Skip to content

Commit

Permalink
Enable selinux bool for grafana to postgresql connection.
Browse files Browse the repository at this point in the history
For package grafana >= 9.2.10-15 there is patch added for selinux module to allow connection from grafana to local postgresql.
This flag enabled now during engine-setup command if version with this flag installed.
For old versions of the grafana we do nothing with selinux.
For versions between 9.2.10-10 and 9.2.10-14 we ask user to update package version.

Signed-off-by: Stanislav Melnichuk <[email protected]>
  • Loading branch information
0ffer committed May 2, 2024
1 parent a007944 commit 49bd045
Show file tree
Hide file tree
Showing 2 changed files with 89 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -14,12 +14,14 @@

from . import database
from . import datasource
from . import selinux


@util.export
def createPlugins(context):
database.Plugin(context=context)
datasource.Plugin(context=context)
selinux.Plugin(context=context)


# vim: expandtab tabstop=4 shiftwidth=4
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
#
# ovirt-engine-setup -- ovirt engine setup
#
# Copyright oVirt Authors
# SPDX-License-Identifier: Apache-2.0
#
#


import gettext
import rpm

from otopi import util
from otopi import plugin

from ovirt_engine_setup import constants as osetupcons
from ovirt_engine_setup import util as osetuputil


def _(m):
return gettext.dgettext(message=m, domain='ovirt-engine-dwh')


@util.export
class Plugin(plugin.PluginBase):
"""
This plugin is for configuring selinux for grafana package.
Grafana package from the version 9.2.10-10 has subpackage with selinux configurations.
And with initial configurations grafana can't communicate with postgresql.
From the version 9.2.10-15 there is the flag to control possibility for grafana to query local postgresql.
In this plugin we check grafana package version and enable selinux flag for postgresql if needed.
"""

def __init__(self, context):
super(Plugin, self).__init__(context=context)
self._should_enable_selinux_bool = False

@plugin.event(
stage=plugin.Stages.STAGE_PACKAGES,
before=(
'allow-grafana-connect-to-postgresql',
),
priority=plugin.Stages.PRIORITY_LAST
)
def _misc_check_grafana_version_for_selinux(self):
_, mini_pm, _ = (osetuputil.getPackageManager(self.logger))
queried_packages = mini_pm().queryPackages(patterns=['grafana'])

grafana_pkg_info = next(
(package for package in queried_packages if package['operation'] == 'installed' and package['name'] == 'grafana'),
None
)
if grafana_pkg_info:
version = grafana_pkg_info['version'] # looks like '9.2.10'
release = grafana_pkg_info['release'] # looks like '15.el8'
patch = release.split('.')[0] # remove part with OS stream

# We are on the version without selinux configured, can do nothing with selinux.
if rpm.labelCompare(('1', version, patch), ('1', '9.2.10', '10')) < 0:
self._should_enable_selinux_bool = False
return

# We are on the version with selinux flag added, should enable it.
if rpm.labelCompare(('1', version, patch), ('1', '9.2.10', '15')) >= 0:
self._should_enable_selinux_bool = True
return

# Here we are between 9.2.10-10 and 9.2.10-14 and should ask user to update package version.
raise RuntimeError(
_('Please, update grafana up to 9.2.10-15 or higher version for operational state with selinux.')
)

@plugin.event(
stage=plugin.Stages.STAGE_MISC,
name='allow-grafana-connect-to-postgresql',
before=(
osetupcons.Stages.SETUP_SELINUX,
),
condition=lambda self: self._should_enable_selinux_bool,
)
def _misc_selinux_allow_grafana_request_postgresql(self):
self.environment[osetupcons.SystemEnv.SELINUX_BOOLEANS].append({
'boolean': 'grafana_can_tcp_connect_postgresql_port',
'state': "on",
})

# vim: expandtab tabstop=4 shiftwidth=4

0 comments on commit 49bd045

Please sign in to comment.