Hi! I'm from the team that develops ABRT [1], the Automatic Bug Reporting Tool that is currently used in Fedora and RH Enterprise Linux. ABRT can detect several types of application problems (e.g. binary segfaults, uncaught python exceptions, ...), collect related data, and more or less automatically report them somewhere.
For the detected crashes, ABRT can send something called uReport [2], a small, machine-friendly report that doesn't necessarily contain enough information to fix the underlying problem but can be useful to determine whether similar problem happened before and to maintain crash statistics. These reports can be collected by ABRT server (called "FAF" in some places) - Fedora users send them to the instance located here [3]. What we would like to do is to provide a Foreman plugin that would associate to every Foreman-managed machine the uReports the machine sent. The reports would then be displayed in the web interface so that the administrator can see if something bad is going on on their machine. We're not familiar with Foreman and still trying to figure out how would this integration work. After a quick discussion with Foreman guys in Red Hat Brno office, we've identified two design problems: 1. How should Foreman and ABRT server interact ---------------------------------------------- We were able to come up with two scenarios: A) uReports are collected by ABRT server deployed by the administrator. Upon receiving a report, the ABRT server notifies Foreman (or Foreman can periodically ask the ABRT server for new reports). Foreman communicates with ABRT server using some kind of REST API. * machine authentication has to be handled by ABRT server * ABRT server has to provide suitable API * not necessary to duplicate ABRT server code in Foreman B) uReports are collected by Foreman, or some kind of proxy written for this purpose. The reports can be browsed in Foreman and can be forwarded to ABRT server instance, either automatically or after the administrator manually accepts the report. The report can be forwarded to ABRT server run by the administrator, or it can be forwarded to the instance managed by Fedora/Red Hat/etc. * Foreman handles machine authentication * administrator can benefit from this without deploying their own ABRT server * subset of the ABRT server functionality would have to be implemented by the Foreman plugin/proxy 2. Machine authentication ------------------------- uReports were originally designed to allow anonymous reporting, mainly for Fedora users. They only contain data that are not considered sensitive and we currently have no way to find out where did an uReport come from. While we could just add an item containing e.g. FQDN to the uReport, such information can be easily spoofed. Can we take advantage of the fact that there already exists authentication between the managed machines and Foreman (or Puppet?)? I'll be grateful for your thoughts on this subject. Cheers, Martin [1] https://github.com/abrt [2] https://github.com/abrt/faf/wiki/uReport#ureport2 [3] https://retrace.fedoraproject.org/faf/summary/
