cloudutils: Do not configure selinux/apparmor when setup cloudstack agent

python/lib/cloudutils/serviceConfig.py

@@ -519,75 +519,6 @@ def config(self):
             logging.debug(e)
             return False
 
-class securityPolicyConfigUbuntu(serviceCfgBase):
-    def __init__(self, syscfg):
-        super(securityPolicyConfigUbuntu, self).__init__(syscfg)
-        self.serviceName = "Apparmor"
-
-    def config(self):
-        try:
-            cmd = bash("service apparmor status")
-            if not cmd.isSuccess() or cmd.getStdout() == "":
-                self.spRunning = False
-                return True
-
-            if not bash("apparmor_status |grep libvirt").isSuccess():
-                return True
-
-            bash("ln -s /etc/apparmor.d/usr.sbin.libvirtd /etc/apparmor.d/disable/")
-            bash("ln -s /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper /etc/apparmor.d/disable/")
-            bash("apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd")
-            bash("apparmor_parser -R /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper")
-
-            return True
-        except:
-            raise CloudRuntimeException("Failed to configure apparmor, please see the /var/log/cloudstack/agent/setup.log for detail, \
-                                        or you can manually disable it before starting myCloud")
-
-    def restore(self):
-        try:
-            self.syscfg.svo.enableService("apparmor")
-            self.syscfg.svo.startService("apparmor")
-            return True
-        except:
-            logging.debug(formatExceptionInfo())
-            return False
-
-class securityPolicyConfigRedhat(serviceCfgBase):
-    def __init__(self, syscfg):
-        super(securityPolicyConfigRedhat, self).__init__(syscfg)
-        self.serviceName = "SElinux"
-
-    def config(self):
-        selinuxEnabled = True
-
-        if not bash("selinuxenabled").isSuccess():
-            selinuxEnabled = False
-
-        if selinuxEnabled:
-            try:
-                bash("setenforce 0")
-                cfo = configFileOps("/etc/selinux/config", self)
-                cfo.replace_line("SELINUX=", "SELINUX=permissive")
-                return True
-            except:
-                raise CloudRuntimeException("Failed to configure selinux, please see the /var/log/cloudstack/agent/setup.log for detail, \
-                                            or you can manually disable it before starting myCloud")
-        else:
-            return True
-
-    def restore(self):
-        try:
-            bash("setenforce 1")
-            return True
-        except:
-            logging.debug(formatExceptionInfo())
-            return False
-
-class securityPolicyConfigSUSE(securityPolicyConfigRedhat):
-    pass
-
-
 def configure_libvirt_tls(tls_enabled=False, cfo=None):
     save = False
     if not cfo:
@@ -652,7 +583,6 @@ def config(self):
             filename = "/etc/libvirt/qemu.conf"
 
             cfo = configFileOps(filename, self)
-            cfo.addEntry("security_driver", "\"none\"")
             cfo.addEntry("user", "\"root\"")
             cfo.addEntry("group", "\"root\"")
             cfo.addEntry("vnc_listen", "\"0.0.0.0\"")
@@ -690,7 +620,6 @@ def config(self):
 
             filename = "/etc/libvirt/qemu.conf"
             cfo = configFileOps(filename, self)
-            cfo.addEntry("security_driver", "\"none\"")
             cfo.addEntry("user", "\"root\"")
             cfo.addEntry("group", "\"root\"")
             cfo.addEntry("vnc_listen", "\"0.0.0.0\"")
@@ -745,7 +674,6 @@ def config(self):
             filename = "/etc/libvirt/qemu.conf"
 
             cfo = configFileOps(filename, self)
-            cfo.addEntry("security_driver", "\"none\"")
             cfo.addEntry("user", "\"root\"")
             cfo.addEntry("group", "\"root\"")
             configure_libvirt_tls(self.syscfg.env.secure, cfo)

python/lib/cloudutils/syscfg.py

@@ -167,7 +167,6 @@ def __init__(self, glbEnv):
         self.svo = serviceOpsUbuntu()
 
         self.services = [hostConfig(self),
-                         securityPolicyConfigUbuntu(self),
                          networkConfigUbuntu(self),
                          libvirtConfigUbuntu(self),
                          firewallConfigUbuntu(self),
@@ -179,7 +178,6 @@ class sysConfigEL5(sysConfigAgentRedhatBase):
     def __init__(self, glbEnv):
         super(sysConfigEL5, self).__init__(glbEnv)
         self.services = [hostConfig(self),
-                         securityPolicyConfigRedhat(self),
                          networkConfigRedhat(self),
                          libvirtConfigRedhat(self),
                          firewallConfigAgent(self),
@@ -192,7 +190,6 @@ def __init__(self, glbEnv):
         super(sysConfigEL6, self).__init__(glbEnv)
         self.services = [hostConfig(self),
                          cgroupConfig(self),
-                         securityPolicyConfigRedhat(self),
                          networkConfigRedhat(self),
                          libvirtConfigRedhat(self),
                          firewallConfigAgent(self),
@@ -204,7 +201,6 @@ class sysConfigEL7(sysConfigAgentRedhat7Base):
     def __init__(self, glbEnv):
         super(sysConfigEL7, self).__init__(glbEnv)
         self.services = [hostConfig(self),
-                         securityPolicyConfigRedhat(self),
                          networkConfigRedhat(self),
                          libvirtConfigRedhat(self),
                          firewallConfigAgent(self),
@@ -216,7 +212,6 @@ class sysConfigEL(sysConfigAgentELBase):
     def __init__(self, glbEnv):
         super(sysConfigEL, self).__init__(glbEnv)
         self.services = [hostConfig(self),
-                         securityPolicyConfigRedhat(self),
                          networkConfigRedhat(self),
                          libvirtConfigRedhat(self),
                          firewallConfigAgent(self),
@@ -227,7 +222,6 @@ class sysConfigSUSE(sysConfigAgentSUSE):
     def __init__(self, glbEnv):
         super(sysConfigSUSE, self).__init__(glbEnv)
         self.services = [hostConfig(self),
-                         securityPolicyConfigSUSE(self),
                          networkConfigSUSE(self),
                          libvirtConfigSUSE(self),
                          firewallConfigAgent(self),

server/src/main/java/com/cloud/hypervisor/kvm/discoverer/LibvirtServerDiscoverer.java

@@ -378,8 +378,6 @@ private HostVO waitForHostConnect(long dcId, long podId, long clusterId, String
 
     @Override
     public boolean configure(String name, Map<String, Object> params) throws ConfigurationException {
-        // _setupAgentPath = Script.findScript(getPatchPath(),
-        // "setup_agent.sh");
         _kvmPrivateNic = _configDao.getValue(Config.KvmPrivateNetwork.key());
         if (_kvmPrivateNic == null) {
             _kvmPrivateNic = "cloudbr0";

test/integration/smoke/test_vpc_redundant.py

@@ -571,7 +571,7 @@ def test_02_redundant_VPC_default_routes(self):
     @attr(tags=["advanced", "intervlan"], required_hardware="true")
     def test_03_create_redundant_VPC_1tier_2VMs_2IPs_2PF_ACL_reboot_routers(self):
         """ Create a redundant VPC with two networks with two VMs in each network """
-        self.logger.debug("Starting test_01_create_redundant_VPC_2tiers_4VMs_4IPs_4PF_ACL")
+        self.logger.debug("Starting test_03_create_redundant_VPC_1tier_2VMs_2IPs_2PF_ACL_reboot_routers")
         self.query_routers()
         self.networks.append(self.create_network(self.services["network_offering"], "10.1.1.1"))
         self.check_routers_state()