diff --git a/sos-bz2093993-vdsm-set-use-devicesfile-zero.patch b/sos-bz2093993-vdsm-set-use-devicesfile-zero.patch new file mode 100644 index 0000000..15feb15 --- /dev/null +++ b/sos-bz2093993-vdsm-set-use-devicesfile-zero.patch @@ -0,0 +1,40 @@ +From 7d1ee59fc659467e6860e72322e976ddc5c17db3 Mon Sep 17 00:00:00 2001 +From: Juan Orti Alcaine +Date: Mon, 6 Jun 2022 16:35:51 +0200 +Subject: [PATCH] [vdsm] Set LVM option use_devicesfile=0 + +Since RHV 4.4 SP1, vdsm configures LVM to use devicesfile, causing that +the LVM filter configuration used by sos is ignored. + +This change disables the use of the devicesfile, so that the information +of the devices used for RHV storage domains can be collected. + +Fixes: RHBZ#2093993 + +Signed-off-by: Juan Orti +--- + sos/report/plugins/vdsm.py | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/sos/report/plugins/vdsm.py b/sos/report/plugins/vdsm.py +index ee5befbb1..146d223c2 100644 +--- a/sos/report/plugins/vdsm.py ++++ b/sos/report/plugins/vdsm.py +@@ -29,7 +29,8 @@ + # use_lvmetad is set to 0 in order not to show cached, old lvm metadata. + # use_lvmetad=0 + # +-# preferred_names and filter config values are set to capture Vdsm devices. ++# preferred_names, use_devicesfile and filter config values are set to ++# capture Vdsm devices. + # preferred_names=[ '^/dev/mapper/' ] + # filter=[ 'a|^/dev/mapper/.*|', 'r|.*|' ] + LVM_CONFIG = """ +@@ -43,6 +44,7 @@ + ignore_suspended_devices=1 + write_cache_state=0 + disable_after_error_count=3 ++ use_devicesfile=0 + filter=["a|^/dev/disk/by-id/dm-uuid-mpath-|", "r|.+|"] + } + """ diff --git a/sos-bz2099598-forbidden-path-efficient.patch b/sos-bz2099598-forbidden-path-efficient.patch new file mode 100644 index 0000000..5322765 --- /dev/null +++ b/sos-bz2099598-forbidden-path-efficient.patch @@ -0,0 +1,116 @@ +From 1dc3625fabea7331570f713fd1c87ac812d72d92 Mon Sep 17 00:00:00 2001 +From: Jake Hunsaker +Date: Wed, 18 May 2022 13:39:38 -0400 +Subject: [PATCH] [Plugin] Make forbidden path checks more efficient + +Forbidden path checks have up until now worked by taking a given file +path (potentially with globs), expanding that against all discovered +files that actually exist on the system, and then comparing a potential +collection path against that list. + +While this works, and works reasonably fast for most scenarios, it isn't +very efficient and causes significant slow downs when a non-standard +configuration is in play - e.g. thousands of block devices which sos +would individually have to compare against tens of thousands of paths +for every path the `block` plugin wants to collect. + +Improve this by first not expanding the forbidden path globs, but taking +them as distinct patterns, translating from shell-style (to maintain +historical precedent of using globs to specify paths to be skipped) to +python regex patterns as needed. Second, use `re` to handle our pattern +matching for comparison against the distinct patterns provided by a +plugin to skip. + +Closes: #2938 + +Signed-off-by: Jake Hunsaker +--- + sos/report/plugins/__init__.py | 20 +++++++++----------- + sos/report/plugins/cgroups.py | 6 ++---- + sos/report/plugins/pulpcore.py | 2 +- + sos/report/plugins/rhui.py | 2 +- + 4 files changed, 13 insertions(+), 17 deletions(-) + +diff --git a/sos/report/plugins/__init__.py b/sos/report/plugins/__init__.py +index 2a42e6b0a..ba1397a8a 100644 +--- a/sos/report/plugins/__init__.py ++++ b/sos/report/plugins/__init__.py +@@ -46,11 +46,6 @@ def _mangle_command(command, name_max): + return mangledname + + +-def _path_in_path_list(path, path_list): +- return any((p == path or path.startswith(os.path.abspath(p)+os.sep) +- for p in path_list)) +- +- + def _node_type(st): + """ return a string indicating the type of special node represented by + the stat buffer st (block, character, fifo, socket). +@@ -1407,7 +1402,9 @@ def _get_dest_for_srcpath(self, srcpath): + return None + + def _is_forbidden_path(self, path): +- return _path_in_path_list(path, self.forbidden_paths) ++ return any( ++ re.match(forbid, path) for forbid in self.forbidden_paths ++ ) + + def _is_policy_forbidden_path(self, path): + return any([ +@@ -1495,14 +1492,12 @@ def _do_copy_path(self, srcpath, dest=None): + 'symlink': "no" + }) + +- def add_forbidden_path(self, forbidden, recursive=False): ++ def add_forbidden_path(self, forbidden): + """Specify a path, or list of paths, to not copy, even if it's part of + an ``add_copy_spec()`` call + + :param forbidden: A filepath to forbid collection from + :type forbidden: ``str`` or a ``list`` of strings +- +- :param recursive: Should forbidden glob be applied recursively + """ + if isinstance(forbidden, str): + forbidden = [forbidden] +@@ -1512,8 +1507,11 @@ def add_forbidden_path(self, forbidden, recursive=False): + + for forbid in forbidden: + self._log_info("adding forbidden path '%s'" % forbid) +- for path in glob.glob(forbid, recursive=recursive): +- self.forbidden_paths.append(path) ++ if "*" in forbid: ++ # calling translate() here on a dir-level path will break the ++ # re.match() call during path comparison ++ forbid = fnmatch.translate(forbid) ++ self.forbidden_paths.append(forbid) + + def set_option(self, optionname, value): + """Set the named option to value. Ensure the original type of the +diff --git a/sos/report/plugins/pulpcore.py b/sos/report/plugins/pulpcore.py +index 6c4237cae..f6bc194c7 100644 +--- a/sos/report/plugins/pulpcore.py ++++ b/sos/report/plugins/pulpcore.py +@@ -89,7 +89,7 @@ class PulpCore(Plugin, IndependentPlugin + "/etc/pki/pulp/*" + ]) + # skip collecting certificate keys +- self.add_forbidden_path("/etc/pki/pulp/**/*.key", recursive=True) ++ self.add_forbidden_path("/etc/pki/pulp/**/*.key") + + self.add_cmd_output("rq info -u redis://localhost:6379/8", + env={"LC_ALL": "en_US.UTF-8"}, +diff --git a/sos/report/plugins/rhui.py b/sos/report/plugins/rhui.py +index add024613..8063fd51c 100644 +--- a/sos/report/plugins/rhui.py ++++ b/sos/report/plugins/rhui.py +@@ -30,7 +30,7 @@ def setup(self): + "/var/log/rhui/*", + ]) + # skip collecting certificate keys +- self.add_forbidden_path("/etc/pki/rhui/**/*.key", recursive=True) ++ self.add_forbidden_path("/etc/pki/rhui/**/*.key") + + # call rhui-manager commands with 1m timeout and + # with an env. variable ensuring that "RHUI Username:" diff --git a/sos.spec b/sos.spec index ad1a715..85612ab 100644 --- a/sos.spec +++ b/sos.spec @@ -5,7 +5,7 @@ Summary: A set of tools to gather troubleshooting information from a system Name: sos Version: 4.3 -Release: 2%{?dist} +Release: 3%{?dist} Group: Applications/System Source0: https://github.com/sosreport/sos/archive/%{version}/sos-%{version}.tar.gz Source1: sos-audit-%{auditversion}.tgz @@ -31,6 +31,8 @@ Patch7: sos-bz2079484-list-plugins-ignore-options.patch Patch8: sos-bz2079486-timeouted-exec-cmd-exception.patch Patch9: sos-bz2058279-ocp-backports.patch Patch10: sos-bz2092969-openshift-ovn-disabled.patch +Patch11: sos-bz2093993-vdsm-set-use-devicesfile-zero.patch +Patch12: sos-bz2099598-forbidden-path-efficient.patch %description @@ -52,6 +54,8 @@ support technicians and developers. %patch8 -p1 %patch9 -p1 %patch10 -p1 +%patch11 -p1 +%patch12 -p1 %build @@ -120,6 +124,12 @@ of the system. Currently storage and filesystem commands are audited. %ghost /etc/audit/rules.d/40-sos-storage.rules %changelog +* Mon Aug 29 2022 Pavel Moravec = 4.3-3 +- [vdsm] Set LVM option use_devicesfile=0 + Resolves: bz2093993 +- [Plugin] Make forbidden path checks more efficient + Resolves: bz2099598 + * Thu Jun 16 2022 Pavel Moravec = 4.3-2 - [ovirt] answer files: Filter out all password keys Resolves: bz2095263