Additional LUKS/Clevis info for block.py

[cbrashaw]

This is a feature request. Would like to propose gathering the following additional LUKS/NBDE data/configs via block.py:

        lsblk = self.collect_cmd_output("lsblk -f -a -l")
        # for LUKS devices, collect luksDump, clevis policies, and crypttab file.
        if lsblk['status'] == 0:
            for line in lsblk['output'].splitlines():
                if 'crypto_LUKS' in line:
                    dev = line.split()[0]
                    self.add_cmd_output('cryptsetup luksDump /dev/%s' % dev)
                    self.add_cmd_output('clevis luks list -d /dev/%s' % dev)
                    self.add_copy_spec('/etc/crypttab')

We always need to get the /etc/crypttab file, and quite often the clevis NBDE policy info when diagnosing issues with LUKS/NBDE; it would be great to gather the additional information on initial run of sosreport (without having to specifically gather by hand).

                self.add_cmd_output('clevis luks list -d /dev/%s' % dev)
                self.add_copy_spec('/etc/crypttab')

[TurboTurtle]

We can add that command to the collection loop, sure.

We can also collect /etc/crypttab however we wouldn't be cating it, we just copy the file directly and it wouldn't be as part of the LUKS loop. If you're wanting to make a PR yourself, the method to use here is add_copy_spec().

[cbrashaw]

Excellent! Thank you for the guidance!

On Wed, Nov 10, 2021 at 4:40 PM Jake Hunsaker @.***> wrote:

We can add that command to the collection loop, sure.

We can also collect /etc/crypttab however we wouldn't be cating it, we just copy the file directly and it wouldn't be as part of the LUKS loop. If you're wanting to make a PR yourself, the method to use here add_copy_spec().

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/sosreport/sos/issues/2755#issuecomment-965841776, or unsubscribe https://github.com/notifications/unsubscribe-auth/AL63NL2Z36U6HVEJZW46KD3ULL7E7ANCNFSM5HZAXQFQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

-- Kind Regards,

Christopher Bradshaw, RHCE

Senior Technical Support Engineer

@.***

(972) 892-4536

Denver, CO

Red Hat https://www.redhat.com/ https://red.ht/sig

[cbrashaw]

Thanks again, based on your guidance I've added it to the self.add_copy_spec in the block.py and is working as expected with 6, 7. and 8. I just extended the above which was present in the module (if that's ok)?

On Wed, Nov 10, 2021 at 4:40 PM Jake Hunsaker @.***> wrote:

We can add that command to the collection loop, sure.

We can also collect /etc/crypttab however we wouldn't be cating it, we just copy the file directly and it wouldn't be as part of the LUKS loop. If you're wanting to make a PR yourself, the method to use here add_copy_spec().

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/sosreport/sos/issues/2755#issuecomment-965841776, or unsubscribe https://github.com/notifications/unsubscribe-auth/AL63NL2Z36U6HVEJZW46KD3ULL7E7ANCNFSM5HZAXQFQ . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

-- Kind Regards,

Christopher Bradshaw, RHCE

Senior Technical Support Engineer

@.***

(972) 892-4536

Denver, CO

Red Hat https://www.redhat.com/ https://red.ht/sig

[cbrashaw]

Added a pull request (PR #2756) Thank again!