Hello Alon Bar-Lev,
I'd like you to do a code review. Please visit
http://gerrit.ovirt.org/22182
to review the following change.
Change subject: packaging: setup: update firewall for all services
......................................................................
packaging: setup: update firewall for all services
Update the firewall for websocket_proxy and postgresql not only during
setup.
Always ask whether to update the firewall and do not keep the answer
in the postinstall answer file, to allow users to keep their manual
changes on upgrades.
Output manual configuration instructions only for supported firewall
managers.
Bug-Url: https://bugzilla.redhat.com/1024707
Bug-Url: https://bugzilla.redhat.com/1029020
Bug-Url: https://bugzilla.redhat.com/1023316
Change-Id: If3c1a634b2e8539ebd604205b5487290c8d8a1a9
Signed-off-by: Yedidyah Bar David <[email protected]>
Signed-off-by: Alon Bar-Lev <[email protected]>
---
M packaging/setup/ovirt_engine_setup/constants.py
A packaging/setup/ovirt_engine_setup/firewall_manager_base.py
A packaging/setup/plugins/ovirt-engine-common/network/__init__.py
A packaging/setup/plugins/ovirt-engine-common/network/firewall_manager.py
A
packaging/setup/plugins/ovirt-engine-common/network/firewall_manager_firewalld.py
A packaging/setup/plugins/ovirt-engine-common/network/firewall_manager_human.py
A
packaging/setup/plugins/ovirt-engine-common/network/firewall_manager_iptables.py
A
packaging/setup/plugins/ovirt-engine-common/network/process_firewalld_services.py
M packaging/setup/plugins/ovirt-engine-remove/network/__init__.py
A packaging/setup/plugins/ovirt-engine-remove/network/firewall_manager.py
D packaging/setup/plugins/ovirt-engine-remove/network/firewalld.py
M packaging/setup/plugins/ovirt-engine-setup/config/websocket_proxy.py
M packaging/setup/plugins/ovirt-engine-setup/legacy/__init__.py
D packaging/setup/plugins/ovirt-engine-setup/legacy/firewall_manager.py
M packaging/setup/plugins/ovirt-engine-setup/network/firewall_manager.py
M packaging/setup/plugins/ovirt-engine-setup/provisioning/postgres.py
16 files changed, 954 insertions(+), 393 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/82/22182/1
diff --git a/packaging/setup/ovirt_engine_setup/constants.py
b/packaging/setup/ovirt_engine_setup/constants.py
index 7031272..d2d9519 100644
--- a/packaging/setup/ovirt_engine_setup/constants.py
+++ b/packaging/setup/ovirt_engine_setup/constants.py
@@ -530,10 +530,10 @@
DB_CONNECTION_AVAILABLE = 'osetup.db.connection.available'
DB_SCHEMA = 'osetup.db.schema'
NET_FIREWALL_MANAGER_AVAILABLE = 'osetup.net.firewallmanager.available'
- NET_FIREWALL_MANAGER_PROCESS_TEMPLATES = \
- 'osetup.net.firewallmanager.templates.available'
CONFIG_DB_CREDENTIALS = 'osetup.config.database.credentials'
CONFIG_PROTOCOLS_CUSTOMIZATION = 'osetup.config.protocols.customization'
+ CONFIG_WEBSOCKET_PROXY_CUSTOMIZATION = \
+ 'setup.config.websocket-proxy.customization'
CONFIG_DB_ENCRYPTION_AVAILABLE = 'osetup.config.encryption.available'
CONFIG_APPLICATION_MODE_AVAILABLE = \
'osetup.config.applicationMode.available'
@@ -582,6 +582,8 @@
RENAME_PKI_CONF_MISC = 'osetup.rename.pki.conf.misc'
MEMORY_CHECK = 'osetup.memory.check'
+ KEEP_ONLY_VALID_FIREWALL_MANAGERS = \
+ 'osetup.keep.only.valid.firewall.managers'
@util.export
@@ -631,6 +633,9 @@
ACTION_REMOVE = 'cleanup'
ACTION_UPGRADE = 'upgrade'
ACTION_RENAME = 'rename'
+ FIREWALL_MANAGER_HUMAN = 'skip'
+ FIREWALL_MANAGER_IPTABLES = 'iptables'
+ FIREWALL_MANAGER_FIREWALLD = 'firewalld'
@util.export
@@ -922,6 +927,16 @@
def FIREWALL_MANAGER(self):
return 'OVESETUP_CONFIG/firewallManager'
+ @osetupattrs(
+ answerfile=True,
+ summary=True,
+ description=_('Update Firewall'),
+ )
+ def UPDATE_FIREWALL(self):
+ return 'OVESETUP_CONFIG/updateFirewall'
+
+ FIREWALL_MANAGERS = 'OVESETUP_CONFIG/firewallManagers'
+ VALID_FIREWALL_MANAGERS = 'OVESETUP_CONFIG/validFirewallManagers'
FQDN_REVERSE_VALIDATION = 'OVESETUP_CONFIG/fqdnReverseValidation'
FQDN_NON_LOOPBACK_VALIDATION = 'OVESETUP_CONFIG/fqdnNonLoopback'
diff --git a/packaging/setup/ovirt_engine_setup/firewall_manager_base.py
b/packaging/setup/ovirt_engine_setup/firewall_manager_base.py
new file mode 100644
index 0000000..fd08f69
--- /dev/null
+++ b/packaging/setup/ovirt_engine_setup/firewall_manager_base.py
@@ -0,0 +1,72 @@
+#
+# ovirt-engine-setup -- ovirt engine setup
+# Copyright (C) 2013 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+"""
+Firewall manager base
+"""
+
+
+from otopi import base
+from otopi import util
+
+
[email protected]
+class FirewallManagerBase(base.Base):
+
+ def __init__(self, plugin):
+ super(FirewallManagerBase, self).__init__()
+ self._plugin = plugin
+
+ @property
+ def plugin(self):
+ return self._plugin
+
+ @property
+ def environment(self):
+ return self._plugin.environment
+
+ @property
+ def name(self):
+ raise RuntimeError('Unset')
+
+ def __str__(self):
+ return self.name
+
+ def selectable(self):
+ return True
+
+ def detect(self):
+ return False
+
+ def active(self):
+ return False
+
+ def enable(self):
+ pass
+
+ def remove(self):
+ pass
+
+ def prepare_examples(self):
+ pass
+
+ def print_manual_configuration_instructions(self):
+ pass
+
+
+# vim: expandtab tabstop=4 shiftwidth=4
diff --git a/packaging/setup/plugins/ovirt-engine-common/network/__init__.py
b/packaging/setup/plugins/ovirt-engine-common/network/__init__.py
new file mode 100644
index 0000000..735715e
--- /dev/null
+++ b/packaging/setup/plugins/ovirt-engine-common/network/__init__.py
@@ -0,0 +1,36 @@
+#
+# ovirt-engine-setup -- ovirt engine setup
+# Copyright (C) 2013 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+"""ovirt-host-setup network plugin."""
+
+from otopi import util
+from . import firewall_manager
+from . import firewall_manager_firewalld
+from . import firewall_manager_human
+from . import firewall_manager_iptables
+
+
[email protected]
+def createPlugins(context):
+ firewall_manager.Plugin(context=context)
+ firewall_manager_firewalld.Plugin(context=context)
+ firewall_manager_human.Plugin(context=context)
+ firewall_manager_iptables.Plugin(context=context)
+
+
+# vim: expandtab tabstop=4 shiftwidth=4
diff --git
a/packaging/setup/plugins/ovirt-engine-common/network/firewall_manager.py
b/packaging/setup/plugins/ovirt-engine-common/network/firewall_manager.py
new file mode 100644
index 0000000..aadf8f0
--- /dev/null
+++ b/packaging/setup/plugins/ovirt-engine-common/network/firewall_manager.py
@@ -0,0 +1,50 @@
+#
+# ovirt-engine-setup -- ovirt engine setup
+# Copyright (C) 2013 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+"""
+Firewall manager selection plugin.
+"""
+
+import gettext
+_ = lambda m: gettext.dgettext(message=m, domain='ovirt-engine-setup')
+
+
+from otopi import util
+from otopi import plugin
+
+
+from ovirt_engine_setup import constants as osetupcons
+
+
[email protected]
+class Plugin(plugin.PluginBase):
+ """
+ Firewall manager selection plugin.
+ """
+
+ def __init__(self, context):
+ super(Plugin, self).__init__(context=context)
+
+ @plugin.event(
+ stage=plugin.Stages.STAGE_INIT,
+ )
+ def _init(self):
+ self.environment[osetupcons.ConfigEnv.FIREWALL_MANAGERS] = []
+
+
+# vim: expandtab tabstop=4 shiftwidth=4
diff --git
a/packaging/setup/plugins/ovirt-engine-common/network/firewall_manager_firewalld.py
b/packaging/setup/plugins/ovirt-engine-common/network/firewall_manager_firewalld.py
new file mode 100644
index 0000000..d8e4c66
--- /dev/null
+++
b/packaging/setup/plugins/ovirt-engine-common/network/firewall_manager_firewalld.py
@@ -0,0 +1,173 @@
+#
+# ovirt-engine-setup -- ovirt engine setup
+# Copyright (C) 2013 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+"""
+Firewall manager firewalld plugin.
+"""
+
+import os
+import gettext
+_ = lambda m: gettext.dgettext(message=m, domain='ovirt-engine-setup')
+
+
+from otopi import util
+from otopi import plugin
+from otopi import constants as otopicons
+from otopi import filetransaction
+
+from ovirt_engine_setup import constants as osetupcons
+from ovirt_engine_setup import firewall_manager_base
+
+
+from . import process_firewalld_services
+
+
[email protected]
+class Plugin(plugin.PluginBase):
+ """
+ Firewall manager firewalld plugin.
+ """
+
+ class _FirewalldManager(firewall_manager_base.FirewallManagerBase):
+
+ _SERVICE = 'firewalld'
+
+ def __init__(self, plugin):
+ super(Plugin._FirewalldManager, self).__init__(plugin)
+
+ @property
+ def name(self):
+ return osetupcons.Const.FIREWALL_MANAGER_FIREWALLD
+
+ def detect(self):
+ return self.plugin.environment[
+ otopicons.NetEnv.FIREWALLD_AVAILABLE
+ ]
+
+ def active(self):
+ return self.plugin.services.status(self._SERVICE)
+
+ def enable(self):
+ process_firewalld_services.Process.getInstance(
+ environment=self.environment,
+ ).process_firewalld_services()
+ self.environment[otopicons.NetEnv.FIREWALLD_ENABLE] = True
+
+ def remove(self):
+ enable_firewalld = False
+ for file in self.environment[osetupcons.RemoveEnv.FILES_TO_REMOVE]:
+ if file.startswith(
+ osetupcons.FileLocations.FIREWALLD_SERVICES_DIR
+ ):
+ enable_firewalld = True
+ self.environment[
+ otopicons.NetEnv.FIREWALLD_DISABLE_SERVICES
+ ].append(
+ os.path.splitext(
+ os.path.basename(file)
+ )[0]
+ )
+ self.environment[
+ otopicons.NetEnv.FIREWALLD_ENABLE
+ ] = enable_firewalld
+
+ def prepare_examples(self):
+ process_firewalld_services.Process.getInstance(
+ environment=self.environment,
+ ).process_firewalld_services()
+ for service in self.environment[
+ osetupcons.NetEnv.FIREWALLD_SERVICES
+ ]:
+ content = self.environment[
+ otopicons.NetEnv.FIREWALLD_SERVICE_PREFIX +
+ service['name']
+ ]
+
+ target = os.path.join(
+ osetupcons.FileLocations.OVIRT_FIREWALLD_EXAMPLE_DIR,
+ '%s.xml' % service['name']
+ )
+
+ self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append(
+ filetransaction.FileTransaction(
+ name=target,
+ content=content,
+ modifiedList=self.environment[
+ otopicons.CoreEnv.MODIFIED_FILES
+ ],
+ )
+ )
+
+ def print_manual_configuration_instructions(self):
+ commands = []
+ for service in [
+ key[len(otopicons.NetEnv.FIREWALLD_SERVICE_PREFIX):]
+ for key in self.environment
+ if key.startswith(
+ otopicons.NetEnv.FIREWALLD_SERVICE_PREFIX
+ )
+ ]:
+ commands.append('firewall-cmd -service %s' % service)
+ self.plugin.dialog.note(
+ text=_(
+ 'In order to configure firewalld, copy the '
+ 'files from\n'
+ ' {examples} to {configdir}\n'
+ ' and execute the following commands:\n'
+ '{commands}'
+ ).format(
+ examples=(
+ osetupcons.FileLocations.OVIRT_FIREWALLD_EXAMPLE_DIR
+ ),
+ configdir=osetupcons.FileLocations.FIREWALLD_SERVICES_DIR,
+ commands='\n'.join([
+ ' ' + l
+ for l in commands
+ ]),
+ )
+ )
+
+ def __init__(self, context):
+ super(Plugin, self).__init__(context=context)
+
+ @plugin.event(
+ stage=plugin.Stages.STAGE_INIT,
+ )
+ def _init(self):
+ self.environment.setdefault(
+ osetupcons.NetEnv.FIREWALLD_SERVICES,
+ []
+ )
+ self.environment.setdefault(
+ osetupcons.NetEnv.FIREWALLD_SUBST,
+ {}
+ )
+
+ @plugin.event(
+ stage=plugin.Stages.STAGE_SETUP,
+ before=(
+ osetupcons.Stages.KEEP_ONLY_VALID_FIREWALL_MANAGERS,
+ ),
+ )
+ def _setup(self):
+ self.environment[
+ osetupcons.ConfigEnv.FIREWALL_MANAGERS
+ ].append(Plugin._FirewalldManager(self))
+
+
+# vim: expandtab tabstop=4 shiftwidth=4
diff --git
a/packaging/setup/plugins/ovirt-engine-common/network/firewall_manager_human.py
b/packaging/setup/plugins/ovirt-engine-common/network/firewall_manager_human.py
new file mode 100644
index 0000000..d48ced7
--- /dev/null
+++
b/packaging/setup/plugins/ovirt-engine-common/network/firewall_manager_human.py
@@ -0,0 +1,90 @@
+#
+# ovirt-engine-setup -- ovirt engine setup
+# Copyright (C) 2013 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+"""
+Firewall human manager plugin.
+"""
+
+import gettext
+_ = lambda m: gettext.dgettext(message=m, domain='ovirt-engine-setup')
+
+
+from otopi import util
+from otopi import plugin
+
+
+from ovirt_engine_setup import constants as osetupcons
+from ovirt_engine_setup import firewall_manager_base
+
+
+from . import process_firewalld_services
+
+
[email protected]
+class Plugin(plugin.PluginBase):
+ """
+ Firewall human manager plugin.
+ """
+
+ class _HumanManager(firewall_manager_base.FirewallManagerBase):
+
+ def __init__(self, plugin):
+ super(Plugin._HumanManager, self).__init__(plugin)
+ self._output = []
+
+ @property
+ def name(self):
+ return osetupcons.Const.FIREWALL_MANAGER_HUMAN
+
+ def detect(self):
+ return True
+
+ def selectable(self):
+ return False
+
+ def print_manual_configuration_instructions(self):
+ self.plugin.dialog.note(
+ text=_(
+ 'The following network ports should be opened:\n'
+ '{ports}'
+ ).format(
+ ports='\n'.join(
+ sorted(
+ process_firewalld_services.Process.getInstance(
+ environment=self.environment,
+ ).parseFirewalld(
+ format=' {protocol}:{port}\n',
+ ).splitlines()
+ )
+ ) + '\n'
+ ),
+ )
+
+ @plugin.event(
+ stage=plugin.Stages.STAGE_SETUP,
+ before=(
+ osetupcons.Stages.KEEP_ONLY_VALID_FIREWALL_MANAGERS,
+ ),
+ )
+ def _setup(self):
+ self.environment[
+ osetupcons.ConfigEnv.FIREWALL_MANAGERS
+ ].append(Plugin._HumanManager(self))
+
+
+# vim: expandtab tabstop=4 shiftwidth=4
diff --git
a/packaging/setup/plugins/ovirt-engine-common/network/firewall_manager_iptables.py
b/packaging/setup/plugins/ovirt-engine-common/network/firewall_manager_iptables.py
new file mode 100644
index 0000000..711b0bf
--- /dev/null
+++
b/packaging/setup/plugins/ovirt-engine-common/network/firewall_manager_iptables.py
@@ -0,0 +1,136 @@
+#
+# ovirt-engine-setup -- ovirt engine setup
+# Copyright (C) 2013 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+"""
+Firewall manager iptables plugin.
+"""
+
+import gettext
+_ = lambda m: gettext.dgettext(message=m, domain='ovirt-engine-setup')
+
+
+from otopi import util
+from otopi import plugin
+from otopi import constants as otopicons
+from otopi import filetransaction
+
+from ovirt_engine_setup import constants as osetupcons
+from ovirt_engine_setup import util as osetuputil
+from ovirt_engine_setup import firewall_manager_base
+
+
+from . import process_firewalld_services
+
+
[email protected]
+class Plugin(plugin.PluginBase):
+ """
+ Firewall manager iptables plugin.
+ """
+
+ class _IpTablesManager(firewall_manager_base.FirewallManagerBase):
+
+ _SERVICE = 'iptables'
+
+ def _get_rules(self):
+ if self._rules is None:
+ self._rules = osetuputil.processTemplate(
+ osetupcons.FileLocations.OVIRT_IPTABLES_DEFAULT,
+ subst={
+ '@CUSTOM_RULES@': (
+ process_firewalld_services.Process.getInstance(
+ environment=self.environment,
+ ).parseFirewalld(
+ format=(
+ '-A INPUT -p {protocol} -m state '
+ '--state NEW -m {protocol} '
+ '--dport {port} -j ACCEPT\n'
+ ),
+ portSeparator=':',
+ )
+ ),
+ }
+ )
+ return self._rules
+
+ def __init__(self, plugin):
+ super(Plugin._IpTablesManager, self).__init__(plugin)
+ self._rules = None
+
+ @property
+ def name(self):
+ return osetupcons.Const.FIREWALL_MANAGER_IPTABLES
+
+ def detect(self):
+ return self.plugin.services.exists(self._SERVICE)
+
+ def active(self):
+ return self.plugin.services.status(self._SERVICE)
+
+ def prepare_examples(self):
+ content = self._get_rules()
+ self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append(
+ filetransaction.FileTransaction(
+ name=osetupcons.FileLocations.OVIRT_IPTABLES_EXAMPLE,
+ content=content,
+ modifiedList=self.environment[
+ otopicons.CoreEnv.MODIFIED_FILES
+ ],
+ )
+ )
+
+ def enable(self):
+ self.environment[otopicons.NetEnv.IPTABLES_ENABLE] = True
+ self.environment[
+ otopicons.NetEnv.IPTABLES_RULES
+ ] = self._get_rules()
+ # This file is updated by otopi. Here we just prevent it from
+ # being deleted on cleanup.
+ # TODO: copy/move some uninstall code from the engine to otopi
+ # to allow just adding lines to iptables instead of replacing
+ # the file and also remove these lines on cleanup.
+ self.environment[
+ osetupcons.CoreEnv.UNINSTALL_UNREMOVABLE_FILES
+ ].append(
+ osetupcons.FileLocations.SYSCONFIG_IPTABLES,
+ )
+
+ def print_manual_configuration_instructions(self):
+ self.plugin.dialog.note(
+ text=_(
+ 'An example of the required configuration for iptables '
+ 'can be found at:\n'
+ ' {example}'
+ ).format(
+ example=osetupcons.FileLocations.OVIRT_IPTABLES_EXAMPLE
+ )
+ )
+
+ @plugin.event(
+ stage=plugin.Stages.STAGE_SETUP,
+ before=(
+ osetupcons.Stages.KEEP_ONLY_VALID_FIREWALL_MANAGERS,
+ ),
+ )
+ def _setup(self):
+ self.environment[
+ osetupcons.ConfigEnv.FIREWALL_MANAGERS
+ ].append(Plugin._IpTablesManager(self))
+
+
+# vim: expandtab tabstop=4 shiftwidth=4
diff --git
a/packaging/setup/plugins/ovirt-engine-common/network/process_firewalld_services.py
b/packaging/setup/plugins/ovirt-engine-common/network/process_firewalld_services.py
new file mode 100644
index 0000000..0f40b8f
--- /dev/null
+++
b/packaging/setup/plugins/ovirt-engine-common/network/process_firewalld_services.py
@@ -0,0 +1,106 @@
+#
+# ovirt-engine-setup -- ovirt engine setup
+# Copyright (C) 2013 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+"""
+Process firewalld services
+Parse the result
+"""
+
+import os
+
+
+import libxml2
+
+
+from otopi import util
+from otopi import constants as otopicons
+
+
+from ovirt_engine_setup import constants as osetupcons
+from ovirt_engine_setup import util as osetuputil
+
+
[email protected]
+class Process(object):
+
+ _instance = None
+
+ def __init__(self, environment):
+ self._processed = False
+ self._environment = environment
+
+ @classmethod
+ def getInstance(clz, environment):
+ if clz._instance is None:
+ clz._instance = Process(environment=environment)
+ return clz._instance
+
+ @property
+ def environment(self):
+ return self._environment
+
+ def process_firewalld_services(self):
+ if not self._processed:
+ for service in self.environment[
+ osetupcons.NetEnv.FIREWALLD_SERVICES
+ ]:
+ self.environment[
+ otopicons.NetEnv.FIREWALLD_SERVICE_PREFIX +
+ service['name']
+ ] = osetuputil.processTemplate(
+ template=os.path.join(
+ osetupcons.FileLocations.OVIRT_FIREWALLD_CONFIG,
+ service['directory'],
+ '%s.xml.in' % service['name'],
+ ),
+ subst=self.environment[osetupcons.NetEnv.FIREWALLD_SUBST],
+ )
+ self._processed = True
+
+ def parseFirewalld(self, format, portSeparator='-'):
+ self.process_firewalld_services()
+
+ ret = ''
+ for content in [
+ content
+ for key, content in self.environment.items()
+ if key.startswith(
+ otopicons.NetEnv.FIREWALLD_SERVICE_PREFIX
+ )
+ ]:
+ doc = None
+ ctx = None
+ try:
+ doc = libxml2.parseDoc(content)
+ ctx = doc.xpathNewContext()
+ nodes = ctx.xpathEval("/service/port")
+ for node in nodes:
+ ret += format.format(
+ protocol=node.prop('protocol'),
+ port=node.prop('port').replace('-', portSeparator),
+ )
+ finally:
+ if doc is not None:
+ doc.freeDoc()
+ if ctx is not None:
+ ctx.xpathFreeContext()
+
+ return ret
+
+
+# vim: expandtab tabstop=4 shiftwidth=4
diff --git a/packaging/setup/plugins/ovirt-engine-remove/network/__init__.py
b/packaging/setup/plugins/ovirt-engine-remove/network/__init__.py
index 651da8a..18088d8 100644
--- a/packaging/setup/plugins/ovirt-engine-remove/network/__init__.py
+++ b/packaging/setup/plugins/ovirt-engine-remove/network/__init__.py
@@ -22,12 +22,12 @@
from otopi import util
-from . import firewalld
+from . import firewall_manager
@util.export
def createPlugins(context):
- firewalld.Plugin(context=context)
+ firewall_manager.Plugin(context=context)
# vim: expandtab tabstop=4 shiftwidth=4
diff --git
a/packaging/setup/plugins/ovirt-engine-remove/network/firewall_manager.py
b/packaging/setup/plugins/ovirt-engine-remove/network/firewall_manager.py
new file mode 100644
index 0000000..2dae58e
--- /dev/null
+++ b/packaging/setup/plugins/ovirt-engine-remove/network/firewall_manager.py
@@ -0,0 +1,55 @@
+#
+# ovirt-engine-setup -- ovirt engine setup
+# Copyright (C) 2013 Red Hat, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+
+
+"""
+Firewall manager selection plugin.
+"""
+
+import gettext
+_ = lambda m: gettext.dgettext(message=m, domain='ovirt-engine-setup')
+
+
+from otopi import constants as otopicons
+from otopi import util
+from otopi import plugin
+
+
+from ovirt_engine_setup import constants as osetupcons
+
+
[email protected]
+class Plugin(plugin.PluginBase):
+ """
+ Firewall manager selection plugin.
+ """
+
+ def __init__(self, context):
+ super(Plugin, self).__init__(context=context)
+
+ @plugin.event(
+ stage=plugin.Stages.STAGE_VALIDATION,
+ before=(
+ otopicons.Stages.FIREWALLD_VALIDATION,
+ ),
+ )
+ def _validation(self):
+ for m in self.environment[osetupcons.ConfigEnv.FIREWALL_MANAGERS]:
+ m.remove()
+
+
+# vim: expandtab tabstop=4 shiftwidth=4
diff --git a/packaging/setup/plugins/ovirt-engine-remove/network/firewalld.py
b/packaging/setup/plugins/ovirt-engine-remove/network/firewalld.py
deleted file mode 100644
index 568a5ef..0000000
--- a/packaging/setup/plugins/ovirt-engine-remove/network/firewalld.py
+++ /dev/null
@@ -1,67 +0,0 @@
-#
-# ovirt-engine-setup -- ovirt engine setup
-# Copyright (C) 2013 Red Hat, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-
-"""Firewalld plugin."""
-
-
-import os
-
-
-from otopi import util
-from otopi import plugin
-from otopi import constants as otopicons
-
-
-from ovirt_engine_setup import constants as osetupcons
-
-
[email protected]
-class Plugin(plugin.PluginBase):
- """Firewalld plugin."""
-
- def __init__(self, context):
- super(Plugin, self).__init__(context=context)
-
- @plugin.event(
- stage=plugin.Stages.STAGE_VALIDATION,
- name=osetupcons.Stages.REMOVE_FIREWALLD_SERVICES,
- # TODO: Add:
- # before=(
- # otopicons.Stages.FIREWALLD_VALIDATION,
- #),
- # and remove:
- priority=plugin.Stages.PRIORITY_HIGH,
- )
- def _validation(self):
- enable_firewalld = False
- for file in self.environment[osetupcons.RemoveEnv.FILES_TO_REMOVE]:
- if file.startswith(
- osetupcons.FileLocations.FIREWALLD_SERVICES_DIR
- ):
- enable_firewalld = True
- self.environment[
- otopicons.NetEnv.FIREWALLD_DISABLE_SERVICES
- ].append(
- os.path.splitext(
- os.path.basename(file)
- )[0]
- )
- self.environment[otopicons.NetEnv.FIREWALLD_ENABLE] = enable_firewalld
-
-
-# vim: expandtab tabstop=4 shiftwidth=4
diff --git
a/packaging/setup/plugins/ovirt-engine-setup/config/websocket_proxy.py
b/packaging/setup/plugins/ovirt-engine-setup/config/websocket_proxy.py
index 481cb6b..972fa4b 100644
--- a/packaging/setup/plugins/ovirt-engine-setup/config/websocket_proxy.py
+++ b/packaging/setup/plugins/ovirt-engine-setup/config/websocket_proxy.py
@@ -60,26 +60,26 @@
stage=plugin.Stages.STAGE_LATE_SETUP,
)
def _late_setup(self):
- if self.environment[
- osetupcons.CoreEnv.DEVELOPER_MODE
- ]:
- self._enabled = True
- else:
- if (
- not os.path.exists(
- osetupcons.FileLocations.
- OVIRT_ENGINE_PKI_WEBSOCKET_PROXY_STORE
- ) and
- self.services.exists(name='ovirt-websocket-proxy')
- ):
- self._enabled = True
-
- self._needStart = self.services.status(
- name='ovirt-websocket-proxy',
+ if (
+ not os.path.exists(
+ osetupcons.FileLocations.
+ OVIRT_ENGINE_PKI_WEBSOCKET_PROXY_STORE
)
+ # Do not check if service exists. when upgrading from
+ # 3.2 it will not exist at this point, but is Required
+ # by the package so will be installed.
+ # TODO: Fix and do something more complex if/when it can
+ # be installed separately from the engine.
+ ):
+ self._enabled = True
+
+ self._needStart = self.services.status(
+ name='ovirt-websocket-proxy',
+ )
@plugin.event(
stage=plugin.Stages.STAGE_CUSTOMIZATION,
+ name=osetupcons.Stages.CONFIG_WEBSOCKET_PROXY_CUSTOMIZATION,
condition=lambda self: self._enabled,
before=(
osetupcons.Stages.DIALOG_TITLES_E_SYSTEM,
@@ -110,20 +110,34 @@
osetupcons.ConfigEnv.WEBSOCKET_PROXY_CONFIG
]
- if self._enabled:
- self.environment[osetupcons.NetEnv.FIREWALLD_SERVICES].extend([
- {
- 'name': 'ovirt-websocket-proxy',
- 'directory': 'base'
- },
- ])
- self.environment[
- osetupcons.NetEnv.FIREWALLD_SUBST
- ].update({
- '@WEBSOCKET_PROXY_PORT@': self.environment[
- osetupcons.ConfigEnv.WEBSOCKET_PROXY_PORT
- ],
- })
+ @plugin.event(
+ stage=plugin.Stages.STAGE_CUSTOMIZATION,
+ condition=lambda self: self.environment[
+ osetupcons.ConfigEnv.WEBSOCKET_PROXY_CONFIG
+ ],
+ before=(
+ osetupcons.Stages.DIALOG_TITLES_E_SYSTEM,
+ ),
+ after=(
+ osetupcons.Stages.DB_CONNECTION_STATUS,
+ osetupcons.Stages.DIALOG_TITLES_S_SYSTEM,
+ osetupcons.Stages.CONFIG_WEBSOCKET_PROXY_CUSTOMIZATION,
+ ),
+ )
+ def _customization_firewall(self):
+ self.environment[osetupcons.NetEnv.FIREWALLD_SERVICES].extend([
+ {
+ 'name': 'ovirt-websocket-proxy',
+ 'directory': 'base'
+ },
+ ])
+ self.environment[
+ osetupcons.NetEnv.FIREWALLD_SUBST
+ ].update({
+ '@WEBSOCKET_PROXY_PORT@': self.environment[
+ osetupcons.ConfigEnv.WEBSOCKET_PROXY_PORT
+ ],
+ })
@plugin.event(
stage=plugin.Stages.STAGE_MISC,
diff --git a/packaging/setup/plugins/ovirt-engine-setup/legacy/__init__.py
b/packaging/setup/plugins/ovirt-engine-setup/legacy/__init__.py
index 8f9f4e0..e1fe475 100644
--- a/packaging/setup/plugins/ovirt-engine-setup/legacy/__init__.py
+++ b/packaging/setup/plugins/ovirt-engine-setup/legacy/__init__.py
@@ -26,7 +26,6 @@
from . import config
from . import core
from . import datadomain
-from . import firewall_manager
from . import firewalld
from . import isodomain
from . import database
@@ -39,7 +38,6 @@
config.Plugin(context=context)
core.Plugin(context=context)
datadomain.Plugin(context=context)
- firewall_manager.Plugin(context=context)
firewalld.Plugin(context=context)
isodomain.Plugin(context=context)
database.Plugin(context=context)
diff --git
a/packaging/setup/plugins/ovirt-engine-setup/legacy/firewall_manager.py
b/packaging/setup/plugins/ovirt-engine-setup/legacy/firewall_manager.py
deleted file mode 100644
index 0809404..0000000
--- a/packaging/setup/plugins/ovirt-engine-setup/legacy/firewall_manager.py
+++ /dev/null
@@ -1,65 +0,0 @@
-#
-# ovirt-engine-setup -- ovirt engine setup
-# Copyright (C) 2013 Red Hat, Inc.
-#
-# Licensed under the Apache License, Version 2.0 (the "License");
-# you may not use this file except in compliance with the License.
-# You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing, software
-# distributed under the License is distributed on an "AS IS" BASIS,
-# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-# See the License for the specific language governing permissions and
-# limitations under the License.
-#
-
-
-"""Upgrade firewall configuration from legacy plugin."""
-
-
-import gettext
-_ = lambda m: gettext.dgettext(message=m, domain='ovirt-engine-setup')
-
-
-from otopi import util
-from otopi import plugin
-
-
-from ovirt_engine_setup import constants as osetupcons
-
-
[email protected]
-class Plugin(plugin.PluginBase):
- """Upgrade firewall configuration from legacy plugin."""
-
- def __init__(self, context):
- super(Plugin, self).__init__(context=context)
-
- @plugin.event(
- stage=plugin.Stages.STAGE_CUSTOMIZATION,
- condition=lambda self: self.environment[
- osetupcons.CoreEnv.UPGRADE_FROM_LEGACY
- ],
- before=(
- osetupcons.Stages.NET_FIREWALL_MANAGER_AVAILABLE,
- ),
- )
- def _customization(self):
- managers = []
- if self.services.exists('firewalld'):
- managers.append('firewalld')
- if self.services.exists('iptables'):
- managers.append('iptables')
- for manager in managers:
- if (
- self.services.exists(manager) and
- self.services.status(manager)
- ):
- self.environment[
- osetupcons.ConfigEnv.FIREWALL_MANAGER
- ] = manager
-
-
-# vim: expandtab tabstop=4 shiftwidth=4
diff --git
a/packaging/setup/plugins/ovirt-engine-setup/network/firewall_manager.py
b/packaging/setup/plugins/ovirt-engine-setup/network/firewall_manager.py
index f99b5ff..6fb42fc 100644
--- a/packaging/setup/plugins/ovirt-engine-setup/network/firewall_manager.py
+++ b/packaging/setup/plugins/ovirt-engine-setup/network/firewall_manager.py
@@ -20,21 +20,17 @@
Firewall manager selection plugin.
"""
-import os
import gettext
_ = lambda m: gettext.dgettext(message=m, domain='ovirt-engine-setup')
-import libxml2
-
-
+from otopi import constants as otopicons
from otopi import util
from otopi import plugin
-from otopi import constants as otopicons
-from otopi import filetransaction
+
from ovirt_engine_setup import constants as osetupcons
-from ovirt_engine_setup import util as osetuputil
+from ovirt_engine_setup import dialog
@util.export
@@ -43,60 +39,10 @@
Firewall manager selection plugin.
"""
- def _parseFirewalld(self, format, portSeparator='-'):
- ret = ''
- for content in [
- content
- for key, content in self.environment.items()
- if key.startswith(
- otopicons.NetEnv.FIREWALLD_SERVICE_PREFIX
- )
- ]:
- doc = None
- ctx = None
- try:
- doc = libxml2.parseDoc(content)
- ctx = doc.xpathNewContext()
- nodes = ctx.xpathEval("/service/port")
- for node in nodes:
- ret += format.format(
- protocol=node.prop('protocol'),
- port=node.prop('port').replace('-', portSeparator),
- )
- finally:
- if doc is not None:
- doc.freeDoc()
- if ctx is not None:
- ctx.xpathFreeContext()
-
- return ret
-
- def _createIptablesConfig(self):
- return osetuputil.processTemplate(
- osetupcons.FileLocations.OVIRT_IPTABLES_DEFAULT,
- subst={
- '@CUSTOM_RULES@': self._parseFirewalld(
- format=(
- '-A INPUT -p {protocol} -m state --state NEW '
- '-m {protocol} --dport {port} -j ACCEPT\n'
- ),
- portSeparator=':',
- )
- }
- )
-
- def _createHumanConfig(self):
- return '\n'.join(
- sorted(
- self._parseFirewalld(
- format='{protocol}:{port}\n',
- ).splitlines()
- )
- ) + '\n'
-
def __init__(self, context):
super(Plugin, self).__init__(context=context)
- self._enabled = False
+ self._detected_managers = []
+ self._available_managers = []
@plugin.event(
stage=plugin.Stages.STAGE_INIT,
@@ -107,26 +53,94 @@
None
)
self.environment.setdefault(
- osetupcons.NetEnv.FIREWALLD_SERVICES,
- []
+ osetupcons.ConfigEnv.UPDATE_FIREWALL,
+ None
)
self.environment.setdefault(
- osetupcons.NetEnv.FIREWALLD_SUBST,
- {}
+ osetupcons.ConfigEnv.VALID_FIREWALL_MANAGERS,
+ ''
)
@plugin.event(
stage=plugin.Stages.STAGE_SETUP,
+ name=osetupcons.Stages.KEEP_ONLY_VALID_FIREWALL_MANAGERS,
+ condition=lambda self: self.environment[
+ osetupcons.ConfigEnv.VALID_FIREWALL_MANAGERS
+ ],
)
- def _setup(self):
- self._enabled = not self.environment[
- osetupcons.CoreEnv.DEVELOPER_MODE
+ def _keep_only_valid_firewall_managers(self):
+ valid_managers = [
+ x.strip()
+ for x in self.environment[
+ osetupcons.ConfigEnv.VALID_FIREWALL_MANAGERS
+ ].split(',')
+ ]
+ # Note: valid_managers is just the names (parsed out of
+ # env[VALID_FIREWALL_MANAGERS], which is a string), whereas
+ # env[FIREWALL_MANAGERS], as well as later lists in this file
+ # with 'managers' in their name, are lists of firewall manager
+ # objects.
+ self.environment[osetupcons.ConfigEnv.FIREWALL_MANAGERS] = [
+ m
+ for m in self.environment[osetupcons.ConfigEnv.FIREWALL_MANAGERS]
+ if m.name in valid_managers or not m.selectable()
]
@plugin.event(
stage=plugin.Stages.STAGE_CUSTOMIZATION,
+ condition=lambda self: not self.environment[
+ osetupcons.CoreEnv.DEVELOPER_MODE
+ ],
+ before=(
+ osetupcons.Stages.DIALOG_TITLES_E_NETWORK,
+ osetupcons.Stages.NET_FIREWALL_MANAGER_AVAILABLE,
+ ),
+ after=(
+ osetupcons.Stages.DIALOG_TITLES_S_NETWORK,
+ ),
+ )
+ def _customization_is_requested(self):
+ self._detected_managers = [
+ m
+ for m in self.environment[osetupcons.ConfigEnv.FIREWALL_MANAGERS]
+ if m.selectable() and m.detect()
+ ]
+
+ if self.environment[
+ osetupcons.ConfigEnv.UPDATE_FIREWALL
+ ] is None:
+ if not self._detected_managers:
+ self.environment[osetupcons.ConfigEnv.UPDATE_FIREWALL] = False
+ else:
+ self.dialog.note(
+ text=_(
+ 'Setup can automatically configure the firewall '
+ 'on this system.\n'
+ 'Note: automatic configuration of the firewall may '
+ 'overwrite current settings.\n'
+ ),
+ )
+ self.environment[
+ osetupcons.ConfigEnv.UPDATE_FIREWALL
+ ] = dialog.queryBoolean(
+ dialog=self.dialog,
+ name='OVESETUP_UPDATE_FIREWALL',
+ note=_(
+ 'Do you want Setup to configure the firewall? '
+ '(@VALUES@) [@DEFAULT@]: '
+ ),
+ prompt=True,
+ true=_('Yes'),
+ false=_('No'),
+ default=True,
+ )
+
+ @plugin.event(
+ stage=plugin.Stages.STAGE_CUSTOMIZATION,
name=osetupcons.Stages.NET_FIREWALL_MANAGER_AVAILABLE,
- condition=lambda self: self._enabled,
+ condition=lambda self: self.environment[
+ osetupcons.ConfigEnv.UPDATE_FIREWALL
+ ],
before=(
osetupcons.Stages.DIALOG_TITLES_E_NETWORK,
),
@@ -135,125 +149,88 @@
),
)
def _customization(self):
- if self.environment[osetupcons.ConfigEnv.FIREWALL_MANAGER] is None:
- managers = []
- if (
- self.environment[otopicons.NetEnv.FIREWALLD_AVAILABLE] and
- self.services.status('firewalld')
- ):
- managers.append('firewalld')
- if (
- self.services.exists('iptables') and
- self.services.status('iptables')
- ):
- managers.append('iptables')
+ active_managers = [m for m in self._detected_managers if m.active()]
- for manager in managers:
- response = self.dialog.queryString(
+ self._available_managers = (
+ active_managers if active_managers
+ else self._detected_managers
+ )
+
+ if self.environment[osetupcons.ConfigEnv.FIREWALL_MANAGER] is None:
+ if active_managers and len(self._available_managers) == 1:
+ self.environment[
+ osetupcons.ConfigEnv.FIREWALL_MANAGER
+ ] = self._available_managers[0].name
+ else:
+ self.dialog.note(
+ text=_(
+ 'The following firewall managers were detected on '
+ 'this system: {managers}\n'
+ ).format(
+ managers=', '.join(
+ m.name
+ for m in self._available_managers
+ ),
+ ),
+ )
+ self.environment[
+ osetupcons.ConfigEnv.FIREWALL_MANAGER
+ ] = self.dialog.queryString(
name='OVESETUP_CONFIG_FIREWALL_MANAGER',
note=_(
- '{manager} was detected on your computer. '
- 'Do you wish Setup to configure it? '
- '(@VALUES@) [@DEFAULT@]: '
- ).format(
- manager=manager,
+ 'Firewall manager to configure '
+ '(@VALUES@): '
),
prompt=True,
- validValues=(_('yes'), _('no')),
+ validValues=self._available_managers,
caseSensitive=False,
- default=_('yes'),
)
- if response == _('yes'):
- self.environment[
- osetupcons.ConfigEnv.FIREWALL_MANAGER
- ] = manager
- break
-
- self.environment[otopicons.NetEnv.IPTABLES_ENABLE] = (
- self.environment[
- osetupcons.ConfigEnv.FIREWALL_MANAGER
- ] == 'iptables'
- )
- self.environment[otopicons.NetEnv.FIREWALLD_ENABLE] = (
- self.environment[
- osetupcons.ConfigEnv.FIREWALL_MANAGER
- ] == 'firewalld'
- )
-
- @plugin.event(
- stage=plugin.Stages.STAGE_VALIDATION,
- name=osetupcons.Stages.NET_FIREWALL_MANAGER_PROCESS_TEMPLATES,
- # must be always enabled to create examples
- # TODO: add:
- # before=(
- # otopicons.Stages.FIREWALLD_VALIDATION,
- # constants.Stages.IPTABLES_VALIDATION,
- #),
- # and remove:
- priority=plugin.Stages.PRIORITY_HIGH,
- )
- def _process_templates(self):
- for service in self.environment[osetupcons.NetEnv.FIREWALLD_SERVICES]:
- content = osetuputil.processTemplate(
- template=os.path.join(
- osetupcons.FileLocations.OVIRT_FIREWALLD_CONFIG,
- service['directory'],
- '%s.xml.in' % service['name'],
- ),
- subst=self.environment[osetupcons.NetEnv.FIREWALLD_SUBST],
- )
-
- self.environment[
- otopicons.NetEnv.FIREWALLD_SERVICE_PREFIX +
- service['name']
- ] = content
-
- target = os.path.join(
- osetupcons.FileLocations.OVIRT_FIREWALLD_EXAMPLE_DIR,
- '%s.xml' % service['name']
- )
-
- self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append(
- filetransaction.FileTransaction(
- name=target,
- content=content,
- modifiedList=self.environment[
- otopicons.CoreEnv.MODIFIED_FILES
- ],
- )
- )
-
- self.environment[
- otopicons.NetEnv.IPTABLES_RULES
- ] = self._createIptablesConfig()
-
- self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append(
- filetransaction.FileTransaction(
- name=osetupcons.FileLocations.OVIRT_IPTABLES_EXAMPLE,
- content=self.environment[otopicons.NetEnv.IPTABLES_RULES],
- modifiedList=self.environment[
- otopicons.CoreEnv.MODIFIED_FILES
+ self.logger.info(
+ _('{manager} will be configured as firewall manager.').format(
+ manager=self.environment[
+ osetupcons.ConfigEnv.FIREWALL_MANAGER
],
)
)
@plugin.event(
- stage=plugin.Stages.STAGE_MISC,
+ stage=plugin.Stages.STAGE_VALIDATION,
condition=lambda self: self.environment[
- otopicons.NetEnv.IPTABLES_ENABLE
+ osetupcons.ConfigEnv.UPDATE_FIREWALL
],
+ before=(
+ otopicons.Stages.FIREWALLD_VALIDATION,
+ otopicons.Stages.IPTABLES_VALIDATION,
+ ),
)
- def _iptablesmark(self):
- # This file is updated by otopi. Here we just prevent it from
- # being deleted on cleanup.
- # TODO: copy/move some uninstall code from the engine to otopi
- # to allow just adding lines to iptables instead of replacing
- # the file and also remove these lines on cleanup.
- self.environment[
- osetupcons.CoreEnv.UNINSTALL_UNREMOVABLE_FILES
- ].append(
- osetupcons.FileLocations.SYSCONFIG_IPTABLES,
- )
+ def _validation(self):
+ if self.environment[
+ osetupcons.ConfigEnv.FIREWALL_MANAGER
+ ] not in [m.name for m in self._available_managers]:
+ raise RuntimeError(
+ _(
+ 'Firewall manager {manager} is not available'
+ ).format(
+ manager=self.environment[
+ osetupcons.ConfigEnv.FIREWALL_MANAGER
+ ],
+ ),
+ )
+ next(
+ m for m in self._available_managers
+ if m.name == self.environment[
+ osetupcons.ConfigEnv.FIREWALL_MANAGER
+ ]
+ ).enable()
+
+ @plugin.event(
+ stage=plugin.Stages.STAGE_MISC,
+ )
+ def _prepare_examples(self):
+ for manager in self.environment[
+ osetupcons.ConfigEnv.FIREWALL_MANAGERS
+ ]:
+ manager.prepare_examples()
@plugin.event(
stage=plugin.Stages.STAGE_CLOSEUP,
@@ -268,55 +245,10 @@
] is None
)
def _closeup(self):
- self.dialog.note(
- text=_(
- 'The following network ports should be opened:\n'
- '{ports}'
- ).format(
- ports='\n'.join([
- ' ' + l
- for l in self._createHumanConfig().splitlines()
- ]),
- ),
- )
-
- self.dialog.note(
- text=_(
- 'An example of the required configuration for iptables '
- 'can be found at:\n'
- ' {example}'
- ).format(
- example=osetupcons.FileLocations.OVIRT_IPTABLES_EXAMPLE
- )
- )
-
- commands = []
- for service in [
- key[len(otopicons.NetEnv.FIREWALLD_SERVICE_PREFIX):]
- for key in self.environment
- if key.startswith(
- otopicons.NetEnv.FIREWALLD_SERVICE_PREFIX
- )
+ for manager in self.environment[
+ osetupcons.ConfigEnv.FIREWALL_MANAGERS
]:
- commands.append('firewall-cmd -service %s' % service)
- self.dialog.note(
- text=_(
- 'In order to configure firewalld, copy the '
- 'files from\n'
- '{examples} to {configdir}\n'
- 'and execute the following commands:\n'
- '{commands}'
- ).format(
- examples=(
- osetupcons.FileLocations.OVIRT_FIREWALLD_EXAMPLE_DIR
- ),
- configdir='/etc/firewalld/services',
- commands='\n'.join([
- ' ' + l
- for l in commands
- ]),
- )
- )
+ manager.print_manual_configuration_instructions()
# vim: expandtab tabstop=4 shiftwidth=4
diff --git
a/packaging/setup/plugins/ovirt-engine-setup/provisioning/postgres.py
b/packaging/setup/plugins/ovirt-engine-setup/provisioning/postgres.py
index 5e438fc..5a703d2 100644
--- a/packaging/setup/plugins/ovirt-engine-setup/provisioning/postgres.py
+++ b/packaging/setup/plugins/ovirt-engine-setup/provisioning/postgres.py
@@ -403,6 +403,7 @@
@plugin.event(
stage=plugin.Stages.STAGE_CUSTOMIZATION,
+ name=osetupcons.Stages.DB_HOST_LOCATION_CUSTOMIZATION,
before=(
osetupcons.Stages.DIALOG_TITLES_E_DATABASE,
osetupcons.Stages.DB_CONNECTION_CUSTOMIZATION,
@@ -487,12 +488,27 @@
osetupcons.DBEnv.SECURED_HOST_VALIDATION
] = osetupcons.Defaults.DEFAULT_DB_SECURED_HOST_VALIDATION
- self.environment[osetupcons.NetEnv.FIREWALLD_SERVICES].extend([
- {
- 'name': 'ovirt-postgres',
- 'directory': 'base'
- },
- ])
+ @plugin.event(
+ stage=plugin.Stages.STAGE_CUSTOMIZATION,
+ before=(
+ osetupcons.Stages.DIALOG_TITLES_E_DATABASE,
+ osetupcons.Stages.DB_CONNECTION_CUSTOMIZATION,
+ ),
+ after=(
+ osetupcons.Stages.DIALOG_TITLES_S_DATABASE,
+ osetupcons.Stages.DB_HOST_LOCATION_CUSTOMIZATION,
+ ),
+ condition=lambda self: (
+ self.environment[osetupcons.DBEnv.HOST] == 'localhost'
+ )
+ )
+ def _customization_firewall(self):
+ self.environment[osetupcons.NetEnv.FIREWALLD_SERVICES].extend([
+ {
+ 'name': 'ovirt-postgres',
+ 'directory': 'base'
+ },
+ ])
@plugin.event(
stage=plugin.Stages.STAGE_VALIDATION,
--
To view, visit http://gerrit.ovirt.org/22182
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: If3c1a634b2e8539ebd604205b5487290c8d8a1a9
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: ovirt-engine-3.3.2
Gerrit-Owner: Yedidyah Bar David <[email protected]>
Gerrit-Reviewer: Alon Bar-Lev <[email protected]>
_______________________________________________
Engine-patches mailing list
[email protected]
http://lists.ovirt.org/mailman/listinfo/engine-patches
