Red Hat Bugzilla – Bug 1491042
In case keystone is using multiple ldap backend, sosreport should also get /etc/keystone/domains
Last modified: 2018-04-10 14:05:22 EDT
Description of problem: In case keystone is using multiple ldap backend, sosreport should also get /etc/keystone/domains Version-Release number of selected component (if applicable): How reproducible: Always ? Steps to Reproduce: 1. sosreport of the title 2. 3. Actual results: /etc/keystone/domains is missing (or whatever string is configured in the keystone.conf file) Expected results: Additional info:
Do I get it right, that it is required from sos to: - inspect content of keystone.conf (I expect /etc/keystone/keystone.conf) - find a value of ??which-one?? property, if present - collect that value of that property (should be /etc/keystone/domains) - if not specified / not found, collect /etc/keystone/domains as a default Am I right here? What is the property name, please? Can't be the value of that property obtained from a command (as a preffered way to sos grepping the property manualy and relying the syntax of the config file is stable over years)?
That looks correct and the values are the following: [identity] domain_specific_drivers_enabled = True domain_config_dir = /etc/keystone/domains
What's the rationale for the path being configurable, and is a non-default path a supported configuration fro Red Hat products? We can parse the configuration file if it is absolutely necessary but it seems curious to allow this path to be specified by the administrator.
It would be bit tricky to parse the config file that way, since we have to ensure that: - [identity] is preceded the domain_config_dir - no other section is between [identity] and domain_config_dir - read that value I am checking various keystone.conf in sosreports I have got access to - and so far the stats are: - 773 sosreports with that config found - 103 have that option uncommented - none of them sets non-default value So I think the parsing would be error-prone while providing very limited to none additional info/data.
I don't agree on this one. It really helps to have that information as we actually are asking the customer to copy/paste that in the cases but if it was in sos_report, we could simply look at those configurations ... But it's up to you here.
(In reply to David Hill from comment #6) > I don't agree on this one. It really helps to have that information as we > actually are asking the customer to copy/paste that in the cases but if it > was in sos_report, we could simply look at those configurations ... But > it's up to you here. Is that alternate config location supported? What support cases are you asking for that (to see if their config really points to non-default dir. location)
(I mean, we _will_ collect the content of /etc/keystone/domains but I am not convinced we should parse the config file to optionally collect non-default directory content)
Oh no... I'm not asking for that either but if 99% of the cases don't have the default location, we can always tell the customer to not change it . That'd be great to have in sosreport.
POSTed to upstream and also MODIFIED due to rebase.
Also https://github.com/sosreport/sos/pull/1147 needs to be present in 7.5 (if nothing else then to scrub LDAP passwords in the default domains dir that doesnt happen ATM).
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2018:0963