[pve-devel] [PATCH v3 manager] 1145 Warn if datacenter firewall or host firewall service is disabled
Christian Ebner
c.ebner at proxmox.com
Thu Feb 28 10:23:47 CET 2019
This shows a warning when the user edits the host firewall status or the VM/CT
firewall status, but the datacenter level firewall is disabled or the
pve-firewall service is not running on the host.
Signed-off-by: Christian Ebner <c.ebner at proxmox.com>
---
Version 3:
* As discussed offline with Dominik and Thomas, we should keep this as
simple as possible, only showing the warinings, no checkboxes for NIC ecc.
* The code was completely refactored as compared to the previous version,
the main functionality is now contained within FirewallEnableEdit.js
www/manager6/Makefile | 1 +
www/manager6/grid/FirewallEnableEdit.js | 74 +++++++++++++++++++++++++++++++++
www/manager6/grid/FirewallOptions.js | 25 +++++++++--
www/manager6/lxc/Config.js | 3 +-
www/manager6/node/Config.js | 3 +-
www/manager6/qemu/Config.js | 3 +-
6 files changed, 103 insertions(+), 6 deletions(-)
create mode 100644 www/manager6/grid/FirewallEnableEdit.js
diff --git a/www/manager6/Makefile b/www/manager6/Makefile
index e75f0de6..951242d4 100644
--- a/www/manager6/Makefile
+++ b/www/manager6/Makefile
@@ -89,6 +89,7 @@ JSSRC= \
grid/FirewallRules.js \
grid/FirewallAliases.js \
grid/FirewallOptions.js \
+ grid/FirewallEnableEdit.js \
tree/ResourceTree.js \
panel/IPSet.js \
panel/ConfigPanel.js \
diff --git a/www/manager6/grid/FirewallEnableEdit.js b/www/manager6/grid/FirewallEnableEdit.js
new file mode 100644
index 00000000..b2ee0400
--- /dev/null
+++ b/www/manager6/grid/FirewallEnableEdit.js
@@ -0,0 +1,74 @@
+Ext.define('PVE.FirewallEnableEdit', {
+ extend: 'Proxmox.window.Edit',
+ alias: ['widget.pveFirewallEnableEdit'],
+
+ initComponent : function() {
+ var me = this;
+
+ var dcFirewallDisabledHint = Ext.createWidget({
+ xtype: 'displayfield',
+ userCls: 'pve-hint',
+ value: 'Warning! Firewall disabled at datacenter level!',
+ hidden: true
+ });
+
+ var fwServiceDisabledHint = Ext.createWidget({
+ xtype: 'displayfield',
+ userCls: 'pve-hint',
+ value: 'Warning! Firewall service not running on node!',
+ hidden: true
+ });
+
+ Proxmox.Utils.API2Request({
+ url: '/api2/extjs/cluster/firewall/options',
+ method: 'GET',
+ failure: function(response, opts) {
+ Ext.Msg.alert(gettext('Error'), response.htmlStatus);
+ },
+ success: function(response, opts) {
+ if (!response.result.data.enable) {
+ dcFirewallDisabledHint.setVisible(true);
+ }
+ }
+ });
+
+ Proxmox.Utils.API2Request({
+ url: '/api2/extjs/nodes/' + me.nodename + '/services/pve-firewall/state',
+ method: 'GET',
+ failure: function(response, opts) {
+ Ext.Msg.alert(gettext('Error'), response.htmlStatus);
+ },
+ success: function(response, opts) {
+ var data = response.result.data;
+ if (data.state !== 'running') {
+ fwServiceDisabledHint.setVisible(true);
+ }
+ }
+ });
+
+ Ext.applyIf(me, {
+ subject: gettext('Firewall'),
+ fieldDefaults: {
+ labelWidth: 100
+ },
+ items: [
+ {
+ xtype: 'proxmoxcheckbox',
+ name: 'enable',
+ uncheckedValue: 0,
+ defaultValue: 0,
+ checked: true,
+ deleteDefaultValue: false,
+ labelWidth: Proxmox.Utils.compute_min_label_width(
+ gettext('Firewall'), 120),
+ fieldLabel: gettext('Firewall')
+ },
+ dcFirewallDisabledHint,
+ fwServiceDisabledHint
+ ]
+ });
+
+ me.callParent();
+ me.load();
+ }
+});
diff --git a/www/manager6/grid/FirewallOptions.js b/www/manager6/grid/FirewallOptions.js
index cddbdbbf..0eb1e02c 100644
--- a/www/manager6/grid/FirewallOptions.js
+++ b/www/manager6/grid/FirewallOptions.js
@@ -64,9 +64,18 @@ Ext.define('PVE.FirewallOptions', {
};
};
-
if (me.fwtype === 'node') {
- add_boolean_row('enable', gettext('Firewall'), 1);
+ me.rows.enable = {
+ required: true,
+ defaultValue: 1,
+ header: gettext('Firewall'),
+ renderer: Proxmox.Utils.format_boolean,
+ editor: {
+ xtype: 'pveFirewallEnableEdit',
+ nodename: me.nodename,
+ fwtype: me.fwtype
+ }
+ };
add_boolean_row('nosmurfs', gettext('SMURFS filter'), 1);
add_boolean_row('tcpflags', gettext('TCP flags filter'), 0);
add_boolean_row('ndp', 'NDP', 1);
@@ -78,7 +87,17 @@ Ext.define('PVE.FirewallOptions', {
add_log_row('tcp_flags_log_level', 120);
add_log_row('smurf_log_level');
} else if (me.fwtype === 'vm') {
- add_boolean_row('enable', gettext('Firewall'), 0);
+ me.rows.enable = {
+ required: true,
+ defaultValue: 0,
+ header: gettext('Firewall'),
+ renderer: Proxmox.Utils.format_boolean,
+ editor: {
+ xtype: 'pveFirewallEnableEdit',
+ nodename: me.nodename,
+ fwtype: me.fwtype
+ }
+ };
add_boolean_row('dhcp', 'DHCP', 1);
add_boolean_row('ndp', 'NDP', 1);
add_boolean_row('radv', gettext('Router Advertisement'), 0);
diff --git a/www/manager6/lxc/Config.js b/www/manager6/lxc/Config.js
index 51864f1a..2338721c 100644
--- a/www/manager6/lxc/Config.js
+++ b/www/manager6/lxc/Config.js
@@ -269,7 +269,8 @@ Ext.define('PVE.lxc.Config', {
title: gettext('Options'),
base_url: base_url + '/firewall/options',
fwtype: 'vm',
- itemId: 'firewall-options'
+ itemId: 'firewall-options',
+ nodename: nodename
},
{
xtype: 'pveFirewallAliases',
diff --git a/www/manager6/node/Config.js b/www/manager6/node/Config.js
index f9a62670..9a033521 100644
--- a/www/manager6/node/Config.js
+++ b/www/manager6/node/Config.js
@@ -261,7 +261,8 @@ Ext.define('PVE.node.Config', {
groups: ['firewall'],
base_url: '/nodes/' + nodename + '/firewall/options',
fwtype: 'node',
- itemId: 'firewall-options'
+ itemId: 'firewall-options',
+ nodename: nodename
});
}
diff --git a/www/manager6/qemu/Config.js b/www/manager6/qemu/Config.js
index 38496f4f..f6d36928 100644
--- a/www/manager6/qemu/Config.js
+++ b/www/manager6/qemu/Config.js
@@ -283,7 +283,8 @@ Ext.define('PVE.qemu.Config', {
title: gettext('Options'),
base_url: base_url + '/firewall/options',
fwtype: 'vm',
- itemId: 'firewall-options'
+ itemId: 'firewall-options',
+ nodename: nodename
},
{
xtype: 'pveFirewallAliases',
--
2.11.0
More information about the pve-devel
mailing list