87dd74faf0
Debian and Centos use the same tools but they are installed in different places. In order for collect to work on Debian, make sure that we are trying not use to RPMs on Debian. This is done in the collect-patching script so that the "smart" program is not run. Also kdump uses the /var/lib/kdump path on Debian rather than /var/crash on Centos. Also checked for 'rpm -qa' usage and changed them to 'dpkg -l'. Test Plan PASS Build package PASS Build and install ISO PASS Run the collect -v -all Story: 2009101 Task: 43732 Depends-On: https://review.opendev.org/c/starlingx/tools/+/838327 Signed-off-by: Charles Short <charles.short@windriver.com> Change-Id: I66cf0615f8cab7fe877b6cb09d605557c9258c43
139 lines
6.3 KiB
Bash
139 lines
6.3 KiB
Bash
#! /bin/bash
|
|
#
|
|
# Copyright (c) 2017 Wind River Systems, Inc.
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
|
|
COLLECT_NAME_DIR=$1
|
|
EXTRA_DIR=$2
|
|
|
|
# Strip the passwords from assorted config files
|
|
for conffile in \
|
|
${COLLECT_NAME_DIR}/etc/aodh/aodh.conf \
|
|
${COLLECT_NAME_DIR}/etc/barbican/barbican.conf \
|
|
${COLLECT_NAME_DIR}/etc/ceilometer/ceilometer.conf \
|
|
${COLLECT_NAME_DIR}/etc/cinder/cinder.conf \
|
|
${COLLECT_NAME_DIR}/etc/fm/fm.conf \
|
|
${COLLECT_NAME_DIR}/etc/glance/glance-api.conf \
|
|
${COLLECT_NAME_DIR}/etc/glance/glance-registry.conf \
|
|
${COLLECT_NAME_DIR}/etc/heat/heat.conf \
|
|
${COLLECT_NAME_DIR}/etc/ironic/ironic.conf \
|
|
${COLLECT_NAME_DIR}/etc/keystone/keystone.conf \
|
|
${COLLECT_NAME_DIR}/etc/magnum/magnum.conf \
|
|
${COLLECT_NAME_DIR}/etc/murano/murano.conf \
|
|
${COLLECT_NAME_DIR}/etc/neutron/metadata_agent.ini \
|
|
${COLLECT_NAME_DIR}/etc/neutron/neutron.conf \
|
|
${COLLECT_NAME_DIR}/etc/nfv/nfv_plugins/nfvi_plugins/config.ini \
|
|
${COLLECT_NAME_DIR}/etc/nova/nova.conf \
|
|
${COLLECT_NAME_DIR}/etc/nslcd.conf \
|
|
${COLLECT_NAME_DIR}/etc/openldap/slapd.conf.backup \
|
|
${COLLECT_NAME_DIR}/etc/openstack-dashboard/local_settings \
|
|
${COLLECT_NAME_DIR}/etc/panko/panko.conf \
|
|
${COLLECT_NAME_DIR}/etc/patching/patching.conf \
|
|
${COLLECT_NAME_DIR}/etc/proxy/nova-api-proxy.conf \
|
|
${COLLECT_NAME_DIR}/etc/rabbitmq/murano-rabbitmq.config \
|
|
${COLLECT_NAME_DIR}/etc/rabbitmq/rabbitmq.config \
|
|
${COLLECT_NAME_DIR}/etc/sysinv/api-paste.ini \
|
|
${COLLECT_NAME_DIR}/etc/sysinv/sysinv.conf \
|
|
${COLLECT_NAME_DIR}/var/extra/platform/sysinv/*/sysinv.conf.default \
|
|
${COLLECT_NAME_DIR}/etc/mtc.ini
|
|
|
|
do
|
|
if [ ! -f $conffile ]; then
|
|
continue
|
|
fi
|
|
|
|
sed -i -r 's/^(admin_password) *=.*/\1 = xxxxxx/;
|
|
s/^(auth_encryption_key) *=.*/\1 = xxxxxx/;
|
|
s/^(bindpw) .*/\1 xxxxxx/;
|
|
s/^(rootpw) .*/\1 xxxxxx/;
|
|
s/^(connection) *=.*/\1 = xxxxxx/;
|
|
s/^( *credentials) *=.*/\1 = xxxxxx/;
|
|
s/^(metadata_proxy_shared_secret) *=.*/\1 = xxxxxx/;
|
|
s/^(password) *=.*/\1 = xxxxxx/;
|
|
s/^(rabbit_password) *=.*/\1 = xxxxxx/;
|
|
s/^(sql_connection) *=.*/\1 = xxxxxx/;
|
|
s/^(stack_domain_admin_password) *=.*/\1 = xxxxxx/;
|
|
s/^(transport_url) *=.*/\1 = xxxxxx/;
|
|
s/^(SECRET_KEY) *=.*/\1 = xxxxxx/;
|
|
s/^(keystone_auth_pw) *=.*/\1 = xxxxxx/;
|
|
s/\{default_pass, <<\".*\">>\}/\{default_pass, <<\"xxxxxx\">>\}/' $conffile
|
|
done
|
|
|
|
find ${COLLECT_NAME_DIR} -name server-cert.pem | xargs --no-run-if-empty rm -f
|
|
rm -rf ${COLLECT_NAME_DIR}/var/extra/platform/config/*/ssh_config
|
|
rm -f ${COLLECT_NAME_DIR}/var/extra/platform/puppet/*/hieradata/secure*.yaml
|
|
rm -f ${COLLECT_NAME_DIR}/etc/puppet/cache/hieradata/secure*.yaml
|
|
|
|
# dir /etc/kubernetes/pki was etc.excluded
|
|
if [ -d "/etc/kubernetes/pki" ] ; then
|
|
# grab the public certificates if /etc/kubernetes/pki exists
|
|
mkdir -p ${COLLECT_NAME_DIR}/etc/kubernetes/pki
|
|
cp -a /etc/kubernetes/pki/*.crt ${COLLECT_NAME_DIR}/etc/kubernetes/pki 2>/dev/null 1>/dev/null
|
|
fi
|
|
|
|
# Mask user passwords in sysinv db dump
|
|
if [ -f ${COLLECT_NAME_DIR}/var/extra/database/sysinv.db.sql.txt ]; then
|
|
sed -i -r '/COPY i_user/, /^--/ s/^(([^\t]*\t){10})[^\t]*(\t.*)/\1xxxxxx\3/;
|
|
/COPY i_community/, /^--/ s/^(([^\t]*\t){5})[^\t]*(\t.*)/\1xxxxxx\3/;
|
|
/COPY i_trap_destination/, /^--/ s/^(([^\t]*\t){6})[^\t]*(\t.*)/\1xxxxxx\3/;
|
|
s/(identity\t[^\t]*\tpassword\t)[^\t]*/\1xxxxxx/' \
|
|
${COLLECT_NAME_DIR}/var/extra/database/sysinv.db.sql.txt
|
|
fi
|
|
|
|
# Mask passwords in host profiles
|
|
grep -rl '\"name\": \"password\"' ${COLLECT_NAME_DIR}/var/extra/platform/sysinv/ \
|
|
| xargs --no-run-if-empty perl -i -e '
|
|
$prev="";
|
|
while (<>)
|
|
{
|
|
if (/\"name\": \"password\"/)
|
|
{
|
|
$prev =~ s/\"value\": \".*\"/\"value\": \"xxxxxx\"/;
|
|
}
|
|
print $prev;
|
|
$prev=$_;
|
|
}
|
|
print $prev;'
|
|
|
|
# Cleanup snmp
|
|
sed -i -r 's/(rocommunity[^ ]*).*/\1 xxxxxx/' ${COLLECT_NAME_DIR}/var/extra/platform/config/*/snmp/*
|
|
sed -i -r 's/(trap2sink *[^ ]*).*/\1 xxxxxx/' ${COLLECT_NAME_DIR}/var/extra/platform/config/*/snmp/*
|
|
|
|
# Mask passwords in bash.log and history logs
|
|
USER_HISTORY_FILES=$(find ${COLLECT_NAME_DIR} -type f -name .bash_history 2>/dev/null)
|
|
sed -i -r 's/(snmp-comm-(delete|show)) *((\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*) *){1,}/\1 xxxxxx/;
|
|
s/(snmp.*) *(--community|-c) *(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1 \2 xxxxxx/;
|
|
s/(-password)=(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1=xxxxxx/;
|
|
s/(-password) (\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1 xxxxxx/g;
|
|
s/(password)'\'': (\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1'\':' xxxxxx/g;
|
|
s/(password):(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)'\''/\1:xxxxxx'\''/g;
|
|
s/(openstack.*) *(--password) *(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1 \2 xxxxxx/;
|
|
s/(ldapmodifyuser.*userPassword *)(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1 xxxxxx/' \
|
|
${USER_HISTORY_FILES} \
|
|
${COLLECT_NAME_DIR}/var/extra/history.info \
|
|
${COLLECT_NAME_DIR}/var/log/bash.log \
|
|
${COLLECT_NAME_DIR}/var/log/auth.log \
|
|
${COLLECT_NAME_DIR}/var/log/user.log \
|
|
${COLLECT_NAME_DIR}/var/log/ldapscripts.log
|
|
|
|
for f in ${COLLECT_NAME_DIR}/var/log/bash.log.*.gz \
|
|
${COLLECT_NAME_DIR}/var/log/auth.log.*.gz \
|
|
${COLLECT_NAME_DIR}/var/log/user.log.*.gz \
|
|
${COLLECT_NAME_DIR}/var/log/ldapscripts.log.*.gz
|
|
do
|
|
zgrep -q 'snmp|password' $f || continue
|
|
gunzip $f
|
|
unzipped=${f%%.gz}
|
|
sed -i -r 's/(snmp-comm-(delete|show)) *((\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*) *){1,}/\1 xxxxxx/;
|
|
s/(snmp.*) *(--community|-c) *(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1 \2 xxxxxx/;
|
|
s/(-password)=(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1=xxxxxx/;
|
|
s/(-password) (\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1 xxxxxx/g;
|
|
s/(password)'\'': (\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1'\':' xxxxxx/g;
|
|
s/(password):(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)'\''/\1:xxxxxx'\''/g;
|
|
s/(openstack.*) *(--password) *(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1 \2 xxxxxx/;
|
|
s/(ldapmodifyuser.*userPassword *)(\"[^\"]*\"|'\''[^'"'"']*'"'"'|[^ ]*)/\1 xxxxxx/' $unzipped
|
|
gzip $unzipped
|
|
done
|