|
|
8b0807 |
From 15ba40684bf4dceb0cc5ae535212c005c5bb7f9a Mon Sep 17 00:00:00 2001
|
|
|
8b0807 |
From: Martin Basti <mbasti@redhat.com>
|
|
|
8b0807 |
Date: Wed, 17 May 2017 13:45:41 +0200
|
|
|
8b0807 |
Subject: [PATCH] [ipa] add KRA logs
|
|
|
8b0807 |
|
|
|
8b0807 |
IPA v4 can be installed with KRA subsystem. Adding particular logs to
|
|
|
8b0807 |
plugin.
|
|
|
8b0807 |
|
|
|
8b0807 |
Closes: #1010
|
|
|
8b0807 |
|
|
|
8b0807 |
Signed-off-by: Martin Basti <mbasti@redhat.com>
|
|
|
8b0807 |
---
|
|
|
8b0807 |
sos/plugins/ipa.py | 4 ++++
|
|
|
8b0807 |
1 file changed, 4 insertions(+)
|
|
|
8b0807 |
|
|
|
8b0807 |
diff --git a/sos/plugins/ipa.py b/sos/plugins/ipa.py
|
|
|
8b0807 |
index dc0eb839..03c601d4 100644
|
|
|
8b0807 |
--- a/sos/plugins/ipa.py
|
|
|
8b0807 |
+++ b/sos/plugins/ipa.py
|
|
|
8b0807 |
@@ -60,6 +60,10 @@ class Ipa(Plugin, RedHatPlugin):
|
|
|
8b0807 |
"/var/log/pki/pki-tomcat/ca/transactions",
|
|
|
8b0807 |
"/var/log/pki/pki-tomcat/catalina.*",
|
|
|
8b0807 |
"/var/log/pki/pki-ca-spawn.*"
|
|
|
8b0807 |
+ "/var/log/pki/pki-tomcat/kra/debug",
|
|
|
8b0807 |
+ "/var/log/pki/pki-tomcat/kra/system",
|
|
|
8b0807 |
+ "/var/log/pki/pki-tomcat/kra/transactions",
|
|
|
8b0807 |
+ "/var/log/pki/pki-kra-spawn.*"
|
|
|
8b0807 |
])
|
|
|
8b0807 |
elif ipa_version == "v3":
|
|
|
8b0807 |
self.add_copy_spec([
|
|
|
8b0807 |
--
|
|
|
8b0807 |
2.13.6
|
|
|
8b0807 |
|
|
|
8b0807 |
From 4562b41f0d9dcfc07e7fc0ab3b0b253d609a459f Mon Sep 17 00:00:00 2001
|
|
|
8b0807 |
From: Thorsten Scherf <tscherf@redhat.com>
|
|
|
8b0807 |
Date: Mon, 11 Dec 2017 11:04:17 +0100
|
|
|
8b0807 |
Subject: [PATCH] [ipa] use correct PKI directories for tomcat version
|
|
|
8b0807 |
|
|
|
8b0807 |
The PKI subsystem uses different folders in IPA v3 and v4 for the NSS DB and
|
|
|
8b0807 |
the configuration files. The plugin needs to take this into account.
|
|
|
8b0807 |
|
|
|
8b0807 |
Closes: #1163
|
|
|
8b0807 |
|
|
|
8b0807 |
Signed-off-by: Thorsten Scherf <tscherf@redhat.com>
|
|
|
8b0807 |
Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
|
|
|
8b0807 |
---
|
|
|
8b0807 |
sos/plugins/ipa.py | 23 ++++++++++++++++++-----
|
|
|
8b0807 |
1 file changed, 18 insertions(+), 5 deletions(-)
|
|
|
8b0807 |
|
|
|
8b0807 |
diff --git a/sos/plugins/ipa.py b/sos/plugins/ipa.py
|
|
|
8b0807 |
index 683f8254..fe6ddf08 100644
|
|
|
8b0807 |
--- a/sos/plugins/ipa.py
|
|
|
8b0807 |
+++ b/sos/plugins/ipa.py
|
|
|
8b0807 |
@@ -83,6 +83,9 @@ class Ipa(Plugin, RedHatPlugin):
|
|
|
8b0807 |
self.pki_tomcat_dir_v4 = "/var/lib/pki/pki-tomcat"
|
|
|
8b0807 |
self.pki_tomcat_dir_v3 = "/var/lib/pki-ca"
|
|
|
8b0807 |
|
|
|
8b0807 |
+ self.pki_tomcat_conf_dir_v4 = "/etc/pki/pki-tomcat/ca"
|
|
|
8b0807 |
+ self.pki_tomcat_conf_dir_v3 = "/etc/pki-ca"
|
|
|
8b0807 |
+
|
|
|
8b0807 |
if self.ipa_server_installed():
|
|
|
8b0807 |
self._log_debug("IPA server install detected")
|
|
|
8b0807 |
|
|
|
8b0807 |
@@ -111,7 +114,6 @@ class Ipa(Plugin, RedHatPlugin):
|
|
|
8b0807 |
"/etc/dirsrv/slapd-*/schema/99user.ldif",
|
|
|
8b0807 |
"/etc/hosts",
|
|
|
8b0807 |
"/etc/named.*",
|
|
|
8b0807 |
- "/etc/pki-ca/CS.cfg",
|
|
|
8b0807 |
"/etc/ipa/ca.crt",
|
|
|
8b0807 |
"/etc/ipa/default.conf",
|
|
|
8b0807 |
"/var/lib/certmonger/requests/[0-9]*",
|
|
|
8b0807 |
@@ -119,22 +121,33 @@ class Ipa(Plugin, RedHatPlugin):
|
|
|
8b0807 |
])
|
|
|
8b0807 |
|
|
|
8b0807 |
self.add_forbidden_path("/etc/pki/nssdb/key*")
|
|
|
8b0807 |
- self.add_forbidden_path("/etc/pki-ca/flatfile.txt")
|
|
|
8b0807 |
- self.add_forbidden_path("/etc/pki-ca/password.conf")
|
|
|
8b0807 |
- self.add_forbidden_path("/var/lib/pki-ca/alias/key*")
|
|
|
8b0807 |
self.add_forbidden_path("/etc/dirsrv/slapd-*/key*")
|
|
|
8b0807 |
self.add_forbidden_path("/etc/dirsrv/slapd-*/pin.txt")
|
|
|
8b0807 |
self.add_forbidden_path("/etc/dirsrv/slapd-*/pwdfile.txt")
|
|
|
8b0807 |
self.add_forbidden_path("/etc/named.keytab")
|
|
|
8b0807 |
|
|
|
8b0807 |
+ # Make sure to use the right PKI config and NSS DB folders
|
|
|
8b0807 |
+ if ipa_version == "v4":
|
|
|
8b0807 |
+ self.pki_tomcat_dir = self.pki_tomcat_dir_v4
|
|
|
8b0807 |
+ self.pki_tomcat_conf_dir = self.pki_tomcat_conf_dir_v4
|
|
|
8b0807 |
+ else:
|
|
|
8b0807 |
+ self.pki_tomcat_dir = self.pki_tomcat_dir_v3
|
|
|
8b0807 |
+ self.pki_tomcat_conf_dir = self.pki_tomcat_conf_dir_v3
|
|
|
8b0807 |
+
|
|
|
8b0807 |
+ self.add_cmd_output("certutil -L -d %s/alias" % self.pki_tomcat_dir)
|
|
|
8b0807 |
+ self.add_copy_spec("%s/CS.cfg" % self.pki_tomcat_conf_dir)
|
|
|
8b0807 |
+ self.add_forbidden_path("%s/alias/key*" % self.pki_tomcat_dir)
|
|
|
8b0807 |
+ self.add_forbidden_path("%s/flatfile.txt" % self.pki_tomcat_conf_dir)
|
|
|
8b0807 |
+ self.add_forbidden_path("%s/password.conf" % self.pki_tomcat_conf_dir)
|
|
|
8b0807 |
+
|
|
|
8b0807 |
self.add_cmd_output([
|
|
|
8b0807 |
"ls -la /etc/dirsrv/slapd-*/schema/",
|
|
|
8b0807 |
"getcert list",
|
|
|
8b0807 |
- "certutil -L -d /var/lib/pki-ca/alias",
|
|
|
8b0807 |
"certutil -L -d /etc/httpd/alias/",
|
|
|
8b0807 |
"klist -ket /etc/dirsrv/ds.keytab",
|
|
|
8b0807 |
"klist -ket /etc/httpd/conf/ipa.keytab"
|
|
|
8b0807 |
])
|
|
|
8b0807 |
+
|
|
|
8b0807 |
for certdb_directory in glob("/etc/dirsrv/slapd-*/"):
|
|
|
8b0807 |
self.add_cmd_output(["certutil -L -d %s" % certdb_directory])
|
|
|
8b0807 |
return
|
|
|
8b0807 |
--
|
|
|
8b0807 |
2.13.6
|
|
|
8b0807 |
|
|
|
8b0807 |
From 66ef850794ad250bfe5c72795f442f908e1e3e19 Mon Sep 17 00:00:00 2001
|
|
|
8b0807 |
From: Pavel Moravec <pmoravec@redhat.com>
|
|
|
8b0807 |
Date: Fri, 26 Jan 2018 15:11:15 +0100
|
|
|
8b0807 |
Subject: [PATCH] [ipa] fix implicit concatenation of one copy_spec
|
|
|
8b0807 |
|
|
|
8b0807 |
Missing comma between "/var/log/pki/pki-ca-spawn.*"
|
|
|
8b0807 |
and "/var/log/pki/pki-tomcat/kra/debug"
|
|
|
8b0807 |
|
|
|
8b0807 |
Resolves: #1195
|
|
|
8b0807 |
|
|
|
8b0807 |
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
|
|
8b0807 |
---
|
|
|
8b0807 |
sos/plugins/ipa.py | 2 +-
|
|
|
8b0807 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
8b0807 |
|
|
|
8b0807 |
diff --git a/sos/plugins/ipa.py b/sos/plugins/ipa.py
|
|
|
8b0807 |
index fe6ddf08..08f9bcf1 100644
|
|
|
8b0807 |
--- a/sos/plugins/ipa.py
|
|
|
8b0807 |
+++ b/sos/plugins/ipa.py
|
|
|
8b0807 |
@@ -59,7 +59,7 @@ class Ipa(Plugin, RedHatPlugin):
|
|
|
8b0807 |
"/var/log/pki/pki-tomcat/ca/system",
|
|
|
8b0807 |
"/var/log/pki/pki-tomcat/ca/transactions",
|
|
|
8b0807 |
"/var/log/pki/pki-tomcat/catalina.*",
|
|
|
8b0807 |
- "/var/log/pki/pki-ca-spawn.*"
|
|
|
8b0807 |
+ "/var/log/pki/pki-ca-spawn.*",
|
|
|
8b0807 |
"/var/log/pki/pki-tomcat/kra/debug",
|
|
|
8b0807 |
"/var/log/pki/pki-tomcat/kra/system",
|
|
|
8b0807 |
"/var/log/pki/pki-tomcat/kra/transactions",
|
|
|
8b0807 |
--
|
|
|
8b0807 |
2.13.6
|
|
|
8b0807 |
|
|
|
8b0807 |
From 37c6601ddbc5ab6559a8420ce8f630d00086b1e1 Mon Sep 17 00:00:00 2001
|
|
|
8b0807 |
From: Martin Basti <mbasti@redhat.com>
|
|
|
8b0807 |
Date: Wed, 17 May 2017 13:53:20 +0200
|
|
|
8b0807 |
Subject: [PATCH] [ipa] add apache profile
|
|
|
8b0807 |
|
|
|
8b0807 |
httpd error_log collected by apache plugin contains useful
|
|
|
8b0807 |
information about IPA API operations
|
|
|
8b0807 |
|
|
|
8b0807 |
Closes: #1010
|
|
|
8b0807 |
|
|
|
8b0807 |
Signed-off-by: Martin Basti <mbasti@redhat.com>
|
|
|
8b0807 |
---
|
|
|
8b0807 |
sos/plugins/ipa.py | 2 +-
|
|
|
8b0807 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
8b0807 |
|
|
|
8b0807 |
diff --git a/sos/plugins/ipa.py b/sos/plugins/ipa.py
|
|
|
8b0807 |
index 3a0565bc..683f8254 100644
|
|
|
8b0807 |
--- a/sos/plugins/ipa.py
|
|
|
8b0807 |
+++ b/sos/plugins/ipa.py
|
|
|
8b0807 |
@@ -24,7 +24,7 @@ class Ipa(Plugin, RedHatPlugin):
|
|
|
8b0807 |
"""
|
|
|
8b0807 |
|
|
|
8b0807 |
plugin_name = 'ipa'
|
|
|
8b0807 |
- profiles = ('identity',)
|
|
|
8b0807 |
+ profiles = ('identity', 'apache')
|
|
|
8b0807 |
|
|
|
8b0807 |
ipa_server = False
|
|
|
8b0807 |
ipa_client = False
|
|
|
8b0807 |
--
|
|
|
8b0807 |
2.13.6
|
|
|
8b0807 |
|
|
|
8b0807 |
From 400f61627fe0e45192fd05c7323ee9c96d2cad37 Mon Sep 17 00:00:00 2001
|
|
|
8b0807 |
From: Pavel Moravec <pmoravec@redhat.com>
|
|
|
8b0807 |
Date: Tue, 13 Feb 2018 16:42:59 +0100
|
|
|
8b0807 |
Subject: [PATCH] [ipa] set ipa_version variable before referencing it
|
|
|
8b0807 |
|
|
|
8b0807 |
In case neither IPA v3 or v4 is installed, ipa_version remains
|
|
|
8b0807 |
uninitialized before referencing it.
|
|
|
8b0807 |
|
|
|
8b0807 |
Resolves: #1214
|
|
|
8b0807 |
|
|
|
8b0807 |
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
|
|
8b0807 |
---
|
|
|
8b0807 |
sos/plugins/ipa.py | 2 ++
|
|
|
8b0807 |
1 file changed, 2 insertions(+)
|
|
|
8b0807 |
|
|
|
8b0807 |
diff --git a/sos/plugins/ipa.py b/sos/plugins/ipa.py
|
|
|
8b0807 |
index 08f9bcf1..0d79063f 100644
|
|
|
8b0807 |
--- a/sos/plugins/ipa.py
|
|
|
8b0807 |
+++ b/sos/plugins/ipa.py
|
|
|
8b0807 |
@@ -86,6 +86,8 @@ class Ipa(Plugin, RedHatPlugin):
|
|
|
8b0807 |
self.pki_tomcat_conf_dir_v4 = "/etc/pki/pki-tomcat/ca"
|
|
|
8b0807 |
self.pki_tomcat_conf_dir_v3 = "/etc/pki-ca"
|
|
|
8b0807 |
|
|
|
8b0807 |
+ ipa_version = None
|
|
|
8b0807 |
+
|
|
|
8b0807 |
if self.ipa_server_installed():
|
|
|
8b0807 |
self._log_debug("IPA server install detected")
|
|
|
8b0807 |
|
|
|
8b0807 |
--
|
|
|
8b0807 |
2.13.6
|
|
|
8b0807 |
|