| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Ignore the entirety of the `.idea/` directory within the repo for anyone
using PyCharm as an IDE.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Packit is moving srpm builds from sandbox to copr, which means we need
to specify the build dependencies for packit to know how to create the
build environment.
As part of this change, re-organize the config file to be easier to
read, and update some of the deprecated keys or nesting per docs.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently, --estimate-only mode summarizes sizes of all files as
returned by stat. That corresponds to "du --apparent-size" calculation.
Meanwhile, the user is rather concerned about the real disk usage
reported by "du" output.
Let update the estimate mode from "du --apparent-size" style to "du".
Resolves: #3084
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Logs as well as deploy information are located in /var/lib/mistral as
well. Until now, this location was overlooked, and important information
about the deploy state, configuration and potential errors were missing
from the initial SOS-Report, leading to time loss for both Customer and
Support.
This patch intends to correct this situation, by ensuring the content is
taken from the Undercloud.
Notes:
- this is especially important for OSP<17.0
- the location may content multiple subdirectories
- the location will contain the history of the different actions done by
the operator
- mistral logs are moved from the openstack_instack plugin to the new
openstack_mistral for the sake of consistency. The "instack" name is
deprecated in OSP.
Signed-off-by: Cédric Jeanneret <cjeanner@redhat.com>
|
| |
|
|
|
|
|
|
| |
Collect nfsd information:
- The contents of /proc/fs/nfsd
- The output of nfsdclnts
Signed-off-by: Thiago Rafael Becker <thiago.becker@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Removes the `--sos-cmd` option for `sos collect`. Allowing passthru
options in this manner is inherently flawed, and any attempts at
sanitizing potentially malicious/dangerous values will always be a
losing battle. Instead, `sos collect` should leverage available `report`
options that are vetted and handled via the existing per-node
capabilities checks that is well-defined for explicit passthru options.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This commit adds a new parser and accompanying map for obfuscating IPv6
addresses.
This new parser will attempt to capture valid IPv6 networks and
addresses, and produce a mostly-randomized obfuscated pair. Due to the
multiple formats an IPv6 address can take, some identifiers are
necessary to preserve relevant information while still obfuscating
actual addresses and networks.
For example, global unicast addresses that have more than one defined
hextet (greater than /16 prefix) will always generate an obfuscated
address starting with `534f` (or 'so', continuing the style of our mac
address handling that uses 'sos' as an identifier). Addresses with a /16
prefix or less, will start with simply '53'. Private addresses, which
start with `fd` will generate an obfuscated address starting with
`fd53`, so that the contextual understanding that it is a private
network/address can remain. Link-local addresses which start with
`fe80::` will remain that way, only having the device hextets obfuscated
- again, keeping the contextual information that it is a link-local
interface intact, as otherwise these obfuscations may confuse end
users reviewing an sos report for problems.
Note that the address `::1` and `::/0` are explicitly skipped and never
obfuscated, for the same reasons given above.
Additionally, this parser/map will write data to the default map (and
any per-run private maps) differently than previous parsers. Rather than
simply dumping the obfuscation pairs into the map, it is broken up via
network, with hosts belonging to that network nested inside those
network entries (still being json-formatted). Users will also note that
the ipv6 entries in the map also have a `version` key, which is intended
to be used for handling future updates to the parser/map when upgrading
from an older sos version to a newer one. This may or may not be carried
over to future updates to other parsers.
Closes: #3008
Related: RHBZ#2134906
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Changed to sosreport exclude files set by following options.
- `lmtp_sasl_password_maps`
- `smtp_sasl_password_maps`
- `postscreen_dnsbl_reply_map`
- `smtp_sasl_auth_cache_name`
Resolvs : #3073
Signed-off-by: Iwao Miyake <miyake.iwao@fujitsu.com>
|
| |
|
|
|
|
|
|
|
| |
Implement the virsh sub-command `nodedev-list --tree` and
`nodedev-dumpxml` to virsh plugins.
Resolves: #3079
Signed-off-by: Han Han <hhan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The XML configuration file /etc/autofs_ldap_auth.conf may contain
an authentication secret in the <autofs_ldap_sasl_conf/> tag.
This patch makes sure the secret or encoded_secret gets scrubbed.
Example of scrubbing of the secret:
secret="abc"
or
encoded_secret = 'abc'
to:
secret="********"
or
encoded_secret = '********'
Resolves: #3068
Signed-off-by: Stepan Broz <sbroz@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Implement sub-command to collect the info from host, including the free
memory of all numa nodes(freecell --all), the storage pool
capabilities(pool-capabilities), the number of CPUs and the online
CPUs(nodecpumap), the max number of vcpus supported by kvm(maxvcpus
kvm), and the hypervisor sysinfo(sysinfo)
Signed-off-by: Han Han <hhan@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the dnf plugin scrubs passwords from the repository files
and DNF variables, however "password" and "proxy_password" can be
defined in "/etc/dnf/dnf.conf".
This patch ensures that passwords are scrubbed from dnf.conf too.
Example of scrubbing:
Before:
proxy_password = hackme
After:
proxy_password = ********
Resolves: #3072
Signed-off-by: Stepan Broz <sbroz@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
A CodeQL error alert was highlighted that the iptables predicates might
be unset during execution of the plugin, which in turn could potentially
cause the plugin to throw an exception. Fix this by nesting the
interation of command collections over namespaces that might use this
predicate in the same conditional that defines the predicate.
Related: #3066
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Adds handling to catch the condition where we get something other than a
string or list from `get_nodes()` to `format_node_list()`.
Related: #3066
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
During our final processing to report the results of an archive to the
user at the end of an execution, there was a redundant conditional
checking if we were running with `--build` to decide how to call
`display_results()` (with or without stat information). Merge this into
the previous conditional that determines that stat information, which in
turn resolves a CodeQL error alert.
Related: #3066
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
CodeQL highlighted on a potential issue on the regex used to extract
stack IDs for collection iterations. Resolve this by refining the regex
pattern to better match the stack IDs in the output.
Related: #3066
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Tighten the permissions on the host group file(s) written by `sos
collect` to no longer be world readable.
Related: #3066
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
As identified by CodeQL, there was a case where a potential open file we
are/were writing to as part of a command collection would not be closed
if we hit an exception during that execution.
Add explicit closure as part of the exception handling to resolve this.
Related: #3066
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
LGTM is shutting down shortly, as it has been folded into GH CodeQL. As
such, we need to switch over to using CodeQL to maintain automatic code
analysis.
Do this by using the provided CodeQL workflow configuration, and add a
config file to limit the analysis to the appropriate `sos/` directory.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Likewise #3065, we should not obfuscate path to directory when --build
option is used.
Resolves: #3071
Relates: #3065
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
When moving sos tarball from a private directory to /var/tmp, apply
filename obfuscation just to the file and not the tmpDir path itself.
Resolves: #3065
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
| |
|
|
|
|
|
|
| |
When installing via --danegerous, the aliases are not done
automatically, so create he sos alias, so that we can run
via "sos report"
Signed-off-by: Arif Ali <arif.ali@canonical.com>
|
| |
|
|
|
|
|
|
| |
The environment for the build doesn't seem to be refreshing between
runs, and hence sos from the snab binary location is not working.
Having the full path ensures that this doesn't fail
Signed-off-by: Arif Ali <arif.ali@canonical.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add concutrrency to the job, so that if there is one already
running, then that would be cancelled
Remove the deb package, and that takes precedance with the path
do the test doesn't quite work
Signed-off-by: Arif Ali <arif.ali@canonical.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Since PASSWORD can be in a one-liner list, we must mark the password
value in a non-greedy manner until first ',' or '}' is found.
This works well also for multi-line lists where any line terminates by
a comma.
Resolves: #3058
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
| |
|
|
|
|
|
|
| |
* snapcraft-channel was the old method, updating to release
* fetch all history, so that the version of the snap will be
based on the latest tag plus the number of commits since
Signed-off-by: Arif Ali <arif.ali@canonical.com>
|
| |
|
|
|
|
|
| |
Adds `--classic` to the snap installation test as part of the new GH
Action to push a new snap on `main` updates.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
| |
When a any MRs or commits are added to the main branch then
automatically create a snap, and push to latest/edge channel
Signed-off-by: Arif Ali <arif.ali@canonical.com>
|
| |
|
|
|
|
|
|
| |
The RH team has decided to no longer pursue pushing the downstream
beakerlib test suite into upstream to be run via testfarm. Instead,
those tests will be ported to the avocado test suite over time.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to automate the parsing of the plugin output files, by
systems could only read file contentit, seems useful to add an
output cmd file where data, such as the size or permissions,
of the OVN DBs is directly available.
This patch modifies the current behaviour to copy the db files
of each OVN DB to create a file containing the ls -lan output of
the files. The list of possible locations of these *.db files is
maintained for backwards compatibility but it has been necessary
to iterate over them to only obtain the information file of those
that really exist.
Signed-off-by: Fernando Royo <froyo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This additional command will tell us the ovn_controller connection
status to OVN SBDB.
This is done thanks to ovn-appctl command using -t option to specify
the target over the ovn_controller socket, a function has been created
in order to located the ovn_controller socket path that is name is
different from each controller node.
Signed-off-by: Fernando Royo <froyo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hostname parser treats strings like 'host.domain.com' with precompiled
domain 'domain.com' in a wrong way. It first obfuscates the domain while
subsequent _parse_line skips host obfuscation.
Calling _parse_line before _parse_line_with_compiled_regexes does clean
both the host name and the domain name well.
Adding a unittest with a reproducer.
Resolves: #3054
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most of the output we get from the ovn_central plugin is obtained
by executing ovn-nbctl or ovn-sbctl commands on specifc container
on the controller node.
Until now for non-clustered environments (active/backup mode) the
container used was ovn-dbs-bundle-* (its name includes a variable
numeric id), but this container disappears when OVN DB clustered
is deployed, adding specific containers for the OVN NB DB cluster
and the OVN SB DB cluster.
This patch adds logic to identify if we are in front of an OVN DB
server running in clustered mode or not, by checking for the
existence of specific containers, otherwise it works as before.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The option --no-leader-only will allow to run ovn-nbctl or
ovn-sbctl in all nodes, independently if we are in a clustered
or non-clustered enviroment.
The current check of executing commands only on nodes identified
as Leader, causes that in non-cluster environments (active/backup
mode) ovn-sbctl commands are not executed, not reporting the dump
of the tables.
By adding this parameter to the execution, which does not harm
non-clustered environments (active/backup), the command is executed
over the local database.
|
| |
|
|
|
|
|
|
|
| |
* Using the python from pip rather than the package
* Fine tune the environment, so less repetitive
Closes: #3044
Signed-off-by: Arif Ali <arif.ali@canonical.com>
|
| |
|
|
|
|
|
|
| |
Refines the tags for `ssh_config` and `sshd_config` so that they are
more explicitly assigned to the base files, and not subsequent conf
directories beyond the tagging assigned to those directories.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After all plugins have run, sos will now generate a "tag summary" and
add it to the report section of the manifest. This summary will be a
json-formatted entry that details all collections within the report that
have any tag associated with them at all. This should allow for easier
parsing of the manifest by analyzers such as Red Hat Insights.
As part of this change, commands will no longer be automatically tagged
with the name of the binary used in the command collection.
Additionally, manual collections performed by a plugin's `collect()`
method will now be recorded in the manifest in the same manner as file
and command output collections.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The `SoSMetadata()` class that makes up the manifest of a report was
previously non-iterable due to the basic implementation it had. Add
iterability to the manifest so that future endeavours can easily walk
through the manifest before it is exported as json.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Today, etcd is almost exclusively deployed in a container for
kubernetes/OCP clusters. This commit serves to update the plugin to be
primarily designed for those types of deployments, and removes the v1
and v2 collections.
Resolves: #2906
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
| |
The python environment for core22 is python3.10. The environment needed
changing accoridngly. core20 and core22 snapcraft doc suggests that
python3-venv needs to be added for the python plugin to work effectivly
Signed-off-by: Arif Ali <arif.ali@canonical.com>
|
| |
|
|
|
|
| |
Ubuntu OVN packages store the ovsdb files in /var/lib/ovn
Signed-off-by: Trent Lloyd <trent.lloyd@canonical.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The stagetwo tests are getting closer to consistent 30 minutes timeouts,
with centos 8 generally hitting the timeout most often among the
stagetwo tests. This is mostly due to the inefficient way in which we
dump 100MB into the system journal in order to test journal size
limiting.
As a stopgap measure until we can figure out a better/more reliable way
to artificially increase the journal size, increase the timeout of these
tests to avoid unnecessary re-runs which would otherwise pass.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was found that the `krb5` plugin was not executing on Ubuntu/Debian
systems due to a legacy change that inadvertently removed support for
those distributions.
Re-enable support by defining a new plugin class for those distros,
setting the kdc directory appropriately. Additionally, expand the
package tuple to include newer package names.
Closes: #3041
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
| |
Refines the recent addition of collecting `modinfo` output for kernel
modules specified by a plugin's enablement trigger to only do that
collection for loaded kernel modules.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Adds enablement triggers for the `firewall_tables` plugin in the form of
the `files` and `kernel_mods` tuples. This means that the plugin will no
longer blindly run by default, and only run if either the
`/etc/nftables/` directory is present or if the relevant kernel modules
are loaded. The latter should help in our efforts to ensure that we do
not inadvertantly load new kernel modules during execution.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
| |
Adds 2 modules to the plugin's `kernel_mods` trigger.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
| |
Adds plugin enablement triggers for this plugin via the presence of xfs
directories within /proc and/or /sys, as well as if the `xfs` kernel
module is loaded.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Since `modinfo` is now collected for all kernel modules specified by a
plugin's `kernel_mods` trigger the mac parser needs to skip those, not
just the global modinfo captured by the kernel plugin, so that we don't
incorrectly obfuscate a module's signature.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
| |
Adds the journals of the composer and local worker services.
Signed-off-by: Sanne Raymaekers <sanne.raymaekers@gmail.com>
|
| |
|
|
|
|
| |
Iterates over all composes, and queries the logs for each one.
Signed-off-by: Sanne Raymaekers <sanne.raymaekers@gmail.com>
|
