~g.@FSSKrSSKJr SSKJr SSKJr "SS\5rg)N)quote)Cluster) is_executablec^\rSrSrSrSrSrSrSrSr Sr Sr /S Qr \ S 5rS rS rU4S jrSrSrSrSrSrSrSrSrSrSrSrSrU=r$)ocpa' This profile is for use with OpenShift Container Platform (v4) clusters instead of the kubernetes profile. This profile will favor using the `oc` transport type, which means it will leverage a locally installed `oc` binary. This is also how node enumeration is done. To instead use SSH to connect to the nodes, use the '--transport=control_persist' option. Thus, a functional `oc` binary for the user executing sos collect is required. Functional meaning that the user can run `oc` commands with clusterAdmin privileges. If this requires the use of a secondary configuration file, specify that path with the 'kubeconfig' cluster option. This config file will also be used on a single master node to perform API collections if the `with-api` option is enabled (default disabled). If no `kubeconfig` option is given, but `with-api` is enabled, the cluster profile will attempt to use a well-known default kubeconfig file if it is available on the host. Alternatively, provide a clusterAdmin access token either via the 'token' cluster option or, preferably, the SOSOCPTOKEN environment variable. By default, this profile will enumerate only master nodes within the cluster, and this may be changed by overriding the 'role' cluster option. To collect from all nodes in the cluster regardless of role, use the form -c ocp.role=''. Filtering nodes by a label applied to that node is also possible via the label cluster option, though be aware that this is _combined_ with the role option mentioned above. To avoid redundant collections of OCP API information (e.g. 'oc get' commands), this profile will attempt to enable the API collections on only a single master node. If the none of the master nodes have a functional 'oc' binary available, *and* the --no-local option is used, that means that no API data will be collected. zOpenShift Container Platform v4)zopenshift-hyperkubezopenshift-clientsFNzsos-collect-tmp))labelr z3Colon delimited list of labels to select nodes with)rolemasterz*Colon delimited list of roles to filter on) kubeconfigr zPath to the kubeconfig file)tokenr z1Service account token to use for oc authorization)with-apiFz'Collect OCP API data from a master node)api-urlr z.Alternate API URL of an external control-planecUR(GdXSUlURRR5(aURR SURRR S9nUSS:Xad[ RRURRR USR5RS55UlO(URS5 URS US35 URS 5(a'U=RS URS 53- slURS UR35 UR$) Noczwhich oc)chrootstatusroutput/zHUnable to to determine PATH for 'oc' command, node enumeration may fail.zLocating 'oc' failed: r z --kubeconfig zoc base command set to )_oc_cmdprimaryhost in_container run_commandsysrootospathjoinstriplstriplog_warn log_debug get_option)self_oc_paths $DL MM5NN0(1C0DEG|,, 0??<89!;; NN4T\\NC D||c$URSU3$)zSFormat the oc command to optionall include the kubeconfig file if one is specified  )r()r%cmds r' fmt_oc_cmdocp.fmt_oc_cmdfs++au%%r*c URURSURSURS5355nUSS:H$)zHAttempt to login to the API using the oc command using a provided token z.login --insecure-skip-tls-verify=True --token=r,rrr)exec_primary_cmdr.rr$)r%_ress r'_attempt_oc_loginocp._attempt_oc_loginlsU$$ OO''+zzl!#y9:< =  H~""r*c&>[TU]5(agURS5=(d [R"SS5UlUR (aUR 5 URS5nURU5SS:H$)NTr SOSOCPTOKENwhoamirr) super check_enabledr$rgetenvrr3r.r1)r%_who __class__s r'r9ocp.check_enabledwsp 7 " "__W-O=$1O ::  " " $x($$T*8499r*cUR5S:XdgURURS55nUSS:HUlUR(dUR S5 [ S5eUR SURS 35 URURS UR355nUSS:XaUR5 g UR S US 35 [ S5e)z`Create the project that we will be executing in for any nodes' collection via a container image rNzauth can-i '*' '*'rrzWCheck for cluster-admin privileges returned false, cannot create project in OCP clusterzLInsufficient permissions to create temporary collection project. Aborting...z Creating new temporary project ''z new-project TzFailed to create project: rz?Failed to create temporary project for collection. Aborting...) set_transport_typer1r.oc_cluster_adminr# Exceptionlog_infoproject_label_sos_project)r%outrets r'setup ocp.setups&&(D0##DOO4H$IJ #H  2$$ NNC D?@ @ 8aHI## OOl4<<.9 :  x=A   # # % 3CM?CD() )r*c SS/nUHNnURURSURSUS355nUSS:XaM?[SUS 35e g ) zpAdd pertinent labels to the temporary project we've created so that our privileged containers can properly run. z4security.openshift.io/scc.podSecurityLabelSync=falsez-pod-security.kubernetes.io/enforce=privilegedzlabel namespace r,z --overwriterrz!Error applying namespace labels: rN)r1r.rDrB)r%labelsr rGs r'rEocp._label_sos_projectsy C ; E''&t||nAeWLIC x=A%7H Gr*cUR(aURURSUR35SS9nUSS:XdURSUS35 URURSURS 355nUSS:XdURS US35 URURS55 S Ulg![anURS US 35 S nANLS nAff=f)z8Remove the project we created to execute within zdelete project )timeoutrrz"Error deleting temporary project: rzwait namespace/z --for=delete --timeout=30sz3Error waiting for temporary project to be deleted: zAFailed attempting to remove temporary project 'sos-collect-tmp': z. Please manually remove the temporary project.Nzproject defaultT)rDr1r. log_errorrB)r%rGerrs r'cleanup ocp.cleanups" << ++OOodll^$DE,8})NNC99C>c`0nSUS;aURS5R5n0nSH%nURUR55XE'M' UH?nUR5n0X'S'UR 5HupXyX'SU'M MA U$![a M}f=f)aOFrom the output of get_nodes(), construct an easier-to-reference dict of nodes that will be used in determining labels, primary status, etc... :param nodelist: The split output of `oc get nodes` :type nodelist: ``list`` :returns: A dict of nodes with `get nodes` columns as keys :rtype: ``dict`` NAMEr)rrolesversionzos-image)popsplitindexupperrBitems) r%nodelistnodesstatlineidxstatenode_nodecolumnvalues r' _build_dictocp._build_dicts Xa[ ||A,,.HCC!) !>CJD! "$Ah%(YY[MF.3lE(OF+&1!  !s!B B-,B-cdURRS:waURR$[SURRR S9(agUR S5 URRS5 URR(d [S5 g)Nautor)rz]Local installation of 'oc' not found or is not correctly configured. Will use ControlPersist.z=Preferred transport 'oc' not available, will fallback to SSH.z?Press ENTER to continue connecting with SSH, or Ctrl+C toabort.control_persist) opts transportrrrrrCui_logwarningbatchinput)r%s r'r@ocp.set_transport_types 99  & (99&& & t||'8'8'@'@ A G H  K yy   r*c/n0UlSnURS5(a@SRURS5RS55nUS[ U53- nUR UR U55nUSS:XaURS5S :XaURS 5 [URS5RS55nURUS R55UlURR5HDupgU(a'UHnXS ;dM URU5 M/ M3URU5 MF U$S n SUS ;aSn [U 5e)Nzget nodes -o wider ,:z -l rrr r zNOTE: By default, only master nodes are listed. To collect from all/more nodes, override the role option with '-c ocp.role=role1:role2'rrVz'oc' command failedzMissing or incompleteza'oc' failed due to missing kubeconfig on primary node. Specify one via '-c ocp.kubeconfig=') node_dictr$rrYrr1r.r"listrf splitlinesr\appendrB) r%r^r-rKresrV node_namerbr msgs r' get_nodes ocp.get_nodessZ! ??7 # #XXdoog6<>#7#7#9  %=0!LL3!!& LL+$: (C&#h-7EC. r*cURUR;agSH&nX RURS;dM$Us $ g)Nr )r workerrVaddressru)r%rbr s r'set_node_labelocp.set_node_labelsA <>$,,7@@@r*cURS5(aSnU(aSOSnO SnU(aSOSnURRSUSU35 g) aIn earlier versions of sos, the openshift plugin option that is used to toggle the API collections was called `no-oc` rather than `with-api`. This older plugin option had the inverse logic of the current `with-api` option. Use this to toggle the correct plugin option given the node's sos version. Note that the use of version 4.2 here is tied to the RHEL release (the only usecase for this cluster profile) rather than the upstream version given the backports for that downstream. :param node: The node being inspected for API collections :type node: ``SoSNode`` :param use_api: Should this node enable API collections? :type use_api: ``bool`` z4.2-16ronoffzno-ocz openshift.=N)check_sos_versionplugoptsrx)r%rbuse_api_opt_vals r'_toggle_api_optocp._toggle_api_opt*sP"  ! !( + +D"4DD#5D z$q78r*c8URRS5 URS5(dURUS5 gUR(aURUS5 gSnURS5nU(aUR S5(dSU-nU=(d UnSnUR R(aS nURS S S 9(aUS - nURUS3UR RS S9nUSS:XaURUS 5 S UlOUR(a3URURS'URUS 5 S UlORURU5(a<XB:waURRSU35 URUS 5 S UlUR(aGSURS3nURRU5 UR RU5 gg)N openshiftrFzl/host/etc/kubernetes/static-pod-resources/kube-apiserver-certs/secrets/node-kubeconfigs/localhost.kubeconfigr z/hostz/host/rz /host/bin/ocz/root/.kube/configT) need_rootz% --kubeconfig /host/root/.kube/configz whoami) use_containerrrrr6zopenshift.kubeconfig=z%API collections will be performed on z< Note: API collections may extend runtime by 10s of minutes )enable_pluginsrxr$rapi_collect_enabled startswithr containerized file_existsrr sos_env_varsrrsosloginform)r%rb master_kube _optconfig _kubeconfigrcan_ocr{s r'set_primary_optionsocp.set_primary_optionsCs "";/z**  u -   # #  u -'  6J*"7"7"@"@% 2 $3 KGyy&&( ##$8D#IFFG%% &948II4K4K15 &6F h1$$$T40+/(37::!!-0$$T40+/(!!+..-MM((/ }=$$T40+/(''>t||nM##   %   % (r*c(URUS5 g)NF)rrs r'set_node_optionsocp.set_node_optionss T5)r*)rrrurArDr)__name__ __module__ __qualname____firstlineno____doc__ cluster_namepackagesrrrDrAr option_listpropertyr(r.r3r9rHrErRrfr@r|rrrrr__static_attributes__ __classcell__)r<s@r'rrs%N5L;H EGGK2& #:)6&!F< !>A 92;&z**r*r)rshlexrsos.collector.clustersr sos.utilitiesrrr*r'rs! *'p*'p*r*