o id@?@s@ddlZddlmZddlmZddlmZGdddeZdS)N)quote)Cluster) is_executablecseZdZdZdZdZdZdZdZdZ dZ gdZ e d d Z d d Zd dZfddZddZddZddZddZddZddZddZdd Zd!d"Zd#d$Zd%d&ZZS)'ocpa This profile is for use with OpenShift Container Platform (v4) clusters instead of the kubernetes profile. This profile will favor using the `oc` transport type, which means it will leverage a locally installed `oc` binary. This is also how node enumeration is done. To instead use SSH to connect to the nodes, use the '--transport=control_persist' option. Thus, a functional `oc` binary for the user executing sos collect is required. Functional meaning that the user can run `oc` commands with clusterAdmin privileges. If this requires the use of a secondary configuration file, specify that path with the 'kubeconfig' cluster option. This config file will also be used on a single master node to perform API collections if the `with-api` option is enabled (default disabled). If no `kubeconfig` option is given, but `with-api` is enabled, the cluster profile will attempt to use a well-known default kubeconfig file if it is available on the host. Alternatively, provide a clusterAdmin access token either via the 'token' cluster option or, preferably, the SOSOCPTOKEN environment variable. By default, this profile will enumerate only master nodes within the cluster, and this may be changed by overriding the 'role' cluster option. To collect from all nodes in the cluster regardless of role, use the form -c ocp.role=''. Filtering nodes by a label applied to that node is also possible via the label cluster option, though be aware that this is _combined_ with the role option mentioned above. To avoid redundant collections of OCP API information (e.g. 'oc get' commands), this profile will attempt to enable the API collections on only a single master node. If the none of the master nodes have a functional 'oc' binary available, *and* the --no-local option is used, that means that no API data will be collected. zOpenShift Container Platform v4)zopenshift-hyperkubezopenshift-clientsFNzsos-collect-tmp))labelrz3Colon delimited list of labels to select nodes with)rolemasterz*Colon delimited list of roles to filter on) kubeconfigrzPath to the kubeconfig file)tokenrz1Service account token to use for oc authorization)with-apiFz'Collect OCP API data from a master nodecCs|jsWd|_|jjr>|jjd|jjjd}|ddkr0tj|jjj|d d|_n| d| d |d| d rO|jd | d 7_| d |j|jS) Noczwhich oc)chrootstatusroutput/zHUnable to to determine PATH for 'oc' command, node enumeration may fail.zLocating 'oc' failed: %sr z --config %szoc base command set to %s)_oc_cmdprimaryhost in_container run_commandsysrootospathjoinstriplstriplog_warn log_debug get_option)self_oc_pathr"sz!ocp.get_nodes..rrCz'oc' command failedzMissing or incompleteza'oc' failed due to missing kubeconfig on primary node. Specify one via '-c ocp.kubeconfig=') node_dictrrrFrr'r&rrQ splitlinesitemsappendr4) r rJr%r<resrC node_namerNrmsgr"r"r# get_nodess4       z ocp.get_nodescCs:|j|jvrdSdD]}||j|jdvr|Sq dS)Nr)r workerrCaddressr_)r rNrr"r"r#set_node_labels zocp.set_node_labelcCs$|j|jvrdSd|j|jdvS)NFr rCrh)r sosnoder"r"r#check_node_is_primary s zocp.check_node_is_primarycCsD|drd}|r dnd}nd}|rdnd}|jd||fdS)aIn earlier versions of sos, the openshift plugin option that is used to toggle the API collections was called `no-oc` rather than `with-api`. This older plugin option had the inverse logic of the current `with-api` option. Use this to toggle the correct plugin option given the node's sos version. Note that the use of version 4.2 here is tied to the RHEL release (the only usecase for this cluster profile) rather than the upstream version given the backports for that downstream. :param node: The node being inspected for API collections :type node: ``SoSNode`` :param use_api: Should this node enable API collections? :type use_api: ``bool`` z4.2-16r onoffzno-oczopenshift.%s=%sN)check_sos_versionplugoptsrb)r rNuse_api_opt_valr"r"r#_toggle_api_opt%s  zocp._toggle_api_optcCsP|jd|ds||ddS|jr||ddSd}|d}|r0|ds0d|}|p3|}d}|jjrGd }|jd d d rG|d 7}|j d||jjd d}|ddkrc||d d |_n-|j rv|j |j d<||d d |_n||r||ks|j d|||d d |_|jrd|j }|j||j|dSdS)N openshiftr Fzl/host/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/node-kubeconfigs/localhost.kubeconfigr z/hostz/host/r z /host/bin/ocz/root/.kube/configT) need_rootz% --kubeconfig /host/root/.kube/configz %s whoami) use_containerrvrrr*zopenshift.kubeconfig=%szcAPI collections will be performed on %s Note: API collections may extend runtime by 10s of minutes )enable_pluginsrbrrtapi_collect_enabled startswithr containerized file_existsrr sos_env_varsrprisosloginforV)r rN master_kube _optconfig _kubeconfigrcan_ocrer"r"r#set_primary_options>sT            zocp.set_primary_optionscCs||ddS)NF)rt)r rNr"r"r#set_node_options{szocp.set_node_options)__name__ __module__ __qualname____doc__ cluster_namepackagesryr r6r3r option_listpropertyr$r&r)r-r:r7rArQr2rfrjrlrtrr __classcell__r"r"r0r#rs4'   #=r)rpipesrsos.collector.clustersr sos.utilitiesrrr"r"r"r#s