-
Notifications
You must be signed in to change notification settings - Fork 144
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
actor: add inihibtor FirewalldCheckAllowZoneDrifting #777
Conversation
Thank you for contributing to the Leapp project!Please note that every PR needs to comply with the Leapp Guidelines and must pass all tests in order to be mergable.
Please open ticket in case you experience technical problem with the CI. (RH internal only) Note: In case there are problems with tests not being triggered automatically on new PR/commit or pending for a long time, please consider rerunning the CI by commenting leapp-ci build (might require several comments). If the problem persists, contact leapp-infra. |
2ccf8eb
to
9940dbe
Compare
review please |
repos/system_upgrade/el8toel9/actors/firewalldcheckallowzonedrifting/actor.py
Outdated
Show resolved
Hide resolved
repos/system_upgrade/el8toel9/actors/firewalldcheckallowzonedrifting/actor.py
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you very much for your PR, it looks quite good already, however there are a few things in general that need to be addressed.
- Please drop the usage of double quotes and replace them with single quotes.
- Please do not use % style string formatting
- The detection part, is by our convention to be done in the FactsCollection phase (FactsPhaseTag)
- The ChecksPhaseTag should check just for message provided by the fact collection actor and generate the inhibitor based on that.
- For that you will have to create a Model that you can pass that information, e.g. to make it usable for the future, it could be a list of deprecated/removed options that are used by the user, etc.
repos/system_upgrade/el8toel9/actors/firewalldcheckallowzonedrifting/actor.py
Show resolved
Hide resolved
repos/system_upgrade/el8toel9/actors/firewalldcheckallowzonedrifting/libraries/private.py
Outdated
Show resolved
Hide resolved
...tors/firewalldcheckallowzonedrifting/tests/component_test_firewalldcheckallowzonedrifting.py
Outdated
Show resolved
Hide resolved
...l9/actors/firewalldcheckallowzonedrifting/tests/test_unit_firewalldcheckallowzonedrifting.py
Outdated
Show resolved
Hide resolved
...tors/firewalldcheckallowzonedrifting/tests/component_test_firewalldcheckallowzonedrifting.py
Outdated
Show resolved
Hide resolved
repos/system_upgrade/el8toel9/actors/firewalldcheckallowzonedrifting/actor.py
Outdated
Show resolved
Hide resolved
ACK. Both are valid and there is no PEP suggesting either. That being said, if Leapp uses single quotes everywhere I will change them. Double quotes make sense if the string has apostrophes.
ACK. Bad habit from python < 2.7.
Knowledge about |
This PR has been linked in issue tracker (#OAMG-6318). |
f0f26ea
to
c3f27af
Compare
17d0d75
to
c03f88f
Compare
review please. |
Testing Farm request for 7to8/3221645 regression testing has been created. Once finished, results should be available here. |
Testing Farm request for 8to9/3221645 regression testing has been created. Once finished, results should be available here. |
/rerun |
Copr build succeeded: https://copr.fedorainfracloud.org/coprs/build/3247626 |
Testing Farm request for 7to8/3247626 regression testing has been created. Once finished, results should be available here. |
Testing Farm request for 8to9/3247626 regression testing has been created. Once finished, results should be available here. |
bump |
/rerun |
Copr build succeeded: https://copr.fedorainfracloud.org/coprs/build/3414836 |
Testing Farm request for 7to8/3414836 regression testing has been created. Once finished, results should be available here. |
Testing Farm request for 8to9/3414836 regression testing has been created. Once finished, results should be available here. |
repos/system_upgrade/el8toel9/actors/firewalldcheckallowzonedrifting/actor.py
Outdated
Show resolved
Hide resolved
This is meant as a key value for the contents of /etc/firewalld/firewalld.conf.
repos/system_upgrade/el8toel9/actors/firewalldcheckallowzonedrifting/actor.py
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please fix the command.
This config option does not exist in RHEL-9. So we must make sure it's not being used.
@Rezney, thanks for working through these with me! |
## Packaging - Requires leapp-framework >= 2.2 - Bump leapp-framework-dependencies to 5 ## Upgrade handling ### Fixes - Fallback to /etc/leapp/repos.d if missing config option instead of using cwd (oamg#849) - Filter out unrelated PES data for the particular IPU path (oamg#789) - Fix bug with existing symlink when migrating YUM configuration files (oamg#811) - Fix creating invalid answerfile in "authselectcheck" actor (oamg#748) - Fix generating of instructions/data for the leapp DNF plugin during the IPU (oamg#754) - Fix generating the target initramfs when additional files and dracut modules are requested to be added (oamg#838) - Fix getting device attribute through udev on Python 3 (oamg#758) - Fix parsing of sysctl output (oamg#793) - Fix processing of merge events from PES data (oamg#768, oamg#825) - Fix random crashes when printing DNF output (oamg#745) - Fix scanning "/etc/default/grub" with empty line (oamg#845) - Fix scanning information about mounted devices (oamg#711) - Fix severities in the "targetuserspacecreator" actor (oamg#751) - Fix the "rerun" command after adding the "--channel" option (oamg#750) - Fix the execution order for the dnf dry run actor (oamg#801) - Skip checking the flavor and target_version upon leapp --resume (oamg#781) - Use more accurate tense in the SELinux messaging (oamg#614) ### Enhancements - Introduce IPU for RHEL 8 to RHEL 9 \o/ - New upgrade paths for RHEL with SAP HANA (oamg#834) - Changed upgrade paths: -- RHEL 7.9 -> [8.4, 8.6] (default: 8.6) -- RHEL 8.6 -> 9.0 -- RHEL with SAP 7.9 -> [8.2, 8.6] (default: 8.2) -- RHEL with SAP 8.6 -> 9.0 - Add 8.6, 9.0 Beta & GA product certificates (oamg#776, oamg#794) - Add detection of enabled YUM & DNF plugins (oamg#703) - Bind the /run/lock dir into the container in the upgrade initramfs env (oamg#831) - Enable RHEL 8 to RHEL 9 upgrades on RHUI for AWS (oamg#828) - Enhance handling selinux related stuff for 8 to 9 upgrade (oamg#749) - Generalize checking of device drivers (oamg#835) - Improve the performance of the leapp execution for "pre first reboot" phases (oamg#741) - Introduce DNFWorkarounds to register scripts to be executed before DNF run (oamg#841) - Introduce DNF modularity support (oamg#672, oamg#799) - Introduce the --report-schema option to control the version of the generated report format (oamg#696) - Introduce the --target option to specify the version of the target system (oamg#780) - Provide the LEAPP_IPU_IN_PROGRESS envar during the IPU (oamg#830) - [IPU 7 -> 8]: Add CUPS actors - cupsscanner, cupscheck, cupsmigrate (oamg#181) - [IPU 7 -> 8]: Convert restrictions with IPv6 mask in "migratentp" actor (oamg#756) - [IPU 7 -> 8]: Handle upgrading Satellite instances (oamg#733) - [IPU 7 -> 8]: Warn about docker deprecation when installed - [IPU 7 -> 8]: Zipl: Inhibit if boot entries share the same kernel image (oamg#816) - [IPU 7 -> 8]: bind configuration check (oamg#521) - [IPU 8 -> 9]: Add actor that ensures ifcfg files work in el9 (oamg#839) - [IPU 8 -> 9]: Add actor that scans for deprecated network settings (oamg#842) - [IPU 8 -> 9]: Add inhibitor FirewalldCheckServiceTftpClient (oamg#792) - [IPU 8 -> 9]: Add inihibtor FirewalldCheckAllowZoneDrifting (oamg#777) - [IPU 8 -> 9]: Add kpatch actor to handle live kernel patching during IPU (oamg#837) - [IPU 8 -> 9]: Add mariadbcheck actor to link upgrade documentation (oamg#836) - [IPU 8 -> 9]: Add postgresqlcheck actor to link upgrade documentation (oamg#802) - [IPU 8 -> 9]: Add scan & checks for VDO devices (oamg#821) - [IPU 8 -> 9]: Apply a new way of disabling SELinux (oamg#769) - [IPU 8 -> 9]: Check SSSD configuration for changes in RHEL9 and report them (oamg#732) - [IPU 8 -> 9]: Check the existence of the custom network-scripts (oamg#729) - [IPU 8 -> 9]: Provide upgrade inhibitor for ipa-server (oamg#765) ## Additional changes interesting for devels - Move target release and flavor specification to a separate lib (oamg#753) - Refactor "transactionworkarounds" actor and fix tests (oamg#759) - Several actors moved to the system_upgrade/common repository (oamg#800, oamg#803, oamg#805, oamg#833)
## Packaging - Requires leapp-framework >= 2.2 - Bump leapp-framework-dependencies to 5 ## Upgrade handling ### Fixes - Fallback to /etc/leapp/repos.d if missing config option instead of using cwd (oamg#849) - Filter out unrelated PES data for the particular IPU path (oamg#789) - Fix bug with existing symlink when migrating YUM configuration files (oamg#811) - Fix creating invalid answerfile in "authselectcheck" actor (oamg#748) - Fix generating of instructions/data for the leapp DNF plugin during the IPU (oamg#754) - Fix generating the target initramfs when additional files and dracut modules are requested to be added (oamg#838) - Fix getting device attribute through udev on Python 3 (oamg#758) - Fix parsing of sysctl output (oamg#793) - Fix processing of merge events from PES data (oamg#768, oamg#825) - Fix random crashes when printing DNF output (oamg#745) - Fix scanning "/etc/default/grub" with empty line (oamg#845) - Fix scanning information about mounted devices (oamg#711) - Fix severities in the "targetuserspacecreator" actor (oamg#751) - Fix the "rerun" command after adding the "--channel" option (oamg#750) - Fix the execution order for the dnf dry run actor (oamg#801) - Skip checking the flavor and target_version upon leapp --resume (oamg#781) - Use more accurate tense in the SELinux messaging (oamg#614) ### Enhancements - Introduce IPU for RHEL 8 to RHEL 9 \o/ - New upgrade paths for RHEL with SAP HANA (oamg#834) - Changed upgrade paths: -- RHEL 7.9 -> [8.4, 8.6] (default: 8.6) -- RHEL 8.6 -> 9.0 -- RHEL with SAP 7.9 -> [8.2, 8.6] (default: 8.2) -- RHEL with SAP 8.6 -> 9.0 - Add 8.6, 9.0 Beta & GA product certificates (oamg#776, oamg#794) - Add detection of enabled YUM & DNF plugins (oamg#703) - Bind the /run/lock dir into the container in the upgrade initramfs env (oamg#831) - Enable RHEL 8 to RHEL 9 upgrades on RHUI for AWS (oamg#828) - Enhance handling selinux related stuff for 8 to 9 upgrade (oamg#749) - Generalize checking of device drivers (oamg#835) - Improve the performance of the leapp execution for "pre first reboot" phases (oamg#741) - Introduce DNFWorkarounds to register scripts to be executed before DNF run (oamg#841) - Introduce DNF modularity support (oamg#672, oamg#799) - Introduce the --report-schema option to control the version of the generated report format (oamg#696) - Introduce the --target option to specify the version of the target system (oamg#780) - Provide the LEAPP_IPU_IN_PROGRESS envar during the IPU (oamg#830) - [IPU 7 -> 8]: Add CUPS actors - cupsscanner, cupscheck, cupsmigrate (oamg#181) - [IPU 7 -> 8]: Convert restrictions with IPv6 mask in "migratentp" actor (oamg#756) - [IPU 7 -> 8]: Handle upgrading Satellite instances (oamg#733) - [IPU 7 -> 8]: Warn about docker deprecation when installed - [IPU 7 -> 8]: Zipl: Inhibit if boot entries share the same kernel image (oamg#816) - [IPU 7 -> 8]: bind configuration check (oamg#521) - [IPU 8 -> 9]: Add actor that ensures ifcfg files work in el9 (oamg#839) - [IPU 8 -> 9]: Add actor that scans for deprecated network settings (oamg#842) - [IPU 8 -> 9]: Add inhibitor FirewalldCheckServiceTftpClient (oamg#792) - [IPU 8 -> 9]: Add inihibtor FirewalldCheckAllowZoneDrifting (oamg#777) - [IPU 8 -> 9]: Add kpatch actor to handle live kernel patching during IPU (oamg#837) - [IPU 8 -> 9]: Add mariadbcheck actor to link upgrade documentation (oamg#836) - [IPU 8 -> 9]: Add postgresqlcheck actor to link upgrade documentation (oamg#802) - [IPU 8 -> 9]: Add scan & checks for VDO devices (oamg#821) - [IPU 8 -> 9]: Apply a new way of disabling SELinux (oamg#769) - [IPU 8 -> 9]: Check SSSD configuration for changes in RHEL9 and report them (oamg#732) - [IPU 8 -> 9]: Check the existence of the custom network-scripts (oamg#729) - [IPU 8 -> 9]: Provide upgrade inhibitor for ipa-server (oamg#765) ## Additional changes interesting for devels - Move target release and flavor specification to a separate lib (oamg#753) - Refactor "transactionworkarounds" actor and fix tests (oamg#759) - Several actors moved to the system_upgrade/common repository (oamg#800, oamg#803, oamg#805, oamg#833) Signed-off-by: Michal Reznik <mreznik@redhat.com>
## Packaging - Requires leapp-framework >= 2.2 - Bump leapp-framework-dependencies to 5 ## Upgrade handling ### Fixes - Fallback to /etc/leapp/repos.d if missing config option instead of using cwd (#849) - Filter out unrelated PES data for the particular IPU path (#789) - Fix bug with existing symlink when migrating YUM configuration files (#811) - Fix creating invalid answerfile in "authselectcheck" actor (#748) - Fix generating of instructions/data for the leapp DNF plugin during the IPU (#754) - Fix generating the target initramfs when additional files and dracut modules are requested to be added (#838) - Fix getting device attribute through udev on Python 3 (#758) - Fix parsing of sysctl output (#793) - Fix processing of merge events from PES data (#768, #825) - Fix random crashes when printing DNF output (#745) - Fix scanning "/etc/default/grub" with empty line (#845) - Fix scanning information about mounted devices (#711) - Fix severities in the "targetuserspacecreator" actor (#751) - Fix the "rerun" command after adding the "--channel" option (#750) - Fix the execution order for the dnf dry run actor (#801) - Skip checking the flavor and target_version upon leapp --resume (#781) - Use more accurate tense in the SELinux messaging (#614) ### Enhancements - Introduce IPU for RHEL 8 to RHEL 9 \o/ - New upgrade paths for RHEL with SAP HANA (#834) - Changed upgrade paths: -- RHEL 7.9 -> [8.4, 8.6] (default: 8.6) -- RHEL 8.6 -> 9.0 -- RHEL with SAP 7.9 -> [8.2, 8.6] (default: 8.2) -- RHEL with SAP 8.6 -> 9.0 - Add 8.6, 9.0 Beta & GA product certificates (#776, #794) - Add detection of enabled YUM & DNF plugins (#703) - Bind the /run/lock dir into the container in the upgrade initramfs env (#831) - Enable RHEL 8 to RHEL 9 upgrades on RHUI for AWS (#828) - Enhance handling selinux related stuff for 8 to 9 upgrade (#749) - Generalize checking of device drivers (#835) - Improve the performance of the leapp execution for "pre first reboot" phases (#741) - Introduce DNFWorkarounds to register scripts to be executed before DNF run (#841) - Introduce DNF modularity support (#672, #799) - Introduce the --report-schema option to control the version of the generated report format (#696) - Introduce the --target option to specify the version of the target system (#780) - Provide the LEAPP_IPU_IN_PROGRESS envar during the IPU (#830) - [IPU 7 -> 8]: Add CUPS actors - cupsscanner, cupscheck, cupsmigrate (#181) - [IPU 7 -> 8]: Convert restrictions with IPv6 mask in "migratentp" actor (#756) - [IPU 7 -> 8]: Handle upgrading Satellite instances (#733) - [IPU 7 -> 8]: Warn about docker deprecation when installed - [IPU 7 -> 8]: Zipl: Inhibit if boot entries share the same kernel image (#816) - [IPU 7 -> 8]: bind configuration check (#521) - [IPU 8 -> 9]: Add actor that ensures ifcfg files work in el9 (#839) - [IPU 8 -> 9]: Add actor that scans for deprecated network settings (#842) - [IPU 8 -> 9]: Add inhibitor FirewalldCheckServiceTftpClient (#792) - [IPU 8 -> 9]: Add inihibtor FirewalldCheckAllowZoneDrifting (#777) - [IPU 8 -> 9]: Add kpatch actor to handle live kernel patching during IPU (#837) - [IPU 8 -> 9]: Add mariadbcheck actor to link upgrade documentation (#836) - [IPU 8 -> 9]: Add postgresqlcheck actor to link upgrade documentation (#802) - [IPU 8 -> 9]: Add scan & checks for VDO devices (#821) - [IPU 8 -> 9]: Apply a new way of disabling SELinux (#769) - [IPU 8 -> 9]: Check SSSD configuration for changes in RHEL9 and report them (#732) - [IPU 8 -> 9]: Check the existence of the custom network-scripts (#729) - [IPU 8 -> 9]: Provide upgrade inhibitor for ipa-server (#765) ## Additional changes interesting for devels - Move target release and flavor specification to a separate lib (#753) - Refactor "transactionworkarounds" actor and fix tests (#759) - Several actors moved to the system_upgrade/common repository (#800, #803, #805, #833) Signed-off-by: Michal Reznik <mreznik@redhat.com>
## Packaging - Requires leapp-framework >= 2.2 - Bump leapp-framework-dependencies to 5 ## Upgrade handling ### Fixes - Fallback to /etc/leapp/repos.d if missing config option instead of using cwd (oamg#849) - Filter out unrelated PES data for the particular IPU path (oamg#789) - Fix bug with existing symlink when migrating YUM configuration files (oamg#811) - Fix creating invalid answerfile in "authselectcheck" actor (oamg#748) - Fix generating of instructions/data for the leapp DNF plugin during the IPU (oamg#754) - Fix generating the target initramfs when additional files and dracut modules are requested to be added (oamg#838) - Fix getting device attribute through udev on Python 3 (oamg#758) - Fix parsing of sysctl output (oamg#793) - Fix processing of merge events from PES data (oamg#768, oamg#825) - Fix random crashes when printing DNF output (oamg#745) - Fix scanning "/etc/default/grub" with empty line (oamg#845) - Fix scanning information about mounted devices (oamg#711) - Fix severities in the "targetuserspacecreator" actor (oamg#751) - Fix the "rerun" command after adding the "--channel" option (oamg#750) - Fix the execution order for the dnf dry run actor (oamg#801) - Skip checking the flavor and target_version upon leapp --resume (oamg#781) - Use more accurate tense in the SELinux messaging (oamg#614) ### Enhancements - Introduce IPU for RHEL 8 to RHEL 9 \o/ - New upgrade paths for RHEL with SAP HANA (oamg#834) - Changed upgrade paths: -- RHEL 7.9 -> [8.4, 8.6] (default: 8.6) -- RHEL 8.6 -> 9.0 -- RHEL with SAP 7.9 -> [8.2, 8.6] (default: 8.2) -- RHEL with SAP 8.6 -> 9.0 - Add 8.6, 9.0 Beta & GA product certificates (oamg#776, oamg#794) - Add detection of enabled YUM & DNF plugins (oamg#703) - Bind the /run/lock dir into the container in the upgrade initramfs env (oamg#831) - Enable RHEL 8 to RHEL 9 upgrades on RHUI for AWS (oamg#828) - Enhance handling selinux related stuff for 8 to 9 upgrade (oamg#749) - Generalize checking of device drivers (oamg#835) - Improve the performance of the leapp execution for "pre first reboot" phases (oamg#741) - Introduce DNFWorkarounds to register scripts to be executed before DNF run (oamg#841) - Introduce DNF modularity support (oamg#672, oamg#799) - Introduce the --report-schema option to control the version of the generated report format (oamg#696) - Introduce the --target option to specify the version of the target system (oamg#780) - Provide the LEAPP_IPU_IN_PROGRESS envar during the IPU (oamg#830) - [IPU 7 -> 8]: Add CUPS actors - cupsscanner, cupscheck, cupsmigrate (oamg#181) - [IPU 7 -> 8]: Convert restrictions with IPv6 mask in "migratentp" actor (oamg#756) - [IPU 7 -> 8]: Handle upgrading Satellite instances (oamg#733) - [IPU 7 -> 8]: Warn about docker deprecation when installed - [IPU 7 -> 8]: Zipl: Inhibit if boot entries share the same kernel image (oamg#816) - [IPU 7 -> 8]: bind configuration check (oamg#521) - [IPU 8 -> 9]: Add actor that ensures ifcfg files work in el9 (oamg#839) - [IPU 8 -> 9]: Add actor that scans for deprecated network settings (oamg#842) - [IPU 8 -> 9]: Add inhibitor FirewalldCheckServiceTftpClient (oamg#792) - [IPU 8 -> 9]: Add inihibtor FirewalldCheckAllowZoneDrifting (oamg#777) - [IPU 8 -> 9]: Add kpatch actor to handle live kernel patching during IPU (oamg#837) - [IPU 8 -> 9]: Add mariadbcheck actor to link upgrade documentation (oamg#836) - [IPU 8 -> 9]: Add postgresqlcheck actor to link upgrade documentation (oamg#802) - [IPU 8 -> 9]: Add scan & checks for VDO devices (oamg#821) - [IPU 8 -> 9]: Apply a new way of disabling SELinux (oamg#769) - [IPU 8 -> 9]: Check SSSD configuration for changes in RHEL9 and report them (oamg#732) - [IPU 8 -> 9]: Check the existence of the custom network-scripts (oamg#729) - [IPU 8 -> 9]: Provide upgrade inhibitor for ipa-server (oamg#765) ## Additional changes interesting for devels - Move target release and flavor specification to a separate lib (oamg#753) - Refactor "transactionworkarounds" actor and fix tests (oamg#759) - Several actors moved to the system_upgrade/common repository (oamg#800, oamg#803, oamg#805, oamg#833) Signed-off-by: Michal Reznik <mreznik@redhat.com>
This config option does not exist in RHEL-9. So we must make sure it's
not being used.
Fixes: OAMG-4391