Simone Tiraboschi has uploaded a new change for review. Change subject: packaging: setup: Adding a dialog to let the user review iptables changes ......................................................................
packaging: setup: Adding a dialog to let the user review iptables changes Adding a dialog to let the user review iptables changes before apply them. Change-Id: I63e0eeb26d925c8c79b9c8e55da64c57ce94a3f6 Bug-Url: https://bugzilla.redhat.com/1109326 Signed-off-by: Simone Tiraboschi <stira...@redhat.com> --- M packaging/setup/ovirt_engine_setup/constants.py M packaging/setup/ovirt_engine_setup/firewall_manager_base.py M packaging/setup/plugins/ovirt-engine-common/base/network/firewall_manager_iptables.py M packaging/setup/plugins/ovirt-engine-setup/base/network/firewall_manager.py 4 files changed, 69 insertions(+), 0 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/85/33085/1 diff --git a/packaging/setup/ovirt_engine_setup/constants.py b/packaging/setup/ovirt_engine_setup/constants.py index f868e6c..40fd41f 100644 --- a/packaging/setup/ovirt_engine_setup/constants.py +++ b/packaging/setup/ovirt_engine_setup/constants.py @@ -381,6 +381,7 @@ return 'OVESETUP_CONFIG/updateFirewall' FIREWALL_MANAGERS = 'OVESETUP_CONFIG/firewallManagers' + SKIP_FIREWALL_REVIEW = 'OVESETUP_CONFIG/skipFirewallReview' VALID_FIREWALL_MANAGERS = 'OVESETUP_CONFIG/validFirewallManagers' FQDN_REVERSE_VALIDATION = 'OVESETUP_CONFIG/fqdnReverseValidation' FQDN_NON_LOOPBACK_VALIDATION = 'OVESETUP_CONFIG/fqdnNonLoopback' diff --git a/packaging/setup/ovirt_engine_setup/firewall_manager_base.py b/packaging/setup/ovirt_engine_setup/firewall_manager_base.py index fd08f69..e6660b4 100644 --- a/packaging/setup/ovirt_engine_setup/firewall_manager_base.py +++ b/packaging/setup/ovirt_engine_setup/firewall_manager_base.py @@ -68,5 +68,8 @@ def print_manual_configuration_instructions(self): pass + def review_config(self): + pass + # vim: expandtab tabstop=4 shiftwidth=4 diff --git a/packaging/setup/plugins/ovirt-engine-common/base/network/firewall_manager_iptables.py b/packaging/setup/plugins/ovirt-engine-common/base/network/firewall_manager_iptables.py index 650a3f0..a213ef3 100644 --- a/packaging/setup/plugins/ovirt-engine-common/base/network/firewall_manager_iptables.py +++ b/packaging/setup/plugins/ovirt-engine-common/base/network/firewall_manager_iptables.py @@ -20,6 +20,7 @@ Firewall manager iptables plugin. """ +import difflib import gettext _ = lambda m: gettext.dgettext(message=m, domain='ovirt-engine-setup') @@ -35,6 +36,7 @@ from ovirt_engine_setup import constants as osetupcons from ovirt_engine_setup import firewall_manager_base +from ovirt_engine_setup import dialog from . import process_firewalld_services @@ -49,6 +51,8 @@ class _IpTablesManager(firewall_manager_base.FirewallManagerBase): _SERVICE = 'iptables' + + _REDHAT_IPTABLES = '/etc/sysconfig/iptables' def _get_rules(self): if self._rules is None: @@ -124,6 +128,44 @@ ) ) + def review_config(self): + + diffl = '' + with open(self._REDHAT_IPTABLES, 'r') as current: + diff = difflib.unified_diff( + current.readlines(), + self._get_rules().splitlines(True), + fromfile=_('current'), + tofile=_('proposed'), + ) + for line in diff: + diffl += line + if len(diffl) > 0: + confirmed = dialog.queryBoolean( + dialog=self.plugin.dialog, + name='OVESETUP_RPMDISTRO_REQUIRE_ROLLBACK', + note=_( + 'Generated iptables rules diverge from current ones.\n' + 'Please review the changes:\n\n' + '{diff}\n\n' + 'Do you want to proceed with firewall configuration? ' + '(@VALUES@) [@DEFAULT@]: ' + ).format( + diff=diffl + ), + prompt=True, + true=_('Yes'), + false=_('No'), + default=True, + ) + if not confirmed: + raise RuntimeError( + _( + 'iptables proposed configuration ' + 'was rejected by user' + ) + ) + @plugin.event( stage=plugin.Stages.STAGE_SETUP, before=( diff --git a/packaging/setup/plugins/ovirt-engine-setup/base/network/firewall_manager.py b/packaging/setup/plugins/ovirt-engine-setup/base/network/firewall_manager.py index 6fb42fc..9ce362a 100644 --- a/packaging/setup/plugins/ovirt-engine-setup/base/network/firewall_manager.py +++ b/packaging/setup/plugins/ovirt-engine-setup/base/network/firewall_manager.py @@ -57,6 +57,10 @@ None ) self.environment.setdefault( + osetupcons.ConfigEnv.SKIP_FIREWALL_REVIEW, + False + ) + self.environment.setdefault( osetupcons.ConfigEnv.VALID_FIREWALL_MANAGERS, '' ) @@ -224,6 +228,25 @@ ).enable() @plugin.event( + stage=plugin.Stages.STAGE_VALIDATION, + condition=lambda self: self.environment[ + osetupcons.ConfigEnv.UPDATE_FIREWALL + ], + after=( + otopicons.Stages.FIREWALLD_VALIDATION, + otopicons.Stages.IPTABLES_VALIDATION, + ), + ) + def _review_config(self): + if not self.environment[ + osetupcons.ConfigEnv.SKIP_FIREWALL_REVIEW + ]: + for manager in self.environment[ + osetupcons.ConfigEnv.FIREWALL_MANAGERS + ]: + manager.review_config() + + @plugin.event( stage=plugin.Stages.STAGE_MISC, ) def _prepare_examples(self): -- To view, visit http://gerrit.ovirt.org/33085 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I63e0eeb26d925c8c79b9c8e55da64c57ce94a3f6 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Simone Tiraboschi <stira...@redhat.com> _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
