[pve-devel] [PATCH v3 manager] 1145 Warn if datacenter firewall or host firewall service is disabled

Christian Ebner c.ebner at proxmox.com
Thu Feb 28 10:23:47 CET 2019


This shows a warning when the user edits the host firewall status or the VM/CT
firewall status, but the datacenter level firewall is disabled or the
pve-firewall service is not running on the host.

Signed-off-by: Christian Ebner <c.ebner at proxmox.com>
---

Version 3:
    * As discussed offline with Dominik and Thomas, we should keep this as
      simple as possible, only showing the warinings, no checkboxes for NIC ecc.
    * The code was completely refactored as compared to the previous version,
      the main functionality is now contained within FirewallEnableEdit.js

 www/manager6/Makefile                   |  1 +
 www/manager6/grid/FirewallEnableEdit.js | 74 +++++++++++++++++++++++++++++++++
 www/manager6/grid/FirewallOptions.js    | 25 +++++++++--
 www/manager6/lxc/Config.js              |  3 +-
 www/manager6/node/Config.js             |  3 +-
 www/manager6/qemu/Config.js             |  3 +-
 6 files changed, 103 insertions(+), 6 deletions(-)
 create mode 100644 www/manager6/grid/FirewallEnableEdit.js

diff --git a/www/manager6/Makefile b/www/manager6/Makefile
index e75f0de6..951242d4 100644
--- a/www/manager6/Makefile
+++ b/www/manager6/Makefile
@@ -89,6 +89,7 @@ JSSRC= 				                 	\
 	grid/FirewallRules.js				\
 	grid/FirewallAliases.js				\
 	grid/FirewallOptions.js				\
+	grid/FirewallEnableEdit.js		    	\
 	tree/ResourceTree.js				\
 	panel/IPSet.js					\
 	panel/ConfigPanel.js				\
diff --git a/www/manager6/grid/FirewallEnableEdit.js b/www/manager6/grid/FirewallEnableEdit.js
new file mode 100644
index 00000000..b2ee0400
--- /dev/null
+++ b/www/manager6/grid/FirewallEnableEdit.js
@@ -0,0 +1,74 @@
+Ext.define('PVE.FirewallEnableEdit', {
+    extend: 'Proxmox.window.Edit',
+    alias: ['widget.pveFirewallEnableEdit'],
+
+    initComponent : function() {
+	var me = this;
+
+	var dcFirewallDisabledHint = Ext.createWidget({
+	    xtype: 'displayfield',
+	    userCls: 'pve-hint',
+	    value: 'Warning! Firewall disabled at datacenter level!',
+	    hidden: true
+	});
+
+	var fwServiceDisabledHint = Ext.createWidget({
+	    xtype: 'displayfield',
+	    userCls: 'pve-hint',
+	    value: 'Warning! Firewall service not running on node!',
+	    hidden: true
+	});
+
+	Proxmox.Utils.API2Request({
+	    url: '/api2/extjs/cluster/firewall/options',
+	    method: 'GET',
+	    failure: function(response, opts) {
+		Ext.Msg.alert(gettext('Error'), response.htmlStatus);
+	    },
+	    success: function(response, opts) {
+		if (!response.result.data.enable) {
+		    dcFirewallDisabledHint.setVisible(true);
+		}
+	    }
+	});
+
+	Proxmox.Utils.API2Request({
+	    url: '/api2/extjs/nodes/' + me.nodename + '/services/pve-firewall/state',
+	    method: 'GET',
+	    failure: function(response, opts) {
+		Ext.Msg.alert(gettext('Error'), response.htmlStatus);
+	    },
+	    success: function(response, opts) {
+		var data = response.result.data;
+		if (data.state !== 'running') {
+		    fwServiceDisabledHint.setVisible(true);
+		}
+	    }
+	});
+
+	Ext.applyIf(me, {
+	    subject: gettext('Firewall'),
+	    fieldDefaults: {
+		labelWidth: 100
+	    },
+	    items: [
+		{
+		    xtype: 'proxmoxcheckbox',
+		    name: 'enable',
+		    uncheckedValue: 0,
+		    defaultValue: 0,
+		    checked: true,
+		    deleteDefaultValue: false,
+		    labelWidth: Proxmox.Utils.compute_min_label_width(
+			gettext('Firewall'), 120),
+		    fieldLabel: gettext('Firewall')
+		},
+		dcFirewallDisabledHint,
+		fwServiceDisabledHint
+	    ]
+	});
+
+	me.callParent();
+	me.load();
+    }
+});
diff --git a/www/manager6/grid/FirewallOptions.js b/www/manager6/grid/FirewallOptions.js
index cddbdbbf..0eb1e02c 100644
--- a/www/manager6/grid/FirewallOptions.js
+++ b/www/manager6/grid/FirewallOptions.js
@@ -64,9 +64,18 @@ Ext.define('PVE.FirewallOptions', {
 	    };
 	};
 
-
 	if (me.fwtype === 'node') {
-	    add_boolean_row('enable', gettext('Firewall'), 1);
+	    me.rows.enable = {
+		required: true,
+		defaultValue: 1,
+		header: gettext('Firewall'),
+		renderer: Proxmox.Utils.format_boolean,
+		editor: {
+		    xtype: 'pveFirewallEnableEdit',
+		    nodename: me.nodename,
+		    fwtype: me.fwtype
+		}
+	    };
 	    add_boolean_row('nosmurfs', gettext('SMURFS filter'), 1);
 	    add_boolean_row('tcpflags', gettext('TCP flags filter'), 0);
 	    add_boolean_row('ndp', 'NDP', 1);
@@ -78,7 +87,17 @@ Ext.define('PVE.FirewallOptions', {
 	    add_log_row('tcp_flags_log_level', 120);
 	    add_log_row('smurf_log_level');
 	} else if (me.fwtype === 'vm') {
-	    add_boolean_row('enable', gettext('Firewall'), 0);
+	    me.rows.enable = {
+		required: true,
+		defaultValue: 0,
+		header: gettext('Firewall'),
+		renderer: Proxmox.Utils.format_boolean,
+		editor: {
+		    xtype: 'pveFirewallEnableEdit',
+		    nodename: me.nodename,
+		    fwtype: me.fwtype
+		}
+	    };
 	    add_boolean_row('dhcp', 'DHCP', 1);
 	    add_boolean_row('ndp', 'NDP', 1);
 	    add_boolean_row('radv', gettext('Router Advertisement'), 0);
diff --git a/www/manager6/lxc/Config.js b/www/manager6/lxc/Config.js
index 51864f1a..2338721c 100644
--- a/www/manager6/lxc/Config.js
+++ b/www/manager6/lxc/Config.js
@@ -269,7 +269,8 @@ Ext.define('PVE.lxc.Config', {
 		    title: gettext('Options'),
 		    base_url: base_url + '/firewall/options',
 		    fwtype: 'vm',
-		    itemId: 'firewall-options'
+		    itemId: 'firewall-options',
+		    nodename: nodename
 		},
 		{
 		    xtype: 'pveFirewallAliases',
diff --git a/www/manager6/node/Config.js b/www/manager6/node/Config.js
index f9a62670..9a033521 100644
--- a/www/manager6/node/Config.js
+++ b/www/manager6/node/Config.js
@@ -261,7 +261,8 @@ Ext.define('PVE.node.Config', {
 		    groups: ['firewall'],
 		    base_url: '/nodes/' + nodename + '/firewall/options',
 		    fwtype: 'node',
-		    itemId: 'firewall-options'
+		    itemId: 'firewall-options',
+		    nodename: nodename
 		});
 	}
 
diff --git a/www/manager6/qemu/Config.js b/www/manager6/qemu/Config.js
index 38496f4f..f6d36928 100644
--- a/www/manager6/qemu/Config.js
+++ b/www/manager6/qemu/Config.js
@@ -283,7 +283,8 @@ Ext.define('PVE.qemu.Config', {
 		    title: gettext('Options'),
 		    base_url: base_url + '/firewall/options',
 		    fwtype: 'vm',
-		    itemId: 'firewall-options'
+		    itemId: 'firewall-options',
+		    nodename: nodename
 		},
 		{
 		    xtype: 'pveFirewallAliases',
-- 
2.11.0



More information about the pve-devel mailing list