From 0d2dd0d9ccc3242dd2dd4513924c8f308000242e Mon Sep 17 00:00:00 2001 From: Shane Bradley Date: Wed, 6 May 2015 15:47:07 -0400 Subject: [PATCH] [cluster] enable crm_report password scrubbing Default to specifying a password pattern of 'passw.*' when calling the crm_report script. This causes matching strings to be elided from the report data. Since this scrubbing can affect the use of pacemaker state machine snapshots for debugging the behaviour is controlled by a new option that defaults to enabled: cluster.crm_scrub This can be used to obtain an sosreport containing virgin crm_report data with no password scrubbing: # sosreport -k cluster.crm_scrub=False Signed-off-by: Shane Bradley Signed-off-by: Bryn M. Reeves --- sos/plugins/cluster.py | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/sos/plugins/cluster.py b/sos/plugins/cluster.py index 8dd9a4d..084c030 100644 --- a/sos/plugins/cluster.py +++ b/sos/plugins/cluster.py @@ -25,10 +25,12 @@ class Cluster(Plugin, RedHatPlugin): plugin_name = 'cluster' profiles = ('cluster',) + option_list = [ ("gfs2lockdump", 'gather output of gfs2 lockdumps', 'slow', False), ("crm_from", 'specify the start time for crm_report', 'fast', False), - ('lockdump', 'gather dlm lockdumps', 'slow', False) + ('lockdump', 'gather dlm lockdumps', 'slow', False), + ('crm_scrub', 'enable password scrubbing for crm_report', '', True), ] packages = [ @@ -112,8 +114,14 @@ class Cluster(Plugin, RedHatPlugin): "default" % self.get_option('crm_from')) crm_dest = self.get_cmd_output_path(name='crm_report', make=False) - self.add_cmd_output('crm_report -S -d --dest %s --from "%s"' - % (crm_dest, crm_from)) + crm_scrub = '-p "passw.*"' + if not self.get_option("crm_scrub"): + crm_scrub = '' + self._log_warn("scrubbing of crm passwords has been disabled:") + self._log_warn("data collected by crm_report may contain" + " sensitive values.") + self.add_cmd_output('crm_report %s -S -d --dest %s --from "%s"' + % (crm_scrub, crm_dest, crm_from)) def do_lockdump(self): if self._mount_debug(): -- 1.8.3.1