Enable selinux bool for grafana to postgresql connection.

For package grafana >= 9.2.10-15 there is patch added for selinux module to allow connection from grafana to local postgresql. This flag enabled now during engine-setup command if version with this flag installed. For old versions of the grafana we do nothing with selinux. For versions between 9.2.10-10 and 9.2.10-14 we ask user to update package version. Signed-off-by: Stanislav Melnichuk <[email protected]>
oVirt · May 2, 2024 · a9dd50c · a9dd50c
1 parent a007944
commit a9dd50c
Show file tree

Hide file tree

Showing 2 changed files with 82 additions and 0 deletions.
diff --git a/packaging/setup/plugins/ovirt-engine-setup/ovirt-engine-grafana-dwh/config/__init__.py b/packaging/setup/plugins/ovirt-engine-setup/ovirt-engine-grafana-dwh/config/__init__.py
@@ -14,12 +14,14 @@
 
 from . import database
 from . import datasource
+from . import selinux
 
 
 @util.export
 def createPlugins(context):
     database.Plugin(context=context)
     datasource.Plugin(context=context)
+    selinux.Plugin(context=context)
 
 
 # vim: expandtab tabstop=4 shiftwidth=4
diff --git a/packaging/setup/plugins/ovirt-engine-setup/ovirt-engine-grafana-dwh/config/selinux.py b/packaging/setup/plugins/ovirt-engine-setup/ovirt-engine-grafana-dwh/config/selinux.py
@@ -0,0 +1,80 @@
+#
+# ovirt-engine-setup -- ovirt engine setup
+#
+# Copyright oVirt Authors
+# SPDX-License-Identifier: Apache-2.0
+#
+#
+
+
+import gettext
+import rpm
+
+from otopi import util
+from otopi import plugin
+
+from ovirt_engine_setup import constants as osetupcons
+from ovirt_engine_setup import util as osetuputil
+
+
+def _(m):
+    return gettext.dgettext(message=m, domain='ovirt-engine-dwh')
+
+
+@util.export
+class Plugin(plugin.PluginBase):
+
+    def __init__(self, context):
+        super(Plugin, self).__init__(context=context)
+        self._should_enable_selinux_bool = False
+
+    @plugin.event(
+        stage=plugin.Stages.STAGE_PACKAGES,
+        before=(
+                'allow-grafana-connect-to-postgresql',
+        ),
+        priority=plugin.Stages.PRIORITY_LAST
+    )
+    def _misc_check_grafana_version_for_selinux(self):
+        _, mini_pm, _ = (osetuputil.getPackageManager(self.logger))
+        queried_packages = mini_pm().queryPackages(patterns=['grafana'])
+
+        grafana_pkg_info = next(
+            (package for package in queried_packages if package['operation'] == 'installed' and package['name'] == 'grafana'),
+            None
+        )
+        if grafana_pkg_info:
+            version = grafana_pkg_info['version']  # looks like '9.2.10'
+            release = grafana_pkg_info['release']  # looks like '15.el8'
+            patch = release.split('.')[0]  # remove part with OS stream
+
+            # We are on the version without selinux configured, can do nothing with selinux.
+            if rpm.labelCompare(('1', version, patch), ('1', '9.2.10', '10')) < 0:
+                self._should_enable_selinux_bool = False
+                return
+
+            # We are on the version with selinux flag added, should enable it.
+            if rpm.labelCompare(('1', version, patch), ('1', '9.2.10', '15')) >= 0:
+                self._should_enable_selinux_bool = True
+                return
+
+            # Here we are between 9.2.10-10 and 9.2.10-14 and should ask user to update package version.
+            raise RuntimeError(
+                _('Please, update grafana up to 9.2.10-15 or higher version for operational state with selinux.')
+            )
+
+    @plugin.event(
+        stage=plugin.Stages.STAGE_MISC,
+        name='allow-grafana-connect-to-postgresql',
+        before=(
+                osetupcons.Stages.SETUP_SELINUX,
+        ),
+        condition=lambda self: self._should_enable_selinux_bool,
+    )
+    def _misc_selinux_allow_grafana_request_postgresql(self):
+        self.environment[osetupcons.SystemEnv.SELINUX_BOOLEANS].append({
+            'boolean': 'grafana_can_tcp_connect_postgresql_port',
+            'state': "on",
+        })
+
+# vim: expandtab tabstop=4 shiftwidth=4