Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable selinux bool for grafana to postgresql connection. #67

Merged
merged 1 commit into from
Jul 12, 2024
Merged

Enable selinux bool for grafana to postgresql connection. #67

merged 1 commit into from
Jul 12, 2024

Conversation

0ffer
Copy link
Contributor

@0ffer 0ffer commented Apr 24, 2024

For package grafana >= 9.2.10-15 there is patch added for selinux module to allow connection from grafana to local postgresql. This flag enabled now during engine-setup command.

@0ffer 0ffer requested a review from avlitman as a code owner April 24, 2024 12:18
@0ffer 0ffer mentioned this pull request Apr 24, 2024
Open
@michalskrivanek
Copy link
Member

@tinez maybe this is the reason?

@0ffer
Copy link
Contributor Author

0ffer commented Apr 24, 2024

@michalskrivanek @tinez
May be not, because, as i know, issue, that i resolve here, already fixed for ost in oVirt/ovirt-system-tests#324

@michalskrivanek
Copy link
Member

ah, that's this one. well, cool, we can then drop the workaround.

@michalskrivanek
Copy link
Member

/ost

mwperina
mwperina reviewed Apr 26, 2024
View reviewed changes
ovirt-engine-dwh.spec.in Outdated Show resolved Hide resolved
@0ffer 0ffer force-pushed the master branch 2 times, most recently from a9dd50c to 49bd045 Compare May 2, 2024 15:47
@mwperina mwperina requested review from didib and sandrobonazzola May 6, 2024 13:41
didib
didib reviewed May 8, 2024
View reviewed changes
Copy link
Member

@didib didib left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I do not have a clear picture of the issue, nor do I still remember everything fresh. Some comments inside... Thanks! OK for me to merge as-is if it works for you, but perhaps better address some of my comments, in particular about trying to fail earlier than STAGE_PACKAGES.

packaging/setup/plugins/ovirt-engine-setup/ovirt-engine-grafana-dwh/config/selinux.py Outdated Show resolved Hide resolved
packaging/setup/plugins/ovirt-engine-setup/ovirt-engine-grafana-dwh/config/selinux.py Outdated Show resolved Hide resolved
packaging/setup/plugins/ovirt-engine-setup/ovirt-engine-grafana-dwh/config/selinux.py Outdated Show resolved Hide resolved
@0ffer 0ffer force-pushed the master branch 2 times, most recently from 3fd1053 to c7bf39a Compare May 22, 2024 09:45
didib
didib reviewed May 22, 2024
View reviewed changes
Copy link
Member

@didib didib left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks good to me (with a minor comment).

I recommend to do thorough testing, including some of the flows I suggested earlier. Handling such tough cases is much harder when arriving from a real live system... Upgrade flows are often sensitive, and restore flows are always critical - you rely on restore to work after you had problems you already failed to solve otherwise.

@0ffer
Enable selinux bool for grafana to postgresql connection.
3355c68 
For package grafana >= 9.2.10-15 there is patch added for selinux module to allow connection from grafana to local postgresql.
This flag enabled now during engine-setup command if version with this flag installed.
For old versions of the grafana we do nothing with selinux.
For versions between 9.2.10-10 and 9.2.10-14 we ask user to update package version.

Signed-off-by: Stanislav Melnichuk <[email protected]>
@0ffer
Copy link
Contributor Author

0ffer commented May 22, 2024

Code looks good to me (with a minor comment).

I recommend to do thorough testing, including some of the flows I suggested earlier. Handling such tough cases is much harder when arriving from a real live system... Upgrade flows are often sensitive, and restore flows are always critical - you rely on restore to work after you had problems you already failed to solve otherwise.

Good, I made a change about your comment.

Yep, I know about testing, I haven't done it yet.
I need some time to figure out the testing, and this will be an exciting adventure 😄

@michalskrivanek
Copy link
Member

LGTM

mwperina
mwperina approved these changes Jul 12, 2024
View reviewed changes
Copy link
Member

@mwperina mwperina left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@mwperina mwperina merged commit 4922553 into oVirt:master Jul 12, 2024
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mwperina mwperina mwperina approved these changes

@avlitman avlitman Awaiting requested review from avlitman avlitman is a code owner

@sandrobonazzola sandrobonazzola Awaiting requested review from sandrobonazzola

@didib didib Awaiting requested review from didib

@michalskrivanek michalskrivanek Awaiting requested review from michalskrivanek

@dupondje dupondje Awaiting requested review from dupondje

@BrooklynDewolf BrooklynDewolf Awaiting requested review from BrooklynDewolf

Assignees

@0ffer 0ffer

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@0ffer @michalskrivanek @didib @mwperina