# Copyright (c) 2016 Ansible, Inc. # All Rights Reserved. try: from sos.plugins import Plugin, RedHatPlugin except ImportError: from sos.report.plugins import Plugin, RedHatPlugin SOSREPORT_CONTROLLER_COMMANDS = [ "awx-manage --version", # controller version "awx-manage list_instances", # controller cluster configuration "awx-manage run_dispatcher --status", # controller dispatch worker status "awx-manage run_callback_receiver --status", # controller callback worker status "awx-manage check_license --data", # controller license status "awx-manage run_wsrelay --status", # controller websocket relay status "supervisorctl status", # controller process status "/var/lib/awx/venv/awx/bin/pip freeze", # pip package list "/var/lib/awx/venv/awx/bin/pip freeze -l", # pip package list without globally-installed packages "/var/lib/awx/venv/ansible/bin/pip freeze", # pip package list "/var/lib/awx/venv/ansible/bin/pip freeze -l", # pip package list without globally-installed packages "tree -d /var/lib/awx", # show me the dirs "ls -ll /var/lib/awx", # check permissions "ls -ll /var/lib/awx/venv", # list all venvs "ls -ll /etc/tower", "ls -ll /var/run/awx-receptor", # list contents of dirctory where receptor socket should be "ls -ll /etc/receptor", "receptorctl --socket /var/run/awx-receptor/receptor.sock status", # Get information about the status of the mesh "receptorctl --socket /var/run/awx-receptor/receptor.sock work list", # Get list of receptor work units "umask -p", # check current umask ] SOSREPORT_CONTROLLER_DIRS = [ "/etc/tower/", "/etc/receptor/", "/etc/supervisord.conf", "/etc/supervisord.d/", "/etc/nginx/", "/var/log/tower", "/var/log/nginx", "/var/log/supervisor", "/var/log/redis", "/etc/opt/rh/rh-redis5/redis.conf", "/etc/redis.conf", "/var/opt/rh/rh-redis5/log/redis/redis.log", "/var/log/dist-upgrade", "/var/log/installer", "/var/log/unattended-upgrades", "/var/log/apport.log", ] SOSREPORT_FORBIDDEN_PATHS = [ "/etc/tower/SECRET_KEY", "/etc/tower/tower.key", "/etc/tower/awx.key", "/etc/tower/tower.cert", "/etc/tower/awx.cert", "/var/log/tower/profile", "/etc/receptor/tls/ca/*.key", "/etc/receptor/tls/*.key", ] class Controller(Plugin, RedHatPlugin): '''Collect Ansible Automation Platform controller information''' plugin_name = "controller" short_desc = "Ansible Automation Platform controller information" def setup(self): for path in SOSREPORT_CONTROLLER_DIRS: self.add_copy_spec(path) for path in SOSREPORT_FORBIDDEN_PATHS: self.add_forbidden_path(path) self.add_cmd_output(SOSREPORT_CONTROLLER_COMMANDS) def postproc(self): # remove database password jreg = r"(\s*\'PASSWORD\'\s*:(\s))(?:\"){1,}(.+)(?:\"){1,}" repl = r"\1********" self.do_path_regex_sub("/etc/tower/conf.d/postgres.py", jreg, repl) # remove email password jreg = r"(EMAIL_HOST_PASSWORD\s*=)\'(.+)\'" repl = r"\1********" self.do_path_regex_sub("/etc/tower/settings.py", jreg, repl) # remove email password (if customized) jreg = r"(EMAIL_HOST_PASSWORD\s*=)\'(.+)\'" repl = r"\1********" self.do_path_regex_sub("/etc/tower/conf.d/custom.py", jreg, repl) # remove websocket secret jreg = r"(BROADCAST_WEBSOCKET_SECRET\s*=\s*)\"(.+)\"" repl = r"\1********" self.do_path_regex_sub("/etc/tower/conf.d/channels.py", jreg, repl)