Merge "Add functionality to sanitize collected logs"
This commit is contained in:
commit
67f931ad16
30
README.rst
30
README.rst
|
@ -200,6 +200,36 @@ of sosreport(s) with this role, create a custom config (you can use
|
|||
centosci-logs.yml as a template) and ensure that
|
||||
``artcl_collect_sosreport: true`` is set.
|
||||
|
||||
|
||||
Sanitizing Log Strings
|
||||
----------------------
|
||||
|
||||
Logs can contain senstive data such as private links and access
|
||||
passwords. The 'collect' task provides an option to replace
|
||||
private strings with sanitized strings to protect private data.
|
||||
|
||||
The 'sanitize_log_strings' task makes use of the Ansible 'replace'
|
||||
module and is enabled by defining a ``sanitize_lines``
|
||||
variable as shown in the example below:
|
||||
|
||||
.. code:: yaml
|
||||
|
||||
---
|
||||
sanitize_lines:
|
||||
- dir_path: '/tmp/{{ inventory_hostname }}/etc/repos/'
|
||||
file_pattern: '*'
|
||||
orig_string: '^(.*)download(.*)$'
|
||||
sanitized_string: 'SANITIZED_STR_download'
|
||||
- dir_path: '/tmp/{{ inventory_hostname }}/home/zuul/'
|
||||
file_pattern: '*'
|
||||
orig_string: '^(.*)my_private_host\.com(.*)$'
|
||||
sanitized_string: 'SANITIZED_STR_host'
|
||||
|
||||
|
||||
The task searches for files containing the sensitive strings
|
||||
(orig_string) within a file path, and then replaces the sensitive
|
||||
strings in those files with the sanitized_string.
|
||||
|
||||
License
|
||||
-------
|
||||
|
||||
|
|
|
@ -69,6 +69,14 @@
|
|||
chown -R {{ ansible_user }}: /tmp/{{ inventory_hostname }};
|
||||
changed_when: true
|
||||
|
||||
# See README section 'Sanitizing Log Strings'
|
||||
- name: Sanitize logs to remove sensitive details
|
||||
include_tasks: sanitize_log_strings.yaml
|
||||
loop: "{{ sanitize_lines }}"
|
||||
loop_control:
|
||||
loop_var: outer_item
|
||||
when: sanitize_lines is defined and sanitize_lines|length
|
||||
|
||||
- name: Compress logs to tar.gz
|
||||
shell: >
|
||||
chdir=/tmp
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
---
|
||||
# See README section 'Sanitizing Log Strings'
|
||||
- name: Sanitize logs to remove senstive details
|
||||
find:
|
||||
paths: "{{ outer_item.dir_path }}"
|
||||
patterns: "{{ outer_item.file_pattern }}"
|
||||
register: files_with_pattern
|
||||
|
||||
- name: Replace orig_string with sanitized_string in the files
|
||||
replace:
|
||||
path: "{{ item.path }}"
|
||||
regexp: "{{ outer_item.orig_string }}"
|
||||
replace: "{{ outer_item.sanitized_string }}"
|
||||
with_items: "{{ files_with_pattern.files }}"
|
Loading…
Reference in New Issue