Merge "Collect logs: aggregate selinux denial patterns"

redhat-openstack · Jun 6, 2018 · d746853 · d746853
2 parents 55c3594 + 38bb529
commit d746853
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/plugins/collect-logs/main.yml b/plugins/collect-logs/main.yml
@@ -35,6 +35,8 @@
       - name: "initialize temp variables"
         set_fact:
             selinux_problems: 0
+            # use list to convert selinux avc denials from all nodes into list of unique patterns from all of them together
+            selinux_problems_list: []
             segfault_problems: 0
             oom_killer_problems: 0
             counted_hosts: "{{ groups['all'] | difference( groups['local'] + (groups['tester'] | default([]) | difference(groups['controller']|default([]))) ) }}"
@@ -44,7 +46,8 @@
 
       - name: "add together all issue counts from all hosts except localhost and tester"
         set_fact:
-            selinux_problems: "{{ selinux_problems | int + ( hostvars[item]['selinux_problems_found'] | default([]) | length ) }}"
+            selinux_problems_list: "{{ selinux_problems_list + (hostvars[item]['selinux_problems_found'] | default([])) }}"
+            selinux_problems: "{{ selinux_problems_list | length }}"
             segfault_problems: "{{ segfault_problems | int + ( hostvars[item]['segfault_problems_found'] | default([]) | length ) }}"
             oom_killer_problems: "{{ oom_killer_problems | int + ( hostvars[item]['oom_killer_problems_found'] | default([]) | length ) }}"
         with_items: "{{ counted_hosts }}"

diff --git a/plugins/collect-logs/tasks/collect_host_logs.yml b/plugins/collect-logs/tasks/collect_host_logs.yml
@@ -181,7 +181,8 @@
 
 - name: Search for AVC denied
   become: yes
-  shell: "! grep -i denied /var/log/audit/audit*"
+  # sed used to replace numeric runtime/instance values, to reduce list of occurencies to their patterns
+  shell: "! (grep -i denied /var/log/audit/* | sed -r 's/audit\\(.*\\): avc/audit(...): avc/; s/(pid|ino)=[0-9]+ /\\1=... /g'|sort -u)"
   register: result
   ignore_errors: yes