def test_evaluation_passwd_minlen_no_passwd(
proxy_getter, rule_data, ksdata_mock, storage_mock):
password_proxy_mock = USERS.get_proxy()
password_proxy_mock.IsRootPasswordSet = False
evaluation_passwd_minlen_no_passwd(rule_data, ksdata_mock, storage_mock, 8, (10, 11))
evaluation_passwd_minlen_no_passwd(rule_data, ksdata_mock, storage_mock, 10, (8, 11))
evaluation_passwd_minlen_no_passwd(rule_data, ksdata_mock, storage_mock, 11, (8, 10))
def __init__(self, *args):
NormalSpoke.__init__(self, *args)
GUISpokeInputCheckHandler.__init__(self)
self._users_module = USERS.get_proxy()
self._services_module = SERVICES.get_proxy()
self._refresh_running = False
self._manually_locked = False
def test_revert_password_policy_changes(proxy_getter, rule_data, ksdata_mock,
storage_mock):
password_proxy_mock = USERS.get_proxy()
password_proxy_mock.IsRootPasswordCrypted = False
password_proxy_mock.RootPassword = "******"
# FIXME: Add password policy changes to this test. It only checks
# password length right now outside of policy changes.
rule_data.new_rule("passwd --minlen=8")
messages = rule_data.eval_rules(ksdata_mock, storage_mock)
# password error --> one message
assert len(messages) == 1
rule_data.revert_changes(ksdata_mock, storage_mock)
# with long enough password this time #
password_proxy_mock.RootPassword = "******"
messages = rule_data.eval_rules(ksdata_mock, storage_mock)
# long enough password
# entered --> no message
assert messages == []
def eval_rules(self, ksdata, storage, report_only=False):
""":see: RuleHandler.eval_rules"""
if self._minlen == 0:
# no password restrictions, nothing to be done here
return []
ret = []
users_proxy = USERS.get_proxy()
if not users_proxy.IsRootPasswordSet:
# root password was not set
msg = _("make sure to create password with minimal length of %d "
"characters") % self._minlen
ret = [
RuleMessage(self.__class__, common.MESSAGE_TYPE_WARNING, msg)
]
else:
# root password set
if users_proxy.IsRootPasswordCrypted:
msg = _(
"cannot check root password length (password is crypted)")
log.warning(
"cannot check root password length (password is crypted)")
return [
RuleMessage(self.__class__, common.MESSAGE_TYPE_WARNING,
msg)
]
elif len(users_proxy.RootPassword) < self._minlen:
# too short
msg = _("root password is too short, a longer one with at "
"least %d characters is required") % self._minlen
ret = [
RuleMessage(self.__class__, common.MESSAGE_TYPE_FATAL, msg)
]
else:
ret = []
if report_only:
return ret
# set the policy in any case (so that a weaker password is not entered)
pw_policy = ksdata.anaconda.pwpolicy.get_policy("root")
if pw_policy is None:
pw_policy = F22_PwPolicyData()
log.info("OSCAP addon: setting password policy %s" % pw_policy)
ksdata.anaconda.pwpolicy.policyList.append(pw_policy)
log.info("OSCAP addon: password policy list: %s" %
ksdata.anaconda.pwpolicy.policyList)
self._created_policy = True
self._orig_minlen = pw_policy.minlen
self._orig_strict = pw_policy.strict
pw_policy.minlen = self._minlen
pw_policy.strict = True
return ret
def _revert_rootpw_changes(self):
if self.__old_root_pw is not None:
users_proxy = USERS.get_proxy()
users_proxy.SetRootPassword(self.__old_root_pw)
self.__old_root_pw = None
users_proxy.SetRootpwKickstarted(self.__old_root_pw_seen)
self.__old_root_pw_seen = None
def __init__(self, data, storage, payload):
NormalTUISpoke.__init__(self, data, storage, payload)
self.initialize_start()
self.title = N_("Root password")
self.input_required = False
self._password = None
self._users_module = USERS.get_proxy()
self.initialize_done()
def eval_rules(self, ksdata, storage, report_only=False):
""":see: RuleHandler.eval_rules"""
if self._minlen == 0:
# no password restrictions, nothing to be done here
return []
ret = []
users_proxy = USERS.get_proxy()
if not users_proxy.IsRootPasswordSet:
# root password was not set
msg = _("make sure to create password with minimal length of %d "
"characters") % self._minlen
ret = [
RuleMessage(self.__class__, common.MESSAGE_TYPE_WARNING, msg)
]
else:
# root password set
if users_proxy.IsRootPasswordCrypted:
msg = _(
"cannot check root password length (password is crypted)")
log.warning(
"OSCAP Addon: cannot check root password length (password is crypted)"
)
return [
RuleMessage(self.__class__, common.MESSAGE_TYPE_WARNING,
msg)
]
elif len(users_proxy.RootPassword) < self._minlen:
# too short
msg = _("root password is too short, a longer one with at "
"least %d characters is required") % self._minlen
ret = [
RuleMessage(self.__class__, common.MESSAGE_TYPE_FATAL, msg)
]
else:
ret = []
if report_only:
return ret
# set the policy in any case (so that a weaker password is not entered)
policies = self._get_password_policies()
policy = policies[PASSWORD_POLICY_ROOT]
self._orig_minlen = policy.min_length
self._orig_strict = policy.is_strict
policy.min_length = self._minlen
policy.is_strict = True
self._set_password_policies(policies)
return ret
def test_evaluation_passwd_minlen_good_passwd(proxy_getter, rule_data, ksdata_mock, storage_mock):
password_proxy_mock = USERS.get_proxy()
password_proxy_mock.IsRootPasswordCrypted = False
password_proxy_mock.RootPassword = "******"
rule_data.new_rule("passwd --minlen=8")
messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=False)
# minimal password length less than actual length --> no warning
assert not messages
def __init__(self, data, storage, payload):
FirstbootSpokeMixIn.__init__(self)
NormalTUISpoke.__init__(self, data, storage, payload)
self.initialize_start()
# connect to the Users DBus module
self._users_module = USERS.get_proxy()
self.title = N_("User creation")
self._container = None
# was user creation requested by the Users DBus module
# - at the moment this basically means user creation was
# requested via kickstart
# - note that this does not currently update when user
# list is changed via DBus
self._user_requested = False
self._user_cleared = False
# should a user be created ?
self._create_user = False
self._user_list = get_user_list(self._users_module, add_default=True)
# if user has a name, it's an actual user that has been requested,
# rather than a default user added by us
if self.user.name:
self._user_requested = True
self._create_user = True
self._use_password = self.user.is_crypted or self.user.password
self._groups = ""
self._is_admin = False
self._policy = self.data.anaconda.pwpolicy.get_policy(
"user", fallback_to_default=True)
self.errors = []
self._users_module = USERS.get_proxy()
self.initialize_done()
def should_run(cls, environment, data):
if FirstbootSpokeMixIn.should_run(environment, data):
return True
# the user spoke should run always in the anaconda and in firstboot only
# when doing reconfig or if no user has been created in the installation
users_module = USERS.get_proxy()
user_list = get_user_list(users_module)
if environment == FIRSTBOOT_ENVIRON and data and not user_list:
return True
return False
def eval_rules(self, ksdata, storage, report_only=False):
""":see: RuleHandler.eval_rules"""
if self._minlen == 0:
# no password restrictions, nothing to be done here
return []
ret = []
users_proxy = USERS.get_proxy()
if not users_proxy.IsRootPasswordSet:
# root password was not set
msg = _("make sure to create password with minimal length of %d "
"characters") % self._minlen
ret = [RuleMessage(self.__class__,
common.MESSAGE_TYPE_WARNING, msg)]
else:
# root password set
if users_proxy.IsRootPasswordCrypted:
msg = _("cannot check root password length (password is crypted)")
log.warning("cannot check root password length (password is crypted)")
return [RuleMessage(self.__class__,
common.MESSAGE_TYPE_WARNING, msg)]
elif len(users_proxy.RootPassword) < self._minlen:
# too short
msg = _("root password is too short, a longer one with at "
"least %d characters is required") % self._minlen
ret = [RuleMessage(self.__class__,
common.MESSAGE_TYPE_FATAL, msg)]
else:
ret = []
if report_only:
return ret
# set the policy in any case (so that a weaker password is not entered)
pw_policy = ksdata.anaconda.pwpolicy.get_policy("root")
if pw_policy is None:
pw_policy = F22_PwPolicyData()
log.info("OSCAP addon: setting password policy %s" % pw_policy)
ksdata.anaconda.pwpolicy.policyList.append(pw_policy)
log.info("OSCAP addon: password policy list: %s" % ksdata.anaconda.pwpolicy.policyList)
self._created_policy = True
self._orig_minlen = pw_policy.minlen
self._orig_strict = pw_policy.strict
pw_policy.minlen = self._minlen
pw_policy.strict = True
return ret
def __init__(self, data, storage, payload):
NormalTUISpoke.__init__(self, data, storage, payload)
self.initialize_start()
self.title = N_("Root password")
self.input_required = False
self._policy = self.data.anaconda.pwpolicy.get_policy("root", fallback_to_default=True)
self._password = None
self._users_module = USERS.get_proxy()
self._services_module = SERVICES.get_proxy()
self.initialize_done()
def _load_kickstart(self):
"""Load the kickstart"""
from pyanaconda import kickstart
# Construct a commandMap with only the supported Anaconda's commands
commandMap = dict(
(k, kickstart.commandMap[k]) for k in SUPPORTED_KICKSTART_COMMANDS)
# Prepare new data object
self.data = kickstart.AnacondaKSHandler(self._addon_module_paths["ks"],
commandUpdates=commandMap)
kickstart_path = INPUT_KICKSTART_PATH
if os.path.exists(OUTPUT_KICKSTART_PATH):
log.info("using kickstart from previous run for input")
kickstart_path = OUTPUT_KICKSTART_PATH
log.info("parsing input kickstart %s", kickstart_path)
try:
# Read the installed kickstart
parser = kickstart.AnacondaKSParser(self.data)
parser.readKickstart(kickstart_path)
log.info("kickstart parsing done")
except pykickstart.errors.KickstartError as kserr:
log.critical("kickstart parsing failed: %s", kserr)
log.critical(
"Initial Setup startup failed due to invalid kickstart file")
raise InitialSetupError
# if we got this far the kickstart should be valid, so send it to Boss as well
boss = BOSS.get_proxy()
report = KickstartReport.from_structure(
boss.ReadKickstartFile(kickstart_path))
if not report.is_valid():
message = "\n\n".join(map(str, report.error_messages))
raise InitialSetupError(message)
if self.external_reconfig:
# set the reconfig flag in kickstart so that
# relevant spokes show up
services_proxy = SERVICES.get_proxy()
services_proxy.SetSetupOnBoot(SETUP_ON_BOOT_RECONFIG)
# Record if groups, users or root password has been set before Initial Setup
# has been started, so that we don't trample over existing configuration.
users_proxy = USERS.get_proxy()
self._groups_already_configured = bool(users_proxy.Groups)
self._users_already_configured = bool(users_proxy.Users)
self._root_password_already_configured = users_proxy.IsRootPasswordSet
def test_evaluation_passwd_minlen_crypted_passwd(
proxy_getter, rule_data, ksdata_mock, storage_mock):
password_proxy_mock = USERS.get_proxy()
password_proxy_mock.IsRootPasswordCrypted = True
password_proxy_mock.RootPassword = "******"
rule_data.new_rule("passwd --minlen=8")
messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=False)
# minimal password length greater than actual length --> one warning
assert len(messages) == 1
assert messages[0].type == common.MESSAGE_TYPE_WARNING
# warning has to mention that the password cannot be checked
assert "cannot check" in messages[0].text
def should_run(cls, environment, data):
# the user spoke should run always in the anaconda and in firstboot only
# when doing reconfig or if no user has been created in the installation
users_module = USERS.get_proxy()
user_list = get_user_list(users_module)
if environment == constants.ANACONDA_ENVIRON:
return True
elif environment == constants.FIRSTBOOT_ENVIRON and data is None:
# cannot decide, stay in the game and let another call with data
# available (will come) decide
return True
elif environment == constants.FIRSTBOOT_ENVIRON and data and not user_list:
return True
else:
return False
def test_evaluation_passwd_minlen_report_only_not_ignored(
proxy_getter, rule_data, ksdata_mock, storage_mock):
password_proxy_mock = USERS.get_proxy()
password_proxy_mock.IsRootPasswordCrypted = False
password_proxy_mock.RootPassword = "******"
rule_data.new_rule("passwd --minlen=8")
messages = rule_data.eval_rules(ksdata_mock,
storage_mock,
report_only=False)
# Mock pw_policy returned by anaconda.pwpolicy.get_policy()
pw_policy_mock = mock.Mock()
pw_policy_mock.minlen = 6
pw_policy_mock.strict = False
ksdata_mock.anaconda.pwpolicy.get_policy.return_value = pw_policy_mock
# call eval_rules with report_only=False
# should set password minimal length to 8
messages = rule_data.eval_rules(ksdata_mock,
storage_mock,
report_only=False)
# Password Policy changed --> no warnings
assert not messages
assert rule_data._passwd_rules._orig_minlen == 6
assert not rule_data._passwd_rules._orig_strict
assert pw_policy_mock.minlen == 8
assert pw_policy_mock.strict
assert rule_data._passwd_rules._minlen == 8
# call of eval_rules with report_only=True
# should not change anything
messages = rule_data.eval_rules(ksdata_mock,
storage_mock,
report_only=True)
# Password Policy stayed the same --> no warnings
assert not messages
assert rule_data._passwd_rules._orig_minlen == 6
assert not rule_data._passwd_rules._orig_strict
assert pw_policy_mock.minlen == 8
assert pw_policy_mock.strict
assert rule_data._passwd_rules._minlen == 8
def execute(self, storage, ksdata, users):
users_proxy = USERS.get_proxy()
if flags.automatedInstall and not users_proxy.IsRootPasswordSet and not users_proxy.IsRootpwKickstarted:
# Lock the root password if during an installation with kickstart
# the root password is empty & not specififed as empty in the kickstart
# (seen == False) via the rootpw command.
# Note that kickstart is actually the only way to specify an empty
# root password - we don't allow that via the UI.
users_proxy.SetRootAccountLocked(True)
elif not flags.automatedInstall and not users_proxy.IsRootPasswordSet:
# Also lock the root password if it was not set during interactive installation.
users_proxy.SetRootAccountLocked(True)
users.setRootPassword(users_proxy.RootPassword,
users_proxy.IsRootPasswordCrypted,
users_proxy.IsRootAccountLocked, None,
util.getSysroot())
def execute(self, storage, ksdata, users):
users_proxy = USERS.get_proxy()
if flags.automatedInstall and not users_proxy.IsRootPasswordSet and not users_proxy.IsRootpwKickstarted:
# Lock the root password if during an installation with kickstart
# the root password is empty & not specififed as empty in the kickstart
# (seen == False) via the rootpw command.
# Note that kickstart is actually the only way to specify an empty
# root password - we don't allow that via the UI.
users_proxy.SetRootAccountLocked(True)
elif not flags.automatedInstall and not users_proxy.IsRootPasswordSet:
# Also lock the root password if it was not set during interactive installation.
users_proxy.SetRootAccountLocked(True)
users.setRootPassword(users_proxy.RootPassword,
users_proxy.IsRootPasswordCrypted,
users_proxy.IsRootAccountLocked,
None,
util.getSysroot())
def set_dbus_defaults():
boss = BOSS.get_proxy()
boss.GetModules.return_value = [
KDUMP.service_name
]
kdump = KDUMP.get_proxy()
kdump.KdumpEnabled = True
user_interface = BOSS.get_proxy(USER_INTERFACE)
user_interface.PasswordPolicies = {}
network = NETWORK.get_proxy()
network.Connected.return_value = True
firewall = NETWORK.get_proxy(FIREWALL)
firewall.EnabledServices = []
firewall.DisabledServices = []
firewall.EnabledPorts = []
firewall.Trusts = []
device_tree = STORAGE.get_proxy(DEVICE_TREE)
device_tree.GetDeviceMountOptions.return_value = "defaults"
device_tree.GetMountPoints.return_value = {}
bootloader = STORAGE.get_proxy(BOOTLOADER)
bootloader.IsPasswordSet = False
users = USERS.get_proxy()
users.IsRootPasswordSet = True
users.IsRootPasswordCrypted = False
users.RootPassword = "******"
payloads = PAYLOADS.get_proxy()
payloads.ActivePayload = "/fake/payload/1"
dnf_payload = PAYLOADS.get_proxy("/fake/payload/1")
dnf_payload.Type = PAYLOAD_TYPE_DNF
packages_data = PackagesSelectionData()
dnf_payload.PackagesSelection = PackagesSelectionData.to_structure(packages_data)
def set_dbus_defaults():
network = NETWORK.get_proxy()
network.Connected.return_value = True
firewall = NETWORK.get_proxy(FIREWALL)
firewall.EnabledServices = []
firewall.DisabledServices = []
firewall.EnabledPorts = []
firewall.Trusts = []
device_tree = STORAGE.get_proxy(DEVICE_TREE)
device_tree.GetDeviceMountOptions.return_value = "defaults"
device_tree.GetMountPoints.return_value = {}
bootloader = STORAGE.get_proxy(BOOTLOADER)
bootloader.IsPasswordSet = False
users = USERS.get_proxy()
users.IsRootPasswordSet = True
users.IsRootPasswordCrypted = False
users.RootPassword = "******"
def test_evaluation_passwd_minlen_report_only_not_ignored(
proxy_getter, rule_data, ksdata_mock, storage_mock):
password_proxy_mock = USERS.get_proxy()
password_proxy_mock.IsRootPasswordCrypted = False
password_proxy_mock.RootPassword = "******"
rule_data.new_rule("passwd --minlen=8")
# call eval_rules with report_only=False
# should set password minimal length to 8
messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=False)
# Password Policy changed --> no warnings
assert not messages
assert rule_data._passwd_rules._orig_minlen == 6
assert not rule_data._passwd_rules._orig_strict
assert rule_data._passwd_rules._minlen == 8
policy = PasswordPolicy.from_defaults(PASSWORD_POLICY_ROOT)
policy.min_length = 8
policy.is_strict = True
policies = {PASSWORD_POLICY_ROOT: policy}
ui_mock = BOSS.get_proxy(USER_INTERFACE)
assert ui_mock.PasswordPolicies == \
PasswordPolicy.to_structure_dict(policies)
# call of eval_rules with report_only=True
# should not change anything
messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=True)
# Password Policy stayed the same --> no warnings
assert not messages
assert rule_data._passwd_rules._orig_minlen == 6
assert not rule_data._passwd_rules._orig_strict
assert rule_data._passwd_rules._minlen == 8
assert ui_mock.PasswordPolicies == \
PasswordPolicy.to_structure_dict(policies)
def test_evaluation_passwd_minlen_short_passwd_report_only(
proxy_getter, rule_data, ksdata_mock, storage_mock):
password_proxy_mock = USERS.get_proxy()
password_proxy_mock.IsRootPasswordCrypted = False
password_proxy_mock.RootPassword = "******"
rule_data.new_rule("passwd --minlen=8")
messages = rule_data.eval_rules(ksdata_mock, storage_mock, report_only=True)
# minimal password length greater than actual length --> one warning
assert len(messages) == 1
assert messages[0].type == common.MESSAGE_TYPE_FATAL
# warning has to mention the length
assert "8" in messages[0].text
# warning should mention that something is wrong with the old password
assert "is" in messages[0].text
# doing changes --> password should not be cleared
assert password_proxy_mock.RootPassword == "aaaa"
def _resolve_rootpw_issues(self, messages, report_only):
"""Mitigate root password issues (which are not fatal in GUI)"""
fatal_rootpw_msgs = [
msg for msg in messages if msg.origin == rule_handling.PasswdRules
and msg.type == common.MESSAGE_TYPE_FATAL
]
if fatal_rootpw_msgs:
for msg in fatal_rootpw_msgs:
# cannot just change the message type because it is a namedtuple
messages.remove(msg)
msg = common.RuleMessage(self.__class__,
common.MESSAGE_TYPE_WARNING, msg.text)
messages.append(msg)
if not report_only:
users_proxy = USERS.get_proxy()
self.__old_root_pw = users_proxy.RootPassword
self.data.rootpw.password = None
self.__old_root_pw_seen = users_proxy.IsRootpwKickstarted
self.data.rootpw.seen = False
def _prepare_configuration(payload, ksdata):
"""Configure the installed system."""
configuration_queue = TaskQueue("Configuration queue")
# connect progress reporting
configuration_queue.queue_started.connect(
lambda x: progress_message(x.status_message))
configuration_queue.task_completed.connect(lambda x: progress_step(x.name))
# schedule the execute methods of ksdata that require an installed system to be present
os_config = TaskQueue("Installed system configuration",
N_("Configuring installed system"))
# add installation tasks for the Security DBus module
security_proxy = SECURITY.get_proxy()
security_dbus_tasks = security_proxy.InstallWithTasks()
os_config.append_dbus_tasks(SECURITY, security_dbus_tasks)
# add installation tasks for the Services DBus module
services_proxy = SERVICES.get_proxy()
services_dbus_tasks = services_proxy.InstallWithTasks()
os_config.append_dbus_tasks(SERVICES, services_dbus_tasks)
# add installation tasks for the Timezone DBus module
timezone_proxy = TIMEZONE.get_proxy()
timezone_dbus_tasks = timezone_proxy.InstallWithTasks()
os_config.append_dbus_tasks(TIMEZONE, timezone_dbus_tasks)
# add installation tasks for the Localization DBus module
localization_proxy = LOCALIZATION.get_proxy()
localization_dbus_tasks = localization_proxy.InstallWithTasks()
os_config.append_dbus_tasks(LOCALIZATION, localization_dbus_tasks)
# add the Firewall configuration task
firewall_proxy = NETWORK.get_proxy(FIREWALL)
firewall_dbus_task = firewall_proxy.InstallWithTask()
os_config.append_dbus_tasks(NETWORK, [firewall_dbus_task])
configuration_queue.append(os_config)
# schedule network configuration (if required)
if conf.system.provides_network_config:
overwrite = isinstance(payload, LiveImagePayload)
network_config = TaskQueue("Network configuration",
N_("Writing network configuration"))
network_config.append(
Task("Network configuration", network.write_configuration,
(overwrite, )))
configuration_queue.append(network_config)
# add installation tasks for the Users DBus module
user_config = TaskQueue("User creation", N_("Creating users"))
users_proxy = USERS.get_proxy()
users_dbus_tasks = users_proxy.InstallWithTasks()
os_config.append_dbus_tasks(USERS, users_dbus_tasks)
configuration_queue.append(user_config)
# Anaconda addon configuration
addon_config = TaskQueue("Anaconda addon configuration",
N_("Configuring addons"))
# there is no longer a User class & addons should no longer need it
# FIXME: drop user class parameter from the API & all known addons
addon_config.append(
Task("Configure Anaconda addons", ksdata.addons.execute,
(None, ksdata, None, payload)))
boss_proxy = BOSS.get_proxy()
addon_config.append_dbus_tasks(BOSS, [boss_proxy.InstallSystemWithTask()])
configuration_queue.append(addon_config)
# Initramfs generation
generate_initramfs = TaskQueue("Initramfs generation",
N_("Generating initramfs"))
generate_initramfs.append(
Task("Generate initramfs", payload.recreate_initrds))
# This works around 2 problems, /boot on BTRFS and BTRFS installations where the initrd is
# recreated after the first writeBootLoader call. This reruns it after the new initrd has
# been created, fixing the kernel root and subvol args and adding the missing initrd entry.
bootloader_proxy = STORAGE.get_proxy(BOOTLOADER)
if isinstance(payload, LiveImagePayload):
btrfs_task = bootloader_proxy.FixBTRFSWithTask(
payload.kernel_version_list)
generate_initramfs.append_dbus_tasks(STORAGE, [btrfs_task])
# Invoking zipl should be the last thing done on a s390x installation (see #1652727).
zipl_task = bootloader_proxy.FixZIPLWithTask()
generate_initramfs.append_dbus_tasks(STORAGE, [zipl_task])
configuration_queue.append(generate_initramfs)
# realm join
# - this can run only after network is configured in the target system chroot
configuration_queue.append_dbus_tasks(SECURITY,
[security_proxy.JoinRealmWithTask()])
post_scripts = TaskQueue("Post installation scripts",
N_("Running post-installation scripts"))
post_scripts.append(
Task("Run post installation scripts", runPostScripts,
(ksdata.scripts, )))
configuration_queue.append(post_scripts)
# setup kexec reboot if requested
if flags.flags.kexec:
kexec_setup = TaskQueue("Kexec setup", N_("Setting up kexec"))
kexec_setup.append(Task("Setup kexec", setup_kexec))
configuration_queue.append(kexec_setup)
# write anaconda related configs & kickstarts
write_configs = TaskQueue("Write configs and kickstarts",
N_("Storing configuration files and kickstarts"))
# Write the kickstart file to the installed system (or, copy the input
# kickstart file over if one exists).
if flags.flags.nosave_output_ks:
# don't write the kickstart file to the installed system if this has
# been disabled by the nosave option
log.warning(
"Writing of the output kickstart to installed system has been disabled"
" by the nosave option.")
else:
# write anaconda related configs & kickstarts
write_configs.append(Task("Store kickstarts", _writeKS, (ksdata, )))
# only add write_configs to the main queue if we actually store some kickstarts/configs
if write_configs.task_count:
configuration_queue.append(write_configs)
return configuration_queue
def __str__(self):
users_proxy = USERS.get_proxy()
return users_proxy.GenerateTemporaryKickstart()
def _prepare_configuration(payload, ksdata):
"""Configure the installed system."""
configuration_queue = TaskQueue("Configuration queue")
# connect progress reporting
configuration_queue.queue_started.connect(
lambda x: progress_message(x.status_message))
configuration_queue.task_completed.connect(lambda x: progress_step(x.name))
# add installation tasks for the Subscription DBus module
if is_module_available(SUBSCRIPTION):
# we only run the tasks if the Subscription module is available
subscription_config = TaskQueue("Subscription configuration",
N_("Configuring Red Hat subscription"))
subscription_proxy = SUBSCRIPTION.get_proxy()
subscription_dbus_tasks = subscription_proxy.InstallWithTasks()
subscription_config.append_dbus_tasks(SUBSCRIPTION,
subscription_dbus_tasks)
configuration_queue.append(subscription_config)
# schedule the execute methods of ksdata that require an installed system to be present
os_config = TaskQueue("Installed system configuration",
N_("Configuring installed system"))
# add installation tasks for the Security DBus module
security_proxy = SECURITY.get_proxy()
security_dbus_tasks = security_proxy.InstallWithTasks()
os_config.append_dbus_tasks(SECURITY, security_dbus_tasks)
# add installation tasks for the Timezone DBus module
# run these tasks before tasks of the Services module
if is_module_available(TIMEZONE):
timezone_proxy = TIMEZONE.get_proxy()
timezone_dbus_tasks = timezone_proxy.InstallWithTasks()
os_config.append_dbus_tasks(TIMEZONE, timezone_dbus_tasks)
# add installation tasks for the Services DBus module
services_proxy = SERVICES.get_proxy()
services_dbus_tasks = services_proxy.InstallWithTasks()
os_config.append_dbus_tasks(SERVICES, services_dbus_tasks)
# add installation tasks for the Localization DBus module
if is_module_available(LOCALIZATION):
localization_proxy = LOCALIZATION.get_proxy()
localization_dbus_tasks = localization_proxy.InstallWithTasks()
os_config.append_dbus_tasks(LOCALIZATION, localization_dbus_tasks)
# add the Firewall configuration task
if conf.target.can_configure_network:
firewall_proxy = NETWORK.get_proxy(FIREWALL)
firewall_dbus_task = firewall_proxy.InstallWithTask()
os_config.append_dbus_tasks(NETWORK, [firewall_dbus_task])
configuration_queue.append(os_config)
# schedule network configuration (if required)
if conf.target.can_configure_network and conf.system.provides_network_config:
overwrite = payload.type in PAYLOAD_LIVE_TYPES
network_config = TaskQueue("Network configuration",
N_("Writing network configuration"))
network_config.append(
Task("Network configuration", network.write_configuration,
(overwrite, )))
configuration_queue.append(network_config)
# add installation tasks for the Users DBus module
if is_module_available(USERS):
user_config = TaskQueue("User creation", N_("Creating users"))
users_proxy = USERS.get_proxy()
users_dbus_tasks = users_proxy.InstallWithTasks()
user_config.append_dbus_tasks(USERS, users_dbus_tasks)
configuration_queue.append(user_config)
# Anaconda addon configuration
addon_config = TaskQueue("Anaconda addon configuration",
N_("Configuring addons"))
# there is no longer a User class & addons should no longer need it
# FIXME: drop user class parameter from the API & all known addons
addon_config.append(
Task("Configure Anaconda addons", ksdata.addons.execute,
(None, ksdata, None, payload)))
boss_proxy = BOSS.get_proxy()
addon_config.append_dbus_tasks(BOSS, [boss_proxy.InstallSystemWithTask()])
configuration_queue.append(addon_config)
# Initramfs generation
generate_initramfs = TaskQueue("Initramfs generation",
N_("Generating initramfs"))
bootloader_proxy = STORAGE.get_proxy(BOOTLOADER)
def run_generate_initramfs():
tasks = bootloader_proxy.GenerateInitramfsWithTasks(
payload.type, payload.kernel_version_list)
for task in tasks:
sync_run_task(STORAGE.get_proxy(task))
generate_initramfs.append(
Task("Generate initramfs", run_generate_initramfs))
configuration_queue.append(generate_initramfs)
# Configure FIPS.
configuration_queue.append_dbus_tasks(
SECURITY, [security_proxy.ConfigureFIPSWithTask()])
# realm join
# - this can run only after network is configured in the target system chroot
configuration_queue.append_dbus_tasks(SECURITY,
[security_proxy.JoinRealmWithTask()])
post_scripts = TaskQueue("Post installation scripts",
N_("Running post-installation scripts"))
post_scripts.append(
Task("Run post installation scripts", runPostScripts,
(ksdata.scripts, )))
configuration_queue.append(post_scripts)
# setup kexec reboot if requested
if flags.flags.kexec:
kexec_setup = TaskQueue("Kexec setup", N_("Setting up kexec"))
kexec_setup.append(Task("Setup kexec", setup_kexec))
configuration_queue.append(kexec_setup)
# write anaconda related configs & kickstarts
write_configs = TaskQueue("Write configs and kickstarts",
N_("Storing configuration files and kickstarts"))
# Write the kickstart file to the installed system (or, copy the input
# kickstart file over if one exists).
if flags.flags.nosave_output_ks:
# don't write the kickstart file to the installed system if this has
# been disabled by the nosave option
log.warning(
"Writing of the output kickstart to installed system has been disabled"
" by the nosave option.")
else:
# write anaconda related configs & kickstarts
write_configs.append(Task("Store kickstarts", _writeKS, (ksdata, )))
# only add write_configs to the main queue if we actually store some kickstarts/configs
if write_configs.task_count:
configuration_queue.append(write_configs)
return configuration_queue
def _apply(self):
# Do not execute sections that were part of the original
# anaconda kickstart file (== have .seen flag set)
log.info("applying changes")
sections = [self.data.keyboard, self.data.lang, self.data.timezone]
# data.selinux
# data.firewall
localization_proxy = LOCALIZATION.get_proxy()
self.data.keyboard.seen = localization_proxy.KeyboardKickstarted
self.data.lang.seen = localization_proxy.LanguageKickstarted
timezone_proxy = TIMEZONE.get_proxy()
self.data.timezone.seen = timezone_proxy.Kickstarted
log.info("executing kickstart")
for section in sections:
section_msg = "%s on line %d" % (repr(section), section.lineno)
if section.seen:
log.debug("skipping %s", section_msg)
continue
log.debug("executing %s", section_msg)
section.execute(None, self.data, None)
# Prepare the user database tools
u = Users()
sections = [self.data.group, self.data.user, self.data.rootpw]
users_proxy = USERS.get_proxy()
self.data.rootpw.seen = users_proxy.IsRootpwKickstarted
for section in sections:
section_msg = "%s on line %d" % (repr(section), section.lineno)
if section.seen:
log.debug("skipping %s", section_msg)
continue
log.debug("executing %s", section_msg)
section.execute(None, self.data, None, u)
# Configure all addons
log.info("executing addons")
self.data.addons.execute(None, self.data, None, u, None)
if self.external_reconfig:
# prevent the reconfig flag from being written out
# to kickstart if neither /etc/reconfigSys or /.unconfigured
# are present
services_proxy = SERVICES.get_proxy()
services_proxy.SetSetupOnBoot(SETUP_ON_BOOT_DEFAULT)
# Write the kickstart data to file
log.info("writing the Initial Setup kickstart file %s",
OUTPUT_KICKSTART_PATH)
with open(OUTPUT_KICKSTART_PATH, "w") as f:
f.write(str(self.data))
log.info("finished writing the Initial Setup kickstart file")
# Remove the reconfig files, if any - otherwise the reconfig mode
# would start again next time the Initial Setup service is enabled.
if self.external_reconfig:
for reconfig_file in RECONFIG_FILES:
if os.path.exists(reconfig_file):
log.debug("removing reconfig trigger file: %s" %
reconfig_file)
os.remove(reconfig_file)
# and we are done with applying changes
log.info("all changes have been applied")
def __str__(self):
users_proxy = USERS.get_proxy()
return users_proxy.GenerateKickstart()
def _apply(self):
# Do not execute sections that were part of the original
# anaconda kickstart file (== have .seen flag set)
log.info("applying changes")
services_proxy = SERVICES.get_proxy()
reconfig_mode = services_proxy.SetupOnBoot == SETUP_ON_BOOT_RECONFIG
# data.selinux
# data.firewall
# Configure the timezone.
timezone_proxy = TIMEZONE.get_proxy()
for task_path in timezone_proxy.InstallWithTasks():
task_proxy = TIMEZONE.get_proxy(task_path)
sync_run_task(task_proxy)
# Configure the localization.
localization_proxy = LOCALIZATION.get_proxy()
for task_path in localization_proxy.InstallWithTasks():
task_proxy = LOCALIZATION.get_proxy(task_path)
sync_run_task(task_proxy)
# Configure persistent hostname
network_proxy = NETWORK.get_proxy()
network_task = network_proxy.ConfigureHostnameWithTask(True)
task_proxy = NETWORK.get_proxy(network_task)
sync_run_task(task_proxy)
# Set current hostname
network_proxy.SetCurrentHostname(network_proxy.Hostname)
# Configure groups, users & root account
#
# NOTE: We only configure groups, users & root account if the respective
# kickstart commands are *not* seen in the input kickstart.
# This basically means that we will configure only what was
# set in the Initial Setup UI and will not attempt to configure
# anything that looks like it was configured previously in
# the Anaconda UI or installation kickstart.
users_proxy = USERS.get_proxy()
if self._groups_already_configured and not reconfig_mode:
log.debug("skipping user group configuration - already configured")
elif users_proxy.Groups: # only run of there are some groups to create
groups_task = users_proxy.ConfigureGroupsWithTask()
task_proxy = USERS.get_proxy(groups_task)
log.debug("configuring user groups via %s task", task_proxy.Name)
sync_run_task(task_proxy)
if self._users_already_configured and not reconfig_mode:
log.debug("skipping user configuration - already configured")
elif users_proxy.Users: # only run if there are some users to create
users_task = users_proxy.ConfigureUsersWithTask()
task_proxy = USERS.get_proxy(users_task)
log.debug("configuring users via %s task", task_proxy.Name)
sync_run_task(task_proxy)
if self._root_password_already_configured and not reconfig_mode:
log.debug(
"skipping root password configuration - already configured")
else:
root_task = users_proxy.SetRootPasswordWithTask()
task_proxy = USERS.get_proxy(root_task)
log.debug("configuring root password via %s task", task_proxy.Name)
sync_run_task(task_proxy)
# Configure all addons
log.info("executing addons")
self.data.addons.execute(storage=None,
ksdata=self.data,
users=None,
payload=None)
boss_proxy = BOSS.get_proxy()
task_path = boss_proxy.InstallSystemWithTask()
task_proxy = BOSS.get_proxy(task_path)
sync_run_task(task_proxy)
if self.external_reconfig:
# prevent the reconfig flag from being written out
# to kickstart if neither /etc/reconfigSys or /.unconfigured
# are present
services_proxy = SERVICES.get_proxy()
services_proxy.SetSetupOnBoot(SETUP_ON_BOOT_DEFAULT)
# Write the kickstart data to file
log.info("writing the Initial Setup kickstart file %s",
OUTPUT_KICKSTART_PATH)
with open(OUTPUT_KICKSTART_PATH, "w") as f:
f.write(str(self.data))
log.info("finished writing the Initial Setup kickstart file")
# Remove the reconfig files, if any - otherwise the reconfig mode
# would start again next time the Initial Setup service is enabled.
if self.external_reconfig:
for reconfig_file in RECONFIG_FILES:
if os.path.exists(reconfig_file):
log.debug("removing reconfig trigger file: %s" %
reconfig_file)
os.remove(reconfig_file)
# and we are done with applying changes
log.info("all changes have been applied")
def doConfiguration(storage, payload, ksdata):
"""Configure the installed system."""
configuration_queue = TaskQueue("Configuration queue")
# connect progress reporting
configuration_queue.queue_started.connect(
lambda x: progress_message(x.status_message))
configuration_queue.task_completed.connect(lambda x: progress_step(x.name))
# schedule the execute methods of ksdata that require an installed system to be present
os_config = TaskQueue("Installed system configuration",
N_("Configuring installed system"))
os_config.append(Task("Configure authselect", ksdata.authselect.execute))
security_proxy = SECURITY.get_proxy()
security_dbus_tasks = security_proxy.InstallWithTasks(util.getSysroot())
# add one Task instance per DBUS task
for dbus_task in security_dbus_tasks:
task_proxy = SECURITY.get_proxy(dbus_task)
os_config.append(Task(task_proxy.Name, sync_run_task, (task_proxy, )))
services_proxy = SERVICES.get_proxy()
services_dbus_tasks = services_proxy.InstallWithTasks(util.getSysroot())
# add one Task instance per DBUS task
for dbus_task in services_dbus_tasks:
task_proxy = SERVICES.get_proxy(dbus_task)
os_config.append(Task(task_proxy.Name, sync_run_task, (task_proxy, )))
os_config.append(Task("Configure keyboard", ksdata.keyboard.execute))
os_config.append(Task("Configure timezone", ksdata.timezone.execute))
localization_proxy = LOCALIZATION.get_proxy()
localization_dbus_tasks = localization_proxy.InstallWithTasks(
util.getSysroot())
# add one Task instance per DBUS task
for dbus_task in localization_dbus_tasks:
task_proxy = LOCALIZATION.get_proxy(dbus_task)
os_config.append(Task(task_proxy.Name, sync_run_task, (task_proxy, )))
firewall_proxy = NETWORK.get_proxy(FIREWALL)
firewall_dbus_task = firewall_proxy.InstallWithTask(util.getSysroot())
task_proxy = NETWORK.get_proxy(firewall_dbus_task)
os_config.append(Task(task_proxy.Name, sync_run_task, (task_proxy, )))
configuration_queue.append(os_config)
# schedule network configuration (if required)
if conf.system.provides_network_config:
network_config = TaskQueue("Network configuration",
N_("Writing network configuration"))
network_config.append(
Task("Network configuration", ksdata.network.execute, (payload, )))
configuration_queue.append(network_config)
# creating users and groups requires some pre-configuration.
user_config = TaskQueue("User creation", N_("Creating users"))
users_proxy = USERS.get_proxy()
users_dbus_tasks = users_proxy.InstallWithTasks(util.getSysroot())
# add one Task instance per DBUS task
for dbus_task in users_dbus_tasks:
task_proxy = USERS.get_proxy(dbus_task)
user_config.append(Task(task_proxy.Name, sync_run_task,
(task_proxy, )))
configuration_queue.append(user_config)
# Anaconda addon configuration
addon_config = TaskQueue("Anaconda addon configuration",
N_("Configuring addons"))
# there is no longer a User class & addons should no longer need it
# FIXME: drop user class parameter from the API & all known addons
addon_config.append(
Task("Configure Anaconda addons", ksdata.addons.execute,
(storage, ksdata, None, payload)))
configuration_queue.append(addon_config)
# Initramfs generation
generate_initramfs = TaskQueue("Initramfs generation",
N_("Generating initramfs"))
generate_initramfs.append(
Task("Generate initramfs", payload.recreate_initrds))
# This works around 2 problems, /boot on BTRFS and BTRFS installations where the initrd is
# recreated after the first writeBootLoader call. This reruns it after the new initrd has
# been created, fixing the kernel root and subvol args and adding the missing initrd entry.
boot_on_btrfs = isinstance(storage.mountpoints.get("/"), BTRFSDevice)
bootloader_proxy = STORAGE.get_proxy(BOOTLOADER)
bootloader_enabled = bootloader_proxy.BootloaderMode != BOOTLOADER_DISABLED
if isinstance(payload,
LiveImagePayload) and boot_on_btrfs and bootloader_enabled:
generate_initramfs.append(
Task("Write BTRFS bootloader fix", write_boot_loader,
(storage, payload)))
# Invoking zipl should be the last thing done on a s390x installation (see #1652727).
if arch.is_s390() and not conf.target.is_directory and bootloader_enabled:
generate_initramfs.append(
Task("Rerun zipl", lambda: util.execInSysroot("zipl", [])))
configuration_queue.append(generate_initramfs)
# join a realm (if required)
if ksdata.realm.discovered:
join_realm = TaskQueue(
"Realm join",
N_("Joining realm: %s") % ksdata.realm.discovered)
join_realm.append(Task("Join a realm", ksdata.realm.execute))
configuration_queue.append(join_realm)
post_scripts = TaskQueue("Post installation scripts",
N_("Running post-installation scripts"))
post_scripts.append(
Task("Run post installation scripts", runPostScripts,
(ksdata.scripts, )))
configuration_queue.append(post_scripts)
# setup kexec reboot if requested
if flags.flags.kexec:
kexec_setup = TaskQueue("Kexec setup", N_("Setting up kexec"))
kexec_setup.append(Task("Setup kexec", setup_kexec))
configuration_queue.append(kexec_setup)
# write anaconda related configs & kickstarts
write_configs = TaskQueue("Write configs and kickstarts",
N_("Storing configuration files and kickstarts"))
# Write the kickstart file to the installed system (or, copy the input
# kickstart file over if one exists).
if flags.flags.nosave_output_ks:
# don't write the kickstart file to the installed system if this has
# been disabled by the nosave option
log.warning(
"Writing of the output kickstart to installed system has been disabled"
" by the nosave option.")
else:
# write anaconda related configs & kickstarts
write_configs.append(Task("Store kickstarts", _writeKS, (ksdata, )))
# only add write_configs to the main queue if we actually store some kickstarts/configs
if write_configs.task_count:
configuration_queue.append(write_configs)
# notify progress tracking about the number of steps
progress_init(configuration_queue.task_count)
# log contents of the main task queue
log.info(configuration_queue.summary)
# log tasks and queues when they are started
# - note that we are using generators to add the counter
queue_counter = util.item_counter(configuration_queue.queue_count)
task_started_counter = util.item_counter(configuration_queue.task_count)
task_completed_counter = util.item_counter(configuration_queue.task_count)
configuration_queue.queue_started.connect(lambda x: log.info(
"Queue started: %s (%s)", x.name, next(queue_counter)))
configuration_queue.task_started.connect(lambda x: log.info(
"Task started: %s (%s)", x.name, next(task_started_counter)))
configuration_queue.task_completed.connect(
lambda x: log.debug("Task completed: %s (%s) (%1.1f s)", x.name,
next(task_completed_counter), x.elapsed_time))
# start the task queue
configuration_queue.start()
# done
progress_complete()
def __init__(self, *args):
NormalSpoke.__init__(self, *args)
GUISpokeInputCheckHandler.__init__(self)
self._users_module = USERS.get_proxy()
def __init__(self, *args):
NormalSpoke.__init__(self, *args)
GUISpokeInputCheckHandler.__init__(self)
self._users_module = USERS.get_proxy()
self._password_is_required = True
