File: //usr/lib/python2.7/site-packages/sos/plugins/openshift.py
# This file is part of the sos project: https://github.com/sosreport/sos
#
# This copyrighted material is made available to anyone wishing to use,
# modify, copy, or redistribute it subject to the terms and conditions of
# version 2 of the GNU General Public License.
#
# See the LICENSE file in the source distribution for further information.
from sos.plugins import Plugin, RedHatPlugin
import os.path
# This plugin handles OpenShift Enterprise versions up to 2.x
# which are based in the upstream code of OpenShift Origin M4
# located here: https://github.com/openshift/origin-server
#
# For later of OpenShift Origin based on: https://github.com/openshift/origin
# like OpenShift Enterprise 3.x see the origin.py plugin
class Openshift(Plugin, RedHatPlugin):
    """Openshift 2.x node and broker"""
    plugin_name = "openshift"
    profiles = ('virt', 'openshift')
    # The 'broker' and 'node' options are obsolete but are maintained
    # here for compatibility with external programs that call sosreport
    # with these names.
    option_list = [("broker", "Gathers broker specific files", "slow", False),
                   ("node", "Gathers node specific files", "slow", False)]
    ruby = "ruby193"
    vendor = "rh"
    mco_config_dir = "/opt/%s/%s/root/etc/mcollective" % (vendor, ruby)
    gear_base_dir = "/var/lib/openshift"
    node_settings_dir = os.path.join(gear_base_dir, ".settings")
    node_proxy_dir = os.path.join(gear_base_dir, ".httpd.d")
    httpd_config_dir = "/etc/httpd/conf.d"
    def is_broker(self):
        return os.path.exists("/etc/openshift/broker.conf")
    def is_node(self):
        return os.path.exists("/etc/openshift/node.conf")
    def setup(self):
        self.add_copy_spec([
            "/etc/openshift-enterprise-release",
            "/var/log/openshift",
            "/etc/openshift/*.conf",
            "/etc/openshift/upgrade",
        ])
        self.add_cmd_output("oo-diagnostics -v")
        if self.is_broker():
            self.add_copy_spec([
                "/etc/openshift/quickstarts.json",
                "/etc/openshift/plugins.d/*.conf",
                os.path.join(self.mco_config_dir, "client.cfg"),
                "/var/www/openshift/broker/httpd/httpd.conf",
                "/var/www/openshift/broker/httpd/conf.d/*.conf",
                "/var/www/openshift/console/httpd/httpd.conf",
                "/var/www/openshift/console/httpd/conf.d/*.conf",
            ])
            self.add_cmd_output([
                "oo-accept-broker -v",
                "oo-admin-chk -v",
                "oo-mco ping",
            ])
        if self.is_node():
            self.add_copy_spec([
                "/etc/openshift/node-plugins.d/*.conf",
                "/etc/openshift/cart.conf.d",
                "/etc/openshift/iptables.*.rules",
                "/etc/openshift/env",
                os.path.join(self.httpd_config_dir,
                             "openshift-vhost-logconf.include"),
                os.path.join(self.httpd_config_dir,
                             "openshift-http-vhost.include"),
                os.path.join(self.httpd_config_dir,
                             "openshift_restorer.include"),
                os.path.join(self.mco_config_dir, "server.cfg"),
                os.path.join(self.mco_config_dir, "facts.yaml"),
                os.path.join(self.node_settings_dir, "district.info"),
                os.path.join(self.node_proxy_dir, "*.conf"),
                os.path.join(self.node_proxy_dir, "aliases.txt"),
                os.path.join(self.node_proxy_dir, "nodes.txt"),
                os.path.join(self.node_proxy_dir, "idler.txt"),
                os.path.join(self.node_proxy_dir, "sts.txt"),
                os.path.join(self.node_proxy_dir, "routes.json"),
                os.path.join(self.node_proxy_dir, "geardb.json"),
                os.path.join(self.node_proxy_dir, "sniproxy.json"),
                "/var/log/httpd/openshift_log",
                "/var/log/mcollective.log",
                "/var/log/node-web-proxy/access.log",
                "/var/log/node-web-proxy/error.log",
                "/var/log/node-web-proxy/websockets.log",
                "/var/log/node-web-proxy/supervisor.log",
            ])
            self.add_cmd_output([
                "oo-accept-node -v",
                "oo-admin-ctl-gears list",
                "ls -laZ %s" % self.gear_base_dir,
                "ls -la %s" % self.node_proxy_dir
            ])
    def postproc(self):
        # Redact broker's MongoDB credentials:
        # MONGO_PASSWORD="PasswordForOpenshiftUser"
        self.do_file_sub('/etc/openshift/broker.conf',
                         r"(MONGO_PASSWORD\s*=\s*)(.*)",
                         r"\1*******")
        # Redact session SHA keys:
        # SESSION_SECRET=0c31...a7c8
        self.do_file_sub('/etc/openshift/broker.conf',
                         r"(SESSION_SECRET\s*=\s*)(.*)",
                         r"\1*******")
        self.do_file_sub('/etc/openshift/console.conf',
                         r"(SESSION_SECRET\s*=\s*)(.*)",
                         r"\1*******")
        # Redact passwords of the form:
        # plugin.activemq.pool.1.password = Pa$sW0Rd
        self.do_file_sub(os.path.join(self.mco_config_dir, "server.cfg"),
                         r"(.*password\s*=\s*)\S+",
                         r"\1********")
        self.do_file_sub(os.path.join(self.mco_config_dir, "client.cfg"),
                         r"(.*password\s*=\s*)\S+",
                         r"\1********")
        # Redact DNS plugin credentials
        # Dynect DNS: DYNECT_PASSWORD=s0ME-p4$_w0RD._
        plugin_dir = '/etc/openshift/plugins.d/'
        self.do_file_sub(plugin_dir + 'openshift-origin-dns-dynect.conf',
                         r"(DYNECT_PASSWORD\s*=\s*)(.*)",
                         r"\1********")
        # Fog cloud: FOG_RACKSPACE_API_KEY="apikey"
        self.do_file_sub(plugin_dir + 'openshift-origin-dns-fog.conf',
                         r"(FOG_RACKSPACE_API_KEY\s*=\s*)(.*)",
                         r"\1********")
        # ISC bind: BIND_KEYVALUE="rndc key"
        self.do_file_sub(plugin_dir + 'openshift-origin-dns-nsupdate.conf',
                         r"(BIND_KEYVALUE\s*=\s*)(.*)",
                         r"\1********")
        # LDAP authentication:  AuthLDAPBindPassword "IShouldNotBeHere"
        ldap_paths = '/var/www/openshift/(broker|console)/httpd/conf.d/.*'
        self.do_path_regex_sub(ldap_paths,
                               r"(AuthLDAPBindPassword)\s*(.*)",
                               r"\1********")
# vim: set et ts=4 sw=4 :