From 67734bcd4faec82e73e4a0e12d7cda87f9b8c49b Mon Sep 17 00:00:00 2001
From: Brian Gribble <83problems@users.noreply.github.com>
Date: Thu, 29 Jun 2017 09:31:23 -0400
Subject: [cs] Add Certificate System 9 data capture (#1049)

Red Hat Certificate System 9 (Dogtag 10) has been out for a while.
This commit adds the ability to capture those logs and config
files for each subsystem.

Added pki-base because redhat-pki or dogtag-pki do not have to be
installed to build a Certificate Authority.

Removed "/usr/share/java/pki" check because CS 9 uses the same
directory.

Signed-off-by: Brian Gribble <bgribble@redhat.com>
Signed-off-by: Adam Stokes <battlemidget@users.noreply.github.com>
---
 sos/plugins/cs.py | 32 ++++++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/sos/plugins/cs.py b/sos/plugins/cs.py
index 963804b7..35847a92 100644
--- a/sos/plugins/cs.py
+++ b/sos/plugins/cs.py
@@ -31,7 +31,10 @@ class CertificateSystem(Plugin, RedHatPlugin):
     packages = (
         "redhat-cs",
         "rhpki-common",
-        "pki-common"
+        "pki-common",
+        "redhat-pki",
+        "dogtag-pki",
+        "pki-base"
     )
 
     files = (
@@ -47,12 +50,17 @@ class CertificateSystem(Plugin, RedHatPlugin):
                 len(glob("/var/lib/rhpki-*")):
             return 73
         # 8 should cover dogtag
-        elif self.is_installed("pki-common") or exists("/usr/share/java/pki"):
+        elif self.is_installed("pki-common"):
             return 8
+        elif self.is_installed("redhat-pki") or \
+                self.is_installed("dogtag-pki") or \
+                self.is_installed("pki-base"):
+            return 9
         return False
 
     def setup(self):
         csversion = self.checkversion()
+
         if not csversion:
             self.add_alert("Red Hat Certificate System not found.")
             return
@@ -96,5 +104,25 @@ class CertificateSystem(Plugin, RedHatPlugin):
                 "/var/log/pki-*/transactions",
                 "/var/log/pki-*/system"
             ])
+        if csversion == 9:
+            # Get logs and configs for each subsystem if installed
+            for subsystem in ('ca', 'kra', 'ocsp', 'tks', 'tps'):
+                self.add_copy_spec([
+                    "/var/lib/pki/*/" + subsystem + "/conf/CS.cfg",
+                    "/var/lib/pki/*/logs/" + subsystem + "/system",
+                    "/var/lib/pki/*/logs/" + subsystem + "/transactions",
+                    "/var/lib/pki/*/logs/" + subsystem + "/debug",
+                    "/var/lib/pki/*/logs/" + subsystem + "/selftests.log"
+                ])
+
+            # Common log files
+            self.add_copy_spec([
+                "/var/lib/pki/*/logs/catalina.*",
+                "/var/lib/pki/*/logs/localhost*.log",
+                "/var/lib/pki/*/logs/localhost*.txt",
+                "/var/lib/pki/*/logs/manager*.log",
+                "/var/lib/pki/*/logs/host-manager*.log",
+                "/var/lib/pki/*/logs/tps/tokendb-audit.log"
+            ])
 
 # vim: set et ts=4 sw=4 :
-- 
cgit