Bug 1392974

Summary: [RFE] SOS Reports Should Include sssctl commands related with domain/status/config
Product: Red Hat Enterprise Linux 7 Reporter: mpanaous
Component: sosAssignee: Pavel Moravec <pmoravec>
Status: CLOSED CURRENTRELEASE QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: high Docs Contact:
Priority: unspecified    
Version: 7.3CC: agk, bmr, gavin, jhrozek, mhradile, mpanaous, plambri, sbradley, tscherf
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
URL: https://github.com/sosreport/sos/pull/958
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-10 20:18:55 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1473612    

Description mpanaous 2016-11-08 15:04:41 UTC 
Description of problem:


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:


Description of problem:
Support team is heavily relies on the provided sosreports as to isolate issues and to move forward with tshoot. Focusing on IDM, after the release of RHEL 7.3
there are some new features that were added to a tool for sssd tshoot - sssctl - It would be beneficial to have the information related commands of this tool gathered withing the sosreport

Version-Release number of selected component (if applicable):
RHEL 7.3

Steps to Reproduce:
1. Generate SOS report

Actual results:

# sssctl domain-list
jstephen.local
ADCORP.jstephen.local
example.com

# sssctl domain-status -o jstephen.local
Online status: Online


# sssctl config-check

Expected results:

To see the above output in the sos_commands dir (under sssctl for example. if the system is configured and have the appropriate packages installed)

Additional info:

requirements as seen in the docs
1) Ensure you are running SSSD 1.14 version or higher and install the 
sssd-tools rpm

# rpm -q sssd
# yum install sssd-tools

2) Add ifp to the services section in sssd.conf
[sssd]
services = nss, pam, sudo, ifp

---

for now I am just adding
a. this article that explains a plethora of them
https://access.redhat.com/articles/2751311

b. the official doc 
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html-single/System-Level_Authentication_Guide/index.html#sssctl
Comment 1 Bryn M. Reeves 2016-11-08 15:54:28 UTC 
> under sssctl for example. if the system is configured and have the appropriate 
> packages installed

The default location would be 'sos_commands/sssd/sssctl_$CMD_OPTS' - a new command added to the existing 'sssd' plugin (there doesn't seem to be any justification for a whole new plugin here).

> 2) Add ifp to the services section in sssd.conf
> [sssd]
> services = nss, pam, sudo, ifp

What does mean for sos, in terms of calling the sssctl command?

If this configuration change is required then we will only be able to collect this from customer systems where this change has already been made - sos does not modify customer configurations under any circumstances.
Comment 2 mpanaous 2016-11-09 08:12:58 UTC 
(In reply to Bryn M. Reeves from comment #1)

Hello,

> > under sssctl for example. if the system is configured and have the appropriate 
> > packages installed
> 
> The default location would be 'sos_commands/sssd/sssctl_$CMD_OPTS' - a new
> command added to the existing 'sssd' plugin (there doesn't seem to be any
> justification for a whole new plugin here).
> 

ok, thanks for the clarification

> > 2) Add ifp to the services section in sssd.conf
> > [sssd]
> > services = nss, pam, sudo, ifp
> 
> What does mean for sos, in terms of calling the sssctl command?
> 
> If this configuration change is required then we will only be able to
> collect this from customer systems where this change has already been made -
> sos does not modify customer configurations under any circumstances.

no, not at all, my apologies for the inconvenience. I just wanted to highlight how this should be configured. This command is working only if this ifp parameter is in place and I am not aware if you have to specify any kind of checks similar to if this option then execute

Regards
M.Panaousis
Comment 6 Pavel Moravec 2017-08-10 20:18:55 UTC 
This bug shall be fixed in package:

sos-3.4-6.el7.noarch.rpm

available via errata:

https://access.redhat.com/errata/RHBA-2017:2331


Thus I am closing this bug report.