Merge branch 'c9' into a9
This commit is contained in:
commit
ba41fa369b
98
SOURCES/sos-RHEL-13701-aap-passwords.patch
Normal file
98
SOURCES/sos-RHEL-13701-aap-passwords.patch
Normal file
@ -0,0 +1,98 @@
|
||||
From c6ab24eb8e2bf02c75d0ffa8447032543eb4ea43 Mon Sep 17 00:00:00 2001
|
||||
From: "Dr. Jason Breitweg" <jason@breitweg.com>
|
||||
Date: Tue, 10 Oct 2023 09:50:29 +0200
|
||||
Subject: [PATCH] Fix dynaconf obfuscation and add AUTH_LDAP_BIND_PASSWORD
|
||||
|
||||
Signed-off-by: Dr. Jason Breitweg <jason@breitweg.com>
|
||||
|
||||
Fixed style issues
|
||||
Signed-off-by: Jason Breitweg jbreitwe@redhat.com
|
||||
|
||||
Signed-off-by: Dr. Jason Breitweg <jason@breitweg.com>
|
||||
|
||||
Fixed yet more linting errors
|
||||
Signed-off-by: Jason Breitweg jbreitwe@redhat.com
|
||||
|
||||
Signed-off-by: Dr. Jason Breitweg <jason@breitweg.com>
|
||||
---
|
||||
sos/report/plugins/pulp.py | 9 ++++++---
|
||||
1 file changed, 6 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/sos/report/plugins/pulp.py b/sos/report/plugins/pulp.py
|
||||
index df007168a..f5c762f48 100644
|
||||
--- a/sos/report/plugins/pulp.py
|
||||
+++ b/sos/report/plugins/pulp.py
|
||||
@@ -170,10 +170,13 @@ def postproc(self):
|
||||
repl = r"\1********"
|
||||
self.do_path_regex_sub("/etc/pulp(.*)(.json$)", jreg, repl)
|
||||
|
||||
- # obfuscate SECRET_KEY = .. and 'PASSWORD': .. in dynaconf list output
|
||||
- # and also in settings.py
|
||||
+ # obfuscate SECRET_KEY = .., 'PASSWORD': ..,
|
||||
+ # and AUTH_LDAP_BIND_PASSWORD = ..
|
||||
+ # in dynaconf list output and also in settings.py
|
||||
# count with option that PASSWORD is with(out) quotes or in capitals
|
||||
- key_pass_re = r"(SECRET_KEY\s*=|(password|PASSWORD)(\"|'|:)+)\s*(\S*)"
|
||||
+ key_pass_re = r"((?:SECRET_KEY|AUTH_LDAP_BIND_PASSWORD)" \
|
||||
+ r"(?:\<.+\>)?(\s*=)?|(password|PASSWORD)" \
|
||||
+ r"(\"|'|:)+)\s*(\S*)"
|
||||
repl = r"\1 ********"
|
||||
self.do_path_regex_sub("/etc/pulp/settings.py", key_pass_re, repl)
|
||||
self.do_cmd_output_sub("dynaconf list", key_pass_re, repl)
|
||||
From 866abe6119e846e243d586b1e353a6585ed83899 Mon Sep 17 00:00:00 2001
|
||||
From: Pavel Moravec <pmoravec@redhat.com>
|
||||
Date: Wed, 18 Oct 2023 13:38:29 +0200
|
||||
Subject: [PATCH] [pulpcore] Scrub AUTH_LDAP_BIND_PASSWORD value
|
||||
|
||||
Likewise in #3379, scrub the password also in pulpcore plugin.
|
||||
|
||||
Resolves: #3389
|
||||
|
||||
Signed-off-by: Pavel Moravec <pmoravec@redhat.com>
|
||||
---
|
||||
sos/report/plugins/pulpcore.py | 27 ++++++++-------------------
|
||||
1 file changed, 8 insertions(+), 19 deletions(-)
|
||||
|
||||
diff --git a/sos/report/plugins/pulpcore.py b/sos/report/plugins/pulpcore.py
|
||||
index 04efae9f8..649626ada 100644
|
||||
--- a/sos/report/plugins/pulpcore.py
|
||||
+++ b/sos/report/plugins/pulpcore.py
|
||||
@@ -144,29 +144,18 @@ def build_query_cmd(self, query, csv=False):
|
||||
return _dbcmd % (self.dbhost, self.dbport, self.dbname, quote(query))
|
||||
|
||||
def postproc(self):
|
||||
- # TODO obfuscate from /etc/pulp/settings.py :
|
||||
+ # obfuscate from /etc/pulp/settings.py and "dynaconf list":
|
||||
# SECRET_KEY = "eKfeDkTnvss7p5WFqYdGPWxXfHnsbDBx"
|
||||
# 'PASSWORD': 'tGrag2DmtLqKLTWTQ6U68f6MAhbqZVQj',
|
||||
+ # AUTH_LDAP_BIND_PASSWORD = 'ouch-a-secret'
|
||||
# the PASSWORD can be also in an one-liner list, so detect its value
|
||||
# in non-greedy manner till first ',' or '}'
|
||||
- self.do_path_regex_sub(
|
||||
- "/etc/pulp/settings.py",
|
||||
- r"(SECRET_KEY\s*=\s*)(.*)",
|
||||
- r"\1********")
|
||||
- self.do_path_regex_sub(
|
||||
- "/etc/pulp/settings.py",
|
||||
- r"(PASSWORD\S*\s*:\s*)(.*?)(,|\})",
|
||||
- r"\1********\3")
|
||||
- # apply the same for "dynaconf list" output that prints settings.py
|
||||
- # in a pythonic format
|
||||
- self.do_cmd_output_sub(
|
||||
- "dynaconf list",
|
||||
- r"(SECRET_KEY<str>\s*)'(.*)'",
|
||||
- r"\1********")
|
||||
- self.do_cmd_output_sub(
|
||||
- "dynaconf list",
|
||||
- r"(PASSWORD\S*\s*:\s*)(.*)",
|
||||
- r"\1********")
|
||||
+ key_pass_re = r"((?:SECRET_KEY|AUTH_LDAP_BIND_PASSWORD)" \
|
||||
+ r"(?:\<.+\>)?(\s*=)?|(password|PASSWORD)" \
|
||||
+ r"(\"|'|:)+)\s*(\S*)"
|
||||
+ repl = r"\1 ********"
|
||||
+ self.do_path_regex_sub("/etc/pulp/settings.py", key_pass_re, repl)
|
||||
+ self.do_cmd_output_sub("dynaconf list", key_pass_re, repl)
|
||||
|
||||
|
||||
# vim: set et ts=4 sw=4 :
|
||||
|
108
SOURCES/sos-SUPDEV148-microshift-greenboot.patch
Normal file
108
SOURCES/sos-SUPDEV148-microshift-greenboot.patch
Normal file
@ -0,0 +1,108 @@
|
||||
From 6526985ea2464944c5cf4cd87c2d981a77363077 Mon Sep 17 00:00:00 2001
|
||||
From: Pablo Acevedo Montserrat <pacevedo@redhat.com>
|
||||
Date: Tue, 12 Sep 2023 10:24:38 +0200
|
||||
Subject: [PATCH] [microshift] Add microshift-etcd.scope service
|
||||
|
||||
Signed-off-by: Pablo Acevedo Montserrat <pacevedo@redhat.com>
|
||||
---
|
||||
sos/report/plugins/microshift.py | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/sos/report/plugins/microshift.py b/sos/report/plugins/microshift.py
|
||||
index 1b932d648..2cfafef04 100644
|
||||
--- a/sos/report/plugins/microshift.py
|
||||
+++ b/sos/report/plugins/microshift.py
|
||||
@@ -28,7 +28,7 @@ class Microshift(Plugin, RedHatPlugin):
|
||||
plugin_timeout = 900
|
||||
packages = ('microshift', 'microshift-selinux', 'microshift-networking',
|
||||
'microshift-greenboot')
|
||||
- services = (plugin_name, 'greenboot-healthcheck',
|
||||
+ services = (plugin_name, 'microshift-etcd.scope', 'greenboot-healthcheck',
|
||||
'greenboot-task-runner', 'redboot-task-runner')
|
||||
profiles = (plugin_name,)
|
||||
localhost_kubeconfig = '/var/lib/microshift/resources/kubeadmin/kubeconfig'
|
||||
From 765ac8f3cc8e8413278afbf2579eaac7c0419f72 Mon Sep 17 00:00:00 2001
|
||||
From: Evgeny Slutsky <eslutsky@redhat.com>
|
||||
Date: Thu, 7 Sep 2023 10:54:12 +0300
|
||||
Subject: [PATCH] [greenboot] seperate logs to a standalone plugin.
|
||||
|
||||
Signed-off-by: Evgeny Slutsky <eslutsky@redhat.com>
|
||||
---
|
||||
sos/report/plugins/greenboot.py | 26 ++++++++++++++++++++++++++
|
||||
sos/report/plugins/microshift.py | 6 ++----
|
||||
2 files changed, 28 insertions(+), 4 deletions(-)
|
||||
create mode 100644 sos/report/plugins/greenboot.py
|
||||
|
||||
diff --git a/sos/report/plugins/greenboot.py b/sos/report/plugins/greenboot.py
|
||||
new file mode 100644
|
||||
index 000000000..69b6607b0
|
||||
--- /dev/null
|
||||
+++ b/sos/report/plugins/greenboot.py
|
||||
@@ -0,0 +1,26 @@
|
||||
+# Copyright 2023 Red Hat, Inc. Evgeny Slutsky <eslutsky@redhat.com>
|
||||
+# This file is part of the sos project: https://github.com/sosreport/sos
|
||||
+#
|
||||
+# This copyrighted material is made available to anyone wishing to use,
|
||||
+# modify, copy, or redistribute it subject to the terms and conditions of
|
||||
+# version 2 of the GNU General Public License.
|
||||
+#
|
||||
+# See the LICENSE file in the source distribution for further information.
|
||||
+
|
||||
+from sos.report.plugins import Plugin, RedHatPlugin
|
||||
+
|
||||
+
|
||||
+class Greenboot(Plugin, RedHatPlugin):
|
||||
+ """The greenboot plugin collects systemd service logs and configuration.
|
||||
+ """
|
||||
+
|
||||
+ short_desc = 'Greenboot'
|
||||
+ plugin_name = 'greenboot'
|
||||
+ services = (plugin_name, 'greenboot-healthcheck',
|
||||
+ 'greenboot-task-runner', 'redboot-task-runner',)
|
||||
+ profiles = ('system',)
|
||||
+
|
||||
+ def setup(self):
|
||||
+ self.add_copy_spec([
|
||||
+ "/etc/greenboot/greenboot.conf",
|
||||
+ ])
|
||||
diff --git a/sos/report/plugins/microshift.py b/sos/report/plugins/microshift.py
|
||||
index 2cfafef04..669f4c021 100644
|
||||
--- a/sos/report/plugins/microshift.py
|
||||
+++ b/sos/report/plugins/microshift.py
|
||||
@@ -26,10 +26,8 @@ class Microshift(Plugin, RedHatPlugin):
|
||||
short_desc = 'Microshift'
|
||||
plugin_name = 'microshift'
|
||||
plugin_timeout = 900
|
||||
- packages = ('microshift', 'microshift-selinux', 'microshift-networking',
|
||||
- 'microshift-greenboot')
|
||||
- services = (plugin_name, 'microshift-etcd.scope', 'greenboot-healthcheck',
|
||||
- 'greenboot-task-runner', 'redboot-task-runner')
|
||||
+ packages = ('microshift', 'microshift-selinux', 'microshift-networking',)
|
||||
+ services = (plugin_name, 'microshift-etcd.scope',)
|
||||
profiles = (plugin_name,)
|
||||
localhost_kubeconfig = '/var/lib/microshift/resources/kubeadmin/kubeconfig'
|
||||
|
||||
From 0b72a1f07a5f46e22cb926d129bd8eb63ba20a9a Mon Sep 17 00:00:00 2001
|
||||
From: Pablo Acevedo Montserrat <pacevedo@redhat.com>
|
||||
Date: Tue, 19 Sep 2023 12:18:42 +0200
|
||||
Subject: [PATCH] [microshift] Add /etc/microshift file copy spec
|
||||
|
||||
Signed-off-by: Pablo Acevedo Montserrat <pacevedo@redhat.com>
|
||||
---
|
||||
sos/report/plugins/microshift.py | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/sos/report/plugins/microshift.py b/sos/report/plugins/microshift.py
|
||||
index 669f4c021..8fe39ab29 100644
|
||||
--- a/sos/report/plugins/microshift.py
|
||||
+++ b/sos/report/plugins/microshift.py
|
||||
@@ -146,6 +146,9 @@ def setup(self):
|
||||
Output format for this function is based on `oc adm inspect` command,
|
||||
which is used to retrieve all API resources from the cluster.
|
||||
"""
|
||||
+
|
||||
+ self.add_copy_spec('/etc/microshift')
|
||||
+
|
||||
if self.path_exists('/var/lib/microshift-backups'):
|
||||
self.add_copy_spec(['/var/lib/microshift-backups/*/version',
|
||||
'/var/lib/microshift-backups/*.json'])
|
@ -5,7 +5,7 @@
|
||||
Summary: A set of tools to gather troubleshooting information from a system
|
||||
Name: sos
|
||||
Version: 4.6.0
|
||||
Release: 2%{?dist}.alma.1
|
||||
Release: 5%{?dist}.alma.1
|
||||
Group: Applications/System
|
||||
Source0: https://github.com/sosreport/sos/archive/%{version}/sos-%{version}.tar.gz
|
||||
Source1: sos-audit-%{auditversion}.tgz
|
||||
@ -23,6 +23,8 @@ Recommends: python3-pyyaml
|
||||
Conflicts: vdsm < 4.40
|
||||
Obsoletes: sos-collector <= 1.9
|
||||
Patch1: sos-SUPDEV145-ovnkube-logs.patch
|
||||
Patch2: sos-SUPDEV148-microshift-greenboot.patch
|
||||
Patch3: sos-RHEL-13701-aap-passwords.patch
|
||||
|
||||
# AlmaLinux patches
|
||||
Patch1000: sos-almalinux-branding.patch
|
||||
@ -37,6 +39,8 @@ support technicians and developers.
|
||||
%setup -qn %{name}-%{version}
|
||||
%setup -T -D -a1 -q
|
||||
%patch1 -p1
|
||||
%patch2 -p1
|
||||
%patch3 -p1
|
||||
|
||||
# AlmaLinux patches
|
||||
%patch1000 -p1
|
||||
@ -112,9 +116,21 @@ of the system. Currently storage and filesystem commands are audited.
|
||||
|
||||
|
||||
%changelog
|
||||
* Tue Sep 26 2023 Eduard Abdullin <eabdullin@almalinux.org> - 4.6.0-2.alma.1
|
||||
* Tue Nov 07 2023 Eduard Abdullin <eabdullin@almalinux.org> - 4.6.0-5.alma.1
|
||||
- Debrand for AlmaLinux
|
||||
|
||||
* Wed Oct 18 2023 Pavel Moravec <pmoravec@redhat.com> = 4.6.0-5
|
||||
[pulpcore] Scrub AUTH_LDAP_BIND_PASSWORD value
|
||||
Resolves: RHEL-13701
|
||||
|
||||
* Tue Oct 17 2023 Pavel Moravec <pmoravec@redhat.com> = 4.6.0-4
|
||||
- [pulp] Fix dynaconf obfuscation and add AUTH_LDAP_BIND_PASSWORD
|
||||
Resolves: RHEL-13701
|
||||
|
||||
* Thu Oct 12 2023 Pavel Moravec <pmoravec@redhat.com> = 4.6.0-3
|
||||
- [greenboot] seperate logs to a standalone plugin; enhance [microshift]
|
||||
Resolves: SUPDEV148
|
||||
|
||||
* Fri Sep 01 2023 Pavel Moravec <pmoravec@redhat.com> = 4.6.0-2
|
||||
- [openshift_ovn] Collect additional ovnkube node logs
|
||||
Resolves: SUPDEV145
|
||||
|
Loading…
Reference in New Issue
Block a user