Merge branch 'c9' into a9

This commit is contained in:
eabdullin 2023-11-07 17:01:08 +03:00
commit ba41fa369b
3 changed files with 224 additions and 2 deletions

View File

@ -0,0 +1,98 @@
From c6ab24eb8e2bf02c75d0ffa8447032543eb4ea43 Mon Sep 17 00:00:00 2001
From: "Dr. Jason Breitweg" <jason@breitweg.com>
Date: Tue, 10 Oct 2023 09:50:29 +0200
Subject: [PATCH] Fix dynaconf obfuscation and add AUTH_LDAP_BIND_PASSWORD
Signed-off-by: Dr. Jason Breitweg <jason@breitweg.com>
Fixed style issues
Signed-off-by: Jason Breitweg jbreitwe@redhat.com
Signed-off-by: Dr. Jason Breitweg <jason@breitweg.com>
Fixed yet more linting errors
Signed-off-by: Jason Breitweg jbreitwe@redhat.com
Signed-off-by: Dr. Jason Breitweg <jason@breitweg.com>
---
sos/report/plugins/pulp.py | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/sos/report/plugins/pulp.py b/sos/report/plugins/pulp.py
index df007168a..f5c762f48 100644
--- a/sos/report/plugins/pulp.py
+++ b/sos/report/plugins/pulp.py
@@ -170,10 +170,13 @@ def postproc(self):
repl = r"\1********"
self.do_path_regex_sub("/etc/pulp(.*)(.json$)", jreg, repl)
- # obfuscate SECRET_KEY = .. and 'PASSWORD': .. in dynaconf list output
- # and also in settings.py
+ # obfuscate SECRET_KEY = .., 'PASSWORD': ..,
+ # and AUTH_LDAP_BIND_PASSWORD = ..
+ # in dynaconf list output and also in settings.py
# count with option that PASSWORD is with(out) quotes or in capitals
- key_pass_re = r"(SECRET_KEY\s*=|(password|PASSWORD)(\"|'|:)+)\s*(\S*)"
+ key_pass_re = r"((?:SECRET_KEY|AUTH_LDAP_BIND_PASSWORD)" \
+ r"(?:\<.+\>)?(\s*=)?|(password|PASSWORD)" \
+ r"(\"|'|:)+)\s*(\S*)"
repl = r"\1 ********"
self.do_path_regex_sub("/etc/pulp/settings.py", key_pass_re, repl)
self.do_cmd_output_sub("dynaconf list", key_pass_re, repl)
From 866abe6119e846e243d586b1e353a6585ed83899 Mon Sep 17 00:00:00 2001
From: Pavel Moravec <pmoravec@redhat.com>
Date: Wed, 18 Oct 2023 13:38:29 +0200
Subject: [PATCH] [pulpcore] Scrub AUTH_LDAP_BIND_PASSWORD value
Likewise in #3379, scrub the password also in pulpcore plugin.
Resolves: #3389
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
---
sos/report/plugins/pulpcore.py | 27 ++++++++-------------------
1 file changed, 8 insertions(+), 19 deletions(-)
diff --git a/sos/report/plugins/pulpcore.py b/sos/report/plugins/pulpcore.py
index 04efae9f8..649626ada 100644
--- a/sos/report/plugins/pulpcore.py
+++ b/sos/report/plugins/pulpcore.py
@@ -144,29 +144,18 @@ def build_query_cmd(self, query, csv=False):
return _dbcmd % (self.dbhost, self.dbport, self.dbname, quote(query))
def postproc(self):
- # TODO obfuscate from /etc/pulp/settings.py :
+ # obfuscate from /etc/pulp/settings.py and "dynaconf list":
# SECRET_KEY = "eKfeDkTnvss7p5WFqYdGPWxXfHnsbDBx"
# 'PASSWORD': 'tGrag2DmtLqKLTWTQ6U68f6MAhbqZVQj',
+ # AUTH_LDAP_BIND_PASSWORD = 'ouch-a-secret'
# the PASSWORD can be also in an one-liner list, so detect its value
# in non-greedy manner till first ',' or '}'
- self.do_path_regex_sub(
- "/etc/pulp/settings.py",
- r"(SECRET_KEY\s*=\s*)(.*)",
- r"\1********")
- self.do_path_regex_sub(
- "/etc/pulp/settings.py",
- r"(PASSWORD\S*\s*:\s*)(.*?)(,|\})",
- r"\1********\3")
- # apply the same for "dynaconf list" output that prints settings.py
- # in a pythonic format
- self.do_cmd_output_sub(
- "dynaconf list",
- r"(SECRET_KEY<str>\s*)'(.*)'",
- r"\1********")
- self.do_cmd_output_sub(
- "dynaconf list",
- r"(PASSWORD\S*\s*:\s*)(.*)",
- r"\1********")
+ key_pass_re = r"((?:SECRET_KEY|AUTH_LDAP_BIND_PASSWORD)" \
+ r"(?:\<.+\>)?(\s*=)?|(password|PASSWORD)" \
+ r"(\"|'|:)+)\s*(\S*)"
+ repl = r"\1 ********"
+ self.do_path_regex_sub("/etc/pulp/settings.py", key_pass_re, repl)
+ self.do_cmd_output_sub("dynaconf list", key_pass_re, repl)
# vim: set et ts=4 sw=4 :

View File

@ -0,0 +1,108 @@
From 6526985ea2464944c5cf4cd87c2d981a77363077 Mon Sep 17 00:00:00 2001
From: Pablo Acevedo Montserrat <pacevedo@redhat.com>
Date: Tue, 12 Sep 2023 10:24:38 +0200
Subject: [PATCH] [microshift] Add microshift-etcd.scope service
Signed-off-by: Pablo Acevedo Montserrat <pacevedo@redhat.com>
---
sos/report/plugins/microshift.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/sos/report/plugins/microshift.py b/sos/report/plugins/microshift.py
index 1b932d648..2cfafef04 100644
--- a/sos/report/plugins/microshift.py
+++ b/sos/report/plugins/microshift.py
@@ -28,7 +28,7 @@ class Microshift(Plugin, RedHatPlugin):
plugin_timeout = 900
packages = ('microshift', 'microshift-selinux', 'microshift-networking',
'microshift-greenboot')
- services = (plugin_name, 'greenboot-healthcheck',
+ services = (plugin_name, 'microshift-etcd.scope', 'greenboot-healthcheck',
'greenboot-task-runner', 'redboot-task-runner')
profiles = (plugin_name,)
localhost_kubeconfig = '/var/lib/microshift/resources/kubeadmin/kubeconfig'
From 765ac8f3cc8e8413278afbf2579eaac7c0419f72 Mon Sep 17 00:00:00 2001
From: Evgeny Slutsky <eslutsky@redhat.com>
Date: Thu, 7 Sep 2023 10:54:12 +0300
Subject: [PATCH] [greenboot] seperate logs to a standalone plugin.
Signed-off-by: Evgeny Slutsky <eslutsky@redhat.com>
---
sos/report/plugins/greenboot.py | 26 ++++++++++++++++++++++++++
sos/report/plugins/microshift.py | 6 ++----
2 files changed, 28 insertions(+), 4 deletions(-)
create mode 100644 sos/report/plugins/greenboot.py
diff --git a/sos/report/plugins/greenboot.py b/sos/report/plugins/greenboot.py
new file mode 100644
index 000000000..69b6607b0
--- /dev/null
+++ b/sos/report/plugins/greenboot.py
@@ -0,0 +1,26 @@
+# Copyright 2023 Red Hat, Inc. Evgeny Slutsky <eslutsky@redhat.com>
+# This file is part of the sos project: https://github.com/sosreport/sos
+#
+# This copyrighted material is made available to anyone wishing to use,
+# modify, copy, or redistribute it subject to the terms and conditions of
+# version 2 of the GNU General Public License.
+#
+# See the LICENSE file in the source distribution for further information.
+
+from sos.report.plugins import Plugin, RedHatPlugin
+
+
+class Greenboot(Plugin, RedHatPlugin):
+ """The greenboot plugin collects systemd service logs and configuration.
+ """
+
+ short_desc = 'Greenboot'
+ plugin_name = 'greenboot'
+ services = (plugin_name, 'greenboot-healthcheck',
+ 'greenboot-task-runner', 'redboot-task-runner',)
+ profiles = ('system',)
+
+ def setup(self):
+ self.add_copy_spec([
+ "/etc/greenboot/greenboot.conf",
+ ])
diff --git a/sos/report/plugins/microshift.py b/sos/report/plugins/microshift.py
index 2cfafef04..669f4c021 100644
--- a/sos/report/plugins/microshift.py
+++ b/sos/report/plugins/microshift.py
@@ -26,10 +26,8 @@ class Microshift(Plugin, RedHatPlugin):
short_desc = 'Microshift'
plugin_name = 'microshift'
plugin_timeout = 900
- packages = ('microshift', 'microshift-selinux', 'microshift-networking',
- 'microshift-greenboot')
- services = (plugin_name, 'microshift-etcd.scope', 'greenboot-healthcheck',
- 'greenboot-task-runner', 'redboot-task-runner')
+ packages = ('microshift', 'microshift-selinux', 'microshift-networking',)
+ services = (plugin_name, 'microshift-etcd.scope',)
profiles = (plugin_name,)
localhost_kubeconfig = '/var/lib/microshift/resources/kubeadmin/kubeconfig'
From 0b72a1f07a5f46e22cb926d129bd8eb63ba20a9a Mon Sep 17 00:00:00 2001
From: Pablo Acevedo Montserrat <pacevedo@redhat.com>
Date: Tue, 19 Sep 2023 12:18:42 +0200
Subject: [PATCH] [microshift] Add /etc/microshift file copy spec
Signed-off-by: Pablo Acevedo Montserrat <pacevedo@redhat.com>
---
sos/report/plugins/microshift.py | 3 +++
1 file changed, 3 insertions(+)
diff --git a/sos/report/plugins/microshift.py b/sos/report/plugins/microshift.py
index 669f4c021..8fe39ab29 100644
--- a/sos/report/plugins/microshift.py
+++ b/sos/report/plugins/microshift.py
@@ -146,6 +146,9 @@ def setup(self):
Output format for this function is based on `oc adm inspect` command,
which is used to retrieve all API resources from the cluster.
"""
+
+ self.add_copy_spec('/etc/microshift')
+
if self.path_exists('/var/lib/microshift-backups'):
self.add_copy_spec(['/var/lib/microshift-backups/*/version',
'/var/lib/microshift-backups/*.json'])

View File

@ -5,7 +5,7 @@
Summary: A set of tools to gather troubleshooting information from a system
Name: sos
Version: 4.6.0
Release: 2%{?dist}.alma.1
Release: 5%{?dist}.alma.1
Group: Applications/System
Source0: https://github.com/sosreport/sos/archive/%{version}/sos-%{version}.tar.gz
Source1: sos-audit-%{auditversion}.tgz
@ -23,6 +23,8 @@ Recommends: python3-pyyaml
Conflicts: vdsm < 4.40
Obsoletes: sos-collector <= 1.9
Patch1: sos-SUPDEV145-ovnkube-logs.patch
Patch2: sos-SUPDEV148-microshift-greenboot.patch
Patch3: sos-RHEL-13701-aap-passwords.patch
# AlmaLinux patches
Patch1000: sos-almalinux-branding.patch
@ -37,6 +39,8 @@ support technicians and developers.
%setup -qn %{name}-%{version}
%setup -T -D -a1 -q
%patch1 -p1
%patch2 -p1
%patch3 -p1
# AlmaLinux patches
%patch1000 -p1
@ -112,9 +116,21 @@ of the system. Currently storage and filesystem commands are audited.
%changelog
* Tue Sep 26 2023 Eduard Abdullin <eabdullin@almalinux.org> - 4.6.0-2.alma.1
* Tue Nov 07 2023 Eduard Abdullin <eabdullin@almalinux.org> - 4.6.0-5.alma.1
- Debrand for AlmaLinux
* Wed Oct 18 2023 Pavel Moravec <pmoravec@redhat.com> = 4.6.0-5
[pulpcore] Scrub AUTH_LDAP_BIND_PASSWORD value
Resolves: RHEL-13701
* Tue Oct 17 2023 Pavel Moravec <pmoravec@redhat.com> = 4.6.0-4
- [pulp] Fix dynaconf obfuscation and add AUTH_LDAP_BIND_PASSWORD
Resolves: RHEL-13701
* Thu Oct 12 2023 Pavel Moravec <pmoravec@redhat.com> = 4.6.0-3
- [greenboot] seperate logs to a standalone plugin; enhance [microshift]
Resolves: SUPDEV148
* Fri Sep 01 2023 Pavel Moravec <pmoravec@redhat.com> = 4.6.0-2
- [openshift_ovn] Collect additional ovnkube node logs
Resolves: SUPDEV145