def start(self):
command = "%s vgchange -a y '%s'" % (LVM_VOLGROUP.prog, self.name)
if run_script(command, self.chroot, log) != 0:
log.error("Activation of volume group '%s' failed.", self.name)
return 0
self.active = True
return 1
def start(self):
command = "%s vgchange -a y '%s'" % (LVM_VOLGROUP.prog, self.name)
if run_script(command, self.chroot, log) != 0:
log.error("Activation of volume group '%s' failed.", self.name)
return 0
self.active = True
return 1
def create(self):
command = "%s pvcreate --zero y -ff -y -d %s" % \
(LVM_PHYSICAL_VOLUME.prog, self.device)
if run_script(command, self.chroot, log) != 0:
log.error("Creation of physical layer on '%s' failed.",
self.device)
return 0
return 1
def create(self):
command = "%s pvcreate --zero y -ff -y -d %s" % \
(LVM_PHYSICAL_VOLUME.prog, self.device)
if run_script(command, self.chroot, log) != 0:
log.error("Creation of physical layer on '%s' failed.",
self.device)
return 0
return 1
def stop(self):
if not self.active:
return 1
command = "%s vgchange -a n '%s'" % (LVM_VOLGROUP.prog, self.name)
if run_script(command, self.chroot, log) != 0:
log.error("Deactivation of volume group '%s' failed.", self.name)
return 0
self.active = False
return 1
def stop(self):
if not self.active:
return 1
command = "%s vgchange -a n '%s'" % (LVM_VOLGROUP.prog, self.name)
if run_script(command, self.chroot, log) != 0:
log.error("Deactivation of volume group '%s' failed.", self.name)
return 0
self.active = False
return 1
def create(self, size):
command = "%s lvcreate -n '%s' --size %dk '%s'" % \
(LVM_LOGICAL_VOLUME.prog, self.name, (size / 1024),
self.volgroup)
if run_script(command, self.chroot, log) != 0:
log.error("Creation of logical volume '%s' on '%s' failed.",
self.name, self.volgroup)
return 0
self.active = 1
return 1
def create(self, size):
command = "%s lvcreate -n '%s' --size %dk '%s'" % \
(LVM_LOGICAL_VOLUME.prog, self.name, (size / 1024),
self.volgroup)
if run_script(command, self.chroot, log) != 0:
log.error("Creation of logical volume '%s' on '%s' failed.",
self.name, self.volgroup)
return 0
self.active = 1
return 1
def create(self, devices, extent=-1):
command = "%s vgcreate" % LVM_VOLGROUP.prog
if extent > 0:
command += " --physicalextentsize '%s'" % extent
command += " %s %s" % (self.name, " ".join(devices))
if run_script(command, self.chroot, log) != 0:
log.error("Creation of volume group '%s' on '%s' failed.",
self.name, devices)
return 0
self.active = 1
vg = LVM_VOLGROUP.info(self.name, chroot=self.chroot)
if not vg:
self.stop()
return 0
self.format = vg["format"]
self.extent = vg["pesize"]
self.size = vg["vgsize"]
return 1
def create(self, devices, extent=-1):
command = "%s vgcreate" % LVM_VOLGROUP.prog
if extent > 0:
command += " --physicalextentsize '%s'" % extent
command += " %s %s" % (self.name, " ".join(devices))
if run_script(command, self.chroot, log) != 0:
log.error("Creation of volume group '%s' on '%s' failed.",
self.name, devices)
return 0
self.active = 1
vg = LVM_VOLGROUP.info(self.name, chroot=self.chroot)
if not vg:
self.stop()
return 0
self.format = vg["format"]
self.extent = vg["pesize"]
self.size = vg["vgsize"]
return 1
def scan(chroot=None):
command = "%s vgscan --mknodes 2>/dev/null" % LVM_VOLGROUP.prog
if run_script(command, chroot, log) != 0:
log.error("Failed to scan for volume groups.")
return 0
return 1
def firewall_config(ks, buildroot, source):
if (source.isRHEL() and source.cmpVersion("4") < 0) or \
(source.isFedora() and source.cmpVersion("2") < 0) or \
not os.path.exists(buildroot+"/usr/sbin/lokkit"):
# lokkit is not able to configure firewall for pre RHEL-4 and
# pre FC-2
_trusted = ""
if ks["firewall"].has_key("trusted"):
for iface in ks["firewall"]["trusted"]:
_trusted += '-A RH-Firewall-1-INPUT -i %s -j ACCEPT\n' % \
iface
_open_ports = ""
if ks["firewall"].has_key("ports"):
ports = ks["firewall"]["ports"][:]
ports.sort()
for port in ports:
_open_ports += '-A RH-Firewall-1-INPUT ' + \
'-m state --state NEW ' + \
'-m %s -p %s --dport %d -j ACCEPT\n' % \
(port[1], port[1], port[0])
content = [ \
'# Firewall configuration written by pyrpmkickstart\n',
'# Manual customization of this file is not recommended.\n',
'*filter\n',
':INPUT ACCEPT [0:0]\n',
':FORWARD ACCEPT [0:0]\n',
':OUTPUT ACCEPT [0:0]\n',
':RH-Firewall-1-INPUT - [0:0]\n',
'-A INPUT -j RH-Firewall-1-INPUT\n',
'-A FORWARD -j RH-Firewall-1-INPUT\n',
'-A RH-Firewall-1-INPUT -i lo -j ACCEPT\n',
_trusted,
'-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT\n',
'-A RH-Firewall-1-INPUT -p 50 -j ACCEPT\n',
'-A RH-Firewall-1-INPUT -p 51 -j ACCEPT\n',
'-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT\n',
'-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT\n',
'-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\n',
_open_ports,
'-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited\n',
'COMMIT\n' ]
create_file(buildroot, "/etc/sysconfig/iptables", content)
# enable firewall
if ks["firewall"].has_key("enabled"):
if run_script("/sbin/chkconfig iptables on", buildroot) != 0:
log.error("Could not enable firewall.")
else:
# use lokkit to configure firewall
fwargs = []
if ks["firewall"].has_key("enabled"):
fwargs.append("--enabled")
if ks["firewall"].has_key("disabled"):
fwargs.append("--disabled")
if ks["firewall"].has_key("trusted"):
for trusted in ks["firewall"]["trusted"]:
fwargs.append("--trusted=%s" % trusted)
if ks["firewall"].has_key("ports"):
for port in ks["firewall"]["ports"]:
fwargs.append("--port=%s:%s" % (port[0], port[1]))
lokkit = "/usr/sbin/lokkit --quiet --nostart -f %s" % \
" ".join(fwargs)
if run_script(lokkit, buildroot) != 0:
log.error("Configuration of firewall failed.")
create_file(buildroot, "/etc/sysconfig/system-config-securitylevel", [
'# Configuration file for system-config-securitylevel\n', "\n",
"%s" % "\n".join(fwargs)
])
def firewall_config(ks, buildroot, source):
if (source.isRHEL() and source.cmpVersion("4") < 0) or \
(source.isFedora() and source.cmpVersion("2") < 0) or \
not os.path.exists(buildroot+"/usr/sbin/lokkit"):
# lokkit is not able to configure firewall for pre RHEL-4 and
# pre FC-2
_trusted = ""
if ks["firewall"].has_key("trusted"):
for iface in ks["firewall"]["trusted"]:
_trusted += '-A RH-Firewall-1-INPUT -i %s -j ACCEPT\n' % \
iface
_open_ports = ""
if ks["firewall"].has_key("ports"):
ports = ks["firewall"]["ports"][:]
ports.sort()
for port in ports:
_open_ports += '-A RH-Firewall-1-INPUT ' + \
'-m state --state NEW ' + \
'-m %s -p %s --dport %d -j ACCEPT\n' % \
(port[1], port[1], port[0])
content = [ \
'# Firewall configuration written by pyrpmkickstart\n',
'# Manual customization of this file is not recommended.\n',
'*filter\n',
':INPUT ACCEPT [0:0]\n',
':FORWARD ACCEPT [0:0]\n',
':OUTPUT ACCEPT [0:0]\n',
':RH-Firewall-1-INPUT - [0:0]\n',
'-A INPUT -j RH-Firewall-1-INPUT\n',
'-A FORWARD -j RH-Firewall-1-INPUT\n',
'-A RH-Firewall-1-INPUT -i lo -j ACCEPT\n',
_trusted,
'-A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT\n',
'-A RH-Firewall-1-INPUT -p 50 -j ACCEPT\n',
'-A RH-Firewall-1-INPUT -p 51 -j ACCEPT\n',
'-A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT\n',
'-A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT\n',
'-A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT\n',
_open_ports,
'-A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited\n',
'COMMIT\n' ]
create_file(buildroot, "/etc/sysconfig/iptables", content)
# enable firewall
if ks["firewall"].has_key("enabled"):
if run_script("/sbin/chkconfig iptables on", buildroot) != 0:
log.error("Could not enable firewall.")
else:
# use lokkit to configure firewall
fwargs = [ ]
if ks["firewall"].has_key("enabled"):
fwargs.append("--enabled")
if ks["firewall"].has_key("disabled"):
fwargs.append("--disabled")
if ks["firewall"].has_key("trusted"):
for trusted in ks["firewall"]["trusted"]:
fwargs.append("--trusted=%s" % trusted)
if ks["firewall"].has_key("ports"):
for port in ks["firewall"]["ports"]:
fwargs.append("--port=%s:%s" % (port[0], port[1]))
lokkit = "/usr/sbin/lokkit --quiet --nostart -f %s" % \
" ".join(fwargs)
if run_script(lokkit, buildroot) != 0:
log.error("Configuration of firewall failed.")
create_file(buildroot, "/etc/sysconfig/system-config-securitylevel",
[ '# Configuration file for system-config-securitylevel\n',
"\n",
"%s" % "\n".join(fwargs) ])
def scan(chroot=None):
command = "%s vgscan --mknodes 2>/dev/null" % LVM_VOLGROUP.prog
if run_script(command, chroot, log) != 0:
log.error("Failed to scan for volume groups.")
return 0
return 1
