Merge "Collect logs: aggregate selinux denial patterns"

Author: obaranov

plugins/collect-logs/main.yml

@@ -35,6 +35,8 @@
       - name: "initialize temp variables"
         set_fact:
             selinux_problems: 0
+            # use list to convert selinux avc denials from all nodes into list of unique patterns from all of them together
+            selinux_problems_list: []
             segfault_problems: 0
             oom_killer_problems: 0
             counted_hosts: "{{ groups['all'] | difference( groups['local'] + (groups['tester'] | default([]) | difference(groups['controller']|default([]))) ) }}"
@@ -44,7 +46,8 @@
 
       - name: "add together all issue counts from all hosts except localhost and tester"
         set_fact:
-            selinux_problems: "{{ selinux_problems | int + ( hostvars[item]['selinux_problems_found'] | default([]) | length ) }}"
+            selinux_problems_list: "{{ selinux_problems_list + (hostvars[item]['selinux_problems_found'] | default([])) }}"
+            selinux_problems: "{{ selinux_problems_list | length }}"
             segfault_problems: "{{ segfault_problems | int + ( hostvars[item]['segfault_problems_found'] | default([]) | length ) }}"
             oom_killer_problems: "{{ oom_killer_problems | int + ( hostvars[item]['oom_killer_problems_found'] | default([]) | length ) }}"
         with_items: "{{ counted_hosts }}"

plugins/collect-logs/tasks/collect_host_logs.yml

@@ -181,7 +181,8 @@
 
 - name: Search for AVC denied
   become: yes
-  shell: "! grep -i denied /var/log/audit/audit*"
+  # sed used to replace numeric runtime/instance values, to reduce list of occurencies to their patterns
+  shell: "! (grep -i denied /var/log/audit/* | sed -r 's/audit\\(.*\\): avc/audit(...): avc/; s/(pid|ino)=[0-9]+ /\\1=... /g'|sort -u)"
   register: result
   ignore_errors: yes