when only restriction is architectureJake Hunsaker2020-04-301-0/+5
| | | | | | | | | | When a plugin, such as the `powerpc` plugin, only defines an architecture enablement trigger and no files, commands, packages, etc... our current enablement checks would return false. When the 'normal' trigger restrictions are all empty, but there is an architecture trigger, now properly enable based solely on that architecture. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [travis] Add tests against arm64, ppc64le, and s390xBryan Quigley2020-04-301-0/+18
| | | | | | | Resolves: #2037 Signed-off-by: Bryan Quigley <bryan.quigley@canonical.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [plugins] Convert docstrings to class attrsJake Hunsaker2020-04-30298-578/+590
| | | | | | | | | | Converts all current plugin docstrings into a `short_desc` attribute, that is now referenced by `Plugin.get_description()`. Closes: #1960 Resolves: #2036 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [redhat] fix RH containers without sysrootRobert Thomas Manes2020-04-301-1/+1
| | | | | | | | | | | | Attempting to run sosreport in a container currently will always traceback unless ENV_HOST_SYSROOT is set to '/'. Allow default NoneType sysroot to function as well. Resolves: #2028 Signed off by: Robb Manes <rmanes@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [sos] Don't double log error level messagesJake Hunsaker2020-04-281-1/+3
| | | | | | | | | | | Only set the logging handler that prints ERROR level messages to console if we're running in quiet mode, as otherwise we'll double log from the normal console handler. Closes: #1999 Resolves: #2033 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [maas] Add snap support to maas pluginAdam Collard2020-04-281-14/+51
| | | | | | | | | | From 2.7.0 onwards, MAAS is using snaps for it's releases, and this changes the location of files and logs. Resolves: #1964 Signed-off-by: Adam Collard <adam.collard@canonical.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [collect] When collect is unavailable, don't fail on unknown optionsJake Hunsaker2020-04-232-1/+9
| | | | | | | | | | | | | | | | | | | | When `collect` is unavailable locally, we should always print the unavailable message in all cases. However, due to the way the parser was configured, any options passed to `sos collect` would trigger argparse's "Unknown argument" error output instead. Now, capture the unknown args when we perform the first parsing to capture the component, then for cases where `collect` is unavailable, simply ignore the parser to always force our own error message to be printed. This commit marks the end of the patchset for collect integration into sos. Closes: #1988 Resolves: #2017 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [collect] Catch keyboard interrupt in disclaimer promptJake Hunsaker2020-04-221-2/+5
| | | | | | | Properly catch a keyboard interrupt during the prompt used in the disclaimer text when --batch is not used. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [cluster] Improve logging formating for errorsJake Hunsaker2020-04-221-4/+3
| | | | | | | | | Removes the header formatted for error level messages, as these are printed to console directly. Additionally improves the formatting of the error message used when we could not get a list of nodes from the cluster. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [sosnode] Fix checking sos version from container imageJake Hunsaker2020-04-223-9/+23
| | | | | | | | | | | Since hooking into Policy(), checking the version of sos installed in a container on a containerized host was failing. Add an explicit override check for this to the policies that need it, rather than bending PackageManager to also allow container based checks since all other package checks will still need to be done against the host and not the container. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [satellite] Simplify node enumerationJake Hunsaker2020-04-221-5/+6
| | | | | | | | Simplifies the node enumeration from the db query using the `copy` function of psql to dump the results to stdout without the DB header/footer. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [sosnode] Do not load local sos information when using --no-localJake Hunsaker2020-04-221-2/+10
| | | | | | | Skip the sos info checks for local execution for --no-local is used. Still load the local policy for package checks however. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [collect] Do not display local host if --no-local is usedJake Hunsaker2020-04-221-2/+3
| | | | | | | | Fixes an issue where even though we weren't collecting from local host if --no-local was specified, we would still display it in the list of nodes to collect from. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [collector] Passthru --threads, replace with --jobs for collectJake Hunsaker2020-04-223-9/+27
| | | | | | | | | | Replaces the previous `--threads` option in collect with a `--jobs` option to determine the number of concurrent collections to run. Uses `--threads` as a passthru option now if the node supports it (sos-3.6+), in an effort to unify option meanings between components. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [collector] Ensure parsed plugin options are always a listJake Hunsaker2020-04-222-4/+7
| | | | | | | | Ensures that the parsed values for any of the plugin enablement or plugin option options are parsed as a list, by changing their parser action to 'extend', like we do with report. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [collector] Always cleanup on graceful exitJake Hunsaker2020-04-221-0/+1
| | | | | | | Rather than leave spurious temp directories on the filesystem from gracefully failed runs, always run cleanup(). Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [collector] Add options to parser in groupsJake Hunsaker2020-04-222-119/+129
| | | | | | | | | | | | Changes the way collector adds options to the parser, such that they are now logically grouped together. Options that modify how report is run on nodes are now under a 'Report Passthru' group, while collector-specific options are listed under a 'Collector' group. This should make --help easier to consume by users. Additionally adds the default global options to a 'Global' group. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [sosnode] Explicitly import all exceptionsJake Hunsaker2020-04-221-1/+9
| | | | | | | Following flake8 review, replace the * import of exceptions, and instead explicitly import each exception used in sosnode. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [PEP257] Fix docstrings in exceptions.pyJake Hunsaker2020-04-221-12/+12
| | | | Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [sosnode] Fix conflicts between password-per-node and sudo optionsJake Hunsaker2020-04-222-3/+6
| | | | | | | | | | | | | | Under specific circumstances, we previously could end up prompting for SSH passwords for nodes that would then be overridden by --password-per-node, which in turn could potentially cause issues for use cases where sudo was used both locally and remotely where the sudo passwords differed (as indicated by password-per-node). Adjust prompting and setting of the sudo passwords so that we prompt the user the correct (minimal) amount of times, and the correct passwords are used for sudo usage (when needed). Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [options] Rename insecure-sudo to nopasswd-sudoJake Hunsaker2020-04-222-8/+8
| | | | Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [sosnode|collector] Add support for newer report optionsJake Hunsaker2020-04-222-20/+63
| | | | | | | | | Adds support for newer sos report options like `allow_system_changes` and `plugin_timeout` to collector. These options are version dependent, so they are evaluated on a per-node basis during final sos command construction. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [collector] Properly remove localhost if local sudo is needed but missingJake Hunsaker2020-04-221-2/+4
| | | | | | | | | | Fixes an issue where we would still attempt to run through local sos report setup if we need sudo but the password was not given. This final catch is done right before sosreport is called on connected nodes, so it will catch any future conditions where no_local gets set after the initial configuration check. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>