Bug 2029154

Summary:	Exclude path /var/lib/vdsm/storage/transient_disks from vdsm plugin
Product:	Red Hat Enterprise Linux 8	Reporter:	Juan Orti <jortialc>
Component:	sos	Assignee:	Pavel Moravec <pmoravec>
Status:	CLOSED ERRATA	QA Contact:	Miroslav Hradílek <mhradile>
Severity:	high	Docs Contact:
Priority:	unspecified
Version:	8.5	CC:	agk, bmr, jcastillo, mhradile, mkluson, plambri, pmoravec, sbradley, theute
Target Milestone:	rc	Keywords:	OtherQA, Triaged
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	sos-4.3-1.el8	Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2022-11-08 10:50:23 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Juan Orti 2021-12-05 14:01:07 UTC

Description of problem:
The vdsm plugin is collecting everything under /var/lib/vdsm, but we should exclude /var/lib/vdsm/storage/transient_disks because it could contain sensitive data (cloud-init disks) or big files.

Version-Release number of selected component (if applicable):
sos-4.1-5.el8.noarch

How reproducible:
Always

Steps to Reproduce:
1. qemu-img create -f raw /var/lib/vdsm/storage/transient_disks/test.img 1g
2. sosreport

Actual results:
1 GB file included in the sosreport.

Expected results:
Path excluded.

Additional info:

Comment 3 Pavel Moravec 2021-12-06 16:13:37 UTC

Added to 8.7 scope.

Thanks Jose for the PR!

Comment 4 Pavel Moravec 2022-03-18 10:57:27 UTC

Hello,
as our QE might not have available systems for testing the fix, would you be able to verify the fix once available (as a candidate package for 8.7)?

Comment 8 Pavel Moravec 2022-04-06 06:27:36 UTC

Hello,
could you please use the build from https://people.redhat.com/pmoravec/sos-4.2-15/sos-4.2-15.el8.noarch.rpm to verify?

Thanks in advance.

Comment 9 Juan Orti 2022-04-06 07:26:47 UTC

I've tested your build in a RHVH 4.4.10.3 hypervisor, but the disk image present in /var/lib/vdsm/storage/transient_disks is still included in a tailed format, which doesn't make sense as it is a binary image. We should completely exclude the contents of the transient_disks dir.

Thanks.

# ls -la /var/lib/vdsm/storage/transient_disks/
total 1024
drwxr-xr-x. 2 vdsm kvm 22 Apr 6 09:13 .
drwxr-xr-x. 3 vdsm kvm 53 Dec 5 14:53 ..
-rw-r--r--. 1 root root 1073741824 Apr 6 09:13 test.img

# rpm -q sos
sos-4.2-15.el8.noarch

# sosreport
Please note the 'sosreport' command has been deprecated in favor of the new 'sos' command, E.G. 'sos report'.
Redirecting to 'sos report '

sosreport (version 4.2)

This command will collect diagnostic and configuration information from
this Red Hat Enterprise Linux system and installed applications.

An archive containing the collected information will be generated in
/var/tmp/sos.qwz2sdhk and may be provided to a Red Hat support
representative.

Any information provided to Red Hat will be treated in accordance with
the published support policies at:

Distribution Website : https://www.redhat.com/
Commercial Support : https://www.access.redhat.com/

The generated archive may contain data considered sensitive and its
content should be reviewed by the originating organization before being
passed to any third party.

No changes will be made to system configuration.

Press ENTER to continue, or CTRL-C to quit.

Optionally, please enter the case id that you are generating this report for []:

Setting up archive ...
Setting up plugins ...
[plugin:ipa] skipped command 'getcert list': required services missing: certmonger.
[plugin:networking] skipped command 'ip -s macsec show': required kmods missing: macsec. Use '--allow-system-changes' to enable collection.
[plugin:networking] skipped command 'ss -peaonmi': required kmods missing: netlink_diag, unix_diag, af_packet_diag, tcp_diag, inet_diag, udp_diag. Use '--allow-system-changes' to enable collection.
[plugin:sssd] skipped command 'sssctl config-check': required services missing: sssd.
[plugin:sssd] skipped command 'sssctl domain-list': required services missing: sssd.
Running plugins. Please wait ...

Finishing plugins [Running: systemd] ed]o]gine]
Finished running plugins
Creating compressed archive...

Your sosreport has been generated and saved in:
/var/tmp/sosreport-jorti-rhvh44-01-2022-04-06-ostdppg.tar.xz

Size 35.27MiB
Owner root
sha256 f76041e82b1b3917403d641df052e69a45eadad92c89d2d95f084fad3a201f64

Please send this file to your support representative.

# tar tvf /var/tmp/sosreport-jorti-rhvh44-01-2022-04-06-ostdppg.tar.xz | grep 'transient_disks'
drwxr-xr-x root/root 0 2022-04-06 09:13 sosreport-jorti-rhvh44-01-2022-04-06-ostdppg/var/lib/vdsm/storage/transient_disks/
lrw-r--r-- root/root 0 2022-04-06 09:13 sosreport-jorti-rhvh44-01-2022-04-06-ostdppg/var/lib/vdsm/storage/transient_disks/test.img -> ../../../../../sos_strings/vdsm/var.lib.vdsm.storage.transient_disks.test.img.tailed
-rw-r--r-- root/root 26214400 2022-04-06 09:16 sosreport-jorti-rhvh44-01-2022-04-06-ostdppg/sos_strings/vdsm/var.lib.vdsm.storage.transient_disks.test.img.tailed

Comment 10 Pavel Moravec 2022-04-06 08:02:56 UTC

Ouch, I offered the 8.6 candidate istead of 8.7 one :( Sorry for that.

Could you please use the build from https://people.redhat.com/pmoravec/sos-4.3-1/ instead?

Comment 11 Juan Orti 2022-04-06 08:22:13 UTC

With this version transient_disks is correctly excluded. Thanks!

# ls -la /var/lib/vdsm/storage/transient_disks/
total 1024
drwxr-xr-x. 2 vdsm kvm          22 Apr  6 09:13 .
drwxr-xr-x. 3 vdsm kvm          53 Dec  5 14:53 ..
-rw-r--r--. 1 root root 1073741824 Apr  6 09:13 test.img

# rpm -q sos
sos-4.3-1.el8.noarch

# sosreport
Please note the 'sosreport' command has been deprecated in favor of the new 'sos' command, E.G. 'sos report'.
Redirecting to 'sos report '

sosreport (version 4.3)

This command will collect diagnostic and configuration information from
this Red Hat Enterprise Linux system and installed applications.

An archive containing the collected information will be generated in
/var/tmp/sos.fj6o_kcj and may be provided to a Red Hat support
representative.

Any information provided to Red Hat will be treated in accordance with
the published support policies at:

        Distribution Website : https://www.redhat.com/
        Commercial Support   : https://www.access.redhat.com/

The generated archive may contain data considered sensitive and its
content should be reviewed by the originating organization before being
passed to any third party.

No changes will be made to system configuration.

Press ENTER to continue, or CTRL-C to quit.

Optionally, please enter the case id that you are generating this report for []: 

 Setting up archive ...
 Setting up plugins ...
[plugin:ipa] skipped command 'getcert list': required services missing: certmonger.  
[plugin:networking] skipped command 'ip -s macsec show': required kmods missing: macsec.   Use '--allow-system-changes' to enable collection.
[plugin:networking] skipped command 'ss -peaonmi': required kmods missing: inet_diag, af_packet_diag, tcp_diag, unix_diag, udp_diag, xsk_diag, netlink_diag.   Use '--allow-system-changes' to enable collection.
[plugin:sssd] skipped command 'sssctl config-check': required services missing: sssd.  
[plugin:sssd] skipped command 'sssctl domain-list': required services missing: sssd.  
 Running plugins. Please wait ...

  Finishing plugins              [Running: systemd]                                       ]]io]]
  Finished running plugins                                                               
Creating compressed archive...

Your sosreport has been generated and saved in:
	/var/tmp/sosreport-jorti-rhvh44-01-2022-04-06-gsdwvgq.tar.xz

 Size	33.13MiB
 Owner	root
 sha256	1c18455ad079c09a847b12cdb958711c6160acde308d8ad3cea828e7159e4ab9

Please send this file to your support representative.

# tar tvf /var/tmp/sosreport-jorti-rhvh44-01-2022-04-06-gsdwvgq.tar.xz | grep 'transient_disks'
# tar tvf /var/tmp/sosreport-jorti-rhvh44-01-2022-04-06-gsdwvgq.tar.xz | grep 'var/lib/vdsm'
drwxr-xr-x root/root              0 2021-12-04 12:50 sosreport-jorti-rhvh44-01-2022-04-06-gsdwvgq/var/lib/vdsm/
drwxr-xr-x root/root              0 2021-10-25 18:58 sosreport-jorti-rhvh44-01-2022-04-06-gsdwvgq/var/lib/vdsm/upgrade/
drwxr-x--- root/root              0 2021-12-04 12:50 sosreport-jorti-rhvh44-01-2022-04-06-gsdwvgq/var/lib/vdsm/transient/
drwxr-xr-x root/root              0 2021-12-05 14:53 sosreport-jorti-rhvh44-01-2022-04-06-gsdwvgq/var/lib/vdsm/storage/
-rw-r--r-- vdsm/kvm           20480 2021-12-04 12:50 sosreport-jorti-rhvh44-01-2022-04-06-gsdwvgq/var/lib/vdsm/storage/managedvolume.db
drwxr-xr-x root/root              0 2022-03-29 13:08 sosreport-jorti-rhvh44-01-2022-04-06-gsdwvgq/var/lib/vdsm/staging/
drwxr-xr-x root/root              0 2022-03-29 13:08 sosreport-jorti-rhvh44-01-2022-04-06-gsdwvgq/var/lib/vdsm/staging/netconf.qFx5WisM/
drwxr-xr-x root/root              0 2022-03-29 13:08 sosreport-jorti-rhvh44-01-2022-04-06-gsdwvgq/var/lib/vdsm/staging/netconf.qFx5WisM/nets/
-rw-r--r-- root/root            223 2022-03-29 13:08 sosreport-jorti-rhvh44-01-2022-04-06-gsdwvgq/var/lib/vdsm/staging/netconf.qFx5WisM/nets/ovirtmgmt
drwxr-xr-x root/root              0 2022-03-29 13:08 sosreport-jorti-rhvh44-01-2022-04-06-gsdwvgq/var/lib/vdsm/staging/netconf.qFx5WisM/bonds/
drwxr-xr-x root/root              0 2022-03-29 13:08 sosreport-jorti-rhvh44-01-2022-04-06-gsdwvgq/var/lib/vdsm/staging/netconf.qFx5WisM/devices/
lrwxr-xr-x root/root              0 2022-03-29 13:08 sosreport-jorti-rhvh44-01-2022-04-06-gsdwvgq/var/lib/vdsm/staging/netconf -> netconf.qFx5WisM
drwxr-xr-x root/root              0 2021-12-04 12:52 sosreport-jorti-rhvh44-01-2022-04-06-gsdwvgq/var/lib/vdsm/persistence/
drwxr-xr-x root/root              0 2021-12-04 12:52 sosreport-jorti-rhvh44-01-2022-04-06-gsdwvgq/var/lib/vdsm/persistence/netconf.rgEbdi5c/
drwxr-xr-x root/root              0 2021-12-04 12:52 sosreport-jorti-rhvh44-01-2022-04-06-gsdwvgq/var/lib/vdsm/persistence/netconf.rgEbdi5c/nets/
-rw-r--r-- root/root            223 2021-12-04 12:52 sosreport-jorti-rhvh44-01-2022-04-06-gsdwvgq/var/lib/vdsm/persistence/netconf.rgEbdi5c/nets/ovirtmgmt
drwxr-xr-x root/root              0 2021-12-04 12:52 sosreport-jorti-rhvh44-01-2022-04-06-gsdwvgq/var/lib/vdsm/persistence/netconf.rgEbdi5c/devices/
drwxr-xr-x root/root              0 2021-12-04 12:52 sosreport-jorti-rhvh44-01-2022-04-06-gsdwvgq/var/lib/vdsm/persistence/netconf.rgEbdi5c/bonds/
lrwxr-xr-x root/root              0 2021-12-04 12:52 sosreport-jorti-rhvh44-01-2022-04-06-gsdwvgq/var/lib/vdsm/persistence/netconf -> netconf.rgEbdi5c
drwxr-xr-x root/root              0 2021-10-25 18:58 sosreport-jorti-rhvh44-01-2022-04-06-gsdwvgq/var/lib/vdsm/netconfback/

Comment 19 errata-xmlrpc 2022-11-08 10:50:23 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (sos bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:7732