Dima Kuznetsov has uploaded a new change for review. Change subject: core: Add selinux host info to VdsDynamic ......................................................................
core: Add selinux host info to VdsDynamic Added the SELinux enforce mode of the host, as reported by vdsm. Change-Id: If472f68702b59280c721450d4db50dc27dc19a30 Signed-off-by: Dima Kuznetsov <[email protected]> --- M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/VDS.java M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/VdsDynamic.java M backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/VdsDAODbFacadeImpl.java M backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/VdsDynamicDAODbFacadeImpl.java M backend/manager/modules/dal/src/test/resources/fixtures.xml M backend/manager/modules/restapi/interface/definition/src/main/resources/api.xsd M backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/HostMapper.java M backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/vdsbroker/VdsBrokerObjectsBuilder.java M backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/vdsbroker/VdsProperties.java M packaging/dbscripts/create_views.sql A packaging/dbscripts/upgrade/03_05_0300_add_selinux_to_vds_dynamic.sql M packaging/dbscripts/upgrade/post_upgrade/0010_add_object_column_white_list_table.sql M packaging/dbscripts/vds_sp.sql 13 files changed, 56 insertions(+), 10 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/55/26955/1 diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/VDS.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/VDS.java index d8a970e..13a9346 100644 --- a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/VDS.java +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/VDS.java @@ -1321,4 +1321,12 @@ public void setDisablePowerManagementPolicy(boolean disablePowerManagementPolicy) { mVdsStatic.setDisablePowerManagementPolicy(disablePowerManagementPolicy); } + + public Integer getSELinuxEnforceMode() { + return mVdsDynamic.getselinux_enforce_mode(); + } + + public void setSELinuxEnforceMode(Integer value) { + mVdsDynamic.setselinux_enforce_mode(value); + } } diff --git a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/VdsDynamic.java b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/VdsDynamic.java index b3fcc25..b485db1 100644 --- a/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/VdsDynamic.java +++ b/backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/businessentities/VdsDynamic.java @@ -128,6 +128,8 @@ private HashSet<Version> _supportedENGINESVersionsSet; + private Integer selinux_enforce_mode; + /** * This flag is set to true if the host PM can be controlled * by policy. If a user triggered action puts the host @@ -585,6 +587,14 @@ this.powerManagementControlledByPolicy = powerManagementControlledByPolicy; } + public Integer getselinux_enforce_mode() { + return this.selinux_enforce_mode; + } + + public void setselinux_enforce_mode(Integer value) { + this.selinux_enforce_mode = value; + } + @Override public int hashCode() { final int prime = 31; @@ -638,6 +648,7 @@ result = prime * result + ((hwFamily == null) ? 0 : hwFamily.hashCode()); result = prime * result + ((HBAs == null) ? 0 : HBAs.hashCode()); result = prime * result + (powerManagementControlledByPolicy ? 0 : 1); + result = prime * result + ((selinux_enforce_mode == null) ? 0 : selinux_enforce_mode.hashCode()); return result; } @@ -703,7 +714,8 @@ && ObjectUtils.objectsEqual(hwFamily, other.hwFamily) && ObjectUtils.objectsEqual(HBAs, other.HBAs) && ObjectUtils.objectsEqual(supportedEmulatedMachines, other.supportedEmulatedMachines)) - && powerManagementControlledByPolicy == other.powerManagementControlledByPolicy; + && powerManagementControlledByPolicy == other.powerManagementControlledByPolicy + && ObjectUtils.objectsEqual(selinux_enforce_mode, other.selinux_enforce_mode); } } diff --git a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/VdsDAODbFacadeImpl.java b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/VdsDAODbFacadeImpl.java index 64ef2ca..2697ef1 100644 --- a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/VdsDAODbFacadeImpl.java +++ b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/VdsDAODbFacadeImpl.java @@ -347,6 +347,7 @@ entity.setHighlyAvailableLocalMaintenance(rs.getBoolean("ha_local_maintenance")); entity.calculateFreeVirtualMemory(); entity.setBootTime((Long) rs.getObject("boot_time")); + entity.setSELinuxEnforceMode((Integer) rs.getObject("selinux_enforce_mode")); return entity; } } diff --git a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/VdsDynamicDAODbFacadeImpl.java b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/VdsDynamicDAODbFacadeImpl.java index 9ff84a3..b7ba38e 100644 --- a/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/VdsDynamicDAODbFacadeImpl.java +++ b/backend/manager/modules/dal/src/main/java/org/ovirt/engine/core/dao/VdsDynamicDAODbFacadeImpl.java @@ -97,6 +97,7 @@ entity.setHardwareFamily(rs.getString("hw_family")); entity.setHBAs(new JsonObjectDeserializer().deserialize(rs.getString("hbas"), HashMap.class)); entity.setPowerManagementControlledByPolicy(rs.getBoolean("controlled_by_pm_policy")); + entity.setselinux_enforce_mode(rs.getInt("selinux_enforce_mode")); return entity; } @@ -252,7 +253,8 @@ .addValue("hw_uuid", vds.getHardwareUUID()) .addValue("hw_family", vds.getHardwareFamily()) .addValue("hbas", new JsonObjectSerializer().serialize(vds.getHBAs())) - .addValue("supported_emulated_machines", vds.getSupportedEmulatedMachines()); + .addValue("supported_emulated_machines", vds.getSupportedEmulatedMachines()) + .addValue("selinux_enforce_mode", vds.getselinux_enforce_mode()); return parameterSource; } diff --git a/backend/manager/modules/dal/src/test/resources/fixtures.xml b/backend/manager/modules/dal/src/test/resources/fixtures.xml index 8e7e773..cf769a6 100644 --- a/backend/manager/modules/dal/src/test/resources/fixtures.xml +++ b/backend/manager/modules/dal/src/test/resources/fixtures.xml @@ -2992,6 +2992,7 @@ <column>cpu_name</column> <column>current_cd</column> <column>exit_reason</column> + <column>selinux_enforce_mode</column> <row> <value>77296e00-0cad-4e5a-9299-008a7b6f4356</value> <value>5</value> @@ -3030,6 +3031,7 @@ <null/> <null/> <value>-1</value> + <value>1</value> </row> <row> <value>77296e00-0cad-4e5a-9299-008a7b6f4355</value> @@ -3069,6 +3071,7 @@ <null /> <value>current_cd.iso</value> <value>-1</value> + <value>1</value> </row> <row> <value>77296e00-0cad-4e5a-9299-008a7b6f4354</value> @@ -3107,6 +3110,7 @@ <value>3452354</value> <null /> <null/> + <value>-1</value> <value>-1</value> </row> <row> @@ -3147,6 +3151,7 @@ <null /> <null/> <value>-1</value> + <value>0</value> </row> <row> <value>77296e00-0cad-4e5a-9299-008a7b6f4360</value> @@ -3186,6 +3191,7 @@ <null /> <null/> <value>-1</value> + <value>1</value> </row> <row> <value>77296e00-0cad-4e5a-9299-008a7b6f5002</value> @@ -3223,6 +3229,7 @@ <null /> <null /> <value>-1</value> + <value>0</value> </row> <row> <value>77296e00-0cad-4e5a-9299-008a7b6f5003</value> @@ -3260,6 +3267,7 @@ <null /> <null /> <value>-1</value> + <null /> </row> </table> diff --git a/backend/manager/modules/restapi/interface/definition/src/main/resources/api.xsd b/backend/manager/modules/restapi/interface/definition/src/main/resources/api.xsd index 89a4760..b99f8dd 100644 --- a/backend/manager/modules/restapi/interface/definition/src/main/resources/api.xsd +++ b/backend/manager/modules/restapi/interface/definition/src/main/resources/api.xsd @@ -1519,6 +1519,7 @@ <!-- Optionally specify the display address of this host explicitly --> <xs:element ref="display" minOccurs="0"/> <xs:element name="hosted_engine" type="HostedEngine" minOccurs="0" maxOccurs="1"/> + <xs:element name="selinux_enforce_mode" type="xs:int" minOccurs="0" maxOccurs="1" /> </xs:sequence> </xs:extension> </xs:complexContent> diff --git a/backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/HostMapper.java b/backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/HostMapper.java index edb7497..9e351c3 100644 --- a/backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/HostMapper.java +++ b/backend/manager/modules/restapi/types/src/main/java/org/ovirt/engine/api/restapi/types/HostMapper.java @@ -388,6 +388,12 @@ model.getDisplay().setAddress(entity.getConsoleAddress()); } + if (entity.getSELinuxEnforceMode() != null && + entity.getSELinuxEnforceMode() <= 1 && + entity.getSELinuxEnforceMode() >= -1) { + model.setSelinuxEnforceMode(entity.getSELinuxEnforceMode()); + } + return model; } diff --git a/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/vdsbroker/VdsBrokerObjectsBuilder.java b/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/vdsbroker/VdsBrokerObjectsBuilder.java index cf2098f..a16555d 100644 --- a/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/vdsbroker/VdsBrokerObjectsBuilder.java +++ b/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/vdsbroker/VdsBrokerObjectsBuilder.java @@ -412,6 +412,7 @@ } vds.setHBAs(hbas); vds.setBootTime(AssignLongValue(xmlRpcStruct, VdsProperties.bootTime)); + vds.setSELinuxEnforceMode(AssignIntValue(xmlRpcStruct, VdsProperties.selinuxEnforceMode)); } public static void checkTimeDrift(VDS vds, Map<String, Object> xmlRpcStruct) { diff --git a/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/vdsbroker/VdsProperties.java b/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/vdsbroker/VdsProperties.java index 03d1d75..b74e2be 100644 --- a/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/vdsbroker/VdsProperties.java +++ b/backend/manager/modules/vdsbroker/src/main/java/org/ovirt/engine/core/vdsbroker/vdsbroker/VdsProperties.java @@ -43,6 +43,7 @@ public static final String vm_types = "vmTypes"; // Currently not in use public static final String reservedMem = "reservedMem"; public static final String bootTime = "bootTime"; + public static final String selinuxEnforceMode = "selinuxEnforceMode"; // vds runtime (i.e. VdsDynamic req getVdsStats) public static final String netConfigDirty = "netConfigDirty"; public static final String status = "status"; // in vm also diff --git a/packaging/dbscripts/create_views.sql b/packaging/dbscripts/create_views.sql index 26a7aab..c9b4681 100644 --- a/packaging/dbscripts/create_views.sql +++ b/packaging/dbscripts/create_views.sql @@ -737,7 +737,8 @@ vds_dynamic.hw_serial_number as hw_serial_number, vds_dynamic.hw_uuid as hw_uuid, vds_dynamic.hw_family as hw_family, vds_static.console_address as console_address, vds_dynamic.hbas as hbas, vds_dynamic.supported_emulated_machines as supported_emulated_machines, vds_static.ssh_port as ssh_port, vds_static.ssh_username as ssh_username, vds_statistics.ha_score as ha_score, vds_statistics.ha_configured as ha_configured, vds_statistics.ha_active as ha_active, vds_statistics.ha_global_maintenance as ha_global_maintenance, - vds_statistics.ha_local_maintenance as ha_local_maintenance, vds_static.disable_auto_pm as disable_auto_pm, vds_dynamic.controlled_by_pm_policy as controlled_by_pm_policy, vds_statistics.boot_time as boot_time + vds_statistics.ha_local_maintenance as ha_local_maintenance, vds_static.disable_auto_pm as disable_auto_pm, vds_dynamic.controlled_by_pm_policy as controlled_by_pm_policy, vds_statistics.boot_time as boot_time, + vds_dynamic.selinux_enforce_mode as selinux_enforce_mode FROM vds_groups INNER JOIN vds_static ON vds_groups.vds_group_id = vds_static.vds_group_id INNER JOIN vds_dynamic ON vds_static.vds_id = vds_dynamic.vds_id INNER JOIN @@ -781,7 +782,7 @@ storage_pool_iso_map.storage_id, vds_static.ssh_port, vds_static.ssh_username, vds_statistics.ha_score, vds_statistics.ha_configured, vds_statistics.ha_active, vds_statistics.ha_global_maintenance, vds_statistics.ha_local_maintenance, vds_static.disable_auto_pm as disable_auto_pm, vds_dynamic.controlled_by_pm_policy as controlled_by_pm_policy, - vds_statistics.boot_time as boot_time + vds_statistics.boot_time as boot_time, vds_dynamic.selinux_enforce_mode as selinux_enforce_mode FROM vds_groups INNER JOIN vds_static ON vds_groups.vds_group_id = vds_static.vds_group_id INNER JOIN vds_dynamic ON vds_static.vds_id = vds_dynamic.vds_id INNER JOIN diff --git a/packaging/dbscripts/upgrade/03_05_0300_add_selinux_to_vds_dynamic.sql b/packaging/dbscripts/upgrade/03_05_0300_add_selinux_to_vds_dynamic.sql new file mode 100644 index 0000000..80acbab --- /dev/null +++ b/packaging/dbscripts/upgrade/03_05_0300_add_selinux_to_vds_dynamic.sql @@ -0,0 +1 @@ +select fn_db_add_column('vds_dynamic', 'selinux_enforce_mode', 'INTEGER'); diff --git a/packaging/dbscripts/upgrade/post_upgrade/0010_add_object_column_white_list_table.sql b/packaging/dbscripts/upgrade/post_upgrade/0010_add_object_column_white_list_table.sql index 9074e24..f231b50 100644 --- a/packaging/dbscripts/upgrade/post_upgrade/0010_add_object_column_white_list_table.sql +++ b/packaging/dbscripts/upgrade/post_upgrade/0010_add_object_column_white_list_table.sql @@ -55,7 +55,8 @@ 'vds_group_compatibility_version', 'vds_group_virt_service', 'vds_group_gluster_service', 'host_os', 'kvm_version', 'libvirt_version', 'spice_version', 'kernel_version', 'iscsi_initiator_name', 'transparent_hugepages_state', 'anonymous_hugepages', 'non_operational_reason', 'recoverable', 'sshkeyfingerprint', 'count_threads_as_cores', 'cpu_threads', - 'hw_manufacturer', 'hw_product_name', 'hw_version', 'hw_serial_number', 'hw_uuid', 'hw_family', 'ssh_port', 'ssh_username', 'boot_time')); + 'hw_manufacturer', 'hw_product_name', 'hw_version', 'hw_serial_number', 'hw_uuid', 'hw_family', 'ssh_port', 'ssh_username', 'boot_time', + 'selinux_enforce_mode')); -- pm_options are missing END; $function$ LANGUAGE plpgsql; diff --git a/packaging/dbscripts/vds_sp.sql b/packaging/dbscripts/vds_sp.sql index 4781b71..872c56e 100644 --- a/packaging/dbscripts/vds_sp.sql +++ b/packaging/dbscripts/vds_sp.sql @@ -201,14 +201,15 @@ v_hw_family VARCHAR(255), v_hbas VARCHAR(255), v_supported_emulated_machines VARCHAR(255), - v_controlled_by_pm_policy BOOLEAN) + v_controlled_by_pm_policy BOOLEAN, + v_selinux_enforce_mode INTEGER) RETURNS VOID AS $procedure$ BEGIN BEGIN -INSERT INTO vds_dynamic(cpu_cores, cpu_threads, cpu_model, cpu_speed_mh, if_total_speed, kvm_enabled, mem_commited, physical_mem_mb, status, vds_id, vm_active, vm_count, vm_migrating, reserved_mem, guest_overhead, rpm_version, software_version, version_name, build_name, previous_status, cpu_flags, cpu_over_commit_time_stamp, vms_cores_count, pending_vcpus_count, pending_vmem_size, cpu_sockets,net_config_dirty, supported_cluster_levels, supported_engines, host_os, kvm_version, libvirt_version, spice_version, gluster_version, kernel_version, iscsi_initiator_name, transparent_hugepages_state, hooks, hw_manufacturer, hw_product_name, hw_version, hw_serial_number, hw_uuid, hw_family, hbas, supported_emulated_machines, controlled_by_pm_policy) - VALUES(v_cpu_cores, v_cpu_threads, v_cpu_model, v_cpu_speed_mh, v_if_total_speed, v_kvm_enabled, v_mem_commited, v_physical_mem_mb, v_status, v_vds_id, v_vm_active, v_vm_count, v_vm_migrating, v_reserved_mem, v_guest_overhead, v_rpm_version, v_software_version, v_version_name, v_build_name, v_previous_status, v_cpu_flags, v_cpu_over_commit_time_stamp, v_vms_cores_count,v_pending_vcpus_count, v_pending_vmem_size, v_cpu_sockets, v_net_config_dirty, v_supported_cluster_levels, v_supported_engines, v_host_os, v_kvm_version, v_libvirt_version, v_spice_version, v_gluster_version, v_kernel_version, v_iscsi_initiator_name, v_transparent_hugepages_state, v_hooks, v_hw_manufacturer, v_hw_product_name, v_hw_version, v_hw_serial_number, v_hw_uuid, v_hw_family, v_hbas, v_supported_emulated_machines, v_controlled_by_pm_policy); +INSERT INTO vds_dynamic(cpu_cores, cpu_threads, cpu_model, cpu_speed_mh, if_total_speed, kvm_enabled, mem_commited, physical_mem_mb, status, vds_id, vm_active, vm_count, vm_migrating, reserved_mem, guest_overhead, rpm_version, software_version, version_name, build_name, previous_status, cpu_flags, cpu_over_commit_time_stamp, vms_cores_count, pending_vcpus_count, pending_vmem_size, cpu_sockets,net_config_dirty, supported_cluster_levels, supported_engines, host_os, kvm_version, libvirt_version, spice_version, gluster_version, kernel_version, iscsi_initiator_name, transparent_hugepages_state, hooks, hw_manufacturer, hw_product_name, hw_version, hw_serial_number, hw_uuid, hw_family, hbas, supported_emulated_machines, controlled_by_pm_policy, selinux_enforce_mode) + VALUES(v_cpu_cores, v_cpu_threads, v_cpu_model, v_cpu_speed_mh, v_if_total_speed, v_kvm_enabled, v_mem_commited, v_physical_mem_mb, v_status, v_vds_id, v_vm_active, v_vm_count, v_vm_migrating, v_reserved_mem, v_guest_overhead, v_rpm_version, v_software_version, v_version_name, v_build_name, v_previous_status, v_cpu_flags, v_cpu_over_commit_time_stamp, v_vms_cores_count,v_pending_vcpus_count, v_pending_vmem_size, v_cpu_sockets, v_net_config_dirty, v_supported_cluster_levels, v_supported_engines, v_host_os, v_kvm_version, v_libvirt_version, v_spice_version, v_gluster_version, v_kernel_version, v_iscsi_initiator_name, v_transparent_hugepages_state, v_hooks, v_hw_manufacturer, v_hw_product_name, v_hw_version, v_hw_serial_number, v_hw_uuid, v_hw_family, v_hbas, v_supported_emulated_machines, v_controlled_by_pm_policy, v_selinux_enforce_mode); END; RETURN; @@ -277,7 +278,8 @@ v_hw_uuid VARCHAR(255), v_hw_family VARCHAR(255), v_hbas VARCHAR(255), - v_supported_emulated_machines VARCHAR(255)) + v_supported_emulated_machines VARCHAR(255), + v_selinux_enforce_mode INTEGER) RETURNS VOID --The [vds_dynamic] table doesn't have a timestamp column. Optimistic concurrency logic cannot be generated @@ -308,7 +310,8 @@ _update_date = LOCALTIMESTAMP,non_operational_reason = v_non_operational_reason, hw_manufacturer = v_hw_manufacturer, hw_product_name = v_hw_product_name, hw_version = v_hw_version, hw_serial_number = v_hw_serial_number, - hw_uuid = v_hw_uuid, hw_family = v_hw_family, hbas = v_hbas, supported_emulated_machines = v_supported_emulated_machines + hw_uuid = v_hw_uuid, hw_family = v_hw_family, hbas = v_hbas, supported_emulated_machines = v_supported_emulated_machines, + selinux_enforce_mode = v_selinux_enforce_mode WHERE vds_id = v_vds_id; END; -- To view, visit http://gerrit.ovirt.org/26955 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: If472f68702b59280c721450d4db50dc27dc19a30 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Dima Kuznetsov <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
