diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..0964ff6 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +SOURCES/sos-3.8.tar.gz +SOURCES/sos-audit-0.3.tgz diff --git a/.sos.metadata b/.sos.metadata new file mode 100644 index 0000000..0c29651 --- /dev/null +++ b/.sos.metadata @@ -0,0 +1,2 @@ +99c94319c6208edef8d852b9e84cbb045c01df5f SOURCES/sos-3.8.tar.gz +9d478b9f0085da9178af103078bbf2fd77b0175a SOURCES/sos-audit-0.3.tgz diff --git a/SOURCES/sos-bz1688764-ipa-new-logs.patch b/SOURCES/sos-bz1688764-ipa-new-logs.patch new file mode 100644 index 0000000..a120ae5 --- /dev/null +++ b/SOURCES/sos-bz1688764-ipa-new-logs.patch @@ -0,0 +1,84 @@ +From f2350aece8a6980f80cfa0036382055239fd8a6b Mon Sep 17 00:00:00 2001 +From: Thorsten Scherf +Date: Mon, 1 Jul 2019 11:37:47 +0200 +Subject: [PATCH] [ipa] copy httpd cert from new location + +With the FreeIPA 4.7.0 release, httpd moved from mod_nss to mod_ssl. As a +result the httpd X.509 certificate is now no longer stored in NSS DB but as +plain PEM text file: /var/lib/ipa/certs/httpd.crt. The plugin needs to copy +this file into the sos archive. + +Closes: #1715 +Resolves: #1716 + +Signed-off-by: Thorsten Scherf +Signed-off-by: Bryn M. Reeves +--- + sos/plugins/ipa.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sos/plugins/ipa.py b/sos/plugins/ipa.py +index 50f42f259..310c0fa31 100644 +--- a/sos/plugins/ipa.py ++++ b/sos/plugins/ipa.py +@@ -115,6 +115,7 @@ def setup(self): + "/var/lib/certmonger/requests/[0-9]*", + "/var/lib/certmonger/cas/[0-9]*", + "/var/lib/ipa/ra-agent.pem", ++ "/var/lib/ipa/certs/httpd.crt", + "/var/kerberos/krb5kdc/kdc.crt", + "/var/lib/ipa/sysrestore/sysrestore.state" + ]) +From 5c0b2d56313b6fa58b46802317c98b89e5a68508 Mon Sep 17 00:00:00 2001 +From: Rob Crittenden +Date: Thu, 12 Sep 2019 12:02:34 -0400 +Subject: [PATCH] [ipa] collect ipa-healthcheck logs + +Resolves: #1782 + +Signed-off-by: Rob Crittenden +Signed-off-by: Bryn M. Reeves +--- + sos/plugins/ipa.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/sos/plugins/ipa.py b/sos/plugins/ipa.py +index 310c0fa31..750cb6fae 100644 +--- a/sos/plugins/ipa.py ++++ b/sos/plugins/ipa.py +@@ -117,7 +117,8 @@ def setup(self): + "/var/lib/ipa/ra-agent.pem", + "/var/lib/ipa/certs/httpd.crt", + "/var/kerberos/krb5kdc/kdc.crt", +- "/var/lib/ipa/sysrestore/sysrestore.state" ++ "/var/lib/ipa/sysrestore/sysrestore.state", ++ "/var/log/ipa/healthcheck/healthcheck.log*" + ]) + + # Make sure to use the right PKI config and NSS DB folders +From 823dbabde82ee941c421482a71be572984607ad4 Mon Sep 17 00:00:00 2001 +From: Pavel Moravec +Date: Tue, 1 Oct 2019 08:26:24 +0200 +Subject: [PATCH] [ipa] collect kdcproxy configs + +Resolves: #1806 + +Signed-off-by: Pavel Moravec +--- + sos/plugins/ipa.py | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/sos/plugins/ipa.py b/sos/plugins/ipa.py +index 750cb6fae..d3454de98 100644 +--- a/sos/plugins/ipa.py ++++ b/sos/plugins/ipa.py +@@ -111,6 +111,9 @@ def setup(self): + "/etc/named.*", + "/etc/ipa/ca.crt", + "/etc/ipa/default.conf", ++ "/etc/ipa/kdcproxy/kdcproxy.conf", ++ "/etc/ipa/kdcproxy/ipa-kdc-proxy.conf", ++ "/etc/ipa/kdcproxy.conf", + "/root/.ipa/log/cli.log", + "/var/lib/certmonger/requests/[0-9]*", + "/var/lib/certmonger/cas/[0-9]*", diff --git a/SOURCES/sos-bz1709682-grub2-mkconfig-dont-remove-kernel-opts.patch b/SOURCES/sos-bz1709682-grub2-mkconfig-dont-remove-kernel-opts.patch new file mode 100644 index 0000000..3f20a54 --- /dev/null +++ b/SOURCES/sos-bz1709682-grub2-mkconfig-dont-remove-kernel-opts.patch @@ -0,0 +1,180 @@ +From 7097f737339f0cde6da923a4ce16a008d229cda7 Mon Sep 17 00:00:00 2001 +From: Pavel Moravec +Date: Mon, 16 Sep 2019 17:13:27 +0200 +Subject: [PATCH 1/2] [plugins] extend SoSPredicate by command output inclusion + test + +Add a predicate type in form + +cmd_outputs={'cmd': 'foo --help', 'output': 'bar'} + +that checks whether output of given command contains given string. + +Multiple commands/outputs can be provided in a list. + +Related to: #1682 + +Signed-off-by: Pavel Moravec +--- + sos/plugins/__init__.py | 57 +++++++++++++++++++++++++++++++++++------ + 1 file changed, 49 insertions(+), 8 deletions(-) + +diff --git a/sos/plugins/__init__.py b/sos/plugins/__init__.py +index a0b291bea..516a61109 100644 +--- a/sos/plugins/__init__.py ++++ b/sos/plugins/__init__.py +@@ -115,6 +115,9 @@ class SoSPredicate(object): + #: Services enablement list + services = [] + ++ # Command output inclusion pairs {'cmd': 'foo --help', 'output': 'bar'} ++ cmd_outputs = [] ++ + def __str(self, quote=False, prefix="", suffix=""): + """Return a string representation of this SoSPredicate with + optional prefix, suffix and value quoting. +@@ -128,14 +131,23 @@ class SoSPredicate(object): + + services = self.services + services = [quotes % s for s in services] if quote else services +- pstr += "services=[%s]" % (",".join(services)) ++ pstr += "services=[%s], " % (",".join(services)) ++ ++ cmdoutputs = [ ++ "{ %s: %s, %s: %s }" % (quotes % "cmd", ++ quotes % cmdoutput['cmd'], ++ quotes % "output", ++ quotes % cmdoutput['output']) ++ for cmdoutput in self.cmd_outputs ++ ] ++ pstr += "cmdoutputs=[%s]" % (",".join(cmdoutputs)) + + return prefix + pstr + suffix + + def __str__(self): + """Return a string representation of this SoSPredicate. + +- "dry_run=False, kmods=[], services=[]" ++ "dry_run=False, kmods=[], services=[], cmdoutputs=[]" + """ + return self.__str() + +@@ -143,7 +155,7 @@ class SoSPredicate(object): + """Return a machine readable string representation of this + SoSPredicate. + +- "SoSPredicate(dry_run=False, kmods=[], services=[])" ++ "SoSPredicate(dry_run=False, kmods=[], services=[], cmdoutputs=[])" + """ + return self.__str(quote=True, prefix="SoSPredicate(", suffix=")") + +@@ -170,15 +182,39 @@ class SoSPredicate(object): + else: + return all(_svcs) + ++ def _eval_cmd_output(self, cmd_output): ++ '''Does 'cmd' output contain string 'output'?''' ++ if 'cmd' not in cmd_output or 'output' not in cmd_output: ++ return False ++ result = sos_get_command_output(cmd_output['cmd']) ++ if result['status'] != 0: ++ return False ++ for line in result['output'].splitlines(): ++ if cmd_output['output'] in line: ++ return True ++ return False ++ ++ def _eval_cmd_outputs(self): ++ if not self.cmd_outputs: ++ return True ++ ++ _cmds = [self._eval_cmd_output(c) for c in self.cmd_outputs] ++ ++ if self.required['commands'] == 'any': ++ return any(_cmds) ++ else: ++ return all(_cmds) ++ + def __nonzero__(self): + """Predicate evaluation hook. + """ + + # Null predicate? +- if not any([self.kmods, self.services, self.dry_run]): ++ if not any([self.kmods, self.services, self.cmd_outputs, self.dry_run]): + return True + +- return ((self._eval_kmods() and self._eval_services()) and not ++ return ((self._eval_kmods() and self._eval_services() and ++ self._eval_cmd_outputs()) and not + self.dry_run) + + def __bool__(self): +@@ -187,14 +223,17 @@ class SoSPredicate(object): + return self.__nonzero__() + + def __init__(self, owner, dry_run=False, kmods=[], services=[], +- required={}): ++ cmd_outputs=[], required={}): + """Initialise a new SoSPredicate object. + """ + self._owner = owner + self.kmods = list(kmods) + self.services = list(services) ++ if not isinstance(cmd_outputs, list): ++ cmd_outputs = [cmd_outputs] ++ self.cmd_outputs = cmd_outputs + self.dry_run = dry_run | self._owner.commons['cmdlineopts'].dry_run +- self.required = {'kmods': 'any', 'services': 'any'} ++ self.required = {'kmods': 'any', 'services': 'any', 'commands': 'any'} + self.required.update({ + k: v for k, v in required.items() if + required[k] != self.required[k] + +From 47e434c50e63f80e4b620e74d81c636c8c8a8d97 Mon Sep 17 00:00:00 2001 +From: Pavel Moravec +Date: Mon, 16 Sep 2019 17:15:40 +0200 +Subject: [PATCH 2/2] [grub2] call grub2-config with --no-grubenv-update when + appropriate + +On some newer grub2 versions, grub2-config removes extra args in +$kernel_opts until --no-grubenv-update option is used. + +Test if the option is present in "grub2-config --help" and if so, use it. + +Resolves: #1682 + +Signed-off-by: Pavel Moravec +--- +diff --git a/sos/plugins/grub2.py b/sos/plugins/grub2.py +index 9786de44d..0ca6fe096 100644 +--- a/sos/plugins/grub2.py ++++ b/sos/plugins/grub2.py +@@ -6,7 +6,8 @@ + # + # See the LICENSE file in the source distribution for further information. + +-from sos.plugins import Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin ++from sos.plugins import (Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin, ++ SoSPredicate) + + + class Grub2(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin): +@@ -32,9 +33,16 @@ def setup(self): + self.add_cmd_output("ls -lanR /boot") + # call grub2-mkconfig with GRUB_DISABLE_OS_PROBER=true to prevent + # possible unwanted loading of some kernel modules ++ # further, check if the command supports --no-grubenv-update option ++ # to prevent removing of extra args in $kernel_opts, and (only) if so, ++ # call the command with this argument + env = {} + env['GRUB_DISABLE_OS_PROBER'] = 'true' +- self.add_cmd_output("grub2-mkconfig", env=env) ++ grub_cmd = 'grub2-mkconfig' ++ co = {'cmd': 'grub2-mkconfig --help', 'output': '--no-grubenv-update'} ++ if self.test_predicate(self, pred=SoSPredicate(self, cmd_outputs=co)): ++ grub_cmd += ' --no-grubenv-update' ++ self.add_cmd_output(grub_cmd, env=env) + + def postproc(self): + # the trailing space is required; python treats '_' as whitespace diff --git a/SOURCES/sos-bz1721779-ebpf-net-list.patch b/SOURCES/sos-bz1721779-ebpf-net-list.patch new file mode 100644 index 0000000..a1858a0 --- /dev/null +++ b/SOURCES/sos-bz1721779-ebpf-net-list.patch @@ -0,0 +1,29 @@ +From 62b77dcd78dc271879d01f0132acea1952ef226d Mon Sep 17 00:00:00 2001 +From: Pavel Moravec +Date: Thu, 27 Jun 2019 13:44:40 +0200 +Subject: [PATCH] [kernel] collect "bpftool net list" + +List bpf program attachments in the kernel networking subsystem. + +Resolves: #1712 + +Signed-off-by: Pavel Moravec +--- + sos/plugins/kernel.py | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/sos/plugins/kernel.py b/sos/plugins/kernel.py +index 558e71438..bf3c3deaa 100644 +--- a/sos/plugins/kernel.py ++++ b/sos/plugins/kernel.py +@@ -142,6 +142,10 @@ class Kernel(Plugin, RedHatPlugin, Debia + if not self.get_option("trace"): + self.add_forbidden_path("/sys/kernel/debug/tracing/trace") + ++ # collect list of bpf program attachments in the kernel ++ # networking subsystem ++ self.add_cmd_output("bpftool net list") ++ + # collect list of eBPF programs and maps and their dumps + prog_file = self.get_cmd_output_now("bpftool -j prog list") + for prog_id in self.get_bpftool_prog_ids(prog_file): diff --git a/SOURCES/sos-bz1738391-kernel-no-trace-by-default.patch b/SOURCES/sos-bz1738391-kernel-no-trace-by-default.patch new file mode 100644 index 0000000..5aec064 --- /dev/null +++ b/SOURCES/sos-bz1738391-kernel-no-trace-by-default.patch @@ -0,0 +1,79 @@ +From 55949fb88c492eec542c69157a8763ddb3555345 Mon Sep 17 00:00:00 2001 +From: MIZUTA Takeshi +Date: Thu, 6 Jun 2019 18:42:40 +0900 +Subject: [PATCH] [plugins] Change forbidden_path from partial-match to + exact-match + +forbidden_path is evaluated on partial-match. +However, it will be correct to evaluate on exact-match. + +Closes: #1692 +Resolves: #1695 + +Signed-off-by: MIZUTA Takeshi +Signed-off-by: Bryn M. Reeves +--- + sos/plugins/__init__.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sos/plugins/__init__.py b/sos/plugins/__init__.py +index 56af847a..41f4f58c 100644 +--- a/sos/plugins/__init__.py ++++ b/sos/plugins/__init__.py +@@ -64,7 +64,7 @@ def _mangle_command(command, name_max): + + + def _path_in_path_list(path, path_list): +- return any(p in path for p in path_list) ++ return any(p == path for p in path_list) + + + def _node_type(st): +-- +2.21.0 + +From d2d5b9da6d4af7ead8a47468db0bbfcc8fb2b5bf Mon Sep 17 00:00:00 2001 +From: Pavel Moravec +Date: Thu, 26 Sep 2019 10:50:18 +0200 +Subject: [PATCH] [kernel] Don't collect trace file by default + +Updates the plugin to don't collect trace file by default. Collecting +trace file may take a lot of time, so trace file is not collected +by default, and use the new plug-in option when collecting. + +Original author: MIZUTA Takeshi + +Closes: #1688 +Resolves: #1800 + +Signed-off-by: Pavel Moravec +Signed-off-by: Bryn M. Reeves +--- + sos/plugins/kernel.py | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/sos/plugins/kernel.py b/sos/plugins/kernel.py +index bf3c3dea..b498f55e 100644 +--- a/sos/plugins/kernel.py ++++ b/sos/plugins/kernel.py +@@ -23,7 +23,8 @@ class Kernel(Plugin, RedHatPlugin, Debia + sys_module = '/sys/module' + + option_list = [ +- ("with-timer", "gather /proc/timer* statistics", "slow", False) ++ ("with-timer", "gather /proc/timer* statistics", "slow", False), ++ ("trace", "gather /sys/kernel/debug/tracing/trace file", "slow", False) + ] + + def get_bpftool_prog_ids(self, prog_file): +@@ -138,6 +139,9 @@ class Kernel(Plugin, RedHatPlugin, Debia + # and may also cause softlockups + self.add_copy_spec("/proc/timer*") + ++ if not self.get_option("trace"): ++ self.add_forbidden_path("/sys/kernel/debug/tracing/trace") ++ + # collect list of eBPF programs and maps and their dumps + prog_file = self.get_cmd_output_now("bpftool -j prog list") + for prog_id in self.get_bpftool_prog_ids(prog_file): +2.21.0 diff --git a/SOURCES/sos-bz1741330-openswan-to-libreswan.patch b/SOURCES/sos-bz1741330-openswan-to-libreswan.patch new file mode 100644 index 0000000..db247d2 --- /dev/null +++ b/SOURCES/sos-bz1741330-openswan-to-libreswan.patch @@ -0,0 +1,104 @@ +From b061168bdae759c88e9ef93f3620edae404e69fe Mon Sep 17 00:00:00 2001 +From: Stepan Broz +Date: Thu, 26 Sep 2019 12:56:00 +0200 +Subject: [PATCH] [libreswan] New plugin for "libreswan" IPsec + +The "libreswan" package is replacing "openswan" in many distributions. +This plugin is replacing the original "openswan" plugin that it is +based on. + +This plugin will now run for both "libreswan" and "openswan" packages, +or when the configuration file "/etc/ipsec.conf" is present. + +Data collected now include configuration, current status, XFRM policy +and state, XFRM statistics, basic information about certificates and +the NSS database. + +No private data (keys, certificates, secrets) are collected, authenti- +cation and encryption keys are removed from the output of +"ip xfrm state", and also from "ipsec barf" when running with the +"ipsec-barf" option set. + +Signed-off-by: Stepan Broz +--- + sos/plugins/{openswan.py => libreswan.py} | 37 ++++++++++++++++++----- + 1 file changed, 30 insertions(+), 7 deletions(-) + rename sos/plugins/{openswan.py => libreswan.py} (50%) + +diff --git a/sos/plugins/openswan.py b/sos/plugins/libreswan.py +similarity index 50% +rename from sos/plugins/openswan.py +rename to sos/plugins/libreswan.py +index ce5581320..717329b87 100644 +--- a/sos/plugins/openswan.py ++++ b/sos/plugins/libreswan.py +@@ -1,4 +1,5 @@ + # Copyright (C) 2007 Sadique Puthen ++# Copyright (C) 2019 Red Hat Inc., Stepan Broz + + # This file is part of the sos project: https://github.com/sosreport/sos + # +@@ -11,29 +12,38 @@ + from sos.plugins import Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin + + +-class Openswan(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin): +- """Openswan IPsec ++class Libreswan(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin): ++ """Libreswan IPsec + """ + +- plugin_name = 'openswan' +- profiles = ('network', 'security') ++ plugin_name = 'libreswan' ++ profiles = ('network', 'security', 'openshift') + option_list = [ + ("ipsec-barf", "collect the output of the ipsec barf command", + "slow", False) + ] + + files = ('/etc/ipsec.conf',) +- packages = ('openswan', 'libreswan') ++ packages = ('libreswan', 'openswan') + + def setup(self): + self.add_copy_spec([ + "/etc/ipsec.conf", +- "/etc/ipsec.d" ++ "/etc/ipsec.d", ++ "/proc/net/xfrm_stat" + ]) + + # although this is 'verification' it's normally a very quick + # operation so is not conditional on --verify +- self.add_cmd_output("ipsec verify") ++ self.add_cmd_output([ ++ 'ipsec verify', ++ 'ipsec whack --status', ++ 'ipsec whack --listall', ++ 'certutil -L -d sql:/etc/ipsec.d', ++ 'ip xfrm policy', ++ 'ip xfrm state' ++ ]) ++ + if self.get_option("ipsec-barf"): + self.add_cmd_output("ipsec barf") + +@@ -44,4 +54,17 @@ def setup(self): + '/etc/ipsec.d/*.secrets' + ]) + ++ def postproc(self): ++ # Remove any sensitive data. ++ # "ip xfrm state" output contains encryption or authentication private ++ # keys: ++ xfrm_state_regexp = r'(aead|auth|auth-trunc|enc)' \ ++ r'(\s.*\s)(0x[0-9a-f]+)' ++ self.do_cmd_output_sub("state", xfrm_state_regexp, ++ r"\1\2********") ++ ++ if self.get_option("ipsec-barf"): ++ self.do_cmd_output_sub("barf", xfrm_state_regexp, ++ r"\1\2********") ++ + # vim: set et ts=4 sw=4 : diff --git a/SOURCES/sos-bz1744553-ovn-plugins-containerized-env.patch b/SOURCES/sos-bz1744553-ovn-plugins-containerized-env.patch new file mode 100644 index 0000000..9a97377 --- /dev/null +++ b/SOURCES/sos-bz1744553-ovn-plugins-containerized-env.patch @@ -0,0 +1,326 @@ +From cc6374914a47eb3777c5b8306506df43522a31e0 Mon Sep 17 00:00:00 2001 +From: Daniel Alvarez +Date: Thu, 18 Jul 2019 14:08:27 +0200 +Subject: [PATCH] [ovn_central] add additional show commands + +This patch is adding 'show' commands for both OVN +NorthBound and SouthBound databases. + +Signed-off-by: Daniel Alvarez +Signed-off-by: Bryn M. Reeves +--- + sos/plugins/ovn_central.py | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/sos/plugins/ovn_central.py b/sos/plugins/ovn_central.py +index e05856872..2d2526253 100644 +--- a/sos/plugins/ovn_central.py ++++ b/sos/plugins/ovn_central.py +@@ -57,6 +57,8 @@ def setup(self): + + # Some user-friendly versions of DB output + cmds = [ ++ 'ovn-nbctl show', ++ 'ovn-sbctl show', + 'ovn-sbctl lflow-list', + 'ovn-nbctl get-ssl', + 'ovn-nbctl get-connection', +From 5fd4e850ad9a6636d0fb206954e8ab016584974d Mon Sep 17 00:00:00 2001 +From: Daniel Alvarez +Date: Wed, 11 Sep 2019 16:19:15 +0100 +Subject: [PATCH] [ovn_host] fix Open_vSwitch table name + +Signed-off-by: Daniel Alvarez +Signed-off-by: Bryn M. Reeves +--- + sos/plugins/ovn_host.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sos/plugins/ovn_host.py b/sos/plugins/ovn_host.py +index 542516279..ba35d87e7 100644 +--- a/sos/plugins/ovn_host.py ++++ b/sos/plugins/ovn_host.py +@@ -35,7 +35,7 @@ def setup(self): + self.add_cmd_output([ + 'ovs-ofctl -O OpenFlow13 dump-flows br-int', + 'ovs-vsctl list-br', +- 'ovs-vsctl list OpenVswitch', ++ 'ovs-vsctl list Open_vSwitch', + ]) + + self.add_journal(units="ovn-controller") +From 3c842046e9c4c5b371566347f51e5e242daf4f8d Mon Sep 17 00:00:00 2001 +From: Daniel Alvarez +Date: Tue, 23 Jul 2019 12:44:07 +0200 +Subject: [PATCH] [ovn_central] Add support to containerized setups + +This patch is adding support in ovn_central plugin to containerized +setups. + +Now it's detecting if the OVN central services are running in +container and execute the relevant commands inside it. The support +covers both podman and docker runtimes. + +Signed-off-by: Daniel Alvarez +--- + sos/plugins/ovn_central.py | 94 ++++++++++++++++++++++++++++---------- + 1 file changed, 69 insertions(+), 25 deletions(-) + +diff --git a/sos/plugins/ovn_central.py b/sos/plugins/ovn_central.py +index 2d2526253..a9fcdf33e 100644 +--- a/sos/plugins/ovn_central.py ++++ b/sos/plugins/ovn_central.py +@@ -19,30 +19,64 @@ class OVNCentral(Plugin): + """ + plugin_name = "ovn_central" + profiles = ('network', 'virt') +- +- def add_database_output(self, filename, cmds, ovn_cmd, skip=[]): ++ _container_runtime = None ++ _container_name = None ++ ++ def get_tables_from_schema(self, filename, skip=[]): ++ if self._container_name: ++ cmd = "%s exec %s cat %s" % ( ++ self._container_runtime, self._container_name, filename) ++ res = self.get_command_output(cmd) ++ if res['status'] != 0: ++ self._log_error("Could not retrieve DB schema file from " ++ "container %s" % self._container_name) ++ return ++ try: ++ db = json.loads(res['output']) ++ except Exception: ++ self._log_error("Cannot parse JSON file %s" % filename) ++ return ++ else: ++ try: ++ with open(filename, 'r') as f: ++ try: ++ db = json.load(f) ++ except Exception: ++ self._log_error( ++ "Cannot parse JSON file %s" % filename) ++ return ++ except IOError as ex: ++ self._log_error( ++ "Could not open DB schema file %s: %s" % (filename, ex)) ++ return + try: +- with open(filename, 'r') as f: +- try: +- db = json.load(f) +- except Exception: +- # If json can't be parsed, then exit early +- self._log_error("Cannot parse JSON file %s" % filename) +- return +- try: +- for table in six.iterkeys(db['tables']): +- if table not in skip: +- cmds.append('%s list %s' % (ovn_cmd, table)) +- except AttributeError: +- self._log_error("DB schema %s has no 'tables' key" % +- filename) +- return +- except IOError as ex: +- self._log_error("Could not open DB schema file %s: %s" % (filename, +- ex)) +- return ++ return [table for table in six.iterkeys( ++ db['tables']) if table not in skip] ++ except AttributeError: ++ self._log_error("DB schema %s has no 'tables' key" % filename) ++ ++ def add_database_output(self, tables, cmds, ovn_cmd): ++ for table in tables: ++ cmds.append('%s list %s' % (ovn_cmd, table)) ++ ++ def running_in_container(self): ++ for runtime in ["podman", "docker"]: ++ container_status = self.get_command_output(runtime + " ps") ++ if container_status['status'] == 0: ++ for line in container_status['output'].splitlines(): ++ if "ovn-dbs-bundle" in line: ++ self._container_name = line.split()[-1] ++ self._container_runtime = runtime ++ return True ++ return False ++ ++ def check_enabled(self): ++ return (self.running_in_container() or ++ super(OVNCentral, self).check_enabled()) + + def setup(self): ++ containerized = self.running_in_container() ++ + ovs_rundir = os.environ.get('OVS_RUNDIR') + for pidfile in ['ovnnb_db.pid', 'ovnsb_db.pid', 'ovn-northd.pid']: + self.add_copy_spec([ +@@ -68,10 +102,20 @@ def setup(self): + + schema_dir = '/usr/share/openvswitch' + +- self.add_database_output(os.path.join(schema_dir, 'ovn-nb.ovsschema'), +- cmds, 'ovn-nbctl') +- self.add_database_output(os.path.join(schema_dir, 'ovn-sb.ovsschema'), +- cmds, 'ovn-sbctl', ['Logical_Flow']) ++ nb_tables = self.get_tables_from_schema(os.path.join( ++ schema_dir, 'ovn-nb.ovsschema')) ++ sb_tables = self.get_tables_from_schema(os.path.join( ++ schema_dir, 'ovn-sb.ovsschema'), ['Logical_Flow']) ++ ++ self.add_database_output(nb_tables, cmds, 'ovn-nbctl') ++ self.add_database_output(sb_tables, cmds, 'ovn-sbctl') ++ ++ # If OVN is containerized, we need to run the above commands inside ++ # the container. ++ if containerized: ++ cmds = ['%s exec %s %s' % (self._container_runtime, ++ self._container_name, ++ cmd) for cmd in cmds] + + self.add_cmd_output(cmds) + +From a895bf4096f1dbd71c9dbd4defb47783f4ef9840 Mon Sep 17 00:00:00 2001 +From: Daniel Alvarez +Date: Thu, 25 Jul 2019 11:42:16 +0200 +Subject: [PATCH] [ovn_host] Add support for containerized setups + +Prior to this patch, ovn_host was disabled on containerized +setups due to the fact that ovn-controller package is not +installed in the host. + +This patch fixes it by checking if the ovn-controller process +is running. + +Resolves: #1767 + +Signed-off-by: Daniel Alvarez +Signed-off-by: Bryn M. Reeves +--- + sos/plugins/ovn_host.py | 21 ++++++++++++++------- + 1 file changed, 14 insertions(+), 7 deletions(-) + +diff --git a/sos/plugins/ovn_host.py b/sos/plugins/ovn_host.py +index ba35d87e7..5225f010e 100644 +--- a/sos/plugins/ovn_host.py ++++ b/sos/plugins/ovn_host.py +@@ -12,6 +12,15 @@ + from sos.plugins import Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin + + ++pidfile = 'ovn-controller.pid' ++pid_paths = [ ++ '/var/lib/openvswitch/ovn', ++ '/usr/local/var/run/openvswitch', ++ '/var/run/openvswitch', ++ '/run/openvswitch' ++] ++ ++ + class OVNHost(Plugin): + """ OVN Controller + """ +@@ -19,13 +28,6 @@ class OVNHost(Plugin): + profiles = ('network', 'virt') + + def setup(self): +- pidfile = 'ovn-controller.pid' +- pid_paths = [ +- '/var/lib/openvswitch/ovn', +- '/usr/local/var/run/openvswitch', +- '/var/run/openvswitch', +- '/run/openvswitch' +- ] + if os.environ.get('OVS_RUNDIR'): + pid_paths.append(os.environ.get('OVS_RUNDIR')) + self.add_copy_spec([os.path.join(pp, pidfile) for pp in pid_paths]) +@@ -40,6 +42,11 @@ def setup(self): + + self.add_journal(units="ovn-controller") + ++ def check_enabled(self): ++ return (any([os.path.isfile( ++ os.path.join(pp, pidfile)) for pp in pid_paths]) or ++ super(OVNHost, self).check_enabled()) ++ + + class RedHatOVNHost(OVNHost, RedHatPlugin): + +From 6d623ceb2bc973a603c2abb1c8c64f2980667a0d Mon Sep 17 00:00:00 2001 +From: Pavel Moravec +Date: Wed, 2 Oct 2019 12:19:19 +0200 +Subject: [PATCH] [ovn_central] dont add db outputs when no table is found in + schema + +When get_tables_from_schema method returns None (i.e. due to a +parsing error or missing config file), add_database_output tries +to iterate over None object, what raises an exception. + +Resolves: #1808 + +Signed-off-by: Pavel Moravec +--- + sos/plugins/ovn_central.py | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/sos/plugins/ovn_central.py b/sos/plugins/ovn_central.py +index a9fcdf33e..b5ff96f66 100644 +--- a/sos/plugins/ovn_central.py ++++ b/sos/plugins/ovn_central.py +@@ -56,6 +56,8 @@ def get_tables_from_schema(self, filename, skip=[]): + self._log_error("DB schema %s has no 'tables' key" % filename) + + def add_database_output(self, tables, cmds, ovn_cmd): ++ if not tables: ++ return + for table in tables: + cmds.append('%s list %s' % (ovn_cmd, table)) + +From 0c9a1f0cb98c5256a0ec1dec83b7c94d3bb39170 Mon Sep 17 00:00:00 2001 +From: Pavel Moravec +Date: Wed, 4 Dec 2019 15:53:16 +0100 +Subject: [PATCH] [ovn_central] call podman exec without a timeout + +This is a workaround fix of a podman bug (see rhbz1732525) where +"podman ps" can hang when "podman exec .." is invoked in detached +mode under "timeout". + +Calling it without timeout works fine. + +This commit can be reverted once the podman bug is fixed. + +Resolves: #1875 + +Signed-off-by: Pavel Moravec +--- + sos/plugins/ovn_central.py | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/sos/plugins/ovn_central.py b/sos/plugins/ovn_central.py +index c74bf403..32a5e1cb 100644 +--- a/sos/plugins/ovn_central.py ++++ b/sos/plugins/ovn_central.py +@@ -26,7 +26,8 @@ class OVNCentral(Plugin): + if self._container_name: + cmd = "%s exec %s cat %s" % ( + self._container_runtime, self._container_name, filename) +- res = self.get_command_output(cmd) ++ # the timeout=None is just a workaround for "podman ps" hung bug ++ res = self.get_command_output(cmd, timeout=None) + if res['status'] != 0: + self._log_error("Could not retrieve DB schema file from " + "container %s" % self._container_name) +@@ -118,7 +119,8 @@ class OVNCentral(Plugin): + self._container_name, + cmd) for cmd in cmds] + +- self.add_cmd_output(cmds) ++ # the timeout=None is just a workaround for "podman ps" hung bug ++ self.add_cmd_output(cmds, timeout=None) + + self.add_copy_spec("/etc/sysconfig/ovn-northd") + +-- +2.21.0 + diff --git a/SOURCES/sos-bz1766915-interim-sysroot-forbidden-paths.patch b/SOURCES/sos-bz1766915-interim-sysroot-forbidden-paths.patch new file mode 100644 index 0000000..5a0fd80 --- /dev/null +++ b/SOURCES/sos-bz1766915-interim-sysroot-forbidden-paths.patch @@ -0,0 +1,354 @@ +From 9a0ab16793a8388b2c3d3909fd3a087c5b6296d4 Mon Sep 17 00:00:00 2001 +From: Pavel Moravec +Date: Fri, 1 Nov 2019 12:13:23 -0400 +Subject: [PATCH 01/10] [Plugin] remove invalid {strip/join}_sysroot() + +Do not strip the sysroot path prefix when calling _do_copy_path() +for a symlink target and do not add the sysroot prefix when +testing for a forbidden path. + +Related: #1842 + +Signed-off-by: Pavel Moravec +Signed-off-by: Bryn M. Reeves +--- + sos/plugins/__init__.py | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/sos/plugins/__init__.py b/sos/plugins/__init__.py +index e75ec82e..4f1b73ce 100644 +--- a/sos/plugins/__init__.py ++++ b/sos/plugins/__init__.py +@@ -731,7 +731,7 @@ class Plugin(object): + + # skip recursive copying of symlink pointing to itself. + if (absdest != srcpath): +- self._do_copy_path(self.strip_sysroot(absdest)) ++ self._do_copy_path(absdest) + else: + self._log_debug("link '%s' points to itself, skipping target..." + % linkdest) +@@ -758,8 +758,6 @@ class Plugin(object): + return None + + def _is_forbidden_path(self, path): +- if self.use_sysroot(): +- path = self.join_sysroot(path) + return _path_in_path_list(path, self.forbidden_paths) + + def _copy_node(self, path, st): +-- +2.21.0 + + +From aeeebf126fc9fdb0fd8c3b01418bef742bce78c3 Mon Sep 17 00:00:00 2001 +From: "Bryn M. Reeves" +Date: Fri, 1 Nov 2019 12:22:51 -0400 +Subject: [PATCH 02/10] [Plugin] fix destination paths in _do_copy_path() + +The path used to copy special device nodes and directories in +_do_copy_path() should be the destination path in the archive +(without sysroot prefix), and not the source path in the host +file system that includes this prefix. + +Related: #1842 + +Signed-off-by: Bryn M. Reeves +--- + sos/plugins/__init__.py | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/sos/plugins/__init__.py b/sos/plugins/__init__.py +index 4f1b73ce..60fbeaf7 100644 +--- a/sos/plugins/__init__.py ++++ b/sos/plugins/__init__.py +@@ -651,9 +651,13 @@ class Plugin(object): + self._copy_symlink(srcpath) + return + else: +- if stat.S_ISDIR(st.st_mode) and os.access(srcpath, os.R_OK): +- self._copy_dir(srcpath) +- return ++ if stat.S_ISDIR(st.st_mode) and os.access(srcpath, os.R_OK): ++ # copy empty directory ++ if not os.listdir(srcpath): ++ self.archive.add_dir(dest) ++ return ++ self._copy_dir(dest) ++ return + + # handle special nodes (block, char, fifo, socket) + if not (stat.S_ISREG(st.st_mode) or stat.S_ISDIR(st.st_mode)): +@@ -808,7 +808,7 @@ class Plugin(object): + ntype = _node_type(st) + self._log_debug("creating %s node at archive:'%s'" + % (ntype, dest)) +- self._copy_node(srcpath, st) ++ self._copy_node(dest, st) + return + + # if we get here, it's definitely a regular file (not a symlink or dir) +-- +2.21.0 + + +From 05f3d5bda8f548459fabcd38f2d087d6ecef98a2 Mon Sep 17 00:00:00 2001 +From: "Bryn M. Reeves" +Date: Fri, 1 Nov 2019 12:25:09 -0400 +Subject: [PATCH 03/10] [kernel] remove trailing directory globs in forbidden + paths + +Since the forbidden path test now uses an exact match the trailing +globs ("/some/directory/path/to/exclude/*") used to exclude trace +related directories from collection lead to a failure to properly +blacklist these files: + +The glob is expanded, for e.g.: + + "/sys/kernel/debug/tracing/per_cpu/*" + +Expands to unclude a 'cpuN' sub-directory for each CPU present on +the machine. These expanded paths are then added to the forbidden +paths list for the plugin: + + /sys/kernel/debug/tracing/per_cpu/cpu0 + /sys/kernel/debug/tracing/per_cpu/cpu1 + ... + +When an attempt is made to collect the entire "per_cpu" directory +a check is made for the full "/sys/kernel/debug/tracing/per_cpu" +path against each entry in the forbidden paths list. Since this is +a prefix of the actual paths stored no match is returned and the +collection is permitted. + +Remove the trailing globs from these directory paths and prevent +any collection of the directories they reference by the plugin. + +Related: #1842 + +Signed-off-by: Bryn M. Reeves +--- + sos/plugins/kernel.py | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/sos/plugins/kernel.py b/sos/plugins/kernel.py +index 88b14689..5c852143 100644 +--- a/sos/plugins/kernel.py ++++ b/sos/plugins/kernel.py +@@ -89,9 +89,9 @@ class Kernel(Plugin, RedHatPlugin, DebianPlugin, UbuntuPlugin): + self.add_forbidden_path([ + '/sys/kernel/debug/tracing/trace_pipe', + '/sys/kernel/debug/tracing/README', +- '/sys/kernel/debug/tracing/trace_stat/*', +- '/sys/kernel/debug/tracing/per_cpu/*', +- '/sys/kernel/debug/tracing/events/*', ++ '/sys/kernel/debug/tracing/trace_stat', ++ '/sys/kernel/debug/tracing/per_cpu', ++ '/sys/kernel/debug/tracing/events', + '/sys/kernel/debug/tracing/free_buffer', + '/sys/kernel/debug/tracing/trace_marker', + '/sys/kernel/debug/tracing/trace_marker_raw', +-- +2.21.0 + + +From 801c71b33dcfeaa980baa9f377b721bdd26aa5e8 Mon Sep 17 00:00:00 2001 +From: "Bryn M. Reeves" +Date: Fri, 1 Nov 2019 16:53:29 +0000 +Subject: [PATCH 04/10] [tests] fix test_copy_dir_forbidden_path + +Rather than call just Plugin.setup() and Plugin._do_copy_path(), +add an add_copy_spec() call to the mock plugin setup() method, +and invoke copying by calling the Plugin.collect() method. + +Related: #1845 + +Signed-off-by: Bryn M. Reeves +--- + tests/plugin_tests.py | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/tests/plugin_tests.py b/tests/plugin_tests.py +index b8760429..6522fe14 100644 +--- a/tests/plugin_tests.py ++++ b/tests/plugin_tests.py +@@ -81,6 +81,7 @@ class ForbiddenMockPlugin(Plugin): + plugin_name = "forbidden" + + def setup(self): ++ self.add_copy_spec("tests") + self.add_forbidden_path("tests") + + +@@ -235,7 +236,7 @@ class PluginTests(unittest.TestCase): + }) + p.archive = MockArchive() + p.setup() +- p._do_copy_path("tests") ++ p.collect() + self.assertEquals(p.archive.m, {}) + + +-- +2.21.0 + + +From c4182ebd52af523261d2e7ef75affbb88eaf31fb Mon Sep 17 00:00:00 2001 +From: "Bryn M. Reeves" +Date: Mon, 4 Nov 2019 10:45:15 +0000 +Subject: [PATCH 05/10] [Plugin] use correct source path when copying + directories + +Signed-off-by: Bryn M. Reeves +--- + sos/plugins/__init__.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sos/plugins/__init__.py b/sos/plugins/__init__.py +index 60fbeaf7..240fe9f1 100644 +--- a/sos/plugins/__init__.py ++++ b/sos/plugins/__init__.py +@@ -656,7 +656,7 @@ class Plugin(object): + if not os.listdir(srcpath): + self.archive.add_dir(dest) + return +- self._copy_dir(dest) ++ self._copy_dir(srcpath) + return + + # handle special nodes (block, char, fifo, socket) +-- +2.21.0 + + +From 68f4d7cc7adde00171af842b5bc808f41d888a87 Mon Sep 17 00:00:00 2001 +From: "Bryn M. Reeves" +Date: Mon, 4 Nov 2019 10:48:01 +0000 +Subject: [PATCH 06/10] [Plugin] improve _copy_dir() variable naming + +Directory entries found in _copy_dir() may be either files or +sub-directories: reflect this in the names of local variables. + +Signed-off-by: Bryn M. Reeves +--- + sos/plugins/__init__.py | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/sos/plugins/__init__.py b/sos/plugins/__init__.py +index 240fe9f1..1a1464c1 100644 +--- a/sos/plugins/__init__.py ++++ b/sos/plugins/__init__.py +@@ -738,10 +738,11 @@ class Plugin(object): + + def _copy_dir(self, srcpath): + try: +- for afile in os.listdir(srcpath): ++ for name in os.listdir(srcpath): + self._log_debug("recursively adding '%s' from '%s'" +- % (afile, srcpath)) +- self._do_copy_path(os.path.join(srcpath, afile), dest=None) ++ % (name, srcpath)) ++ path = os.path.join(srcpath, name) ++ self._do_copy_path(path) + except OSError as e: + if e.errno == errno.ELOOP: + msg = "Too many levels of symbolic links copying" +-- +2.21.0 + + +From ad3adef07c32aee5bdd438706c6c1d4590ff8297 Mon Sep 17 00:00:00 2001 +From: "Bryn M. Reeves" +Date: Mon, 4 Nov 2019 14:13:00 +0000 +Subject: [PATCH 07/10] [ceph] fix directory blacklist style + +Plugins must use 'path/to/exclude' rather than 'path/to/exclude/*' +in order to omit a directory and all its content from the report. + +Signed-off-by: Bryn M. Reeves +--- + sos/plugins/ceph.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sos/plugins/ceph.py b/sos/plugins/ceph.py +index 6e340c69..43284bc8 100644 +--- a/sos/plugins/ceph.py ++++ b/sos/plugins/ceph.py +@@ -103,8 +103,8 @@ class Ceph(Plugin, RedHatPlugin, UbuntuPlugin): + "/var/lib/ceph/*keyring*", + "/var/lib/ceph/*/*keyring*", + "/var/lib/ceph/*/*/*keyring*", +- "/var/lib/ceph/osd/*", +- "/var/lib/ceph/mon/*", ++ "/var/lib/ceph/osd", ++ "/var/lib/ceph/mon", + # Excludes temporary ceph-osd mount location like + # /var/lib/ceph/tmp/mnt.XXXX from sos collection. + "/var/lib/ceph/tmp/*mnt*", +-- +2.21.0 + + +From 4d1576b04d35902ce44d26d6a5b2219e6f9c175a Mon Sep 17 00:00:00 2001 +From: "Bryn M. Reeves" +Date: Mon, 4 Nov 2019 14:15:55 +0000 +Subject: [PATCH 09/10] [openstack_octavia] fix directory blacklist style + +Plugins must use 'path/to/exclude' rather than 'path/to/exclude/*' +in order to omit a directory and all its content from the report. + +Signed-off-by: Bryn M. Reeves +--- + sos/plugins/openstack_octavia.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/sos/plugins/openstack_octavia.py b/sos/plugins/openstack_octavia.py +index b97c83fa..ccdcd4c9 100644 +--- a/sos/plugins/openstack_octavia.py ++++ b/sos/plugins/openstack_octavia.py +@@ -30,7 +30,7 @@ class OpenStackOctavia(Plugin): + ]) + + # don't collect certificates +- self.add_forbidden_path("/etc/octavia/certs/") ++ self.add_forbidden_path("/etc/octavia/certs") + + # logs + if self.get_option("all_logs"): +-- +2.21.0 + + +From 1fd194191a56c51052f0c24ddeb3bbf9088ae0ca Mon Sep 17 00:00:00 2001 +From: "Bryn M. Reeves" +Date: Mon, 4 Nov 2019 14:16:13 +0000 +Subject: [PATCH 10/10] [vdsm] fix directory blacklist style + +Plugins must use 'path/to/exclude' rather than 'path/to/exclude/*' +in order to omit a directory and all its content from the report. + +Signed-off-by: Bryn M. Reeves +--- + sos/plugins/vdsm.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sos/plugins/vdsm.py b/sos/plugins/vdsm.py +index b2a1ca58..69672643 100644 +--- a/sos/plugins/vdsm.py ++++ b/sos/plugins/vdsm.py +@@ -60,9 +60,9 @@ class Vdsm(Plugin, RedHatPlugin): + plugin_name = 'vdsm' + + def setup(self): +- self.add_forbidden_path('/etc/pki/vdsm/keys/*') ++ self.add_forbidden_path('/etc/pki/vdsm/keys') + self.add_forbidden_path('/etc/pki/vdsm/libvirt-spice/*-key.*') +- self.add_forbidden_path('/etc/pki/libvirt/private/*') ++ self.add_forbidden_path('/etc/pki/libvirt/private') + + self.add_cmd_output('service vdsmd status') + self.add_cmd_output('service supervdsmd status') + +-- +2.21.0 + diff --git a/SOURCES/sos-bz1768956-ebpf-per-namespace.patch b/SOURCES/sos-bz1768956-ebpf-per-namespace.patch new file mode 100644 index 0000000..7f52847 --- /dev/null +++ b/SOURCES/sos-bz1768956-ebpf-per-namespace.patch @@ -0,0 +1,58 @@ +From 93ba31695ad532ce96c93dc511f966e7a3e9ae94 Mon Sep 17 00:00:00 2001 +From: Pavel Moravec +Date: Tue, 3 Dec 2019 22:03:10 +0100 +Subject: [PATCH] [kernel,networking] collect bpftool net list for each + namespace + +- move "bpftool net list" command execution from kernel to networking +plugin as it belongs rather to networking. +- collect that output per each net name space as well + +Resolves: #1874 + +Signed-off-by: Pavel Moravec +--- + sos/plugins/kernel.py | 4 ---- + sos/plugins/networking.py | 7 ++++++- + 2 files changed, 6 insertions(+), 5 deletions(-) + +diff --git a/sos/plugins/kernel.py b/sos/plugins/kernel.py +index 5c8521433..8224e5c05 100644 +--- a/sos/plugins/kernel.py ++++ b/sos/plugins/kernel.py +@@ -142,10 +142,6 @@ class Kernel(Plugin, RedHatPlugin, Debia + if not self.get_option("trace"): + self.add_forbidden_path("/sys/kernel/debug/tracing/trace") + +- # collect list of bpf program attachments in the kernel +- # networking subsystem +- self.add_cmd_output("bpftool net list") +- + # collect list of eBPF programs and maps and their dumps + prog_file = self.get_cmd_output_now("bpftool -j prog list") + for prog_id in self.get_bpftool_prog_ids(prog_file): +diff --git a/sos/plugins/networking.py b/sos/plugins/networking.py +index 2f655042a..0026cda9d 100644 +--- a/sos/plugins/networking.py ++++ b/sos/plugins/networking.py +@@ -205,6 +205,10 @@ class Networking(Plugin): + if self.get_option("traceroute"): + self.add_cmd_output("/bin/traceroute -n %s" % self.trace_host) + ++ # collect list of bpf program attachments in the kernel ++ # networking subsystem ++ self.add_cmd_output("bpftool net list") ++ + # Capture additional data from namespaces; each command is run + # per-namespace. + ip_netns_file = self.get_cmd_output_now("ip netns") +@@ -212,7 +216,8 @@ def setup(self): + ns_cmd_prefix + "iptables-save", + ns_cmd_prefix + "netstat %s -neopa" % self.ns_wide, + ns_cmd_prefix + "netstat -s", +- ns_cmd_prefix + "netstat %s -agn" % self.ns_wide ++ ns_cmd_prefix + "netstat %s -agn" % self.ns_wide, ++ ns_cmd_prefix + "bpftool net list", + ]) + + ss_cmd = ns_cmd_prefix + "ss -peaonmi" diff --git a/SOURCES/sos-bz1781819-dnf-module-list.patch b/SOURCES/sos-bz1781819-dnf-module-list.patch new file mode 100644 index 0000000..6a36f80 --- /dev/null +++ b/SOURCES/sos-bz1781819-dnf-module-list.patch @@ -0,0 +1,29 @@ +From ba546077c0e4835b8087eacc75da0c4d475bade2 Mon Sep 17 00:00:00 2001 +From: Jake Hunsaker +Date: Tue, 10 Dec 2019 11:06:03 -0500 +Subject: [PATCH 2/2] [dnf] Collect dnf module list + +Adds collection of `dnf module list` to the plugin, to show a list of +all modules available to the system, instead of just those that are +currently installed. + +Related: RHBZ#1781819 +Resolves: #1887 + +Signed-off-by: Jake Hunsaker +--- + sos/plugins/dnf.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sos/plugins/dnf.py b/sos/plugins/dnf.py +index 754ca26ab..1bc01a985 100644 +--- a/sos/plugins/dnf.py ++++ b/sos/plugins/dnf.py +@@ -49,6 +49,7 @@ def setup(self): + "dnf --version", + "dnf list installed *dnf*", + "dnf list extras", ++ "dnf module list", + "package-cleanup --dupes", + "package-cleanup --problems" + ]) diff --git a/SOURCES/sos-bz1783034-ceph-insights.patch b/SOURCES/sos-bz1783034-ceph-insights.patch new file mode 100644 index 0000000..4fd7fd7 --- /dev/null +++ b/SOURCES/sos-bz1783034-ceph-insights.patch @@ -0,0 +1,27 @@ +From f205f3aebeff8041fae6357727f9514f7e85157b Mon Sep 17 00:00:00 2001 +From: Brad Hubbard +Date: Tue, 10 Dec 2019 08:22:55 +1000 +Subject: [PATCH] [ceph] Add 'ceph insights' command output + +This change adds the output of the recently added 'ceph insights' +command. + +Resolves: #1888 + +Signed-off-by: Brad Hubbard +--- + sos/plugins/ceph.py | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/sos/plugins/ceph.py b/sos/plugins/ceph.py +index 43284bc82..2936aaa96 100644 +--- a/sos/plugins/ceph.py ++++ b/sos/plugins/ceph.py +@@ -69,6 +69,7 @@ class Ceph(Plugin, RedHatPlugin, UbuntuP + "ceph osd crush show-tunables", + "ceph-disk list", + "ceph versions", ++ "ceph insights", + "ceph osd crush dump" + ]) + diff --git a/SOURCES/sos-bz1789018-allow-system-changes.patch b/SOURCES/sos-bz1789018-allow-system-changes.patch new file mode 100644 index 0000000..021368e --- /dev/null +++ b/SOURCES/sos-bz1789018-allow-system-changes.patch @@ -0,0 +1,78 @@ +From 903958306830ea00ac47e3ea353eaa5d8abbacb6 Mon Sep 17 00:00:00 2001 +From: Jake Hunsaker +Date: Wed, 23 Oct 2019 14:24:59 -0400 +Subject: [PATCH] [Predicate] Override __bool__ to allow py3 evaluation + +The check in `Plugin.test_predicate()` relies on a 'is not None' test, +which on py2 invokes a call to `SoSPredicate.__nonzero__()` which in +turns runs our evaluation of the predicate. On py3 however, this test is +an explicit check to see if the object is `NoneType`. As such, +`__nonzero__()` never runs and the predicate defaults to always +evaluating ad `True`. This effectively removed any gating for command +execution on py3. + +By overriding `SoSPredicate.__bool__()` to wrap `__nonzero__()` we can +ensure that predicate evaluation is performed properly on both py2 and +py3 runtimes. + +Closes: #1839 +Resolves: #1840 + +Signed-off-by: Jake Hunsaker +--- + sos/plugins/__init__.py | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/sos/plugins/__init__.py b/sos/plugins/__init__.py +index ed55ea382..7ed75a5cc 100644 +--- a/sos/plugins/__init__.py ++++ b/sos/plugins/__init__.py +@@ -181,6 +181,11 @@ class SoSPredicate(object): + return ((self._eval_kmods() and self._eval_services()) and not + self.dry_run) + ++ def __bool__(self): ++ # Py3 evaluation ends in a __bool__() call where py2 ends in a call ++ # to __nonzero__(). Wrap the latter here, to support both versions ++ return self.__nonzero__() ++ + def __init__(self, owner, dry_run=False, kmods=[], services=[], + required={}): + """Initialise a new SoSPredicate object. +From 4c02a77a1c0403c903c835d85739a6213c1a2287 Mon Sep 17 00:00:00 2001 +From: Pavel Moravec +Date: Tue, 5 Nov 2019 17:29:57 +0100 +Subject: [PATCH] [man] describe --allow-system-changes + +In #1435, --allow-system-changes option was added that is documented +in sosreport --help but not in manpages. + +Resolves: #1850 + +Signed-off-by: Pavel Moravec +--- + man/en/sosreport.1 | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/man/en/sosreport.1 b/man/en/sosreport.1 +index 649cba04d..a885d5630 100644 +--- a/man/en/sosreport.1 ++++ b/man/en/sosreport.1 +@@ -25,6 +25,7 @@ sosreport \- Collect and package diagnostic and support data + [--log-size]\fR + [--all-logs]\fR + [--since YYYYMMDD[HHMMSS]]\fR ++ [--allow-system-changes]\fR + [-z|--compression-type method]\fR + [--encrypt-key KEY]\fR + [--encrypt-pass PASS]\fR +@@ -160,6 +161,9 @@ increase the size of reports. + Limits the collection to logs newer than this date. + This also affects \--all-logs. Will pad with 0s if HHMMSS isn't specified. + .TP ++.B \--allow-system-changes ++Run commands even if they can change the system (e.g. load kernel modules). ++.TP + .B \-z, \--compression-type METHOD + Override the default compression type specified by the active policy. + .TP diff --git a/SOURCES/sos-bz1789049-since-option-improved.patch b/SOURCES/sos-bz1789049-since-option-improved.patch new file mode 100644 index 0000000..6bd51fe --- /dev/null +++ b/SOURCES/sos-bz1789049-since-option-improved.patch @@ -0,0 +1,60 @@ +From 71cdbde72f81d586da37a9e108868d6aa1b4ef69 Mon Sep 17 00:00:00 2001 +From: Pavel Moravec +Date: Thu, 5 Dec 2019 14:26:03 +0100 +Subject: [PATCH] [plugins] improve heuristic for applying --since to + logarchives + +logarchive_pattern treats some configs (e.g. /etc/dbus-1) as log +archives, causing --since option will skip collecting them. + +This patch just improves the heuristic by claiming nothing under /etc +is a logarchive, and adds a warning to sosreport help. + +Improves: #1847 + +Signed-off-by: Pavel Moravec +--- + man/en/sosreport.1 | 5 ++++- + sos/plugins/__init__.py | 5 ++++- + 2 files changed, 8 insertions(+), 2 deletions(-) + +diff --git a/man/en/sosreport.1 b/man/en/sosreport.1 +index a885d5630..f63b8deab 100644 +--- a/man/en/sosreport.1 ++++ b/man/en/sosreport.1 +@@ -158,8 +158,11 @@ and including logs in non-default locations. This option may significantly + increase the size of reports. + .TP + .B \--since YYYYMMDD[HHMMSS] +-Limits the collection to logs newer than this date. ++Limits the collection of log archives(*) to those newer than this date. + This also affects \--all-logs. Will pad with 0s if HHMMSS isn't specified. ++(*) Sos interprets as a log archive any file not found in /etc, that has ++either a numeric or compression-type extension for example '.zip'. '.1', '.gz' ++ etc.) + .TP + .B \--allow-system-changes + Run commands even if they can change the system (e.g. load kernel modules). +diff --git a/sos/plugins/__init__.py b/sos/plugins/__init__.py +index b7a47b6a4..44ae413d0 100644 +--- a/sos/plugins/__init__.py ++++ b/sos/plugins/__init__.py +@@ -917,6 +917,7 @@ def add_copy_spec(self, copyspecs, sizelimit=None, maxage=None, + since = self.get_option('since') + + logarchive_pattern = re.compile(r'.*((\.(zip|gz|bz2|xz))|[-.][\d]+)$') ++ configfile_pattern = re.compile(r"^%s/*" % self.join_sysroot("etc")) + + if not self.test_predicate(pred=pred): + self._log_info("skipped copy spec '%s' due to predicate (%s)" % +@@ -962,7 +963,9 @@ def time_filter(path): + """ When --since is passed, or maxage is coming from the + plugin, we need to filter out older files """ + +- if logarchive_pattern.search(path) is None: ++ # skip config files or not-logarchive files from the filter ++ if ((logarchive_pattern.search(path) is None) or ++ (configfile_pattern.search(path) is not None)): + return True + filetime = datetime.fromtimestamp(getmtime(path)) + if ((since and filetime < since) or diff --git a/SPECS/sos.spec b/SPECS/sos.spec new file mode 100644 index 0000000..8ba1149 --- /dev/null +++ b/SPECS/sos.spec @@ -0,0 +1,794 @@ +%{!?python_sitelib: %define python_sitelib %(%{__python} -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} + +%global auditversion 0.3 + +Summary: A set of tools to gather troubleshooting information from a system +Name: sos +Version: 3.8 +Release: 2%{?dist} +Group: Applications/System +Source0: https://github.com/sosreport/sos/archive/%{version}/sos-%{version}.tar.gz +Source1: sos-audit-%{auditversion}.tgz +License: GPLv2+ +BuildArch: noarch +Url: http://github.com/sosreport/sos +BuildRequires: python3-devel +BuildRequires: python3-six +BuildRequires: gettext +Requires: libxml2-python3 +Requires: bzip2 +Requires: xz +Requires: python3-six +Conflicts: vdsm < 4.40 +Patch1: sos-bz1688764-ipa-new-logs.patch +Patch2: sos-bz1738391-kernel-no-trace-by-default.patch +Patch3: sos-bz1744553-ovn-plugins-containerized-env.patch +Patch4: sos-bz1766915-interim-sysroot-forbidden-paths.patch +Patch5: sos-bz1789018-allow-system-changes.patch +Patch6: sos-bz1789049-since-option-improved.patch +Patch7: sos-bz1783034-ceph-insights.patch +Patch8: sos-bz1781819-dnf-module-list.patch +Patch9: sos-bz1721779-ebpf-net-list.patch +Patch10: sos-bz1768956-ebpf-per-namespace.patch +Patch11: sos-bz1741330-openswan-to-libreswan.patch +Patch12: sos-bz1709682-grub2-mkconfig-dont-remove-kernel-opts.patch + +%description +Sos is a set of tools that gathers information about system +hardware and configuration. The information can then be used for +diagnostic purposes and debugging. Sos is commonly used to help +support technicians and developers. + +%prep +%setup -qn %{name}-%{version} +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%setup -T -D -a1 -q + +%build +%py3_build + +%install +%py3_install '--install-scripts=%{_sbindir}' + +install -Dm644 %{name}.conf %{buildroot}%{_sysconfdir}/%{name}.conf + +%find_lang %{name} || echo 0 + +cd %{name}-audit-%{auditversion} +DESTDIR=%{buildroot} ./install.sh +cd .. + +%files -f %{name}.lang +%{_sbindir}/sosreport +%{python3_sitelib}/* +%{_mandir}/man1/sosreport.1.gz +%{_mandir}/man5/sos.conf.5.gz +%doc AUTHORS README.md +%license LICENSE +%config(noreplace) %{_sysconfdir}/sos.conf + +%package audit +Summary: Audit use of some commands for support purposes +License: GPLv2+ +Group: Application/System + +%description audit + +Sos-audit provides configuration files for the Linux Auditing System +to track the use of some commands capable of changing the configuration +of the system. Currently storage and filesystem commands are audited. + +%post audit +%{_sbindir}/sos-audit.sh + +%files audit +%defattr(755,root,root,-) +%{_sbindir}/sos-audit.sh +%defattr(644,root,root,-) +%config(noreplace) %{_sysconfdir}/sos/sos-audit.conf +%defattr(444,root,root,-) +%{_prefix}/lib/sos/audit/* +%{_mandir}/man5/sos-audit.conf.5.gz +%{_mandir}/man8/sos-audit.sh.8.gz +%ghost /etc/audit/rules.d/40-sos-filesystem.rules +%ghost /etc/audit/rules.d/40-sos-storage.rules + +%changelog +* Fri Jan 10 2020 Pavel Moravec = 3.8-2 +- [plugins] improve heuristic for applying --since + Resolves: bz1789049 +- [Predicate] Override __bool__ to allow py3 evaluation + Resolves: bz1789018 +- [ceph] Add 'ceph insights' command output + Resolves: bz1783034 +- [dnf] Collect dnf module list + Resolves: bz1781819 +- [kernel,networking] collect bpftool net list for each + Resolves: bz1768956 +- [libreswan] New plugin for "libreswan" IPsec + Resolves: bz1741330 +- [kernel] collect "bpftool net list" + Resolves: bz1721779 +- [grub2] call grub2-config with --no-grubenv-update + Resolves: bz1709682 + +* Wed Dec 11 2019 Pavel Moravec = 3.8-1 +- Rebase on upstream 3.8 + Resolves: bz1779387 + +* Mon Nov 04 2019 Pavel Moravec = 3.7-7 +- [Plugin, kernel] interim sysroot fixes + Resolves: bz1766915 + +* Wed Oct 30 2019 Pavel Moravec = 3.7-6 +- [ovirt_hosted_engine] Add gluster deployment and cleanup log + Resolves: bz1744086 +- [vdsm]: Fix executing shell commands + Resolves: bz1744110 +- [ovn_*] Add support to containerized setups + Resolves: bz1744553 +- [ipa] collect ipa-healthcheck logs, kdcproxy configs, httpd cert + Resolves: bz1688764 + +* Wed Oct 02 2019 Pavel Moravec = 3.7-5 +- [kernel] Don't collect trace file by default + Resolves: bz1738391 + +* Thu Sep 12 2019 Pavel Moravec = 3.7-4 +- [openvswitch] catch all openvswitch2.* packages + Resolves: bz1745017 + +* Tue Jul 30 2019 Pavel Moravec = 3.7-3 +- [openstack] Extract Placement plugin from Nova + Resolves: bz1717882 +- [utilities] Fix high CPU usage and slow command collection + Resolves: bz1733352 +- [peripety] collect proper config file + Resolves: bz1665981 +- [sosreport,plugins] Stop plugin execution after timeout hit + Resolves: bz1733469 +- [nvme] collect config file everytime + Resolves: bz1665929 + +* Tue Jul 09 2019 Pavel Moravec = 3.7-2 +- [sar] collect whole sar log dir + Resolves: bz1714243 +- [archive] convert absolute symlink targets to relative + Resolves: bz1702806 +- [archive] Handle checking container sysroot in _make_leading_paths + Resolves: bz1728214 +- [frr] FRR plugin + Resolves: bz1709906 +- [policies] redhat policy to use hostname instead of rhn id + Resolves: bz1718087 +- Updates to vdsm plugin + Resolves: bz1700780 + +* Wed Jun 12 2019 Pavel Moravec = 3.7-1 +- Rebase on upstream 3.7 + Resolves: bz1684400 +- [buildah] parse container list properly even for scratch ones + Resolves: bz1687954 +- [PATCH] [maas,mysql,npm,pacemaker,postgresql] fix plugopts data types + Resolves: bz1695583 +- [plugins] add vdsm plugin + Resolves: bz1700780 +- [openstack_instack] add ansible.log + Resolves: bz1702806 +- [pcp] collect pmlogger without a sizelimit + Resolves: bz1719884 +- [foreman,satellite] increase plugin default timeouts + Resolves: bz1719885 +- [sosreport] [sosreport] initialize disabled plugins properly + Resolves: bz1719886 +- [katello] support both locations of qpid SSL certs + Resolves: bz1719887 + +* Thu May 02 2019 Pavel Moravec = 3.6-11 +- [composer] Collect sources info for all sources + Resolves: bz1678418 + +* Mon Jan 21 2019 Pavel Moravec = 3.6-10 +- [grub2] Enable plugin by grub2-common package also + Resolves: bz1666214 + +* Mon Jan 14 2019 Pavel Moravec = 3.6-9 +- [block] proper parsing of luks partition on self device + Resolves: bz1638855 +- [networking] Collect NUMA Node of each NIC + Resolves: bz1645085 +- [composer] add missing commas in list in add_copy_spec + Resolves: bz1644062 +- [opendaylight] Update directory for openDaylight logs + Resolves: bz1642377 + +* Fri Dec 13 2018 Pavel Moravec = 3.6-8 +- [plugins] fix exception when collecting empty strings + Resolves: bz1632607 +- [crypto] collect more configs and commands + Resolves: bz1638492 +- [networking] Replace "brctl: by "bridge" commands + Resolves: bz1644021 +- [firewalld] collect nftables ruleset + Resolves: bz1644022 +- [composer] New plugin for lorax-composer + Resolves: bz1644062 +- [Plugin] clean up Plugin.get_option() + Resolves: bz1655984 +- [ovirt_node] New plugin for oVirt Node + Resolves: bz1658937 +- [podman] Add support for gathering information on podman + Resolves: bz1658938 +- [postgresql] Do not limit dump size + Resolves: bz1658939 + +* Fri Oct 12 2018 Pavel Moravec = 3.6-7 +- [plugin,archive] fix remaining add_link issues + Resolves: bz1627543 +- [kernel] dont collect some tracing instance files + Resolves: bz1638637 +- [openstack_*] relax enabling of OSP RedHat plugins + Resolves: bz1638638 +- [powerpc] Add support to collect DLPAR and LPM related logs + Resolves: bz1637127 + +* Mon Sep 10 2018 Pavel Moravec = 3.6-6 +- [archive] fix leading path creation + Resolves: bz1627543 +- [atomic] Define valid preset for RHEL Atomic + Resolves: bz1627546 +- [utilities] wait till AsyncReader p.poll() returns None + Resolves: bz1627544 + +* Thu Aug 23 2018 Pavel Moravec = 3.6-5 +- [rhv-log-collector-analyzer] Add new plugin for RHV + Resolves: bz1620049 +- [kubernetes|etcd] Support OpenShift 3.10 deployments + Resolves: bz1620048 +- [krb5|gssproxy] add new plugin, collect more krb5 files + Resolves: bz1607630 +- [block] collect luksDump for all encrypted devices + Resolves: bz1599739 +- [archive] Dont copystat /sys and /proc paths + Resolves: bz1619234 + +* Fri Aug 10 2018 Pavel Moravec = 3.6-4 +- [apparmor,ceph] fix typo in add_forbidden_path + Resolves: bz1614955 +- [policies] sanitize report label + Resolves: bz1614956 +- [policies,process] make lsof execution optional, dont call on RHOSP + Resolves: bz1614957 +- [sosreport] Add mechanism to encrypt final archive + Resolves: bz1614952 +- [archive] fix stat typo + Resolves: bz1614953 +- [rhui] Fix detection of CDS for RHUI3 + Resolves: bz1614954 +- [archive] fix add_string()/do_*_sub() regression + Resolves: bz1599701 + +* Fri Aug 10 2018 Bryn M. Reeves = 3.6-3 +- Clean up spec file and sources +- Integrate sos-audit subpackage + Resolves: bz1601084 + +* Tue Jul 10 2018 Pavel Moravec = 3.6-2 +- Rebase on upstream 3.6 + Resolves: bz1549522 + +* Fri Feb 09 2018 Fedora Release Engineering - 3.5-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Tue Nov 14 2017 Sandro Bonazzola - 3.5-1 +- Rebase on upstream 3.5 +- Resolves: BZ#1513030 + +* Thu Jul 27 2017 Fedora Release Engineering - 3.4-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Wed Mar 29 2017 Sandro Bonazzola - 3.4-1 +- Rebase on upstream 3.4 +- Resolves: BZ#1436969 +- Resolves: BZ#1427445 + +* Thu Feb 23 2017 Sandro Bonazzola - 3.3-1 +- Rebase on upstream 3.3 +- Resolves: BZ#1411314 + +* Sat Feb 11 2017 Fedora Release Engineering - 3.2-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Mon Dec 19 2016 Miro Hrončok - 3.2-5 +- Rebuild for Python 3.6 + +* Tue Jul 19 2016 Fedora Release Engineering - 3.2-4 +- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages + +* Fri Feb 05 2016 Fedora Release Engineering - 3.2-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Wed Dec 16 2015 Bryn M. Reeves = 3.2-2 +- [sosreport] ensure private temporary directory is removed +- [global] sync rawhide package with upstream +- [ceph] collect /var/lib/ceph and /var/run/ceph +- [sosreport] prepare report in a private subdirectory (CVE-2015-7529) +- [docker] collect journald logs for docker unit +- [sosreport] fix command-line report defaults +- [openstack_neutron] obfuscate server_auth in restproxy.ini +- [memory] collect swapon --show output in bytes +- [sosreport] fix command-line report defaults (proper patch ordering) +- [sapnw] call self methods properly +- [openvswitch] capture the logs, db and OVS bridges details +- [logs] fix reference to missing 'rsyslog_conf' variable +- [sapnw] Add check if saphostctrl is not present, dont use Set +- [Plugin] fix handling of symlinks in non-sysroot environments +- [openstack] Ensure openstack passwords and secrets are obfuscated +- [plugin] pass stderr through _collect_cmd_output +- [kubernetes,plugin] Support running sos inside a container +- [openstack] New Openstack Trove (DBaaS) plugin +- [services] Add more diagnostics to applications +- [openstack_neutron] Obscure passwords and secrets +- [ceph] add calamari and ragos logs and configs +- [iprconfig] enable plugin for ppc64* architectures +- [general] verify --profile contains valid plugins only +- [kernel,mpt,memory] additional kernel-related diagnostics +- [cluster] enable crm_report password scrubbing +- [sosreport] fix command-line report defaults +- [virsh] add new plugin, add listing of qemu +- [sap*,vhostmd] new plugins for SAP +- [cluster] crm_report fails to run because dir already exists +- [foreman] Skip collection of generic resources +- [apache] Added collection of conf.modules.d dir for httpd 2.4 +- [pcp] collect /etc/pcp.conf +- [puppet] adding new plugin for puppet +- [block] Don't use parted human readable output +- [general] Better handling --name and --ticket-number in +- [networking] additional ip, firewall and traffic shaping +- [infiniband] add opensm and infiniband-diags support +- [plugins/rabbitmq] Added cluster_status command output +- [networking] re-add 'ip addr' with a root symlink +- [kimchi] add new plugin +- [iprconfig] add plugin for IBM Power RAID adapters +- [ovirt] Collect engine tunables and domain information. +- [activemq] Honour all_logs and get config on RHEL +- [cluster] Add luci to packages for standalone luci servers +- [hpasm] hpasmcli commands hang under timeout +- [mysql] Collect log file +- [chrony] add chrony plugin +- [openstack_sahara] redact secrets from sahara configuration +- [openstack_sahara] add new openstack_sahara plugin +- [openstack_neutron] neutron configuration and logs files not captured +- [ovirt] remove ovirt-engine setup answer file password leak +- [networking] network plugin fails if NetworkManager is disabled +- [cluster] crm_report fails to run because dir already exists +- [mysql] improve handling of dbuser, dbpass and MYSQL_PWD +- [mysql] test for boolean values in dbuser and dbpass +- [plugin] limit path names to PC_NAME_MAX +- [squid] collect files from /var/log/squid +- [sosreport] log plugin exceptions to a file +- [ctdb] fix collection of /etc/sysconfig/ctdb +- [sosreport] fix silent exception handling +- [sosreport] do not make logging calls after OSError +- [sosreport] catch OSError exceptions in SoSReport.execute() +- [anaconda] make useradd password regex tolerant of whitespace +- [mysql] fix handling of mysql.dbpass option +- [navicli] catch exceptions if stdin is unreadable +- [docs] update man page for new options +- [sosreport] make all utf-8 handling user errors=ignore +- [kpatch] do not attempt to collect data if kpatch is not installed +- [archive] drop support for Zip archives +- [sosreport] fix archive permissions regression +- [tomcat] add support for tomcat7 and default log size limits +- [mysql] obtain database password from the environment +- [corosync] add postprocessing for corosync-objctl output +- [ovirt_hosted_engine] fix exception when force-enabled +- [yum] call rhsm-debug with --no-subscriptions +- [powerpc] allow PowerPC plugin to run on ppc64le +- [package] add Obsoletes for sos-plugins-openstack +- [pam] add pam_tally2 and faillock support +- [postgresql] obtain db password from the environment +- [pcp] add Performance Co-Pilot plugin +- [nfsserver] collect /etc/exports.d +- [sosreport] handle --compression-type correctly +- [anaconda] redact passwords in kickstart configurations +- [haproxy] add new plugin +- [keepalived] add new plugin +- [lvm2] set locking_type=0 when calling lvm commands +- [tuned] add new plugin +- [cgroups] collect /etc/sysconfig/cgred +- [plugins] ensure doc text is always displayed for plugins +- [sosreport] fix the distribution version API call +- [docker] add new plugin +- [openstack_*] include broken-out openstack plugins +- [mysql] support MariaDB +- [openstack] do not collect /var/lib/nova +- [grub2] collect grub.cfg on UEFI systems +- [sosreport] handle out-of-space errors gracefully +- [firewalld] new plugin +- [networking] collect NetworkManager status +- [kpatch] new plugin +- [global] update to upstream 3.2 release +- [foreman] add new plugin + +* Tue Nov 10 2015 Fedora Release Engineering - 3.2-0.4.a +- Rebuilt for https://fedoraproject.org/wiki/Changes/python3.5 + +* Fri Jul 17 2015 Miro Hrončok - 3.2-0.3.a +- Use Python 3 (#1014595) +- Use setup.py instead of make +- Remove some deprecated statements + +* Fri Jun 19 2015 Fedora Release Engineering - 3.2-0.2.a +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue Jun 17 2014 Bryn M. Reeves = 3.2-0.1.a +- Make source URL handling compliant with packaging guidelines +- Update to new upstream pre-release sos-3.2-alpha1 + +* Sun Jun 08 2014 Fedora Release Engineering - 3.1-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Tue Apr 01 2014 Bryn M. Reeves = 3.1-1 +- Update to new upstream release sos-3.1 +- Add collection of grub configuration for UEFI systems +- Raise a TypeError if add_copy_specs() is called with a string +- Add tests for Plugin.add_copy_spec()/add_copy_specs() +- Update Plugin tests to treat copy_paths as a set +- Use a set for Plugin.copy_paths +- Remove references to 'sub' parameter from plugin tests +- Remove 'sub' parameter from Plugin.add_copy_spec*() +- Drop RedHatPlugin from procenv +- Update plugin_tests.py to match new method names +- Remove obsolete checksum reference from utilities_tests.py +- Refactor Plugin.collect() pathway +- Fix x86 arch detection in processor plugin +- Pythonify Plugin._path_in_pathlist() +- Clean up package checks in processor plugin +- Replace self.policy().pkg_by_name() us in Logs plugin +- Convert infiniband to package list +- Dead code removal: PluginException +- Dead code removal: sos.plugins.common_prefix() +- Add vim tags to all python source files +- Dead code removal: utilities.checksum() +- Dead code removal: DirTree +- Dead code removal: sos_relative_path() +- Remove --profile support +- Fix plugin_test exception on six.PY2 +- Call rhsm-debug with the --sos switch +- Do not collect isos in cobbler plugin +- Match plugins against policies +- Update policy_tests.py for validate_plugin change +- Rename validatePlugin to validate_plugin +- Fix broken binary detection in satellite plugin +- Clean up get_cmd_path/make_cmd_path/make_cmd_dirs mess +- Add tuned plugin +- Update systemd support +- Fix remaining use of obsolete 'get_cmd_dir()' in plugins +- Add PowerNV specific debug data +- powerpc: Move VPD related tool under common code +- Remove the rhevm plugin. +- Replace package check with file check in anacron +- Scrub ldap_default_authtok password in sssd plugin +- Eliminate hard-coded /var/log/sa paths in sar plugin +- Remove useless check_enabled() from sar plugin +- Improve error message when cluster.crm_from is invalid +- Fix command output substitution exception +- Add distupgrade plugin +- Fix gluster volume name extraction +- Ensure unused fds are closed when calling subprocesses via Popen +- Pass --no-archive to rhsm-debug script +- postgresql: allow use TCP socket +- postgresql: added license and copyright +- postgresql: add logs about errors / warnings +- postgresql: minor fixes +- Include geo-replication status in gluster plugin +- Make get_cmd_output_now() behaviour match 2.2 +- Add rhsm-debug collection to yum plugin +- Always treat rhevm vdsmlogs option as string +- Fix verbose file logging +- Fix get_option() use in cluster plugin +- Fix cluster postproc regression +- Ensure superclass postproc method is called in ldap plugin +- Remove obsolete diagnostics code from ldap plugin +- Fix cluster module crm_report support + +* Thu Mar 20 2014 Bryn M. Reeves = 3.0-23 +- Call rhsm-debug with the --sos switch + +* Mon Mar 03 2014 Bryn M. Reeves +- Fix package check in anacron plugin + +* Wed Feb 12 2014 Bryn M. Reeves +- Remove obsolete rhel_version() usage from yum plugin + +* Tue Feb 11 2014 Bryn M. Reeves +- Prevent unhandled exception during command output substitution + +* Mon Feb 10 2014 Bryn M. Reeves +- Fix generation of volume names in gluster plugin +- Add distupgrade plugin + +* Tue Feb 04 2014 Bryn M. Reeves +- Prevent file descriptor leaks when using Popen +- Disable zip archive creation when running rhsm-debug +- Include volume geo-replication status in gluster plugin + +* Mon Feb 03 2014 Bryn M. Reeves +- Fix get_option use in cluster plugin +- Fix debug logging to file when given '-v' +- Always treat rhevm plugin's vdsmlogs option as a string +- Run the rhsm-debug script from yum plugin + +* Fri Jan 31 2014 Bryn M. Reeves +- Add new plugin to collect OpenHPI configuration +- Fix cluster plugin crm_report support +- Fix file postprocessing in ldap plugin +- Remove collection of anaconda-ks.cfg from general plugin + +* Fri Jan 24 2014 Bryn M. Reeves +- Remove debug statements from logs plugin +- Make ethernet interface detection more robust +- Fix specifying multiple plugin options on the command line +- Make log and message levels match previous versions +- Log a warning message when external commands time out +- Remove --upload command line option +- Update sos UI text to match upstream + +* Fri Dec 27 2013 Daniel Mach +- Mass rebuild 2013-12-27 + +* Thu Nov 14 2013 Bryn M. Reeves +- Fix regressions introduced with --build option + +* Tue Nov 12 2013 Bryn M. Reeves +- Fix typo in yum plug-in add_forbidden_paths +- Add krb5 plug-in and drop collection of krb5.keytab + +* Fri Nov 8 2013 Bryn M. Reeves +- Add nfs client plug-in +- Fix traceback when sar module force-enabled + +* Thu Nov 7 2013 Bryn M. Reeves +- Restore --build command line option +- Collect saved vmcore-dmesg.txt files +- Normalize temporary directory paths + +* Tue Nov 5 2013 Bryn M. Reeves +- Add domainname output to NIS plug-in +- Collect /var/log/squid in squid plug-in +- Collect mountstats and mountinfo in filesys plug-in +- Add PowerPC plug-in from upstream + +* Thu Oct 31 2013 Bryn M. Reeves +- Remove version checks in gluster plug-in +- Check for usable temporary directory +- Fix --alloptions command line option +- Fix configuration fail regression + +* Wed Oct 30 2013 Bryn M. Reeves +- Include /etc/yaboot.conf in boot plug-in +- Fix collection of brctl output in networking plug-in +- Verify limited set of RPM packages by default +- Do not strip newlines from command output +- Limit default sar data collection + +* Thu Oct 3 2013 Bryn M. Reeves +- Do not attempt to read RPC pseudo files in networking plug-in +- Restrict wbinfo collection to the current domain +- Add obfuscation of luci secrets to cluster plug-in +- Add XFS plug-in +- Fix policy class handling of --tmp-dir +- Do not set batch mode if stdin is not a TTY +- Attempt to continue when reading bad input in interactive mode + +* Wed Aug 14 2013 Bryn M. Reeves +- Add crm_report support to cluster plug-in +- Fix rhel_version() usage in cluster and s390 plug-ins +- Strip trailing newline from command output + +* Mon Jun 10 2013 Bryn M. Reeves +- Silence 'could not run' messages at default verbosity +- New upstream release + +* Thu May 23 2013 Bryn M. Reeves +- Always invoke tar with '-f-' option + +* Mon Jan 21 2013 Bryn M. Reeves +- Fix interactive mode regression when --ticket unspecified + +* Fri Jan 18 2013 Bryn M. Reeves +- Fix propagation of --ticket parameter in interactive mode + +* Thu Jan 17 2013 Bryn M. Reeves +- Revert OpenStack patch + +* Wed Jan 9 2013 Bryn M. Reeves +- Report --name and --ticket values as defaults +- Fix device-mapper command execution logging +- Fix data collection and rename PostreSQL module to pgsql + +* Fri Oct 19 2012 Bryn M. Reeves +- Add support for content delivery hosts to RHUI module + +* Thu Oct 18 2012 Bryn M. Reeves +- Add Red Hat Update Infrastructure module +- Collect /proc/iomem in hardware module +- Collect subscription-manager output in general module +- Collect rhsm log files in general module +- Fix exception in gluster module on non-gluster systems +- Fix exception in psql module when dbname is not given + +* Wed Oct 17 2012 Bryn M. Reeves +- Collect /proc/pagetypeinfo in memory module +- Strip trailing newline from command output +- Add sanlock module +- Do not collect archived accounting files in psacct module +- Call spacewalk-debug from rhn module to collect satellite data + +* Mon Oct 15 2012 Bryn M. Reeves +- Avoid calling volume status when collecting gluster statedumps +- Use a default report name if --name is empty +- Quote tilde characters passed to shell in RPM module +- Collect KDC and named configuration in ipa module +- Sanitize hostname characters before using as report path +- Collect /etc/multipath in device-mapper module +- New plug-in for PostgreSQL +- Add OpenStack module +- Avoid deprecated sysctls in /proc/sys/net +- Fix error logging when calling external programs +- Use ip instead of ifconfig to generate network interface lists + +* Wed May 23 2012 Bryn M. Reeves +- Collect the swift configuration directory in gluster module +- Update IPA module and related plug-ins + +* Fri May 18 2012 Bryn M. Reeves +- Collect mcelog files in the hardware module + +* Wed May 02 2012 Bryn M. Reeves +- Add nfs statedump collection to gluster module + +* Tue May 01 2012 Bryn M. Reeves +- Use wildcard to match possible libvirt log paths + +* Mon Apr 23 2012 Bryn M. Reeves +- Add forbidden paths for new location of gluster private keys + +* Fri Mar 9 2012 Bryn M. Reeves +- Fix katello and aeolus command string syntax +- Remove stray hunk from gluster module patch + +* Thu Mar 8 2012 Bryn M. Reeves +- Correct aeolus debug invocation in CloudForms module +- Update gluster module for gluster-3.3 +- Add additional command output to gluster module +- Add support for collecting gluster configuration and logs + +* Wed Mar 7 2012 Bryn M. Reeves +- Collect additional diagnostic information for realtime systems +- Improve sanitization of RHN user and case number in report name +- Fix verbose output and debug logging +- Add basic support for CloudForms data collection +- Add support for Subscription Asset Manager diagnostics + +* Tue Mar 6 2012 Bryn M. Reeves +- Collect fence_virt.conf in cluster module +- Fix collection of /proc/net directory tree +- Gather output of cpufreq-info when present +- Fix brctl showstp output when bridges contain multiple interfaces +- Add /etc/modprobe.d to kernel module +- Ensure relative symlink targets are correctly handled when copying +- Fix satellite and proxy package detection in rhn plugin +- Collect stderr output from external commands +- Collect /proc/cgroups in the cgroups module + Resolve: bz784874 +- Collect /proc/irq in the kernel module +- Fix installed-rpms formatting for long package names +- Add symbolic links for truncated log files +- Collect non-standard syslog and rsyslog log files +- Use correct paths for tomcat6 in RHN module +- Obscure root password if present in anacond-ks.cfg +- Do not accept embedded forward slashes in RHN usernames +- Add new sunrpc module to collect rpcinfo for gluster systems + +* Tue Nov 1 2011 Bryn M. Reeves +- Do not collect subscription manager keys in general plugin + +* Fri Sep 23 2011 Bryn M. Reeves +- Fix execution of RHN hardware.py from hardware plugin +- Fix hardware plugin to support new lsusb path + +* Fri Sep 09 2011 Bryn M. Reeves +- Fix brctl collection when a bridge contains no interfaces +- Fix up2dateclient path in hardware plugin + +* Mon Aug 15 2011 Bryn M. Reeves +- Collect brctl show and showstp output +- Collect nslcd.conf in ldap plugin + +* Sun Aug 14 2011 Bryn M. Reeves +- Truncate files that exceed specified size limit +- Add support for collecting Red Hat Subscrition Manager configuration +- Collect /etc/init on systems using upstart +- Don't strip whitespace from output of external programs +- Collect ipv6 neighbour table in network module +- Collect basic cgroups configuration data + +* Sat Aug 13 2011 Bryn M. Reeves +- Fix collection of data from LVM2 reporting tools in devicemapper plugin +- Add /proc/vmmemctl collection to vmware plugin + +* Fri Aug 12 2011 Bryn M. Reeves +- Collect yum repository list by default +- Add basic Infiniband plugin +- Add plugin for scsi-target-utils iSCSI target +- Fix autofs plugin LC_ALL usage +- Fix collection of lsusb and add collection of -t and -v outputs +- Extend data collection by qpidd plugin +- Add ethtool pause, coalesce and ring (-a, -c, -g) options to network plugin + +* Thu Apr 07 2011 Bryn M. Reeves +- Use sha256 for report digest when operating in FIPS mode + +* Tue Apr 05 2011 Bryn M. Reeves +- Fix parted and dumpe2fs output on s390 + +* Fri Feb 25 2011 Bryn M. Reeves +- Fix collection of chkconfig output in startup.py +- Collect /etc/dhcp in dhcp.py plugin +- Collect dmsetup ls --tree output in devicemapper.py +- Collect lsblk output in filesys.py + +* Thu Feb 24 2011 Bryn M. Reeves +- Fix collection of logs and config files in sssd.py +- Add support for collecting entitlement certificates in rhn.py + +* Thu Feb 03 2011 Bryn M. Reeves +- Fix cluster plugin dlm lockdump for el6 +- Add sssd plugin to collect configuration and logs +- Collect /etc/anacrontab in system plugin +- Correct handling of redhat-release for el6 + +* Thu Jul 29 2010 Adam Stokes + +* Thu Jun 10 2010 Adam Stokes + +* Wed Apr 28 2010 Adam Stokes + +* Mon Apr 12 2010 Adam Stokes + +* Tue Mar 30 2010 Adam Stokes +- fix setup.py to autocompile translations and man pages +- rebase 1.9 + +* Fri Mar 19 2010 Adam Stokes +- updated translations + +* Thu Mar 04 2010 Adam Stokes +- version bump 1.9 +- replaced compression utility with xz +- strip threading/multiprocessing +- simplified progress indicator +- pylint update +- put global vars in class container +- unittests +- simple profiling +- make use of xgettext as pygettext is deprecated + +* Mon Jan 18 2010 Adam Stokes +- more sanitizing options for log files +- rhbz fixes from RHEL version merged into trunk +- progressbar update +