| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
When a any MRs or commits are added to the main branch then
automatically create a snap, and push to latest/edge channel
Signed-off-by: Arif Ali <arif.ali@canonical.com>
|
| |
|
|
|
|
|
|
| |
The RH team has decided to no longer pursue pushing the downstream
beakerlib test suite into upstream to be run via testfarm. Instead,
those tests will be ported to the avocado test suite over time.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to automate the parsing of the plugin output files, by
systems could only read file contentit, seems useful to add an
output cmd file where data, such as the size or permissions,
of the OVN DBs is directly available.
This patch modifies the current behaviour to copy the db files
of each OVN DB to create a file containing the ls -lan output of
the files. The list of possible locations of these *.db files is
maintained for backwards compatibility but it has been necessary
to iterate over them to only obtain the information file of those
that really exist.
Signed-off-by: Fernando Royo <froyo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This additional command will tell us the ovn_controller connection
status to OVN SBDB.
This is done thanks to ovn-appctl command using -t option to specify
the target over the ovn_controller socket, a function has been created
in order to located the ovn_controller socket path that is name is
different from each controller node.
Signed-off-by: Fernando Royo <froyo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Hostname parser treats strings like 'host.domain.com' with precompiled
domain 'domain.com' in a wrong way. It first obfuscates the domain while
subsequent _parse_line skips host obfuscation.
Calling _parse_line before _parse_line_with_compiled_regexes does clean
both the host name and the domain name well.
Adding a unittest with a reproducer.
Resolves: #3054
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most of the output we get from the ovn_central plugin is obtained
by executing ovn-nbctl or ovn-sbctl commands on specifc container
on the controller node.
Until now for non-clustered environments (active/backup mode) the
container used was ovn-dbs-bundle-* (its name includes a variable
numeric id), but this container disappears when OVN DB clustered
is deployed, adding specific containers for the OVN NB DB cluster
and the OVN SB DB cluster.
This patch adds logic to identify if we are in front of an OVN DB
server running in clustered mode or not, by checking for the
existence of specific containers, otherwise it works as before.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The option --no-leader-only will allow to run ovn-nbctl or
ovn-sbctl in all nodes, independently if we are in a clustered
or non-clustered enviroment.
The current check of executing commands only on nodes identified
as Leader, causes that in non-cluster environments (active/backup
mode) ovn-sbctl commands are not executed, not reporting the dump
of the tables.
By adding this parameter to the execution, which does not harm
non-clustered environments (active/backup), the command is executed
over the local database.
|
| |
|
|
|
|
|
|
|
| |
* Using the python from pip rather than the package
* Fine tune the environment, so less repetitive
Closes: #3044
Signed-off-by: Arif Ali <arif.ali@canonical.com>
|
| |
|
|
|
|
|
|
| |
Refines the tags for `ssh_config` and `sshd_config` so that they are
more explicitly assigned to the base files, and not subsequent conf
directories beyond the tagging assigned to those directories.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After all plugins have run, sos will now generate a "tag summary" and
add it to the report section of the manifest. This summary will be a
json-formatted entry that details all collections within the report that
have any tag associated with them at all. This should allow for easier
parsing of the manifest by analyzers such as Red Hat Insights.
As part of this change, commands will no longer be automatically tagged
with the name of the binary used in the command collection.
Additionally, manual collections performed by a plugin's `collect()`
method will now be recorded in the manifest in the same manner as file
and command output collections.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
The `SoSMetadata()` class that makes up the manifest of a report was
previously non-iterable due to the basic implementation it had. Add
iterability to the manifest so that future endeavours can easily walk
through the manifest before it is exported as json.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Today, etcd is almost exclusively deployed in a container for
kubernetes/OCP clusters. This commit serves to update the plugin to be
primarily designed for those types of deployments, and removes the v1
and v2 collections.
Resolves: #2906
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
| |
The python environment for core22 is python3.10. The environment needed
changing accoridngly. core20 and core22 snapcraft doc suggests that
python3-venv needs to be added for the python plugin to work effectivly
Signed-off-by: Arif Ali <arif.ali@canonical.com>
|
| |
|
|
|
|
| |
Ubuntu OVN packages store the ovsdb files in /var/lib/ovn
Signed-off-by: Trent Lloyd <trent.lloyd@canonical.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The stagetwo tests are getting closer to consistent 30 minutes timeouts,
with centos 8 generally hitting the timeout most often among the
stagetwo tests. This is mostly due to the inefficient way in which we
dump 100MB into the system journal in order to test journal size
limiting.
As a stopgap measure until we can figure out a better/more reliable way
to artificially increase the journal size, increase the timeout of these
tests to avoid unnecessary re-runs which would otherwise pass.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
It was found that the `krb5` plugin was not executing on Ubuntu/Debian
systems due to a legacy change that inadvertently removed support for
those distributions.
Re-enable support by defining a new plugin class for those distros,
setting the kdc directory appropriately. Additionally, expand the
package tuple to include newer package names.
Closes: #3041
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
| |
Refines the recent addition of collecting `modinfo` output for kernel
modules specified by a plugin's enablement trigger to only do that
collection for loaded kernel modules.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Adds enablement triggers for the `firewall_tables` plugin in the form of
the `files` and `kernel_mods` tuples. This means that the plugin will no
longer blindly run by default, and only run if either the
`/etc/nftables/` directory is present or if the relevant kernel modules
are loaded. The latter should help in our efforts to ensure that we do
not inadvertantly load new kernel modules during execution.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
| |
Adds 2 modules to the plugin's `kernel_mods` trigger.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
| |
Adds plugin enablement triggers for this plugin via the presence of xfs
directories within /proc and/or /sys, as well as if the `xfs` kernel
module is loaded.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Since `modinfo` is now collected for all kernel modules specified by a
plugin's `kernel_mods` trigger the mac parser needs to skip those, not
just the global modinfo captured by the kernel plugin, so that we don't
incorrectly obfuscate a module's signature.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
| |
Adds the journals of the composer and local worker services.
Signed-off-by: Sanne Raymaekers <sanne.raymaekers@gmail.com>
|
| |
|
|
|
|
| |
Iterates over all composes, and queries the logs for each one.
Signed-off-by: Sanne Raymaekers <sanne.raymaekers@gmail.com>
|
| |
|
|
| |
Signed-off-by: Sanne Raymaekers <sanne.raymaekers@gmail.com>
|
| |
|
|
|
|
|
| |
Both weldr-client and cockpit-composer are clients available for
osbuild-composer.
Signed-off-by: Sanne Raymaekers <sanne.raymaekers@gmail.com>
|
| |
|
|
|
|
|
| |
The active, maintained upstream project is called OSBuild Composer:
https://github.com/osbuild/osbuild-composer.
Signed-off-by: Sanne Raymaekers <sanne.raymaekers@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
For any kernel modules specified as a plugin enablement trigger via
`kernel_mods`, we should automatically collect `modinfo` output for
those modules, much like we do with journals for units that are
specified for the `services` plugin enablement trigger.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
| |
Updates the images used for CentOS Stream 8/9.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
There was no testing for ubuntu 18.04, and previous manual testing found
issues, and this is still supported. Add envs similar to fedora and centos
testing. This change also ensures that ubuntu 22.04 is the one that is used
for snap builds. We don't need python3-magic on the OS, as this should now
come in-built within the snap, which will have the right version for binary
checks.
Update images to the latest ones available for Ubuntu
Signed-off-by: Arif Ali <arif.ali@canonical.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Adds a new manual collection to the `process` plugin, that tries to
compile a mapping of running processes' binaries to an owning package
via the package manager. As such, package managers now have a new
`pkg_by_path()` method that serves this purpose.
Closes: #1350
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
| |
Moves the collection and writing of GCP metadata to `collect()` and out
of `setup()`.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
| |
Moves the generation of the unpackaged file list and resulting file to
`collect()`, and out of `setup()`.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
| |
Moves the generation of digests.json via the `hashes` plugin option to
be performed in the new `collect()` step of the collection phase, rather
than generating it during setup.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Historically, sos has limited collections to existing files and command
output. While there have been many reasons for this, there have also
been several exceptions made to current plugins as well as ongoing
requests for data that is not currently provided via existing commands.
As sos evolves, it should in turn be more capable to provide diagnostic
data beyond what is strictly available via command outputs.
As such, add a new step to the collection phase that allows plugins to
perform these manual data collections. Plugins may now define their own
`collect()` method to do so, thus moving the existing exceptions out of
`setup()` phase execution.
To aide in writing these collections to the plugin directory, a new
`collection_file()` generator has been added which will handle creating,
managing, and closing the new file so that plugins only need to be
concerned with the content being written to such files.
Plugin contributors should note that these manual collections are
executed at the end of the collection phase - meaning they are more
likely to be skipped or interrupted due to plugin timeouts.
Closes: #2992
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Previously, collecting the tail output of files when a file spec exceeds
the size limit was done during `setup()` - meaning we would do the
actual collection before the `collect()` phase.
Change this, by instead saving the file name and the size to collect
during `setup()`, and only performing the actual collection during a new
`_collect_tailed_files()` step during the `collect()` phase.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
core20 has python3-magic 0.4.15, and hence the binary detection will
not work by default. Moving to core22 goes to 0.4.24-2 which would
mean this would work nevertheless. This also means migrating to using
craftctl instead of snapcraftctl.
Snap build now needs to be done on 22.04, as it core22, so chaging
the snap build for cirrus to the corresponding image. The version
cannot be set now if adopt-info is not there, so removing this for
the cirrus tests.
Signed-off-by: Arif Ali <arif.ali@canonical.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Foreman has since made several releases since we initially added
integration testing for it. Rebuilding the images is maintenance
overhead we can reduce by automating the installation of foreman on
images.
Provide this scripted installation, and expand our testing matrix to
additional versions of Foreman. As of this commit, we will be testing
versions 2.5 and 3.1 on CentOS Stream 8 to cover Red Hat Satellite
features, as well as Foreman version 3.4 (the latest current upstream)
for CentOS 8 and Debian 11.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In some configurations, we can expect usernames to be written as
`DOMAIN\user`, as well as the plain `user` form. Previously, the
domain-prefixed format would throw an exception in our obfuscation if
the letter after the `\` would cause the interpreter to regard that as a
special character.
Fix this by escaping the values passed to `get_regex_result()` so that
we can successfully compile a regex pattern object for domain-prefixed
usernames as well.
Further, when we encounter one of these usernames, the username parser
should automatically add an entry for the non-prefixed username as well.
While this will result in a secondary obfuscation match (due to the
current design of `sos clean`), this is preferable to potentially
leaving non-prefixed usernames in plaintext, if they happen to appear in
logs but not in any of our sourced files.
Related: RHBZ#2127977
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
- obfuscate also "password=.." variable values
- apply the obfuscation also to global vars dir
Resolves: #3031
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Some systems might rely on legacy yum config with default symlinks to
dnf config - sos should collect the symlinks.
Additionally, collect dnf global vars.
Related: #3031
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
For compatibility reasons on some distros, sos should not have a hard
dependency on 'magic' python library. It should attempt to use it for
detection of binary file content, but should fall back to previous "read
the very first byte" method otherwise.
Resolves: #3025
Relates: #3021
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
| |
|
|
|
|
|
|
| |
Newer OCP versions have a more restrictive default deployment
configuration. As such, add the required labels to the temporary
namespace/project we use for collections.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
A scenario was found that if a file had encoding issues when `sos clean`
went to open the file for obfuscation, we would stop processing the file
but leave it in the archive, which had the potential to leave
unobfuscated information in that file in the archive.
Fix this, by using the `errors='replace'` parameter when opening archive
files. This allows us to continue parsing the file normally, while
replacing the problematic characters with `?`s.
Closes: #3015
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
- test for #3022 .
- fixup of opt_parser being a tuple with a string
Relates: #3022
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Hostname parser works with stripped leading/trailing '.' and '_' characters
for a match. When no pattern match is found, we must return the original
unstripped item.
Resolves: #3022
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
| |
|
|
| |
Signed-off-by: Varsha Teratipally <teratipally@google.com>
|
| |
|
|
|
|
|
|
|
| |
Collect all relevant config files, a logfile and a few CLI check
outputs.
Resolves: #3020
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The domain parser is built to understand actual names, e.g.
'example.com', and not operate off of just 'example' despite the fact
that the parser handles TLDs separately.
To safeguard against potential errors when trying to parse the latter
example above as an actual domain, validate any values passed to
`--domains` during cleaner initialization.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
|
|
|
|
| |
The Fedora 36 image is now available on GCP, so update our testing
matrix to use it. Accordingly, this means we no longer need to build or
maintain our own Fedora images going forward.
Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
|
| |
|
|
| |
Signed-off-by: mahailiang <mahailiang@uniontech.com>
|
