[salt] gather more data, e.g. services, grains, pillars, and more

Signed-off-by: Marek Czernek <[email protected]>

sos/report/plugins/salt.py

@@ -5,6 +5,7 @@
 # version 2 of the GNU General Public License.
 #
 # See the LICENSE file in the source distribution for further information.
+import re
 
 from sos.report.plugins import Plugin, IndependentPlugin
 
@@ -16,7 +17,7 @@ class Salt(Plugin, IndependentPlugin):
     plugin_name = 'salt'
     profiles = ('sysmgmt',)
 
-    packages = ('salt', 'salt-minion', 'salt-common',)
+    packages = ('salt', 'salt-minion', 'venv-salt-minion', 'salt-common',)
 
     def setup(self):
         all_logs = self.get_option("all_logs")
@@ -26,12 +27,41 @@ def setup(self):
         else:
             self.add_copy_spec("/var/log/salt")
 
-        self.add_copy_spec("/etc/salt")
-        self.add_forbidden_path("/etc/salt/pki/*/*.pem")
+        self.add_copy_spec([
+            "/var/log/venv-salt-minion.log",
+            "/var/log/salt-ssh.log",
+        ])
+
+        self.add_copy_spec([
+            "/etc/salt",
+            "/etc/venv-salt-minion/",
+            "/usr/local/etc/salt",
+        ])
+        self.add_forbidden_path([
+            "/etc/salt/pki/*/*.pem",
+            "/etc/venv-salt-minion/pki/*/*.pem",
+            "/usr/local/etc/salt/pki/*/*.pem",
+        ])
+
+        self.add_cmd_output([
+            "systemctl --full status salt-minion",
+            "systemctl --full status venv-salt-minion",
+            "salt-minion --versions-report",
+            "venv-salt-minion --versions-report",
+            "salt-call --local grains.items --out yaml",
+            "venv-salt-call --local grains.items --out yaml",
+        ], timeout=30)
 
     def postproc(self):
         regexp = r'(^\s+.*(pass|secret|(?<![A-z])key(?![A-z])).*:\ ).+$'
         subst = r'\1******'
         self.do_path_regex_sub("/etc/salt/*", regexp, subst)
 
+        # Obfuscate grain entries like `password: mypass` or
+        # `secret: mysecret`
+        grain_regexp = re.compile("(^.*(pass|secret|key).*:)(.*)$",
+                                  re.MULTILINE)
+        self.do_cmd_output_sub("salt-call", grain_regexp, subst)
+        self.do_cmd_output_sub("venv-salt-call", grain_regexp, subst)
+
 # vim: set et ts=4 sw=4 :

sos/report/plugins/saltmaster.py

@@ -5,6 +5,8 @@
 # version 2 of the GNU General Public License.
 #
 # See the LICENSE file in the source distribution for further information.
+import glob
+import yaml
 
 from sos.report.plugins import Plugin, IndependentPlugin
 
@@ -26,7 +28,35 @@ def setup(self):
 
         self.add_copy_spec("/etc/salt")
         self.add_forbidden_path("/etc/salt/pki/*/*.pem")
-        self.add_cmd_output("salt-key --list all")
+
+        self.add_pillar_roots()
+        self.add_cmd_output([
+            "salt-master --version",
+            "systemctl --full status salt-master",
+            "systemctl --full status salt-api",
+            "salt-key --list all",
+            "salt-run jobs.list_jobs --out=yaml",
+            "salt-run manage.list_state --out=yaml",
+            "salt-run manage.list_not_state --out=yaml",
+            "salt-run manage.joined --out=yaml",
+        ], timeout=30)
+
+    def add_pillar_roots(self):
+        cfgs = glob.glob("/etc/salt/master.d/*conf")
+        main_cfg = "/etc/salt/master"
+
+        if self.path_exists(main_cfg):
+            cfgs.append(main_cfg)
+
+        all_pillar_roots = []
+        for cfg in cfgs:
+            with open(cfg, "r") as f:
+                cfg_pillar_roots = (
+                    yaml.safe_load(f).get("pillar_roots", {}).get("base", [])
+                )
+                all_pillar_roots.extend(cfg_pillar_roots)
+
+        self.add_copy_spec(all_pillar_roots)
 
     def postproc(self):
         regexp = r'(^\s+.*(pass|secret|(?<![A-z])key(?![A-z])).*:\ ).+$'