Alon Bar-Lev has uploaded a new change for review.
Change subject: packaging: setup: use firewalld implementation of otopi
......................................................................
packaging: setup: use firewalld implementation of otopi
Change-Id: I017a5b328c03983c21b5565270d4bdb439b6816a
Signed-off-by: Alon Bar-Lev <alo...@redhat.com>
---
M ovirt-engine.spec.in
M packaging/setup/ovirt_engine_setup/constants.py
M packaging/setup/plugins/ovirt-engine-setup/network/__init__.py
M packaging/setup/plugins/ovirt-engine-setup/network/firewall_manager.py
D packaging/setup/plugins/ovirt-engine-setup/network/firewalld.py
5 files changed, 10 insertions(+), 202 deletions(-)
git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/14/15114/1
diff --git a/ovirt-engine.spec.in b/ovirt-engine.spec.in
index 0bf4c1f..d85a532 100644
--- a/ovirt-engine.spec.in
+++ b/ovirt-engine.spec.in
@@ -244,7 +244,7 @@
Requires: openssl
Requires: m2crypto
Requires: python-paramiko
-Requires: otopi >= 1.0.2
+Requires: otopi >= 1.1.0
%description setup
Setup and upgrade scripts for %{product_name_short}
diff --git a/packaging/setup/ovirt_engine_setup/constants.py
b/packaging/setup/ovirt_engine_setup/constants.py
index b6c7c63..d83b1f5 100644
--- a/packaging/setup/ovirt_engine_setup/constants.py
+++ b/packaging/setup/ovirt_engine_setup/constants.py
@@ -105,12 +105,6 @@
'firewalld'
)
- FIREWALLD_SERVICE_DIR = os.path.join(
- SYSCONFDIR,
- 'firewalld',
- 'services'
- )
-
OVIRT_ENGINE_SYSCTL = os.path.join(
SYSCONFDIR,
'sysctl.d',
@@ -539,8 +533,6 @@
@util.export
@util.codegen
class NetEnv(object):
- FIREWALLD_ENABLE = 'OVESETUP_NETWORK/firewalldEnable'
- FIREWALLD_SERVICE_PREFIX = 'OVESETUP_NETWORK_FIREWALLD_SERVICE/'
FIREWALLD_SERVICES = 'OVESETUP_NETWORK/firewalldServices'
FIREWALLD_SUBST = 'OVESETUP_NETWORK/firewalldSubst'
diff --git a/packaging/setup/plugins/ovirt-engine-setup/network/__init__.py
b/packaging/setup/plugins/ovirt-engine-setup/network/__init__.py
index 25b2771..2af336d 100644
--- a/packaging/setup/plugins/ovirt-engine-setup/network/__init__.py
+++ b/packaging/setup/plugins/ovirt-engine-setup/network/__init__.py
@@ -21,14 +21,12 @@
from otopi import util
from . import firewall_manager
from . import firewall
-from . import firewalld
@util.export
def createPlugins(context):
firewall_manager.Plugin(context=context)
firewall.Plugin(context=context)
- firewalld.Plugin(context=context)
# vim: expandtab tabstop=4 shiftwidth=4
diff --git
a/packaging/setup/plugins/ovirt-engine-setup/network/firewall_manager.py
b/packaging/setup/plugins/ovirt-engine-setup/network/firewall_manager.py
index 94f773b..5f3cf37 100644
--- a/packaging/setup/plugins/ovirt-engine-setup/network/firewall_manager.py
+++ b/packaging/setup/plugins/ovirt-engine-setup/network/firewall_manager.py
@@ -43,26 +43,13 @@
Firewall manager selection plugin.
"""
- def _isPermanentSupported(self):
- """
- check if firewall-cmd support --permanent option
- """
- rc, stdout, stderr = self.execute(
- (
- self.command.get('firewall-cmd'),
- '--help',
- ),
- raiseOnError=False,
- )
- return ''.join(stdout).find('--permanent') != -1
-
def _parseFirewalld(self, format):
ret = ''
for content in [
content
for key, content in self.environment.items()
if key.startswith(
- osetupcons.NetEnv.FIREWALLD_SERVICE_PREFIX
+ otopicons.NetEnv.FIREWALLD_SERVICE_PREFIX
)
]:
doc = None
@@ -134,7 +121,6 @@
self._enabled = not self.environment[
osetupcons.CoreEnv.DEVELOPER_MODE
]
- self.command.detect('firewall-cmd')
@plugin.event(
stage=plugin.Stages.STAGE_CUSTOMIZATION,
@@ -150,9 +136,8 @@
def _customization(self):
if self.environment[osetupcons.ConfigEnv.FIREWALL_MANAGER] is None:
managers = []
- if self.services.exists('firewalld'):
- if self._isPermanentSupported():
- managers.append('firewalld')
+ if self.environment[otopicons.NetEnv.FIREWALLD_AVAILABLE]:
+ managers.append('firewalld')
if self.services.exists('iptables'):
managers.append('iptables')
@@ -182,7 +167,7 @@
osetupcons.ConfigEnv.FIREWALL_MANAGER
] == 'iptables'
)
- self.environment[osetupcons.NetEnv.FIREWALLD_ENABLE] = (
+ self.environment[otopicons.NetEnv.FIREWALLD_ENABLE] = (
self.environment[
osetupcons.ConfigEnv.FIREWALL_MANAGER
] == 'firewalld'
@@ -211,7 +196,7 @@
)
self.environment[
- osetupcons.NetEnv.FIREWALLD_SERVICE_PREFIX +
+ otopicons.NetEnv.FIREWALLD_SERVICE_PREFIX +
service['name']
] = content
@@ -281,13 +266,13 @@
commands = []
for service in [
- key[len(osetupcons.NetEnv.FIREWALLD_SERVICE_PREFIX):]
+ key[len(otopicons.NetEnv.FIREWALLD_SERVICE_PREFIX):]
for key in self.environment
if key.startswith(
- osetupcons.NetEnv.FIREWALLD_SERVICE_PREFIX
+ otopicons.NetEnv.FIREWALLD_SERVICE_PREFIX
)
]:
- commands.append('firewall-cmd --add-service %s' % service)
+ commands.append('firewall-cmd -service %s' % service)
self.dialog.note(
text=_(
'In order to configure firewalld, copy the '
@@ -299,7 +284,7 @@
examples=(
osetupcons.FileLocations.OVIRT_FIREWALLD_EXAMPLE_DIR
),
- configdir=osetupcons.FileLocations.FIREWALLD_SERVICE_DIR,
+ configdir='/etc/firewalld/services',
commands='\n'.join([
' ' + l
for l in commands
diff --git a/packaging/setup/plugins/ovirt-engine-setup/network/firewalld.py
b/packaging/setup/plugins/ovirt-engine-setup/network/firewalld.py
deleted file mode 100644
index 878bb13..0000000
--- a/packaging/setup/plugins/ovirt-engine-setup/network/firewalld.py
+++ /dev/null
@@ -1,167 +0,0 @@
-#
-# ovirt-engine-setup -- ovirt engine setup
-# Copyright (C) 2013 Red Hat, Inc.
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-#
-
-
-"""firewalld handler plugin."""
-
-import os
-import platform
-import gettext
-_ = lambda m: gettext.dgettext(message=m, domain='ovirt-engine-setup')
-
-
-from otopi import util
-from otopi import plugin
-from otopi import constants as otopicons
-from otopi import filetransaction
-
-
-from ovirt_engine_setup import constants as osetupcons
-
-
-@util.export
-class Plugin(plugin.PluginBase):
- """iptables updater.
-
- Environment:
- NetEnv.FIREWALLD_ENABLE -- enable firewalld update
- NetEnv.FIREWALLD_SERVICE_PREFIX -- services key=service value=content
-
- """
-
- def _get_active_zones(self):
- rc, stdout, stderr = self.execute(
- (
- self.command.get('firewall-cmd'),
- '--get-active-zones',
- ),
- )
- zones = {}
- for line in stdout:
- zone_name, devices = line.split(':')
- zones[zone_name] = devices.split()
- return zones
-
- def __init__(self, context):
- super(Plugin, self).__init__(context=context)
- self._distribution = platform.linux_distribution(
- full_distribution_name=0
- )[0]
- self._enabled = True
- self._services = []
-
- @plugin.event(
- stage=plugin.Stages.STAGE_INIT,
- )
- def _init(self):
- self.environment.setdefault(
- osetupcons.NetEnv.FIREWALLD_ENABLE,
- False
- )
-
- @plugin.event(
- stage=plugin.Stages.STAGE_SETUP,
- condition=lambda self: self._enabled,
- )
- def _setup(self):
- self.command.detect('firewall-cmd')
- self._enabled = not self.environment[
- osetupcons.CoreEnv.DEVELOPER_MODE
- ]
-
- @plugin.event(
- stage=plugin.Stages.STAGE_VALIDATION,
- condition=lambda self: self._enabled,
- )
- def _validation(self):
- self._enabled = self.environment[
- osetupcons.NetEnv.FIREWALLD_ENABLE
- ]
-
- @plugin.event(
- stage=plugin.Stages.STAGE_MISC,
- condition=lambda self: self._enabled,
- )
- def _misc(self):
- for service, content in [
- (
- key[len(osetupcons.NetEnv.FIREWALLD_SERVICE_PREFIX):],
- content,
- )
- for key, content in self.environment.items()
- if key.startswith(
- osetupcons.NetEnv.FIREWALLD_SERVICE_PREFIX
- )
- ]:
- self._services.append(service)
- self.environment[otopicons.CoreEnv.MAIN_TRANSACTION].append(
- filetransaction.FileTransaction(
- name=os.path.join(
- osetupcons.FileLocations.FIREWALLD_SERVICE_DIR,
- '%s.xml' % service,
- ),
- content=content,
- modifiedList=self.environment[
- otopicons.CoreEnv.MODIFIED_FILES
- ],
- )
- )
-
- @plugin.event(
- stage=plugin.Stages.STAGE_CLOSEUP,
- condition=lambda self: self._enabled,
- )
- def _closeup(self):
- # avoid conflicts, diable iptables
- if self.services.exists(name='iptables'):
- self.services.startup(name='iptables', state=False)
- self.services.state(name='iptables', state=False)
-
- self.services.state(
- name='firewalld',
- state=True,
- )
- self.services.startup(name='firewalld', state=True)
- #Ensure to load the newly written services if firewalld was already
- #running.
- self.execute(
- (
- self.command.get('firewall-cmd'),
- '--reload'
- )
- )
- for zone in self._get_active_zones():
- for service in self._services:
- self.execute(
- (
- self.command.get('firewall-cmd'),
- '--zone', zone,
- '--permanent',
- '--add-service', service,
- ),
- )
- self.execute(
- (
- self.command.get('firewall-cmd'),
- '--reload'
- )
- )
-
-
-# vim: expandtab tabstop=4 shiftwidth=4
--
To view, visit http://gerrit.ovirt.org/15114
To unsubscribe, visit http://gerrit.ovirt.org/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I017a5b328c03983c21b5565270d4bdb439b6816a
Gerrit-PatchSet: 1
Gerrit-Project: ovirt-engine
Gerrit-Branch: master
Gerrit-Owner: Alon Bar-Lev <alo...@redhat.com>
_______________________________________________
Engine-patches mailing list
Engine-patches@ovirt.org
http://lists.ovirt.org/mailman/listinfo/engine-patches
