Yedidyah Bar David has posted comments on this change. Change subject: packaging: setup: Adding a dialog to let the user review iptables changes ......................................................................
Patch Set 1: (1 comment) http://gerrit.ovirt.org/#/c/33085/1/packaging/setup/ovirt_engine_setup/constants.py File packaging/setup/ovirt_engine_setup/constants.py: Line 380: def UPDATE_FIREWALL(self): Line 381: return 'OVESETUP_CONFIG/updateFirewall' Line 382: Line 383: FIREWALL_MANAGERS = 'OVESETUP_CONFIG/firewallManagers' Line 384: SKIP_FIREWALL_REVIEW = 'OVESETUP_CONFIG/skipFirewallReview' > The changes we are going to apply to iptables configuration depend not only I really think we need a very strict, well-defined, perhaps even clearly written policy about what goes in the answer file. In recent months, I worked with the assumption that this policy is: If: 1. On a specific system with specific state S0 (say, it's snapshotted at this point) 2. User runs engine-setup and get to state S1 3. engine-setup creates an answer file ans0 Then: 4. On a system at state S0 user runs engine-setup with ans0 5. system should move to state S1 6. Without asking questions This, of course, to the extent it's possible. Remote signing wsp/reports pki (without supplying root password, or a CA-manager password in the future when we implement one), if setup generates the (random) key, of course can't be completely automated. I do not see why this case (iptables review) should be different. If you have some other policy in mind please define it clearly. If you prefer to continue the discussion elsewhere, that's fine too. Line 385: VALID_FIREWALL_MANAGERS = 'OVESETUP_CONFIG/validFirewallManagers' Line 386: FQDN_REVERSE_VALIDATION = 'OVESETUP_CONFIG/fqdnReverseValidation' Line 387: FQDN_NON_LOOPBACK_VALIDATION = 'OVESETUP_CONFIG/fqdnNonLoopback' Line 388: -- To view, visit http://gerrit.ovirt.org/33085 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I63e0eeb26d925c8c79b9c8e55da64c57ce94a3f6 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Simone Tiraboschi <stira...@redhat.com> Gerrit-Reviewer: Lev Veyde <lve...@redhat.com> Gerrit-Reviewer: Sandro Bonazzola <sbona...@redhat.com> Gerrit-Reviewer: Simone Tiraboschi <stira...@redhat.com> Gerrit-Reviewer: Yedidyah Bar David <d...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
