Merge branch 'c8' into a8
This commit is contained in:
commit
53bbad578a
66
SOURCES/sos-bz2098639-ovirt-obfuscation_answer_file.patch
Normal file
66
SOURCES/sos-bz2098639-ovirt-obfuscation_answer_file.patch
Normal file
@ -0,0 +1,66 @@
|
||||
From 5fd872c64c53af37015f366295e0c2418c969757 Mon Sep 17 00:00:00 2001
|
||||
From: Yedidyah Bar David <didi@redhat.com>
|
||||
Date: Thu, 26 May 2022 16:43:21 +0300
|
||||
Subject: [PATCH] [ovirt] answer files: Filter out all password keys
|
||||
|
||||
Instead of hard-coding specific keys and having to maintain them over
|
||||
time, replace the values of all keys that have 'password' in their name.
|
||||
I think this covers all our current and hopefully future keys. It might
|
||||
add "false positives" - keys that are not passwords but have 'password'
|
||||
in their name - and I think that's a risk worth taking.
|
||||
|
||||
Sadly, the engine admin password prompt's name is
|
||||
'OVESETUP_CONFIG_ADMIN_SETUP', which does not include 'password', so has
|
||||
to be listed specifically.
|
||||
|
||||
A partial list of keys added since the replaced code was written:
|
||||
- grafana-related stuff
|
||||
- keycloak-related stuff
|
||||
- otopi-style answer files
|
||||
|
||||
Signed-off-by: Yedidyah Bar David <didi@redhat.com>
|
||||
Change-Id: I416c6e4078e7c3638493eb271d08d73a0c22b5ba
|
||||
---
|
||||
sos/report/plugins/ovirt.py | 23 +++++++++++++----------
|
||||
1 file changed, 13 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/sos/report/plugins/ovirt.py b/sos/report/plugins/ovirt.py
|
||||
index 09647bf1..3b1bb29b 100644
|
||||
--- a/sos/report/plugins/ovirt.py
|
||||
+++ b/sos/report/plugins/ovirt.py
|
||||
@@ -241,19 +241,22 @@ class Ovirt(Plugin, RedHatPlugin):
|
||||
r'{key}=********'.format(key=key)
|
||||
)
|
||||
|
||||
- # Answer files contain passwords
|
||||
- for key in (
|
||||
- 'OVESETUP_CONFIG/adminPassword',
|
||||
- 'OVESETUP_CONFIG/remoteEngineHostRootPassword',
|
||||
- 'OVESETUP_DWH_DB/password',
|
||||
- 'OVESETUP_DB/password',
|
||||
- 'OVESETUP_REPORTS_CONFIG/adminPassword',
|
||||
- 'OVESETUP_REPORTS_DB/password',
|
||||
+ # Answer files contain passwords.
|
||||
+ # Replace all keys that have 'password' in them, instead of hard-coding
|
||||
+ # here the list of keys, which changes between versions.
|
||||
+ # Sadly, the engine admin password prompt name does not contain
|
||||
+ # 'password'... so neither does the env key.
|
||||
+ for item in (
|
||||
+ 'password',
|
||||
+ 'OVESETUP_CONFIG_ADMIN_SETUP',
|
||||
):
|
||||
self.do_path_regex_sub(
|
||||
r'/var/lib/ovirt-engine/setup/answers/.*',
|
||||
- r'{key}=(.*)'.format(key=key),
|
||||
- r'{key}=********'.format(key=key)
|
||||
+ re.compile(
|
||||
+ r'(?P<key>[^=]*{item}[^=]*)=.*'.format(item=item),
|
||||
+ flags=re.IGNORECASE
|
||||
+ ),
|
||||
+ r'\g<key>=********'
|
||||
)
|
||||
|
||||
# aaa profiles contain passwords
|
||||
--
|
||||
2.27.0
|
||||
|
73
SOURCES/sos-bz2098643-crio-output-to-json.patch
Normal file
73
SOURCES/sos-bz2098643-crio-output-to-json.patch
Normal file
@ -0,0 +1,73 @@
|
||||
From c2e66fa4dae51f03c7310ba5278897ddecac1aad Mon Sep 17 00:00:00 2001
|
||||
From: Nadia Pinaeva <npinaeva@redhat.com>
|
||||
Date: Thu, 2 Jun 2022 15:43:09 +0200
|
||||
Subject: [PATCH] crio: switch from parsing output in table format to json
|
||||
|
||||
Signed-off-by: Nadia Pinaeva <npinaeva@redhat.com>
|
||||
---
|
||||
sos/policies/runtimes/crio.py | 30 ++++++++++++++++++++----------
|
||||
1 file changed, 20 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/sos/policies/runtimes/crio.py b/sos/policies/runtimes/crio.py
|
||||
index 55082d07..4cae1ecc 100644
|
||||
--- a/sos/policies/runtimes/crio.py
|
||||
+++ b/sos/policies/runtimes/crio.py
|
||||
@@ -7,6 +7,7 @@
|
||||
# version 2 of the GNU General Public License.
|
||||
#
|
||||
# See the LICENSE file in the source distribution for further information.
|
||||
+import json
|
||||
|
||||
from sos.policies.runtimes import ContainerRuntime
|
||||
from sos.utilities import sos_get_command_output
|
||||
@@ -29,14 +30,15 @@ class CrioContainerRuntime(ContainerRuntime):
|
||||
:type get_all: ``bool``
|
||||
"""
|
||||
containers = []
|
||||
- _cmd = "%s ps %s" % (self.binary, '-a' if get_all else '')
|
||||
+ _cmd = "%s ps %s -o json" % (self.binary, '-a' if get_all else '')
|
||||
if self.active:
|
||||
out = sos_get_command_output(_cmd, chroot=self.policy.sysroot)
|
||||
- if out['status'] == 0:
|
||||
- for ent in out['output'].splitlines()[1:]:
|
||||
- ent = ent.split()
|
||||
+ if out["status"] == 0:
|
||||
+ out_json = json.loads(out["output"])
|
||||
+ for container in out_json["containers"]:
|
||||
# takes the form (container_id, container_name)
|
||||
- containers.append((ent[0], ent[-3]))
|
||||
+ containers.append(
|
||||
+ (container["id"], container["metadata"]["name"]))
|
||||
return containers
|
||||
|
||||
def get_images(self):
|
||||
@@ -47,13 +49,21 @@ class CrioContainerRuntime(ContainerRuntime):
|
||||
"""
|
||||
images = []
|
||||
if self.active:
|
||||
- out = sos_get_command_output("%s images" % self.binary,
|
||||
+ out = sos_get_command_output("%s images -o json" % self.binary,
|
||||
chroot=self.policy.sysroot)
|
||||
if out['status'] == 0:
|
||||
- for ent in out['output'].splitlines():
|
||||
- ent = ent.split()
|
||||
- # takes the form (image_name, image_id)
|
||||
- images.append((ent[0] + ':' + ent[1], ent[2]))
|
||||
+ out_json = json.loads(out["output"])
|
||||
+ for image in out_json["images"]:
|
||||
+ # takes the form (repository:tag, image_id)
|
||||
+ if len(image["repoTags"]) > 0:
|
||||
+ for repo_tag in image["repoTags"]:
|
||||
+ images.append((repo_tag, image["id"]))
|
||||
+ else:
|
||||
+ if len(image["repoDigests"]) == 0:
|
||||
+ image_name = "<none>"
|
||||
+ else:
|
||||
+ image_name = image["repoDigests"][0].split("@")[0]
|
||||
+ images.append((image_name + ":<none>", image["id"]))
|
||||
return images
|
||||
|
||||
def fmt_container_cmd(self, container, cmd, quotecmd):
|
||||
--
|
||||
2.27.0
|
||||
|
@ -5,7 +5,7 @@
|
||||
Summary: A set of tools to gather troubleshooting information from a system
|
||||
Name: sos
|
||||
Version: 4.2
|
||||
Release: 19%{?dist}.alma
|
||||
Release: 20%{?dist}.alma
|
||||
Group: Applications/System
|
||||
Source0: https://github.com/sosreport/sos/archive/%{version}/sos-%{version}.tar.gz
|
||||
Source1: sos-audit-%{auditversion}.tgz
|
||||
@ -45,6 +45,8 @@ Patch21: sos-bz2042966-ovn-proper-package-enablement.patch
|
||||
Patch22: sos-bz2054882-plugopt-logging-effective-opts.patch
|
||||
Patch23: sos-bz2055547-honour-plugins-timeout-hardcoded.patch
|
||||
Patch24: sos-bz2071825-merged-8.6.z.patch
|
||||
Patch25: sos-bz2098639-ovirt-obfuscation_answer_file.patch
|
||||
Patch26: sos-bz2098643-crio-output-to-json.patch
|
||||
|
||||
# almalinux
|
||||
Patch1000: sos-almalinux-branding.patch
|
||||
@ -82,6 +84,8 @@ support technicians and developers.
|
||||
%patch22 -p1
|
||||
%patch23 -p1
|
||||
%patch24 -p1
|
||||
%patch25 -p1
|
||||
%patch26 -p1
|
||||
|
||||
# almalinux
|
||||
%patch1000 -p1
|
||||
@ -151,9 +155,14 @@ of the system. Currently storage and filesystem commands are audited.
|
||||
%ghost /etc/audit/rules.d/40-sos-storage.rules
|
||||
|
||||
%changelog
|
||||
* Wed May 25 2022 Andrew Lukoshko <alukoshko@almalinux.org> - 4.2-19.alma
|
||||
* Wed Aug 03 2022 Andrew Lukoshko <alukoshko@almalinux.org> - 4.2-20.alma
|
||||
- Debrand for AlmaLinux
|
||||
|
||||
* Fri Jul 24 2022 Jan Jansky <jjansky@redhat.com> = 4.2-20
|
||||
- [ovirt] obfuscate answer file
|
||||
Resolves: bz2098639
|
||||
- [crio] from output to json
|
||||
Resolves: bz2098643
|
||||
* Mon May 09 2022 Jan Jansky <jjansky@redhat.com> = 4.2-19
|
||||
- OCP backport
|
||||
Resolves: bz2071824
|
||||
|
Loading…
Reference in New Issue
Block a user