Bug 627416

Summary: sos rfe - request to update sos plugin cs.py for Red Hat Certificate System
Product: Red Hat Enterprise Linux 5 Reporter: Marc Sauton <msauton>
Component: sosAssignee: Pierre Carrier <prc>
Status: CLOSED ERRATA QA Contact: BaseOS QE - Apps <qe-baseos-apps>
Severity: medium Docs Contact:
Priority: low    
Version: 5.5CC: agk, bmr, gavin, lmiksik, prc, psplicha
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: The sos certificate system module in prior releases did not support versions of Red Hat Certificate System later than 7.3 Consequence: Users of Red Hat Certificate System 8.0 or later would find that configuration and log files for these versions were not collected automatically. Change: The cs module has now been updated to include support for these later versions. In addition the functionality of the old dogtag module has been merged into the revised cs module and the dogtag module has been removed. Result: Users of sos on systems with recent versions of Red Hat Certificate System do not need to take any additional actions to ensure collection of configuration and logging data for these subsystems
 Story Points: ---
Clone Of: Environment:
Last Closed: 2012-02-21 03:24:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 564241    
Bug Blocks: 769266, 782064    
Attachments:
Description Flags
proposed cs.py update for rhcs 8.0 on el5 and 7.3, 7.1 on el4 none

Description Marc Sauton 2010-08-26 00:12:15 UTC 
Created attachment 441081 [details]
proposed cs.py update for rhcs 8.0 on el5 and 7.3, 7.1 on el4

Description of problem:

This is a request to update the sos plugin for the Red Hat Certificate System
The current cs.py plugin is limited to Red Hat Certificate System version 7.3
The current file on el5
/usr/lib/python2.4/site-packages/sos/plugins/cs.py
or on el4
/usr/lib/python2.3/site-packages/sos/plugins/cs.py

captures information installed by rhpki-ca designed for the Red Hat Certificate System version 7.3 on RHEL4, while the current version is 8.0 and uses different rpm package names and path on RHEL5.

The proposed version support Red Hat Certificate System 7.1, 7.3 on RHEL4, and 8.0 (and will support 8.1) on RHEL5


Version-Release number of selected component (if applicable):

tested on

Red Hat Enterprise Linux Server release 5.4 (Tikanga)
Linux ms2-cs8-1-64.lab.sjc.redhat.com 2.6.18-164.el5 #1 SMP Tue Aug 18 15:51:48 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
pki-ca-8.0.6-1.el5pki
sos-1.7-9.49.el5

and

Red Hat Enterprise Linux AS release 4 (Nahant Update 7)
Linux ms2-test1.lab.sjc.redhat.com 2.6.9-78.EL #1 Wed Jul 9 15:27:01 EDT 2008 i686 i686 i386 GNU/Linux
redhat-cs-7.1-2.RHEL4
sos-1.7-9.35.el4


How reproducible:
always


Steps to Reproduce:
1. have a CA instance
2. vi cs.py
3. sosreport --no-multithread --ticket-number=123 -v -o cs -e cs
4. review .tgz generated to CS.cfg, dse.ldif, and log files


Actual results:

current file is like:

import sos.plugintools
import os

class cs(sos.plugintools.PluginBase):
    """Certificate System 7.x Diagnostic Information
    """
    # check for default location of pki services (/var/lib.rhpki-*).  
    # If default path exists, assume rhpki- glob and grap all installed 
    # subsystems.  If customer has a custom install path, then ln -s the 
    # custom path to /var/lib/rhkpi-installed_subsystem (/var/lib/rhpki-ca, 
    # /var/lib/rhpki-kra ect).

    def checkenabled(self):
        if self.cInfo["policy"].pkgByName("rhpki-common") or os.path.exists("/var/lib/rhpki-*"):
            return True
        return False

    def setup(self):
        self.addCopySpec("/var/lib/rhpki-*/conf/*cfg*")
        self.addCopySpec("/var/lib/rhpki-*/conf/*.ldif")
        self.addCopySpec("/var/lib/rhpki-*/logs/*")
        return


Expected results:

see attached proposed new cs.py
tested on el5 with pki-ca 8.0 and on el4 with redhat-cs 7.1


on 8.0, sosreport output example:

<p>Files copied:<br><ul>
<li><a href="../etc/dirsrv/slapd-ms2-cs8-1-64/dse.ldif">/etc/dirsrv/slapd-ms2-cs8-1-64/dse.ldif</a></li>
<li><a href="../var/log/dirsrv/slapd-ms2-cs8-1-64/access">/var/log/dirsrv/slapd-ms2-cs8-1-64/access</a></li>
<li><a href="../var/log/dirsrv/slapd-ms2-cs8-1-64/errors">/var/log/dirsrv/slapd-ms2-cs8-1-64/errors</a></li>
<li><a href="../etc/pki-ra/CS.cfg">/etc/pki-ra/CS.cfg</a></li>
<li><a href="../etc/pki-subca1/CS.cfg">/etc/pki-subca1/CS.cfg</a></li>
<li><a href="../etc/pki-carootIT1116453/CS.cfg">/etc/pki-carootIT1116453/CS.cfg</a></li>
<li><a href="../etc/pki-ca/CS.cfg">/etc/pki-ca/CS.cfg</a></li>
<li><a href="../var/log/pki-ra/debug">/var/log/pki-ra/debug</a></li>
<li><a href="../var/log/pki-subca1/debug">/var/log/pki-subca1/debug</a></li>
<li><a href="../var/log/pki-carootIT1116453/debug">/var/log/pki-carootIT1116453/debug</a></li>
<li><a href="../var/log/pki-ca/debug">/var/log/pki-ca/debug</a></li>
<li><a href="../var/log/pki-subca1/catalina.out">/var/log/pki-subca1/catalina.out</a></li>
<li><a href="../var/log/pki-carootIT1116453/catalina.out">/var/log/pki-carootIT1116453/catalina.out</a></li>
<li><a href="../var/log/pki-carootIT1116453/catalina.out-1">/var/log/pki-carootIT1116453/catalina.out-1</a></li>
<li><a href="../var/log/pki-ca/catalina.out">/var/log/pki-ca/catalina.out</a></li>
<li><a href="../var/log/pki-ra/ra-debug.log">/var/log/pki-ra/ra-debug.log</a></li>
<li><a href="../var/log/pki-subca1/transactions">/var/log/pki-subca1/transactions</a></li>
<li><a href="../var/log/pki-carootIT1116453/transactions">/var/log/pki-carootIT1116453/transactions</a></li>
<li><a href="../var/log/pki-ca/transactions">/var/log/pki-ca/transactions</a></li>
<li><a href="../var/log/pki-subca1/system">/var/log/pki-subca1/system</a></li>
<li><a href="../var/log/pki-carootIT1116453/system">/var/log/pki-carootIT1116453/system</a></li>
<li><a href="../var/log/pki-ca/system">/var/log/pki-ca/system</a></li>


on 7.1, sosreport output example:

<p>Files copied:<br><ul>
<li><a href="../opt/redhat-cs/slapd-ms2-test1-db/logs/access">/opt/redhat-cs/slapd-ms2-test1-db/logs/access</a></li>
<li><a href="../opt/redhat-cs/slapd-ms2-test1/logs/access">/opt/redhat-cs/slapd-ms2-test1/logs/access</a></li>
<li><a href="../opt/redhat-cs/slapd-ms2-test1-db/logs/errors">/opt/redhat-cs/slapd-ms2-test1-db/logs/errors</a></li>
<li><a href="../opt/redhat-cs/slapd-ms2-test1/logs/errors">/opt/redhat-cs/slapd-ms2-test1/logs/errors</a></li>
<li><a href="../opt/redhat-cs/slapd-ms2-test1-db/config/dse.ldif">/opt/redhat-cs/slapd-ms2-test1-db/config/dse.ldif</a></li>
<li><a href="../opt/redhat-cs/slapd-ms2-test1/config/dse.ldif">/opt/redhat-cs/slapd-ms2-test1/config/dse.ldif</a></li>
<li><a href="../opt/redhat-cs/cert-ms2-test1/config/CS.cfg">/opt/redhat-cs/cert-ms2-test1/config/CS.cfg</a></li>



Additional info:
Comment 4 Bryn M. Reeves 2011-01-14 16:58:00 UTC 
Can we get an ack to the proposal in comment #3?
Comment 5 Bryn M. Reeves 2011-04-06 13:51:57 UTC 
Ping?
Comment 6 Marc Sauton 2011-04-06 18:16:38 UTC 
I see no updates on RHEL 5 in sos-1.7-9.49.el5
Dogtag can work using RHDS, but I would rather associate Dogtag with the upstream name of RHDS, which is port389
RHCS 8.x uses RHDS 8.x (cs.py should not just be associated with RHDS 7.x which was used by RHCS 7.x)
https://fedorahosted.org/sos/changeset/1012 seem ok
Comment 14 Bryn M. Reeves 2012-01-25 17:42:26 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: The sos certificate system module in prior releases did not support versions
of Red Hat Certificate System later than 7.3

Consequence: Users of Red Hat Certificate System 8.0 or later would find that
configuration and log files for these versions were not collected
automatically.

Change: The cs module has now been updated to include support for these later
versions. In addition the functionality of the old dogtag module has been
merged into the revised cs module and the dogtag module has been removed.

Result: Users of sos on systems with recent versions of Red Hat Certificate System do
not need to take any additional actions to ensure collection of configuration
and logging data for these subsystems
Comment 15 errata-xmlrpc 2012-02-21 03:24:32 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2012-0153.html