aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* [sos] Align plugin options with destination namesJake Hunsaker2021-02-039-20/+22
| | | | | | | | | | | | | This commit alters several option long-form names or destination names to align those values in a sensible way. This serves to not only remove some abiguity in option naming in code, but also to make it so that the "effective options" line logged in every sos execution can be direction copy-pasted as a working command. Closes: #2288 Resolves: #2398 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [yum] Mask the proxy passwords in /etc/yum.repos.d/Jose Castillo2021-02-031-0/+5
| | | | | | | | | | | | This patch makes sure that all passwords specified in the opcion proxy_password in any file inside /etc/yum.repos.d/ ends up masked in the sosreport. Closes: #2394 Resolves: #2396 Signed-off-by: Jose Castillo <jcastillo@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [report] add a script to print plugins' overviewPavel Moravec2021-02-031-0/+73
| | | | | | | | | | | Let's have a script that generates an overview of each plugin's activity. I.e. for each plugin, print list of items the plugin collects in add_copy_spec or add_cmd_output and other similar methods. Resolves: #2392 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [suse] Properly instantiate a package managerJake Hunsaker2021-01-291-0/+4
| | | | | | | | | | | | | | | The previous change to package managers removed SuSE's manual settings without actually having it use the new `RpmPackageManager` abstraction. This in turn made almost any sos execution fail on SuSE. Fix that, by instantiating the package manager. Credit to fluxcap1 on GitHub for identifying this flaw and the resolution. Related: #2389 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [rpm] Capture the output of 'rpm --showrc'Jose Castillo2021-01-291-0/+2
| | | | | | | | | | | | This request adds the output of --showrc to sos so we can verify the default values of options set via rpmrc and macros config files. Resolves: RHBZ#1921496 Resolves: #2388 Signed-off-by: Jose Castillo <jcastillo@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [insights] Adding .registered file to Insights client config collectionPaul Wayper2021-01-291-0/+1
| | | | | | | | | | It's useful to collect the `.registered` file as well to see if the Insights client is actually registered (and if so, when). Closes: #2372 Resolves: #2373 Signed-off-by: Paul Wayper <paulway@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [kubernetes] Add cdk.master.auth-webhook to journal collectionFelipe Reyes2021-01-291-0/+12
| | | | | | | | | | | In Ubuntu CDK when the deployed with Keystone authentication the service cdk.master.auth-webhook is deployed to handle that integration this change includes this unit to collect its journal. Resolves: #2387 Signed-off-by: Felipe Reyes <felipe.reyes@canonical.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [kubernetes] Fix CDK related file pathsFelipe Reyes2021-01-291-3/+3
| | | | | | | | | | | The `files` property is used to determined if it's the kubernetes master node is where the plugin is runnig since it's the only node capable of running kubectl. In Ubuntu CDK environments the file that's only available in the master is /root/cdk/cdk_addons_kubectl_config while /root/cdk/kubeproxyconfig is also available in the workers. Signed-off-by: Felipe Reyes <felipe.reyes@canonical.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [systemd] Prefer resolvectl over systemd-resolveMichael Biebl2021-01-291-4/+10
| | | | | | | | | | | The latter is a deprecated compat symlink. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979264 Resolves: #2385 Signed-off-by: Michael Biebl <biebl@debian.org> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [bcache] Add a new plugin for bcachePonnuvel Palaniyappan2021-01-291-0/+56
| | | | | | | | | | | bcache is used as a caching device (typically an SSD) for HDDs; bcache stats are useful to identify performance problems. Closes: #2378 Resolves: #2384 Signed-off-by: Ponnuvel Palaniyappan <ponnuvel.palaniyappan@canonical.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [kdump] Gather the file kexec-dmesg.logJose Castillo2021-01-291-1/+2
| | | | | | | | | | | | | Moved the file name from kexec-kdump.log to the right one, kexec-dmesg.log and added it to the list of files to gather via add_copy_spec as per #1546. Resolves: RHBZ#1817042 Resolves: #2386 Signed-off-by: Jose Castillo <jcastillo@redhat.com> Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [ovirt_node] Updated the ovirt_node plugin to collect additional dataLev Veyde2021-01-271-0/+15
| | | | | | | | | | | The plugin now collects information from certificates that were generated by oVirt on the host(s)/node(s). Related: RHBZ#1845877 Resolves: #2364 Signed-off-by: Lev Veyde <lveyde@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [ovirt] Updated the ovirt plugin to collect additional dataLev Veyde2021-01-271-1/+29
| | | | | | | | | | The plugin now collects information from certificates that were generated by oVirt. Related: RHBZ#1845877 Signed-off-by: Lev Veyde <lveyde@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [networking] collect tc filters per each devicePavel Moravec2021-01-251-1/+2
| | | | | | | | | Collect "tc -s filter show dev <DEV>" for each device. Resolves: #2383 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [networking] collect devlink infoPavel Moravec2021-01-251-0/+8
| | | | | | | | | Collect both devlink info and params, as well as details per each device. Related to: #2383 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [openvswitch] include ipsec debugging informationAaron Conole2021-01-251-2/+10
| | | | | | | | | | Enhancement to include details for the ovs ipsec monitor daemon. Resolves: #2382 Signed-off-by: Aaron Conole <aconole@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [s390] Collect dasd.conf fileJose Castillo2021-01-251-0/+1
| | | | | | | | | | | | | | | | From RHBZ: The /etc/dasd.conf is the common configuration file for the dasd portion of s390, similar to how /etc/multipath.conf is to multipath. It has settings like failover timings, readonly settings, diag settings, etc. It's very useful to see what the customer has set in this file when doing an initial analysis of s390 and more specifically dasd (s390 storage) issues. It's also useful to have when suggesting dasd tuning changes to the customer. Related: RHBZ#1919277 Resolves: #2381 Signed-off-by: Jose Castillo <jcastillo@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [powerpc] Collect opal-prd log filesVasant Hegde2021-01-251-1/+2
| | | | | | | | | Recent distros redirecting opal-prd logs to /var/log/opal-prd.log file. Resolves: #2377 Signed-off-by: Vasant Hegde <hegdevasant@linux.vnet.ibm.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [networking] Collect 'ethtool -e <device>' conditionally onlyPavel Moravec2021-01-201-11/+11
| | | | | | | | | | | EEPROM dump collection might hang on specific types of devices, or negatively impact the system otherwise. As a safe option, sos report should collect the command when explicitly asked via a plugopt only. Resolves: #2376 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [report] clean up references to ticket-numberPavel Moravec2021-01-194-11/+1
| | | | | | | | | | | | | Cleaning up references of --ticket-number, as it was fully replaced by --case-id. The credit goes to @mamatha4 . Resolves: #2375 Relates to: #2374 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [tigervnc] Add new pluginJake Hunsaker2021-01-191-0/+28
| | | | | | | | | Adds a new plugin for the TigerVNC plugin Closes: #2347 Resolves: #2371 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [postfix] forbid collecting SSL keys files declared in main.cfPavel Moravec2021-01-191-0/+36
| | | | | | | | | | | Collecting whole /etc/postfix, we might collect some SSL keys placed to this directory. Traverse main.cf to identify all such potential files we must add to forbidden paths. Resolves: #2362 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [Policy] Handle additional FTP authentication issuesJake Hunsaker2021-01-151-0/+4
| | | | | | | | | | | It was found that some implementations will return a 530 rather than a 503 as the more specific error for incorrect passwords. Handle this error code explicitly, and then also add a catch-all for any other ftplib errors that may get raised. Resolves: #2368 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [process] Consolidate duplicate ps callsJake Hunsaker2021-01-131-3/+3
| | | | | | | | | | | Drops the `ps auxwww` collection in favor of the memory-sorted and otherwise duplicate `ps auxwwwm` call, and updates the `ps` root symlink to the memory-sorted output. Related: #1969 Resolves: #2370 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [process] Drop -b from lsof calls, add timeoutJake Hunsaker2021-01-131-2/+3
| | | | | | | | | | | | | | | | The `-b` option to `lsof` is used to avoid kernel calls that have the potential to block. However, this in turn strips useful information from this collection when processes are using network resources like NFS shares. As we now have several layers of timeout control, it should be safe to remove the `-b` option and instead apply a timeout to the `add_cmd_output()` call to protect against a potential blocked call. Closes: #2352 Resolves: #2670 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [block] Add lsblk all column output commandAkshay Gaikwad2021-01-131-1/+2
| | | | | | | | | | "lsblk -O -P" provides all available column output in key pair format. Resolves: #2367 Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [sosnode] Fix scoping issues within finalize_sos_cmd()Jake Hunsaker2021-01-131-2/+3
| | | | | | | | | | First fixes an issue with an improperly scoped setting of the sos command label. Second, addresses an issue where the final sos command determined wasn't being written to the node's metadata. Resolves: #2363 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [sapnw] call sapconf only when a limits.d file existsPavel Moravec2021-01-131-1/+7
| | | | | | | | | | | sapconf command creates /etc/security/limits.d/99-sap-limits.conf on its own when missing, so calling the command must be gated by a predicate testing the file presence. Resolves: #2361 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [Policy] Add policy-controlled forbidden pathsJake Hunsaker2021-01-134-0/+60
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This adds policy-controlled forbidden path checking, which should be the final part of implementing "global" forbidden paths. With this commit, policies may now add paths and glob matches for paths which should never be collected in any plugin. Combined with plugin-defined paths and user-defined paths already available, plugins should now be able to be properly restricted from sensitive collections. Note that the way this is implemented is that policies that define the `set_forbidden_paths()` classmethod *extend* this forbidden list as it is built from the subclass(es) that also define one. This way, "top-level" policies do not need to maintain independent copies of entire trees of paths just to add a few specific additional ones that are not forbidden within other policies. This initial commit adds paths that are either very well-known to be ones we should avoid, or are paths that have previously been part of reported issues where these paths/files should not be collected. Closes: #316 Closes: #796 Closes: #919 Closes: #1316 Resolves: #2360 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [process] Collect the output of the "pidstat" commandJose Castillo2021-01-131-0/+5
| | | | | | | | | | | | The "pidstat" command prints CPU time breakdowns per CPU and, it can also print useful information from other subsystems {I/O, MM} in a single line. Related: RHBZ#1898155 Resolves: #2310 Signed-off-by: Jose Castillo <jose.mfcastillo@gmail.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [ipa] dogtag debug logfile name format changeThorsten Scherf2021-01-061-2/+2
| | | | | | | | | | Starting with Dogtag 10.9 a new logging framework is used. As a result, debug logfiles now have the format 'debug-<date>' rather than just 'debug'. Resolves: #2355 Signed-off-by: Thorsten Scherf <tscherf@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [collector] declare sysroot for each componentPavel Moravec2021-01-061-0/+1
| | | | | | | | | | | Commit 7f72a36 requires self.sysroot to exist for each component, but it is not set for sos-collector. Let pre-fill self.sysroot every time. Resolves: #2358 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [component] honour plugopts from config filePavel Moravec2021-01-061-1/+1
| | | | | | | | | | | Currently, config file plugopts are ignored as we overwrite it in apply_options_from_cmdline by empty list default value from cmdline. Resolves: #2359 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [python] Update import for RHELPolicyJake Hunsaker2021-01-041-2/+2
| | | | | | | | | Updates the import of `RHELPolicy` for setting the python version checking command on RHEL systems. Related: #2349 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [build] Add packages from policy re-orgJake Hunsaker2021-01-041-3/+5
| | | | | | | Adds the new packages to `setup.py` that were created as a result of the policy re-org from #2349 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [boot] Add ls /sys/firmware command outputAkshay Gaikwad2021-01-041-1/+2
| | | | | | | | | | "ls /sys/firmware" command is useful to check if system boots with UEFI or BIOS. Resolves: #2353 Signed-off-by: Akshay Gaikwad <akgaikwad001@gmail.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [ceph] include time-sync-status for ceph monPonnuvel Palaniyappan2021-01-041-0/+1
| | | | | | | | | | | | | Ceph mons might get into time sync problems if ntp/chrony isn't installed or configured correctly. Since Luminous release, upstream support 'time-sync-status' to detect this more easily. Closes: #2356 Resolves: #2357 Signed-off-by: Ponnuvel Palaniyappan <pponnuvel@gmail.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [DpkgPackageManager] Add subclass for dpkgJake Hunsaker2021-01-042-9/+26
| | | | | | | | | Adds a new `DpkgPackageManager` subclass for use with dpkg-based distributions. Closes: #2349 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [RpmPackageManager] Add discreet PackageManager subclassJake Hunsaker2021-01-044-20/+32
| | | | | | | | | | | | | | Adds a discreet subclass of `PackageManager` for RPM based distributions. Note this also makes a minor alteration to the determination of relevant commands based on the initialization of `PackageManager`, which will make it easier to build out subclasses going forward, while still allowing individual policies to override if desired. Related: #2349 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [Presets] Separate Presets from policiesJake Hunsaker2021-01-044-170/+209
| | | | | | | | | | | | Moves the `PresetDefaults` base class out from `sos/policies/__init__.py` and into a new `sos/presets` subdir. Further, removes the presets defined in the RH-family policies into a new `sos/presets/redhat.py` subdir to allow for ease of maintenance and tracking. Related: #2349 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [PackageManager] Separate PackageManager from policiesJake Hunsaker2021-01-046-238/+253
| | | | | | | | | | | | Moves `PackageManager` out from `sos/policies/__init__.py` into a new `sos/policies/package_managers` subdir. Future commits will aim to canonicalize package manager subclasses for policies to use, and ease the creation of new reusable package managers. Related: #2349 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [policies] Move linux policies into new subdirJake Hunsaker2021-01-0411-533/+573
| | | | | | | | | | | Moves the actual policy files for supported distributions out of `sos/policies` and into a new subdir `sos/policies/distros`. Note that `Policy()` still lives in the former, while `LinuxPolicy()` has been moved into `sos/policies/distros/__init__.py` Related: #2349 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [InitSystem] Separate InitSystem from policiesJake Hunsaker2021-01-044-191/+222
| | | | | | | | | | Moves `InitSystem` and the related `SystemdInit` subclass out of `sos/policies/__init__.py` and into a new `sos/policies/init_systems/` subdir. Related: #2349 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [ContainerRuntime] Separate runtimes from policiesJake Hunsaker2021-01-044-180/+226
| | | | | | | | | Moves `ContainerRuntime` and the related subclasses out from `sos/policies/__init__.py` into a new `sos/policies/runtimes` subdir. Related: #2349 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [Policy] Allow any number of vendor urls in banner messagesJake Hunsaker2021-01-048-19/+50
| | | | | | | | | | | | | | | | | Enhances policy banner message generation by allowing an arbitrary number of vendor urls to be displayed. The `vendor_url` class attr has been changed to `vendor_urls` which should be a list of 2-tuples formatted as `(description, url)`. Further updates the existing policies to use this new form, and expands on the Red Hat family distributions to include support website locations where applicable. Also updates the Ubuntu policy to point to both the community and commercial support resources. Closes: #1869 Resolves: #2325 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [redhat] Automatically failover to dropbox when RHCP upload failsJake Hunsaker2021-01-041-0/+15
| | | | | | | | | | | | | | When an upload to the RHCP fails for some reason, now automatically failover to attempt an upload to the FTP dropbox. This failover has been intended for some time, as we already failover to the FTP location if we detect we're missing, for example, login credentials for the Customer Portal. This change just extends that intention to when we run into errors with the actual upload process. Resolves: #2350 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [networking/ufw/firewall_tables] Split out firewall from networkingBryan Quigley2021-01-043-72/+121
| | | | | | | | | | | Drop fallback to nat as that can bring in more kernel modules Left ip/6-table save in networking for now as it can be filtered by networking options and I don't want to break that. Resolves: #2348 Signed-off-by: Bryan Quigley <code@bryanquigley.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [containers_common|podman] Gather container digestsBrad Hubbard2020-12-182-0/+2
| | | | | | | | | | It can be useful to have the digest for each container image for verifying exact binary compatibility, etc. Resolves: #2339 Signed-off-by: Brad Hubbard <bhubbard@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [component] Use sysroot from Policy when opts doesn't specify itPavel Moravec2020-12-151-2/+2
| | | | | | | | | | Until --sysroot option is specified, Archive (sub)classes should be called with sysroot determined from Policy. Resolves: #2346 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [Openvswitch] Add ovs-configuration journalJuan-Luis de Sousa-Valadas Castaño2020-12-151-0/+1
| | | | | | | | | | | | OpenShift 4.6 Introduces a new service called ovs-configuration, usually this information is also acquired in the must-gather but if precisely this service is at fault we may not be able to run must-gather. Resolves: #2345 Signed-off-by: Juan Luis de Sousa-Valadas <jdesousa@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>