diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..0964ff6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+SOURCES/sos-3.8.tar.gz
+SOURCES/sos-audit-0.3.tgz
diff --git a/.sos.metadata b/.sos.metadata
new file mode 100644
index 0000000..0c29651
--- /dev/null
+++ b/.sos.metadata
@@ -0,0 +1,2 @@
+99c94319c6208edef8d852b9e84cbb045c01df5f SOURCES/sos-3.8.tar.gz
+9d478b9f0085da9178af103078bbf2fd77b0175a SOURCES/sos-audit-0.3.tgz
diff --git a/SOURCES/sos-bz1688764-ipa-new-logs.patch b/SOURCES/sos-bz1688764-ipa-new-logs.patch
new file mode 100644
index 0000000..a120ae5
--- /dev/null
+++ b/SOURCES/sos-bz1688764-ipa-new-logs.patch
@@ -0,0 +1,84 @@
+From f2350aece8a6980f80cfa0036382055239fd8a6b Mon Sep 17 00:00:00 2001
+From: Thorsten Scherf <tscherf@redhat.com>
+Date: Mon, 1 Jul 2019 11:37:47 +0200
+Subject: [PATCH] [ipa] copy httpd cert from new location
+
+With the FreeIPA 4.7.0 release, httpd moved from mod_nss to mod_ssl. As a
+result the httpd X.509 certificate is now no longer stored in NSS DB but as
+plain PEM text file: /var/lib/ipa/certs/httpd.crt. The plugin needs to copy
+this file into the sos archive.
+
+Closes: #1715
+Resolves: #1716
+
+Signed-off-by: Thorsten Scherf <tscherf@redhat.com>
+Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
+---
+ sos/plugins/ipa.py | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/sos/plugins/ipa.py b/sos/plugins/ipa.py
+index 50f42f259..310c0fa31 100644
+--- a/sos/plugins/ipa.py
++++ b/sos/plugins/ipa.py
+@@ -115,6 +115,7 @@ def setup(self):
+ "/var/lib/certmonger/requests/[0-9]*",
+ "/var/lib/certmonger/cas/[0-9]*",
+ "/var/lib/ipa/ra-agent.pem",
++ "/var/lib/ipa/certs/httpd.crt",
+ "/var/kerberos/krb5kdc/kdc.crt",
+ "/var/lib/ipa/sysrestore/sysrestore.state"
+ ])
+From 5c0b2d56313b6fa58b46802317c98b89e5a68508 Mon Sep 17 00:00:00 2001
+From: Rob Crittenden <rcritten@redhat.com>
+Date: Thu, 12 Sep 2019 12:02:34 -0400
+Subject: [PATCH] [ipa] collect ipa-healthcheck logs
+
+Resolves: #1782
+
+Signed-off-by: Rob Crittenden <rcritten@redhat.com>
+Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
+---
+ sos/plugins/ipa.py | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/sos/plugins/ipa.py b/sos/plugins/ipa.py
+index 310c0fa31..750cb6fae 100644
+--- a/sos/plugins/ipa.py
++++ b/sos/plugins/ipa.py
+@@ -117,7 +117,8 @@ def setup(self):
+ "/var/lib/ipa/ra-agent.pem",
+ "/var/lib/ipa/certs/httpd.crt",
+ "/var/kerberos/krb5kdc/kdc.crt",
+- "/var/lib/ipa/sysrestore/sysrestore.state"
++ "/var/lib/ipa/sysrestore/sysrestore.state",
++ "/var/log/ipa/healthcheck/healthcheck.log*"
+ ])
+
+ # Make sure to use the right PKI config and NSS DB folders
+From 823dbabde82ee941c421482a71be572984607ad4 Mon Sep 17 00:00:00 2001
+From: Pavel Moravec <pmoravec@redhat.com>
+Date: Tue, 1 Oct 2019 08:26:24 +0200
+Subject: [PATCH] [ipa] collect kdcproxy configs
+
+Resolves: #1806
+
+Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
+---
+ sos/plugins/ipa.py | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/sos/plugins/ipa.py b/sos/plugins/ipa.py
+index 750cb6fae..d3454de98 100644
+--- a/sos/plugins/ipa.py
++++ b/sos/plugins/ipa.py
+@@ -111,6 +111,9 @@ def setup(self):
+ "/etc/named.*",
+ "/etc/ipa/ca.crt",
+ "/etc/ipa/default.conf",
++ "/etc/ipa/kdcproxy/kdcproxy.conf",
++ "/etc/ipa/kdcproxy/ipa-kdc-proxy.conf",
++ "/etc/ipa/kdcproxy.conf",
+ "/root/.ipa/log/cli.log",
+ "/var/lib/certmonger/requests/[0-9]*",
+ "/var/lib/certmonger/cas/[0-9]*",
diff --git a/SOURCES/sos-bz1709682-grub2-mkconfig-dont-remove-kernel-opts.patch b/SOURCES/sos-bz1709682-grub2-mkconfig-dont-remove-kernel-opts.patch
new file mode 100644
index 0000000..3f20a54
--- /dev/null
+++ b/SOURCES/sos-bz1709682-grub2-mkconfig-dont-remove-kernel-opts.patch
@@ -0,0 +1,180 @@
+From 7097f737339f0cde6da923a4ce16a008d229cda7 Mon Sep 17 00:00:00 2001
+From: Pavel Moravec <pmoravec@redhat.com>
+Date: Mon, 16 Sep 2019 17:13:27 +0200
+Subject: [PATCH 1/2] [plugins] extend SoSPredicate by command output inclusion
+ test
+
+Add a predicate type in form
+
+cmd_outputs={'cmd': 'foo --help', 'output': 'bar'}
+
+that checks whether output of given command contains given string.
+
+Multiple commands/outputs can be provided in a list.
+
+Related to: #1682
+
+Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
+---
+ sos/plugins/__init__.py | 57 +++++++++++++++++++++++++++++++++++------
+ 1 file changed, 49 insertions(+), 8 deletions(-)
+
+diff --git a/sos/plugins/__init__.py b/sos/plugins/__init__.py
+index a0b291bea..516a61109 100644
+--- a/sos/plugins/__init__.py
++++ b/sos/plugins/__init__.py
+@@ -115,6 +115,9 @@ class SoSPredicate(object):
+ #: Services enablement list
+ services = []
+
++ # Command output inclusion pairs {'cmd': 'foo --help', 'output': 'bar'}
++ cmd_outputs = []
++
+ def __str(self, quote=False, prefix="", suffix=""):
+ """Return a string representation of this SoSPredicate with
+ optional prefix, suffix and value quoting.
+@@ -128,14 +131,23 @@ class SoSPredicate(object):
+
+ services = self.services
+ services = [quotes % s for s in services] if quote else services
+- pstr += "services=[%s]" % (",".join(services))
++ pstr += "services=[%s], " % (",".join(services))
++
++ cmdoutputs = [
++ "{ %s: %s, %s: %s }" % (quotes % "cmd",
++ quotes % cmdoutput['cmd'],
++ quotes % "output",
++ quotes % cmdoutput['output'])
++ for cmdoutput in self.cmd_outputs
++ ]
++ pstr += "cmdoutputs=[%s]" % (",".join(cmdoutputs))
+
+ return prefix + pstr + suffix
+
+ def __str__(self):
+ """Return a string representation of this SoSPredicate.
+
+- "dry_run=False, kmods=[], services=[]"
++ "dry_run=False, kmods=[], services=[], cmdoutputs=[]"
+ """
+ return self.__str()
+
+@@ -143,7 +155,7 @@ class SoSPredicate(object):
+ """Return a machine readable string representation of this
+ SoSPredicate.
+
+- "SoSPredicate(dry_run=False, kmods=[], services=[])"
++ "SoSPredicate(dry_run=False, kmods=[], services=[], cmdoutputs=[])"
+ """
+ return self.__str(quote=True, prefix="SoSPredicate(", suffix=")")
+
+@@ -170,15 +182,39 @@ class SoSPredicate(object):
+ else:
+ return all(_svcs)
+
++ def _eval_cmd_output(self, cmd_output):
++ '''Does 'cmd' output contain string 'output'?'''
++ if 'cmd' not in cmd_output or 'output' not in cmd_output:
++ return False
++ result = sos_get_command_output(cmd_output['cmd'])
++ if result['status'] != 0:
++ return False
++ for line in result['output'].splitlines():
++ if cmd_output['output'] in line:
++ return True
++ return False
++
++ def _eval_cmd_outputs(self):
++ if not self.cmd_outputs:
++ return True
++
++ _cmds = [self._eval_cmd_output(c) for c in self.cmd_outputs]
++
++ if self.required['commands'] == 'any':
++ return any(_cmds)
++ else:
++ return all(_cmds)
++
+ def __nonzero__(self):
+ """Predicate evaluation hook.
+ """
+
+ # Null predicate?
+- if not any([self.kmods, self.services, self.dry_run]):
++ if not any([self.kmods, self.services, self.cmd_outputs, self.dry_run]):
+ return True
+
+- return ((self._eval_kmods() and self._eval_services()) and not
++ return ((self._eval_kmods() and self._eval_services() and
++ self._eval_cmd_outputs()) and not
+ self.dry_run)
+
+ def __bool__(self):
+@@ -187,14 +223,17 @@ class SoSPredicate(object):
+ return self.__nonzero__()
+
+ def __init__(self, owner, dry_run=False, kmods=[], services=[],
+- required={}):
++ cmd_outputs=[], required={}):
+ """Initialise a new SoSPredicate object.
+ """
+ self._owner = owner
+ self.kmods = list(kmods)
+ self.services = list(services)
++ if not isinstance(cmd_outputs, list):
++ cmd_outputs = [cmd_outputs]
++ self.cmd_outputs = cmd_outputs
+ self.dry_run = dry_run | self._owner.commons['cmdlineopts'].dry_run
+- self.required = {'kmods': 'any', 'services': 'any'}
++ self.required = {'kmods': 'any', 'services': 'any', 'commands': 'any'}
+ self.required.update({
+ k: v for k, v in required.items() if
+ required[k] != self.required[k]
+
+From 47e434c50e63f80e4b620e74d81c636c8c8a8d97 Mon Sep 17 00:00:00 2001
+From: Pavel Moravec <pmoravec@redhat.com>
+Date: Mon, 16 Sep 2019 17:15:40 +0200
+Subject: [PATCH 2/2] [grub2] call grub2-config with --no-grubenv-update when
+ appropriate
+
+On some newer grub2 versions, grub2-config removes extra args in
+$kernel_opts until --no-grubenv-update option is used.
+
+Test if the option is present in "grub2-config --help" and if so, use it.
+
+Resolves: #1682
+
+Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
+---
+diff --git a/sos/plugins/grub2.py b/sos/plugins/grub2.py
+index 9786de44d..0ca6fe096 100644
+--- a/sos/plugins/grub2.py
++++ b/sos/plugins/grub2.py
+@@ -6,7 +6,8 @@
+ #
+ # See the LICENSE file in the source distribution for further information.
+
+-from sos.plugins import Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin
++from sos.plugins import (Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin,
++ SoSPredicate)
+
+
+ class Grub2(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin):
+@@ -32,9 +33,16 @@ def setup(self):
+ self.add_cmd_output("ls -lanR /boot")
+ # call grub2-mkconfig with GRUB_DISABLE_OS_PROBER=true to prevent
+ # possible unwanted loading of some kernel modules
++ # further, check if the command supports --no-grubenv-update option
++ # to prevent removing of extra args in $kernel_opts, and (only) if so,
++ # call the command with this argument
+ env = {}
+ env['GRUB_DISABLE_OS_PROBER'] = 'true'
+- self.add_cmd_output("grub2-mkconfig", env=env)
++ grub_cmd = 'grub2-mkconfig'
++ co = {'cmd': 'grub2-mkconfig --help', 'output': '--no-grubenv-update'}
++ if self.test_predicate(self, pred=SoSPredicate(self, cmd_outputs=co)):
++ grub_cmd += ' --no-grubenv-update'
++ self.add_cmd_output(grub_cmd, env=env)
+
+ def postproc(self):
+ # the trailing space is required; python treats '_' as whitespace
diff --git a/SOURCES/sos-bz1721779-ebpf-net-list.patch b/SOURCES/sos-bz1721779-ebpf-net-list.patch
new file mode 100644
index 0000000..a1858a0
--- /dev/null
+++ b/SOURCES/sos-bz1721779-ebpf-net-list.patch
@@ -0,0 +1,29 @@
+From 62b77dcd78dc271879d01f0132acea1952ef226d Mon Sep 17 00:00:00 2001
+From: Pavel Moravec <pmoravec@redhat.com>
+Date: Thu, 27 Jun 2019 13:44:40 +0200
+Subject: [PATCH] [kernel] collect "bpftool net list"
+
+List bpf program attachments in the kernel networking subsystem.
+
+Resolves: #1712
+
+Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
+---
+ sos/plugins/kernel.py | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/sos/plugins/kernel.py b/sos/plugins/kernel.py
+index 558e71438..bf3c3deaa 100644
+--- a/sos/plugins/kernel.py
++++ b/sos/plugins/kernel.py
+@@ -142,6 +142,10 @@ class Kernel(Plugin, RedHatPlugin, Debia
+ if not self.get_option("trace"):
+ self.add_forbidden_path("/sys/kernel/debug/tracing/trace")
+
++ # collect list of bpf program attachments in the kernel
++ # networking subsystem
++ self.add_cmd_output("bpftool net list")
++
+ # collect list of eBPF programs and maps and their dumps
+ prog_file = self.get_cmd_output_now("bpftool -j prog list")
+ for prog_id in self.get_bpftool_prog_ids(prog_file):
diff --git a/SOURCES/sos-bz1738391-kernel-no-trace-by-default.patch b/SOURCES/sos-bz1738391-kernel-no-trace-by-default.patch
new file mode 100644
index 0000000..5aec064
--- /dev/null
+++ b/SOURCES/sos-bz1738391-kernel-no-trace-by-default.patch
@@ -0,0 +1,79 @@
+From 55949fb88c492eec542c69157a8763ddb3555345 Mon Sep 17 00:00:00 2001
+From: MIZUTA Takeshi <mizuta.takeshi@fujitsu.com>
+Date: Thu, 6 Jun 2019 18:42:40 +0900
+Subject: [PATCH] [plugins] Change forbidden_path from partial-match to
+ exact-match
+
+forbidden_path is evaluated on partial-match.
+However, it will be correct to evaluate on exact-match.
+
+Closes: #1692
+Resolves: #1695
+
+Signed-off-by: MIZUTA Takeshi <mizuta.takeshi@fujitsu.com>
+Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
+---
+ sos/plugins/__init__.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sos/plugins/__init__.py b/sos/plugins/__init__.py
+index 56af847a..41f4f58c 100644
+--- a/sos/plugins/__init__.py
++++ b/sos/plugins/__init__.py
+@@ -64,7 +64,7 @@ def _mangle_command(command, name_max):
+
+
+ def _path_in_path_list(path, path_list):
+- return any(p in path for p in path_list)
++ return any(p == path for p in path_list)
+
+
+ def _node_type(st):
+--
+2.21.0
+
+From d2d5b9da6d4af7ead8a47468db0bbfcc8fb2b5bf Mon Sep 17 00:00:00 2001
+From: Pavel Moravec <pmoravec@redhat.com>
+Date: Thu, 26 Sep 2019 10:50:18 +0200
+Subject: [PATCH] [kernel] Don't collect trace file by default
+
+Updates the plugin to don't collect trace file by default. Collecting
+trace file may take a lot of time, so trace file is not collected
+by default, and use the new plug-in option when collecting.
+
+Original author: MIZUTA Takeshi <mizuta.takeshi@fujitsu.com>
+
+Closes: #1688
+Resolves: #1800
+
+Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
+Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
+---
+ sos/plugins/kernel.py | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/sos/plugins/kernel.py b/sos/plugins/kernel.py
+index bf3c3dea..b498f55e 100644
+--- a/sos/plugins/kernel.py
++++ b/sos/plugins/kernel.py
+@@ -23,7 +23,8 @@ class Kernel(Plugin, RedHatPlugin, Debia
+ sys_module = '/sys/module'
+
+ option_list = [
+- ("with-timer", "gather /proc/timer* statistics", "slow", False)
++ ("with-timer", "gather /proc/timer* statistics", "slow", False),
++ ("trace", "gather /sys/kernel/debug/tracing/trace file", "slow", False)
+ ]
+
+ def get_bpftool_prog_ids(self, prog_file):
+@@ -138,6 +139,9 @@ class Kernel(Plugin, RedHatPlugin, Debia
+ # and may also cause softlockups
+ self.add_copy_spec("/proc/timer*")
+
++ if not self.get_option("trace"):
++ self.add_forbidden_path("/sys/kernel/debug/tracing/trace")
++
+ # collect list of eBPF programs and maps and their dumps
+ prog_file = self.get_cmd_output_now("bpftool -j prog list")
+ for prog_id in self.get_bpftool_prog_ids(prog_file):
+2.21.0
diff --git a/SOURCES/sos-bz1741330-openswan-to-libreswan.patch b/SOURCES/sos-bz1741330-openswan-to-libreswan.patch
new file mode 100644
index 0000000..db247d2
--- /dev/null
+++ b/SOURCES/sos-bz1741330-openswan-to-libreswan.patch
@@ -0,0 +1,104 @@
+From b061168bdae759c88e9ef93f3620edae404e69fe Mon Sep 17 00:00:00 2001
+From: Stepan Broz <sbroz@redhat.com>
+Date: Thu, 26 Sep 2019 12:56:00 +0200
+Subject: [PATCH] [libreswan] New plugin for "libreswan" IPsec
+
+The "libreswan" package is replacing "openswan" in many distributions.
+This plugin is replacing the original "openswan" plugin that it is
+based on.
+
+This plugin will now run for both "libreswan" and "openswan" packages,
+or when the configuration file "/etc/ipsec.conf" is present.
+
+Data collected now include configuration, current status, XFRM policy
+and state, XFRM statistics, basic information about certificates and
+the NSS database.
+
+No private data (keys, certificates, secrets) are collected, authenti-
+cation and encryption keys are removed from the output of
+"ip xfrm state", and also from "ipsec barf" when running with the
+"ipsec-barf" option set.
+
+Signed-off-by: Stepan Broz <sbroz@redhat.com>
+---
+ sos/plugins/{openswan.py => libreswan.py} | 37 ++++++++++++++++++-----
+ 1 file changed, 30 insertions(+), 7 deletions(-)
+ rename sos/plugins/{openswan.py => libreswan.py} (50%)
+
+diff --git a/sos/plugins/openswan.py b/sos/plugins/libreswan.py
+similarity index 50%
+rename from sos/plugins/openswan.py
+rename to sos/plugins/libreswan.py
+index ce5581320..717329b87 100644
+--- a/sos/plugins/openswan.py
++++ b/sos/plugins/libreswan.py
+@@ -1,4 +1,5 @@
+ # Copyright (C) 2007 Sadique Puthen <sputhenp@redhat.com>
++# Copyright (C) 2019 Red Hat Inc., Stepan Broz <sbroz@redhat.com>
+
+ # This file is part of the sos project: https://github.com/sosreport/sos
+ #
+@@ -11,29 +12,38 @@
+ from sos.plugins import Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin
+
+
+-class Openswan(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin):
+- """Openswan IPsec
++class Libreswan(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin):
++ """Libreswan IPsec
+ """
+
+- plugin_name = 'openswan'
+- profiles = ('network', 'security')
++ plugin_name = 'libreswan'
++ profiles = ('network', 'security', 'openshift')
+ option_list = [
+ ("ipsec-barf", "collect the output of the ipsec barf command",
+ "slow", False)
+ ]
+
+ files = ('/etc/ipsec.conf',)
+- packages = ('openswan', 'libreswan')
++ packages = ('libreswan', 'openswan')
+
+ def setup(self):
+ self.add_copy_spec([
+ "/etc/ipsec.conf",
+- "/etc/ipsec.d"
++ "/etc/ipsec.d",
++ "/proc/net/xfrm_stat"
+ ])
+
+ # although this is 'verification' it's normally a very quick
+ # operation so is not conditional on --verify
+- self.add_cmd_output("ipsec verify")
++ self.add_cmd_output([
++ 'ipsec verify',
++ 'ipsec whack --status',
++ 'ipsec whack --listall',
++ 'certutil -L -d sql:/etc/ipsec.d',
++ 'ip xfrm policy',
++ 'ip xfrm state'
++ ])
++
+ if self.get_option("ipsec-barf"):
+ self.add_cmd_output("ipsec barf")
+
+@@ -44,4 +54,17 @@ def setup(self):
+ '/etc/ipsec.d/*.secrets'
+ ])
+
++ def postproc(self):
++ # Remove any sensitive data.
++ # "ip xfrm state" output contains encryption or authentication private
++ # keys:
++ xfrm_state_regexp = r'(aead|auth|auth-trunc|enc)' \
++ r'(\s.*\s)(0x[0-9a-f]+)'
++ self.do_cmd_output_sub("state", xfrm_state_regexp,
++ r"\1\2********")
++
++ if self.get_option("ipsec-barf"):
++ self.do_cmd_output_sub("barf", xfrm_state_regexp,
++ r"\1\2********")
++
+ # vim: set et ts=4 sw=4 :
diff --git a/SOURCES/sos-bz1744553-ovn-plugins-containerized-env.patch b/SOURCES/sos-bz1744553-ovn-plugins-containerized-env.patch
new file mode 100644
index 0000000..9a97377
--- /dev/null
+++ b/SOURCES/sos-bz1744553-ovn-plugins-containerized-env.patch
@@ -0,0 +1,326 @@
+From cc6374914a47eb3777c5b8306506df43522a31e0 Mon Sep 17 00:00:00 2001
+From: Daniel Alvarez <dalvarez@redhat.com>
+Date: Thu, 18 Jul 2019 14:08:27 +0200
+Subject: [PATCH] [ovn_central] add additional show commands
+
+This patch is adding 'show' commands for both OVN
+NorthBound and SouthBound databases.
+
+Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
+Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
+---
+ sos/plugins/ovn_central.py | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/sos/plugins/ovn_central.py b/sos/plugins/ovn_central.py
+index e05856872..2d2526253 100644
+--- a/sos/plugins/ovn_central.py
++++ b/sos/plugins/ovn_central.py
+@@ -57,6 +57,8 @@ def setup(self):
+
+ # Some user-friendly versions of DB output
+ cmds = [
++ 'ovn-nbctl show',
++ 'ovn-sbctl show',
+ 'ovn-sbctl lflow-list',
+ 'ovn-nbctl get-ssl',
+ 'ovn-nbctl get-connection',
+From 5fd4e850ad9a6636d0fb206954e8ab016584974d Mon Sep 17 00:00:00 2001
+From: Daniel Alvarez <dalvarez@redhat.com>
+Date: Wed, 11 Sep 2019 16:19:15 +0100
+Subject: [PATCH] [ovn_host] fix Open_vSwitch table name
+
+Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
+Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
+---
+ sos/plugins/ovn_host.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sos/plugins/ovn_host.py b/sos/plugins/ovn_host.py
+index 542516279..ba35d87e7 100644
+--- a/sos/plugins/ovn_host.py
++++ b/sos/plugins/ovn_host.py
+@@ -35,7 +35,7 @@ def setup(self):
+ self.add_cmd_output([
+ 'ovs-ofctl -O OpenFlow13 dump-flows br-int',
+ 'ovs-vsctl list-br',
+- 'ovs-vsctl list OpenVswitch',
++ 'ovs-vsctl list Open_vSwitch',
+ ])
+
+ self.add_journal(units="ovn-controller")
+From 3c842046e9c4c5b371566347f51e5e242daf4f8d Mon Sep 17 00:00:00 2001
+From: Daniel Alvarez <dalvarez@redhat.com>
+Date: Tue, 23 Jul 2019 12:44:07 +0200
+Subject: [PATCH] [ovn_central] Add support to containerized setups
+
+This patch is adding support in ovn_central plugin to containerized
+setups.
+
+Now it's detecting if the OVN central services are running in
+container and execute the relevant commands inside it. The support
+covers both podman and docker runtimes.
+
+Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
+---
+ sos/plugins/ovn_central.py | 94 ++++++++++++++++++++++++++++----------
+ 1 file changed, 69 insertions(+), 25 deletions(-)
+
+diff --git a/sos/plugins/ovn_central.py b/sos/plugins/ovn_central.py
+index 2d2526253..a9fcdf33e 100644
+--- a/sos/plugins/ovn_central.py
++++ b/sos/plugins/ovn_central.py
+@@ -19,30 +19,64 @@ class OVNCentral(Plugin):
+ """
+ plugin_name = "ovn_central"
+ profiles = ('network', 'virt')
+-
+- def add_database_output(self, filename, cmds, ovn_cmd, skip=[]):
++ _container_runtime = None
++ _container_name = None
++
++ def get_tables_from_schema(self, filename, skip=[]):
++ if self._container_name:
++ cmd = "%s exec %s cat %s" % (
++ self._container_runtime, self._container_name, filename)
++ res = self.get_command_output(cmd)
++ if res['status'] != 0:
++ self._log_error("Could not retrieve DB schema file from "
++ "container %s" % self._container_name)
++ return
++ try:
++ db = json.loads(res['output'])
++ except Exception:
++ self._log_error("Cannot parse JSON file %s" % filename)
++ return
++ else:
++ try:
++ with open(filename, 'r') as f:
++ try:
++ db = json.load(f)
++ except Exception:
++ self._log_error(
++ "Cannot parse JSON file %s" % filename)
++ return
++ except IOError as ex:
++ self._log_error(
++ "Could not open DB schema file %s: %s" % (filename, ex))
++ return
+ try:
+- with open(filename, 'r') as f:
+- try:
+- db = json.load(f)
+- except Exception:
+- # If json can't be parsed, then exit early
+- self._log_error("Cannot parse JSON file %s" % filename)
+- return
+- try:
+- for table in six.iterkeys(db['tables']):
+- if table not in skip:
+- cmds.append('%s list %s' % (ovn_cmd, table))
+- except AttributeError:
+- self._log_error("DB schema %s has no 'tables' key" %
+- filename)
+- return
+- except IOError as ex:
+- self._log_error("Could not open DB schema file %s: %s" % (filename,
+- ex))
+- return
++ return [table for table in six.iterkeys(
++ db['tables']) if table not in skip]
++ except AttributeError:
++ self._log_error("DB schema %s has no 'tables' key" % filename)
++
++ def add_database_output(self, tables, cmds, ovn_cmd):
++ for table in tables:
++ cmds.append('%s list %s' % (ovn_cmd, table))
++
++ def running_in_container(self):
++ for runtime in ["podman", "docker"]:
++ container_status = self.get_command_output(runtime + " ps")
++ if container_status['status'] == 0:
++ for line in container_status['output'].splitlines():
++ if "ovn-dbs-bundle" in line:
++ self._container_name = line.split()[-1]
++ self._container_runtime = runtime
++ return True
++ return False
++
++ def check_enabled(self):
++ return (self.running_in_container() or
++ super(OVNCentral, self).check_enabled())
+
+ def setup(self):
++ containerized = self.running_in_container()
++
+ ovs_rundir = os.environ.get('OVS_RUNDIR')
+ for pidfile in ['ovnnb_db.pid', 'ovnsb_db.pid', 'ovn-northd.pid']:
+ self.add_copy_spec([
+@@ -68,10 +102,20 @@ def setup(self):
+
+ schema_dir = '/usr/share/openvswitch'
+
+- self.add_database_output(os.path.join(schema_dir, 'ovn-nb.ovsschema'),
+- cmds, 'ovn-nbctl')
+- self.add_database_output(os.path.join(schema_dir, 'ovn-sb.ovsschema'),
+- cmds, 'ovn-sbctl', ['Logical_Flow'])
++ nb_tables = self.get_tables_from_schema(os.path.join(
++ schema_dir, 'ovn-nb.ovsschema'))
++ sb_tables = self.get_tables_from_schema(os.path.join(
++ schema_dir, 'ovn-sb.ovsschema'), ['Logical_Flow'])
++
++ self.add_database_output(nb_tables, cmds, 'ovn-nbctl')
++ self.add_database_output(sb_tables, cmds, 'ovn-sbctl')
++
++ # If OVN is containerized, we need to run the above commands inside
++ # the container.
++ if containerized:
++ cmds = ['%s exec %s %s' % (self._container_runtime,
++ self._container_name,
++ cmd) for cmd in cmds]
+
+ self.add_cmd_output(cmds)
+
+From a895bf4096f1dbd71c9dbd4defb47783f4ef9840 Mon Sep 17 00:00:00 2001
+From: Daniel Alvarez <dalvarez@redhat.com>
+Date: Thu, 25 Jul 2019 11:42:16 +0200
+Subject: [PATCH] [ovn_host] Add support for containerized setups
+
+Prior to this patch, ovn_host was disabled on containerized
+setups due to the fact that ovn-controller package is not
+installed in the host.
+
+This patch fixes it by checking if the ovn-controller process
+is running.
+
+Resolves: #1767
+
+Signed-off-by: Daniel Alvarez <dalvarez@redhat.com>
+Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
+---
+ sos/plugins/ovn_host.py | 21 ++++++++++++++-------
+ 1 file changed, 14 insertions(+), 7 deletions(-)
+
+diff --git a/sos/plugins/ovn_host.py b/sos/plugins/ovn_host.py
+index ba35d87e7..5225f010e 100644
+--- a/sos/plugins/ovn_host.py
++++ b/sos/plugins/ovn_host.py
+@@ -12,6 +12,15 @@
+ from sos.plugins import Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin
+
+
++pidfile = 'ovn-controller.pid'
++pid_paths = [
++ '/var/lib/openvswitch/ovn',
++ '/usr/local/var/run/openvswitch',
++ '/var/run/openvswitch',
++ '/run/openvswitch'
++]
++
++
+ class OVNHost(Plugin):
+ """ OVN Controller
+ """
+@@ -19,13 +28,6 @@ class OVNHost(Plugin):
+ profiles = ('network', 'virt')
+
+ def setup(self):
+- pidfile = 'ovn-controller.pid'
+- pid_paths = [
+- '/var/lib/openvswitch/ovn',
+- '/usr/local/var/run/openvswitch',
+- '/var/run/openvswitch',
+- '/run/openvswitch'
+- ]
+ if os.environ.get('OVS_RUNDIR'):
+ pid_paths.append(os.environ.get('OVS_RUNDIR'))
+ self.add_copy_spec([os.path.join(pp, pidfile) for pp in pid_paths])
+@@ -40,6 +42,11 @@ def setup(self):
+
+ self.add_journal(units="ovn-controller")
+
++ def check_enabled(self):
++ return (any([os.path.isfile(
++ os.path.join(pp, pidfile)) for pp in pid_paths]) or
++ super(OVNHost, self).check_enabled())
++
+
+ class RedHatOVNHost(OVNHost, RedHatPlugin):
+
+From 6d623ceb2bc973a603c2abb1c8c64f2980667a0d Mon Sep 17 00:00:00 2001
+From: Pavel Moravec <pmoravec@redhat.com>
+Date: Wed, 2 Oct 2019 12:19:19 +0200
+Subject: [PATCH] [ovn_central] dont add db outputs when no table is found in
+ schema
+
+When get_tables_from_schema method returns None (i.e. due to a
+parsing error or missing config file), add_database_output tries
+to iterate over None object, what raises an exception.
+
+Resolves: #1808
+
+Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
+---
+ sos/plugins/ovn_central.py | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/sos/plugins/ovn_central.py b/sos/plugins/ovn_central.py
+index a9fcdf33e..b5ff96f66 100644
+--- a/sos/plugins/ovn_central.py
++++ b/sos/plugins/ovn_central.py
+@@ -56,6 +56,8 @@ def get_tables_from_schema(self, filename, skip=[]):
+ self._log_error("DB schema %s has no 'tables' key" % filename)
+
+ def add_database_output(self, tables, cmds, ovn_cmd):
++ if not tables:
++ return
+ for table in tables:
+ cmds.append('%s list %s' % (ovn_cmd, table))
+
+From 0c9a1f0cb98c5256a0ec1dec83b7c94d3bb39170 Mon Sep 17 00:00:00 2001
+From: Pavel Moravec <pmoravec@redhat.com>
+Date: Wed, 4 Dec 2019 15:53:16 +0100
+Subject: [PATCH] [ovn_central] call podman exec without a timeout
+
+This is a workaround fix of a podman bug (see rhbz1732525) where
+"podman ps" can hang when "podman exec .." is invoked in detached
+mode under "timeout".
+
+Calling it without timeout works fine.
+
+This commit can be reverted once the podman bug is fixed.
+
+Resolves: #1875
+
+Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
+---
+ sos/plugins/ovn_central.py | 6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+diff --git a/sos/plugins/ovn_central.py b/sos/plugins/ovn_central.py
+index c74bf403..32a5e1cb 100644
+--- a/sos/plugins/ovn_central.py
++++ b/sos/plugins/ovn_central.py
+@@ -26,7 +26,8 @@ class OVNCentral(Plugin):
+ if self._container_name:
+ cmd = "%s exec %s cat %s" % (
+ self._container_runtime, self._container_name, filename)
+- res = self.get_command_output(cmd)
++ # the timeout=None is just a workaround for "podman ps" hung bug
++ res = self.get_command_output(cmd, timeout=None)
+ if res['status'] != 0:
+ self._log_error("Could not retrieve DB schema file from "
+ "container %s" % self._container_name)
+@@ -118,7 +119,8 @@ class OVNCentral(Plugin):
+ self._container_name,
+ cmd) for cmd in cmds]
+
+- self.add_cmd_output(cmds)
++ # the timeout=None is just a workaround for "podman ps" hung bug
++ self.add_cmd_output(cmds, timeout=None)
+
+ self.add_copy_spec("/etc/sysconfig/ovn-northd")
+
+--
+2.21.0
+
diff --git a/SOURCES/sos-bz1766915-interim-sysroot-forbidden-paths.patch b/SOURCES/sos-bz1766915-interim-sysroot-forbidden-paths.patch
new file mode 100644
index 0000000..5a0fd80
--- /dev/null
+++ b/SOURCES/sos-bz1766915-interim-sysroot-forbidden-paths.patch
@@ -0,0 +1,354 @@
+From 9a0ab16793a8388b2c3d3909fd3a087c5b6296d4 Mon Sep 17 00:00:00 2001
+From: Pavel Moravec <pmoravec@redhat.com>
+Date: Fri, 1 Nov 2019 12:13:23 -0400
+Subject: [PATCH 01/10] [Plugin] remove invalid {strip/join}_sysroot()
+
+Do not strip the sysroot path prefix when calling _do_copy_path()
+for a symlink target and do not add the sysroot prefix when
+testing for a forbidden path.
+
+Related: #1842
+
+Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
+Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
+---
+ sos/plugins/__init__.py | 4 +---
+ 1 file changed, 1 insertion(+), 3 deletions(-)
+
+diff --git a/sos/plugins/__init__.py b/sos/plugins/__init__.py
+index e75ec82e..4f1b73ce 100644
+--- a/sos/plugins/__init__.py
++++ b/sos/plugins/__init__.py
+@@ -731,7 +731,7 @@ class Plugin(object):
+
+ # skip recursive copying of symlink pointing to itself.
+ if (absdest != srcpath):
+- self._do_copy_path(self.strip_sysroot(absdest))
++ self._do_copy_path(absdest)
+ else:
+ self._log_debug("link '%s' points to itself, skipping target..."
+ % linkdest)
+@@ -758,8 +758,6 @@ class Plugin(object):
+ return None
+
+ def _is_forbidden_path(self, path):
+- if self.use_sysroot():
+- path = self.join_sysroot(path)
+ return _path_in_path_list(path, self.forbidden_paths)
+
+ def _copy_node(self, path, st):
+--
+2.21.0
+
+
+From aeeebf126fc9fdb0fd8c3b01418bef742bce78c3 Mon Sep 17 00:00:00 2001
+From: "Bryn M. Reeves" <bmr@redhat.com>
+Date: Fri, 1 Nov 2019 12:22:51 -0400
+Subject: [PATCH 02/10] [Plugin] fix destination paths in _do_copy_path()
+
+The path used to copy special device nodes and directories in
+_do_copy_path() should be the destination path in the archive
+(without sysroot prefix), and not the source path in the host
+file system that includes this prefix.
+
+Related: #1842
+
+Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
+---
+ sos/plugins/__init__.py | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/sos/plugins/__init__.py b/sos/plugins/__init__.py
+index 4f1b73ce..60fbeaf7 100644
+--- a/sos/plugins/__init__.py
++++ b/sos/plugins/__init__.py
+@@ -651,9 +651,13 @@ class Plugin(object):
+ self._copy_symlink(srcpath)
+ return
+ else:
+- if stat.S_ISDIR(st.st_mode) and os.access(srcpath, os.R_OK):
+- self._copy_dir(srcpath)
+- return
++ if stat.S_ISDIR(st.st_mode) and os.access(srcpath, os.R_OK):
++ # copy empty directory
++ if not os.listdir(srcpath):
++ self.archive.add_dir(dest)
++ return
++ self._copy_dir(dest)
++ return
+
+ # handle special nodes (block, char, fifo, socket)
+ if not (stat.S_ISREG(st.st_mode) or stat.S_ISDIR(st.st_mode)):
+@@ -808,7 +808,7 @@ class Plugin(object):
+ ntype = _node_type(st)
+ self._log_debug("creating %s node at archive:'%s'"
+ % (ntype, dest))
+- self._copy_node(srcpath, st)
++ self._copy_node(dest, st)
+ return
+
+ # if we get here, it's definitely a regular file (not a symlink or dir)
+--
+2.21.0
+
+
+From 05f3d5bda8f548459fabcd38f2d087d6ecef98a2 Mon Sep 17 00:00:00 2001
+From: "Bryn M. Reeves" <bmr@redhat.com>
+Date: Fri, 1 Nov 2019 12:25:09 -0400
+Subject: [PATCH 03/10] [kernel] remove trailing directory globs in forbidden
+ paths
+
+Since the forbidden path test now uses an exact match the trailing
+globs ("/some/directory/path/to/exclude/*") used to exclude trace
+related directories from collection lead to a failure to properly
+blacklist these files:
+
+The glob is expanded, for e.g.:
+
+ "/sys/kernel/debug/tracing/per_cpu/*"
+
+Expands to unclude a 'cpuN' sub-directory for each CPU present on
+the machine. These expanded paths are then added to the forbidden
+paths list for the plugin:
+
+ /sys/kernel/debug/tracing/per_cpu/cpu0
+ /sys/kernel/debug/tracing/per_cpu/cpu1
+ ...
+
+When an attempt is made to collect the entire "per_cpu" directory
+a check is made for the full "/sys/kernel/debug/tracing/per_cpu"
+path against each entry in the forbidden paths list. Since this is
+a prefix of the actual paths stored no match is returned and the
+collection is permitted.
+
+Remove the trailing globs from these directory paths and prevent
+any collection of the directories they reference by the plugin.
+
+Related: #1842
+
+Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
+---
+ sos/plugins/kernel.py | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/sos/plugins/kernel.py b/sos/plugins/kernel.py
+index 88b14689..5c852143 100644
+--- a/sos/plugins/kernel.py
++++ b/sos/plugins/kernel.py
+@@ -89,9 +89,9 @@ class Kernel(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin):
+ self.add_forbidden_path([
+ '/sys/kernel/debug/tracing/trace_pipe',
+ '/sys/kernel/debug/tracing/README',
+- '/sys/kernel/debug/tracing/trace_stat/*',
+- '/sys/kernel/debug/tracing/per_cpu/*',
+- '/sys/kernel/debug/tracing/events/*',
++ '/sys/kernel/debug/tracing/trace_stat',
++ '/sys/kernel/debug/tracing/per_cpu',
++ '/sys/kernel/debug/tracing/events',
+ '/sys/kernel/debug/tracing/free_buffer',
+ '/sys/kernel/debug/tracing/trace_marker',
+ '/sys/kernel/debug/tracing/trace_marker_raw',
+--
+2.21.0
+
+
+From 801c71b33dcfeaa980baa9f377b721bdd26aa5e8 Mon Sep 17 00:00:00 2001
+From: "Bryn M. Reeves" <bmr@redhat.com>
+Date: Fri, 1 Nov 2019 16:53:29 +0000
+Subject: [PATCH 04/10] [tests] fix test_copy_dir_forbidden_path
+
+Rather than call just Plugin.setup() and Plugin._do_copy_path(),
+add an add_copy_spec() call to the mock plugin setup() method,
+and invoke copying by calling the Plugin.collect() method.
+
+Related: #1845
+
+Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
+---
+ tests/plugin_tests.py | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/tests/plugin_tests.py b/tests/plugin_tests.py
+index b8760429..6522fe14 100644
+--- a/tests/plugin_tests.py
++++ b/tests/plugin_tests.py
+@@ -81,6 +81,7 @@ class ForbiddenMockPlugin(Plugin):
+ plugin_name = "forbidden"
+
+ def setup(self):
++ self.add_copy_spec("tests")
+ self.add_forbidden_path("tests")
+
+
+@@ -235,7 +236,7 @@ class PluginTests(unittest.TestCase):
+ })
+ p.archive = MockArchive()
+ p.setup()
+- p._do_copy_path("tests")
++ p.collect()
+ self.assertEquals(p.archive.m, {})
+
+
+--
+2.21.0
+
+
+From c4182ebd52af523261d2e7ef75affbb88eaf31fb Mon Sep 17 00:00:00 2001
+From: "Bryn M. Reeves" <bmr@redhat.com>
+Date: Mon, 4 Nov 2019 10:45:15 +0000
+Subject: [PATCH 05/10] [Plugin] use correct source path when copying
+ directories
+
+Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
+---
+ sos/plugins/__init__.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sos/plugins/__init__.py b/sos/plugins/__init__.py
+index 60fbeaf7..240fe9f1 100644
+--- a/sos/plugins/__init__.py
++++ b/sos/plugins/__init__.py
+@@ -656,7 +656,7 @@ class Plugin(object):
+ if not os.listdir(srcpath):
+ self.archive.add_dir(dest)
+ return
+- self._copy_dir(dest)
++ self._copy_dir(srcpath)
+ return
+
+ # handle special nodes (block, char, fifo, socket)
+--
+2.21.0
+
+
+From 68f4d7cc7adde00171af842b5bc808f41d888a87 Mon Sep 17 00:00:00 2001
+From: "Bryn M. Reeves" <bmr@redhat.com>
+Date: Mon, 4 Nov 2019 10:48:01 +0000
+Subject: [PATCH 06/10] [Plugin] improve _copy_dir() variable naming
+
+Directory entries found in _copy_dir() may be either files or
+sub-directories: reflect this in the names of local variables.
+
+Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
+---
+ sos/plugins/__init__.py | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/sos/plugins/__init__.py b/sos/plugins/__init__.py
+index 240fe9f1..1a1464c1 100644
+--- a/sos/plugins/__init__.py
++++ b/sos/plugins/__init__.py
+@@ -738,10 +738,11 @@ class Plugin(object):
+
+ def _copy_dir(self, srcpath):
+ try:
+- for afile in os.listdir(srcpath):
++ for name in os.listdir(srcpath):
+ self._log_debug("recursively adding '%s' from '%s'"
+- % (afile, srcpath))
+- self._do_copy_path(os.path.join(srcpath, afile), dest=None)
++ % (name, srcpath))
++ path = os.path.join(srcpath, name)
++ self._do_copy_path(path)
+ except OSError as e:
+ if e.errno == errno.ELOOP:
+ msg = "Too many levels of symbolic links copying"
+--
+2.21.0
+
+
+From ad3adef07c32aee5bdd438706c6c1d4590ff8297 Mon Sep 17 00:00:00 2001
+From: "Bryn M. Reeves" <bmr@redhat.com>
+Date: Mon, 4 Nov 2019 14:13:00 +0000
+Subject: [PATCH 07/10] [ceph] fix directory blacklist style
+
+Plugins must use 'path/to/exclude' rather than 'path/to/exclude/*'
+in order to omit a directory and all its content from the report.
+
+Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
+---
+ sos/plugins/ceph.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/sos/plugins/ceph.py b/sos/plugins/ceph.py
+index 6e340c69..43284bc8 100644
+--- a/sos/plugins/ceph.py
++++ b/sos/plugins/ceph.py
+@@ -103,8 +103,8 @@ class Ceph(Plugin, RedHatPlugin, UbuntuPlugin):
+ "/var/lib/ceph/*keyring*",
+ "/var/lib/ceph/*/*keyring*",
+ "/var/lib/ceph/*/*/*keyring*",
+- "/var/lib/ceph/osd/*",
+- "/var/lib/ceph/mon/*",
++ "/var/lib/ceph/osd",
++ "/var/lib/ceph/mon",
+ # Excludes temporary ceph-osd mount location like
+ # /var/lib/ceph/tmp/mnt.XXXX from sos collection.
+ "/var/lib/ceph/tmp/*mnt*",
+--
+2.21.0
+
+
+From 4d1576b04d35902ce44d26d6a5b2219e6f9c175a Mon Sep 17 00:00:00 2001
+From: "Bryn M. Reeves" <bmr@redhat.com>
+Date: Mon, 4 Nov 2019 14:15:55 +0000
+Subject: [PATCH 09/10] [openstack_octavia] fix directory blacklist style
+
+Plugins must use 'path/to/exclude' rather than 'path/to/exclude/*'
+in order to omit a directory and all its content from the report.
+
+Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
+---
+ sos/plugins/openstack_octavia.py | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sos/plugins/openstack_octavia.py b/sos/plugins/openstack_octavia.py
+index b97c83fa..ccdcd4c9 100644
+--- a/sos/plugins/openstack_octavia.py
++++ b/sos/plugins/openstack_octavia.py
+@@ -30,7 +30,7 @@ class OpenStackOctavia(Plugin):
+ ])
+
+ # don't collect certificates
+- self.add_forbidden_path("/etc/octavia/certs/")
++ self.add_forbidden_path("/etc/octavia/certs")
+
+ # logs
+ if self.get_option("all_logs"):
+--
+2.21.0
+
+
+From 1fd194191a56c51052f0c24ddeb3bbf9088ae0ca Mon Sep 17 00:00:00 2001
+From: "Bryn M. Reeves" <bmr@redhat.com>
+Date: Mon, 4 Nov 2019 14:16:13 +0000
+Subject: [PATCH 10/10] [vdsm] fix directory blacklist style
+
+Plugins must use 'path/to/exclude' rather than 'path/to/exclude/*'
+in order to omit a directory and all its content from the report.
+
+Signed-off-by: Bryn M. Reeves <bmr@redhat.com>
+---
+ sos/plugins/vdsm.py | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/sos/plugins/vdsm.py b/sos/plugins/vdsm.py
+index b2a1ca58..69672643 100644
+--- a/sos/plugins/vdsm.py
++++ b/sos/plugins/vdsm.py
+@@ -60,9 +60,9 @@ class Vdsm(Plugin, RedHatPlugin):
+ plugin_name = 'vdsm'
+
+ def setup(self):
+- self.add_forbidden_path('/etc/pki/vdsm/keys/*')
++ self.add_forbidden_path('/etc/pki/vdsm/keys')
+ self.add_forbidden_path('/etc/pki/vdsm/libvirt-spice/*-key.*')
+- self.add_forbidden_path('/etc/pki/libvirt/private/*')
++ self.add_forbidden_path('/etc/pki/libvirt/private')
+
+ self.add_cmd_output('service vdsmd status')
+ self.add_cmd_output('service supervdsmd status')
+
+--
+2.21.0
+
diff --git a/SOURCES/sos-bz1768956-ebpf-per-namespace.patch b/SOURCES/sos-bz1768956-ebpf-per-namespace.patch
new file mode 100644
index 0000000..7f52847
--- /dev/null
+++ b/SOURCES/sos-bz1768956-ebpf-per-namespace.patch
@@ -0,0 +1,58 @@
+From 93ba31695ad532ce96c93dc511f966e7a3e9ae94 Mon Sep 17 00:00:00 2001
+From: Pavel Moravec <pmoravec@redhat.com>
+Date: Tue, 3 Dec 2019 22:03:10 +0100
+Subject: [PATCH] [kernel,networking] collect bpftool net list for each
+ namespace
+
+- move "bpftool net list" command execution from kernel to networking
+plugin as it belongs rather to networking.
+- collect that output per each net name space as well
+
+Resolves: #1874
+
+Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
+---
+ sos/plugins/kernel.py | 4 ----
+ sos/plugins/networking.py | 7 ++++++-
+ 2 files changed, 6 insertions(+), 5 deletions(-)
+
+diff --git a/sos/plugins/kernel.py b/sos/plugins/kernel.py
+index 5c8521433..8224e5c05 100644
+--- a/sos/plugins/kernel.py
++++ b/sos/plugins/kernel.py
+@@ -142,10 +142,6 @@ class Kernel(Plugin, RedHatPlugin, Debia
+ if not self.get_option("trace"):
+ self.add_forbidden_path("/sys/kernel/debug/tracing/trace")
+
+- # collect list of bpf program attachments in the kernel
+- # networking subsystem
+- self.add_cmd_output("bpftool net list")
+-
+ # collect list of eBPF programs and maps and their dumps
+ prog_file = self.get_cmd_output_now("bpftool -j prog list")
+ for prog_id in self.get_bpftool_prog_ids(prog_file):
+diff --git a/sos/plugins/networking.py b/sos/plugins/networking.py
+index 2f655042a..0026cda9d 100644
+--- a/sos/plugins/networking.py
++++ b/sos/plugins/networking.py
+@@ -205,6 +205,10 @@ class Networking(Plugin):
+ if self.get_option("traceroute"):
+ self.add_cmd_output("/bin/traceroute -n %s" % self.trace_host)
+
++ # collect list of bpf program attachments in the kernel
++ # networking subsystem
++ self.add_cmd_output("bpftool net list")
++
+ # Capture additional data from namespaces; each command is run
+ # per-namespace.
+ ip_netns_file = self.get_cmd_output_now("ip netns")
+@@ -212,7 +216,8 @@ def setup(self):
+ ns_cmd_prefix + "iptables-save",
+ ns_cmd_prefix + "netstat %s -neopa" % self.ns_wide,
+ ns_cmd_prefix + "netstat -s",
+- ns_cmd_prefix + "netstat %s -agn" % self.ns_wide
++ ns_cmd_prefix + "netstat %s -agn" % self.ns_wide,
++ ns_cmd_prefix + "bpftool net list",
+ ])
+
+ ss_cmd = ns_cmd_prefix + "ss -peaonmi"
diff --git a/SOURCES/sos-bz1781819-dnf-module-list.patch b/SOURCES/sos-bz1781819-dnf-module-list.patch
new file mode 100644
index 0000000..6a36f80
--- /dev/null
+++ b/SOURCES/sos-bz1781819-dnf-module-list.patch
@@ -0,0 +1,29 @@
+From ba546077c0e4835b8087eacc75da0c4d475bade2 Mon Sep 17 00:00:00 2001
+From: Jake Hunsaker <jhunsake@redhat.com>
+Date: Tue, 10 Dec 2019 11:06:03 -0500
+Subject: [PATCH 2/2] [dnf] Collect dnf module list
+
+Adds collection of `dnf module list` to the plugin, to show a list of
+all modules available to the system, instead of just those that are
+currently installed.
+
+Related: RHBZ#1781819
+Resolves: #1887
+
+Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
+---
+ sos/plugins/dnf.py | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/sos/plugins/dnf.py b/sos/plugins/dnf.py
+index 754ca26ab..1bc01a985 100644
+--- a/sos/plugins/dnf.py
++++ b/sos/plugins/dnf.py
+@@ -49,6 +49,7 @@ def setup(self):
+ "dnf --version",
+ "dnf list installed *dnf*",
+ "dnf list extras",
++ "dnf module list",
+ "package-cleanup --dupes",
+ "package-cleanup --problems"
+ ])
diff --git a/SOURCES/sos-bz1783034-ceph-insights.patch b/SOURCES/sos-bz1783034-ceph-insights.patch
new file mode 100644
index 0000000..4fd7fd7
--- /dev/null
+++ b/SOURCES/sos-bz1783034-ceph-insights.patch
@@ -0,0 +1,27 @@
+From f205f3aebeff8041fae6357727f9514f7e85157b Mon Sep 17 00:00:00 2001
+From: Brad Hubbard <bhubbard@redhat.com>
+Date: Tue, 10 Dec 2019 08:22:55 +1000
+Subject: [PATCH] [ceph] Add 'ceph insights' command output
+
+This change adds the output of the recently added 'ceph insights'
+command.
+
+Resolves: #1888
+
+Signed-off-by: Brad Hubbard <bhubbard@redhat.com>
+---
+ sos/plugins/ceph.py | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/sos/plugins/ceph.py b/sos/plugins/ceph.py
+index 43284bc82..2936aaa96 100644
+--- a/sos/plugins/ceph.py
++++ b/sos/plugins/ceph.py
+@@ -69,6 +69,7 @@ class Ceph(Plugin, RedHatPlugin, UbuntuP
+ "ceph osd crush show-tunables",
+ "ceph-disk list",
+ "ceph versions",
++ "ceph insights",
+ "ceph osd crush dump"
+ ])
+
diff --git a/SOURCES/sos-bz1789018-allow-system-changes.patch b/SOURCES/sos-bz1789018-allow-system-changes.patch
new file mode 100644
index 0000000..021368e
--- /dev/null
+++ b/SOURCES/sos-bz1789018-allow-system-changes.patch
@@ -0,0 +1,78 @@
+From 903958306830ea00ac47e3ea353eaa5d8abbacb6 Mon Sep 17 00:00:00 2001
+From: Jake Hunsaker <jhunsake@redhat.com>
+Date: Wed, 23 Oct 2019 14:24:59 -0400
+Subject: [PATCH] [Predicate] Override __bool__ to allow py3 evaluation
+
+The check in `Plugin.test_predicate()` relies on a 'is not None' test,
+which on py2 invokes a call to `SoSPredicate.__nonzero__()` which in
+turns runs our evaluation of the predicate. On py3 however, this test is
+an explicit check to see if the object is `NoneType`. As such,
+`__nonzero__()` never runs and the predicate defaults to always
+evaluating ad `True`. This effectively removed any gating for command
+execution on py3.
+
+By overriding `SoSPredicate.__bool__()` to wrap `__nonzero__()` we can
+ensure that predicate evaluation is performed properly on both py2 and
+py3 runtimes.
+
+Closes: #1839
+Resolves: #1840
+
+Signed-off-by: Jake Hunsaker <jhunsake@redhat.com>
+---
+ sos/plugins/__init__.py | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/sos/plugins/__init__.py b/sos/plugins/__init__.py
+index ed55ea382..7ed75a5cc 100644
+--- a/sos/plugins/__init__.py
++++ b/sos/plugins/__init__.py
+@@ -181,6 +181,11 @@ class SoSPredicate(object):
+ return ((self._eval_kmods() and self._eval_services()) and not
+ self.dry_run)
+
++ def __bool__(self):
++ # Py3 evaluation ends in a __bool__() call where py2 ends in a call
++ # to __nonzero__(). Wrap the latter here, to support both versions
++ return self.__nonzero__()
++
+ def __init__(self, owner, dry_run=False, kmods=[], services=[],
+ required={}):
+ """Initialise a new SoSPredicate object.
+From 4c02a77a1c0403c903c835d85739a6213c1a2287 Mon Sep 17 00:00:00 2001
+From: Pavel Moravec <pmoravec@redhat.com>
+Date: Tue, 5 Nov 2019 17:29:57 +0100
+Subject: [PATCH] [man] describe --allow-system-changes
+
+In #1435, --allow-system-changes option was added that is documented
+in sosreport --help but not in manpages.
+
+Resolves: #1850
+
+Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
+---
+ man/en/sosreport.1 | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/man/en/sosreport.1 b/man/en/sosreport.1
+index 649cba04d..a885d5630 100644
+--- a/man/en/sosreport.1
++++ b/man/en/sosreport.1
+@@ -25,6 +25,7 @@ sosreport \- Collect and package diagnostic and support data
+ [--log-size]\fR
+ [--all-logs]\fR
+ [--since YYYYMMDD[HHMMSS]]\fR
++ [--allow-system-changes]\fR
+ [-z|--compression-type method]\fR
+ [--encrypt-key KEY]\fR
+ [--encrypt-pass PASS]\fR
+@@ -160,6 +161,9 @@ increase the size of reports.
+ Limits the collection to logs newer than this date.
+ This also affects \--all-logs. Will pad with 0s if HHMMSS isn't specified.
+ .TP
++.B \--allow-system-changes
++Run commands even if they can change the system (e.g. load kernel modules).
++.TP
+ .B \-z, \--compression-type METHOD
+ Override the default compression type specified by the active policy.
+ .TP
diff --git a/SOURCES/sos-bz1789049-since-option-improved.patch b/SOURCES/sos-bz1789049-since-option-improved.patch
new file mode 100644
index 0000000..6bd51fe
--- /dev/null
+++ b/SOURCES/sos-bz1789049-since-option-improved.patch
@@ -0,0 +1,60 @@
+From 71cdbde72f81d586da37a9e108868d6aa1b4ef69 Mon Sep 17 00:00:00 2001
+From: Pavel Moravec <pmoravec@redhat.com>
+Date: Thu, 5 Dec 2019 14:26:03 +0100
+Subject: [PATCH] [plugins] improve heuristic for applying --since to
+ logarchives
+
+logarchive_pattern treats some configs (e.g. /etc/dbus-1) as log
+archives, causing --since option will skip collecting them.
+
+This patch just improves the heuristic by claiming nothing under /etc
+is a logarchive, and adds a warning to sosreport help.
+
+Improves: #1847
+
+Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
+---
+ man/en/sosreport.1 | 5 ++++-
+ sos/plugins/__init__.py | 5 ++++-
+ 2 files changed, 8 insertions(+), 2 deletions(-)
+
+diff --git a/man/en/sosreport.1 b/man/en/sosreport.1
+index a885d5630..f63b8deab 100644
+--- a/man/en/sosreport.1
++++ b/man/en/sosreport.1
+@@ -158,8 +158,11 @@ and including logs in non-default locations. This option may significantly
+ increase the size of reports.
+ .TP
+ .B \--since YYYYMMDD[HHMMSS]
+-Limits the collection to logs newer than this date.
++Limits the collection of log archives(*) to those newer than this date.
+ This also affects \--all-logs. Will pad with 0s if HHMMSS isn't specified.
++(*) Sos interprets as a log archive any file not found in /etc, that has
++either a numeric or compression-type extension for example '.zip'. '.1', '.gz'
++ etc.)
+ .TP
+ .B \--allow-system-changes
+ Run commands even if they can change the system (e.g. load kernel modules).
+diff --git a/sos/plugins/__init__.py b/sos/plugins/__init__.py
+index b7a47b6a4..44ae413d0 100644
+--- a/sos/plugins/__init__.py
++++ b/sos/plugins/__init__.py
+@@ -917,6 +917,7 @@ def add_copy_spec(self, copyspecs, sizelimit=None, maxage=None,
+ since = self.get_option('since')
+
+ logarchive_pattern = re.compile(r'.*((\.(zip|gz|bz2|xz))|[-.][\d]+)$')
++ configfile_pattern = re.compile(r"^%s/*" % self.join_sysroot("etc"))
+
+ if not self.test_predicate(pred=pred):
+ self._log_info("skipped copy spec '%s' due to predicate (%s)" %
+@@ -962,7 +963,9 @@ def time_filter(path):
+ """ When --since is passed, or maxage is coming from the
+ plugin, we need to filter out older files """
+
+- if logarchive_pattern.search(path) is None:
++ # skip config files or not-logarchive files from the filter
++ if ((logarchive_pattern.search(path) is None) or
++ (configfile_pattern.search(path) is not None)):
+ return True
+ filetime = datetime.fromtimestamp(getmtime(path))
+ if ((since and filetime < since) or
diff --git a/SPECS/sos.spec b/SPECS/sos.spec
new file mode 100644
index 0000000..8ba1149
--- /dev/null
+++ b/SPECS/sos.spec
@@ -0,0 +1,794 @@
+%{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")}
+
+%global auditversion 0.3
+
+Summary: A set of tools to gather troubleshooting information from a system
+Name: sos
+Version: 3.8
+Release: 2%{?dist}
+Group: Applications/System
+Source0: https://github.com/sosreport/sos/archive/%{version}/sos-%{version}.tar.gz
+Source1: sos-audit-%{auditversion}.tgz
+License: GPLv2+
+BuildArch: noarch
+Url: http://github.com/sosreport/sos
+BuildRequires: python3-devel
+BuildRequires: python3-six
+BuildRequires: gettext
+Requires: libxml2-python3
+Requires: bzip2
+Requires: xz
+Requires: python3-six
+Conflicts: vdsm < 4.40
+Patch1: sos-bz1688764-ipa-new-logs.patch
+Patch2: sos-bz1738391-kernel-no-trace-by-default.patch
+Patch3: sos-bz1744553-ovn-plugins-containerized-env.patch
+Patch4: sos-bz1766915-interim-sysroot-forbidden-paths.patch
+Patch5: sos-bz1789018-allow-system-changes.patch
+Patch6: sos-bz1789049-since-option-improved.patch
+Patch7: sos-bz1783034-ceph-insights.patch
+Patch8: sos-bz1781819-dnf-module-list.patch
+Patch9: sos-bz1721779-ebpf-net-list.patch
+Patch10: sos-bz1768956-ebpf-per-namespace.patch
+Patch11: sos-bz1741330-openswan-to-libreswan.patch
+Patch12: sos-bz1709682-grub2-mkconfig-dont-remove-kernel-opts.patch
+
+%description
+Sos is a set of tools that gathers information about system
+hardware and configuration. The information can then be used for
+diagnostic purposes and debugging. Sos is commonly used to help
+support technicians and developers.
+
+%prep
+%setup -qn %{name}-%{version}
+%patch1 -p1
+%patch2 -p1
+%patch3 -p1
+%patch4 -p1
+%patch5 -p1
+%patch6 -p1
+%patch7 -p1
+%patch8 -p1
+%patch9 -p1
+%patch10 -p1
+%patch11 -p1
+%patch12 -p1
+%setup -T -D -a1 -q
+
+%build
+%py3_build
+
+%install
+%py3_install '--install-scripts=%{_sbindir}'
+
+install -Dm644 %{name}.conf %{buildroot}%{_sysconfdir}/%{name}.conf
+
+%find_lang %{name} || echo 0
+
+cd %{name}-audit-%{auditversion}
+DESTDIR=%{buildroot} ./install.sh
+cd ..
+
+%files -f %{name}.lang
+%{_sbindir}/sosreport
+%{python3_sitelib}/*
+%{_mandir}/man1/sosreport.1.gz
+%{_mandir}/man5/sos.conf.5.gz
+%doc AUTHORS README.md
+%license LICENSE
+%config(noreplace) %{_sysconfdir}/sos.conf
+
+%package audit
+Summary: Audit use of some commands for support purposes
+License: GPLv2+
+Group: Application/System
+
+%description audit
+
+Sos-audit provides configuration files for the Linux Auditing System
+to track the use of some commands capable of changing the configuration
+of the system. Currently storage and filesystem commands are audited.
+
+%post audit
+%{_sbindir}/sos-audit.sh
+
+%files audit
+%defattr(755,root,root,-)
+%{_sbindir}/sos-audit.sh
+%defattr(644,root,root,-)
+%config(noreplace) %{_sysconfdir}/sos/sos-audit.conf
+%defattr(444,root,root,-)
+%{_prefix}/lib/sos/audit/*
+%{_mandir}/man5/sos-audit.conf.5.gz
+%{_mandir}/man8/sos-audit.sh.8.gz
+%ghost /etc/audit/rules.d/40-sos-filesystem.rules
+%ghost /etc/audit/rules.d/40-sos-storage.rules
+
+%changelog
+* Fri Jan 10 2020 Pavel Moravec <pmoravec@redhat.com> = 3.8-2
+- [plugins] improve heuristic for applying --since
+ Resolves: bz1789049
+- [Predicate] Override __bool__ to allow py3 evaluation
+ Resolves: bz1789018
+- [ceph] Add 'ceph insights' command output
+ Resolves: bz1783034
+- [dnf] Collect dnf module list
+ Resolves: bz1781819
+- [kernel,networking] collect bpftool net list for each
+ Resolves: bz1768956
+- [libreswan] New plugin for "libreswan" IPsec
+ Resolves: bz1741330
+- [kernel] collect "bpftool net list"
+ Resolves: bz1721779
+- [grub2] call grub2-config with --no-grubenv-update
+ Resolves: bz1709682
+
+* Wed Dec 11 2019 Pavel Moravec <pmoravec@redhat.com> = 3.8-1
+- Rebase on upstream 3.8
+ Resolves: bz1779387
+
+* Mon Nov 04 2019 Pavel Moravec <pmoravec@redhat.com> = 3.7-7
+- [Plugin, kernel] interim sysroot fixes
+ Resolves: bz1766915
+
+* Wed Oct 30 2019 Pavel Moravec <pmoravec@redhat.com> = 3.7-6
+- [ovirt_hosted_engine] Add gluster deployment and cleanup log
+ Resolves: bz1744086
+- [vdsm]: Fix executing shell commands
+ Resolves: bz1744110
+- [ovn_*] Add support to containerized setups
+ Resolves: bz1744553
+- [ipa] collect ipa-healthcheck logs, kdcproxy configs, httpd cert
+ Resolves: bz1688764
+
+* Wed Oct 02 2019 Pavel Moravec <pmoravec@redhat.com> = 3.7-5
+- [kernel] Don't collect trace file by default
+ Resolves: bz1738391
+
+* Thu Sep 12 2019 Pavel Moravec <pmoravec@redhat.com> = 3.7-4
+- [openvswitch] catch all openvswitch2.* packages
+ Resolves: bz1745017
+
+* Tue Jul 30 2019 Pavel Moravec <pmoravec@redhat.com> = 3.7-3
+- [openstack] Extract Placement plugin from Nova
+ Resolves: bz1717882
+- [utilities] Fix high CPU usage and slow command collection
+ Resolves: bz1733352
+- [peripety] collect proper config file
+ Resolves: bz1665981
+- [sosreport,plugins] Stop plugin execution after timeout hit
+ Resolves: bz1733469
+- [nvme] collect config file everytime
+ Resolves: bz1665929
+
+* Tue Jul 09 2019 Pavel Moravec <pmoravec@redhat.com> = 3.7-2
+- [sar] collect whole sar log dir
+ Resolves: bz1714243
+- [archive] convert absolute symlink targets to relative
+ Resolves: bz1702806
+- [archive] Handle checking container sysroot in _make_leading_paths
+ Resolves: bz1728214
+- [frr] FRR plugin
+ Resolves: bz1709906
+- [policies] redhat policy to use hostname instead of rhn id
+ Resolves: bz1718087
+- Updates to vdsm plugin
+ Resolves: bz1700780
+
+* Wed Jun 12 2019 Pavel Moravec <pmoravec@redhat.com> = 3.7-1
+- Rebase on upstream 3.7
+ Resolves: bz1684400
+- [buildah] parse container list properly even for scratch ones
+ Resolves: bz1687954
+- [PATCH] [maas,mysql,npm,pacemaker,postgresql] fix plugopts data types
+ Resolves: bz1695583
+- [plugins] add vdsm plugin
+ Resolves: bz1700780
+- [openstack_instack] add ansible.log
+ Resolves: bz1702806
+- [pcp] collect pmlogger without a sizelimit
+ Resolves: bz1719884
+- [foreman,satellite] increase plugin default timeouts
+ Resolves: bz1719885
+- [sosreport] [sosreport] initialize disabled plugins properly
+ Resolves: bz1719886
+- [katello] support both locations of qpid SSL certs
+ Resolves: bz1719887
+
+* Thu May 02 2019 Pavel Moravec <pmoravec@redhat.com> = 3.6-11
+- [composer] Collect sources info for all sources
+ Resolves: bz1678418
+
+* Mon Jan 21 2019 Pavel Moravec <pmoravec@redhat.com> = 3.6-10
+- [grub2] Enable plugin by grub2-common package also
+ Resolves: bz1666214
+
+* Mon Jan 14 2019 Pavel Moravec <pmoravec@redhat.com> = 3.6-9
+- [block] proper parsing of luks partition on self device
+ Resolves: bz1638855
+- [networking] Collect NUMA Node of each NIC
+ Resolves: bz1645085
+- [composer] add missing commas in list in add_copy_spec
+ Resolves: bz1644062
+- [opendaylight] Update directory for openDaylight logs
+ Resolves: bz1642377
+
+* Fri Dec 13 2018 Pavel Moravec <pmoravec@redhat.com> = 3.6-8
+- [plugins] fix exception when collecting empty strings
+ Resolves: bz1632607
+- [crypto] collect more configs and commands
+ Resolves: bz1638492
+- [networking] Replace "brctl: by "bridge" commands
+ Resolves: bz1644021
+- [firewalld] collect nftables ruleset
+ Resolves: bz1644022
+- [composer] New plugin for lorax-composer
+ Resolves: bz1644062
+- [Plugin] clean up Plugin.get_option()
+ Resolves: bz1655984
+- [ovirt_node] New plugin for oVirt Node
+ Resolves: bz1658937
+- [podman] Add support for gathering information on podman
+ Resolves: bz1658938
+- [postgresql] Do not limit dump size
+ Resolves: bz1658939
+
+* Fri Oct 12 2018 Pavel Moravec <pmoravec@redhat.com> = 3.6-7
+- [plugin,archive] fix remaining add_link issues
+ Resolves: bz1627543
+- [kernel] dont collect some tracing instance files
+ Resolves: bz1638637
+- [openstack_*] relax enabling of OSP RedHat plugins
+ Resolves: bz1638638
+- [powerpc] Add support to collect DLPAR and LPM related logs
+ Resolves: bz1637127
+
+* Mon Sep 10 2018 Pavel Moravec <pmoravec@redhat.com> = 3.6-6
+- [archive] fix leading path creation
+ Resolves: bz1627543
+- [atomic] Define valid preset for RHEL Atomic
+ Resolves: bz1627546
+- [utilities] wait till AsyncReader p.poll() returns None
+ Resolves: bz1627544
+
+* Thu Aug 23 2018 Pavel Moravec <pmoravec@redhat.com> = 3.6-5
+- [rhv-log-collector-analyzer] Add new plugin for RHV
+ Resolves: bz1620049
+- [kubernetes|etcd] Support OpenShift 3.10 deployments
+ Resolves: bz1620048
+- [krb5|gssproxy] add new plugin, collect more krb5 files
+ Resolves: bz1607630
+- [block] collect luksDump for all encrypted devices
+ Resolves: bz1599739
+- [archive] Dont copystat /sys and /proc paths
+ Resolves: bz1619234
+
+* Fri Aug 10 2018 Pavel Moravec <pmoravec@redhat.com> = 3.6-4
+- [apparmor,ceph] fix typo in add_forbidden_path
+ Resolves: bz1614955
+- [policies] sanitize report label
+ Resolves: bz1614956
+- [policies,process] make lsof execution optional, dont call on RHOSP
+ Resolves: bz1614957
+- [sosreport] Add mechanism to encrypt final archive
+ Resolves: bz1614952
+- [archive] fix stat typo
+ Resolves: bz1614953
+- [rhui] Fix detection of CDS for RHUI3
+ Resolves: bz1614954
+- [archive] fix add_string()/do_*_sub() regression
+ Resolves: bz1599701
+
+* Fri Aug 10 2018 Bryn M. Reeves <bmr@redhat.com> = 3.6-3
+- Clean up spec file and sources
+- Integrate sos-audit subpackage
+ Resolves: bz1601084
+
+* Tue Jul 10 2018 Pavel Moravec <pmoravec@redhat.com> = 3.6-2
+- Rebase on upstream 3.6
+ Resolves: bz1549522
+
+* Fri Feb 09 2018 Fedora Release Engineering <releng@fedoraproject.org> - 3.5-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild
+
+* Tue Nov 14 2017 Sandro Bonazzola <sbonazzo@fedoraproject.org> - 3.5-1
+- Rebase on upstream 3.5
+- Resolves: BZ#1513030
+
+* Thu Jul 27 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.4-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
+
+* Wed Mar 29 2017 Sandro Bonazzola <sbonazzo@fedoraproject.org> - 3.4-1
+- Rebase on upstream 3.4
+- Resolves: BZ#1436969
+- Resolves: BZ#1427445
+
+* Thu Feb 23 2017 Sandro Bonazzola <sbonazzo@fedoraproject.org> - 3.3-1
+- Rebase on upstream 3.3
+- Resolves: BZ#1411314
+
+* Sat Feb 11 2017 Fedora Release Engineering <releng@fedoraproject.org> - 3.2-6
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
+
+* Mon Dec 19 2016 Miro Hrončok <mhroncok@redhat.com> - 3.2-5
+- Rebuild for Python 3.6
+
+* Tue Jul 19 2016 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.2-4
+- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages
+
+* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 3.2-3
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
+
+* Wed Dec 16 2015 Bryn M. Reeves <bmr@redhat.com> = 3.2-2
+- [sosreport] ensure private temporary directory is removed
+- [global] sync rawhide package with upstream
+- [ceph] collect /var/lib/ceph and /var/run/ceph
+- [sosreport] prepare report in a private subdirectory (CVE-2015-7529)
+- [docker] collect journald logs for docker unit
+- [sosreport] fix command-line report defaults
+- [openstack_neutron] obfuscate server_auth in restproxy.ini
+- [memory] collect swapon --show output in bytes
+- [sosreport] fix command-line report defaults (proper patch ordering)
+- [sapnw] call self methods properly
+- [openvswitch] capture the logs, db and OVS bridges details
+- [logs] fix reference to missing 'rsyslog_conf' variable
+- [sapnw] Add check if saphostctrl is not present, dont use Set
+- [Plugin] fix handling of symlinks in non-sysroot environments
+- [openstack] Ensure openstack passwords and secrets are obfuscated
+- [plugin] pass stderr through _collect_cmd_output
+- [kubernetes,plugin] Support running sos inside a container
+- [openstack] New Openstack Trove (DBaaS) plugin
+- [services] Add more diagnostics to applications
+- [openstack_neutron] Obscure passwords and secrets
+- [ceph] add calamari and ragos logs and configs
+- [iprconfig] enable plugin for ppc64* architectures
+- [general] verify --profile contains valid plugins only
+- [kernel,mpt,memory] additional kernel-related diagnostics
+- [cluster] enable crm_report password scrubbing
+- [sosreport] fix command-line report defaults
+- [virsh] add new plugin, add listing of qemu
+- [sap*,vhostmd] new plugins for SAP
+- [cluster] crm_report fails to run because dir already exists
+- [foreman] Skip collection of generic resources
+- [apache] Added collection of conf.modules.d dir for httpd 2.4
+- [pcp] collect /etc/pcp.conf
+- [puppet] adding new plugin for puppet
+- [block] Don't use parted human readable output
+- [general] Better handling --name and --ticket-number in
+- [networking] additional ip, firewall and traffic shaping
+- [infiniband] add opensm and infiniband-diags support
+- [plugins/rabbitmq] Added cluster_status command output
+- [networking] re-add 'ip addr' with a root symlink
+- [kimchi] add new plugin
+- [iprconfig] add plugin for IBM Power RAID adapters
+- [ovirt] Collect engine tunables and domain information.
+- [activemq] Honour all_logs and get config on RHEL
+- [cluster] Add luci to packages for standalone luci servers
+- [hpasm] hpasmcli commands hang under timeout
+- [mysql] Collect log file
+- [chrony] add chrony plugin
+- [openstack_sahara] redact secrets from sahara configuration
+- [openstack_sahara] add new openstack_sahara plugin
+- [openstack_neutron] neutron configuration and logs files not captured
+- [ovirt] remove ovirt-engine setup answer file password leak
+- [networking] network plugin fails if NetworkManager is disabled
+- [cluster] crm_report fails to run because dir already exists
+- [mysql] improve handling of dbuser, dbpass and MYSQL_PWD
+- [mysql] test for boolean values in dbuser and dbpass
+- [plugin] limit path names to PC_NAME_MAX
+- [squid] collect files from /var/log/squid
+- [sosreport] log plugin exceptions to a file
+- [ctdb] fix collection of /etc/sysconfig/ctdb
+- [sosreport] fix silent exception handling
+- [sosreport] do not make logging calls after OSError
+- [sosreport] catch OSError exceptions in SoSReport.execute()
+- [anaconda] make useradd password regex tolerant of whitespace
+- [mysql] fix handling of mysql.dbpass option
+- [navicli] catch exceptions if stdin is unreadable
+- [docs] update man page for new options
+- [sosreport] make all utf-8 handling user errors=ignore
+- [kpatch] do not attempt to collect data if kpatch is not installed
+- [archive] drop support for Zip archives
+- [sosreport] fix archive permissions regression
+- [tomcat] add support for tomcat7 and default log size limits
+- [mysql] obtain database password from the environment
+- [corosync] add postprocessing for corosync-objctl output
+- [ovirt_hosted_engine] fix exception when force-enabled
+- [yum] call rhsm-debug with --no-subscriptions
+- [powerpc] allow PowerPC plugin to run on ppc64le
+- [package] add Obsoletes for sos-plugins-openstack
+- [pam] add pam_tally2 and faillock support
+- [postgresql] obtain db password from the environment
+- [pcp] add Performance Co-Pilot plugin
+- [nfsserver] collect /etc/exports.d
+- [sosreport] handle --compression-type correctly
+- [anaconda] redact passwords in kickstart configurations
+- [haproxy] add new plugin
+- [keepalived] add new plugin
+- [lvm2] set locking_type=0 when calling lvm commands
+- [tuned] add new plugin
+- [cgroups] collect /etc/sysconfig/cgred
+- [plugins] ensure doc text is always displayed for plugins
+- [sosreport] fix the distribution version API call
+- [docker] add new plugin
+- [openstack_*] include broken-out openstack plugins
+- [mysql] support MariaDB
+- [openstack] do not collect /var/lib/nova
+- [grub2] collect grub.cfg on UEFI systems
+- [sosreport] handle out-of-space errors gracefully
+- [firewalld] new plugin
+- [networking] collect NetworkManager status
+- [kpatch] new plugin
+- [global] update to upstream 3.2 release
+- [foreman] add new plugin
+
+* Tue Nov 10 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.2-0.4.a
+- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5
+
+* Fri Jul 17 2015 Miro Hrončok <mhroncok@redhat.com> - 3.2-0.3.a
+- Use Python 3 (#1014595)
+- Use setup.py instead of make
+- Remove some deprecated statements
+
+* Fri Jun 19 2015 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.2-0.2.a
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
+
+* Tue Jun 17 2014 Bryn M. Reeves <bmr@redhat.com> = 3.2-0.1.a
+- Make source URL handling compliant with packaging guidelines
+- Update to new upstream pre-release sos-3.2-alpha1
+
+* Sun Jun 08 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 3.1-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
+
+* Tue Apr 01 2014 Bryn M. Reeves <bmr@redhat.com> = 3.1-1
+- Update to new upstream release sos-3.1
+- Add collection of grub configuration for UEFI systems
+- Raise a TypeError if add_copy_specs() is called with a string
+- Add tests for Plugin.add_copy_spec()/add_copy_specs()
+- Update Plugin tests to treat copy_paths as a set
+- Use a set for Plugin.copy_paths
+- Remove references to 'sub' parameter from plugin tests
+- Remove 'sub' parameter from Plugin.add_copy_spec*()
+- Drop RedHatPlugin from procenv
+- Update plugin_tests.py to match new method names
+- Remove obsolete checksum reference from utilities_tests.py
+- Refactor Plugin.collect() pathway
+- Fix x86 arch detection in processor plugin
+- Pythonify Plugin._path_in_pathlist()
+- Clean up package checks in processor plugin
+- Replace self.policy().pkg_by_name() us in Logs plugin
+- Convert infiniband to package list
+- Dead code removal: PluginException
+- Dead code removal: sos.plugins.common_prefix()
+- Add vim tags to all python source files
+- Dead code removal: utilities.checksum()
+- Dead code removal: DirTree
+- Dead code removal: sos_relative_path()
+- Remove --profile support
+- Fix plugin_test exception on six.PY2
+- Call rhsm-debug with the --sos switch
+- Do not collect isos in cobbler plugin
+- Match plugins against policies
+- Update policy_tests.py for validate_plugin change
+- Rename validatePlugin to validate_plugin
+- Fix broken binary detection in satellite plugin
+- Clean up get_cmd_path/make_cmd_path/make_cmd_dirs mess
+- Add tuned plugin
+- Update systemd support
+- Fix remaining use of obsolete 'get_cmd_dir()' in plugins
+- Add PowerNV specific debug data
+- powerpc: Move VPD related tool under common code
+- Remove the rhevm plugin.
+- Replace package check with file check in anacron
+- Scrub ldap_default_authtok password in sssd plugin
+- Eliminate hard-coded /var/log/sa paths in sar plugin
+- Remove useless check_enabled() from sar plugin
+- Improve error message when cluster.crm_from is invalid
+- Fix command output substitution exception
+- Add distupgrade plugin
+- Fix gluster volume name extraction
+- Ensure unused fds are closed when calling subprocesses via Popen
+- Pass --no-archive to rhsm-debug script
+- postgresql: allow use TCP socket
+- postgresql: added license and copyright
+- postgresql: add logs about errors / warnings
+- postgresql: minor fixes
+- Include geo-replication status in gluster plugin
+- Make get_cmd_output_now() behaviour match 2.2
+- Add rhsm-debug collection to yum plugin
+- Always treat rhevm vdsmlogs option as string
+- Fix verbose file logging
+- Fix get_option() use in cluster plugin
+- Fix cluster postproc regression
+- Ensure superclass postproc method is called in ldap plugin
+- Remove obsolete diagnostics code from ldap plugin
+- Fix cluster module crm_report support
+
+* Thu Mar 20 2014 Bryn M. Reeves <bmr@redhat.com> = 3.0-23
+- Call rhsm-debug with the --sos switch
+
+* Mon Mar 03 2014 Bryn M. Reeves <bmr@redhat.com>
+- Fix package check in anacron plugin
+
+* Wed Feb 12 2014 Bryn M. Reeves <bmr@redhat.com>
+- Remove obsolete rhel_version() usage from yum plugin
+
+* Tue Feb 11 2014 Bryn M. Reeves <bmr@redhat.com>
+- Prevent unhandled exception during command output substitution
+
+* Mon Feb 10 2014 Bryn M. Reeves <bmr@redhat.com>
+- Fix generation of volume names in gluster plugin
+- Add distupgrade plugin
+
+* Tue Feb 04 2014 Bryn M. Reeves <bmr@redhat.com>
+- Prevent file descriptor leaks when using Popen
+- Disable zip archive creation when running rhsm-debug
+- Include volume geo-replication status in gluster plugin
+
+* Mon Feb 03 2014 Bryn M. Reeves <bmr@redhat.com>
+- Fix get_option use in cluster plugin
+- Fix debug logging to file when given '-v'
+- Always treat rhevm plugin's vdsmlogs option as a string
+- Run the rhsm-debug script from yum plugin
+
+* Fri Jan 31 2014 Bryn M. Reeves <bmr@redhat.com>
+- Add new plugin to collect OpenHPI configuration
+- Fix cluster plugin crm_report support
+- Fix file postprocessing in ldap plugin
+- Remove collection of anaconda-ks.cfg from general plugin
+
+* Fri Jan 24 2014 Bryn M. Reeves <bmr@redhat.com>
+- Remove debug statements from logs plugin
+- Make ethernet interface detection more robust
+- Fix specifying multiple plugin options on the command line
+- Make log and message levels match previous versions
+- Log a warning message when external commands time out
+- Remove --upload command line option
+- Update sos UI text to match upstream
+
+* Fri Dec 27 2013 Daniel Mach <dmach@redhat.com>
+- Mass rebuild 2013-12-27
+
+* Thu Nov 14 2013 Bryn M. Reeves <bmr@redhat.com>
+- Fix regressions introduced with --build option
+
+* Tue Nov 12 2013 Bryn M. Reeves <bmr@redhat.com>
+- Fix typo in yum plug-in add_forbidden_paths
+- Add krb5 plug-in and drop collection of krb5.keytab
+
+* Fri Nov 8 2013 Bryn M. Reeves <bmr@redhat.com>
+- Add nfs client plug-in
+- Fix traceback when sar module force-enabled
+
+* Thu Nov 7 2013 Bryn M. Reeves <bmr@redhat.com>
+- Restore --build command line option
+- Collect saved vmcore-dmesg.txt files
+- Normalize temporary directory paths
+
+* Tue Nov 5 2013 Bryn M. Reeves <bmr@redhat.com>
+- Add domainname output to NIS plug-in
+- Collect /var/log/squid in squid plug-in
+- Collect mountstats and mountinfo in filesys plug-in
+- Add PowerPC plug-in from upstream
+
+* Thu Oct 31 2013 Bryn M. Reeves <bmr@redhat.com>
+- Remove version checks in gluster plug-in
+- Check for usable temporary directory
+- Fix --alloptions command line option
+- Fix configuration fail regression
+
+* Wed Oct 30 2013 Bryn M. Reeves <bmr@redhat.com>
+- Include /etc/yaboot.conf in boot plug-in
+- Fix collection of brctl output in networking plug-in
+- Verify limited set of RPM packages by default
+- Do not strip newlines from command output
+- Limit default sar data collection
+
+* Thu Oct 3 2013 Bryn M. Reeves <bmr@redhat.com>
+- Do not attempt to read RPC pseudo files in networking plug-in
+- Restrict wbinfo collection to the current domain
+- Add obfuscation of luci secrets to cluster plug-in
+- Add XFS plug-in
+- Fix policy class handling of --tmp-dir
+- Do not set batch mode if stdin is not a TTY
+- Attempt to continue when reading bad input in interactive mode
+
+* Wed Aug 14 2013 Bryn M. Reeves <bmr@redhat.com>
+- Add crm_report support to cluster plug-in
+- Fix rhel_version() usage in cluster and s390 plug-ins
+- Strip trailing newline from command output
+
+* Mon Jun 10 2013 Bryn M. Reeves <bmr@redhat.com>
+- Silence 'could not run' messages at default verbosity
+- New upstream release
+
+* Thu May 23 2013 Bryn M. Reeves <bmr@redhat.com>
+- Always invoke tar with '-f-' option
+
+* Mon Jan 21 2013 Bryn M. Reeves <bmr@redhat.com>
+- Fix interactive mode regression when --ticket unspecified
+
+* Fri Jan 18 2013 Bryn M. Reeves <bmr@redhat.com>
+- Fix propagation of --ticket parameter in interactive mode
+
+* Thu Jan 17 2013 Bryn M. Reeves <bmr@redhat.com>
+- Revert OpenStack patch
+
+* Wed Jan 9 2013 Bryn M. Reeves <bmr@redhat.com>
+- Report --name and --ticket values as defaults
+- Fix device-mapper command execution logging
+- Fix data collection and rename PostreSQL module to pgsql
+
+* Fri Oct 19 2012 Bryn M. Reeves <bmr@redhat.com>
+- Add support for content delivery hosts to RHUI module
+
+* Thu Oct 18 2012 Bryn M. Reeves <bmr@redhat.com>
+- Add Red Hat Update Infrastructure module
+- Collect /proc/iomem in hardware module
+- Collect subscription-manager output in general module
+- Collect rhsm log files in general module
+- Fix exception in gluster module on non-gluster systems
+- Fix exception in psql module when dbname is not given
+
+* Wed Oct 17 2012 Bryn M. Reeves <bmr@redhat.com>
+- Collect /proc/pagetypeinfo in memory module
+- Strip trailing newline from command output
+- Add sanlock module
+- Do not collect archived accounting files in psacct module
+- Call spacewalk-debug from rhn module to collect satellite data
+
+* Mon Oct 15 2012 Bryn M. Reeves <bmr@redhat.com>
+- Avoid calling volume status when collecting gluster statedumps
+- Use a default report name if --name is empty
+- Quote tilde characters passed to shell in RPM module
+- Collect KDC and named configuration in ipa module
+- Sanitize hostname characters before using as report path
+- Collect /etc/multipath in device-mapper module
+- New plug-in for PostgreSQL
+- Add OpenStack module
+- Avoid deprecated sysctls in /proc/sys/net
+- Fix error logging when calling external programs
+- Use ip instead of ifconfig to generate network interface lists
+
+* Wed May 23 2012 Bryn M. Reeves <bmr@redhat.com>
+- Collect the swift configuration directory in gluster module
+- Update IPA module and related plug-ins
+
+* Fri May 18 2012 Bryn M. Reeves <bmr@redhat.com>
+- Collect mcelog files in the hardware module
+
+* Wed May 02 2012 Bryn M. Reeves <bmr@redhat.com>
+- Add nfs statedump collection to gluster module
+
+* Tue May 01 2012 Bryn M. Reeves <bmr@redhat.com>
+- Use wildcard to match possible libvirt log paths
+
+* Mon Apr 23 2012 Bryn M. Reeves <bmr@redhat.com>
+- Add forbidden paths for new location of gluster private keys
+
+* Fri Mar 9 2012 Bryn M. Reeves <bmr@redhat.com>
+- Fix katello and aeolus command string syntax
+- Remove stray hunk from gluster module patch
+
+* Thu Mar 8 2012 Bryn M. Reeves <bmr@redhat.com>
+- Correct aeolus debug invocation in CloudForms module
+- Update gluster module for gluster-3.3
+- Add additional command output to gluster module
+- Add support for collecting gluster configuration and logs
+
+* Wed Mar 7 2012 Bryn M. Reeves <bmr@redhat.com>
+- Collect additional diagnostic information for realtime systems
+- Improve sanitization of RHN user and case number in report name
+- Fix verbose output and debug logging
+- Add basic support for CloudForms data collection
+- Add support for Subscription Asset Manager diagnostics
+
+* Tue Mar 6 2012 Bryn M. Reeves <bmr@redhat.com>
+- Collect fence_virt.conf in cluster module
+- Fix collection of /proc/net directory tree
+- Gather output of cpufreq-info when present
+- Fix brctl showstp output when bridges contain multiple interfaces
+- Add /etc/modprobe.d to kernel module
+- Ensure relative symlink targets are correctly handled when copying
+- Fix satellite and proxy package detection in rhn plugin
+- Collect stderr output from external commands
+- Collect /proc/cgroups in the cgroups module
+ Resolve: bz784874
+- Collect /proc/irq in the kernel module
+- Fix installed-rpms formatting for long package names
+- Add symbolic links for truncated log files
+- Collect non-standard syslog and rsyslog log files
+- Use correct paths for tomcat6 in RHN module
+- Obscure root password if present in anacond-ks.cfg
+- Do not accept embedded forward slashes in RHN usernames
+- Add new sunrpc module to collect rpcinfo for gluster systems
+
+* Tue Nov 1 2011 Bryn M. Reeves <bmr@redhat.com>
+- Do not collect subscription manager keys in general plugin
+
+* Fri Sep 23 2011 Bryn M. Reeves <bmr@redhat.com>
+- Fix execution of RHN hardware.py from hardware plugin
+- Fix hardware plugin to support new lsusb path
+
+* Fri Sep 09 2011 Bryn M. Reeves <bmr@redhat.com>
+- Fix brctl collection when a bridge contains no interfaces
+- Fix up2dateclient path in hardware plugin
+
+* Mon Aug 15 2011 Bryn M. Reeves <bmr@redhat.com>
+- Collect brctl show and showstp output
+- Collect nslcd.conf in ldap plugin
+
+* Sun Aug 14 2011 Bryn M. Reeves <bmr@redhat.com>
+- Truncate files that exceed specified size limit
+- Add support for collecting Red Hat Subscrition Manager configuration
+- Collect /etc/init on systems using upstart
+- Don't strip whitespace from output of external programs
+- Collect ipv6 neighbour table in network module
+- Collect basic cgroups configuration data
+
+* Sat Aug 13 2011 Bryn M. Reeves <bmr@redhat.com>
+- Fix collection of data from LVM2 reporting tools in devicemapper plugin
+- Add /proc/vmmemctl collection to vmware plugin
+
+* Fri Aug 12 2011 Bryn M. Reeves <bmr@redhat.com>
+- Collect yum repository list by default
+- Add basic Infiniband plugin
+- Add plugin for scsi-target-utils iSCSI target
+- Fix autofs plugin LC_ALL usage
+- Fix collection of lsusb and add collection of -t and -v outputs
+- Extend data collection by qpidd plugin
+- Add ethtool pause, coalesce and ring (-a, -c, -g) options to network plugin
+
+* Thu Apr 07 2011 Bryn M. Reeves <bmr@redhat.com>
+- Use sha256 for report digest when operating in FIPS mode
+
+* Tue Apr 05 2011 Bryn M. Reeves <bmr@redhat.com>
+- Fix parted and dumpe2fs output on s390
+
+* Fri Feb 25 2011 Bryn M. Reeves <bmr@redhat.com>
+- Fix collection of chkconfig output in startup.py
+- Collect /etc/dhcp in dhcp.py plugin
+- Collect dmsetup ls --tree output in devicemapper.py
+- Collect lsblk output in filesys.py
+
+* Thu Feb 24 2011 Bryn M. Reeves <bmr@redhat.com>
+- Fix collection of logs and config files in sssd.py
+- Add support for collecting entitlement certificates in rhn.py
+
+* Thu Feb 03 2011 Bryn M. Reeves <bmr@redhat.com>
+- Fix cluster plugin dlm lockdump for el6
+- Add sssd plugin to collect configuration and logs
+- Collect /etc/anacrontab in system plugin
+- Correct handling of redhat-release for el6
+
+* Thu Jul 29 2010 Adam Stokes <ajs at redhat dot com>
+
+* Thu Jun 10 2010 Adam Stokes <ajs at redhat dot com>
+
+* Wed Apr 28 2010 Adam Stokes <ajs at redhat dot com>
+
+* Mon Apr 12 2010 Adam Stokes <ajs at redhat dot com>
+
+* Tue Mar 30 2010 Adam Stokes <ajs at redhat dot com>
+- fix setup.py to autocompile translations and man pages
+- rebase 1.9
+
+* Fri Mar 19 2010 Adam Stokes <ajs at redhat dot com>
+- updated translations
+
+* Thu Mar 04 2010 Adam Stokes <ajs at redhat dot com>
+- version bump 1.9
+- replaced compression utility with xz
+- strip threading/multiprocessing
+- simplified progress indicator
+- pylint update
+- put global vars in class container
+- unittests
+- simple profiling
+- make use of xgettext as pygettext is deprecated
+
+* Mon Jan 18 2010 Adam Stokes <ajs at redhat dot com>
+- more sanitizing options for log files
+- rhbz fixes from RHEL version merged into trunk
+- progressbar update
+