actor: add inihibtor FirewalldCheckAllowZoneDrifting #777
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Thank you for contributing to the Leapp project!Please note that every PR needs to comply with the Leapp Guidelines and must pass all tests in order to be mergable.
Please open ticket in case you experience technical problem with the CI. (RH internal only) Note: In case there are problems with tests not being triggered automatically on new PR/commit or pending for a long time, please consider rerunning the CI by commenting leapp-ci build (might require several comments). If the problem persists, contact leapp-infra. |
erig0
force-pushed
the
OAMG-4391
branch
6 times, most recently
from
2ccf8eb
to
9940dbe
Compare
|
review please |
vinzenz
reviewed
Dec 14, 2021
repos/system_upgrade/el8toel9/actors/firewalldcheckallowzonedrifting/actor.py
Outdated
Show resolved
Hide resolved
vinzenz
reviewed
Dec 14, 2021
repos/system_upgrade/el8toel9/actors/firewalldcheckallowzonedrifting/actor.py
Outdated
Show resolved
Hide resolved
vinzenz
previously requested changes
Dec 14, 2021
There was a problem hiding this comment.
Thank you very much for your PR, it looks quite good already, however there are a few things in general that need to be addressed.
- Please drop the usage of double quotes and replace them with single quotes.
- Please do not use % style string formatting
- The detection part, is by our convention to be done in the FactsCollection phase (FactsPhaseTag)
- The ChecksPhaseTag should check just for message provided by the fact collection actor and generate the inhibitor based on that.
- For that you will have to create a Model that you can pass that information, e.g. to make it usable for the future, it could be a list of deprecated/removed options that are used by the user, etc.
vinzenz
reviewed
Dec 14, 2021
repos/system_upgrade/el8toel9/actors/firewalldcheckallowzonedrifting/actor.py
Show resolved
Hide resolved
vinzenz
reviewed
Dec 14, 2021
repos/system_upgrade/el8toel9/actors/firewalldcheckallowzonedrifting/libraries/private.py
Outdated
Show resolved
Hide resolved
vinzenz
reviewed
Dec 14, 2021
...tors/firewalldcheckallowzonedrifting/tests/component_test_firewalldcheckallowzonedrifting.py
Outdated
Show resolved
Hide resolved
fernflower
reviewed
Dec 15, 2021
...l9/actors/firewalldcheckallowzonedrifting/tests/test_unit_firewalldcheckallowzonedrifting.py
Outdated
Show resolved
Hide resolved
...tors/firewalldcheckallowzonedrifting/tests/component_test_firewalldcheckallowzonedrifting.py
Outdated
Show resolved
Hide resolved
repos/system_upgrade/el8toel9/actors/firewalldcheckallowzonedrifting/actor.py
Outdated
Show resolved
Hide resolved
ACK. Both are valid and there is no PEP suggesting either. That being said, if Leapp uses single quotes everywhere I will change them. Double quotes make sense if the string has apostrophes.
ACK. Bad habit from python < 2.7.
Knowledge about |
erig0
changed the title
|
This PR has been linked in issue tracker (#OAMG-6318). |
erig0
force-pushed
the
OAMG-4391
branch
3 times, most recently
from
f0f26ea
to
c3f27af
Compare
erig0
changed the title
erig0
force-pushed
the
OAMG-4391
branch
3 times, most recently
from
17d0d75
to
c03f88f
Compare
|
review please. |
|
Testing Farm request for 7to8/3221645 regression testing has been created. Once finished, results should be available here. |
|
Testing Farm request for 8to9/3221645 regression testing has been created. Once finished, results should be available here. |
|
/rerun |
|
Copr build succeeded: https://copr.fedorainfracloud.org/coprs/build/3247626 |
|
Testing Farm request for 7to8/3247626 regression testing has been created. Once finished, results should be available here. |
|
Testing Farm request for 8to9/3247626 regression testing has been created. Once finished, results should be available here. |
bump |
|
/rerun |
fernflower
previously approved these changes
Feb 9, 2022
|
Copr build succeeded: https://copr.fedorainfracloud.org/coprs/build/3414836 |
|
Testing Farm request for 7to8/3414836 regression testing has been created. Once finished, results should be available here. |
|
Testing Farm request for 8to9/3414836 regression testing has been created. Once finished, results should be available here. |
pirat89
reviewed
Feb 9, 2022
repos/system_upgrade/el8toel9/actors/firewalldcheckallowzonedrifting/actor.py
Outdated
Show resolved
Hide resolved
This is meant as a key value for the contents of /etc/firewalld/firewalld.conf.
Rezney
reviewed
Feb 10, 2022
repos/system_upgrade/el8toel9/actors/firewalldcheckallowzonedrifting/actor.py
Outdated
Show resolved
Hide resolved
This config option does not exist in RHEL-9. So we must make sure it's not being used.
Rezney
approved these changes
Feb 11, 2022
|
@Rezney, thanks for working through these with me! |
Merged
pirat89
pushed a commit
to Rezney/leapp-repository
that referenced
this pull request
Mar 18, 2022
## Packaging - Requires leapp-framework >= 2.2 - Bump leapp-framework-dependencies to 5 ## Upgrade handling ### Fixes - Fallback to /etc/leapp/repos.d if missing config option instead of using cwd (oamg#849) - Filter out unrelated PES data for the particular IPU path (oamg#789) - Fix bug with existing symlink when migrating YUM configuration files (oamg#811) - Fix creating invalid answerfile in "authselectcheck" actor (oamg#748) - Fix generating of instructions/data for the leapp DNF plugin during the IPU (oamg#754) - Fix generating the target initramfs when additional files and dracut modules are requested to be added (oamg#838) - Fix getting device attribute through udev on Python 3 (oamg#758) - Fix parsing of sysctl output (oamg#793) - Fix processing of merge events from PES data (oamg#768, oamg#825) - Fix random crashes when printing DNF output (oamg#745) - Fix scanning "/etc/default/grub" with empty line (oamg#845) - Fix scanning information about mounted devices (oamg#711) - Fix severities in the "targetuserspacecreator" actor (oamg#751) - Fix the "rerun" command after adding the "--channel" option (oamg#750) - Fix the execution order for the dnf dry run actor (oamg#801) - Skip checking the flavor and target_version upon leapp --resume (oamg#781) - Use more accurate tense in the SELinux messaging (oamg#614) ### Enhancements - Introduce IPU for RHEL 8 to RHEL 9 \o/ - New upgrade paths for RHEL with SAP HANA (oamg#834) - Changed upgrade paths: -- RHEL 7.9 -> [8.4, 8.6] (default: 8.6) -- RHEL 8.6 -> 9.0 -- RHEL with SAP 7.9 -> [8.2, 8.6] (default: 8.2) -- RHEL with SAP 8.6 -> 9.0 - Add 8.6, 9.0 Beta & GA product certificates (oamg#776, oamg#794) - Add detection of enabled YUM & DNF plugins (oamg#703) - Bind the /run/lock dir into the container in the upgrade initramfs env (oamg#831) - Enable RHEL 8 to RHEL 9 upgrades on RHUI for AWS (oamg#828) - Enhance handling selinux related stuff for 8 to 9 upgrade (oamg#749) - Generalize checking of device drivers (oamg#835) - Improve the performance of the leapp execution for "pre first reboot" phases (oamg#741) - Introduce DNFWorkarounds to register scripts to be executed before DNF run (oamg#841) - Introduce DNF modularity support (oamg#672, oamg#799) - Introduce the --report-schema option to control the version of the generated report format (oamg#696) - Introduce the --target option to specify the version of the target system (oamg#780) - Provide the LEAPP_IPU_IN_PROGRESS envar during the IPU (oamg#830) - [IPU 7 -> 8]: Add CUPS actors - cupsscanner, cupscheck, cupsmigrate (oamg#181) - [IPU 7 -> 8]: Convert restrictions with IPv6 mask in "migratentp" actor (oamg#756) - [IPU 7 -> 8]: Handle upgrading Satellite instances (oamg#733) - [IPU 7 -> 8]: Warn about docker deprecation when installed - [IPU 7 -> 8]: Zipl: Inhibit if boot entries share the same kernel image (oamg#816) - [IPU 7 -> 8]: bind configuration check (oamg#521) - [IPU 8 -> 9]: Add actor that ensures ifcfg files work in el9 (oamg#839) - [IPU 8 -> 9]: Add actor that scans for deprecated network settings (oamg#842) - [IPU 8 -> 9]: Add inhibitor FirewalldCheckServiceTftpClient (oamg#792) - [IPU 8 -> 9]: Add inihibtor FirewalldCheckAllowZoneDrifting (oamg#777) - [IPU 8 -> 9]: Add kpatch actor to handle live kernel patching during IPU (oamg#837) - [IPU 8 -> 9]: Add mariadbcheck actor to link upgrade documentation (oamg#836) - [IPU 8 -> 9]: Add postgresqlcheck actor to link upgrade documentation (oamg#802) - [IPU 8 -> 9]: Add scan & checks for VDO devices (oamg#821) - [IPU 8 -> 9]: Apply a new way of disabling SELinux (oamg#769) - [IPU 8 -> 9]: Check SSSD configuration for changes in RHEL9 and report them (oamg#732) - [IPU 8 -> 9]: Check the existence of the custom network-scripts (oamg#729) - [IPU 8 -> 9]: Provide upgrade inhibitor for ipa-server (oamg#765) ## Additional changes interesting for devels - Move target release and flavor specification to a separate lib (oamg#753) - Refactor "transactionworkarounds" actor and fix tests (oamg#759) - Several actors moved to the system_upgrade/common repository (oamg#800, oamg#803, oamg#805, oamg#833)
Rezney
added a commit
to Rezney/leapp-repository
that referenced
this pull request
Mar 18, 2022
## Packaging - Requires leapp-framework >= 2.2 - Bump leapp-framework-dependencies to 5 ## Upgrade handling ### Fixes - Fallback to /etc/leapp/repos.d if missing config option instead of using cwd (oamg#849) - Filter out unrelated PES data for the particular IPU path (oamg#789) - Fix bug with existing symlink when migrating YUM configuration files (oamg#811) - Fix creating invalid answerfile in "authselectcheck" actor (oamg#748) - Fix generating of instructions/data for the leapp DNF plugin during the IPU (oamg#754) - Fix generating the target initramfs when additional files and dracut modules are requested to be added (oamg#838) - Fix getting device attribute through udev on Python 3 (oamg#758) - Fix parsing of sysctl output (oamg#793) - Fix processing of merge events from PES data (oamg#768, oamg#825) - Fix random crashes when printing DNF output (oamg#745) - Fix scanning "/etc/default/grub" with empty line (oamg#845) - Fix scanning information about mounted devices (oamg#711) - Fix severities in the "targetuserspacecreator" actor (oamg#751) - Fix the "rerun" command after adding the "--channel" option (oamg#750) - Fix the execution order for the dnf dry run actor (oamg#801) - Skip checking the flavor and target_version upon leapp --resume (oamg#781) - Use more accurate tense in the SELinux messaging (oamg#614) ### Enhancements - Introduce IPU for RHEL 8 to RHEL 9 \o/ - New upgrade paths for RHEL with SAP HANA (oamg#834) - Changed upgrade paths: -- RHEL 7.9 -> [8.4, 8.6] (default: 8.6) -- RHEL 8.6 -> 9.0 -- RHEL with SAP 7.9 -> [8.2, 8.6] (default: 8.2) -- RHEL with SAP 8.6 -> 9.0 - Add 8.6, 9.0 Beta & GA product certificates (oamg#776, oamg#794) - Add detection of enabled YUM & DNF plugins (oamg#703) - Bind the /run/lock dir into the container in the upgrade initramfs env (oamg#831) - Enable RHEL 8 to RHEL 9 upgrades on RHUI for AWS (oamg#828) - Enhance handling selinux related stuff for 8 to 9 upgrade (oamg#749) - Generalize checking of device drivers (oamg#835) - Improve the performance of the leapp execution for "pre first reboot" phases (oamg#741) - Introduce DNFWorkarounds to register scripts to be executed before DNF run (oamg#841) - Introduce DNF modularity support (oamg#672, oamg#799) - Introduce the --report-schema option to control the version of the generated report format (oamg#696) - Introduce the --target option to specify the version of the target system (oamg#780) - Provide the LEAPP_IPU_IN_PROGRESS envar during the IPU (oamg#830) - [IPU 7 -> 8]: Add CUPS actors - cupsscanner, cupscheck, cupsmigrate (oamg#181) - [IPU 7 -> 8]: Convert restrictions with IPv6 mask in "migratentp" actor (oamg#756) - [IPU 7 -> 8]: Handle upgrading Satellite instances (oamg#733) - [IPU 7 -> 8]: Warn about docker deprecation when installed - [IPU 7 -> 8]: Zipl: Inhibit if boot entries share the same kernel image (oamg#816) - [IPU 7 -> 8]: bind configuration check (oamg#521) - [IPU 8 -> 9]: Add actor that ensures ifcfg files work in el9 (oamg#839) - [IPU 8 -> 9]: Add actor that scans for deprecated network settings (oamg#842) - [IPU 8 -> 9]: Add inhibitor FirewalldCheckServiceTftpClient (oamg#792) - [IPU 8 -> 9]: Add inihibtor FirewalldCheckAllowZoneDrifting (oamg#777) - [IPU 8 -> 9]: Add kpatch actor to handle live kernel patching during IPU (oamg#837) - [IPU 8 -> 9]: Add mariadbcheck actor to link upgrade documentation (oamg#836) - [IPU 8 -> 9]: Add postgresqlcheck actor to link upgrade documentation (oamg#802) - [IPU 8 -> 9]: Add scan & checks for VDO devices (oamg#821) - [IPU 8 -> 9]: Apply a new way of disabling SELinux (oamg#769) - [IPU 8 -> 9]: Check SSSD configuration for changes in RHEL9 and report them (oamg#732) - [IPU 8 -> 9]: Check the existence of the custom network-scripts (oamg#729) - [IPU 8 -> 9]: Provide upgrade inhibitor for ipa-server (oamg#765) ## Additional changes interesting for devels - Move target release and flavor specification to a separate lib (oamg#753) - Refactor "transactionworkarounds" actor and fix tests (oamg#759) - Several actors moved to the system_upgrade/common repository (oamg#800, oamg#803, oamg#805, oamg#833) Signed-off-by: Michal Reznik <mreznik@redhat.com>
pirat89
pushed a commit
that referenced
this pull request
Mar 18, 2022
## Packaging - Requires leapp-framework >= 2.2 - Bump leapp-framework-dependencies to 5 ## Upgrade handling ### Fixes - Fallback to /etc/leapp/repos.d if missing config option instead of using cwd (#849) - Filter out unrelated PES data for the particular IPU path (#789) - Fix bug with existing symlink when migrating YUM configuration files (#811) - Fix creating invalid answerfile in "authselectcheck" actor (#748) - Fix generating of instructions/data for the leapp DNF plugin during the IPU (#754) - Fix generating the target initramfs when additional files and dracut modules are requested to be added (#838) - Fix getting device attribute through udev on Python 3 (#758) - Fix parsing of sysctl output (#793) - Fix processing of merge events from PES data (#768, #825) - Fix random crashes when printing DNF output (#745) - Fix scanning "/etc/default/grub" with empty line (#845) - Fix scanning information about mounted devices (#711) - Fix severities in the "targetuserspacecreator" actor (#751) - Fix the "rerun" command after adding the "--channel" option (#750) - Fix the execution order for the dnf dry run actor (#801) - Skip checking the flavor and target_version upon leapp --resume (#781) - Use more accurate tense in the SELinux messaging (#614) ### Enhancements - Introduce IPU for RHEL 8 to RHEL 9 \o/ - New upgrade paths for RHEL with SAP HANA (#834) - Changed upgrade paths: -- RHEL 7.9 -> [8.4, 8.6] (default: 8.6) -- RHEL 8.6 -> 9.0 -- RHEL with SAP 7.9 -> [8.2, 8.6] (default: 8.2) -- RHEL with SAP 8.6 -> 9.0 - Add 8.6, 9.0 Beta & GA product certificates (#776, #794) - Add detection of enabled YUM & DNF plugins (#703) - Bind the /run/lock dir into the container in the upgrade initramfs env (#831) - Enable RHEL 8 to RHEL 9 upgrades on RHUI for AWS (#828) - Enhance handling selinux related stuff for 8 to 9 upgrade (#749) - Generalize checking of device drivers (#835) - Improve the performance of the leapp execution for "pre first reboot" phases (#741) - Introduce DNFWorkarounds to register scripts to be executed before DNF run (#841) - Introduce DNF modularity support (#672, #799) - Introduce the --report-schema option to control the version of the generated report format (#696) - Introduce the --target option to specify the version of the target system (#780) - Provide the LEAPP_IPU_IN_PROGRESS envar during the IPU (#830) - [IPU 7 -> 8]: Add CUPS actors - cupsscanner, cupscheck, cupsmigrate (#181) - [IPU 7 -> 8]: Convert restrictions with IPv6 mask in "migratentp" actor (#756) - [IPU 7 -> 8]: Handle upgrading Satellite instances (#733) - [IPU 7 -> 8]: Warn about docker deprecation when installed - [IPU 7 -> 8]: Zipl: Inhibit if boot entries share the same kernel image (#816) - [IPU 7 -> 8]: bind configuration check (#521) - [IPU 8 -> 9]: Add actor that ensures ifcfg files work in el9 (#839) - [IPU 8 -> 9]: Add actor that scans for deprecated network settings (#842) - [IPU 8 -> 9]: Add inhibitor FirewalldCheckServiceTftpClient (#792) - [IPU 8 -> 9]: Add inihibtor FirewalldCheckAllowZoneDrifting (#777) - [IPU 8 -> 9]: Add kpatch actor to handle live kernel patching during IPU (#837) - [IPU 8 -> 9]: Add mariadbcheck actor to link upgrade documentation (#836) - [IPU 8 -> 9]: Add postgresqlcheck actor to link upgrade documentation (#802) - [IPU 8 -> 9]: Add scan & checks for VDO devices (#821) - [IPU 8 -> 9]: Apply a new way of disabling SELinux (#769) - [IPU 8 -> 9]: Check SSSD configuration for changes in RHEL9 and report them (#732) - [IPU 8 -> 9]: Check the existence of the custom network-scripts (#729) - [IPU 8 -> 9]: Provide upgrade inhibitor for ipa-server (#765) ## Additional changes interesting for devels - Move target release and flavor specification to a separate lib (#753) - Refactor "transactionworkarounds" actor and fix tests (#759) - Several actors moved to the system_upgrade/common repository (#800, #803, #805, #833) Signed-off-by: Michal Reznik <mreznik@redhat.com>
asm0deuz
pushed a commit
to asm0deuz/leapp-repository
that referenced
this pull request
Jun 9, 2022
## Packaging - Requires leapp-framework >= 2.2 - Bump leapp-framework-dependencies to 5 ## Upgrade handling ### Fixes - Fallback to /etc/leapp/repos.d if missing config option instead of using cwd (oamg#849) - Filter out unrelated PES data for the particular IPU path (oamg#789) - Fix bug with existing symlink when migrating YUM configuration files (oamg#811) - Fix creating invalid answerfile in "authselectcheck" actor (oamg#748) - Fix generating of instructions/data for the leapp DNF plugin during the IPU (oamg#754) - Fix generating the target initramfs when additional files and dracut modules are requested to be added (oamg#838) - Fix getting device attribute through udev on Python 3 (oamg#758) - Fix parsing of sysctl output (oamg#793) - Fix processing of merge events from PES data (oamg#768, oamg#825) - Fix random crashes when printing DNF output (oamg#745) - Fix scanning "/etc/default/grub" with empty line (oamg#845) - Fix scanning information about mounted devices (oamg#711) - Fix severities in the "targetuserspacecreator" actor (oamg#751) - Fix the "rerun" command after adding the "--channel" option (oamg#750) - Fix the execution order for the dnf dry run actor (oamg#801) - Skip checking the flavor and target_version upon leapp --resume (oamg#781) - Use more accurate tense in the SELinux messaging (oamg#614) ### Enhancements - Introduce IPU for RHEL 8 to RHEL 9 \o/ - New upgrade paths for RHEL with SAP HANA (oamg#834) - Changed upgrade paths: -- RHEL 7.9 -> [8.4, 8.6] (default: 8.6) -- RHEL 8.6 -> 9.0 -- RHEL with SAP 7.9 -> [8.2, 8.6] (default: 8.2) -- RHEL with SAP 8.6 -> 9.0 - Add 8.6, 9.0 Beta & GA product certificates (oamg#776, oamg#794) - Add detection of enabled YUM & DNF plugins (oamg#703) - Bind the /run/lock dir into the container in the upgrade initramfs env (oamg#831) - Enable RHEL 8 to RHEL 9 upgrades on RHUI for AWS (oamg#828) - Enhance handling selinux related stuff for 8 to 9 upgrade (oamg#749) - Generalize checking of device drivers (oamg#835) - Improve the performance of the leapp execution for "pre first reboot" phases (oamg#741) - Introduce DNFWorkarounds to register scripts to be executed before DNF run (oamg#841) - Introduce DNF modularity support (oamg#672, oamg#799) - Introduce the --report-schema option to control the version of the generated report format (oamg#696) - Introduce the --target option to specify the version of the target system (oamg#780) - Provide the LEAPP_IPU_IN_PROGRESS envar during the IPU (oamg#830) - [IPU 7 -> 8]: Add CUPS actors - cupsscanner, cupscheck, cupsmigrate (oamg#181) - [IPU 7 -> 8]: Convert restrictions with IPv6 mask in "migratentp" actor (oamg#756) - [IPU 7 -> 8]: Handle upgrading Satellite instances (oamg#733) - [IPU 7 -> 8]: Warn about docker deprecation when installed - [IPU 7 -> 8]: Zipl: Inhibit if boot entries share the same kernel image (oamg#816) - [IPU 7 -> 8]: bind configuration check (oamg#521) - [IPU 8 -> 9]: Add actor that ensures ifcfg files work in el9 (oamg#839) - [IPU 8 -> 9]: Add actor that scans for deprecated network settings (oamg#842) - [IPU 8 -> 9]: Add inhibitor FirewalldCheckServiceTftpClient (oamg#792) - [IPU 8 -> 9]: Add inihibtor FirewalldCheckAllowZoneDrifting (oamg#777) - [IPU 8 -> 9]: Add kpatch actor to handle live kernel patching during IPU (oamg#837) - [IPU 8 -> 9]: Add mariadbcheck actor to link upgrade documentation (oamg#836) - [IPU 8 -> 9]: Add postgresqlcheck actor to link upgrade documentation (oamg#802) - [IPU 8 -> 9]: Add scan & checks for VDO devices (oamg#821) - [IPU 8 -> 9]: Apply a new way of disabling SELinux (oamg#769) - [IPU 8 -> 9]: Check SSSD configuration for changes in RHEL9 and report them (oamg#732) - [IPU 8 -> 9]: Check the existence of the custom network-scripts (oamg#729) - [IPU 8 -> 9]: Provide upgrade inhibitor for ipa-server (oamg#765) ## Additional changes interesting for devels - Move target release and flavor specification to a separate lib (oamg#753) - Refactor "transactionworkarounds" actor and fix tests (oamg#759) - Several actors moved to the system_upgrade/common repository (oamg#800, oamg#803, oamg#805, oamg#833) Signed-off-by: Michal Reznik <mreznik@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This config option does not exist in RHEL-9. So we must make sure it's
not being used.
Fixes: OAMG-4391