Ð¤Ð°Ð¹Ð»Ð¾Ð²Ñ‹Ð¹ Ð¼ÐµÐ½ÐµÐ´Ð¶ÐµÑ€

Ð¤Ð°Ð¹Ð»Ð¾Ð²Ñ‹Ð¹ Ð¼ÐµÐ½ÐµÐ´Ð¶ÐµÑ€ - Ð ÐµÐ´Ð°ÐºÑ‚Ð¸Ñ€Ð¾Ð²Ð°Ñ‚ÑŒ - /usr/lib/python3/dist-packages/sos/report/plugins/aap_containerized.py

ÐÐ°Ð·Ð°Ð´
# Copyright (c) 2025 Nagoor Shaik <nshaik@redhat.com> # This file is part of the sos project: https://github.com/sosreport/sos # # This copyrighted material is made available to anyone wishing to use, # modify, copy, or redistribute it subject to the terms and conditions of # version 2 of the GNU General Public License. # # See the LICENSE file in the source distribution for further information. import os from sos.report.plugins import Plugin, RedHatPlugin, PluginOpt class AAPContainerized(Plugin, RedHatPlugin): """Collects details about AAP Containerized setup under a user's home directory""" short_desc = "AAP Containerized Setup" plugin_name = "aap_containerized" profiles = ("sysmgmt", "ansible",) packages = ("podman",) option_list = [ PluginOpt( "username", default="", val_type=str, desc="Username that was used to setup " "AAP containerized installation" ), PluginOpt( "directory", default="", val_type=str, desc="Absolute path to AAP containers volume directory. " "Defaults to 'aap' under provided user's home directory" ) ] def setup(self): # Check if username is passed as argument username = self.get_option("username") if not username: self._log_warn("AAP username is missing, use '-k " "aap_containerized.username=<user>' to set it") ps = self.exec_cmd("ps aux") if ps["status"] == 0: podman_users = set() for line in ps["output"].splitlines(): if ("/usr/bin/podman" in line) and \ ("/.local/share/containers/storage/" in line): user, _ = line.split(maxsplit=1) podman_users.add(user) if len(podman_users) == 1: username = podman_users.pop() self._log_warn(f"AAP username detected as '{username}'") else: self._log_error("Unable to determine AAP username, " "terminating plugin.") return # Grab aap installation directory under user's home if not self.get_option("directory"): user_home_directory = os.path.expanduser(f"~{username}") aap_directory_name = self.path_join(user_home_directory, "aap") else: aap_directory_name = self.get_option("directory") # Don't collect cert and key files from the installation directory if self.path_exists(aap_directory_name): forbidden_paths = [ self.path_join(aap_directory_name, path) for path in [ "containers", "tls", "controller/etc/.cert", "controller/etc/.key", "eda/etc/.cert", "eda/etc/.key", "gateway/etc/.cert", "gateway/etc/.key", "hub/etc/.cert", "hub/etc/.key", "hub/etc/keys/.pem", "postgresql/.crt", "postgresql/.key", "receptor/etc/.crt", "receptor/etc/.key", "receptor/etc/.pem", "redis/.crt", "redis/.key", ] ] self.add_forbidden_path(forbidden_paths) self.add_copy_spec(aap_directory_name) else: self._log_error(f"Directory {aap_directory_name} does not exist " "or invalid absolute path provided") # Gather output of following podman commands as user podman_commands = [ (f"su - {username} -c 'podman info --debug'", "podman_info"), (f"su - {username} -c 'podman ps -a --format json'", "podman_ps_all_json"), ] for command, filename in podman_commands: self.add_cmd_output(command, suggest_filename=filename) # Collect AAP container names aap_containers = self._get_aap_container_names(username) # Copy podman container log and inspect files # into their respective sub directories for container in aap_containers: self.add_cmd_output( f"su - {username} -c 'podman logs {container}'", suggest_filename=f"{container}.log", subdir="aap_container_logs" ) self.add_cmd_output( f"su - {username} -c 'podman inspect {container}'", suggest_filename=container, subdir="podman_inspect_logs" ) # command outputs from various containers # the su command is needed because mimicking it via runas leads to # stuck command execution pod_cmds = { "automation-controller-task": [ "awx-manage check_license --data", "awx-manage list_instances", ], "automation-gateway": [ "automation-gateway-service status", "aap-gateway-manage print_settings", "aap-gateway-manage authenticators", "aap-gateway-manage showmigrations", "aap-gateway-manage list_services", "aap-gateway-manage feature_flags --list", "aap-gateway-manage --version", ], "automation-controller-web": [ "awx-manage showmigrations", "awx-manage list_instances", "awx-manage run_dispatcher --status", "awx-manage run_callback_receiver --status", "awx-manage check_license --data", "awx-manage run_wsrelay --status", ], "automation-eda-api": [ "aap-eda-manage --version", "aap-eda-manage showmigrations", ], "receptor": [ "receptorctl status", "receptorclt work list", ], } for pod, cmds in pod_cmds.items(): if pod in aap_containers: for cmd in cmds: fname = self._mangle_command(cmd) self.add_cmd_output(f"su - {username} -c 'podman exec -it" f" {pod} bash -c \"{cmd}\"'", suggest_filename=fname, subdir=pod) # Function to fetch podman container names def _get_aap_container_names(self, username): try: cmd = f"su - {username} -c 'podman ps -a --format {{{{.Names}}}}'" cmd_out = self.exec_cmd(cmd) if cmd_out['status'] == 0: return cmd_out['output'].strip().split("\n") return [] except Exception: self._log_error("Error retrieving Podman containers") return [] # Check and enable plugin on a AAP Containerized host def check_enabled(self): aap_processes = [ 'dumb-init -- /usr/bin/envoy', 'dumb-init -- /usr/bin/supervisord', 'dumb-init -- /usr/bin/launch_awx_web.sh', 'dumb-init -- /usr/bin/launch_awx_task.sh', 'dumb-init -- aap-eda-manage', 'pulpcore-content --name pulp-content --bind 127.0.0.1', ] ps_output = self.exec_cmd("ps --noheaders -eo args") if ps_output['status'] == 0: for process in aap_processes: if process in ps_output['output']: return True return False def postproc(self): # Mask PASSWORD from print_settings command jreg = r'((["\']?PASSWORD["\']?\s[:=]\s)[rb]?["\'])(.?)(["\'])' self.do_cmd_output_sub( "aap-gateway-manage print_settings", jreg, r'\1********\4') # Mask SECRET_KEY from print_settings command jreg = r'((SECRET_KEY\s=\s)([rb]?["\']))(.?)(["\'])' self.do_cmd_output_sub( "aap-gateway-manage print_settings", jreg, r'\1**********\5') # vim: set et ts=4 sw=4 :

| ver. 1.1 | | . | PHP 8.4.18 | Ð“ÐµÐ½ÐµÑ€Ð°Ñ†Ð¸Ñ ÑÑ‚Ñ€Ð°Ð½Ð¸Ñ†Ñ‹: 0 | proxy | phpinfo | ÐÐ°ÑÑ‚Ñ€Ð¾Ð¹ÐºÐ°