| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
Changes the `LC_ALL` locale env var used for all command collections
from `C` to `C.UTF-8` which should provide safer/more reliable output
from non-English localizations. This is backed up by PEP-538:
https://peps.python.org/pep-0538/
Closes: #2946
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, there was a small but not impossible situation for a race
condition within `clean`'s handling of symlinks where a symlink name
could be obfuscated differently than what the link's target could be
obfuscated too.
Fix this by handling symlinks separately than the rest of the archive,
like what we do for directory names. When obfuscating files, archives
will now skip over symlinks and yield file names for iteration, rather
than generating and returning full file lists. Once the obfuscation of
"real" files is complete, then separately iterate over symlinks. Since
the file obfuscation also includes file names, this means that link
targets are already known to the mappings and we eliminate the potential
race condition.
Closes: #2852
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The `namespaces` option was presented to `sos collect`, but was not
actually being passed to nodes.
Fix this, and gate the usage of the option to version 4.3, or the
relevant RHEL backport version like we do for `--container-runtime`.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Adds a new `--disable-parsers` option that allows users to selectively
disable parsers for a given execution of `sos clean`.
This may be useful in specific scenarios where obfuscation is not
strictly needed for all the types of data we obfuscate, and where the
user trusts whomever may be receiving the archive for review.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The base `InitSystem` used when systemd is not present (or at least
functional), defaults to returning `True` for all probes, in an effort
to not inadvertantly block service queries.
This works well for most scenarios, however it backfires when checking
for runlevel-analogous systemd targets for items such as the `cantboot`
preset - in that the base `InitSystem` will always enable that preset.
Fix that by allowing calls to `InitSystem.is_running()` to specify a
default value to return, instead of blindly always returning `True`.
Similarly, update the preset check to default to `False` to avoid
improperly enabling that preset when systemd is unavailable.
Closes: #2913
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds collection of a `find` command that shows symlinks from /, or one
subdirectory below, that lists all symlinks and their targets in `ls`
output format. This is by request from a RH support team for situations
where problematic systems have directories underneathe / that are solely
symlinks, and this information is relevant to problem investigation.
While the `host` plugin may not be the most intuitive place for this
collection, there are no other existing plugins that would be "more
correct", and adding a new "symlinks" plugin would likely only serve to
confuse authors and maintainers going forward.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds two services to the `services` tuple for this plugin to both serve
as an enablement trigger, and to capture the status and journals of
these services automatically.
This is an update/replacement to #2919 originally proposed by Colin
Walters.
Closes: #2919
Co-authored-by: Colin Walters <walters@verbum.org>
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Forbidden path checks have up until now worked by taking a given file
path (potentially with globs), expanding that against all discovered
files that actually exist on the system, and then comparing a potential
collection path against that list.
While this works, and works reasonably fast for most scenarios, it isn't
very efficient and causes significant slow downs when a non-standard
configuration is in play - e.g. thousands of block devices which sos
would individually have to compare against tens of thousands of paths
for every path the `block` plugin wants to collect.
Improve this by first not expanding the forbidden path globs, but taking
them as distinct patterns, translating from shell-style (to maintain
historical precedent of using globs to specify paths to be skipped) to
python regex patterns as needed. Second, use `re` to handle our pattern
matching for comparison against the distinct patterns provided by a
plugin to skip.
Closes: #2938
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Since RHV 4.4 SP1, vdsm configures LVM to use devicesfile, causing that
the LVM filter configuration used by sos is ignored.
This change disables the use of the devicesfile, so that the information
of the devices used for RHV storage domains can be collected.
Fixes: RHBZ#2093993
Signed-off-by: Juan Orti <jortialc@redhat.com>
|
| |
|
|
|
|
|
| |
Update the libvirt plugin to collect swtpm logs from hosts,
and certain containerized environments, like OpenStack TripleO
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The enablement trigger of `files` in this plugin was incorrect, and
should have been `commands` given we're checking for an executable.
Fix that, so that this plugin can properly enable on more than just the
package names.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
| |
Signed-off-by: Nadia Pinaeva <npinaeva@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of hard-coding specific keys and having to maintain them over
time, replace the values of all keys that have 'password' in their name.
I think this covers all our current and hopefully future keys. It might
add "false positives" - keys that are not passwords but have 'password'
in their name - and I think that's a risk worth taking.
Sadly, the engine admin password prompt's name is
'OVESETUP_CONFIG_ADMIN_SETUP', which does not include 'password', so has
to be listed specifically.
A partial list of keys added since the replaced code was written:
- grafana-related stuff
- keycloak-related stuff
- otopi-style answer files
Signed-off-by: Yedidyah Bar David <didi@redhat.com>
Change-Id: I416c6e4078e7c3638493eb271d08d73a0c22b5ba
|
| |
|
|
|
|
|
|
|
|
| |
Changed loglevel logic to be more transparent.
Setting file loglevel (flog) on DEBUG when any verbosity is
set.
If not leave it to INFO.
Signed-off-by: Jan Jansky <jjansky@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
This patch is to update arcconf plugin to collect
UART logs
Signed-off-by: Mamatha Inamdar <mamatha4@linux.vnet.ibm.com>
Reported-by: Borislav Stoymirski <borislav.stoymirski@bg.ibm.com>
Tested-by: Borislav Stoymirski <borislav.stoymirski@bg.ibm.com>
|
| |
|
|
| |
Signed-off-by: Nikhil Kakade <nikhilkaka1@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is to update fibrechannel plugin to collect
HBA device logs
following commands are added
hbacmd listhbas
hbacmd HbaAttributes <WWPN | MAC>
hbacmd PortAttributes <WWPN | MAC>
hbacmd ServerAttributes
Signed-off-by: Mamatha Inamdar <mamatha4@linux.vnet.ibm.com>
Reported-by: Borislav Stoymirski <borislav.stoymirski@bg.ibm.com>
Reported-by: Toni Gibson <cajun1@us.ibm.com>
Tested-by: Borislav Stoymirski <borislav.stoymirski@bg.ibm.com>
|
| |
|
|
|
|
|
|
|
|
| |
This patch tries to capture the exception when running
the sosreport at the same time the temp directory
specified as an option is deleted.
Resolves: #2806
Signed-off-by: Jose Castillo <jcastillo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
shmcli provides information of the adapters, emms, drives,
enclosures, fans, and power supplies.
And the sensing data of temp, voltage, and current sensors.
[1] https://dl.dell.com/topicspdf/powertools-shm-ag_en-us.pdf
Signed-off-by: Nikhil Kakade <nikhilkaka1@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Ceph uses leveldb (old versions) or rocksdb (current ones)
for metadata. The older filestore backend is deprecated since
Quincy (17.2.0) which uses leveldb. So it's useful to know
if, for example, ceph-mon is still using leveldb for metadata.
This can happen even after upgrading to newer Ceph versions
if the leveldb isn't migrated to leveldb.
Signed-off-by: Ponnuvel Palaniyappan <pponnuvel@gmail.com>
|
| |
|
|
| |
Signed-off-by: Nadia Pinaeva <npinaeva@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
After the change introduced via PR #2935
(Allow 'str' PlugOpt type to accept any value)
the postgresql plugin was the only one specifying
both str and int as possible values. This patch
simplifies the val_type field to be in line
with the rest of plugins where only one value
is used.
Signed-off-by: Jose Castillo <jcastillo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Adds a cluster profile for Red Hat OpenStack Platform to identify
controller and (optionally) compute nodes to collect sos reports from.
Note that this adds a dependency on pyyaml to sos. This should be
considered a weak dependency by downstreams. As such, it is added as a
'Recommends' in `sos.spec`. pip does not have the concept of 'weak
dependencies', and so is added as a regular requirement in `setup.py`.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
For PlugOpt type 'str', we should allow any content including e.g.
numbers, and interpret it as a string.
Resolves: #2922
Closes: #2935
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
There were a few specific places where the `ocp` cluster was always
calling `oc` directly, rather than trying to account for an `oc` binary
that may be in a non-standard location, such as when executing from a
container.
Fix that, by making sure every `oc` command run by the cluster profile
uses the discovered location of `oc` and any (optionally) provided
config file.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Over time a lot has changed with `Policy()` implementation. Along with
that, the functionality of `GenericPolicy` broke at some point, thus
preventing any form of execution of SoS on distributions without
explicit policies.
Fix this by changing `GenericPolicy` to `GenericLinuxPolicy` (to be more
explicit in case we re-add non-Linux support in the future) and having
it subclass `LinuxPolicy` instead of the top-level `Policy`.
Further, add a platform check to ensure we are not inadvertently loading
a Linux-based policy on a non-Linux platform which would likely result
in failure to do anything useful.
The `GenericLinuxPolicy` will only load `IndependentPlugin`-tagged
plugins, does not leverage an init system, and does not provide any
default upload functionality.
Related: #2928
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NetworkManager's keyfiles (*.nmconnection) can contain secrets in plain
text. Let's try harder to filter them out.
The files are in GKeyFile format ([1]), so a naive regex doesn't really
cut it, because the meaning of the key also depends on the group
(keyfile section) it is in. But this probably still helps in many cases.
The current list (1.39.2) of NetworkManager secret properties in the
various keyfile groups is:
mka-cak
password-raw
pin
private-key
psk
secrets
wep-key0
wep-key1
wep-key2
wep-key3
plus several ending in /password/:
ca-cert-password
client-cert-password
leap-password
password
phase2-ca-cert-password
phase2-client-cert-password
phase2-private-key-password
private-key-password
Additionally, and what this patch does not cover, vpn secrets are in a
[vpn-secrets] groups, but those keys have their name depending on the
VPN plugin. In the future, we would filter out the entire [vpn-secrets]
group.
[1] https://developer-old.gnome.org/glib/unstable/glib-Key-value-file-parser.html
Signed-off-by: Thomas Haller <thaller@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Additionally, utilize the auxiliary build_query_cmd method for some
other psql query commands.
Resolves: #2931
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Candlepin shall collect db_tables_sizes in the extended/unified format
like foreman plugin does now.
Related to: #2931
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
| |
|
|
|
|
|
| |
There was a missing space between two words
in one of the strings in all po files.
Signed-off-by: Jose Castillo <jcastillo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When using `--list-plugins`, sos should report the values that will be
used in a given command, or with a given config file, not what the
default values are.
By reporting the set value, users can be sure their configuration or
commandline settings are being honored correctly before executing a
report collection.
Closes: #2921
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Collect /sys/kernel/debug/fnic statistics about Cisco UCS fibre channel
fNIC connection.
Resolves: #2926
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
| |
|
|
|
|
| |
Now collecting ses page 2 information of scsi devices using sg_ses command
Signed-off-by: Bhushan Kale bhushanskale@hotmail.com
|
| |
|
|
|
|
|
|
| |
Call _output.close() only when to_file=true.
Closes: #2925
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
| |
|
|
|
|
|
|
| |
Modifies the collection specs for pacemaker and corosync logs to also
include rotated copies. Additionally add collections of `pengine` files
for pacemaker.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixing the sphinx documentation warnings with the previous commit
unearthed a few inconsistencies with the docstrings for various bits of
`Plugin()` and `Policy()`. Fix those so that docs can be properly
formatted and cross-reference each other.
Related to this, add a new `PluginDistroTag` base class that tagging
classes will now subclass. At the moment, this only serves to enhance
the generate docs however this may prove useful in the future if we ever
want to leverage these taggings classes more directly.
Closes: #2917
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Building sphinx docs was generating warnings for several locations about
sphinx being unable to reference certain classes.
This was found to be due to the `automodule` definitions for each
section including the `:noindex:` setting. Removing this configuration
resolved the vast majority of cross-referencing warnings that sphinx
would report on during a build of the docs.
Note that a single warning will remain, referencing threading.Thread,
after this change.
Closes: #2917
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Simplifies the logic and flow of `LinuxPolicy._container_init()` so that
it is both easier to follow and less prone to edge cases that could
break in-container collections that are not setup to capture from the
host system.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds a new `--encrypt` option that may be used in place of the existing
encrypt-related options. If used alongside `--batch`, this new option
will cause sos to set encryption options based on the `SOSENCRYPTKEY` or
`SOSENCRYPTPASS` environment variables. This allows users to leverage
this functionality without potentially leaking the values into `ps`-like
output inside the archive.
If `--batch` is not used, then this option prompts the user to select
the type of method to use and then provide the value in-line, or to use
the env var option.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
| |
Signed-off-by: Ponnuvel Palaniyappan <pponnuvel@gmail.com>
|
| |
|
|
|
|
| |
Adds collection of directory listing output for `/var/lib/rpm`.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
| |
SES Monitoring tool "getstatus" is used to information of
Seagate storage products.
Signed-off-by: Nikhil Kakade <nikhilkaka1@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
When a file collection will reach its sizelimit, don't tail the file if
it has binary content, as this will be useless collection.
Closes: #2851
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Adds a new `file_is_binary()` method to `sos.utilities` to serve as a
single point to determine if a file is binary or not, relying on the
python3-magic module.
Closes: #2839
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
| |
Updates the CentOS Stream 8 image used to run the CI tests, and adds
testing on CentOS Stream 9 now that those images are available.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, in #2888, the `openshift` plugin was extended to allow API
collections by using a default-available kubeconfig file rather than
relying on user-provided tokens. This also included flipping the default
value of the `no-oc` plugin option to `True` (meaning do not collect API
output by default).
This worked for the plugin, but it introduced a gap in `sos collect`
whereby the cluster profile could no longer reliably enable API
collections when trying to leverage the new functionality of not
requiring a user token.
Fix this by updating the cluster profile to align with the new
default-off approach of API collections.
Along with this, add a toggle to the cluster profile directly to allow
users to toggle API collections on or off (default off) directly. This
is done via a new `with-api` cluster option (e.g. `-c ocp.with-api`).
Further, rename the `openshift` plugin option from `no-oc` to
`with-api`. This change not only makes the option use case far more
obvious, it will also align the use of the option to both `collect` and
`report` so that users need only be aware of a single option for either
method.
The cluster profile also has logic to detect which plugin option,
`no-oc` or `with-api` to use based on the (RHEL) sos version installed
on the nodes being inspected by the `ocp` cluster profile.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
`dnf` has long been the successor to `yum` for RPM based distributions,
with the latter remaining as a legacy feature. In fact, in most cases
`yum` is now simply a symlink to `dnf`.
As such, merge missing collections from `yum` into the `dnf` plugin
where appropriate, and then remove the `yum` plugin.
Collections still referencing yum locations, such as `/etc/yum.repos.d/`
that are still used by `dnf` are brought forward and retain their
`yum_*` tags in the manifest in addition to new `dnf_*` tags.
The `history` plugin option has been removed and this is now a default
collection - previously it was gated to avoid duplication with the `yum`
plugin. The `history-info` option has also been slightly changed to only
capture the last 50 transactions instead of potentially up to hundreds
retained by `dnf`.
Closes: #1954
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
| |
Set --force-pull-image=True by default, can be turned off with
--force-pull-image=False
Signed-off-by: Nadia Pinaeva <npinaeva@redhat.com>
|
| |
|
|
|
|
| |
compatible way to find host release
Signed-off-by: Nadia Pinaeva <npinaeva@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adjust the options used by the 'ocp' preset to better reflect the
current collection needs and approach.
This includes disabling the `cgroups` plugin due to the large amount of
mostly irrelevant data captured due to the high number of containers
present on OCP nodes, ensuring the `--container-runtime` option is set
to `crio` to align container-based collections, disabling HTML report
generation and increasing the base log size rather than blindly enabling
all-logs.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
