Merge "Add functionality to sanitize collected logs"
This commit is contained in:
commit
67f931ad16
30
README.rst
30
README.rst
|
@ -200,6 +200,36 @@ of sosreport(s) with this role, create a custom config (you can use
|
||||||
centosci-logs.yml as a template) and ensure that
|
centosci-logs.yml as a template) and ensure that
|
||||||
``artcl_collect_sosreport: true`` is set.
|
``artcl_collect_sosreport: true`` is set.
|
||||||
|
|
||||||
|
|
||||||
|
Sanitizing Log Strings
|
||||||
|
----------------------
|
||||||
|
|
||||||
|
Logs can contain senstive data such as private links and access
|
||||||
|
passwords. The 'collect' task provides an option to replace
|
||||||
|
private strings with sanitized strings to protect private data.
|
||||||
|
|
||||||
|
The 'sanitize_log_strings' task makes use of the Ansible 'replace'
|
||||||
|
module and is enabled by defining a ``sanitize_lines``
|
||||||
|
variable as shown in the example below:
|
||||||
|
|
||||||
|
.. code:: yaml
|
||||||
|
|
||||||
|
---
|
||||||
|
sanitize_lines:
|
||||||
|
- dir_path: '/tmp/{{ inventory_hostname }}/etc/repos/'
|
||||||
|
file_pattern: '*'
|
||||||
|
orig_string: '^(.*)download(.*)$'
|
||||||
|
sanitized_string: 'SANITIZED_STR_download'
|
||||||
|
- dir_path: '/tmp/{{ inventory_hostname }}/home/zuul/'
|
||||||
|
file_pattern: '*'
|
||||||
|
orig_string: '^(.*)my_private_host\.com(.*)$'
|
||||||
|
sanitized_string: 'SANITIZED_STR_host'
|
||||||
|
|
||||||
|
|
||||||
|
The task searches for files containing the sensitive strings
|
||||||
|
(orig_string) within a file path, and then replaces the sensitive
|
||||||
|
strings in those files with the sanitized_string.
|
||||||
|
|
||||||
License
|
License
|
||||||
-------
|
-------
|
||||||
|
|
||||||
|
|
|
@ -69,6 +69,14 @@
|
||||||
chown -R {{ ansible_user }}: /tmp/{{ inventory_hostname }};
|
chown -R {{ ansible_user }}: /tmp/{{ inventory_hostname }};
|
||||||
changed_when: true
|
changed_when: true
|
||||||
|
|
||||||
|
# See README section 'Sanitizing Log Strings'
|
||||||
|
- name: Sanitize logs to remove sensitive details
|
||||||
|
include_tasks: sanitize_log_strings.yaml
|
||||||
|
loop: "{{ sanitize_lines }}"
|
||||||
|
loop_control:
|
||||||
|
loop_var: outer_item
|
||||||
|
when: sanitize_lines is defined and sanitize_lines|length
|
||||||
|
|
||||||
- name: Compress logs to tar.gz
|
- name: Compress logs to tar.gz
|
||||||
shell: >
|
shell: >
|
||||||
chdir=/tmp
|
chdir=/tmp
|
||||||
|
|
|
@ -0,0 +1,14 @@
|
||||||
|
---
|
||||||
|
# See README section 'Sanitizing Log Strings'
|
||||||
|
- name: Sanitize logs to remove senstive details
|
||||||
|
find:
|
||||||
|
paths: "{{ outer_item.dir_path }}"
|
||||||
|
patterns: "{{ outer_item.file_pattern }}"
|
||||||
|
register: files_with_pattern
|
||||||
|
|
||||||
|
- name: Replace orig_string with sanitized_string in the files
|
||||||
|
replace:
|
||||||
|
path: "{{ item.path }}"
|
||||||
|
regexp: "{{ outer_item.orig_string }}"
|
||||||
|
replace: "{{ outer_item.sanitized_string }}"
|
||||||
|
with_items: "{{ files_with_pattern.files }}"
|
Loading…
Reference in New Issue