def write_configuration(overwrite=False): """Install network configuration to target system.""" fcoe_proxy = STORAGE.get_proxy(FCOE) fcoe_nics = fcoe_proxy.GetNics() fcoe_ifaces = [ dev.device_name for dev in get_supported_devices() if dev.device_name in fcoe_nics ] network_proxy = NETWORK.get_proxy() task_path = network_proxy.ConfigureActivationOnBootWithTask(fcoe_ifaces) task_proxy = NETWORK.get_proxy(task_path) sync_run_task(task_proxy) task_path = network_proxy.InstallNetworkWithTask(overwrite) task_proxy = NETWORK.get_proxy(task_path) sync_run_task(task_proxy) task_path = network_proxy.ConfigureHostnameWithTask(overwrite) task_proxy = NETWORK.get_proxy(task_path) sync_run_task(task_proxy) if conf.system.can_change_hostname: hostname = network_proxy.Hostname if hostname != DEFAULT_HOSTNAME: network_proxy.SetCurrentHostname(hostname)
def execute(self, storage, payload): fcoe_ifaces = network.devices_used_by_fcoe(storage) overwrite = network.can_overwrite_configuration(payload) network_proxy = NETWORK.get_proxy() task_path = network_proxy.InstallNetworkWithTask( util.getSysroot(), fcoe_ifaces, overwrite) task_proxy = NETWORK.get_proxy(task_path) sync_run_task(task_proxy) if conf.system.can_change_hostname: hostname = network_proxy.Hostname if hostname != network.DEFAULT_HOSTNAME: network_proxy.SetCurrentHostname(hostname)
def parse(self, args): tg = super().parse(args) if tg.iface: if not network.wait_for_network_devices([tg.iface]): raise KickstartParseError(lineno=self.lineno, msg=_("Network interface \"%(nic)s\" required by iSCSI \"%(iscsiTarget)s\" target is not up.") % {"nic": tg.iface, "iscsiTarget": tg.target}) mode = blivet.iscsi.iscsi.mode if mode == "none": if tg.iface: network_proxy = NETWORK.get_proxy() activated_ifaces = network_proxy.GetActivatedInterfaces() blivet.iscsi.iscsi.create_interfaces(activated_ifaces) elif ((mode == "bind" and not tg.iface) or (mode == "default" and tg.iface)): raise KickstartParseError(lineno=self.lineno, msg=_("iscsi --iface must be specified (binding used) either for all targets or for none")) try: blivet.iscsi.iscsi.add_target(tg.ipaddr, tg.port, tg.user, tg.password, tg.user_in, tg.password_in, target=tg.target, iface=tg.iface) iscsi_log.info("added iscsi target %s at %s via %s", tg.target, tg.ipaddr, tg.iface) except (IOError, ValueError) as e: raise KickstartParseError(lineno=self.lineno, msg=str(e)) return tg
def initialize_network(): """Initialize networking.""" if not conf.system.can_configure_network: return network_proxy = NETWORK.get_proxy() msg = "Initialization started." log.debug(msg) network_proxy.LogConfigurationState(msg) log.debug("Devices found: %s", [dev.device_name for dev in get_supported_devices()]) run_network_initialization_task(network_proxy.ApplyKickstartWithTask()) run_network_initialization_task( network_proxy.DumpMissingConfigFilesWithTask()) if network_proxy.Hostname == DEFAULT_HOSTNAME: bootopts_hostname = hostname_from_cmdline(kernel_arguments) if bootopts_hostname: log.debug("Updating host name from boot options: %s", bootopts_hostname) network_proxy.SetHostname(bootopts_hostname) # Create device configuration tracking in the module. # It will be used to generate kickstart from persistent network configuration # managed by NM (having config files) and updated by NM signals on device # configuration changes. log.debug("Creating network configurations.") network_proxy.CreateDeviceConfigurations() log.debug("Initialization finished.")
def _discover(self, credentials, bind): # This needs to be in its own thread, not marked with gtk_action_* because it's # called from on_start_clicked, which is in the GTK main loop. Those decorators # won't do anything special in that case. if not self.iscsi.initiator_set: self.iscsi.initiator = credentials.initiator # interfaces created here affect nodes that iscsi.discover would return if self.iscsi.mode == "none" and not bind: self.iscsi.delete_interfaces() elif (self.iscsi.mode == "bind" or self.iscsi.mode == "none" and bind): network_proxy = NETWORK.get_proxy() activated = set(network_proxy.GetActivatedInterfaces()) # The only place iscsi.ifaces is modified is create_interfaces(), # right below, so iteration is safe. created = set(self.iscsi.ifaces.values()) self.iscsi.create_interfaces(activated - created) try: self._discoveredNodes = self.iscsi.discover( credentials.targetIP, username=credentials.username, password=credentials.password, r_username=credentials.rUsername, r_password=credentials.rPassword) except SafeDBusError as e: self._discoveryError = str(e).split(':')[-1] return if len(self._discoveredNodes) == 0: self._discoveryError = "No nodes discovered."
def initialize_network(): """Initialize networking.""" if not conf.system.can_configure_network: return network_proxy = NETWORK.get_proxy() msg = "Initialization started." log.debug(msg) network_proxy.LogConfigurationState(msg) log.debug("Devices found: %s", [dev.device_name for dev in get_supported_devices()]) run_network_initialization_task(network_proxy.ConsolidateInitramfsConnectionsWithTask()) run_network_initialization_task(network_proxy.ApplyKickstartWithTask()) run_network_initialization_task(network_proxy.DumpMissingIfcfgFilesWithTask()) run_network_initialization_task(network_proxy.SetRealOnbootValuesFromKickstartWithTask()) if network_proxy.Hostname == DEFAULT_HOSTNAME: bootopts_hostname = hostname_from_cmdline(flags.cmdline) if bootopts_hostname: log.debug("Updating host name from boot options: %s", bootopts_hostname) network_proxy.SetHostname(bootopts_hostname) # Create device configuration tracking in the module. # It will be used to generate kickstart from persistent network configuration # managed by NM (ifcfgs) and updated by NM signals on device configuration # changes. log.debug("Creating network configurations.") network_proxy.CreateDeviceConfigurations() log.debug("Initialization finished.")
def download_escrow_certificate(url): """Download the escrow certificate. :param url: an URL of the certificate :return: a content of the certificate """ # Do we need a network connection? if not url.startswith("/") and not url.startswith("file:"): network_proxy = NETWORK.get_proxy() if not network_proxy.Connected: raise KickstartError(_("Escrow certificate %s requires the network.") % url) # Download the certificate. log.info("Downloading an escrow certificate from: %s", url) try: request = util.requests_session().get(url, verify=True) except requests.exceptions.SSLError as e: raise KickstartError(_("SSL error while downloading the escrow certificate:\n\n%s") % e) except requests.exceptions.RequestException as e: raise KickstartError(_("The following error was encountered while downloading the " "escrow certificate:\n\n%s") % e) try: certificate = request.content finally: request.close() return certificate
def revert_changes(self, ksdata, storage): """:see: RuleHander.revert_changes""" firewall_proxy = NETWORK.get_proxy(FIREWALL) if self._firewall_enabled is not None: firewall_proxy.SetFirewallMode(self._firewall_default_state) # remove all services this handler added all_services = firewall_proxy.EnabledServices orig_services = set(all_services).difference(self._new_services_to_add) firewall_proxy.SetEnabledServices(list(orig_services)) # remove all ports this handler added all_ports = firewall_proxy.EnabledPorts orig_ports = set(all_ports).difference(self._new_ports_to_add) firewall_proxy.SetEnabledPorts(list(orig_ports)) # remove all trusts this handler added all_trusts = firewall_proxy.Trusts orig_trusts = set(all_trusts).difference(self._new_trusts_to_add) firewall_proxy.SetTrusts(list(orig_trusts)) # remove all services this handler excluded all_services = firewall_proxy.DisabledServices orig_services = set(all_services).difference( self._new_services_to_remove) firewall_proxy.SetDisabledServices(list(orig_services)) self._added_svcs = set() self._added_ports = set() self._added_trusts = set() self._removed_svcs = set() self._firewall_enabled = None self._firewall_default_state = None
def _discover(self, credentials, bind): # This needs to be in its own thread, not marked with gtk_action_* because it's # called from on_start_clicked, which is in the GTK main loop. Those decorators # won't do anything special in that case. if not self.iscsi.initiator_set: self.iscsi.initiator = credentials.initiator # interfaces created here affect nodes that iscsi.discover would return if self.iscsi.mode == "none" and not bind: self.iscsi.delete_interfaces() elif (self.iscsi.mode == "bind" or self.iscsi.mode == "none" and bind): network_proxy = NETWORK.get_proxy() activated = set(network_proxy.GetActivatedInterfaces()) # The only place iscsi.ifaces is modified is create_interfaces(), # right below, so iteration is safe. created = set(self.iscsi.ifaces.values()) self.iscsi.create_interfaces(activated - created) try: self._discoveredNodes = self.iscsi.discover(credentials.targetIP, username=credentials.username, password=credentials.password, r_username=credentials.rUsername, r_password=credentials.rPassword) except SafeDBusError as e: self._discoveryError = str(e).split(':')[-1] return if len(self._discoveredNodes) == 0: self._discoveryError = "No nodes discovered."
def download_escrow_certificate(url): """Download the escrow certificate. :param url: an URL of the certificate :return: a content of the certificate """ # Do we need a network connection? if not url.startswith("/") and not url.startswith("file:"): network_proxy = NETWORK.get_proxy() if not network_proxy.Connected: raise KickstartError(_("Escrow certificate %s requires the network.") % url) # Download the certificate. log.info("Downloading an escrow certificate from: %s", url) try: request = util.requests_session().get(url, verify=True) except requests.exceptions.SSLError as e: raise KickstartError(_("SSL error while downloading the escrow certificate:\n\n%s") % e) except requests.exceptions.RequestException as e: raise KickstartError(_("The following error was encountered while downloading the " "escrow certificate:\n\n%s") % e) try: certificate = request.content finally: request.close() return certificate
def revert_changes(self, ksdata, storage): """:see: RuleHander.revert_changes""" firewall_proxy = NETWORK.get_proxy(FIREWALL) if self._firewall_enabled is not None: firewall_proxy.SetFirewallMode(self._firewall_default_state) # remove all services this handler added all_services = firewall_proxy.EnabledServices orig_services = set(all_services).difference(self._new_services_to_add) firewall_proxy.SetEnabledServices(list(orig_services)) # remove all ports this handler added all_ports = firewall_proxy.EnabledPorts orig_ports = set(all_ports).difference(self._new_ports_to_add) firewall_proxy.SetEnabledPorts(list(orig_ports)) # remove all trusts this handler added all_trusts = firewall_proxy.Trusts orig_trusts = set(all_trusts).difference(self._new_trusts_to_add) firewall_proxy.SetTrusts(list(orig_trusts)) # remove all services this handler excluded all_services = firewall_proxy.DisabledServices orig_services = set(all_services).difference(self._new_services_to_remove) firewall_proxy.SetDisabledServices(list(orig_services)) self._added_svcs = set() self._added_ports = set() self._added_trusts = set() self._removed_svcs = set() self._firewall_enabled = None self._firewall_default_state = None
def wait_and_fetch_net_data(url, out_file, ca_certs=None): """ Function that waits for network connection and starts a thread that fetches data over network. :see: org_fedora_oscap.data_fetch.fetch_data :return: the name of the thread running fetch_data :rtype: str """ # get thread that tries to establish a network connection nm_conn_thread = threadMgr.get(constants.THREAD_WAIT_FOR_CONNECTING_NM) if nm_conn_thread: # NM still connecting, wait for it to finish nm_conn_thread.join() network_proxy = NETWORK.get_proxy() if not network_proxy.Connected(): raise OSCAPaddonNetworkError("Network connection needed to fetch data.") fetch_data_thread = AnacondaThread(name=THREAD_FETCH_DATA, target=fetch_data, args=(url, out_file, ca_certs), fatal=False) # register and run the thread threadMgr.add(fetch_data_thread) return THREAD_FETCH_DATA
def execute(self, payload): fcoe_proxy = STORAGE.get_proxy(FCOE) fcoe_nics = fcoe_proxy.GetNics() fcoe_ifaces = [dev.device_name for dev in network.get_supported_devices() if dev.device_name in fcoe_nics] overwrite = network.can_overwrite_configuration(payload) network_proxy = NETWORK.get_proxy() task_path = network_proxy.InstallNetworkWithTask(util.getSysroot(), fcoe_ifaces, overwrite) task_proxy = NETWORK.get_proxy(task_path) sync_run_task(task_proxy) if conf.system.can_change_hostname: hostname = network_proxy.Hostname if hostname != network.DEFAULT_HOSTNAME: network_proxy.SetCurrentHostname(hostname)
def run_network_initialization_task(task_path): """Run network initialization task and log the result.""" task_proxy = NETWORK.get_proxy(task_path) log.debug("Running task %s", task_proxy.Name) sync_run_task(task_proxy) result = get_native(task_proxy.GetResult()) msg = "%s result: %s" % (task_proxy.Name, result) log.debug(msg)
def run_network_initialization_task(task_path): """Run network initialization task and log the result.""" task_proxy = NETWORK.get_proxy(task_path) log.debug("Running task %s", task_proxy.Name) sync_run_task(task_proxy) result = task_proxy.GetResult() msg = "%s result: %s" % (task_proxy.Name, result) log.debug(msg)
def execute(self, payload): fcoe_proxy = STORAGE.get_proxy(FCOE) fcoe_nics = fcoe_proxy.GetNics() fcoe_ifaces = [dev.device_name for dev in network.get_supported_devices() if dev.device_name in fcoe_nics] overwrite = network.can_overwrite_configuration(payload) network_proxy = NETWORK.get_proxy() task_path = network_proxy.InstallNetworkWithTask(util.getSysroot(), fcoe_ifaces, overwrite) task_proxy = NETWORK.get_proxy(task_path) sync_run_task(task_proxy) if conf.system.can_change_hostname: hostname = network_proxy.Hostname if hostname != network.DEFAULT_HOSTNAME: network_proxy.SetCurrentHostname(hostname)
def get_supported_devices(): """Get existing network devices supported by the installer. :return: basic information about the devices :rtype: list(NetworkDeviceInfo) """ network_proxy = NETWORK.get_proxy() return NetworkDeviceInfo.from_structure_list(network_proxy.GetSupportedDevices())
def get_supported_devices(): """Get existing network devices supported by the installer. :return: basic information about the devices :rtype: list(NetworkDeviceInfo) """ network_proxy = NETWORK.get_proxy() return NetworkDeviceInfo.from_structure_list(network_proxy.GetSupportedDevices())
def get_interface_hw_address(iface): """Get hardware address of network interface.""" network_proxy = NETWORK.get_proxy() device_infos = NetworkDeviceInfo.from_structure_list(network_proxy.GetSupportedDevices()) for info in device_infos: if info.device_name == iface: return info.hw_address return ""
def get_interface_hw_address(iface): """Get hardware address of network interface.""" network_proxy = NETWORK.get_proxy() device_infos = NetworkDeviceInfo.from_structure_list(network_proxy.GetSupportedDevices()) for info in device_infos: if info.device_name == iface: return info.hw_address return ""
def refresh(self): self._nicCombo.remove_all() network_proxy = NETWORK.get_proxy() ethernet_devices = [apply_structure(device, NetworkDeviceInfo()) for device in network_proxy.GetSupportedDevices() if device['device-type'] == NM.DeviceType.ETHERNET] for dev_info in ethernet_devices: self._nicCombo.append_text("%s - %s" % (dev_info.device_name, dev_info.hw_address)) self._nicCombo.set_active(0)
def refresh(self): self._nicCombo.remove_all() network_proxy = NETWORK.get_proxy() ethernet_devices = [NetworkDeviceInfo.from_structure(device) for device in network_proxy.GetSupportedDevices() if device['device-type'] == NM.DeviceType.ETHERNET] for dev_info in ethernet_devices: self._nicCombo.append_text("%s - %s" % (dev_info.device_name, dev_info.hw_address)) self._nicCombo.set_active(0)
def set_dbus_defaults(): boss = BOSS.get_proxy() boss.GetModules.return_value = [ KDUMP.service_name ] kdump = KDUMP.get_proxy() kdump.KdumpEnabled = True user_interface = BOSS.get_proxy(USER_INTERFACE) user_interface.PasswordPolicies = {} network = NETWORK.get_proxy() network.Connected.return_value = True firewall = NETWORK.get_proxy(FIREWALL) firewall.EnabledServices = [] firewall.DisabledServices = [] firewall.EnabledPorts = [] firewall.Trusts = [] device_tree = STORAGE.get_proxy(DEVICE_TREE) device_tree.GetDeviceMountOptions.return_value = "defaults" device_tree.GetMountPoints.return_value = {} bootloader = STORAGE.get_proxy(BOOTLOADER) bootloader.IsPasswordSet = False users = USERS.get_proxy() users.IsRootPasswordSet = True users.IsRootPasswordCrypted = False users.RootPassword = "******" payloads = PAYLOADS.get_proxy() payloads.ActivePayload = "/fake/payload/1" dnf_payload = PAYLOADS.get_proxy("/fake/payload/1") dnf_payload.Type = PAYLOAD_TYPE_DNF packages_data = PackagesSelectionData() dnf_payload.PackagesSelection = PackagesSelectionData.to_structure(packages_data)
def set_dbus_defaults(): network = NETWORK.get_proxy() network.Connected.return_value = True firewall = NETWORK.get_proxy(FIREWALL) firewall.EnabledServices = [] firewall.DisabledServices = [] firewall.EnabledPorts = [] firewall.Trusts = [] device_tree = STORAGE.get_proxy(DEVICE_TREE) device_tree.GetDeviceMountOptions.return_value = "defaults" device_tree.GetMountPoints.return_value = {} bootloader = STORAGE.get_proxy(BOOTLOADER) bootloader.IsPasswordSet = False users = USERS.get_proxy() users.IsRootPasswordSet = True users.IsRootPasswordCrypted = False users.RootPassword = "******"
def wait_for_network_devices(devices, timeout=constants.NETWORK_CONNECTION_TIMEOUT): """Wait for network devices to be activated with a connection.""" devices = set(devices) i = 0 log.debug("waiting for connection of devices %s for iscsi", devices) while i < timeout: network_proxy = NETWORK.get_proxy() activated_devices = network_proxy.GetActivatedInterfaces() if not devices - set(activated_devices): return True i += 1 time.sleep(1) return False
def refresh(self): self._nicCombo.remove_all() network_proxy = NETWORK.get_proxy() device_infos = NetworkDeviceInfo.from_structure_list( network_proxy.GetSupportedDevices()) for dev_info in device_infos: if dev_info.device_type == NM.DeviceType.ETHERNET: self._nicCombo.append_text( "%s - %s" % (dev_info.device_name, dev_info.hw_address)) self._nicCombo.set_active(0) self._addButton.set_sensitive(bool(self.nic))
def wait_for_network_devices(devices, timeout=constants.NETWORK_CONNECTION_TIMEOUT): """Wait for network devices to be activated with a connection.""" devices = set(devices) i = 0 log.debug("waiting for connection of devices %s for iscsi", devices) while i < timeout: network_proxy = NETWORK.get_proxy() activated_devices = network_proxy.GetActivatedInterfaces() if not devices - set(activated_devices): return True i += 1 time.sleep(1) return False
def __init__(self, *args): NormalSpoke.__init__(self, *args) # taking values from the kickstart file? self._kickstarted = flags.flags.automatedInstall self._update_datetime_timer = None self._start_updating_timer = None self._shown = False self._tz = None self._timezone_module = TIMEZONE.get_proxy() self._network_module = NETWORK.get_proxy()
def networkInitialize(ksdata): if not conf.system.can_configure_network: return log.debug("devices found %s", nm.nm_devices()) logIfcfgFiles("network initialization") log.debug("ensure single initramfs connections") network_proxy = NETWORK.get_proxy() devnames = network_proxy.ConsolidateInitramfsConnections() if devnames: msg = "single connection ensured for devices %s" % devnames log.debug("%s", msg) logIfcfgFiles(msg) log.debug("apply kickstart") devnames = network_proxy.ApplyKickstart() if devnames: msg = "kickstart pre section applied for devices %s" % devnames log.debug("%s", msg) logIfcfgFiles(msg) log.debug("create missing ifcfg files") devnames = network_proxy.DumpMissingIfcfgFiles() if devnames: msg = "missing ifcfgs created for devices %s" % devnames log.debug("%s", msg) logIfcfgFiles(msg) # For kickstart network --activate option we set ONBOOT=yes # in dracut to get devices activated by NM. The real network --onboot # value is set here. log.debug("set real ONBOOT value") devnames = network_proxy.SetRealOnbootValuesFromKickstart() if devnames: msg = "real kickstart ONBOOT value set for devices %s" % devnames log.debug("%s", msg) logIfcfgFiles(msg) # initialize ksdata hostname if network_proxy.Hostname == DEFAULT_HOSTNAME: bootopts_hostname = hostname_from_cmdline(flags.cmdline) if bootopts_hostname: log.debug("updating host name from boot options: %s", bootopts_hostname) network_proxy.SetHostname(bootopts_hostname) # Create device configuration tracking in the module. # It will be used to generate kickstart from persistent network configuration # managed by NM (ifcfgs) and updated by NM signals on device configuration # changes. log.debug("create network configurations") network_proxy.CreateDeviceConfigurations()
def __init__(self, data, storage, payload): NormalTUISpoke.__init__(self, data, storage, payload) self.title = N_("Network configuration") self._network_module = NETWORK.get_proxy() self.nm_client = network.get_nm_client() if not self.nm_client and conf.system.provides_system_bus: self.nm_client = NM.Client.new(None) self._container = None self.hostname = self._network_module.Hostname self.editable_configurations = [] self.errors = [] self._apply = False
def _get_hostname(self): """Return a hostname.""" ignored_hostnames = {None, "", 'localhost', 'localhost.localdomain'} network_proxy = NETWORK.get_proxy() hostname = network_proxy.Hostname if hostname in ignored_hostnames: hostname = network_proxy.GetCurrentHostname() if hostname in ignored_hostnames: hostname = None return hostname
def _get_hostname(self): """Return a hostname.""" ignored_hostnames = {None, "", 'localhost', 'localhost.localdomain'} network_proxy = NETWORK.get_proxy() hostname = network_proxy.Hostname if hostname in ignored_hostnames: hostname = network_proxy.GetCurrentHostname() if hostname in ignored_hostnames: hostname = None return hostname
def parse(self, args): tg = super().parse(args) if tg.iface: if not wait_for_network_devices([tg.iface]): raise KickstartParseError( lineno=self.lineno, msg= _("Network interface \"%(nic)s\" required by iSCSI \"%(iscsiTarget)s\" target is not up." ) % { "nic": tg.iface, "iscsiTarget": tg.target }) mode = iscsi.mode if mode == "none": if tg.iface: network_proxy = NETWORK.get_proxy() activated_ifaces = network_proxy.GetActivatedInterfaces() iscsi.create_interfaces(activated_ifaces) elif ((mode == "bind" and not tg.iface) or (mode == "default" and tg.iface)): raise KickstartParseError( lineno=self.lineno, msg= _("iscsi --iface must be specified (binding used) either for all targets or for none" )) try: if tg.target: log.info("adding iscsi target %s at %s:%d via %s", tg.target, tg.ipaddr, tg.port, tg.iface) else: log.info("adding all iscsi targets discovered at %s:%d via %s", tg.ipaddr, tg.port, tg.iface) iscsi.add_target(tg.ipaddr, tg.port, tg.user, tg.password, tg.user_in, tg.password_in, target=tg.target, iface=tg.iface) except (IOError, ValueError) as e: raise KickstartParseError(lineno=self.lineno, msg=str(e)) return tg
def execute(self): args = [] firewall_proxy = NETWORK.get_proxy(FIREWALL) # If --use-system-defaults was passed then the user wants # whatever was provided by the rpms or ostree to be the # default, do nothing. if firewall_proxy.FirewallMode == FIREWALL_USE_SYSTEM_DEFAULTS: firewall_log.info("ks file instructs to use system defaults for " "firewall, skipping configuration.") return # enabled is None if neither --enable or --disable is passed # default to enabled if nothing has been set. if firewall_proxy.FirewallMode == FIREWALL_DISABLED: args += ["--disabled"] else: args += ["--enabled"] ssh_service_not_enabled = "ssh" not in firewall_proxy.EnabledServices ssh_service_not_disabled = "ssh" not in firewall_proxy.DisabledServices ssh_port_not_enabled = "22:tcp" not in firewall_proxy.EnabledPorts # always enable SSH unless the service is explicitely disabled if ssh_service_not_enabled and ssh_service_not_disabled and ssh_port_not_enabled: args += ["--service=ssh"] for dev in firewall_proxy.Trusts: args += ["--trust=%s" % (dev,)] for port in firewall_proxy.EnabledPorts: args += ["--port=%s" % (port,)] for remove_service in firewall_proxy.DisabledServices: args += ["--remove-service=%s" % (remove_service,)] for service in firewall_proxy.EnabledServices: args += ["--service=%s" % (service,)] cmd = "/usr/bin/firewall-offline-cmd" if not os.path.exists(util.getSysroot() + cmd): if firewall_proxy.FirewallMode == FIREWALL_ENABLED: msg = _("%s is missing. Cannot setup firewall.") % (cmd,) raise KickstartError(msg) else: util.execInSysroot(cmd, args)
def execute(self): args = [] firewall_proxy = NETWORK.get_proxy(FIREWALL) # If --use-system-defaults was passed then the user wants # whatever was provided by the rpms or ostree to be the # default, do nothing. if firewall_proxy.FirewallMode == FIREWALL_USE_SYSTEM_DEFAULTS: firewall_log.info("ks file instructs to use system defaults for " "firewall, skipping configuration.") return # enabled is None if neither --enable or --disable is passed # default to enabled if nothing has been set. if firewall_proxy.FirewallMode == FIREWALL_DISABLED: args += ["--disabled"] else: args += ["--enabled"] ssh_service_not_enabled = "ssh" not in firewall_proxy.EnabledServices ssh_service_not_disabled = "ssh" not in firewall_proxy.DisabledServices ssh_port_not_enabled = "22:tcp" not in firewall_proxy.EnabledPorts # always enable SSH unless the service is explicitely disabled if ssh_service_not_enabled and ssh_service_not_disabled and ssh_port_not_enabled: args += ["--service=ssh"] for dev in firewall_proxy.Trusts: args += ["--trust=%s" % (dev, )] for port in firewall_proxy.EnabledPorts: args += ["--port=%s" % (port, )] for remove_service in firewall_proxy.DisabledServices: args += ["--remove-service=%s" % (remove_service, )] for service in firewall_proxy.EnabledServices: args += ["--service=%s" % (service, )] cmd = "/usr/bin/firewall-offline-cmd" if not os.path.exists(util.getSysroot() + cmd): if firewall_proxy.FirewallMode == FIREWALL_ENABLED: msg = _("%s is missing. Cannot setup firewall.") % (cmd, ) raise KickstartError(msg) else: util.execInSysroot(cmd, args)
def dracutSetupArgs(networkStorageDevice): target_ip = networkStorageDevice.host_address if networkStorageDevice.nic == "default" or ":" in networkStorageDevice.nic: if getattr(networkStorageDevice, 'ibft', False): nic = ibftIface() else: nic = ifaceForHostIP(target_ip) if not nic: return "" else: nic = networkStorageDevice.nic network_proxy = NETWORK.get_proxy() netargs = network_proxy.GetDracutArguments(nic, target_ip, "") return netargs
def check_vnc_can_be_started(anaconda): """Check if we can start VNC in the current environment. :returns: if VNC can be started and list of possible reasons why VNC can't be started :rtype: (boot, list) """ error_messages = [] vnc_startup_possible = True # disable VNC over text question when not enough memory is available if blivet.util.total_memory() < isys.MIN_GUI_RAM: error_messages.append( "Not asking for VNC because current memory (%d) < MIN_GUI_RAM (%d)" % (blivet.util.total_memory(), isys.MIN_GUI_RAM)) vnc_startup_possible = False # disable VNC question if text mode is requested and this is a ks install if anaconda.tui_mode and flags.automatedInstall: error_messages.append( "Not asking for VNC because of an automated install") vnc_startup_possible = False # disable VNC question if we were explicitly asked for text in kickstart if anaconda.ksdata.displaymode.displayMode == DISPLAY_MODE_TEXT: error_messages.append( "Not asking for VNC because text mode was explicitly asked for in kickstart" ) vnc_startup_possible = False # disable VNC question if we don't have network network_proxy = NETWORK.get_proxy() if not network_proxy.IsConnecting() and not network_proxy.Connected: error_messages.append( "Not asking for VNC because we don't have a network") vnc_startup_possible = False # disable VNC question if we don't have Xvnc if not os.access('/usr/bin/Xvnc', os.X_OK): error_messages.append("Not asking for VNC because we don't have Xvnc") vnc_startup_possible = False return vnc_startup_possible, error_messages
def _update_interfaces(self, interfaces_mode): """Update the interfaces according to requested mode. :param interfaces_mode: required mode specified by IscsiInterfacesMode """ if interfaces_mode == IscsiInterfacesMode.DEFAULT and iscsi.mode in ( "default", "none"): if iscsi.ifaces: iscsi.delete_interfaces() elif interfaces_mode == IscsiInterfacesMode.IFACENAME and iscsi.mode in ( "bind", "none"): network_proxy = NETWORK.get_proxy() activated = set(network_proxy.GetActivatedInterfaces()) created = set(iscsi.ifaces.values()) iscsi.create_interfaces(activated - created) else: raise StorageDiscoveryError( 'Requiring "{}" mode while "{}" is already set.'.format( interfaces_mode, iscsi.mode))
def wait_for_connected_NM(timeout=constants.NETWORK_CONNECTION_TIMEOUT, only_connecting=False): """Wait for NM being connected. If only_connecting is set, wait only if NM is in connecting state and return immediately after leaving this state (regardless of the new state). Used to wait for dhcp configuration in progress. :param timeout: timeout in seconds :type timeout: int :parm only_connecting: wait only for the result of NM being connecting :type only_connecting: bool :return: NM is connected :rtype: bool """ network_proxy = NETWORK.get_proxy() if network_proxy.Connected: return True if only_connecting: if network_proxy.IsConnecting(): log.debug( "waiting for connecting NM (dhcp in progress?), timeout=%d", timeout) else: return False else: log.debug("waiting for connected NM, timeout=%d", timeout) i = 0 while i < timeout: i += constants.NETWORK_CONNECTED_CHECK_INTERVAL time.sleep(constants.NETWORK_CONNECTED_CHECK_INTERVAL) if network_proxy.Connected: log.debug("NM connected, waited %d seconds", i) return True elif only_connecting: if not network_proxy.IsConnecting(): break log.debug("NM not connected, waited %d seconds", i) return False
def dracut_setup_args(network_storage_device): """Dracut cmdline arguments needed to access network storage device.""" target_ip = network_storage_device.host_address if network_storage_device.nic == "default" or ":" in network_storage_device.nic: if getattr(network_storage_device, 'ibft', False): nic = ibft_iface() else: nic = iface_for_host_ip(target_ip) if not nic: return "" else: nic = network_storage_device.nic network_proxy = NETWORK.get_proxy() netargs = network_proxy.GetDracutArguments(nic, target_ip, "") return netargs
def dracut_setup_args(network_storage_device): """Dracut cmdline arguments needed to access network storage device.""" target_ip = network_storage_device.host_address if network_storage_device.nic == "default" or ":" in network_storage_device.nic: if getattr(network_storage_device, 'ibft', False): nic = ibft_iface() else: nic = iface_for_host_ip(target_ip) if not nic: return "" else: nic = network_storage_device.nic network_proxy = NETWORK.get_proxy() netargs = network_proxy.GetDracutArguments(nic, target_ip, "") return netargs
def __init__(self, *args): super().__init__(*args) # connect to the Subscription DBus module API self._subscription_module = SUBSCRIPTION.get_proxy() # connect to the Network DBus module API self._network_module = NETWORK.get_proxy() # get initial data from the Subscription module self._subscription_request = self._get_subscription_request() self._system_purpose_data = self._get_system_purpose_data() # Keep a copy of system purpose data that has been last applied to # the installation environment. # That way we can check if the main copy of the system purposed data # changed since it was applied (for example due to user input) # and needs to be reapplied. # By default this variable is None and will only be set to a # SystemPurposeData instance when first system purpose data is # applied to the installation environment. self._last_applied_system_purpose_data = None self._authentication_method = AuthenticationMethod.USERNAME_PASSWORD self._registration_error = "" self._registration_phase = None self._registration_controls_enabled = True # Red Hat Insights should be enabled by default for non-kickstart installs. # # For kickstart installations we will use the value from the module, which # False by default & can be set to True via the rhsm kickstart command. if not flags.automatedInstall: self._subscription_module.SetInsightsEnabled(True) # previous visit network connectivity tracking self._network_connected_previously = False # overriden source tracking self._overridden_source_type = None self._spoke_initialized = False
def wait_for_connected_NM(timeout=constants.NETWORK_CONNECTION_TIMEOUT, only_connecting=False): """Wait for NM being connected. If only_connecting is set, wait only if NM is in connecting state and return immediately after leaving this state (regardless of the new state). Used to wait for dhcp configuration in progress. :param timeout: timeout in seconds :type timeout: int :parm only_connecting: wait only for the result of NM being connecting :type only_connecting: bool :return: NM is connected :rtype: bool """ network_proxy = NETWORK.get_proxy() if network_proxy.Connected: return True if only_connecting: if network_proxy.IsConnecting(): log.debug("waiting for connecting NM (dhcp in progress?), timeout=%d", timeout) else: return False else: log.debug("waiting for connected NM, timeout=%d", timeout) i = 0 while i < timeout: i += constants.NETWORK_CONNECTED_CHECK_INTERVAL time.sleep(constants.NETWORK_CONNECTED_CHECK_INTERVAL) if network_proxy.Connected: log.debug("NM connected, waited %d seconds", i) return True elif only_connecting: if not network_proxy.IsConnecting(): break log.debug("NM not connected, waited %d seconds", i) return False
def check_vnc_can_be_started(anaconda): """Check if we can start VNC in the current environment. :returns: if VNC can be started and list of possible reasons why VNC can't be started :rtype: (boot, list) """ error_messages = [] vnc_startup_possible = True # disable VNC over text question when not enough memory is available if blivet.util.total_memory() < isys.MIN_GUI_RAM: error_messages.append("Not asking for VNC because current memory (%d) < MIN_GUI_RAM (%d)" % (blivet.util.total_memory(), isys.MIN_GUI_RAM)) vnc_startup_possible = False # disable VNC question if text mode is requested and this is a ks install if anaconda.tui_mode and flags.automatedInstall: error_messages.append("Not asking for VNC because of an automated install") vnc_startup_possible = False # disable VNC question if we were explicitly asked for text in kickstart if anaconda.ksdata.displaymode.displayMode == DISPLAY_MODE_TEXT: error_messages.append("Not asking for VNC because text mode was explicitly asked for in kickstart") vnc_startup_possible = False # disable VNC question if we don't have network network_proxy = NETWORK.get_proxy() if not network_proxy.IsConnecting() and not network_proxy.Connected: error_messages.append("Not asking for VNC because we don't have a network") vnc_startup_possible = False # disable VNC question if we don't have Xvnc if not os.access('/usr/bin/Xvnc', os.X_OK): error_messages.append("Not asking for VNC because we don't have Xvnc") vnc_startup_possible = False return vnc_startup_possible, error_messages
def _wait_for_network(self, timeout=NETWORK_CONNECTION_TIMEOUT): """Wait until network is available, or time runs out :param float timeout: how long shall we try waiting :return bool: is there network connectivity """ if not is_module_available(NETWORK): return False network = NETWORK.get_proxy() if network.Connected: return True log.info("Geoloc: Waiting for network to become available") interval = 0.1 start = time.perf_counter() end = start + timeout while time.perf_counter() < end: time.sleep(interval) if network.Connected: return True return network.Connected
def eval_rules(self, ksdata, storage, report_only=False): """:see: RuleHandler.eval_rules""" firewall_proxy = NETWORK.get_proxy(FIREWALL) messages = [] if self._firewall_default_state is None: # firewall default startup setting self._firewall_default_state = firewall_proxy.FirewallMode if self._firewall_enabled is False: msg = _("Firewall will be disabled on startup") messages.append(RuleMessage(self.__class__, common.MESSAGE_TYPE_INFO, msg)) if not report_only: firewall_proxy.SetFirewallMode(FIREWALL_DISABLED) elif self._firewall_enabled is True: msg = _("Firewall will be enabled on startup") messages.append(RuleMessage(self.__class__, common.MESSAGE_TYPE_INFO, msg)) if not report_only: firewall_proxy.SetFirewallMode(FIREWALL_ENABLED) # add messages for the already added services for svc in self._added_svcs: msg = _("service '%s' has been added to the list of services to be " "added to the firewall" % svc) messages.append(RuleMessage(self.__class__, common.MESSAGE_TYPE_INFO, msg)) # add messages for the already added ports for port in self._added_ports: msg = _("port '%s' has been added to the list of ports to be " "added to the firewall" % port) messages.append(RuleMessage(self.__class__, common.MESSAGE_TYPE_INFO, msg)) # add messages for the already added trusts for trust in self._added_trusts: msg = _("trust '%s' has been added to the list of trusts to be " "added to the firewall" % trust) messages.append(RuleMessage(self.__class__, common.MESSAGE_TYPE_INFO, msg)) # services, that should be added self._new_services_to_add = { svc for svc in self._add_svcs if svc not in firewall_proxy.EnabledServices} # ports, that should be added self._new_ports_to_add = { ports for ports in self._add_ports if ports not in firewall_proxy.EnabledPorts} # trusts, that should be added self._new_trusts_to_add = { trust for trust in self._add_trusts if trust not in firewall_proxy.Trusts} for svc in self._new_services_to_add: # add the service unless already added if not report_only: self._added_svcs.add(svc) msg = _("service '%s' has been added to the list of services to be " "added to the firewall" % svc) messages.append(RuleMessage(self.__class__, common.MESSAGE_TYPE_INFO, msg)) if not report_only: all_services = list(self._add_svcs.union(set(firewall_proxy.EnabledServices))) firewall_proxy.SetEnabledServices(all_services) for port in self._new_ports_to_add: # add the port unless already added if not report_only: self._added_ports.add(port) msg = _("port '%s' has been added to the list of ports to be " "added to the firewall" % port) messages.append(RuleMessage(self.__class__, common.MESSAGE_TYPE_INFO, msg)) if not report_only: all_ports = list(self._add_ports.union(set(firewall_proxy.EnabledPorts))) firewall_proxy.SetEnabledPorts(all_ports) for trust in self._new_trusts_to_add: # add the trust unless already added if not report_only: self._added_trusts.add(trust) msg = _("trust '%s' has been added to the list of trusts to be " "added to the firewall" % trust) messages.append(RuleMessage(self.__class__, common.MESSAGE_TYPE_INFO, msg)) if not report_only: all_trusts = list(self._add_trusts.union(set(firewall_proxy.Trusts))) firewall_proxy.SetTrusts(all_trusts) # now do the same for the services that should be excluded # add messages for the already excluded services for svc in self._removed_svcs: msg = _("service '%s' has been added to the list of services to be " "removed from the firewall" % svc) messages.append(RuleMessage(self.__class__, common.MESSAGE_TYPE_INFO, msg)) # services, that should be excluded self._new_services_to_remove = { svc for svc in self._remove_svcs if svc not in firewall_proxy.DisabledServices} for svc in self._new_services_to_remove: # exclude the service unless already excluded if not report_only: self._removed_svcs.add(svc) msg = _("service '%s' has been added to the list of services to be " "removed from the firewall" % svc) messages.append(RuleMessage(self.__class__, common.MESSAGE_TYPE_INFO, msg)) if not report_only: all_services = list(self._remove_svcs.union(set(firewall_proxy.DisabledServices))) firewall_proxy.SetDisabledServices(all_services) return messages
def _prepare_configuration(payload, ksdata): """Configure the installed system.""" configuration_queue = TaskQueue("Configuration queue") # connect progress reporting configuration_queue.queue_started.connect( lambda x: progress_message(x.status_message)) configuration_queue.task_completed.connect(lambda x: progress_step(x.name)) # add installation tasks for the Subscription DBus module if is_module_available(SUBSCRIPTION): # we only run the tasks if the Subscription module is available subscription_config = TaskQueue("Subscription configuration", N_("Configuring Red Hat subscription")) subscription_proxy = SUBSCRIPTION.get_proxy() subscription_dbus_tasks = subscription_proxy.InstallWithTasks() subscription_config.append_dbus_tasks(SUBSCRIPTION, subscription_dbus_tasks) configuration_queue.append(subscription_config) # schedule the execute methods of ksdata that require an installed system to be present os_config = TaskQueue("Installed system configuration", N_("Configuring installed system")) # add installation tasks for the Security DBus module security_proxy = SECURITY.get_proxy() security_dbus_tasks = security_proxy.InstallWithTasks() os_config.append_dbus_tasks(SECURITY, security_dbus_tasks) # add installation tasks for the Timezone DBus module # run these tasks before tasks of the Services module if is_module_available(TIMEZONE): timezone_proxy = TIMEZONE.get_proxy() timezone_dbus_tasks = timezone_proxy.InstallWithTasks() os_config.append_dbus_tasks(TIMEZONE, timezone_dbus_tasks) # add installation tasks for the Services DBus module services_proxy = SERVICES.get_proxy() services_dbus_tasks = services_proxy.InstallWithTasks() os_config.append_dbus_tasks(SERVICES, services_dbus_tasks) # add installation tasks for the Localization DBus module if is_module_available(LOCALIZATION): localization_proxy = LOCALIZATION.get_proxy() localization_dbus_tasks = localization_proxy.InstallWithTasks() os_config.append_dbus_tasks(LOCALIZATION, localization_dbus_tasks) # add the Firewall configuration task if conf.target.can_configure_network: firewall_proxy = NETWORK.get_proxy(FIREWALL) firewall_dbus_task = firewall_proxy.InstallWithTask() os_config.append_dbus_tasks(NETWORK, [firewall_dbus_task]) configuration_queue.append(os_config) # schedule network configuration (if required) if conf.target.can_configure_network and conf.system.provides_network_config: overwrite = payload.type in PAYLOAD_LIVE_TYPES network_config = TaskQueue("Network configuration", N_("Writing network configuration")) network_config.append( Task("Network configuration", network.write_configuration, (overwrite, ))) configuration_queue.append(network_config) # add installation tasks for the Users DBus module if is_module_available(USERS): user_config = TaskQueue("User creation", N_("Creating users")) users_proxy = USERS.get_proxy() users_dbus_tasks = users_proxy.InstallWithTasks() user_config.append_dbus_tasks(USERS, users_dbus_tasks) configuration_queue.append(user_config) # Anaconda addon configuration addon_config = TaskQueue("Anaconda addon configuration", N_("Configuring addons")) # there is no longer a User class & addons should no longer need it # FIXME: drop user class parameter from the API & all known addons addon_config.append( Task("Configure Anaconda addons", ksdata.addons.execute, (None, ksdata, None, payload))) boss_proxy = BOSS.get_proxy() addon_config.append_dbus_tasks(BOSS, [boss_proxy.InstallSystemWithTask()]) configuration_queue.append(addon_config) # Initramfs generation generate_initramfs = TaskQueue("Initramfs generation", N_("Generating initramfs")) bootloader_proxy = STORAGE.get_proxy(BOOTLOADER) def run_generate_initramfs(): tasks = bootloader_proxy.GenerateInitramfsWithTasks( payload.type, payload.kernel_version_list) for task in tasks: sync_run_task(STORAGE.get_proxy(task)) generate_initramfs.append( Task("Generate initramfs", run_generate_initramfs)) configuration_queue.append(generate_initramfs) # Configure FIPS. configuration_queue.append_dbus_tasks( SECURITY, [security_proxy.ConfigureFIPSWithTask()]) # realm join # - this can run only after network is configured in the target system chroot configuration_queue.append_dbus_tasks(SECURITY, [security_proxy.JoinRealmWithTask()]) post_scripts = TaskQueue("Post installation scripts", N_("Running post-installation scripts")) post_scripts.append( Task("Run post installation scripts", runPostScripts, (ksdata.scripts, ))) configuration_queue.append(post_scripts) # setup kexec reboot if requested if flags.flags.kexec: kexec_setup = TaskQueue("Kexec setup", N_("Setting up kexec")) kexec_setup.append(Task("Setup kexec", setup_kexec)) configuration_queue.append(kexec_setup) # write anaconda related configs & kickstarts write_configs = TaskQueue("Write configs and kickstarts", N_("Storing configuration files and kickstarts")) # Write the kickstart file to the installed system (or, copy the input # kickstart file over if one exists). if flags.flags.nosave_output_ks: # don't write the kickstart file to the installed system if this has # been disabled by the nosave option log.warning( "Writing of the output kickstart to installed system has been disabled" " by the nosave option.") else: # write anaconda related configs & kickstarts write_configs.append(Task("Store kickstarts", _writeKS, (ksdata, ))) # only add write_configs to the main queue if we actually store some kickstarts/configs if write_configs.task_count: configuration_queue.append(write_configs) return configuration_queue
def setup(self): firewall_proxy = NETWORK.get_proxy(FIREWALL) if firewall_proxy.FirewallKickstarted: self.packages = ["firewalld"]
def __str__(self): network_proxy = NETWORK.get_proxy() return network_proxy.GenerateKickstart()