#!/bin/bash

# :vim:sw=2:ts=2:et:

export LC_ALL=C

export SCLNAME=ruby193

usage() {

cat <<USAGE

$0 - configuration and log data collector

USAGE: $0 [options]

Collects configuration and log data for Foreman, Smart Proxies, backend

services and system information while removing security information like

passwords, tokens and keys.

This program can be used on Foreman instance, Smart Proxy instances or

backend services separatly.

OPTIONS:

-d DIR Directory to place the tarball in (default /tmp/foreman-XYZ)

-g Skip generic info (CPU, memory, firewall etc.)

-a Do not generate a tarball from the resulting directory

-m NUM Maximum lines to keep for each file (default 5000)

-j PRG Filter with provided program when creating a tarball

-p Additionally print password patterns being filtered out

-q Quiet mode

-v Verbose mode

-h Shows this message

USAGE

}

# filter for patterns like password=XYZ or secret: abc!@#$123

FILTER_WORDS=(

password

PASSWORD

default_password

secret

token

api_token

oauth_secret

keystorePass

truststorePass

)

FILTER_WORDS_STR=$(IFS=$'|'; echo "${FILTER_WORDS[*]}")

FILTER="s/($FILTER_WORDS_STR)(\s*[:=]\s*)\S+/\1\2\*\*\*\*\*/g"

error() {

echo $* >&2

}

qprintf() {

[ $QUIET -ne 1 ] && printf "$@"

}

printv() {

[ $QUIET -ne 1 ] && [ $VERBOSE -eq 1 ] && echo $*

}

# add outout of the command and redirect possible errors there

add_cmd() {

CMD=$1

OUT=$2

printv " - $OUT"

echo -e "COMMAND> $CMD\n" > "$DIR/$OUT"

eval $CMD >> "$DIR/$OUT" 2>&1

}

# add and filter if it is a non zero, readable, regular file or symlink (skip otherwise)

add_files() {

for FILE in $*; do

if [ \( -f "$FILE" -o -h "$FILE" \) -a \( -r "$FILE" -a -s "$FILE" \) ]; then

printv " - $FILE"

SUBDIR=$(dirname $FILE)

[ ! -d "$DIR$SUBDIR" ] && mkdir -p "$DIR$SUBDIR"

tail -n "$MAXLINES" "$FILE" | sed -r "$FILTER" > "$DIR$FILE"

[ $PRINTPASS -eq 1 ] && grep -E "($FILTER_WORDS_STR)" "$DIR$FILE"

fi

done

}

DIR=""

NOGENERIC=0

NOTAR=0

MAXLINES=5000

COMPRESS=""

PRINTPASS=0

QUIET=0

VERBOSE=0

DEBUG=0

if type -p xz >/dev/null; then

COMPRESS="xz -9"

EXTENSION=".xz"

elif type -p bzip2 >/dev/null; then

COMPRESS="bzip2 -9"

EXTENSION=".bz2"

elif type -p gzip >/dev/null; then

COMPRESS="gzip -9"

EXTENSION=".gz"

else

COMPRESS="cat"

EXTENSION=""

fi

while getopts "d:gam:j:qpvhx" opt; do

case $opt in

d)

DIR="$OPTARG"

;;

g)

NOGENERIC=1

;;

a)

NOTAR=1

;;

p)

PRINTPASS=1

;;

q)

QUIET=1

;;

v)

VERBOSE=1

;;

m)

MAXLINES="$OPTARG"

;;

j)

COMPRESS="$OPTARG"

EXTENSION=".$(echo "$OPTARG" | awk '{ print $1 }')"

;;

x)

# this option is not docummented - use for extra output,

# skip slow items and to disable root check

DEBUG=1

;;

h)

usage

exit

;;

?)

error "Invalid option: $OPTARG"

usage

exit

;;

esac

done

[ $DEBUG -eq 0 -a $EUID -ne 0 ] && error "This script must be run as root" && exit 1

# determine distribution family

if [ -f /etc/debian_version ]; then

OS=debian

OS_RELEASE=$(head -n1 /etc/debian_version)

elif [ -f /etc/redhat-release ]; then

OS=redhat

OS_RELEASE=$(head -n1 /etc/redhat-release)

elif type -p lsb_release >/dev/null; then

OS=$(lsb_release -si 2>/dev/null)

OS_RELEASE=$(lsb_release -sr 2>/dev/null)

elif type -p rpm >/dev/null; then

OS=$(rpm -q --whatprovides redhat-release --queryformat '%{NAME}')

OS_RELEASE=$(rpm -q --whatprovides redhat-release --queryformat '%{VERSION}')

else

OS=$(uname -s)

OS_RELEASE="Unknown"

fi

printv "Determined $OS distribution"

if [ -z "$DIR" ]; then

DIR=$(mktemp -d foreman-debug-XXXXX -p /tmp)

[ "$NOTAR" -eq 0 ] && trap "rm -rf $DIR" EXIT

else

[ ! -d "$DIR" ] && mkdir -p "$DIR"

fi

printv "Directory $DIR created"

TARBALL="$DIR.tar$EXTENSION"

# GENERIC ARTIFACTS

if [ $NOGENERIC -eq 0 ]; then

printv "Collecting generic system information"

add_cmd "date" "date"

add_cmd "lsb_release -a" "lsb_release"

add_cmd "uname -a" "uname"

add_cmd "cat /proc/cpuinfo" "cpuinfo"

add_cmd "cat /proc/meminfo" "meminfo"

add_cmd "ulimit -a" "ulimit"

add_cmd "lsmod" "lsmod"

add_cmd "iptables -L -v -n" "iptables"

add_cmd "ifconfig -a" "ifconfig"

add_cmd "route -n" "route"

add_cmd "netstat -tulpn" "netstat"

add_cmd "ip a" "ip_a"

add_cmd "ip r" "ip_r"

add_cmd "ss -tulpn" "ss"

add_cmd "cat /etc/hosts" "hosts"

add_cmd "ping -c1 -W1 localhost" "ping_localhost"

add_cmd "ping -c1 -W1 $(hostname)" "ping_hostname"

add_cmd "ping -c1 -W1 $(hostname -f)" "ping_hostname_full"

add_files "/var/log/messages"

if [ "$OS" = "redhat" ]; then

[ $DEBUG -eq 0 ] && add_cmd "rpm -qa" "installed_packages"

elif [ "$OS" = "debian" ]; then

[ $DEBUG -eq 0 ] && add_cmd "dpkg --list" "installed_packages"

fi

fi

# FOREMAN RELATED ARTIFACTS

printv "Collecting Foreman-related information"

add_cmd "ruby --version" "version_ruby"

add_cmd "puppet --version" "version_puppet"

add_cmd "gem list" "gem_list"

add_cmd "scl enable $SCLNAME 'gem list'" "gem_list_scl"

add_cmd "bundle --local --gemfile=/usr/share/foreman/Gemfile" "bundle_list"

add_cmd "scl enable $SCLNAME 'bundle --local --gemfile=/usr/share/foreman/Gemfile'" "bundle_list_scl"

add_cmd "facter" "facts"

add_files /etc/foreman{,-proxy}/* /var/log/foreman{,-proxy,-installer}/*.log

add_files /usr/share/foreman/Gemfile*

add_files /etc/dhcp/*.conf /var/lib/dhcp/*.leases

add_files /etc/xinetd.d/tftp

[ -d "/tftpboot" ] && add_cmd "find /tftpboot -exec ls -ld {} +" "tftpboot_tree"

[ -d "/srv/tftp" ] && add_cmd "find /srv/tftp -exec ls -ld {} +" "tftpboot_tree"

[ -d "/var/lib/tftpboot" ] && add_cmd "find /var/lib/tftpboot -exec ls -ld {} +" "tftpboot_tree"

add_files /etc/named.conf /var/log/named.log

add_files /var/named/* /var/named/{data,dynamic,slaves}/*

add_cmd "virsh list" "virsh_list"

add_files /etc/libvirt/* /etc/libvirt/storage/* /etc/libvirt/qemu/* /etc/libvirt/qemu/networks

add_files /var/lib/pgsql/data/*.conf

add_files /etc/puppet/*.conf /etc/puppet/rack/* /etc/puppet/manifests/* /var/log/puppet/*.log

add_files /var/lib/puppet/ssl/certs/$(hostname -f).pem /var/lib/puppet/ssl/certs/ca.pem

add_files /etc/puppet/ssl/ca/inventory.txt /var/lib/puppet/ssl/ca/inventory.txt

add_cmd "find /etc/puppet/modules -exec ls -ld {} +" "puppet_manifests_tree"

add_files /etc/{httpd,apache2}/conf/*

add_files /etc/{httpd,apache2}/conf.d/*

add_files /var/log/{httpd,apache2}/*error_log

add_cmd "echo \"select id,name,value from settings where name not like '%pass'\" | su postgres -c 'psql foreman'" "foreman_settings_table"

add_cmd "echo 'select type,name,host,port,account,base_dn,attr_login,onthefly_register,tls from auth_sources' | su postgres -c 'psql foreman'" "foreman_auth_table"

add_files /etc/{sysconfig,default}/foreman{,-proxy}

add_files /etc/{sysconfig,default}/dhcp*

add_files /etc/sysconfig/named /etc/default/bind

add_files /etc/{sysconfig,default}/libvirt*

add_files /etc/sysconfig/pgsql

add_cmd "foreman-rake plugins" "plugin_list"

qprintf "\n\n"

qprintf "%10s %s\n" "HOSTNAME:" "$(hostname -f 2>/dev/null)"

qprintf "%10s %s\n" "OS:" "$OS"

qprintf "%10s %s\n" "RELEASE:" "$OS_RELEASE"

qprintf "%10s %s\n" "FOREMAN:" "$(cat /usr/share/foreman/VERSION 2>/dev/null)"

qprintf "%10s %s\n" "RUBY:" "$(ruby --version 2>/dev/null)"

qprintf "%10s %s\n" "PUPPET:" "$(puppet --version 2>/dev/null)"

qprintf "\n\n"

if [ "$NOTAR" -eq 0 ]; then

pushd "$DIR" >/dev/null

tar -c . 2>/dev/null | $COMPRESS > "$TARBALL"

popd >/dev/null

qprintf "%s: %s\n\n" "A debug file has been created" "$TARBALL ($(stat -c %s "$TARBALL") bytes)"

else

qprintf "%s: %s\n\n" "A debug directory has been created" "$DIR"

fi