From sbonazzo at redhat.com Tue Feb 4 14:56:57 2014 From: sbonazzo at redhat.com (Sandro Bonazzola) Date: Tue, 4 Feb 2014 15:56:57 +0100 Subject: [sos-devel] [PATCH] ovirt-engine: new plugin for oVirt project Message-ID: <1391525817-7324-1-git-send-email-sbonazzo@redhat.com> Change-Id: Ibaaba06e74def721946d9db76327280ef27f3678 Signed-off-by: Sandro Bonazzola --- sos/plugins/ovirt-engine.py | 164 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 164 insertions(+) create mode 100644 sos/plugins/ovirt-engine.py diff --git a/sos/plugins/ovirt-engine.py b/sos/plugins/ovirt-engine.py new file mode 100644 index 0000000..7994fcb --- /dev/null +++ b/sos/plugins/ovirt-engine.py @@ -0,0 +1,164 @@ +## Copyright (C) 2014 Red Hat, Inc., Sandro Bonazzola + +### This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +import os +import re +import signal +import subprocess + + +from sos.plugins import Plugin, RedHatPlugin + + +# Class name must be the same as file name and method names must not change +class OvirtEngine(Plugin, RedHatPlugin): + """oVirt Engine related information""" + + DB_PASS_FILES = re.compile( + flags=re.VERBOSE, + pattern=r""" + ^ + /etc/ + (rhevm|ovirt-engine)/ + engine.conf + (\.d/.+.conf)? + $ + """ + ) + + DEFAULT_SENSITIVE_KEYS = ( + 'ENGINE_DB_PASSWORD:ENGINE_PKI_TRUST_STORE_PASSWORD:' + 'ENGINE_PKI_ENGINE_STORE_PASSWORD' + ) + + plugin_name = "ovirt-engine" + + option_list = [ + ( + 'jbosstrace', + 'Enable oVirt Engine JBoss stack trace generation', + '', + True + ), + ( + 'sensitive_keys', + 'Sensitive keys to be masked', + '', + DEFAULT_SENSITIVE_KEYS + ), + ] + + def setup(self): + if self.get_option('jbosstrace'): + proc = subprocess.Popen( + args=[ + '/usr/bin/pgrep', + '-f', + 'jboss', + ], + stdout=subprocess.PIPE, + ) + output, err = proc.communicate() + returncode = proc.returncode + jboss_pids = set() + if returncode == 0: + jboss_pids = set([int(x) for x in output.splitlines()]) + proc = subprocess.Popen( + args=[ + '/usr/bin/pgrep', + '-f', + 'ovirt-engine', + ], + stdout=subprocess.PIPE, + ) + engine_output, err = proc.communicate() + if returncode == 0: + engine_pids = set( + [int(x) for x in engine_output.splitlines()] + ) + jboss_pids.intersection_update(engine_pids) + else: + self.soslog.error('Unable to get engine pids: %s' % err) + self.add_alert('Unable to get engine pids') + else: + self.soslog.error('Unable to get jboss pid: %s' % err) + self.add_alert('Unable to get jboss pid') + for pid in jboss_pids: + try: + os.kill(pid, signal.SIGQUIT) + except OSError as e: + self.soslog.error('Unable to send signal to %d' % pid, e) + + self.add_forbidden_path('/etc/ovirt-engine/.pgpass') + self.add_forbidden_path('/etc/rhevm/.pgpass') + # Copy engine config files. + self.add_copy_spec("/etc/ovirt-engine") + self.add_copy_spec("/etc/rhevm") + self.add_copy_spec("/var/log/ovirt-engine") + self.add_copy_spec("/var/log/rhevm") + self.add_copy_spec("/etc/sysconfig/ovirt-engine") + self.add_copy_spec("/usr/share/ovirt-engine/conf") + self.add_copy_spec("/var/log/ovirt-guest-agent") + self.add_copy_spec("/var/lib/ovirt-engine/setup-history.txt") + self.add_copy_spec("/var/lib/ovirt-engine/setup/answers") + self.add_copy_spec("/var/lib/ovirt-engine/external_truststore") + self.add_copy_spec("/var/tmp/ovirt-engine/config") + + def postproc(self): + """ + Obfuscate sensitive keys. + """ + self.do_file_sub( + "/etc/ovirt-engine/engine-config/engine-config.properties", + r"Password.type=(.*)", + r'Password.type=********' + ) + self.do_file_sub( + "/etc/rhevm/rhevm-config/rhevm-config.properties", + r"Password.type=(.*)", + r'Password.type=********' + ) + for filename in ( + 'ovirt-engine.xml', + 'ovirt-engine_history/current/ovirt-engine.v1.xml', + 'ovirt-engine_history/ovirt-engine.boot.xml', + 'ovirt-engine_history/ovirt-engine.initial.xml', + 'ovirt-engine_history/ovirt-engine.last.xml', + ): + self.do_file_sub( + "/var/tmp/ovirt-engine/config/%s" % filename, + r"(.*)", + r'********' + ) + + if self.get_option('sensitive_keys'): + sensitive_keys = self.get_option('sensitive_keys') + if self.get_option('sensitive_keys') is True: + #Handle --alloptions case which set this to True. + sensitive_keys = self.DEFAULT_SENSITIVE_KEYS + key_list = [x for x in sensitive_keys.split(':') if x] + for filename in self.copied_files: + if self.DB_PASS_FILES.match(filename['srcpath']): + for key in key_list: + self.do_file_sub( + filename['srcpath'], + r'{key}=(.*)'.format( + key=key, + ), + r'{key}=********'.format( + key=key, + ) + ) -- 1.8.1.4 From sbonazzo at redhat.com Tue Feb 4 14:57:22 2014 From: sbonazzo at redhat.com (Sandro Bonazzola) Date: Tue, 4 Feb 2014 15:57:22 +0100 Subject: [sos-devel] [PATCH 1/4] postgresql: minor fixes Message-ID: <1391525845-7423-1-git-send-email-sbonazzo@redhat.com> - pep8 / style fixes - Avoid redefining built-in 'file' Change-Id: I240268e0ce90328d09854d9825f9e06ef07a7f4f Signed-off-by: Sandro Bonazzola --- sos/plugins/postgresql.py | 60 ++++++++++++++++++++++++++++++----------------- 1 file changed, 39 insertions(+), 21 deletions(-) diff --git a/sos/plugins/postgresql.py b/sos/plugins/postgresql.py index 0a8e5ac..478faff 100644 --- a/sos/plugins/postgresql.py +++ b/sos/plugins/postgresql.py @@ -4,6 +4,7 @@ import tempfile from sos.plugins import Plugin, RedHatPlugin, UbuntuPlugin, DebianPlugin from sos.utilities import find + class PostgreSQL(Plugin): """PostgreSQL related information""" @@ -14,26 +15,31 @@ class PostgreSQL(Plugin): tmp_dir = None option_list = [ - ("pghome", 'PostgreSQL server home directory.', '', '/var/lib/pgsql'), - ("username", 'username for pg_dump', '', 'postgres'), - ("password", 'password for pg_dump', '', ''), - ("dbname", 'database name to dump for pg_dump', '', ''), + ('pghome', 'PostgreSQL server home directory.', '', '/var/lib/pgsql'), + ('username', 'username for pg_dump', '', 'postgres'), + ('password', 'password for pg_dump', '', ''), + ('dbname', 'database name to dump for pg_dump', '', ''), ] def pg_dump(self): dest_file = os.path.join(self.tmp_dir, "sos_pgdump.tar") old_env_pgpassword = os.environ.get("PGPASSWORD") os.environ["PGPASSWORD"] = self.get_option("password") - (status, output, rtime) = self.call_ext_prog("pg_dump %s -U %s -w -f %s -F t" % - (self.get_option("dbname"), - self.get_option("username"), - dest_file)) + (status, output, rtime) = self.call_ext_prog( + "pg_dump %s -U %s -w -f %s -F t" % ( + self.get_option("dbname"), + self.get_option("username"), + dest_file + ) + ) if old_env_pgpassword is not None: os.environ["PGPASSWORD"] = old_env_pgpassword if (status == 0): self.add_copy_spec(dest_file) else: - self.add_alert("ERROR: Unable to execute pg_dump. Error(%s)" % (output)) + self.add_alert( + "ERROR: Unable to execute pg_dump. Error(%s)" % (output) + ) def setup(self): if self.get_option("dbname"): @@ -41,13 +47,16 @@ class PostgreSQL(Plugin): self.tmp_dir = tempfile.mkdtemp() self.pg_dump() else: - self.add_alert("WARN: password must be supplied to dump a database.") + self.add_alert( + "WARN: password must be supplied to dump a database." + ) def postproc(self): import shutil if self.tmp_dir: shutil.rmtree(self.tmp_dir) + class RedHatPostgreSQL(PostgreSQL, RedHatPlugin): """PostgreSQL related information for Red Hat distributions""" @@ -55,14 +64,27 @@ class RedHatPostgreSQL(PostgreSQL, RedHatPlugin): super(RedHatPostgreSQL, self).setup() # Copy PostgreSQL log files. - for file in find("*.log", self.get_option("pghome")): - self.add_copy_spec(file) + for filename in find("*.log", self.get_option("pghome")): + self.add_copy_spec(filename) # Copy PostgreSQL config files. - for file in find("*.conf", self.get_option("pghome")): - self.add_copy_spec(file) + for filename in find("*.conf", self.get_option("pghome")): + self.add_copy_spec(filename) + + self.add_copy_spec( + os.path.join( + self.get_option("pghome"), + "data", + "PG_VERSION" + ) + ) + self.add_copy_spec( + os.path.join( + self.get_option("pghome"), + "data", + "postmaster.opts" + ) + ) - self.add_copy_spec(os.path.join(self.get_option("pghome"), "data" , "PG_VERSION")) - self.add_copy_spec(os.path.join(self.get_option("pghome"), "data" , "postmaster.opts")) class DebianPostgreSQL(PostgreSQL, DebianPlugin, UbuntuPlugin): """PostgreSQL related information for Debian/Ubuntu distributions""" @@ -78,8 +100,4 @@ class DebianPostgreSQL(PostgreSQL, DebianPlugin, UbuntuPlugin): self.add_copy_spec("/var/lib/postgresql/*/main/PG_VERSION") self.add_copy_spec("/var/lib/postgresql/*/main/postmaster.opts") - - - - - +# vim: expandtab tabstop=4 shiftwidth=4 -- 1.8.1.4 From sbonazzo at redhat.com Tue Feb 4 14:57:23 2014 From: sbonazzo at redhat.com (Sandro Bonazzola) Date: Tue, 4 Feb 2014 15:57:23 +0100 Subject: [sos-devel] [PATCH 2/4] postgresql: add logs about errors / warnings In-Reply-To: <1391525845-7423-1-git-send-email-sbonazzo@redhat.com> References: <1391525845-7423-1-git-send-email-sbonazzo@redhat.com> Message-ID: <1391525845-7423-2-git-send-email-sbonazzo@redhat.com> give more info to support about what happened while collecting the report. Change-Id: I0af7f168c952b9c08f0e44687b3bc8f3d4e5a587 Signed-off-by: Sandro Bonazzola --- sos/plugins/postgresql.py | 23 +++++++++++++++++++++-- 1 file changed, 21 insertions(+), 2 deletions(-) diff --git a/sos/plugins/postgresql.py b/sos/plugins/postgresql.py index 478faff..0aa67a1 100644 --- a/sos/plugins/postgresql.py +++ b/sos/plugins/postgresql.py @@ -33,10 +33,13 @@ class PostgreSQL(Plugin): ) ) if old_env_pgpassword is not None: - os.environ["PGPASSWORD"] = old_env_pgpassword + os.environ["PGPASSWORD"] = str(old_env_pgpassword) if (status == 0): self.add_copy_spec(dest_file) else: + self.soslog.error( + "Unable to execute pg_dump. Error(%s)" % (output) + ) self.add_alert( "ERROR: Unable to execute pg_dump. Error(%s)" % (output) ) @@ -47,14 +50,30 @@ class PostgreSQL(Plugin): self.tmp_dir = tempfile.mkdtemp() self.pg_dump() else: + self.soslog.warning( + "password must be supplied to dump a database." + ) self.add_alert( "WARN: password must be supplied to dump a database." ) + else: + self.soslog.warning( + "dbname must be supplied to dump a database." + ) + self.add_alert( + "WARN: dbname must be supplied to dump a database." + ) def postproc(self): import shutil if self.tmp_dir: - shutil.rmtree(self.tmp_dir) + try: + shutil.rmtree(self.tmp_dir) + except shutil.Error: + self.soslog.exception( + "Unable to remove %s." % (self.tmp_dir) + ) + self.add_alert("ERROR: Unable to remove %s." % (self.tmp_dir)) class RedHatPostgreSQL(PostgreSQL, RedHatPlugin): -- 1.8.1.4 From sbonazzo at redhat.com Tue Feb 4 14:57:24 2014 From: sbonazzo at redhat.com (Sandro Bonazzola) Date: Tue, 4 Feb 2014 15:57:24 +0100 Subject: [sos-devel] [PATCH 3/4] postgresql: added license and copyright In-Reply-To: <1391525845-7423-1-git-send-email-sbonazzo@redhat.com> References: <1391525845-7423-1-git-send-email-sbonazzo@redhat.com> Message-ID: <1391525845-7423-3-git-send-email-sbonazzo@redhat.com> Change-Id: I49f885333146c4f93a3b97a9d989af264c2afb86 Signed-off-by: Sandro Bonazzola --- sos/plugins/postgresql.py | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/sos/plugins/postgresql.py b/sos/plugins/postgresql.py index 0aa67a1..df14f86 100644 --- a/sos/plugins/postgresql.py +++ b/sos/plugins/postgresql.py @@ -1,3 +1,22 @@ +## Copyright (C) 2014 Red Hat, Inc., Sandro Bonazzola +## Copyright (C) 2013 Chris J Arges +## Copyright (C) 2012-2013 Red Hat, Inc., Bryn M. Reeves +## Copyright (C) 2011 Red Hat, Inc., Jesse Jaggars + +### This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + import os import tempfile -- 1.8.1.4 From sbonazzo at redhat.com Tue Feb 4 14:57:25 2014 From: sbonazzo at redhat.com (Sandro Bonazzola) Date: Tue, 4 Feb 2014 15:57:25 +0100 Subject: [sos-devel] [PATCH 4/4] postgresql: allow use TCP socket In-Reply-To: <1391525845-7423-1-git-send-email-sbonazzo@redhat.com> References: <1391525845-7423-1-git-send-email-sbonazzo@redhat.com> Message-ID: <1391525845-7423-4-git-send-email-sbonazzo@redhat.com> allow to use TCP socket and not only UNIX socket for connecting to postgresql database Change-Id: I9342b785ff1163167724f56ccf56c3bb9fee4fb1 Signed-off-by: Sandro Bonazzola --- sos/plugins/postgresql.py | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/sos/plugins/postgresql.py b/sos/plugins/postgresql.py index df14f86..cc51195 100644 --- a/sos/plugins/postgresql.py +++ b/sos/plugins/postgresql.py @@ -38,19 +38,29 @@ class PostgreSQL(Plugin): ('username', 'username for pg_dump', '', 'postgres'), ('password', 'password for pg_dump', '', ''), ('dbname', 'database name to dump for pg_dump', '', ''), + ('dbhost', 'database hostname/IP (do not use unix socket)', '', ''), + ('dbport', 'database server port number', '', '5432') ] def pg_dump(self): dest_file = os.path.join(self.tmp_dir, "sos_pgdump.tar") old_env_pgpassword = os.environ.get("PGPASSWORD") os.environ["PGPASSWORD"] = self.get_option("password") - (status, output, rtime) = self.call_ext_prog( - "pg_dump %s -U %s -w -f %s -F t" % ( - self.get_option("dbname"), + if self.get_option("dbhost"): + cmd = "pg_dump -U %s -h %s -p %s -w -f %s -F t %s" % ( self.get_option("username"), - dest_file + self.get_option("dbhost"), + self.get_option("dbport"), + dest_file, + self.get_option("dbname") ) - ) + else: + cmd = "pg_dump -C -U %s -w -f %s -F t %s " % ( + self.get_option("username"), + dest_file, + self.get_option("dbname") + ) + (status, output, rtime) = self.call_ext_prog(cmd) if old_env_pgpassword is not None: os.environ["PGPASSWORD"] = str(old_env_pgpassword) if (status == 0): -- 1.8.1.4 From bmr at redhat.com Tue Feb 4 15:05:11 2014 From: bmr at redhat.com (Bryn M. Reeves) Date: Tue, 04 Feb 2014 15:05:11 +0000 Subject: [sos-devel] [PATCH] ovirt-engine: new plugin for oVirt project In-Reply-To: <1391525817-7324-1-git-send-email-sbonazzo@redhat.com> References: <1391525817-7324-1-git-send-email-sbonazzo@redhat.com> Message-ID: <52F101A7.1020403@redhat.com> On 02/04/2014 02:56 PM, Sandro Bonazzola wrote: > + def setup(self): > + if self.get_option('jbosstrace'): > + proc = subprocess.Popen( > + args=[ > + '/usr/bin/pgrep', > + '-f', > + 'jboss', > + ], > + stdout=subprocess.PIPE, > + ) > + output, err = proc.communicate() > + returncode = proc.returncode Any reason to open code this rather than use an existing interface e.g. call_ext_prog()? This returns a tuple (status, output, runtime) which should give you everything you need. We try to avoid plugins using things like Popen directly as it means we have to make sure they all handle things like the environment and file descriptor inheritance properly (see bz1051009 for e.g.). > + jboss_pids = set() > + if returncode == 0: > + jboss_pids = set([int(x) for x in output.splitlines()]) > + proc = subprocess.Popen( > + args=[ > + '/usr/bin/pgrep', > + '-f', > + 'ovirt-engine', > + ], > + stdout=subprocess.PIPE, > + ) > + engine_output, err = proc.communicate() Ditto - no need for handrolled Popen here. Other than that the plugin looks pretty good - I can change these to use call_ext_prog() if you like but it's probably easier for you to test the changes directly than me. Regards, Bryn. From bmr at redhat.com Tue Feb 4 15:20:42 2014 From: bmr at redhat.com (Bryn M. Reeves) Date: Tue, 04 Feb 2014 15:20:42 +0000 Subject: [sos-devel] [PATCH 1/4] postgresql: minor fixes In-Reply-To: <1391525845-7423-1-git-send-email-sbonazzo@redhat.com> References: <1391525845-7423-1-git-send-email-sbonazzo@redhat.com> Message-ID: <52F1054A.4000507@redhat.com> On 02/04/2014 02:57 PM, Sandro Bonazzola wrote: > - pep8 / style fixes > - Avoid redefining built-in 'file' > > Change-Id: I240268e0ce90328d09854d9825f9e06ef07a7f4f > Signed-off-by: Sandro Bonazzola Thanks - applied the series. There seems to be something in your patch generation process that's leaving trailing whitespace at the end of lines, git doesn't like that: $ git apply --index /tmp/postgresql-add-license-header-3_4.patch /tmp/postgresql-add-license-header-3_4.patch:67: trailing whitespace. ## Copyright (C) 2014 Red Hat, Inc., Sandro Bonazzola /tmp/postgresql-add-license-header-3_4.patch:68: trailing whitespace. [...] Fixed with a quick "sed -i 's/[[:space:]]*$//'" but ideally patches should apply directly to git without munging. The four postgres patches should be visible on github now: https://github.com/sosreport/sosreport/commits/master Thanks again for working on this! Regards, Bryn. From sbonazzo at redhat.com Tue Feb 4 15:35:11 2014 From: sbonazzo at redhat.com (Sandro Bonazzola) Date: Tue, 04 Feb 2014 16:35:11 +0100 Subject: [sos-devel] [PATCH 1/4] postgresql: minor fixes In-Reply-To: <52F1054A.4000507@redhat.com> References: <1391525845-7423-1-git-send-email-sbonazzo@redhat.com> <52F1054A.4000507@redhat.com> Message-ID: <52F108AF.5010207@redhat.com> Il 04/02/2014 16:20, Bryn M. Reeves ha scritto: > On 02/04/2014 02:57 PM, Sandro Bonazzola wrote: >> - pep8 / style fixes >> - Avoid redefining built-in 'file' >> >> Change-Id: I240268e0ce90328d09854d9825f9e06ef07a7f4f >> Signed-off-by: Sandro Bonazzola > > Thanks - applied the series. There seems to be something in your patch > generation process that's leaving trailing whitespace at the end of > lines, git doesn't like that: > > $ git apply --index /tmp/postgresql-add-license-header-3_4.patch > /tmp/postgresql-add-license-header-3_4.patch:67: trailing whitespace. > ## Copyright (C) 2014 Red Hat, Inc., Sandro Bonazzola > /tmp/postgresql-add-license-header-3_4.patch:68: trailing whitespace. > [...] > > Fixed with a quick "sed -i 's/[[:space:]]*$//'" but ideally patches > should apply directly to git without munging. I just used: $ git --version git version 1.8.1.4 $ git send-email --to=sos-devel at redhat.com --annotate HEAD~4 and saving an email as-is and running "git am" on it works for me without any error Let me know if I'm missing some parameters to git command line. > > The four postgres patches should be visible on github now: > > https://github.com/sosreport/sosreport/commits/master > > Thanks again for working on this! > > Regards, > Bryn. > -- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com From sbonazzo at redhat.com Tue Feb 4 16:30:58 2014 From: sbonazzo at redhat.com (Sandro Bonazzola) Date: Tue, 4 Feb 2014 17:30:58 +0100 Subject: [sos-devel] [PATCH] ovirt-engine: new plugin for oVirt project Message-ID: <1391531458-4508-1-git-send-email-sbonazzo@redhat.com> Change-Id: Ibaaba06e74def721946d9db76327280ef27f3678 Signed-off-by: Sandro Bonazzola --- sos/plugins/ovirt-engine.py | 153 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 153 insertions(+) create mode 100644 sos/plugins/ovirt-engine.py diff --git a/sos/plugins/ovirt-engine.py b/sos/plugins/ovirt-engine.py new file mode 100644 index 0000000..3ffe1f5 --- /dev/null +++ b/sos/plugins/ovirt-engine.py @@ -0,0 +1,153 @@ +## Copyright (C) 2014 Red Hat, Inc., Sandro Bonazzola + +### This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +import os +import re +import signal + + +from sos.plugins import Plugin, RedHatPlugin + + +# Class name must be the same as file name and method names must not change +class OvirtEngine(Plugin, RedHatPlugin): + """oVirt Engine related information""" + + DB_PASS_FILES = re.compile( + flags=re.VERBOSE, + pattern=r""" + ^ + /etc/ + (rhevm|ovirt-engine)/ + engine.conf + (\.d/.+.conf)? + $ + """ + ) + + DEFAULT_SENSITIVE_KEYS = ( + 'ENGINE_DB_PASSWORD:ENGINE_PKI_TRUST_STORE_PASSWORD:' + 'ENGINE_PKI_ENGINE_STORE_PASSWORD' + ) + + plugin_name = "ovirt-engine" + + option_list = [ + ( + 'jbosstrace', + 'Enable oVirt Engine JBoss stack trace generation', + '', + True + ), + ( + 'sensitive_keys', + 'Sensitive keys to be masked', + '', + DEFAULT_SENSITIVE_KEYS + ), + ] + + def setup(self): + if self.get_option('jbosstrace'): + returncode, output, _runtime = self.call_ext_prog( + 'pgrep -f jboss' + ) + jboss_pids = set() + if returncode == 0: + jboss_pids = set([int(x) for x in output.splitlines()]) + _returncode, engine_output, _runtime = self.call_ext_prog( + 'pgrep -f ovirt-engine', + ) + if returncode == 0: + engine_pids = set( + [int(x) for x in engine_output.splitlines()] + ) + jboss_pids.intersection_update(engine_pids) + else: + self.soslog.error('Unable to get engine pids') + self.add_alert('Unable to get engine pids') + else: + self.soslog.error('Unable to get jboss pid') + self.add_alert('Unable to get jboss pid') + for pid in jboss_pids: + try: + os.kill(pid, signal.SIGQUIT) + except OSError as e: + self.soslog.error('Unable to send signal to %d' % pid, e) + + self.add_forbidden_path('/etc/ovirt-engine/.pgpass') + self.add_forbidden_path('/etc/rhevm/.pgpass') + # Copy engine config files. + self.add_copy_spec("/etc/ovirt-engine") + self.add_copy_spec("/etc/rhevm") + self.add_copy_spec("/var/log/ovirt-engine") + self.add_copy_spec("/var/log/rhevm") + self.add_copy_spec("/etc/sysconfig/ovirt-engine") + self.add_copy_spec("/usr/share/ovirt-engine/conf") + self.add_copy_spec("/var/log/ovirt-guest-agent") + self.add_copy_spec("/var/lib/ovirt-engine/setup-history.txt") + self.add_copy_spec("/var/lib/ovirt-engine/setup/answers") + self.add_copy_spec("/var/lib/ovirt-engine/external_truststore") + self.add_copy_spec("/var/tmp/ovirt-engine/config") + + def postproc(self): + """ + Obfuscate sensitive keys. + """ + self.do_file_sub( + "/etc/ovirt-engine/engine-config/engine-config.properties", + r"Password.type=(.*)", + r'Password.type=********' + ) + self.do_file_sub( + "/etc/rhevm/rhevm-config/rhevm-config.properties", + r"Password.type=(.*)", + r'Password.type=********' + ) + for filename in ( + 'ovirt-engine.xml', + 'ovirt-engine_history/current/ovirt-engine.v1.xml', + 'ovirt-engine_history/ovirt-engine.boot.xml', + 'ovirt-engine_history/ovirt-engine.initial.xml', + 'ovirt-engine_history/ovirt-engine.last.xml', + ): + self.do_file_sub( + "/var/tmp/ovirt-engine/config/%s" % filename, + r"(.*)", + r'********' + ) + + if self.get_option('sensitive_keys'): + sensitive_keys = self.get_option('sensitive_keys') + if self.get_option('sensitive_keys') is True: + #Handle --alloptions case which set this to True. + sensitive_keys = self.DEFAULT_SENSITIVE_KEYS + key_list = [x for x in sensitive_keys.split(':') if x] + for filename in self.copied_files: + if self.DB_PASS_FILES.match(filename['srcpath']): + for key in key_list: + self.do_file_sub( + filename['srcpath'], + r'{key}=(.*)'.format( + key=key, + ), + r'{key}=********'.format( + key=key, + ) + ) + + +# vim: expandtab tabstop=4 shiftwidth=4 -- 1.8.1.4 From sbonazzo at redhat.com Tue Feb 4 16:32:28 2014 From: sbonazzo at redhat.com (Sandro Bonazzola) Date: Tue, 04 Feb 2014 17:32:28 +0100 Subject: [sos-devel] [PATCH] ovirt-engine: new plugin for oVirt project In-Reply-To: <52F101A7.1020403@redhat.com> References: <1391525817-7324-1-git-send-email-sbonazzo@redhat.com> <52F101A7.1020403@redhat.com> Message-ID: <52F1161C.2060809@redhat.com> Il 04/02/2014 16:05, Bryn M. Reeves ha scritto: > On 02/04/2014 02:56 PM, Sandro Bonazzola wrote: >> + def setup(self): >> + if self.get_option('jbosstrace'): >> + proc = subprocess.Popen( >> + args=[ >> + '/usr/bin/pgrep', >> + '-f', >> + 'jboss', >> + ], >> + stdout=subprocess.PIPE, >> + ) >> + output, err = proc.communicate() >> + returncode = proc.returncode > > Any reason to open code this rather than use an existing interface e.g. > call_ext_prog()? This returns a tuple (status, output, runtime) which > should give you everything you need. > > We try to avoid plugins using things like Popen directly as it means we > have to make sure they all handle things like the environment and file > descriptor inheritance properly (see bz1051009 for e.g.). done > >> + jboss_pids = set() >> + if returncode == 0: >> + jboss_pids = set([int(x) for x in output.splitlines()]) >> + proc = subprocess.Popen( >> + args=[ >> + '/usr/bin/pgrep', >> + '-f', >> + 'ovirt-engine', >> + ], >> + stdout=subprocess.PIPE, >> + ) >> + engine_output, err = proc.communicate() > > Ditto - no need for handrolled Popen here. > > Other than that the plugin looks pretty good - I can change these to use > call_ext_prog() if you like but it's probably easier for you to test the > changes directly than me. done this too, loosing stderr output in logs. > > Regards, > Bryn. > -- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com From sbonazzo at redhat.com Thu Feb 6 13:58:03 2014 From: sbonazzo at redhat.com (Sandro Bonazzola) Date: Thu, 06 Feb 2014 14:58:03 +0100 Subject: [sos-devel] [PATCH] ovirt-engine: new plugin for oVirt project In-Reply-To: <52F1161C.2060809@redhat.com> References: <1391525817-7324-1-git-send-email-sbonazzo@redhat.com> <52F101A7.1020403@redhat.com> <52F1161C.2060809@redhat.com> Message-ID: <52F394EB.6070406@redhat.com> Il 04/02/2014 17:32, Sandro Bonazzola ha scritto: > Il 04/02/2014 16:05, Bryn M. Reeves ha scritto: >> On 02/04/2014 02:56 PM, Sandro Bonazzola wrote: >>> + def setup(self): >>> + if self.get_option('jbosstrace'): >>> + proc = subprocess.Popen( >>> + args=[ >>> + '/usr/bin/pgrep', >>> + '-f', >>> + 'jboss', >>> + ], >>> + stdout=subprocess.PIPE, >>> + ) >>> + output, err = proc.communicate() >>> + returncode = proc.returncode >> >> Any reason to open code this rather than use an existing interface e.g. >> call_ext_prog()? This returns a tuple (status, output, runtime) which >> should give you everything you need. >> >> We try to avoid plugins using things like Popen directly as it means we >> have to make sure they all handle things like the environment and file >> descriptor inheritance properly (see bz1051009 for e.g.). > > done > >> >>> + jboss_pids = set() >>> + if returncode == 0: >>> + jboss_pids = set([int(x) for x in output.splitlines()]) >>> + proc = subprocess.Popen( >>> + args=[ >>> + '/usr/bin/pgrep', >>> + '-f', >>> + 'ovirt-engine', >>> + ], >>> + stdout=subprocess.PIPE, >>> + ) >>> + engine_output, err = proc.communicate() >> >> Ditto - no need for handrolled Popen here. >> >> Other than that the plugin looks pretty good - I can change these to use >> call_ext_prog() if you like but it's probably easier for you to test the >> changes directly than me. > > done this too, loosing stderr output in logs. Any comment? > > >> >> Regards, >> Bryn. >> > > -- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com From sbonazzo at redhat.com Thu Feb 13 08:11:11 2014 From: sbonazzo at redhat.com (Sandro Bonazzola) Date: Thu, 13 Feb 2014 09:11:11 +0100 Subject: [sos-devel] [PATCH] ovirt-engine: new plugin for oVirt project Message-ID: <1392279071-15967-1-git-send-email-sbonazzo@redhat.com> Change-Id: Ibaaba06e74def721946d9db76327280ef27f3678 Signed-off-by: Sandro Bonazzola --- sos/plugins/ovirt-engine.py | 153 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 153 insertions(+) create mode 100644 sos/plugins/ovirt-engine.py diff --git a/sos/plugins/ovirt-engine.py b/sos/plugins/ovirt-engine.py new file mode 100644 index 0000000..3ffe1f5 --- /dev/null +++ b/sos/plugins/ovirt-engine.py @@ -0,0 +1,153 @@ +## Copyright (C) 2014 Red Hat, Inc., Sandro Bonazzola + +### This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. + +## This program is distributed in the hope that it will be useful, +## but WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +## GNU General Public License for more details. + +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +import os +import re +import signal + + +from sos.plugins import Plugin, RedHatPlugin + + +# Class name must be the same as file name and method names must not change +class OvirtEngine(Plugin, RedHatPlugin): + """oVirt Engine related information""" + + DB_PASS_FILES = re.compile( + flags=re.VERBOSE, + pattern=r""" + ^ + /etc/ + (rhevm|ovirt-engine)/ + engine.conf + (\.d/.+.conf)? + $ + """ + ) + + DEFAULT_SENSITIVE_KEYS = ( + 'ENGINE_DB_PASSWORD:ENGINE_PKI_TRUST_STORE_PASSWORD:' + 'ENGINE_PKI_ENGINE_STORE_PASSWORD' + ) + + plugin_name = "ovirt-engine" + + option_list = [ + ( + 'jbosstrace', + 'Enable oVirt Engine JBoss stack trace generation', + '', + True + ), + ( + 'sensitive_keys', + 'Sensitive keys to be masked', + '', + DEFAULT_SENSITIVE_KEYS + ), + ] + + def setup(self): + if self.get_option('jbosstrace'): + returncode, output, _runtime = self.call_ext_prog( + 'pgrep -f jboss' + ) + jboss_pids = set() + if returncode == 0: + jboss_pids = set([int(x) for x in output.splitlines()]) + _returncode, engine_output, _runtime = self.call_ext_prog( + 'pgrep -f ovirt-engine', + ) + if returncode == 0: + engine_pids = set( + [int(x) for x in engine_output.splitlines()] + ) + jboss_pids.intersection_update(engine_pids) + else: + self.soslog.error('Unable to get engine pids') + self.add_alert('Unable to get engine pids') + else: + self.soslog.error('Unable to get jboss pid') + self.add_alert('Unable to get jboss pid') + for pid in jboss_pids: + try: + os.kill(pid, signal.SIGQUIT) + except OSError as e: + self.soslog.error('Unable to send signal to %d' % pid, e) + + self.add_forbidden_path('/etc/ovirt-engine/.pgpass') + self.add_forbidden_path('/etc/rhevm/.pgpass') + # Copy engine config files. + self.add_copy_spec("/etc/ovirt-engine") + self.add_copy_spec("/etc/rhevm") + self.add_copy_spec("/var/log/ovirt-engine") + self.add_copy_spec("/var/log/rhevm") + self.add_copy_spec("/etc/sysconfig/ovirt-engine") + self.add_copy_spec("/usr/share/ovirt-engine/conf") + self.add_copy_spec("/var/log/ovirt-guest-agent") + self.add_copy_spec("/var/lib/ovirt-engine/setup-history.txt") + self.add_copy_spec("/var/lib/ovirt-engine/setup/answers") + self.add_copy_spec("/var/lib/ovirt-engine/external_truststore") + self.add_copy_spec("/var/tmp/ovirt-engine/config") + + def postproc(self): + """ + Obfuscate sensitive keys. + """ + self.do_file_sub( + "/etc/ovirt-engine/engine-config/engine-config.properties", + r"Password.type=(.*)", + r'Password.type=********' + ) + self.do_file_sub( + "/etc/rhevm/rhevm-config/rhevm-config.properties", + r"Password.type=(.*)", + r'Password.type=********' + ) + for filename in ( + 'ovirt-engine.xml', + 'ovirt-engine_history/current/ovirt-engine.v1.xml', + 'ovirt-engine_history/ovirt-engine.boot.xml', + 'ovirt-engine_history/ovirt-engine.initial.xml', + 'ovirt-engine_history/ovirt-engine.last.xml', + ): + self.do_file_sub( + "/var/tmp/ovirt-engine/config/%s" % filename, + r"(.*)", + r'********' + ) + + if self.get_option('sensitive_keys'): + sensitive_keys = self.get_option('sensitive_keys') + if self.get_option('sensitive_keys') is True: + #Handle --alloptions case which set this to True. + sensitive_keys = self.DEFAULT_SENSITIVE_KEYS + key_list = [x for x in sensitive_keys.split(':') if x] + for filename in self.copied_files: + if self.DB_PASS_FILES.match(filename['srcpath']): + for key in key_list: + self.do_file_sub( + filename['srcpath'], + r'{key}=(.*)'.format( + key=key, + ), + r'{key}=********'.format( + key=key, + ) + ) + + +# vim: expandtab tabstop=4 shiftwidth=4 -- 1.8.1.4 From hegdevasant at linux.vnet.ibm.com Thu Feb 20 13:45:25 2014 From: hegdevasant at linux.vnet.ibm.com (Vasant Hegde) Date: Thu, 20 Feb 2014 19:15:25 +0530 Subject: [sos-devel] [PATCH] powerpc: Collect more debug files for PowerNV platform Message-ID: <20140220134512.32490.30630.stgit@hegdevasant.in.ibm.com> This patch adds support to collect more debug files on PowerNV platform. Signed-off-by: Vasant Hegde --- sos/plugins/powerpc.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/sos/plugins/powerpc.py b/sos/plugins/powerpc.py index dfaacb9..41280f3 100644 --- a/sos/plugins/powerpc.py +++ b/sos/plugins/powerpc.py @@ -71,4 +71,6 @@ class PowerPC(Plugin, RedHatPlugin, UbuntuPlugin, DebianPlugin): if isPowerNV: self.add_copy_spec("/proc/ppc64/") - + self.add_copy_spec("/sys/kernel/debug/powerpc/") + if os.path.isdir("/var/log/dump"): + self.add_cmd_output("ls -l /var/log/dump") From sbonazzo at redhat.com Wed Feb 26 16:24:36 2014 From: sbonazzo at redhat.com (Sandro Bonazzola) Date: Wed, 26 Feb 2014 17:24:36 +0100 Subject: [sos-devel] ovirt plugin patch Message-ID: <530E1544.4060101@redhat.com> Hi, any news about the review status of ovirt plugin patch? Rebased on master and attached. Thanks, -- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com -------------- next part -------------- A non-text attachment was scrubbed... Name: 0001-ovirt-engine-new-plugin-for-oVirt-project.patch Type: text/x-patch Size: 6385 bytes Desc: not available URL: