Sindbad~EG File Manager
3
��f�C�������������������@���sF���d�d�l�m�Z���d�d�l�Z�d�d�l�Z�d�d�l�m�Z�m�Z�m�Z���G�d�d���d�e�e���Z�d�S�)������)�� translateN)���Plugin��RedHatPlugin� PluginOptc������������
���@���s����e�Z�d�Z�d�Z�d�Z�d�Z�d�Z�d3Z�d4Z�d�Z d�Z
e�d�d e�d
d���e�d�d e�d
d���e�d�d�d�d���e�d�d�d�d���e�d�d�d�d���e�d�d�e�d�d���e�d�d�e�d�d���e�d�d�e�d�d���g�Z
d�d ��Z�d!d"��Z�d#d$��Z�d%d&��Z�d'd(��Z�d)d*��Z�d+d,��Z�d-d.��Z�d/d0��Z�d1d2��Z�d S�)5� Openshifta����This is the plugin for OCP 4.x collections. While this product is still
built ontop of kubernetes, there is enough difference in the collection
requirements and approach to warrant a separate plugin as opposed to
further extending the kubernetes plugin (or the OCP 3.x extensions included
in the Red Hat version of the kube plugin).
This plugin may collect OCP API information when the `with-api` option is
enabled. This option is disabled by default.
When enabled, this plugin will collect cluster information and inspect the
default namespaces/projects that are created during deployment - i.e. the
namespaces of the cluster projects matching openshift.* and kube.*. At the
time of this plugin's creation that number of default projects is already
north of 50; hence this plugin is expected to take a long time in both the
setup() and collect() phases. End-user projects may also be collected from
when those projects are included in the `add-namespaces` or
`only-namespaces` options.
It is expected to need to perform an `oc login` command in order for this
plugin to be able to correctly capture information, as system root is not
considered cluster root on the cluster nodes in order to access the API.
Users will need to either:
1) Accept the use of a well-known stock kubeconfig file provided via a
static pod resource for the kube-apiserver
2) Provide the bearer token via the `-k openshift.token` option
3) Provide the bearer token via the `SOSOCPTOKEN` environment variable
4) Otherwise ensure that the root user can successfully run `oc` and
get proper output prior to running this plugin
It is highly suggested that option #1 be used first, as this uses well
known configurations and requires the least information from the user. If
using a token, it is recommended to use option #3 as this will prevent
the token from being recorded in output saved to the archive. Option #2 may
be used if this is considered an acceptable risk. It is not recommended to
rely on option #4, though it will provide the functionality needed.
z Openshift Container Platform 4.x� openshifti������openshift-hyperkubezg/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/node-kubeconfigs/localhost.kubeconfigz�oc get ��tokenNz admin token to allow API queries)���defaultZ�val_type��desc�
kubeconfigz+Path to a locally available kubeconfig file��hostz�https://localhost:6443z0host address to use for oc login, including port)�r
���r����z�with-apiFz�collect output from the OCP API��podlogsTz�collect logs from each podz�podlogs-filter��z1only collect logs from pods matching this patternz�only-namespacesz2colon-delimited list of namespaces to collect fromz�add-namespaceszHcolon-delimited list of namespaces to add to the default collection listc����������������C���s����|�j�d���d���d�k�S�)�z(Check to see if we can run `oc` commandsz oc whoami��statusr����)���exec_cmd)���self��r������/usr/lib/python3.6/openshift.py��_check_oc_functionY���s������z�Openshift._check_oc_functionc����������������C���s����|�j�|�j�d�����S�)�z?Check if the localhost.kubeconfig exists with system:admin userr����)�Z�path_exists�
get_option)�r����r����r����r������_check_localhost_kubeconfig]���s������z%Openshift._check_localhost_kubeconfigc����������������C���s����|�j���r�d�S�|�j�d���d�k�r(|�j�d�|�j�����|�j���r�|�j�d�|�j�d���i�����|�j�d���}�|�d���d�k�rf|�j���rfd�S�|�j�d�|�d���|�d ��f�������d
S�|�j�d���p�t�j d�d���}�|�r�|�j�d
|�j�d���|�f�����}�|�d���d�k�r�|�j���r�d�S�|�j�d�����d
S�|�j�d�����d
S�)�zuSee if we're logged in to the API service, and if not attempt to do
so using provided plugin options
Tr����NZ
KUBECONFIGz8oc login -u system:admin --insecure-skip-tls-verify=Truer����r����z6The login command failed with status: %s and error: %s��outputFr ���Z�SOSOCPTOKENz6oc login %s --token=%s --insecure-skip-tls-verify=Truer
���zIAttempt to login to OCP API failed, will not run or collect `oc` commandszUNot logged in to OCP API, and no login token provided. Will not collect `oc` commands)
r����r����Z
set_option��master_localhost_kubeconfigr����Z�set_default_cmd_environmentr����� _log_warn��os��getenv)�r����Z�oc_resr ���r����r����r������_check_oc_logged_ina���s8�����������������������������������������������������
���
�z�Openshift._check_oc_logged_inc����������������C���sX���|�j�d���r�t�|�j�d���j�d�����S�d�d�g�}�|�j�d���rTx"|�j�d���j�d���D�]�}�|�j�|�����qBW�|�S�)�z�Combine a set of regexes for collection with any namespaces passed
to sos via the -k openshift.add-namespaces option. Note that this does
allow for end users to specify namespace regexes of their own.
z�only-namespaces��:z�openshift.*z�kube.*z�add-namespaces)�r������list��split��append)�r����Z�collect_regexesZ�nspr����r����r������_setup_namespace_regexes����s������
�������
�����z"Openshift._setup_namespace_regexesc��������������������s(���d�d�����|�j�����t�����f�d�d���|�D�����S�)�a����Reduce the namespace listing returned to just the ones we want to
collect from. By default, as requested by OCP support personnel, this
must include all 'openshift' prefixed namespaces
:param nsps list: Namespace names from oc output
c����������������S���s"���x�|�D�]�}�t�j�|�|���r�d�S�q�W�d�S�)�z�Match a particular namespace for inclusion (or not) in the
collection phases
:param namespace str: The name of a namespace
TF)���re��match)�� namespace��regexes��regexr����r����r������_match_namespace����s������
�����z:Openshift._reduce_namespace_list.<locals>._match_namespacec��������������������s����h�|�]�}���|�����r�|���q�S�r����r����)���.0��n)�r(���r&���r����r����� <setcomp>����s������z3Openshift._reduce_namespace_list.<locals>.<setcomp>)�r"���r����)�r������nspsr����)�r(���r&���r������_reduce_namespace_list����s����������z Openshift._reduce_namespace_listc����������������C���s����|�j�d�����|�j�d�����|�j�d�d�g�����|�j�d�����|�j�d���r@|�j���}�n�d�}�|�r�|�j�d�����g�}�|�j�d�d d
d�d�g�����|�j�����|�j d
|�j
����}�|�d���d�k�r�d�d���|�d���j���d�d�����D���}�|�j�|���}�x�|�D�]�}�|�j
|�����q�W�d�S�)�a����The setup() phase of this plugin will iterate through all default
projects (namespaces), and/or those specified via the `add-namespaces`
and `only-namespaces` plugin options. Both of these options accept
shell-style regexes.
Cluster-wide information, that is information that is not tied to a
specific namespace, will be saved in the top-level plugin directory.
Each namespace will have it's own subdir within the `namespaces` subdir
to aide in organization. From there, each namespace subdir will have a
subsequent subdir for each type of API resource the plugin collects.
In contrast with the `kubernetes` plugin, this plugin will collect
logs from all pods within each namespace, as well as the previous pod's
logs, by default. The `-k openshift.podlogs-filter` option can be used
to greatly reduce the amount of collected information.
Z�kubeletz�/etc/kubernetes/*.crtz�/etc/kubernetes/*.keyz�/etc/kubernetes/*z�with-apiFz�Note that the Openshift Container Platform plugin can be expected in most configurations to take 5+ minutes in both the setup and collection phasesz�oc cluster-infoz�oc get -A pvz
oc get -A csrz oc statusz
oc versionz
%s namespacesr����r����c����������������S���s����g�|�]�}�|�j���d�����q�S�)�r����)�r ���)�r)���r*���r����r����r�����
<listcomp>����s������z#Openshift.setup.<locals>.<listcomp>r���������N)�Z�add_journalZ�add_service_statusZ�add_forbidden_pathZ
add_copy_specr����r����r������add_cmd_output��collect_cluster_resources��collect_cmd_output��oc_cmd�
splitlinesr-�����collect_from_namespace)�r����Z
can_run_ocZ�oc_nspsZ�_nm_resr,���r%���r����r����r������setup����s4�����
�
�������
�
�
�������������������������������
�
�z�Openshift.setupc����������������C���s����d�d�d�d�d�d�d�d�d d
d�d�d
d�d�d�d�g�}�x�|�D�]x}�d�|���}�d�|���g�}�|�j�d�|�j�|�f���|�|�d���}�|�d���d�k�r,x:|�d���j���d�d�����D�]"}�|�j�d�|�|�j���d���f���|�d�����q~W�q,W�d�S�)�zFCollect cluster-level (non-namespaced) resources from the API
Z�clusternetworksZ�clusteroperatorsZ�clusterversionsZ�componentstatusesZ�configsZ�containerruntimeconfigsZ�controllerconfigsZ�dnsesZ�hostsubnetsZ�infrastructuresZ�machineconfigpoolsZ�machineconfigsZ
netnamespacesZ�networksZ�nodesZ�proxiesZ�storageclassesz�cluster_resources/%sz�ocp_%sz�%s %s)���subdir��tagsr����r����r����r/���Nz�oc describe %s %s)�r7���)�r2���r3���r4���r0���r ���)�r����Z�global_resourcesZ�resource��_subdirZ�_tagZ�_resZ _res_namer����r����r����r1���
���s6���������������������������������������
���
���
���������z#Openshift.collect_cluster_resourcesc��������
�������C���s4���d�d�d�d�d�d�d�d�d d
d�d�d
d�d�d�d�d�d�d�d�d�d�d�d�d�d�d�d�d�g�}�d�|���}�|�j�d |���|�d!����x�|�D�]�}�d"|�|�f���}�d#|���d$|�|�f���|�g�}�d%|�j�|�|�f���}�|�j�|�|�|�d&��}�|�d'��d(k�r`|�d)��j���d*d+����} x4| D�],}
|
j���d(��}�|�j�d,|�|�f���|�d-|���d.����q�W�|�d�k�r`| r`|�j�d/��r`d0d1��| D���}�|�j�|�|�����q`W�d+S�)2z�Run through the collection routines for an individual namespace.
This collection should include all requested resources that exist
within that namesapce
:param namespace str: The name of the namespace
Z�buildconfigsZ�buildsZ�catalogsourceconfigsZ�catalogsourcesZ�clusterserviceversionsZ
configmapsZ
daemonsetsZ�deploymentconfigsZ�deploymentsZ�eventsZ�horizontalpodautoscalersZ�imagestreamsZ�ingresscontrollersZ ingressesZ�installplansZ�limitrangesZ�machinesZ�machinesetsZ
mcoconfigsz�net-attach-defZ�operatorgroupsZ�operatorsourcesZ�podsZ�pvcZ�resourcequotasZ�routes��secretsZ�servicesZ�statefulsetsZ
subscriptionsz
namespaces/%sz�oc describe namespace %s)�r7���z�%s/%sz�ocp_%sz ocp_%s_%sz�%s --namespace=%s %s)�r7���r8���r����r����r����r/���Nz
%s %s -o yamlz�%s.yaml)�r7���Z�suggest_filenamer����c����������������S���s����g�|�]�}�|�j���d�����q�S�)�r����)�r ���)�r)�����pr����r����r����r.���{���s������z4Openshift.collect_from_namespace.<locals>.<listcomp>)�r0���r3���r2���r4���r ���r������collect_podlogs)
r����r%���Z resourcesr7�����resr9���Z�_tagsZ�_get_cmdZ�_res_outZ
_instancesZ _instanceZ�_instance_name��pod_listr����r����r����r5���-���sl����
��������������������������������������������������������������
���
�����
�����������������
�����
���������z Openshift.collect_from_namespacec����������������C���sn���d�|���}�|�j�d���r"t�|�j�d�����}�n�d�}�xB|�D�]:}�|�rDt�j�|�|�����rDq,d�|�|�f���}�|�j�|�|�d���g�|�d�����q,W�d�S�)�z�For any namespace that has active pods in it, collect the current
and previous pod's logs
:param pod_list list: A list of pod names
z�namespaces/%s/pods/podlogsz�podlogs-filterNz�oc logs --namespace=%s %sz� -p)�r7���)�r����r����r#���r$���r0���)�r����r%���r>���Z�_log_dirr'���Z�podZ�_log_cmdr����r����r����r<���~���s��������
�����
�������������z�Openshift.collect_podlogsc����������������C���sf���|�j�d�����|�j�d�����d�d�d�d�d�d�d g�}�d
d�j�|�����}�|�j�d�|�d�����|�j�d
|�d�����d�}�|�j�d�|�d�����d�S�)�Nz�oc z�/etc/kubernetes/*z�.*.crtz�client-certificate-dataz�client-key-dataz�certificate-authority-dataz�.*.keyr ���z�.*token.*.valuez�(\s*(%s):)(.*)��|z
\1 *******r:���z((?P<var>(.*\\n)?Source:\s(.*),)((.*?))\nz�oc describez�\g<var> *******\n)�Z�do_cmd_private_subZ�do_file_private_sub��joinZ�do_path_regex_subZ�do_cmd_output_sub)�r������_fieldsr'���r����r����r������postproc����s������
�
�����������������������z�Openshift.postproc)�r����)�r����)���__name__�
__module__��__qualname__��__doc__Z
short_descZ�plugin_nameZ�plugin_timeoutZ�profilesZ�packagesr����r3���r������strZ�option_listr����r����r����r"���r-���r6���r1���r5���r<���rB���r����r����r����r����r��������sB����'��������������������������������������������
������7�����F�#�Q��r����) Z�fnmatchr����r����r#���Z�sos.report.pluginsr����r����r����r����r����r����r����r������<module> ���s������������
Sindbad File Manager Version 1.0, Coded By Sindbad EG ~ The Terrorists