File sos.changes of Package sos
-------------------------------------------------------------------
Wed Jun 4 10:55:42 UTC 2025 - ecsos <ecsos@opensuse.org>
- Update to 4.9.1
* General changes
- .readthedocs.yaml was added to build docs correctly
* Plugin Changes
- New plugins: charmed_mysql, helm, pulseaudio, valkey
- The o_horizon plugin newly obfuscates credentials in local_settings.py
- The squid plugin has updated Debian and Ubuntu paths
- The networking plugin newly collects contents of netplan configuration dirs
- The ceph plugin newly obfuscates rgw password in ceph.conf
- The ubuntu plugin is revamped
- openstack_gnocchi plugin newly obfuscates db connection
* Cleaner Changes
- No further obfuscation of .gz files when using --keep-binary-files option
-------------------------------------------------------------------
Wed Mar 12 11:27:01 UTC 2025 - ecsos <ecsos@opensuse.org>
- Update to 4.9.0
* Global
- There has been significant ongoing work with the downstream Debian release for sos, thank you to @arif-ali for all his work on this front.
- The legacy redirectors for sosreport and sos-collector have been dropped as of this release. The only executable going forward is sos.
* Policy
- Added duke release for Debian support.
* Report
- No changes made directly to the SosReport() component in this release.
* Plugins
- New plugins: aap_containerized, and oratab.
- The foreman_installer plugin now collects satellite_metrics.yml.
- The python plugin will now collect verbose output via pip.
- Journal collection speed has been improved via a combination of a python implementation of tac, and calling non-sizelimited journal collections with --reverse.
- Users and automation that relies on static file naming is reminded that sos_reports/manifest.json
should be referenced and the use of tags to find collections within an archive is recommended
so that command string changes do not break parsing automation.
- Plugins that collect stackdumps from processes by first sending a signal to those processes have been standardized on a new Plugin.signal_process_usr1() method.
- The crio plugin now supports a stackdump plugin option to collect a stackdump from the main crio process.
* Collect
- The saltstack transport will now execute commands using cmd.exec_code sh, instead of cmd.shell.
* Clean
- The IPv6 MAC address parser has been updated to reduce false positive matches,
including reduce matching again on previously obfuscated strings from other parsers.
* Upload
- A new sos upload component has been added, moving the upload code from Policy() and
allowing end-users to upload files to vendor locations from systems that may not match
the vendor's products/distributions (e.g. when a report archive cannot be uploaded directly from the generating system,
and must instead be uploaded from a workstation).
-------------------------------------------------------------------
Wed Mar 12 11:22:54 UTC 2025 - ecsos <ecsos@opensuse.org>
- Update to 4.8.2
* Report Changes
- Plugins' postprocessing times are newly collected by sos manifest
* Plugin Changes
- New plugins: perccli2 and Instructlab
- Password obfuscation of various listed plugins has been improved: heat, placement, mysql, microk8s, sunbeam, foreman and subscription_manager
- The docker, podman and containerd plugins newly collect container image layers
- The juju plugin newly collects commands from juju agents and state reporting
- The foreman plugin newly limits size of collected production.log and ssl los to 500MB only
- The coredump plugin was refactored to collect less dumps
- The ansible plugin stops collecting /etc/ansible/files
- The system plugin newly collects names of environmental variables
- The kubernetes plugin was enhanced (k8s snap, kubelogs option)
- The NetworkManager plugin newly collects system-connections files from all locations
* Collect changes
- Fixed an exception when calling collect with --batch and --password options
- Collect can newly inherit config file
* Cleaner changes
- Hostname obfuscation was improved to match whole strings
* Generic changes
- Ubuntu images were updated for testing
-------------------------------------------------------------------
Fri Nov 22 09:24:03 UTC 2024 - ecsos <ecsos@opensuse.org>
- Update to 4.8.1
* Report Changes
- Obfuscate upload password in get_upload_url_string()
- Apply --skip-files also to destination of symlinks
- Policy check is consolidated across all Policy objects
- http URL credentials are obfuscated
* Plugin Changes
- New plugins: kea, bird, bootc
- The network plugin collects more devlink commands outputs
- The sudo plugin captures more log files
- The leapp plugin plugin enablement is improved
- The block plugin captures LUKS clevis binding
- The nvidia plugin newly collects data from nvidia container toolkit
- The ceph plugin commands collection is updated
- The vdo plugin captures vdo volumes
- The cgroups plugin collects information per processes
* Generic changes
- Various fixes for pylint compliance
- Specify licence GPL v2 only
- Changes from 4.8.0
* Global
- Major shoutout to @pponnuvel for the significant effort put into addressing linting reports and refactors across the project
- Project naming patterns have been further clarified as "sos (space) $component", e.g. sos report instead of sosreport.
- Deprecation notice: the old-style command redirectors such as sosreport are deprecated
and will be removed in the next minor version (sos-4.9).
- License Clarification: it was brought up that there was ambiguity in our licensing,
namely "GPLv2 only" vs "GPLv2 or later". The sos project has always intended to be "GPLv2 only"
and has clarified this stance across the repository.
- See discussion #3705 for more details.
- The automated snap build of sos has been updated to use core24.
- This release is the last release that will have a minimum python version of python-3.6.
Subsequent releases will have a minimum python version of python-3.8.
* Report
- Fixed a bug where all-logs may not have captured output if the command being collected was installed via snap packaging.
+ Plugin
- New plugins: fail2ban, microcloud
- A new add_dir_listing() method has been added to standardize collections of directory listings in plugins.
- The tree parameter can be specified to collect tree output instead of ls output
- A new is_snap_installed() method has been added to standardize checking if a package is installed as a snap.
- The container_log plugin has been updated to collect rotated logs.
- The sunbeam_hypervisor plugin will now properly obfuscate ceilometer and hooks.log.
- The networking plugin will now capture nmstatectl output.
- The maas plugin has been significantly refactored.
* Policy
- Added a new policy for CloudLinux installations.
- rpm-ostree distributions will fallback to /lib/modules/*/config if /boot/config-$release doesn't exist.
-------------------------------------------------------------------
Sun Aug 4 16:15:07 UTC 2024 - ecsos <ecsos@opensuse.org>
- Update to 4.7.2
* General Changes
- A new policy for Alma Linux was added
- Various formatting and styling improvements for CodeQL and pylint
* Report Changes
- A new preset for AAP Controller was added
- All strings in report plugins were converted to f-strings
- All journal collections respect --since option
- PluginOpt changes standardized to use dashes only, which means no underscores in plugin options
- Add an option to run commands as a user
* Plugin Changes
- New plugins: aap_gateway, aap_receptor, charmed_postgresql, curtin, kafka, microovn, sunbeam and sunbeam_hypervisor
- kdump plugin is newly collected on Azure
- kubernetes plugin stopped collecting data from unsupported versions
* Cleaner Changes
- Cleaner run on an already existing sosreport tarball does obfuscate data again
* Tests Changes
- Support testing via tox.ini
- Tests run on latest daily Ubuntu builds
- Avocado framework updated to 103.X TLS
- All strings were converted to f-strings
- New tests for apt, juju, netplan and networking
- Changes from 4.7.1
* General Changes
- .format() calls are replaced by f-string equivalents as a step to modernize on f-strings
- many PYLint, PEP8 and flake8 improvements done
* Report Changes
- Hardware devices have new section for fstype
* Plugin Changes
- New plugins: proxmox, aap_hub, aap_controller, telegraf
- SCLPlugin class has been dropped
- nfs plugin captures various mountstats
- ceph* plugins newly respect --all-logs option
- openstack_keystone properly obfuscates OIDC client secret
* Collector Changes
- ocp cluster has a new option to specify API URL
* Cleaner Changes
- A new option --skip-cleaning-files / --skip-masking-files implemented
- Stripping raw MAC address has been improved
* Tests Changes
- Workaround of puppet bug puppet-agent-7.29.0*) in foreman installer applied
-------------------------------------------------------------------
Tue Feb 20 10:12:36 UTC 2024 - ecsos <ecsos@opensuse.org>
- Update to 4.7.0
* Global Changes
- Added support for S3 uploads.
* Policy Changes
- Fixed dist_version() for Ubuntu.
- Dropped the RedHatAtomic policy.
- Changed the authentication for RHEL uploads to use device auth instead of username/password.
* Report Changes
- Added a new preset for app_eda (Ansible Automation Platform Event Drive Ansible).
* Plugin Changes
- New plugins: aide, app_eda, coredump', infinidat, vectordev.
- The networking plugin now uses a predicate for ss commands on Ubuntu.
- Enabled the kubernetes plugin for Debian.
- Dropped the atomic plugin.
- Fixed an issue with the command predicate for the lxd plugin when enabled via a snap.
- The nvme plugin now collects additional files per nvme drive on the host.
* Collect Changes
Added a transport for Saltstack.
* Cleaner Changes
- clean will no longer try to obfuscate words that are 3 characters or less in length.
- clean will now properly obfuscate the upload password (if provided) in our own logs.
-------------------------------------------------------------------
Mon Jan 15 14:47:26 UTC 2024 - ecsos <ecsos@opensuse.org>
- Update to 4.6.1
* Global Change
- Fixed code warnings for file not always closed and for mixing implicit and explicit returns.
- `packaging.version' is now preferred for package version parsing.
- Packaging and testing on deb packages has been started.
- Copr builds for centos stream are newly configured.
* Report Changes
- Flatpak package manager is added.
* Plugin Changes
- More ovn and ovnkube logs collected.
- New MAAS 3.5 data collected.
- Added two new plugins for OpenStack Masakari.
- New Greenboot plugin separated from Microshift plugin.
- Several improvements have been made to the Microshift plugin.
- Dynaconf and auth passwords are properly obfuscated in both Pulp plugins.
- Microceph plugin now collects mgr data and ceph daemon commands in OSD node.
- Salt plugin collects more data about services, grains or pillars.
* Collector Changes
- get_pty functionality has been refactored.
- Changes from 4.6.0
* Report Changes
- sos report will no longer use a non / sysroot for network device enumeration
* Plugin Changes
- New plugins: slurm
- The containerd plugin now enables off the containerd.io package
- The ceph_common plugin will no longer enable automatically on cinder nodes
- The discovery plugin will now be enabled by the presence of relevant containers
- The ubuntu plugin will no longer collect ua_tools_status output if the tls module is not loaded
- The firewall_tables plugin will now always capture the nat table, where previously it could be erroneously missed
- The openshift_ovn plugin will now collect ovn db files
* Cleaner Changes
- Archive extraction now uses fully_trusted_filter as per requirements for python-3.10+ runtimes
- Changes from 4.5.6
* Global Changes
snaps are now automatically built and pushed with new releases.
Fixed an incompatibility issue with python-3.12 runtimes.
* Report Changes
Added a new ceph profile for use in those types of environments.
* Plugin Changes
Fixed an issue with the enablement of ceph plugins possibly be erroneously enabled.
Fixed an issue with multiline regexes raising exceptions on python 3.11 runtimes.
The lustre plugin now collects more debug parameters.
The ssh plugin now controls collection of user ~/.ssh/config files via the userconfs option.
The default for the option is set to true/on/enabled, preserving previous behavior.
* Cleaner Changes
Obfuscated files will now have their permissions set to match the source file.
Refined the regex used to extract MAC addresses, and will now match underscore separated addresses.
- Changes from 4.5.5
* Global Changes
sos.spec has been updated to more closely align with Fedora guidelines.
Build snaps as part of merging to main should be more reliable now.
* Report Changes
Fixed a bug where scrubbing certificate content would fail as a result of us implicitly using the re.I flag for plugin-based postprocessing.
* Plugin Changes
New plugins: cxl, vault
Fixed a bug where if sos was running inside a container, and a plugin attempted to collect a symlink to a host file, that the plugin would instead capture the container's version of that file.
Fixed a bug where redundant attempts to create a plugin's sos_commands/ subdirectory would result in an exception.
The apache plugin will now collect all /etc/httpd/conf/*.conf files by default.
The ipa plugin will now collect SID and EPN logs.
The grub2 plugin will now collect user-created config files.
Spaces are now handled properly when scrubbing passwords within the sssd plugin.
The docker plugin will now function for Debian based systems.
* Collect Changes
The ocp cluster profile will now more gracefully handle timeouts when trying to remove the temporary project after collections complete. Users are now also notified that if this occurs, they will need to manually delete the temporary project.
Report execution errors handled within SosNode are now more consistently printed to console.
* Cleaner Changes
Refined MAC address parsing, so we should have more complete coverage of MAC address obfuscation
The process of preparing cleaner mappings has been abstracted out into new Prepper objects. These preppers allow more flexible ways to extract relevant items for preparing mappings and parsers before the bulk obfuscation work begins. This is the first step in moving to a more efficient concurrency design, and subsequent changes and refinements are expected over the next few releases.
- Changes from 4.5.4
* Policies
Added a snap package manager abstraction so that policies and plugins may inspect package installations using the snap manager.
Added a MultiPackagerManager that allows policies to leverage multiple package managers on the same system - e.g. a system using both dpkg and snaps.
The Ubuntu policy will now use both the dpkg and snap package managers, so plugins will be enabled based on the installation of a package in either dpkg or snap format.
The dpkg package manager will now properly remove recently-uninstalled packages from the returned package list.
The Mariner policy has been renamed to Azure Linux to match the new upstream naming.
* Report Changes
Plugins will now collect truncated strings into the report before collecting command output.
* Plugin Changes
New plugins: rhc, microk8s
The alternatives plugin now supports Ubuntu installations.
The dnf plugin has removed the superflous use of --assumeno from commands that cannot generate the need for user input. Command file names will change accordingly.
The apport plugin will now collect /var/crash if --all-logs is used.
The lxd plugin will now collect logs and configuration files from locations based on snap installations as well.
The apt plugin will now obfuscate credentials in list files.
The kernel plugin will now collect /var/lib/systemd/pstore.
The powerpc plugin will now collect RMC status logs and invscout logs.
The foreman plugin will now collect qpid-stat output.
The landscape plugin now collects more logs.
* Collect Changes
Fixed a bug that would prevent the juju cluster from collections when a subbordinate's parent or its units were missing.
Fixed a bug where collect could end up skipping the local node if that node was part of the cluster but was not forcibly removed via strict_node_list (primarily pacemaker clusters).
- Changes from 4.5.3
* Policy Changes
Added a policy for CBL-Mariner Linux
Fixed an issue in the ubuntu policy that could prevent archive uploads when users specified a manual --upload-url
* Report Changes
Usage of --enable-plugins, --skip-plugins, and --only-plugins from the command line will now properly override those values set by a preset if the preset added them to a conflicting option
* Plugin Changes
The lustre plugin will now collect ldiskfs information
The zfs plugin will now collect from /proc/spl
The firewalld plugin will now collect the ipsets, policies, and helpers subdirectories within /etc/firewalld/
The iscsi plugin will now properly obfuscate password_in strings in collected files
The ceph plugin will now collect a dump of mon's config database
The powerpc plugin will now collect lsslot, amsstat, and opal elogs output
The virsh plugin will now scrub spice passwords in virt-manager logs
* Collect changes
Added both a new transport and cluster profile for Juju environments
- Changes from 4.5.2
* Global Changes
Several stale dependencies have been dropped from the rpm packaging
sos.spec has been migrated to using SPDX license syntax
RPM builds of sos will now include a tmpfiles configuration so skip over /var/tmp/sos*, thus avoiding constant AVC errors from the service
* Report Changes
New option journal-size: controls how large sos will collect journal output of. Default is 100MB
New option low-priority: will now cause sos to attempt to self-constrain its impact on the system.
This option currently attempts to set the sos process to an idle IO class, and sets our niceness to 19
New preset minimal: uses the low-priority option as well as reducing plugin timeouts and file collection sizes
Archive contents are now ordered such that version.txt, manifest.json, and sos_logs/ are now first in the tarball, which should assist with any in-memory handling of tarballs via automation
Fixed a bug that would cause double logging if a preset set verbosity levels
* Plugin Changes
The frr plugin will now collect command output from a container if that is how it is deployed
The unpackaged plugin will now list unpackaged symlinks and not the symlink's target
The iprconfig plugin is now gated by the sg kernel mod being loaded
Fixed a bug that would cause the CosLogs variant to be loaded for every distribution
The microshift plugin has been updated to use oc get commands
Plugin.do_file_sub() for plugin post-processing is now always case-insensitive in pattern matching
* Cleaner Changes
- Fix a bug where the finalizing the archive would fail if cleaner was instructed to obfuscate the keyword tmp
- Changes from 4.5.1
* Global Changes
Build failures for snaps will now be available within the CI run in which a particular build failed.
* Report Changes
A plethora of new tags and changed tags have been implemented across many collections to assist with Insights inspection.
Fixed a bug where a potential duplicate command when run in a container could result in an incorrectly handled exception within the archive. If duplicate commands are called within the same container from the same plugin, there will no longer be an error.
The ocp preset will no longer use the --verify option
* Plugin Changes
New plugins: ceph_iscsi, microshift, microshift_ovn
The azure plugin has been updated to use a newer endpoint for metadata retrieval
The rhui plugin will now properly obfuscate certain sensitive keys from collections
The composer plugin will now capture /etc/osbuild-composer
Running an ostree fsck is now gated behind the new ostree.fsck plugin option, and not tied to --verify
- Changes from 4.5.0
* Global
Snaps are now created automatically whenever a change is pushed to main. These snaps are available via snapcraft under latest/edge
python3-magic is now a soft dependency, and if not present sos will use a less sophisticated method for determining if a file is binary or not
distutils usage has been fully replaced by setuptools
* Policies
Added support for Anolis OS
Added support for Circle Linux
Added support for OpenCloudOS
When loaded for an sos collect execution, a policy's remote_exec will now directly use the loaded transport's run_command functionality, rather than re-building command strings
The Debian policy has been updated to correctly identify many more and newer Debian versions
Fixed an issue with the RHEL policy that would prevent non-anonymous upload to the failover SFTP server if a case ID was not provided
* Report
A "tag_summary" section has been added to the report manifest.json. This is a dictionary with keys being tags that were created during collection, with values being all files sharing that tag
sos_get_command_output() timeout handling will now properly handle the situation where a command's child process deadlocks but the timeout wrapper was able to kill the parent process, but left the child behind.
Estimate mode for report will now report real disk usage, rather than apparent size
* Plugins
New plugins: containerd, fapolicyd
The kernel plugin will now collect modprobe.d/*conf files
The hpssm plugin will now collect show detail output per array and slot
The crio plugin now supports CoS systems
The dnf plugin will now properly obfuscate password variable values
The flow of plugin code execution has been changed
setup() is now strictly for determining what collections to perform, outside of calls to collect_cmd_output() in order to build further sets of commands
_collect_plugin() is now used to actually perform the collections specfied by setup(). This now includes tailed file collections which were previously part of setup()
collect() can now be used to perform ad-hoc/manual collections that are not strictly part of command output collection. If a plugin needs to manipulate data from commands or system information and then write it out manually (such as with the rpm plugin generating package output), it should now be done inside the collect() method
The composer plugin has been overhauled and updated for the new versions of composer
Enablement triggers have been expanded for the xfs, nvme, firewall_tables, and krb5 plugins
The virsh plugin will now collect more information about the host/hypervisor system
The various ceph_* plugins have been updated to collect the appropriate data for both older and more recent versions of ceph, including traditional installations and those deployed with cephadm
* Collect
Cluster profiles may now directly specify sos options to enforce on per-node report collections
Added a new cluster profile for Red Hat Ceph Storage 5
This new profile may work for other Ceph environments deployed with cephadm, but that is not tested
Added a new saltstack transport
* Cleaner|Mask
The --domains option is now validated for items that look like a domain
Fixed an issue where a file with encoding issues would be aborted by clean, but left in the archive. Files will now either show replaced content or be removed from the archive, rather than being left unobfuscated in any manner
sos will no longer attempt to obfuscate the temp directory the archive is in before moving the archive at the end of cleaning
Added a new parser to support IPv6 obfuscation
-------------------------------------------------------------------
Fri Dec 23 14:34:21 UTC 2022 - ecsos <ecsos@opensuse.org>
- Initial version 4.4
