관리-도구
편집 파일: origin.py
# Copyright (C) 2016 Red Hat, Inc., Pep Turro Mauri <pep@redhat.com> # This file is part of the sos project: https://github.com/sosreport/sos # # This copyrighted material is made available to anyone wishing to use, # modify, copy, or redistribute it subject to the terms and conditions of # version 2 of the GNU General Public License. # # See the LICENSE file in the source distribution for further information. from sos.plugins import Plugin, RedHatPlugin import os.path # This plugin collects static configuration and runtime information # about OpenShift Origin based environments, like OpenShift Enterprise 3 # Some clarification on naming: # OpenShift Origin is the upstream project for OpenShift Enterprise, # OpenShift Container Platflorm, and Atomic Platform. # # However, the name "OpenShift Origin" refers to two different code bases: # * Origin M5 and later (https://github.com/openshift/origin) # which is upstream for OpenShift 3.x and later. # This is what this plugin handles # * Origin M4 and earlier (https://github.com/openshift/origin-server) # which is upstream for OpenShift 1.x and 2.x. # This is handled by the plugin in openshift.py # Note that this plugin should be used in conjunction with other plugins # in order to capture relevant data: the Kubernetes plugin for the # masters, the Docker plugin for the nodes, and also generic # plugins (e.g. for /etc/sysconfig entries, network setup etc) class OpenShiftOrigin(Plugin): """ OpenShift Origin """ plugin_name = "origin" files = None # file lists assigned after path setup below profiles = ('openshift',) option_list = [ ("diag", "run 'oc adm diagnostics' to collect its output", 'fast', True), ("diag-prevent", "set --prevent-modification on 'oc adm diagnostics'", 'fast', True), ("all-namespaces", "collect dc output for all namespaces", "fast", False) ] master_base_dir = "/etc/origin/master" node_base_dir = "/etc/origin/node" master_cfg = os.path.join(master_base_dir, "master-config.yaml") master_env = os.path.join(master_base_dir, "master.env") node_cfg_file = "node-config.yaml" node_cfg = os.path.join(node_base_dir, node_cfg_file) node_kubeconfig = os.path.join(node_base_dir, "node.kubeconfig") static_pod_dir = os.path.join(node_base_dir, "pods") files = (master_cfg, node_cfg) # Master vs. node # # OpenShift Origin/3.x cluster members can be a master, a node, or both at # the same time: in most deployments masters are also nodes in order to get # access to the pod network, which some functionality (e.g. the API proxy) # requires. Therefore the following methods may all evaluate True on a # single instance (at least one must evaluate True if this is an OpenShift # installation) def is_master(self): """Determine if we are on a master""" return os.path.exists(self.master_cfg) def is_node(self): """Determine if we are on a node""" return os.path.exists(self.node_cfg) def is_static_etcd(self): """Determine if we are on a node running etcd""" return os.path.exists(os.path.join(self.static_pod_dir, "etcd.yaml")) def is_static_pod_compatible(self): """Determine if a node is running static pods""" return os.path.exists(self.static_pod_dir) def setup(self): bstrap_node_cfg = os.path.join(self.node_base_dir, "bootstrap-" + self.node_cfg_file) bstrap_kubeconfig = os.path.join(self.node_base_dir, "bootstrap.kubeconfig") node_certs = os.path.join(self.node_base_dir, "certs", "*") node_client_ca = os.path.join(self.node_base_dir, "client-ca.crt") admin_cfg = os.path.join(self.master_base_dir, "admin.kubeconfig") oc_cmd_admin = "%s --config=%s" % ("oc", admin_cfg) static_pod_logs_cmd = "master-logs" # Note that a system can run both a master and a node. # See "Master vs. node" above. if self.is_master(): self.add_copy_spec([ self.master_cfg, self.master_env, os.path.join(self.master_base_dir, "*.crt"), ]) if self.is_static_pod_compatible(): self.add_copy_spec(os.path.join(self.static_pod_dir, "*.yaml")) self.add_cmd_output([ "%s api api" % static_pod_logs_cmd, "%s controllers controllers" % static_pod_logs_cmd, ]) # TODO: some thoughts about information that might also be useful # to collect. However, these are maybe not needed in general # and/or present some challenges (scale, sensitive, ...) and need # some more thought. For now just leaving this comment here until # we decide if it's worth collecting: # # General project status: # oc status --all-namespaces (introduced in OSE 3.2) # -> deemed as not worthy in BZ#1394527 # Metrics deployment configurations # oc get -o json dc -n openshift-infra # Logging stack deployment configurations # oc get -o json dc -n logging # # Note: Information about nodes, events, pods, and services # is already collected by the Kubernetes plugin subcmds = [ "describe projects", "adm top images", "adm top imagestreams" ] self.add_cmd_output([ '%s %s' % (oc_cmd_admin, subcmd) for subcmd in subcmds ]) jcmds = [ "hostsubnet", "clusternetwork", "netnamespaces" ] self.add_cmd_output([ '%s get -o json %s' % (oc_cmd_admin, jcmd) for jcmd in jcmds ]) if self.get_option('all-namespaces'): ocn = self.exec_cmd('%s get namespaces' % oc_cmd_admin) ns_output = ocn['output'].splitlines()[1:] nmsps = [n.split()[0] for n in ns_output if n] else: nmsps = [ 'default', 'openshift-web-console', 'openshift-ansible-service-broker' ] self.add_cmd_output([ '%s get -o json dc -n %s' % (oc_cmd_admin, n) for n in nmsps ]) if self.get_option('diag'): diag_cmd = "%s adm diagnostics -l 0" % oc_cmd_admin if self.get_option('diag-prevent'): diag_cmd += " --prevent-modification=true" self.add_cmd_output(diag_cmd) self.add_journal(units=["atomic-openshift-master", "atomic-openshift-master-api", "atomic-openshift-master-controllers"]) # get logs from the infrastruture pods running in the default ns pods = self.exec_cmd("%s get pod -o name -n default" % oc_cmd_admin) for pod in pods['output'].splitlines(): self.add_cmd_output("%s logs -n default %s" % (oc_cmd_admin, pod)) # Note that a system can run both a master and a node. # See "Master vs. node" above. if self.is_node(): self.add_copy_spec([ self.node_cfg, self.node_kubeconfig, node_certs, node_client_ca, bstrap_node_cfg, bstrap_kubeconfig, os.path.join(self.node_base_dir, "*.crt"), os.path.join(self.node_base_dir, "resolv.conf"), os.path.join(self.node_base_dir, "node-dnsmasq.conf"), ]) self.add_journal(units="atomic-openshift-node") if self.is_static_etcd(): self.add_cmd_output("%s etcd etcd" % static_pod_logs_cmd) def postproc(self): # Clear env values from objects that can contain sensitive data # Sample JSON content: # { # "name": "MYSQL_PASSWORD", # "value": "mypassword" # }, # This will mask values when the "name" looks susceptible of # values worth obfuscating, i.e. if the name contains strings # like "pass", "pwd", "key" or "token". env_regexp = r'(?P<var>{\s*"name":\s*[^,]*' \ r'(pass|pwd|key|token|cred|secret' \ r'|PASS|PWD|KEY|TOKEN|CRED|SECRET)[^,]*,' \ r'\s*"value":)[^}]*' self.do_cmd_output_sub('oc*json', env_regexp, r'\g<var> "********"') # LDAP identity provider self.do_file_sub(self.master_cfg, r"(bindPassword:\s*)(.*)", r'\1"********"') # github/google/OpenID identity providers self.do_file_sub(self.master_cfg, r"(clientSecret:\s*)(.*)", r'\1"********"') class AtomicOpenShift(OpenShiftOrigin, RedHatPlugin): """ OpenShift Enterprise / OpenShift Container Platform """ packages = ('atomic-openshift',) # vim: set et ts=4 sw=4 :