Sandro Bonazzola has uploaded a new change for review. Change subject: packaging: setup: disable firewalld in early misc stage ......................................................................
packaging: setup: disable firewalld in early misc stage otopi disables firewalld just before enabling iptables. We need to disable firewalld before entering misc stage because otherwise libvirt will rely on it also if it's stopped just after libvirt is started. Change-Id: Id74fcb192e09d27154d87ae8529a9722ae80a772 Bug-Url: https://bugzilla.redhat.com/1057139 Signed-off-by: Sandro Bonazzola <[email protected]> (cherry picked from commit f84e522ad12c29adbf4cb0044ed6a59a78a57fb1) --- M src/plugins/ovirt-hosted-engine-setup/network/Makefile.am M src/plugins/ovirt-hosted-engine-setup/network/__init__.py A src/plugins/ovirt-hosted-engine-setup/network/iptables.py 3 files changed, 82 insertions(+), 2 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-hosted-engine-setup refs/changes/33/24933/1 diff --git a/src/plugins/ovirt-hosted-engine-setup/network/Makefile.am b/src/plugins/ovirt-hosted-engine-setup/network/Makefile.am index 1d33ec4..3cf3cdd 100644 --- a/src/plugins/ovirt-hosted-engine-setup/network/Makefile.am +++ b/src/plugins/ovirt-hosted-engine-setup/network/Makefile.am @@ -1,6 +1,6 @@ # # ovirt-hosted-engine-setup -- ovirt with a manager in a VM -# Copyright (C) 2013 Red Hat, Inc. +# Copyright (C) 2013-2014 Red Hat, Inc. # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -30,6 +30,7 @@ firewall_manager.py \ firewall.py \ gateway.py \ + iptables.py \ $(NULL) clean-local: \ diff --git a/src/plugins/ovirt-hosted-engine-setup/network/__init__.py b/src/plugins/ovirt-hosted-engine-setup/network/__init__.py index 6ad9d9a..3e51b38 100644 --- a/src/plugins/ovirt-hosted-engine-setup/network/__init__.py +++ b/src/plugins/ovirt-hosted-engine-setup/network/__init__.py @@ -1,6 +1,6 @@ # # ovirt-hosted-engine-setup -- ovirt hosted engine setup -# Copyright (C) 2013 Red Hat, Inc. +# Copyright (C) 2013-2014 Red Hat, Inc. # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public @@ -28,6 +28,7 @@ from . import firewall from . import firewall_manager from . import gateway +from . import iptables @util.export @@ -36,6 +37,7 @@ firewall.Plugin(context=context) firewall_manager.Plugin(context=context) gateway.Plugin(context=context) + iptables.Plugin(context=context) # vim: expandtab tabstop=4 shiftwidth=4 diff --git a/src/plugins/ovirt-hosted-engine-setup/network/iptables.py b/src/plugins/ovirt-hosted-engine-setup/network/iptables.py new file mode 100644 index 0000000..c6cdd06 --- /dev/null +++ b/src/plugins/ovirt-hosted-engine-setup/network/iptables.py @@ -0,0 +1,77 @@ +# +# ovirt-hosted-engine-setup -- ovirt hosted engine setup +# Copyright (C) 2014 Red Hat, Inc. +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +# + + +""" +iptables plugin. +""" + + +import gettext +import platform + + +from otopi import constants +from otopi import util +from otopi import plugin + + +_ = lambda m: gettext.dgettext(message=m, domain='ovirt-hosted-engine-setup') + + [email protected] +class Plugin(plugin.PluginBase): + """ + iptables plugin. + """ + + def __init__(self, context): + super(Plugin, self).__init__(context=context) + self._distribution = platform.linux_distribution( + full_distribution_name=0 + )[0] + self._enabled = False + + @plugin.event( + stage=plugin.Stages.STAGE_VALIDATION, + condition=( + lambda self: self.environment[constants.NetEnv.IPTABLES_ENABLE] + ), + ) + def _validate(self): + if not self._distribution in ('redhat', 'fedora', 'centos'): + self.logger.warning( + _('Unsupported distribution for iptables plugin') + ) + else: + self._enabled = True + + @plugin.event( + stage=plugin.Stages.STAGE_EARLY_MISC, + condition=lambda self: self._enabled, + ) + def _early_misc(self): + # We would like to avoid conflict and we need to stop firewalld + # before restarting libvirt: BZ#1057139 + if self.services.exists('firewalld'): + self.services.startup('firewalld', False) + self.services.state('firewalld', False) + + +# vim: expandtab tabstop=4 shiftwidth=4 -- To view, visit http://gerrit.ovirt.org/24933 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: Id74fcb192e09d27154d87ae8529a9722ae80a772 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-hosted-engine-setup Gerrit-Branch: ovirt-hosted-engine-setup-1.1 Gerrit-Owner: Sandro Bonazzola <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
