[juju] Add plugin option for Juju state reporting #3803
Conversation
|
Congratulations! One of the builds has completed. 🍾 You can install the built RPMs by following these steps:
Please note that the RPMs should be used only in a testing environment. |
|
A couple of very small comments from me. |
|
@MichaelThamm remember to squash all the commits into one and sign it |
MichaelThamm
force-pushed
the
report-juju
branch
from
60d0c0e
to
9d36d66
Compare
MichaelThamm
changed the title
MichaelThamm
changed the title
|
@arif-ali or @jcastill I imagine that I need to obfuscate some of the following information which is included in the "lxd": {
"user": "admin",
"recent-server": IP:Port,
"uuid": "ac03821c-361e-4daf-83c9-a712cd56b8d4",
"api-endpoints": [IP:Port],
"ca-cert": "-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----",
},Is there a need to obfuscate these things or is it just passwords, tokens, keys as mentioned in obfuscate? |
|
@MichaelThamm The IP addresses and endpoints, not so, as they would be typically handled by In terms of the certs, you can get the example of the sunbeam.py plugin, where we just needs |
When I run: However, I do not see results in the This method does not have a filename parameter either. Not sure how to continue with this? |
You can just specify |
Signed-off-by: Michael Thamm <[email protected]>
MichaelThamm
force-pushed
the
report-juju
branch
from
045cef0
to
f389bfa
Compare
|
I think the PR is almost ready for review, but I noticed we have tests for the Juju plugin. Is there any need to update this since the test for scrubbing seems to be sufficient? I also tested the scrubbing for |
| ) | ||
| if controllers_json["status"] == 0: | ||
| desired_controllers = set( | ||
| self.get_option("controllers").split(" ") |
There was a problem hiding this comment.
We generally have plugins use : as a delimiter in plugin options that can take a list (as the use of commas gets murky with argparse and how plugin options are....parsed.
There was a problem hiding this comment.
The only problem with this is for the Juju model synatx it can be:
- The current controller's model ->
model_a - Or it can be a specific controller and model ->
controller_x:model_a
For this reason I chose to split via empty space since models and controllers are not allowed to have spaces in their names according to Juju.
i.e. controller one -> not valid name
Would this be a reasonable exception to the Sos plugin standard?
There was a problem hiding this comment.
If it's an expectation that users would pass something like -k juju.controllers="foo:bar", then yeah it's totally reasonable to use something else. We should just make note of that, ideally in both the plugin option description (for sos report -l output) and the docstring for the plugin (as the docstring gets used in sos help output, e.g. sos help report.plugins.juju - see the kernel plugin docstring for a good example).
|
|
||
| # Specific models | ||
| if self.get_option("models"): | ||
| for model in self.get_option("models").split(" "): |
There was a problem hiding this comment.
Ditto, we prefer plugin options to use : as a delimiter. We may need to add this to the plugin guide, I'll check this shortly.
| if self.get_option("models"): | ||
| for model in self.get_option("models").split(" "): | ||
| command = f"juju status -m {model} --format=json" | ||
| self.collect_cmd_output(command, runas=juju_user) |
There was a problem hiding this comment.
collect_cmd_output() is designed to return the output for further processing, if you don't need to do anything with the output, use add_cmd_output() instead.
| f"juju status -m {controller}:{short_name} " | ||
| f"--format=json" | ||
| ) | ||
| self.collect_cmd_output(command, runas=juju_user) |
There was a problem hiding this comment.
Same here, use add_cmd_output() if you don't need to do anything further with the output.
| if self.get_option("controllers") and self.get_option("models"): | ||
| self._log_warn( | ||
| "Options: controllers, models are mutually exclusive. " | ||
| "Will not collect Juju information." | ||
| ) | ||
| return |
There was a problem hiding this comment.
I'm assuming these are mutually exclusive within the Juju stack, but would we not anticipate some (admittedly niche) use case where an sos end user isn't sure if a particular host is using one or the other, and wants to pass e.g. -k juju.controllers=foo,juju.models=bar to get either without needing to know the specific host configuration? I'm mainly thinking of some sort of automation-driven sos collection here, but I could be way off with that idea.
This change modifies the Juju plugin to optionally capture Juju state (controllers, models, applications, units) information. The capture assumes that
jujuis installed on the machine wheresosis called, and that the juju user has superuser privilege to the current (or requested) controllers.This option is disabled by default because, while the information can be very useful, the collection acts on the live Juju state.
Use the plugin with the feature:
sos report --only-plugin juju -k juju.juju-state=TrueRun with a specific user (who has access to the controllers specified). This defaults to
ubuntu:-k juju.juju-user=super_adminIf necessary, you can filter by controllers or models with cluster options.
-k juju.controllers="controller_a controller_b"-k juju.models="controller_a:model_x controller_b:model_y"If nothing is supplied for either the controllers or models options, the report will include all state information for them respectively.
Please place an 'X' inside each '[]' to confirm you adhere to our Contributor Guidelines