aboutsummaryrefslogtreecommitdiffstats
path: root/man
Commit message (Collapse)AuthorAgeFilesLines
* [report] Allow users to constrain sos process priorityJake Hunsaker2023-03-071-0/+6
| | | | | | | | | | | | | | Adds a new `--low-priority` option to report, which will attempt to constrain the process priority for the report generation. We do this by attempting to set ourselves to an 'idle' IO class, as well as setting our niceness to 19 to avoid contending for CPU time. This is also exposed via `sos collect`, however users should note that this will not be effective until the sos-4.5.1 release. Closes: #3127 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [report,plugin] Control journal size separate from log-sizeJake Hunsaker2023-03-021-2/+12
| | | | | | | | | | | | | | | Historically, journal sizes have been limited to the *higher* of 100MB or `--log-size`. While this had the benefit of potentially controlling both logs and journals with the same option, it was not immediately intuitive to end users and downright prevented collecting less than 100MB of journals. Address this by separating journal size limiting from `--log-size` by adding a new `--journal-size` option (default 100). This will allow users to individually control journal sizes without any "gotcha" scenarios with relation to general log size limiting. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [collect] Remove --sos-cmd optionJake Hunsaker2022-12-021-10/+0
| | | | | | | | | | | Removes the `--sos-cmd` option for `sos collect`. Allowing passthru options in this manner is inherently flawed, and any attempts at sanitizing potentially malicious/dangerous values will always be a losing battle. Instead, `sos collect` should leverage available `report` options that are vetted and handled via the existing per-node capabilities checks that is well-defined for explicit passthru options. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [cleaner,ipv6] Add support for IPv6 obfuscationJake Hunsaker2022-11-301-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This commit adds a new parser and accompanying map for obfuscating IPv6 addresses. This new parser will attempt to capture valid IPv6 networks and addresses, and produce a mostly-randomized obfuscated pair. Due to the multiple formats an IPv6 address can take, some identifiers are necessary to preserve relevant information while still obfuscating actual addresses and networks. For example, global unicast addresses that have more than one defined hextet (greater than /16 prefix) will always generate an obfuscated address starting with `534f` (or 'so', continuing the style of our mac address handling that uses 'sos' as an identifier). Addresses with a /16 prefix or less, will start with simply '53'. Private addresses, which start with `fd` will generate an obfuscated address starting with `fd53`, so that the contextual understanding that it is a private network/address can remain. Link-local addresses which start with `fe80::` will remain that way, only having the device hextets obfuscated - again, keeping the contextual information that it is a link-local interface intact, as otherwise these obfuscations may confuse end users reviewing an sos report for problems. Note that the address `::1` and `::/0` are explicitly skipped and never obfuscated, for the same reasons given above. Additionally, this parser/map will write data to the default map (and any per-run private maps) differently than previous parsers. Rather than simply dumping the obfuscation pairs into the map, it is broken up via network, with hosts belonging to that network nested inside those network entries (still being json-formatted). Users will also note that the ipv6 entries in the map also have a `version` key, which is intended to be used for handling future updates to the parser/map when upgrading from an older sos version to a newer one. This may or may not be carried over to future updates to other parsers. Closes: #3008 Related: RHBZ#2134906 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [cleaner] Allow disabling specific parsers individuallyJake Hunsaker2022-06-151-0/+12
| | | | | | | | | | | Adds a new `--disable-parsers` option that allows users to selectively disable parsers for a given execution of `sos clean`. This may be useful in specific scenarios where obfuscation is not strictly needed for all the types of data we obfuscate, and where the user trusts whomever may be receiving the archive for review. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [report,collect] Add env var and prompt options for encryptionJake Hunsaker2022-04-262-0/+41
| | | | | | | | | | | | | | | Adds a new `--encrypt` option that may be used in place of the existing encrypt-related options. If used alongside `--batch`, this new option will cause sos to set encryption options based on the `SOSENCRYPTKEY` or `SOSENCRYPTPASS` environment variables. This allows users to leverage this functionality without potentially leaking the values into `ps`-like output inside the archive. If `--batch` is not used, then this option prompts the user to select the type of method to use and then provide the value in-line, or to use the env var option. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* Use --force-pull-image option for pods created with oc.Nadia Pinaeva2022-04-071-5/+11
| | | | | | | Set --force-pull-image=True by default, can be turned off with --force-pull-image=False Signed-off-by: Nadia Pinaeva <npinaeva@redhat.com>
* [man] Mention sos-help in main sos manpagePavel Moravec2022-02-161-0/+8
| | | | | | Related to #2860 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [sos] Add 'help' component for enhanced help informationJake Hunsaker2022-01-251-0/+41
| | | | | | | | | | | | | | | | | | | | | This commit marks the beginning of the addition of a new `help` component for sos, which will be used to display more in-depth help information surrounding all the different components of sos. The command is intended to be invoked with a specific help topic in mind, that mirrors our project layout. E.G. to get help on the report component, a user would use `sos help report`, whereas to get help on a specific plugin a user would use `sos help report.plugins.$plugin`. This first commit includes both the initial framework for the `help` component, as well as updating `SoSReport` and `Plugin` to provide a basic implementation for the new subcommand. Additionally, `Policy` is given a basic framework for existing policies to report certain default values as well as available presets. A stub section is provided for the base `RedHatPolicy` to serve as a redirector for the actually used policies that subclass it. Closes: #2205
* [report] Provide better warning about estimate-modePavel Moravec2022-01-051-3/+7
| | | | | | | | | | | | As --estimate-only calculates disk usage based on `stat` data that differs from outputs of other commands like `du`, enhance the warning about reliability of the calculated estimation. Also add a rule-of-thumb recommendation of real disk space requirements. Resolves: #2815 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [report,collect] Add option to control default container runtimeJake Hunsaker2021-12-032-0/+25
| | | | | | | | | | | | Adds a new `--container-runtime` option that allows users to control what default container runtime is used by plugins for container based collections, effectively overriding policy defaults. If no runtimes are active, this option is effectively ignored. If however runtimes are active, but the requested one is not, raise an exception to abort collection with an appropriate message to the user. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [transports] Add 'oc' as a transport option for remote nodesJake Hunsaker2021-10-291-0/+1
| | | | | | | | | | | | | | | | | This commit adds a new transport for `sos collect` by leveraging a locally available `oc` binary that has been properly configured for access to an OCP cluster. This transport will allow users to use `sos collect` to collect reports from an OCP cluster without directly connecting to any of the nodes involved. We do this by using the `oc` binary to first launch a pod on target node(s) and then exec our discovery commands and eventual `sos report` command to that pod. This in turn is dependent on a function API for the `oc` binary to communicate with. In the event that `oc` is not __locally__ available or is not properly configured, we will fallback to the current default of using SSH ControlPersist to directly connect to the nodes. Otherwise, the OCP cluster will attempt to automatically use this new transport.
* [collect] Add --transport option and allow clusters to set transport typeJake Hunsaker2021-10-291-0/+15
| | | | | | | | | | | | | | | Adds a new `--transport` option for users to be able to specify the type of transport to use when connecting to nodes. The default value of `auto` will defer to the cluster profile to set the transport type, which will continue to default to use OpenSSH's ControlPersist feature. Clusters may override the new `set_transport_type()` method to change the default transport used. If `--transport` is anything besides `auto`, then the cluster profile will not be deferred to when choosing a transport for each remote node. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [cleaner] Add support for Insights client archivesJake Hunsaker2021-09-131-0/+1
| | | | | | | Adds a new type of `SoSObfuscationArchive` to add support for obfuscating archives generated by the Insights project. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [clean] Provide archive abstractions to obfuscate more than sos archivesJake Hunsaker2021-09-131-0/+25
| | | | | | | | | | | | | | | | | | | | | This commit removes the restriction imposed on `sos clean` since its introduction in sos-4.0 to only work against known sos report archives or build directories. This is because there has been interest in using the obfuscation bits of sos in other data-collector projects. The `SoSObfuscationArchive()` class has been revamped to now be an abstraction for different types of archives, and the cleaner logic has been updated to leverage this new abstraction rather than assuming we're working on an sos archive. Abstractions are added for our own native use cases - that being `sos report` and `sos collect` for at-runtime obfuscation, as well as standalone archives previously generated. Further generic abstractions are available for plain directories and tarballs however these will not provide the same level of coverage as fully supported archive types, as is noted in the manpage for sos-clean. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [report] Implement --estimate-onlyPavel Moravec2021-09-091-1/+12
| | | | | | | | | Add report option --estimate-only to estimate disk space requirements when running a sos report. Resolves: #2673 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [collect,docs] Drop `--master` and update internal referencesJake Hunsaker2021-08-233-14/+14
| | | | | | | | | | | | | | | | This commit follows up on the previous changes from #2555 by fully dropping the `--master` option in favor of `--primary`, `--manager`, and `--controller`. Internal references have been updated as well, using the term `primary` across all instances. Note that within OCP cluster profile, 'primary' labeling and option setting still relies on the 'master' label/role reported by the environment, as that remains the term used to identify such nodes. Resolves: #2329 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [sos|options] Add global 'namespaces' optionJake Hunsaker2021-08-021-0/+10
| | | | | | | | | | | | | | | Adds a global `--namespaces` option that can be used to limit the number of namespaces all plugins will iterate over. If a plugin provides a specific plugin option, such as the `networking.namespaces` option, then if set that plugin option will override the global option value. The global option defaults to not limiting namespaces, matching current behavior. Closes: #2092 Resolves: #2547 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [cleaner] Remove binary files by defaultJake Hunsaker2021-06-151-0/+12
| | | | | | | | | | | | | | | | | | Binary files generally speaking cannot be obfuscated, and as such we should remove them from archives being obfuscated by default so that sensitive data is not mistakenly included in an obfuscated archive. This commits adds a new `--keep-binary-files` option that if used will keep any encountered binary files in the final archive. The default option of `false` will ensure that encountered binary files are removed. The number of removed binary files per archive is reported when obfuscation is completed for that archive. Closes: #2478 Resolves: #2524 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [man] unify some syntax in manpagesPavel Moravec2021-06-144-4/+9
| | | | | | | | | | Unify capitalisation of name and synopsis. Add references to sos.conf to SEE ALSO of all binaries. Resolves: #2581 Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [collect] Add options to provide registry auth for pulling imagesJake Hunsaker2021-06-021-0/+30
| | | | | | | | | | | | | | | | | | Adds options that allow a user to specify registry authentication, either via username/password or an authfile, to allow pulling an image that exists on a non-public registry. If a username/password is provided, that will be used. If not, we will attempt to use an authfile - either provided by the user or by a cluster profile. Also adds an option to forcibly pull a new(er) version of the specified image, to alleviate conditions where a too-old version of the image already exists on the host. Closes: #2534 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [Policy] Add SFTP upload supportJake Hunsaker2021-06-011-0/+14
| | | | | | | | | | Adds support for uploading via SFTP. This is done via pexpect calling the system's locally available SFTP binary. If either that binary or pexpect are unavailable on the local system, we will exit gracefully and report the issue. This allows sos to keep python3-pexpect as a recommends rather than a hard dependency. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [docs] Clarify profile in manpage and how to enable further pluginsJake Hunsaker2021-05-141-6/+14
| | | | | | | | | | | | | | | Updates the language in the manpage to clarify that in order to enable additional plugins outside of a profile when a profile is specified, that users must use `-o` instead of `-e`. Remove the 'current profiles' list from the manpage as it is outdated and it is better to refer users to the list reported by the local installation. Closes: #504 Resolves: #2543 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [Policy] Allow users to toggle SSL verification for HTTPS uploadsJake Hunsaker2021-05-141-1/+9
| | | | | | | | | | | Adds a new `--upload-no-ssl-verify` option that controls if we verify the SSL certificate for an upload target. This will default to `False` to retain previous default behavior of performing SSL verification. Closes: #2497 Resolves: #2540 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [Policy] Correct and clarify https upload internalsJake Hunsaker2021-05-141-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | The python requests module does not provide actual support for streaming, that is provided by requests-toolchain. The support in requests is for easy multipart uploads. The internal methods and variables for https uploads within `Policy` however revolve around streaming enablement, but don't actually influence the use of streaming or not. This was due to placeholders during development just being carried forward rather than corrected before merge. This was largely forgotten about, until recent reports of upload issues for user-provided endpoints. This commit serves to correct the language around the currently supported https upload functionality. That is, we either use a 'put' or 'post' based on the loaded policy defaults. Further, allow users to control this setting with a new `--upload-method` option. This will allow users to specify upload urls that may require the opposite HTTP method than what the policy defaults dictate. Related: #2497 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [man] Add missing log-size report option to collect manpageJake Hunsaker2021-04-301-0/+13
| | | | | | | | | The `collect` component supports `--log-size` as a passthru option for report. Add it to the `collect` manpage for completeness. Related: #2510 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [man] Properly document size limits in manpageJake Hunsaker2021-04-301-3/+11
| | | | | | | | | | | Updates the description of `--log-size` in the manpage for `report` so that it accurately reflects how size limitations are determined and imposed during collections. Closes: #1900 Resolves: #2513 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [logging] Fix archive debug logging, adjust verbosity levelsJake Hunsaker2021-04-281-0/+8
| | | | | | | | | | | | | | | | | Fixes an issue where archive debug logging was controlled by the use of `--debug` rather than `--verbose`. Removes a superfluous log in `FileCacheArchive.add_link()`. Also, adjusts the different verbosity levels to be more meaninful. Now, the use of `-v` will enable debug logging but will not print those messages to console, `-vv` will print debug logging to console, while `-vvv` will enable archive debug logging which is expected to be significant due to most file operations being logging at some point with archive debug logging. Resolves: #2507 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [report] add --cmd-timeout optionPavel Moravec2021-04-051-1/+17
| | | | | | | | | | | | | | Add --cmd-timeout option to configure command timeout. Plugin-specific option of the same name (i.e. -k logs.cmd-timeout=60) can control the timeout per plugin. Option defaults and global/plugin-specific option preference follows the --plugin-timeout rules. Resolves: #2466 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [man] Multiple fixes in man pagesJose Castillo2021-03-043-8/+20
| | | | | | | | | | | This patch fixes references to sosreport, to the preferred 'sos report'. Also adds "SEE ALSO" consistently for all man pages, and fixes a MAINTAINER line. Resolves: #2432 Signed-off-by: Jose Castillo <jcastillo@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* Clarify default timeout for all pluginsJose Castillo2021-02-221-1/+2
| | | | | | | | | | | | | | | The default timeout for all plugins is 300, but the global timeout is set as -1 in the option list. This is because this timeout is unset by default. This patch attempts to clarify the -1 exposed to the user when using commands like 'sos report -l', via the option description as well as a note clarifying it in the man page. Closes: #2003 Resolves: #2415 Signed-off-by: Jose Castillo <jcastillo@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [clean] Allow specifying keywords in a text fileJake Hunsaker2021-02-221-0/+6
| | | | | | | | | | | | | | | This commit adds the ability for users to provide a text file with a list of newline-delimited keywords that should be obfuscated, rather than requiring all keywords be specified either by the `--keywords` option or configuration file settings. Files may be provided via the new `--keyword-file` option which is available to `clean`, `collect`, and `report`. Closes: #2401 Resolves: #2408 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [cleaner] Add 'cleaner' alias functionalityJose Castillo2021-02-091-2/+3
| | | | | | | | | | | The option 'cleaner' was not implemented as an alias. This patch enables it for both 'sos report' and 'sos collect'. Resolves: #2405 Signed-off-by: Jose Castillo <jcastillo@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [sos] Align plugin options with destination namesJake Hunsaker2021-02-032-3/+3
| | | | | | | | | | | | | This commit alters several option long-form names or destination names to align those values in a sensible way. This serves to not only remove some abiguity in option naming in code, but also to make it so that the "effective options" line logged in every sos execution can be direction copy-pasted as a working command. Closes: #2288 Resolves: #2398 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [report] clean up references to ticket-numberPavel Moravec2021-01-191-7/+1
| | | | | | | | | | | | | Cleaning up references of --ticket-number, as it was fully replaced by --case-id. The credit goes to @mamatha4 . Resolves: #2375 Relates to: #2374 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [report] Allow users to specify commands and files to skipJake Hunsaker2020-11-032-0/+28
| | | | | | | | | | | | | | | Adds two new options, `--skip-commands` and `--skip-files`, that allow users to selectively skip specific command or file collection instead of having to disable whole plugins to skip those collections. These options are also exposed via `sos collect`, being gated by a version of 4.1 since that is the next scheduled release where we can guarantee this functionality will be present. Closes: #2203 Resolves: #2271 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [Policy] Allow upload username/password provided via environment varsJake Hunsaker2020-09-021-0/+11
| | | | | | | | | | | | | | | The username and password used by `Policy` when `--upload` is used may now be read via environment variables to avoid sensitive information from being included in `ps` output if they were provided via command-line options instead of the interactive prompts. Upload username may now be provided via the SOSUPLOADUSER variable. Upload password may now be provided via the SOSUPLOADPASSWORD variable. Resolves: #2216 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [docs] Update man page for sos.conf after configuration redesignJake Hunsaker2020-07-212-2/+76
| | | | | | | | | | | | | Updates the manpage for further changes to the configuration design of sos. `man sos.conf` now includes information on non-root user overrides, as well as information regarding the subdirectories under `/etc/sos/` or `$HOME/.config/sos/`. The `sos_extras` plugin docstring has been copied into the man page as well for better coverage of how users are expected to use that plugin. The docstring remains in place in the actual plugin as well. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [global] Update config file location and layoutJake Hunsaker2020-07-211-21/+23
| | | | | | | | | | | | | | | | | | | Moves the default config file we look for to /etc/sos/sos.conf instead of /etc/sos.conf. Extends the config file to look for a section matching the name of the component being used. Renames the "general" section to "global" and the "tunables" section to "plugin_options". Updates the default sos.conf to this style and adds some comments to the file. Update the man page for sos.conf. Note that this commit does NOT update sos.spec to drop the default configuration file in the new location, as that will be handled by a later commit to update the specfile wholesale. Closes: #2125 Resolves: #2136 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [man] Fix typos in man pagesPonnuvel Palaniyappan2020-06-293-4/+4
| | | | | | | | | Fix several typos within the manpage Resolves: #2133 Signed-off-by: Ponnuvel Palaniyappan <ponnuvel.palaniyappan@canonical.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [man] fix a typo in default_mapping filenamePavel Moravec2020-06-181-1/+1
| | | | Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
* [cleaner] Add user-provided keyword obfuscationJake Hunsaker2020-06-171-0/+7
| | | | | | | | | Adds a new parser and map to allow user defined keyword obfuscation. Users may now use the `--keywords` option to have `SoSCleaner` scan lines for matching keywords, and replace them in place like we do for other parsers. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [cleaner] Add hostname parserJake Hunsaker2020-06-171-0/+8
| | | | | | | | | | | | Adds a hostname parser to `sos clean` that will attempt to obfuscate FQDNs matching the hostname of the system that generated the sosreport, as found in sos_commands/host/hostname. Additionally, any domains added via the `--domains` option will also be obfuscated, including any subdomains of the domain(s) specified by the option. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [docs] Add manpage for sos cleanJake Hunsaker2020-06-173-0/+115
| | | | | | | | | | | Adds a manpage for `sos clean`, with a link for `sos mask`. Updates `man sos` as well to include the options moved into the global group as part of the SoSCleaner patchset. Related: #1987 Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [man] update references to 'general' pluginPavel Moravec2020-05-191-2/+2
| | | | | | | | | | | 'general' plugin was replaced by 'host' plugin years ago. Let update an example in man pages accordingly. Resolves: #2072 Signed-off-by: Pavel Moravec <pmoravec@redhat.com> Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [collector] Passthru --threads, replace with --jobs for collectJake Hunsaker2020-04-221-6/+15
| | | | | | | | | | Replaces the previous `--threads` option in collect with a `--jobs` option to determine the number of concurrent collections to run. Uses `--threads` as a passthru option now if the node supports it (sos-3.6+), in an effort to unify option meanings between components. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [options] Rename insecure-sudo to nopasswd-sudoJake Hunsaker2020-04-221-2/+2
| | | | Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [docs] Add general sos manpage, rename sosreport.1, add symlinksJake Hunsaker2020-04-224-334/+418
| | | | | | | | | | | | Adds a general manpage for the sos command that then points to the available components. Renames sosreport.1 to sos-report.1 to match the component style, and then symlinks sosreport.1 to it. Adds a symlink from sos-collector.1 to sos-collect.1. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [docs] Add manpage for sos collectJake Hunsaker2020-04-221-0/+312
| | | | | | | | | | Adds the manpage from sos-collector to the tree as 'sos-collect', and updates the instances of 'sos-collector' to 'sos collect' within the manpage. Additionally updates the man page to include newly available options. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
* [man] Update manpage for --upload and related optionsJake Hunsaker2020-02-141-0/+56
| | | | | | | Adds manage entries for the various --upload options added as part of the previous patches adding upload functionality. Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>