|
 |
c81b6a |
From 0d2dd0d9ccc3242dd2dd4513924c8f308000242e Mon Sep 17 00:00:00 2001
|
|
|
c81b6a |
From: Shane Bradley <sbradley@redhat.com>
|
|
|
c81b6a |
Date: Wed, 6 May 2015 15:47:07 -0400
|
|
|
c81b6a |
Subject: [PATCH] [cluster] enable crm_report password scrubbing
|
|
|
c81b6a |
|
|
|
c81b6a |
Default to specifying a password pattern of 'passw.*' when calling
|
|
|
c81b6a |
the crm_report script. This causes matching strings to be elided
|
|
|
c81b6a |
from the report data.
|
|
|
c81b6a |
|
|
|
c81b6a |
Since this scrubbing can affect the use of pacemaker state machine
|
|
|
c81b6a |
snapshots for debugging the behaviour is controlled by a new option
|
|
|
c81b6a |
that defaults to enabled: cluster.crm_scrub
|
|
|
c81b6a |
|
|
|
c81b6a |
This can be used to obtain an sosreport containing virgin crm_report
|
|
|
c81b6a |
data with no password scrubbing:
|
|
|
c81b6a |
|
|
|
c81b6a |
# sosreport -k cluster.crm_scrub=False
|
|
|
c81b6a |
|
|
|
c81b6a |
Signed-off-by: Shane Bradley <sbradley@redhat.com>
|
|
|
c81b6a |
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
c81b6a |
---
|
|
|
c81b6a |
sos/plugins/cluster.py | 14 +++++++++++---
|
|
|
c81b6a |
1 file changed, 11 insertions(+), 3 deletions(-)
|
|
|
c81b6a |
|
|
|
c81b6a |
diff --git a/sos/plugins/cluster.py b/sos/plugins/cluster.py
|
|
|
c81b6a |
index 8dd9a4d..084c030 100644
|
|
|
c81b6a |
--- a/sos/plugins/cluster.py
|
|
|
c81b6a |
+++ b/sos/plugins/cluster.py
|
|
|
c81b6a |
@@ -25,10 +25,12 @@ class Cluster(Plugin, RedHatPlugin):
|
|
|
c81b6a |
|
|
|
c81b6a |
plugin_name = 'cluster'
|
|
|
c81b6a |
profiles = ('cluster',)
|
|
|
c81b6a |
+
|
|
|
c81b6a |
option_list = [
|
|
|
c81b6a |
("gfs2lockdump", 'gather output of gfs2 lockdumps', 'slow', False),
|
|
|
c81b6a |
("crm_from", 'specify the start time for crm_report', 'fast', False),
|
|
|
c81b6a |
- ('lockdump', 'gather dlm lockdumps', 'slow', False)
|
|
|
c81b6a |
+ ('lockdump', 'gather dlm lockdumps', 'slow', False),
|
|
|
c81b6a |
+ ('crm_scrub', 'enable password scrubbing for crm_report', '', True),
|
|
|
c81b6a |
]
|
|
|
c81b6a |
|
|
|
c81b6a |
packages = [
|
|
|
c81b6a |
@@ -112,8 +114,14 @@ class Cluster(Plugin, RedHatPlugin):
|
|
|
c81b6a |
"default" % self.get_option('crm_from'))
|
|
|
c81b6a |
|
|
|
c81b6a |
crm_dest = self.get_cmd_output_path(name='crm_report', make=False)
|
|
|
c81b6a |
- self.add_cmd_output('crm_report -S -d --dest %s --from "%s"'
|
|
|
c81b6a |
- % (crm_dest, crm_from))
|
|
|
c81b6a |
+ crm_scrub = '-p "passw.*"'
|
|
|
c81b6a |
+ if not self.get_option("crm_scrub"):
|
|
|
c81b6a |
+ crm_scrub = ''
|
|
|
c81b6a |
+ self._log_warn("scrubbing of crm passwords has been disabled:")
|
|
|
c81b6a |
+ self._log_warn("data collected by crm_report may contain"
|
|
|
c81b6a |
+ " sensitive values.")
|
|
|
c81b6a |
+ self.add_cmd_output('crm_report %s -S -d --dest %s --from "%s"'
|
|
|
c81b6a |
+ % (crm_scrub, crm_dest, crm_from))
|
|
|
c81b6a |
|
|
|
c81b6a |
def do_lockdump(self):
|
|
|
c81b6a |
if self._mount_debug():
|
|
|
c81b6a |
--
|
|
|
c81b6a |
1.8.3.1
|
|
|
c81b6a |
|