Yedidyah Bar David has posted comments on this change.
Change subject: packaging: setup: update firewall for all services
......................................................................
Patch Set 22:
(4 comments)
....................................................
File packaging/setup/plugins/ovirt-engine-setup/network/firewall_manager.py
Line 70: self.environment[osetupcons.CoreEnv.DEVELOPER_MODE]
Line 71: or (
Line 72: self.environment[
Line 73:
osetupcons.ConfigEnv.AUTOMATIC_FIREWALLING_REQUESTED
Line 74: ] is False
I can change it to one of:
self._enabled = (
not development and (
update_firewall is None or
update_firewall
)
)
self._enabled = (
not development and
update_firewall is not False
)
Do you really prefer the first one? Not sure it's related to thinking positive.
Logic is very simple: If user already decided False, we do not enable.
Otherwise we enable, for now, until we know more.
Originally I wanted to write the second one, but went with what I did to
minimize NOTs (one instead of two). I admit it's less intuitive, I prefer the
second one in this comment. I'll now change to it.
Line 75: )
Line 76: )
Line 77:
Line 78: @plugin.event(
Line 139: 'overwrite current settings.\n'
Line 140: ),
Line 141: )
Line 142: self._enabled = self.environment[
Line 143: osetupcons.ConfigEnv.AUTOMATIC_FIREWALLING_REQUESTED
I did not want something internal. UPDATE_FIREWALL was used exactly for the
things AUTOMATIC_FIREWALLING_REQUESTED is used. I just renamed it because I
thought that UPDATE_FIREWALL might be misleading someone reading the code to
think it means "We are going to update the firewall". As I said, there is no
internal variable other than self._enabled, and I currently do not see a need
for one. I'll rename back to UPDATE_FIREWALL.
Line 144: ] = dialog.queryBoolean(
Line 145: dialog=self.dialog,
Line 146: name='OVESETUP_UPDATE_FIREWALL',
Line 147: note=_(
Line 232: osetupcons.ConfigEnv.FIREWALL_MANAGERS
Line 233: ]:
Line 234: manager.prepare()
Line 235:
Line 236: if self._enabled:
They are not unrelated.
.prepare does not prepare only templates. For firewalld it currently does
nothing, but for iptables it also sets IPTABLES_RULES, and then creates
examples from the value of IPTABLES_RULES - so they must happen in this order.
If you want to separate we'll need many more before/after lines.
Line 237: if self.environment[
Line 238: osetupcons.ConfigEnv.FIREWALL_MANAGER
Line 239: ] not in [m.name for m in self._available_managers]:
Line 240: raise RuntimeError(
....................................................
File
packaging/setup/plugins/ovirt-engine-setup/network/firewall_manager_human.py
Line 80: text=_(
Line 81: 'The following network ports should be opened:\n'
Line 82: '{ports}'
Line 83: ).format(
Line 84: ports=self._output,
Done
Line 85: ),
Line 86: )
Line 87:
Line 88: @plugin.event(
--
To view, visit http://gerrit.ovirt.org/20737
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: comment
Gerrit-Change-Id: If3c1a634b2e8539ebd604205b5487290c8d8a1a9
Gerrit-PatchSet: 22
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Yedidyah Bar David <d...@redhat.com>
Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com>
Gerrit-Reviewer: Ofer Schreiber <oschr...@redhat.com>
Gerrit-Reviewer: Sandro Bonazzola <sbona...@redhat.com>
Gerrit-Reviewer: Yedidyah Bar David <d...@redhat.com>
Gerrit-Reviewer: oVirt Jenkins CI Server
Gerrit-HasComments: Yes
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
