def test_evaluation_passwd_minlen_no_passwd( proxy_getter, rule_data, ksdata_mock, storage_mock): password_proxy_mock = USERS.get_proxy() password_proxy_mock.IsRootPasswordSet = False evaluation_passwd_minlen_no_passwd(rule_data, ksdata_mock, storage_mock, 8, (10, 11)) evaluation_passwd_minlen_no_passwd(rule_data, ksdata_mock, storage_mock, 10, (8, 11)) evaluation_passwd_minlen_no_passwd(rule_data, ksdata_mock, storage_mock, 11, (8, 10))
def __init__(self, *args): NormalSpoke.__init__(self, *args) GUISpokeInputCheckHandler.__init__(self) self._users_module = USERS.get_proxy() self._services_module = SERVICES.get_proxy() self._refresh_running = False self._manually_locked = False
def test_revert_password_policy_changes(proxy_getter, rule_data, ksdata_mock, storage_mock): password_proxy_mock = USERS.get_proxy() password_proxy_mock.IsRootPasswordCrypted = False password_proxy_mock.RootPassword = "******" # FIXME: Add password policy changes to this test. It only checks # password length right now outside of policy changes. rule_data.new_rule("passwd --minlen=8") messages = rule_data.eval_rules(ksdata_mock, storage_mock) # password error --> one message assert len(messages) == 1 rule_data.revert_changes(ksdata_mock, storage_mock) # with long enough password this time # password_proxy_mock.RootPassword = "******" messages = rule_data.eval_rules(ksdata_mock, storage_mock) # long enough password # entered --> no message assert messages == []
def eval_rules(self, ksdata, storage, report_only=False): """:see: RuleHandler.eval_rules""" if self._minlen == 0: # no password restrictions, nothing to be done here return [] ret = [] users_proxy = USERS.get_proxy() if not users_proxy.IsRootPasswordSet: # root password was not set msg = _("make sure to create password with minimal length of %d " "characters") % self._minlen ret = [ RuleMessage(self.__class__, common.MESSAGE_TYPE_WARNING, msg) ] else: # root password set if users_proxy.IsRootPasswordCrypted: msg = _( "cannot check root password length (password is crypted)") log.warning( "cannot check root password length (password is crypted)") return [ RuleMessage(self.__class__, common.MESSAGE_TYPE_WARNING, msg) ] elif len(users_proxy.RootPassword) < self._minlen: # too short msg = _("root password is too short, a longer one with at " "least %d characters is required") % self._minlen ret = [ RuleMessage(self.__class__, common.MESSAGE_TYPE_FATAL, msg) ] else: ret = [] if report_only: return ret # set the policy in any case (so that a weaker password is not entered) pw_policy = ksdata.anaconda.pwpolicy.get_policy("root") if pw_policy is None: pw_policy = F22_PwPolicyData() log.info("OSCAP addon: setting password policy %s" % pw_policy) ksdata.anaconda.pwpolicy.policyList.append(pw_policy) log.info("OSCAP addon: password policy list: %s" % ksdata.anaconda.pwpolicy.policyList) self._created_policy = True self._orig_minlen = pw_policy.minlen self._orig_strict = pw_policy.strict pw_policy.minlen = self._minlen pw_policy.strict = True return ret
def _revert_rootpw_changes(self): if self.__old_root_pw is not None: users_proxy = USERS.get_proxy() users_proxy.SetRootPassword(self.__old_root_pw) self.__old_root_pw = None users_proxy.SetRootpwKickstarted(self.__old_root_pw_seen) self.__old_root_pw_seen = None
def __init__(self, data, storage, payload): NormalTUISpoke.__init__(self, data, storage, payload) self.initialize_start() self.title = N_("Root password") self.input_required = False self._password = None self._users_module = USERS.get_proxy() self.initialize_done()
def eval_rules(self, ksdata, storage, report_only=False): """:see: RuleHandler.eval_rules""" if self._minlen == 0: # no password restrictions, nothing to be done here return [] ret = [] users_proxy = USERS.get_proxy() if not users_proxy.IsRootPasswordSet: # root password was not set msg = _("make sure to create password with minimal length of %d " "characters") % self._minlen ret = [ RuleMessage(self.__class__, common.MESSAGE_TYPE_WARNING, msg) ] else: # root password set if users_proxy.IsRootPasswordCrypted: msg = _( "cannot check root password length (password is crypted)") log.warning( "OSCAP Addon: cannot check root password length (password is crypted)" ) return [ RuleMessage(self.__class__, common.MESSAGE_TYPE_WARNING, msg) ] elif len(users_proxy.RootPassword) < self._minlen: # too short msg = _("root password is too short, a longer one with at " "least %d characters is required") % self._minlen ret = [ RuleMessage(self.__class__, common.MESSAGE_TYPE_FATAL, msg) ] else: ret = [] if report_only: return ret # set the policy in any case (so that a weaker password is not entered) policies = self._get_password_policies() policy = policies[PASSWORD_POLICY_ROOT] self._orig_minlen = policy.min_length self._orig_strict = policy.is_strict policy.min_length = self._minlen policy.is_strict = True self._set_password_policies(policies) return ret
def test_evaluation_passwd_minlen_good_passwd(proxy_getter, rule_data, ksdata_mock, storage_mock): password_proxy_mock = USERS.get_proxy() password_proxy_mock.IsRootPasswordCrypted = False password_proxy_mock.RootPassword = "******" rule_data.new_rule("passwd --minlen=8") messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=False) # minimal password length less than actual length --> no warning assert not messages
def __init__(self, data, storage, payload): FirstbootSpokeMixIn.__init__(self) NormalTUISpoke.__init__(self, data, storage, payload) self.initialize_start() # connect to the Users DBus module self._users_module = USERS.get_proxy() self.title = N_("User creation") self._container = None # was user creation requested by the Users DBus module # - at the moment this basically means user creation was # requested via kickstart # - note that this does not currently update when user # list is changed via DBus self._user_requested = False self._user_cleared = False # should a user be created ? self._create_user = False self._user_list = get_user_list(self._users_module, add_default=True) # if user has a name, it's an actual user that has been requested, # rather than a default user added by us if self.user.name: self._user_requested = True self._create_user = True self._use_password = self.user.is_crypted or self.user.password self._groups = "" self._is_admin = False self._policy = self.data.anaconda.pwpolicy.get_policy( "user", fallback_to_default=True) self.errors = [] self._users_module = USERS.get_proxy() self.initialize_done()
def should_run(cls, environment, data): if FirstbootSpokeMixIn.should_run(environment, data): return True # the user spoke should run always in the anaconda and in firstboot only # when doing reconfig or if no user has been created in the installation users_module = USERS.get_proxy() user_list = get_user_list(users_module) if environment == FIRSTBOOT_ENVIRON and data and not user_list: return True return False
def eval_rules(self, ksdata, storage, report_only=False): """:see: RuleHandler.eval_rules""" if self._minlen == 0: # no password restrictions, nothing to be done here return [] ret = [] users_proxy = USERS.get_proxy() if not users_proxy.IsRootPasswordSet: # root password was not set msg = _("make sure to create password with minimal length of %d " "characters") % self._minlen ret = [RuleMessage(self.__class__, common.MESSAGE_TYPE_WARNING, msg)] else: # root password set if users_proxy.IsRootPasswordCrypted: msg = _("cannot check root password length (password is crypted)") log.warning("cannot check root password length (password is crypted)") return [RuleMessage(self.__class__, common.MESSAGE_TYPE_WARNING, msg)] elif len(users_proxy.RootPassword) < self._minlen: # too short msg = _("root password is too short, a longer one with at " "least %d characters is required") % self._minlen ret = [RuleMessage(self.__class__, common.MESSAGE_TYPE_FATAL, msg)] else: ret = [] if report_only: return ret # set the policy in any case (so that a weaker password is not entered) pw_policy = ksdata.anaconda.pwpolicy.get_policy("root") if pw_policy is None: pw_policy = F22_PwPolicyData() log.info("OSCAP addon: setting password policy %s" % pw_policy) ksdata.anaconda.pwpolicy.policyList.append(pw_policy) log.info("OSCAP addon: password policy list: %s" % ksdata.anaconda.pwpolicy.policyList) self._created_policy = True self._orig_minlen = pw_policy.minlen self._orig_strict = pw_policy.strict pw_policy.minlen = self._minlen pw_policy.strict = True return ret
def __init__(self, data, storage, payload): NormalTUISpoke.__init__(self, data, storage, payload) self.initialize_start() self.title = N_("Root password") self.input_required = False self._policy = self.data.anaconda.pwpolicy.get_policy("root", fallback_to_default=True) self._password = None self._users_module = USERS.get_proxy() self._services_module = SERVICES.get_proxy() self.initialize_done()
def _load_kickstart(self): """Load the kickstart""" from pyanaconda import kickstart # Construct a commandMap with only the supported Anaconda's commands commandMap = dict( (k, kickstart.commandMap[k]) for k in SUPPORTED_KICKSTART_COMMANDS) # Prepare new data object self.data = kickstart.AnacondaKSHandler(self._addon_module_paths["ks"], commandUpdates=commandMap) kickstart_path = INPUT_KICKSTART_PATH if os.path.exists(OUTPUT_KICKSTART_PATH): log.info("using kickstart from previous run for input") kickstart_path = OUTPUT_KICKSTART_PATH log.info("parsing input kickstart %s", kickstart_path) try: # Read the installed kickstart parser = kickstart.AnacondaKSParser(self.data) parser.readKickstart(kickstart_path) log.info("kickstart parsing done") except pykickstart.errors.KickstartError as kserr: log.critical("kickstart parsing failed: %s", kserr) log.critical( "Initial Setup startup failed due to invalid kickstart file") raise InitialSetupError # if we got this far the kickstart should be valid, so send it to Boss as well boss = BOSS.get_proxy() report = KickstartReport.from_structure( boss.ReadKickstartFile(kickstart_path)) if not report.is_valid(): message = "\n\n".join(map(str, report.error_messages)) raise InitialSetupError(message) if self.external_reconfig: # set the reconfig flag in kickstart so that # relevant spokes show up services_proxy = SERVICES.get_proxy() services_proxy.SetSetupOnBoot(SETUP_ON_BOOT_RECONFIG) # Record if groups, users or root password has been set before Initial Setup # has been started, so that we don't trample over existing configuration. users_proxy = USERS.get_proxy() self._groups_already_configured = bool(users_proxy.Groups) self._users_already_configured = bool(users_proxy.Users) self._root_password_already_configured = users_proxy.IsRootPasswordSet
def test_evaluation_passwd_minlen_crypted_passwd( proxy_getter, rule_data, ksdata_mock, storage_mock): password_proxy_mock = USERS.get_proxy() password_proxy_mock.IsRootPasswordCrypted = True password_proxy_mock.RootPassword = "******" rule_data.new_rule("passwd --minlen=8") messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=False) # minimal password length greater than actual length --> one warning assert len(messages) == 1 assert messages[0].type == common.MESSAGE_TYPE_WARNING # warning has to mention that the password cannot be checked assert "cannot check" in messages[0].text
def should_run(cls, environment, data): # the user spoke should run always in the anaconda and in firstboot only # when doing reconfig or if no user has been created in the installation users_module = USERS.get_proxy() user_list = get_user_list(users_module) if environment == constants.ANACONDA_ENVIRON: return True elif environment == constants.FIRSTBOOT_ENVIRON and data is None: # cannot decide, stay in the game and let another call with data # available (will come) decide return True elif environment == constants.FIRSTBOOT_ENVIRON and data and not user_list: return True else: return False
def test_evaluation_passwd_minlen_report_only_not_ignored( proxy_getter, rule_data, ksdata_mock, storage_mock): password_proxy_mock = USERS.get_proxy() password_proxy_mock.IsRootPasswordCrypted = False password_proxy_mock.RootPassword = "******" rule_data.new_rule("passwd --minlen=8") messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=False) # Mock pw_policy returned by anaconda.pwpolicy.get_policy() pw_policy_mock = mock.Mock() pw_policy_mock.minlen = 6 pw_policy_mock.strict = False ksdata_mock.anaconda.pwpolicy.get_policy.return_value = pw_policy_mock # call eval_rules with report_only=False # should set password minimal length to 8 messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=False) # Password Policy changed --> no warnings assert not messages assert rule_data._passwd_rules._orig_minlen == 6 assert not rule_data._passwd_rules._orig_strict assert pw_policy_mock.minlen == 8 assert pw_policy_mock.strict assert rule_data._passwd_rules._minlen == 8 # call of eval_rules with report_only=True # should not change anything messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=True) # Password Policy stayed the same --> no warnings assert not messages assert rule_data._passwd_rules._orig_minlen == 6 assert not rule_data._passwd_rules._orig_strict assert pw_policy_mock.minlen == 8 assert pw_policy_mock.strict assert rule_data._passwd_rules._minlen == 8
def execute(self, storage, ksdata, users): users_proxy = USERS.get_proxy() if flags.automatedInstall and not users_proxy.IsRootPasswordSet and not users_proxy.IsRootpwKickstarted: # Lock the root password if during an installation with kickstart # the root password is empty & not specififed as empty in the kickstart # (seen == False) via the rootpw command. # Note that kickstart is actually the only way to specify an empty # root password - we don't allow that via the UI. users_proxy.SetRootAccountLocked(True) elif not flags.automatedInstall and not users_proxy.IsRootPasswordSet: # Also lock the root password if it was not set during interactive installation. users_proxy.SetRootAccountLocked(True) users.setRootPassword(users_proxy.RootPassword, users_proxy.IsRootPasswordCrypted, users_proxy.IsRootAccountLocked, None, util.getSysroot())
def execute(self, storage, ksdata, users): users_proxy = USERS.get_proxy() if flags.automatedInstall and not users_proxy.IsRootPasswordSet and not users_proxy.IsRootpwKickstarted: # Lock the root password if during an installation with kickstart # the root password is empty & not specififed as empty in the kickstart # (seen == False) via the rootpw command. # Note that kickstart is actually the only way to specify an empty # root password - we don't allow that via the UI. users_proxy.SetRootAccountLocked(True) elif not flags.automatedInstall and not users_proxy.IsRootPasswordSet: # Also lock the root password if it was not set during interactive installation. users_proxy.SetRootAccountLocked(True) users.setRootPassword(users_proxy.RootPassword, users_proxy.IsRootPasswordCrypted, users_proxy.IsRootAccountLocked, None, util.getSysroot())
def set_dbus_defaults(): boss = BOSS.get_proxy() boss.GetModules.return_value = [ KDUMP.service_name ] kdump = KDUMP.get_proxy() kdump.KdumpEnabled = True user_interface = BOSS.get_proxy(USER_INTERFACE) user_interface.PasswordPolicies = {} network = NETWORK.get_proxy() network.Connected.return_value = True firewall = NETWORK.get_proxy(FIREWALL) firewall.EnabledServices = [] firewall.DisabledServices = [] firewall.EnabledPorts = [] firewall.Trusts = [] device_tree = STORAGE.get_proxy(DEVICE_TREE) device_tree.GetDeviceMountOptions.return_value = "defaults" device_tree.GetMountPoints.return_value = {} bootloader = STORAGE.get_proxy(BOOTLOADER) bootloader.IsPasswordSet = False users = USERS.get_proxy() users.IsRootPasswordSet = True users.IsRootPasswordCrypted = False users.RootPassword = "******" payloads = PAYLOADS.get_proxy() payloads.ActivePayload = "/fake/payload/1" dnf_payload = PAYLOADS.get_proxy("/fake/payload/1") dnf_payload.Type = PAYLOAD_TYPE_DNF packages_data = PackagesSelectionData() dnf_payload.PackagesSelection = PackagesSelectionData.to_structure(packages_data)
def set_dbus_defaults(): network = NETWORK.get_proxy() network.Connected.return_value = True firewall = NETWORK.get_proxy(FIREWALL) firewall.EnabledServices = [] firewall.DisabledServices = [] firewall.EnabledPorts = [] firewall.Trusts = [] device_tree = STORAGE.get_proxy(DEVICE_TREE) device_tree.GetDeviceMountOptions.return_value = "defaults" device_tree.GetMountPoints.return_value = {} bootloader = STORAGE.get_proxy(BOOTLOADER) bootloader.IsPasswordSet = False users = USERS.get_proxy() users.IsRootPasswordSet = True users.IsRootPasswordCrypted = False users.RootPassword = "******"
def test_evaluation_passwd_minlen_report_only_not_ignored( proxy_getter, rule_data, ksdata_mock, storage_mock): password_proxy_mock = USERS.get_proxy() password_proxy_mock.IsRootPasswordCrypted = False password_proxy_mock.RootPassword = "******" rule_data.new_rule("passwd --minlen=8") # call eval_rules with report_only=False # should set password minimal length to 8 messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=False) # Password Policy changed --> no warnings assert not messages assert rule_data._passwd_rules._orig_minlen == 6 assert not rule_data._passwd_rules._orig_strict assert rule_data._passwd_rules._minlen == 8 policy = PasswordPolicy.from_defaults(PASSWORD_POLICY_ROOT) policy.min_length = 8 policy.is_strict = True policies = {PASSWORD_POLICY_ROOT: policy} ui_mock = BOSS.get_proxy(USER_INTERFACE) assert ui_mock.PasswordPolicies == \ PasswordPolicy.to_structure_dict(policies) # call of eval_rules with report_only=True # should not change anything messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=True) # Password Policy stayed the same --> no warnings assert not messages assert rule_data._passwd_rules._orig_minlen == 6 assert not rule_data._passwd_rules._orig_strict assert rule_data._passwd_rules._minlen == 8 assert ui_mock.PasswordPolicies == \ PasswordPolicy.to_structure_dict(policies)
def test_evaluation_passwd_minlen_short_passwd_report_only( proxy_getter, rule_data, ksdata_mock, storage_mock): password_proxy_mock = USERS.get_proxy() password_proxy_mock.IsRootPasswordCrypted = False password_proxy_mock.RootPassword = "******" rule_data.new_rule("passwd --minlen=8") messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=True) # minimal password length greater than actual length --> one warning assert len(messages) == 1 assert messages[0].type == common.MESSAGE_TYPE_FATAL # warning has to mention the length assert "8" in messages[0].text # warning should mention that something is wrong with the old password assert "is" in messages[0].text # doing changes --> password should not be cleared assert password_proxy_mock.RootPassword == "aaaa"
def _resolve_rootpw_issues(self, messages, report_only): """Mitigate root password issues (which are not fatal in GUI)""" fatal_rootpw_msgs = [ msg for msg in messages if msg.origin == rule_handling.PasswdRules and msg.type == common.MESSAGE_TYPE_FATAL ] if fatal_rootpw_msgs: for msg in fatal_rootpw_msgs: # cannot just change the message type because it is a namedtuple messages.remove(msg) msg = common.RuleMessage(self.__class__, common.MESSAGE_TYPE_WARNING, msg.text) messages.append(msg) if not report_only: users_proxy = USERS.get_proxy() self.__old_root_pw = users_proxy.RootPassword self.data.rootpw.password = None self.__old_root_pw_seen = users_proxy.IsRootpwKickstarted self.data.rootpw.seen = False
def _prepare_configuration(payload, ksdata): """Configure the installed system.""" configuration_queue = TaskQueue("Configuration queue") # connect progress reporting configuration_queue.queue_started.connect( lambda x: progress_message(x.status_message)) configuration_queue.task_completed.connect(lambda x: progress_step(x.name)) # schedule the execute methods of ksdata that require an installed system to be present os_config = TaskQueue("Installed system configuration", N_("Configuring installed system")) # add installation tasks for the Security DBus module security_proxy = SECURITY.get_proxy() security_dbus_tasks = security_proxy.InstallWithTasks() os_config.append_dbus_tasks(SECURITY, security_dbus_tasks) # add installation tasks for the Services DBus module services_proxy = SERVICES.get_proxy() services_dbus_tasks = services_proxy.InstallWithTasks() os_config.append_dbus_tasks(SERVICES, services_dbus_tasks) # add installation tasks for the Timezone DBus module timezone_proxy = TIMEZONE.get_proxy() timezone_dbus_tasks = timezone_proxy.InstallWithTasks() os_config.append_dbus_tasks(TIMEZONE, timezone_dbus_tasks) # add installation tasks for the Localization DBus module localization_proxy = LOCALIZATION.get_proxy() localization_dbus_tasks = localization_proxy.InstallWithTasks() os_config.append_dbus_tasks(LOCALIZATION, localization_dbus_tasks) # add the Firewall configuration task firewall_proxy = NETWORK.get_proxy(FIREWALL) firewall_dbus_task = firewall_proxy.InstallWithTask() os_config.append_dbus_tasks(NETWORK, [firewall_dbus_task]) configuration_queue.append(os_config) # schedule network configuration (if required) if conf.system.provides_network_config: overwrite = isinstance(payload, LiveImagePayload) network_config = TaskQueue("Network configuration", N_("Writing network configuration")) network_config.append( Task("Network configuration", network.write_configuration, (overwrite, ))) configuration_queue.append(network_config) # add installation tasks for the Users DBus module user_config = TaskQueue("User creation", N_("Creating users")) users_proxy = USERS.get_proxy() users_dbus_tasks = users_proxy.InstallWithTasks() os_config.append_dbus_tasks(USERS, users_dbus_tasks) configuration_queue.append(user_config) # Anaconda addon configuration addon_config = TaskQueue("Anaconda addon configuration", N_("Configuring addons")) # there is no longer a User class & addons should no longer need it # FIXME: drop user class parameter from the API & all known addons addon_config.append( Task("Configure Anaconda addons", ksdata.addons.execute, (None, ksdata, None, payload))) boss_proxy = BOSS.get_proxy() addon_config.append_dbus_tasks(BOSS, [boss_proxy.InstallSystemWithTask()]) configuration_queue.append(addon_config) # Initramfs generation generate_initramfs = TaskQueue("Initramfs generation", N_("Generating initramfs")) generate_initramfs.append( Task("Generate initramfs", payload.recreate_initrds)) # This works around 2 problems, /boot on BTRFS and BTRFS installations where the initrd is # recreated after the first writeBootLoader call. This reruns it after the new initrd has # been created, fixing the kernel root and subvol args and adding the missing initrd entry. bootloader_proxy = STORAGE.get_proxy(BOOTLOADER) if isinstance(payload, LiveImagePayload): btrfs_task = bootloader_proxy.FixBTRFSWithTask( payload.kernel_version_list) generate_initramfs.append_dbus_tasks(STORAGE, [btrfs_task]) # Invoking zipl should be the last thing done on a s390x installation (see #1652727). zipl_task = bootloader_proxy.FixZIPLWithTask() generate_initramfs.append_dbus_tasks(STORAGE, [zipl_task]) configuration_queue.append(generate_initramfs) # realm join # - this can run only after network is configured in the target system chroot configuration_queue.append_dbus_tasks(SECURITY, [security_proxy.JoinRealmWithTask()]) post_scripts = TaskQueue("Post installation scripts", N_("Running post-installation scripts")) post_scripts.append( Task("Run post installation scripts", runPostScripts, (ksdata.scripts, ))) configuration_queue.append(post_scripts) # setup kexec reboot if requested if flags.flags.kexec: kexec_setup = TaskQueue("Kexec setup", N_("Setting up kexec")) kexec_setup.append(Task("Setup kexec", setup_kexec)) configuration_queue.append(kexec_setup) # write anaconda related configs & kickstarts write_configs = TaskQueue("Write configs and kickstarts", N_("Storing configuration files and kickstarts")) # Write the kickstart file to the installed system (or, copy the input # kickstart file over if one exists). if flags.flags.nosave_output_ks: # don't write the kickstart file to the installed system if this has # been disabled by the nosave option log.warning( "Writing of the output kickstart to installed system has been disabled" " by the nosave option.") else: # write anaconda related configs & kickstarts write_configs.append(Task("Store kickstarts", _writeKS, (ksdata, ))) # only add write_configs to the main queue if we actually store some kickstarts/configs if write_configs.task_count: configuration_queue.append(write_configs) return configuration_queue
def __str__(self): users_proxy = USERS.get_proxy() return users_proxy.GenerateTemporaryKickstart()
def _prepare_configuration(payload, ksdata): """Configure the installed system.""" configuration_queue = TaskQueue("Configuration queue") # connect progress reporting configuration_queue.queue_started.connect( lambda x: progress_message(x.status_message)) configuration_queue.task_completed.connect(lambda x: progress_step(x.name)) # add installation tasks for the Subscription DBus module if is_module_available(SUBSCRIPTION): # we only run the tasks if the Subscription module is available subscription_config = TaskQueue("Subscription configuration", N_("Configuring Red Hat subscription")) subscription_proxy = SUBSCRIPTION.get_proxy() subscription_dbus_tasks = subscription_proxy.InstallWithTasks() subscription_config.append_dbus_tasks(SUBSCRIPTION, subscription_dbus_tasks) configuration_queue.append(subscription_config) # schedule the execute methods of ksdata that require an installed system to be present os_config = TaskQueue("Installed system configuration", N_("Configuring installed system")) # add installation tasks for the Security DBus module security_proxy = SECURITY.get_proxy() security_dbus_tasks = security_proxy.InstallWithTasks() os_config.append_dbus_tasks(SECURITY, security_dbus_tasks) # add installation tasks for the Timezone DBus module # run these tasks before tasks of the Services module if is_module_available(TIMEZONE): timezone_proxy = TIMEZONE.get_proxy() timezone_dbus_tasks = timezone_proxy.InstallWithTasks() os_config.append_dbus_tasks(TIMEZONE, timezone_dbus_tasks) # add installation tasks for the Services DBus module services_proxy = SERVICES.get_proxy() services_dbus_tasks = services_proxy.InstallWithTasks() os_config.append_dbus_tasks(SERVICES, services_dbus_tasks) # add installation tasks for the Localization DBus module if is_module_available(LOCALIZATION): localization_proxy = LOCALIZATION.get_proxy() localization_dbus_tasks = localization_proxy.InstallWithTasks() os_config.append_dbus_tasks(LOCALIZATION, localization_dbus_tasks) # add the Firewall configuration task if conf.target.can_configure_network: firewall_proxy = NETWORK.get_proxy(FIREWALL) firewall_dbus_task = firewall_proxy.InstallWithTask() os_config.append_dbus_tasks(NETWORK, [firewall_dbus_task]) configuration_queue.append(os_config) # schedule network configuration (if required) if conf.target.can_configure_network and conf.system.provides_network_config: overwrite = payload.type in PAYLOAD_LIVE_TYPES network_config = TaskQueue("Network configuration", N_("Writing network configuration")) network_config.append( Task("Network configuration", network.write_configuration, (overwrite, ))) configuration_queue.append(network_config) # add installation tasks for the Users DBus module if is_module_available(USERS): user_config = TaskQueue("User creation", N_("Creating users")) users_proxy = USERS.get_proxy() users_dbus_tasks = users_proxy.InstallWithTasks() user_config.append_dbus_tasks(USERS, users_dbus_tasks) configuration_queue.append(user_config) # Anaconda addon configuration addon_config = TaskQueue("Anaconda addon configuration", N_("Configuring addons")) # there is no longer a User class & addons should no longer need it # FIXME: drop user class parameter from the API & all known addons addon_config.append( Task("Configure Anaconda addons", ksdata.addons.execute, (None, ksdata, None, payload))) boss_proxy = BOSS.get_proxy() addon_config.append_dbus_tasks(BOSS, [boss_proxy.InstallSystemWithTask()]) configuration_queue.append(addon_config) # Initramfs generation generate_initramfs = TaskQueue("Initramfs generation", N_("Generating initramfs")) bootloader_proxy = STORAGE.get_proxy(BOOTLOADER) def run_generate_initramfs(): tasks = bootloader_proxy.GenerateInitramfsWithTasks( payload.type, payload.kernel_version_list) for task in tasks: sync_run_task(STORAGE.get_proxy(task)) generate_initramfs.append( Task("Generate initramfs", run_generate_initramfs)) configuration_queue.append(generate_initramfs) # Configure FIPS. configuration_queue.append_dbus_tasks( SECURITY, [security_proxy.ConfigureFIPSWithTask()]) # realm join # - this can run only after network is configured in the target system chroot configuration_queue.append_dbus_tasks(SECURITY, [security_proxy.JoinRealmWithTask()]) post_scripts = TaskQueue("Post installation scripts", N_("Running post-installation scripts")) post_scripts.append( Task("Run post installation scripts", runPostScripts, (ksdata.scripts, ))) configuration_queue.append(post_scripts) # setup kexec reboot if requested if flags.flags.kexec: kexec_setup = TaskQueue("Kexec setup", N_("Setting up kexec")) kexec_setup.append(Task("Setup kexec", setup_kexec)) configuration_queue.append(kexec_setup) # write anaconda related configs & kickstarts write_configs = TaskQueue("Write configs and kickstarts", N_("Storing configuration files and kickstarts")) # Write the kickstart file to the installed system (or, copy the input # kickstart file over if one exists). if flags.flags.nosave_output_ks: # don't write the kickstart file to the installed system if this has # been disabled by the nosave option log.warning( "Writing of the output kickstart to installed system has been disabled" " by the nosave option.") else: # write anaconda related configs & kickstarts write_configs.append(Task("Store kickstarts", _writeKS, (ksdata, ))) # only add write_configs to the main queue if we actually store some kickstarts/configs if write_configs.task_count: configuration_queue.append(write_configs) return configuration_queue
def _apply(self): # Do not execute sections that were part of the original # anaconda kickstart file (== have .seen flag set) log.info("applying changes") sections = [self.data.keyboard, self.data.lang, self.data.timezone] # data.selinux # data.firewall localization_proxy = LOCALIZATION.get_proxy() self.data.keyboard.seen = localization_proxy.KeyboardKickstarted self.data.lang.seen = localization_proxy.LanguageKickstarted timezone_proxy = TIMEZONE.get_proxy() self.data.timezone.seen = timezone_proxy.Kickstarted log.info("executing kickstart") for section in sections: section_msg = "%s on line %d" % (repr(section), section.lineno) if section.seen: log.debug("skipping %s", section_msg) continue log.debug("executing %s", section_msg) section.execute(None, self.data, None) # Prepare the user database tools u = Users() sections = [self.data.group, self.data.user, self.data.rootpw] users_proxy = USERS.get_proxy() self.data.rootpw.seen = users_proxy.IsRootpwKickstarted for section in sections: section_msg = "%s on line %d" % (repr(section), section.lineno) if section.seen: log.debug("skipping %s", section_msg) continue log.debug("executing %s", section_msg) section.execute(None, self.data, None, u) # Configure all addons log.info("executing addons") self.data.addons.execute(None, self.data, None, u, None) if self.external_reconfig: # prevent the reconfig flag from being written out # to kickstart if neither /etc/reconfigSys or /.unconfigured # are present services_proxy = SERVICES.get_proxy() services_proxy.SetSetupOnBoot(SETUP_ON_BOOT_DEFAULT) # Write the kickstart data to file log.info("writing the Initial Setup kickstart file %s", OUTPUT_KICKSTART_PATH) with open(OUTPUT_KICKSTART_PATH, "w") as f: f.write(str(self.data)) log.info("finished writing the Initial Setup kickstart file") # Remove the reconfig files, if any - otherwise the reconfig mode # would start again next time the Initial Setup service is enabled. if self.external_reconfig: for reconfig_file in RECONFIG_FILES: if os.path.exists(reconfig_file): log.debug("removing reconfig trigger file: %s" % reconfig_file) os.remove(reconfig_file) # and we are done with applying changes log.info("all changes have been applied")
def __str__(self): users_proxy = USERS.get_proxy() return users_proxy.GenerateKickstart()
def _apply(self): # Do not execute sections that were part of the original # anaconda kickstart file (== have .seen flag set) log.info("applying changes") services_proxy = SERVICES.get_proxy() reconfig_mode = services_proxy.SetupOnBoot == SETUP_ON_BOOT_RECONFIG # data.selinux # data.firewall # Configure the timezone. timezone_proxy = TIMEZONE.get_proxy() for task_path in timezone_proxy.InstallWithTasks(): task_proxy = TIMEZONE.get_proxy(task_path) sync_run_task(task_proxy) # Configure the localization. localization_proxy = LOCALIZATION.get_proxy() for task_path in localization_proxy.InstallWithTasks(): task_proxy = LOCALIZATION.get_proxy(task_path) sync_run_task(task_proxy) # Configure persistent hostname network_proxy = NETWORK.get_proxy() network_task = network_proxy.ConfigureHostnameWithTask(True) task_proxy = NETWORK.get_proxy(network_task) sync_run_task(task_proxy) # Set current hostname network_proxy.SetCurrentHostname(network_proxy.Hostname) # Configure groups, users & root account # # NOTE: We only configure groups, users & root account if the respective # kickstart commands are *not* seen in the input kickstart. # This basically means that we will configure only what was # set in the Initial Setup UI and will not attempt to configure # anything that looks like it was configured previously in # the Anaconda UI or installation kickstart. users_proxy = USERS.get_proxy() if self._groups_already_configured and not reconfig_mode: log.debug("skipping user group configuration - already configured") elif users_proxy.Groups: # only run of there are some groups to create groups_task = users_proxy.ConfigureGroupsWithTask() task_proxy = USERS.get_proxy(groups_task) log.debug("configuring user groups via %s task", task_proxy.Name) sync_run_task(task_proxy) if self._users_already_configured and not reconfig_mode: log.debug("skipping user configuration - already configured") elif users_proxy.Users: # only run if there are some users to create users_task = users_proxy.ConfigureUsersWithTask() task_proxy = USERS.get_proxy(users_task) log.debug("configuring users via %s task", task_proxy.Name) sync_run_task(task_proxy) if self._root_password_already_configured and not reconfig_mode: log.debug( "skipping root password configuration - already configured") else: root_task = users_proxy.SetRootPasswordWithTask() task_proxy = USERS.get_proxy(root_task) log.debug("configuring root password via %s task", task_proxy.Name) sync_run_task(task_proxy) # Configure all addons log.info("executing addons") self.data.addons.execute(storage=None, ksdata=self.data, users=None, payload=None) boss_proxy = BOSS.get_proxy() task_path = boss_proxy.InstallSystemWithTask() task_proxy = BOSS.get_proxy(task_path) sync_run_task(task_proxy) if self.external_reconfig: # prevent the reconfig flag from being written out # to kickstart if neither /etc/reconfigSys or /.unconfigured # are present services_proxy = SERVICES.get_proxy() services_proxy.SetSetupOnBoot(SETUP_ON_BOOT_DEFAULT) # Write the kickstart data to file log.info("writing the Initial Setup kickstart file %s", OUTPUT_KICKSTART_PATH) with open(OUTPUT_KICKSTART_PATH, "w") as f: f.write(str(self.data)) log.info("finished writing the Initial Setup kickstart file") # Remove the reconfig files, if any - otherwise the reconfig mode # would start again next time the Initial Setup service is enabled. if self.external_reconfig: for reconfig_file in RECONFIG_FILES: if os.path.exists(reconfig_file): log.debug("removing reconfig trigger file: %s" % reconfig_file) os.remove(reconfig_file) # and we are done with applying changes log.info("all changes have been applied")
def doConfiguration(storage, payload, ksdata): """Configure the installed system.""" configuration_queue = TaskQueue("Configuration queue") # connect progress reporting configuration_queue.queue_started.connect( lambda x: progress_message(x.status_message)) configuration_queue.task_completed.connect(lambda x: progress_step(x.name)) # schedule the execute methods of ksdata that require an installed system to be present os_config = TaskQueue("Installed system configuration", N_("Configuring installed system")) os_config.append(Task("Configure authselect", ksdata.authselect.execute)) security_proxy = SECURITY.get_proxy() security_dbus_tasks = security_proxy.InstallWithTasks(util.getSysroot()) # add one Task instance per DBUS task for dbus_task in security_dbus_tasks: task_proxy = SECURITY.get_proxy(dbus_task) os_config.append(Task(task_proxy.Name, sync_run_task, (task_proxy, ))) services_proxy = SERVICES.get_proxy() services_dbus_tasks = services_proxy.InstallWithTasks(util.getSysroot()) # add one Task instance per DBUS task for dbus_task in services_dbus_tasks: task_proxy = SERVICES.get_proxy(dbus_task) os_config.append(Task(task_proxy.Name, sync_run_task, (task_proxy, ))) os_config.append(Task("Configure keyboard", ksdata.keyboard.execute)) os_config.append(Task("Configure timezone", ksdata.timezone.execute)) localization_proxy = LOCALIZATION.get_proxy() localization_dbus_tasks = localization_proxy.InstallWithTasks( util.getSysroot()) # add one Task instance per DBUS task for dbus_task in localization_dbus_tasks: task_proxy = LOCALIZATION.get_proxy(dbus_task) os_config.append(Task(task_proxy.Name, sync_run_task, (task_proxy, ))) firewall_proxy = NETWORK.get_proxy(FIREWALL) firewall_dbus_task = firewall_proxy.InstallWithTask(util.getSysroot()) task_proxy = NETWORK.get_proxy(firewall_dbus_task) os_config.append(Task(task_proxy.Name, sync_run_task, (task_proxy, ))) configuration_queue.append(os_config) # schedule network configuration (if required) if conf.system.provides_network_config: network_config = TaskQueue("Network configuration", N_("Writing network configuration")) network_config.append( Task("Network configuration", ksdata.network.execute, (payload, ))) configuration_queue.append(network_config) # creating users and groups requires some pre-configuration. user_config = TaskQueue("User creation", N_("Creating users")) users_proxy = USERS.get_proxy() users_dbus_tasks = users_proxy.InstallWithTasks(util.getSysroot()) # add one Task instance per DBUS task for dbus_task in users_dbus_tasks: task_proxy = USERS.get_proxy(dbus_task) user_config.append(Task(task_proxy.Name, sync_run_task, (task_proxy, ))) configuration_queue.append(user_config) # Anaconda addon configuration addon_config = TaskQueue("Anaconda addon configuration", N_("Configuring addons")) # there is no longer a User class & addons should no longer need it # FIXME: drop user class parameter from the API & all known addons addon_config.append( Task("Configure Anaconda addons", ksdata.addons.execute, (storage, ksdata, None, payload))) configuration_queue.append(addon_config) # Initramfs generation generate_initramfs = TaskQueue("Initramfs generation", N_("Generating initramfs")) generate_initramfs.append( Task("Generate initramfs", payload.recreate_initrds)) # This works around 2 problems, /boot on BTRFS and BTRFS installations where the initrd is # recreated after the first writeBootLoader call. This reruns it after the new initrd has # been created, fixing the kernel root and subvol args and adding the missing initrd entry. boot_on_btrfs = isinstance(storage.mountpoints.get("/"), BTRFSDevice) bootloader_proxy = STORAGE.get_proxy(BOOTLOADER) bootloader_enabled = bootloader_proxy.BootloaderMode != BOOTLOADER_DISABLED if isinstance(payload, LiveImagePayload) and boot_on_btrfs and bootloader_enabled: generate_initramfs.append( Task("Write BTRFS bootloader fix", write_boot_loader, (storage, payload))) # Invoking zipl should be the last thing done on a s390x installation (see #1652727). if arch.is_s390() and not conf.target.is_directory and bootloader_enabled: generate_initramfs.append( Task("Rerun zipl", lambda: util.execInSysroot("zipl", []))) configuration_queue.append(generate_initramfs) # join a realm (if required) if ksdata.realm.discovered: join_realm = TaskQueue( "Realm join", N_("Joining realm: %s") % ksdata.realm.discovered) join_realm.append(Task("Join a realm", ksdata.realm.execute)) configuration_queue.append(join_realm) post_scripts = TaskQueue("Post installation scripts", N_("Running post-installation scripts")) post_scripts.append( Task("Run post installation scripts", runPostScripts, (ksdata.scripts, ))) configuration_queue.append(post_scripts) # setup kexec reboot if requested if flags.flags.kexec: kexec_setup = TaskQueue("Kexec setup", N_("Setting up kexec")) kexec_setup.append(Task("Setup kexec", setup_kexec)) configuration_queue.append(kexec_setup) # write anaconda related configs & kickstarts write_configs = TaskQueue("Write configs and kickstarts", N_("Storing configuration files and kickstarts")) # Write the kickstart file to the installed system (or, copy the input # kickstart file over if one exists). if flags.flags.nosave_output_ks: # don't write the kickstart file to the installed system if this has # been disabled by the nosave option log.warning( "Writing of the output kickstart to installed system has been disabled" " by the nosave option.") else: # write anaconda related configs & kickstarts write_configs.append(Task("Store kickstarts", _writeKS, (ksdata, ))) # only add write_configs to the main queue if we actually store some kickstarts/configs if write_configs.task_count: configuration_queue.append(write_configs) # notify progress tracking about the number of steps progress_init(configuration_queue.task_count) # log contents of the main task queue log.info(configuration_queue.summary) # log tasks and queues when they are started # - note that we are using generators to add the counter queue_counter = util.item_counter(configuration_queue.queue_count) task_started_counter = util.item_counter(configuration_queue.task_count) task_completed_counter = util.item_counter(configuration_queue.task_count) configuration_queue.queue_started.connect(lambda x: log.info( "Queue started: %s (%s)", x.name, next(queue_counter))) configuration_queue.task_started.connect(lambda x: log.info( "Task started: %s (%s)", x.name, next(task_started_counter))) configuration_queue.task_completed.connect( lambda x: log.debug("Task completed: %s (%s) (%1.1f s)", x.name, next(task_completed_counter), x.elapsed_time)) # start the task queue configuration_queue.start() # done progress_complete()
def __init__(self, *args): NormalSpoke.__init__(self, *args) GUISpokeInputCheckHandler.__init__(self) self._users_module = USERS.get_proxy()
def __init__(self, *args): NormalSpoke.__init__(self, *args) GUISpokeInputCheckHandler.__init__(self) self._users_module = USERS.get_proxy() self._password_is_required = True