Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

setup, ansible: Add rules for ansible that runs as regular user #243

Merged
merged 1 commit into from
Apr 7, 2022
Merged

setup, ansible: Add rules for ansible that runs as regular user #243

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion ovirt-engine.spec.in
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1240,7 +1240,7 @@ fi
%config %{_sysconfdir}/ovirt-engine-setup.conf.d/10-packaging.conf
%{_bindir}/engine-upgrade-check
%{engine_data}/conf/ovirt-engine-proxy.conf.v2.in
%{engine_data}/conf/fapolicyd-55-allow-ovirt-jboss.rules.in
%{engine_data}/conf/fapolicyd-55-allow-ovirt.rules.in
%{engine_data}/conf/ovirt-engine-root-redirect.conf.in
%{engine_data}/firewalld/ovirt-engine/
%{engine_data}/setup/bin/ovirt-engine-upgrade-check
Expand Down
1 change: 1 addition & 0 deletions ...g/ansible-runner-service-project/project/roles/ovirt-host-deploy-vdsm/tasks/configure.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@
remote_src: yes
content: |
allow perm=any trust=1 : dir=/etc/vdsm/mom.d/ ftype=text/x-lisp
allow perm=any trust=1 : dir=/var/tmp/ ftype=text/x-python
- name: restart fapolicy service
systemd:
Expand Down
5 changes: 0 additions & 5 deletions packaging/conf/fapolicyd-55-allow-ovirt-jboss.rules.in
View file
Open in desktop

This file was deleted.

5 changes: 5 additions & 0 deletions packaging/conf/fapolicyd-55-allow-ovirt.rules.in
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
#
# This is Ovirt Engine configuration and MUST NOT be changed manually
#
%java=application/java-archive,text/x-java,application/x-java-applet,application/javascript,text/javascript,text/x-python
allow perm=any trust=1 : dir=@ENGINE_RUNTIME_DIR@ ftype=%lang
8 changes: 4 additions & 4 deletions packaging/setup/ovirt_engine_setup/engine_common/constants.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -79,16 +79,16 @@ class FileLocations(object):
OVIRT_ENGINE_PKIKEYSDIR,
'apache.key.nopass',
)
FAPOLICYD_ALLOW_OVIRT_JBOSS_RULE_TEMPLATE = os.path.join(
FAPOLICYD_ALLOW_OVIRT_ENGINE_RULE_TEMPLATE = os.path.join(
osetupcons.FileLocations.OVIRT_SETUP_DATADIR,
'conf',
'fapolicyd-55-allow-ovirt-jboss.rules.in',
'fapolicyd-55-allow-ovirt.rules.in',
)
FAPOLICYD_ALLOW_OVIRT_JBOSS_RULE = os.path.join(
FAPOLICYD_ALLOW_OVIRT_ENGINE_RULE = os.path.join(
SYSCONFDIR,
'fapolicyd',
'rules.d',
'55-allow-ovirt-jboss.rules',
'55-allow-ovirt.rules',
)


Expand Down
4 changes: 2 additions & 2 deletions packaging/setup/plugins/ovirt-engine-setup/ovirt-engine/config/__init__.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,10 +21,10 @@
from . import ca
from . import database
from . import domain_type
from . import fapolicyd
from . import firewall
from . import java
from . import jboss
from . import jboss_fapolicyd
from . import notifier
from . import options
from . import protocols
Expand Down Expand Up @@ -55,7 +55,7 @@ def createPlugins(context):
storage.Plugin(context=context)
sso.Plugin(context=context)
notifier.Plugin(context=context)
jboss_fapolicyd.Plugin(context=context)
fapolicyd.Plugin(context=context)


# vim: expandtab tabstop=4 shiftwidth=4
21 changes: 8 additions & 13 deletions ...up/ovirt-engine/config/jboss_fapolicyd.py → ...ne-setup/ovirt-engine/config/fapolicyd.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
#


"""Jboss fapolicyd plugin."""
"""Engine fapolicyd plugin."""


import gettext
Expand All @@ -18,7 +18,6 @@
from otopi import plugin
from otopi import util

from ovirt_engine import configfile
from ovirt_engine import util as outil

from ovirt_engine_setup import constants as osetupcons
Expand All @@ -43,28 +42,24 @@ def __init__(self, context):
def _init(self):
self.environment.setdefault(
oengcommcons.FapolicydEnv.FAPOLICYD_ALLOW_OVIRT_RULE,
oengcommcons.FileLocations.FAPOLICYD_ALLOW_OVIRT_JBOSS_RULE
oengcommcons.FileLocations.FAPOLICYD_ALLOW_OVIRT_ENGINE_RULE
)

@plugin.event(
stage=plugin.Stages.STAGE_MISC,
condition=lambda self: (
self.environment[oenginecons.CoreEnv.ENABLE] and
not os.path.exists(
oengcommcons.FileLocations.FAPOLICYD_ALLOW_OVIRT_JBOSS_RULE
oengcommcons.FileLocations.
FAPOLICYD_ALLOW_OVIRT_ENGINE_RULE
) and not self.environment[
osetupcons.CoreEnv.DEVELOPER_MODE
]
),
)
def _misc(self):
config = configfile.ConfigFile([
oenginecons.FileLocations.OVIRT_ENGINE_SERVICE_CONFIG_DEFAULTS,
oenginecons.FileLocations.OVIRT_ENGINE_SERVICE_CONFIG
])
engine_tmp_dir = os.path.join(
config.get('JBOSS_RUNTIME'),
'tmp'
engine_runtime_dir = (
oenginecons.FileLocations.OVIRT_ENGINE_LOCALSTATEDIR
)

self.environment[oengcommcons.FapolicydEnv.NEED_RESTART] = True
Expand All @@ -76,10 +71,10 @@ def _misc(self):
content=outil.processTemplate(
template=(
oengcommcons.FileLocations.
FAPOLICYD_ALLOW_OVIRT_JBOSS_RULE_TEMPLATE
FAPOLICYD_ALLOW_OVIRT_ENGINE_RULE_TEMPLATE
),
subst={
'@JBOSS_RUNTIME_TMP_DIR@': engine_tmp_dir,
'@ENGINE_RUNTIME_DIR@': engine_runtime_dir,
},
),
modifiedList=self.environment[
Expand Down