| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Trevor Benson <trevor.benson@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add all the new versions since 7, and update name/versions based on
https://wiki.debian.org/DebianReleases. Checked latest bookworm and
the release string was in /etc/debian_version, but
/etc/debian_version was inconsistent on other versions.
/etc/lsb-release didnt exist by default.
grab the codename from /etc/os-release and base the versions from
there
forky and trixie and not out yet, but added as per the releases page
for future proofing.
Closes: #2691
Signed-off-by: Arif Ali <arif.ali@canonical.com>
|
|
|
|
|
|
|
|
|
| |
Collect /etc/foreman_scap_client/config.yaml on any Foreman OpenSCAP
client system.
Resolves: #3115
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Update most of the GCE images we use for CI testing to their latest
releases for their respective versions.
This commit also replaces F35 testing with F37 beta. F35 is now EOL and
as such no future sos releases would be included there.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Switch to using `parse_version()` from setuptools instead of
`LooseVersion()` from distutils, since distutils is being removed in
python 3.12.
Related: #3093
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In python 3.12 distutils will be removed. As such, we need to update to
the replacement `setuptools`.
This commit makes the basic change over in `setup.py`, so that an
`sdist` source tarball can be generated. Note that while this source
tarball will still have the `.po` files in it any build tarball
(`bdist`) produced via the new `setup.py` will *not* have `.mo`
translation files compiled and included at this point.
In reviewing this change, it was found that our internationalization is
currently broken and very out of date. Future work will focus on fixing
that situation, but for now the immediate packaging needs are being
addressed.
Resolves: #3093
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
| |
Enhance on timeout mechanism. Force the parent process to exit when
it has a deadlock child.
Signed-off-by: Junius Gao <Junius.Gao@veritas.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, mocked files were kept under the `tests/test_data/`
directory and generally mimic'd the file location they would be
temporarily copied to during the execution of their relevant tests.
This has a few maintainability drawbacks, and the handling of the
`files` attribute for test cases as either strings or tuples is at best
confusing.
Improve on this by instead making the `files` references relative to
where the test case file is written. This enables easier maintenance by
keeping all test requirements closer together, rather than spread across
the repo. As such, the `files` attribute now requires a list of tuples,
taking the form `(relative_src, absolute_dest)`. Additionally, fake
plugins for tests that need them to artificially test a specific
criteria should also be included in the test's subdir now.
Along with this change, move several StageTwo tests to their own subdirs
that now contain both the test cases and the needed files for mocking.
This should be the new design pattern going forward - if a test needs to
mock files of any kind, put it in a new subdirectory (and if it doesn't
need to mock files, continue to keep it in the relevant directory within
the test suite).
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
| |
Signed-off-by: Nikhil Kshirsagar <nikhil.kshirsagar@canonical.com>
|
|
|
|
|
|
| |
Resolves: #3109
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was recently found that some condition will cause Avocado to not
capture trailing `print()` statements in our test suite, and it is
reasonable to assume other automation may also have similar edge cases.
Resolve this by switching potentially problematic `print()`s to use the
ui logging stream, which will still print to console even after the file
handler has been closed.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
| |
Signed-off-by: zoedong <zoedong@tencent.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, remote command executions handled by policies were done by
moodifying the command string based on the `remote_exec` property of the
given `SoSTransport` in use for the node that the policy was loaded for.
While this worked well for SSH connections, newer transports may need to
do some manipulation of returned data in order for the rest of `sos
collect` to function as intended.
As such, switch to directly using a transport's `run_command()` method,
which will ideally handle any needed manipulations of either how the
command is execute and/or how the returned data is presented to the
calling component.
Related: #3087
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
| |
The string or list strings in the param `copyspecs`
are processed as globs, not regular expressions.
Signed-off-by: Samuel Walladge <samuel.walladge@canonical.com>
|
|
|
|
| |
Signed-off-by: lilinjie <lilinjie@uniontech.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The changes in respecting strict_node_list are three-fold:
1) Don't add local hostname among "list of nodes to collect from:"
2) Skip explicit adding of the primary node to client_list
3) Apply strict_node_list to reduce_node_list (as it can purge away
hostname or IP address of the local host, otherwise)
Resolves: #3096
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
|
|
|
|
|
|
| |
Updates the plugin to account for newer versions of Ceph, similar to the
previous few commits focusing on the ceph plugins.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Newer versions of Ceph, such as for RHCS 5, make some changes to the
container names as well as how to leverage `ceph daemon` commands.
Update the plugin to reflect this, and use the available admin sockets
on the host to capture that output, rather than always running it inside
the osd container.
Further, account for the use of an fsid in directory paths for newer ceph.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Newer versions of ceph do not have running processes directly on the
node. As such, the current method of determining the ID for the `ceph
tell` commands is not functional. Fix this by using the output of `ceph
status` on RHCS 5 nodes to get the node IDs.
Further, while ceph containers can be used to enable this plugin, those
containers by default cannot run various `ceph` commands collected by
the plugin. However, those commands are functional directly on the host,
so no longer attempt to execute within the containers.
Finally, update `postproc()` for newer versions as well.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The previous changes that broke up the ceph plugin into smaller
component specific plugins inadvertently broke the plugin enablement by
overriding the `check_enabled()` function to check for file presence
under a directory. This in turn replaced the standard checks, such as
the presence of certain containers.
Fix this by removing the method override, and leveraging the `files`
tuple against the component-specific directory into which the globs were
trying to check.
Further, update the container name regexes for enablement as they have
changed slightly since the initial plugin creation.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Adds a new cluster profile for RHCS 5 for `sos collect`. This profile
depends upon the use of `cephadm` which is used to both deploy and
manage the cluster. Users may optionally restrict the list of nodes to
collect from by using the `-c ceph.labels` option to specify a set of
label(s) to filter node results with.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Clusters can already pass plugin options to nodes, and can also set
arbitrary options on individual nodes or primary nodes. So, rather than
requiring a cluster profile specify sos options to both nodes and
primaries, instead allow profiles to specify options via a simple
`sos_options` dict that will get applied to every node automatically, as
is the case with plugin options.
Note that user values for these options will override cluster values.
For example, if a cluster spceifies a `--log-size` value, and the user
does on the command line, then the user's value will have precedence.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
| |
Circle Linux is an production-ready distribution from RHEL.
Signed-off-by: Bella Zhang <bella@cclinux.org>
|
|
|
|
|
|
|
| |
Ignore the entirety of the `.idea/` directory within the repo for anyone
using PyCharm as an IDE.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Packit is moving srpm builds from sandbox to copr, which means we need
to specify the build dependencies for packit to know how to create the
build environment.
As part of this change, re-organize the config file to be easier to
read, and update some of the deprecated keys or nesting per docs.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, --estimate-only mode summarizes sizes of all files as
returned by stat. That corresponds to "du --apparent-size" calculation.
Meanwhile, the user is rather concerned about the real disk usage
reported by "du" output.
Let update the estimate mode from "du --apparent-size" style to "du".
Resolves: #3084
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Logs as well as deploy information are located in /var/lib/mistral as
well. Until now, this location was overlooked, and important information
about the deploy state, configuration and potential errors were missing
from the initial SOS-Report, leading to time loss for both Customer and
Support.
This patch intends to correct this situation, by ensuring the content is
taken from the Undercloud.
Notes:
- this is especially important for OSP<17.0
- the location may content multiple subdirectories
- the location will contain the history of the different actions done by
the operator
- mistral logs are moved from the openstack_instack plugin to the new
openstack_mistral for the sake of consistency. The "instack" name is
deprecated in OSP.
Signed-off-by: Cédric Jeanneret <cjeanner@redhat.com>
|
|
|
|
|
|
|
|
| |
Collect nfsd information:
- The contents of /proc/fs/nfsd
- The output of nfsdclnts
Signed-off-by: Thiago Rafael Becker <thiago.becker@gmail.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Removes the `--sos-cmd` option for `sos collect`. Allowing passthru
options in this manner is inherently flawed, and any attempts at
sanitizing potentially malicious/dangerous values will always be a
losing battle. Instead, `sos collect` should leverage available `report`
options that are vetted and handled via the existing per-node
capabilities checks that is well-defined for explicit passthru options.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds a new parser and accompanying map for obfuscating IPv6
addresses.
This new parser will attempt to capture valid IPv6 networks and
addresses, and produce a mostly-randomized obfuscated pair. Due to the
multiple formats an IPv6 address can take, some identifiers are
necessary to preserve relevant information while still obfuscating
actual addresses and networks.
For example, global unicast addresses that have more than one defined
hextet (greater than /16 prefix) will always generate an obfuscated
address starting with `534f` (or 'so', continuing the style of our mac
address handling that uses 'sos' as an identifier). Addresses with a /16
prefix or less, will start with simply '53'. Private addresses, which
start with `fd` will generate an obfuscated address starting with
`fd53`, so that the contextual understanding that it is a private
network/address can remain. Link-local addresses which start with
`fe80::` will remain that way, only having the device hextets obfuscated
- again, keeping the contextual information that it is a link-local
interface intact, as otherwise these obfuscations may confuse end
users reviewing an sos report for problems.
Note that the address `::1` and `::/0` are explicitly skipped and never
obfuscated, for the same reasons given above.
Additionally, this parser/map will write data to the default map (and
any per-run private maps) differently than previous parsers. Rather than
simply dumping the obfuscation pairs into the map, it is broken up via
network, with hosts belonging to that network nested inside those
network entries (still being json-formatted). Users will also note that
the ipv6 entries in the map also have a `version` key, which is intended
to be used for handling future updates to the parser/map when upgrading
from an older sos version to a newer one. This may or may not be carried
over to future updates to other parsers.
Closes: #3008
Related: RHBZ#2134906
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changed to sosreport exclude files set by following options.
- `lmtp_sasl_password_maps`
- `smtp_sasl_password_maps`
- `postscreen_dnsbl_reply_map`
- `smtp_sasl_auth_cache_name`
Resolvs : #3073
Signed-off-by: Iwao Miyake <miyake.iwao@fujitsu.com>
|
|
|
|
|
|
|
|
|
| |
Implement the virsh sub-command `nodedev-list --tree` and
`nodedev-dumpxml` to virsh plugins.
Resolves: #3079
Signed-off-by: Han Han <hhan@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The XML configuration file /etc/autofs_ldap_auth.conf may contain
an authentication secret in the <autofs_ldap_sasl_conf/> tag.
This patch makes sure the secret or encoded_secret gets scrubbed.
Example of scrubbing of the secret:
secret="abc"
or
encoded_secret = 'abc'
to:
secret="********"
or
encoded_secret = '********'
Resolves: #3068
Signed-off-by: Stepan Broz <sbroz@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Implement sub-command to collect the info from host, including the free
memory of all numa nodes(freecell --all), the storage pool
capabilities(pool-capabilities), the number of CPUs and the online
CPUs(nodecpumap), the max number of vcpus supported by kvm(maxvcpus
kvm), and the hypervisor sysinfo(sysinfo)
Signed-off-by: Han Han <hhan@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the dnf plugin scrubs passwords from the repository files
and DNF variables, however "password" and "proxy_password" can be
defined in "/etc/dnf/dnf.conf".
This patch ensures that passwords are scrubbed from dnf.conf too.
Example of scrubbing:
Before:
proxy_password = hackme
After:
proxy_password = ********
Resolves: #3072
Signed-off-by: Stepan Broz <sbroz@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
A CodeQL error alert was highlighted that the iptables predicates might
be unset during execution of the plugin, which in turn could potentially
cause the plugin to throw an exception. Fix this by nesting the
interation of command collections over namespaces that might use this
predicate in the same conditional that defines the predicate.
Related: #3066
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Adds handling to catch the condition where we get something other than a
string or list from `get_nodes()` to `format_node_list()`.
Related: #3066
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During our final processing to report the results of an archive to the
user at the end of an execution, there was a redundant conditional
checking if we were running with `--build` to decide how to call
`display_results()` (with or without stat information). Merge this into
the previous conditional that determines that stat information, which in
turn resolves a CodeQL error alert.
Related: #3066
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
CodeQL highlighted on a potential issue on the regex used to extract
stack IDs for collection iterations. Resolve this by refining the regex
pattern to better match the stack IDs in the output.
Related: #3066
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Tighten the permissions on the host group file(s) written by `sos
collect` to no longer be world readable.
Related: #3066
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
As identified by CodeQL, there was a case where a potential open file we
are/were writing to as part of a command collection would not be closed
if we hit an exception during that execution.
Add explicit closure as part of the exception handling to resolve this.
Related: #3066
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
LGTM is shutting down shortly, as it has been folded into GH CodeQL. As
such, we need to switch over to using CodeQL to maintain automatic code
analysis.
Do this by using the provided CodeQL workflow configuration, and add a
config file to limit the analysis to the appropriate `sos/` directory.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Likewise #3065, we should not obfuscate path to directory when --build
option is used.
Resolves: #3071
Relates: #3065
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
|
|
|
|
|
|
|
|
| |
When moving sos tarball from a private directory to /var/tmp, apply
filename obfuscation just to the file and not the tmpDir path itself.
Resolves: #3065
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
|
|
|
|
|
|
|
| |
When installing via --danegerous, the aliases are not done
automatically, so create he sos alias, so that we can run
via "sos report"
Signed-off-by: Arif Ali <arif.ali@canonical.com>
|
|
|
|
|
|
|
|
| |
The environment for the build doesn't seem to be refreshing between
runs, and hence sos from the snab binary location is not working.
Having the full path ensures that this doesn't fail
Signed-off-by: Arif Ali <arif.ali@canonical.com>
|
|
|
|
|
|
|
|
|
|
| |
Add concutrrency to the job, so that if there is one already
running, then that would be cancelled
Remove the deb package, and that takes precedance with the path
do the test doesn't quite work
Signed-off-by: Arif Ali <arif.ali@canonical.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since PASSWORD can be in a one-liner list, we must mark the password
value in a non-greedy manner until first ',' or '}' is found.
This works well also for multi-line lists where any line terminates by
a comma.
Resolves: #3058
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
|
|
|
|
|
|
|
| |
* snapcraft-channel was the old method, updating to release
* fetch all history, so that the version of the snap will be
based on the latest tag plus the number of commits since
Signed-off-by: Arif Ali <arif.ali@canonical.com>
|
|
|
|
|
|
|
| |
Adds `--classic` to the snap installation test as part of the new GH
Action to push a new snap on `main` updates.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|