[pve-devel] [PATCH v2 manager] 1145 Warn if datacenter firewall or host firewall service is disabled

Mon Feb 18 14:24:55 CET 2019

This shows a warning when the user edits the host firewall status, but the
firewall is disabled at datacenter level or the pve-firewall service is not
running on the host.

Signed-off-by: Christian Ebner <c.ebner at proxmox.com>
---
Version 2:
    * Instead of showing the firewall status continuously in the top bar,
      the user is now only warned in the edit window, when changing the host
      firewall status, in case that the firewall is disabled at datacenter level
      and/or the pve-firewall service is not running on the host.

 www/manager6/grid/FirewallOptions.js | 66 +++++++++++++++++++++++++++++++++++-
 www/manager6/node/Config.js          |  3 +-
 2 files changed, 67 insertions(+), 2 deletions(-)

diff --git a/www/manager6/grid/FirewallOptions.js b/www/manager6/grid/FirewallOptions.js
index cddbdbbf..685addc3 100644
--- a/www/manager6/grid/FirewallOptions.js
+++ b/www/manager6/grid/FirewallOptions.js
@@ -66,7 +66,71 @@ Ext.define('PVE.FirewallOptions', {
 
 
 	if (me.fwtype === 'node') {
-	    add_boolean_row('enable', gettext('Firewall'), 1);
+	    me.rows.enable = {
+		required: true,
+		defaultValue: 1,
+		header: gettext('Firewall'),
+		renderer: Proxmox.Utils.format_boolean,
+		editor: {
+		    xtype: 'proxmoxWindowEdit',
+		    subject: gettext('Firewall'),
+		    fieldDefaults: {
+			labelWidth: 100
+		    },
+		    items: {
+			xtype: 'proxmoxcheckbox',
+			name: 'enable',
+			uncheckedValue: 0,
+			defaultValue: 1,
+			checked: true,
+			deleteDefaultValue: false,
+			labelWidth: Proxmox.Utils.compute_min_label_width(
+			    gettext('Firewall'), 100),
+			fieldLabel: gettext('Firewall')
+		    },
+		    listeners: {
+			beforerender: function(editor) {
+			    Proxmox.Utils.API2Request({
+				url: '/api2/extjs/cluster/firewall/options',
+				method: 'GET',
+				failure: function(response, opts) {
+				    Ext.Msg.alert(gettext('Error'), response.htmlStatus);
+				},
+				success: function(response, opts) {
+				    if (!response.result.data.enable) {
+					editor.add({
+					    xtype: 'displayfield',
+					    userCls: 'pve-hint',
+					    value: 'WARNING! Firewall disabled at datacenter level!'
+					});
+				    }
+				}
+			    });
+			    Proxmox.Utils.API2Request({
+				url: '/api2/extjs/nodes/' + me.nodename + '/services',
+				method: 'GET',
+				failure: function(response, opts) {
+				    Ext.Msg.alert(gettext('Error'), response.htmlStatus);
+				},
+				success: function(response, opts) {
+				    var records = response.result.data;
+				    records.forEach(function (entry) {
+					if (entry.name === 'pve-firewall') {
+					    if (entry.state !== 'running') {
+						editor.add({
+						    xtype: 'displayfield',
+						    userCls: 'pve-hint',
+						    value: 'WARNING! Firewall service is not running!'
+						});
+					    }
+					}
+				    });
+				}
+			    });
+			}
+		    }
+		}
+	    };
 	    add_boolean_row('nosmurfs', gettext('SMURFS filter'), 1);
 	    add_boolean_row('tcpflags', gettext('TCP flags filter'), 0);
 	    add_boolean_row('ndp', 'NDP', 1);
diff --git a/www/manager6/node/Config.js b/www/manager6/node/Config.js
index f9a62670..9a033521 100644
--- a/www/manager6/node/Config.js
+++ b/www/manager6/node/Config.js
@@ -261,7 +261,8 @@ Ext.define('PVE.node.Config', {
 		    groups: ['firewall'],
 		    base_url: '/nodes/' + nodename + '/firewall/options',
 		    fwtype: 'node',
-		    itemId: 'firewall-options'
+		    itemId: 'firewall-options',
+		    nodename: nodename
 		});
 	}
 
-- 
2.11.0


