-
Notifications
You must be signed in to change notification settings - Fork 545
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[collect] Fails for the local node when using --nopasswd-sudo #3827
Comments
jcastill
added a commit
to jcastill/sos
that referenced
this issue
Nov 1, 2024
While parsing the output of 'sos report -l', we were attempting to split an empty line, and getting the following exception: [<ip address>:_regex_sos_help] Error parsing sos help: list index out of range Related: sosreport#3827 Signed-off-by: Jose Castillo <[email protected]>
This was referenced Nov 1, 2024
jcastill
added a commit
to jcastill/sos
that referenced
this issue
Nov 1, 2024
While parsing the output of 'sos report -l', we were attempting to split an empty line, and getting the following exception: [<ip address>:_regex_sos_help] Error parsing sos help: list index out of range Related: sosreport#3827 Signed-off-by: Jose Castillo <[email protected]>
jcastill
added a commit
to jcastill/sos
that referenced
this issue
Nov 3, 2024
While parsing the output of 'sos report -l', we were attempting to split an empty line, and getting the following exception: [<ip address>:_regex_sos_help] Error parsing sos help: list index out of range Related: sosreport#3827 Signed-off-by: Jose Castillo <[email protected]>
TurboTurtle
pushed a commit
that referenced
this issue
Nov 7, 2024
While parsing the output of 'sos report -l', we were attempting to split an empty line, and getting the following exception: [<ip address>:_regex_sos_help] Error parsing sos help: list index out of range Related: #3827 Signed-off-by: Jose Castillo <[email protected]>
TrevorBenson
added a commit
to TrevorBenson/sos
that referenced
this issue
Nov 15, 2024
Resolves: sosreport#3827 Resolves: sosreport#3828 Signed-off-by: Trevor Benson <[email protected]>
6 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Problem
Executing sos collect results in failures on the local node executing
sos collect
via sudo.sudo sos collect --nopasswd-sudo --ssh-key /etc/project/id_edd2519 --ssh-user project-user --nodes 172.31.100.121,172.31.100.85 -o block
When project-user executes
sudo sos report
directly on either system1 or system2 a valid sos archive is created in/var/tmp
.Environment Details
The environment has 2 nodes hardened with no direct shell access to root. Executing
sos report
, orsos collect
requires usingsudo
. The project-user account exists on both nodes and has sudoers permissions to runsos
.The public ssh key
/etc/project/id_edd2519.pub
is part of/home/project-user/.ssh/authorized_keys
on both system1 and system2.Sudoers Configuration
Additional Details
Checking the sos_logs/sos.log it mentions something wrong with the account password even when using
--nopasswd-sudo
and having confirmed that sudo works perfectly fine without a password request to executesudo sos report
on either system:The project-user's password has not expired:
However, the hardening of the systems does appear to set the root user to have an expired password:
This is identical for both system1 and system2. The only time this seems to be an issue is when
sos collect
attempts to collect the report from the "local" (collector) node. Whenever this same configuration is found on the remote node there is no issue with using--nopasswd-sudo
.Extra Tests
Combinations of the following flags:
--batch
--nopasswd-sudo
--no-local
--nodes
including the IP of the local (collector) system1 (normally excluded and relying on local collection)--no-local
including the IP of system1 still gets filtered out instead of attempting to "loopback" ssh to itself.Using system2 to attempt collection.
The text was updated successfully, but these errors were encountered: