Collect logs: aggregate selinux denial patterns

queria · queria · commit 38bb5296fbe6 · 2018-04-23T17:33:59.000+02:00
As of now we collect list of all avc denial occurencies,
and then count all of them together from all nodes.

That is not the actually intended neither useful value,
as number just scales to topology or test sets,
does not means how many issues to fix there is.

Instead we want to know the total number of individual patterns
of these denials (e.g. service x cannot read file y, not how many times
it happened).

Can be achieved by:
- strip occurence specific values from denials on each machine
  (making sort -u list on each machine)
- build list of all avc from all machines
  (this removes cross machine duplicites)
- reporting just total number of this list
  (not simply adding numbers from all machines together)

Change-Id: I5e2bad416a696028d8906d56e096bc7e783d347f
diff --git a/plugins/collect-logs/main.yml b/plugins/collect-logs/main.yml
@@ -35,6 +35,8 @@
       - name: "initialize temp variables"
         set_fact:
             selinux_problems: 0
+            # use list to convert selinux avc denials from all nodes into list of unique patterns from all of them together
+            selinux_problems_list: []
             segfault_problems: 0
             oom_killer_problems: 0
             counted_hosts: "{{ groups['all'] | difference( groups['local'] + (groups['tester'] | default([]) | difference(groups['controller']|default([]))) ) }}"
@@ -44,7 +46,8 @@
 
       - name: "add together all issue counts from all hosts except localhost and tester"
         set_fact:
-            selinux_problems: "{{ selinux_problems | int + ( hostvars[item]['selinux_problems_found'] | default([]) | length ) }}"
+            selinux_problems_list: "{{ selinux_problems_list + (hostvars[item]['selinux_problems_found'] | default([])) }}"
+            selinux_problems: "{{ selinux_problems_list | length }}"
             segfault_problems: "{{ segfault_problems | int + ( hostvars[item]['segfault_problems_found'] | default([]) | length ) }}"
             oom_killer_problems: "{{ oom_killer_problems | int + ( hostvars[item]['oom_killer_problems_found'] | default([]) | length ) }}"
         with_items: "{{ counted_hosts }}"
diff --git a/plugins/collect-logs/tasks/collect_host_logs.yml b/plugins/collect-logs/tasks/collect_host_logs.yml
@@ -180,7 +180,8 @@
 
 - name: Search for AVC denied
   become: yes
-  shell: "! grep -i denied /var/log/audit/audit*"
+  # sed used to replace numeric runtime/instance values, to reduce list of occurencies to their patterns
+  shell: "! (grep -i denied /var/log/audit/* | sed -r 's/audit\\(.*\\): avc/audit(...): avc/; s/(pid|ino)=[0-9]+ /\\1=... /g'|sort -u)"
   register: result
   ignore_errors: yes
 
