[juju] Add plugin option for Juju state reporting #3803
Conversation
|
Congratulations! One of the builds has completed. 🍾 You can install the built RPMs by following these steps:
Please note that the RPMs should be used only in a testing environment. |
|
A couple of very small comments from me. |
|
@MichaelThamm remember to squash all the commits into one and sign it |
MichaelThamm
force-pushed
the
report-juju
branch
from
60d0c0e
to
9d36d66
Compare
MichaelThamm
changed the title
MichaelThamm
changed the title
|
@arif-ali or @jcastill I imagine that I need to obfuscate some of the following information which is included in the "lxd": {
"user": "admin",
"recent-server": IP:Port,
"uuid": "ac03821c-361e-4daf-83c9-a712cd56b8d4",
"api-endpoints": [IP:Port],
"ca-cert": "-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----",
},Is there a need to obfuscate these things or is it just passwords, tokens, keys as mentioned in obfuscate? |
|
@MichaelThamm The IP addresses and endpoints, not so, as they would be typically handled by In terms of the certs, you can get the example of the sunbeam.py plugin, where we just needs |
When I run: However, I do not see results in the This method does not have a filename parameter either. Not sure how to continue with this? |
You can just specify |
Signed-off-by: Michael Thamm <[email protected]>
MichaelThamm
force-pushed
the
report-juju
branch
from
045cef0
to
f389bfa
Compare
|
I think the PR is almost ready for review, but I noticed we have tests for the Juju plugin. Is there any need to update this since the test for scrubbing seems to be sufficient? I also tested the scrubbing for |
| ) | ||
| if controllers_json["status"] == 0: | ||
| desired_controllers = set( | ||
| self.get_option("controllers").split(" ") |
There was a problem hiding this comment.
We generally have plugins use : as a delimiter in plugin options that can take a list (as the use of commas gets murky with argparse and how plugin options are....parsed.
There was a problem hiding this comment.
The only problem with this is for the Juju model synatx it can be:
- The current controller's model ->
model_a - Or it can be a specific controller and model ->
controller_x:model_a
For this reason I chose to split via empty space since models and controllers are not allowed to have spaces in their names according to Juju.
i.e. controller one -> not valid name
Would this be a reasonable exception to the Sos plugin standard?
There was a problem hiding this comment.
If it's an expectation that users would pass something like -k juju.controllers="foo:bar", then yeah it's totally reasonable to use something else. We should just make note of that, ideally in both the plugin option description (for sos report -l output) and the docstring for the plugin (as the docstring gets used in sos help output, e.g. sos help report.plugins.juju - see the kernel plugin docstring for a good example).
There was a problem hiding this comment.
I guess there is no reason why we couldn't use a colon delimiter for the controllers option. However, it is required for the models option (as I mentioned above) so I think it makes sense to be consistent within the scope of this plugin to keep the white-space delimiter rather than colon. What do you think?
There was a problem hiding this comment.
I added a docstring and the PluginOpts have description args. Is this enough to show up in the sos report -l output? I tested this locally and I could not get my Juju plugin options to show up in this output and I have no idea why.
There was a problem hiding this comment.
This is what I get when I run your changes:
# bin/sos report -l | grep juju
juju Juju orchestration tool
juju.juju-state off Include Juju state in the report
juju.juju-user ubuntu Juju client user.
juju.controllers Collect Juju state for specified controllers. Uses a whitespace delimited list.
juju.models Collect Juju state for specified models. Uses a whitespace delimited list.
And this is what I get when running sos help:
Plugin Options
These options may be toggled or changed using '-k juju.option_name=$value'
Option Name Default Description
juju-state False/Off Include Juju state in the report
juju-user ubuntu Juju client user.
controllers None/Unset Collect Juju state for specified controllers. Uses a
whitespace delimited list.
models None/Unset Collect Juju state for specified models. Uses a whitespace
delimited list.
There was a problem hiding this comment.
Regarding why the options are not showing up in the output locally, perhaps it's because the machine where you are running doesn't have the /var/log/juju file present? Since that's the activation condition for this plugin:
files = ('/var/log/juju',)
As far as I understand it, if it's not present then the plugin should show as inactive and the options won't be printed.
|
|
||
| # Specific models | ||
| if self.get_option("models"): | ||
| for model in self.get_option("models").split(" "): |
There was a problem hiding this comment.
Ditto, we prefer plugin options to use : as a delimiter. We may need to add this to the plugin guide, I'll check this shortly.
| if self.get_option("controllers") and self.get_option("models"): | ||
| self._log_warn( | ||
| "Options: controllers, models are mutually exclusive. " | ||
| "Will not collect Juju information." | ||
| ) | ||
| return |
There was a problem hiding this comment.
I'm assuming these are mutually exclusive within the Juju stack, but would we not anticipate some (admittedly niche) use case where an sos end user isn't sure if a particular host is using one or the other, and wants to pass e.g. -k juju.controllers=foo,juju.models=bar to get either without needing to know the specific host configuration? I'm mainly thinking of some sort of automation-driven sos collection here, but I could be way off with that idea.
There was a problem hiding this comment.
According to the the Juju CLI:
juju status --help
-m, --model (= "")
Model to operate in. Accepts [<controller name>:]<model name>|<model UUID>
There is no controller option elsewhere so I think it is reasonable to be opinionated and keep the 2 options mutually exclusive. As an added bonus, this simplifies the logic in the plugin.
Note: I tested this with model UUID and model name. Both work fine.
|
@MichaelThamm remember to squash the three commits into one, and to sign the commit (that is what's causing the DCO failure). |
This change modifies the Juju plugin to optionally capture Juju state (controllers, models, applications, units) information. The capture assumes that
jujuis installed on the machine wheresosis called, and that the juju user has superuser privilege to the current (or requested) controllers.This option is disabled by default because, while the information can be very useful, the collection acts on the live Juju state.
Use the plugin with the feature:
sos report --only-plugin juju -k juju.juju-state=TrueRun with a specific user (who has access to the controllers specified). This defaults to
ubuntu:-k juju.juju-user=super_adminIf necessary, you can filter by controllers or models with cluster options.
-k juju.controllers="controller_a controller_b"-k juju.models="controller_a:model_x controller_b:model_y"If nothing is supplied for either the controllers or models options, the report will include all state information for them respectively.
Please place an 'X' inside each '[]' to confirm you adhere to our Contributor Guidelines