[Kimchi-devel] [project-kimchi] [PATCH] spec: Open 8000 and 8001 port by default in spec.in post section. kimchi server use 8000 and 8001 port. Open 8000 and 8001 port by default in spec.in post section.

Royce Lv lvroyce at linux.vnet.ibm.com
Thu Dec 19 03:13:10 UTC 2013 

On 2013?12?18? 19:00, Mark Wu wrote:
> On 12/17/2013 02:36 PM, taget at linux.vnet.ibm.com wrote:
>> From: Eli Qiao<taget at linux.vnet.ibm.com>
>>
>> Signed-off-by: Eli Qiao<taget at linux.vnet.ibm.com>
>> ---
>>   contrib/kimchi.spec.fedora.in |    5 +++++
>>   contrib/kimchi.spec.suse.in   |    5 +++++
>>   2 files changed, 10 insertions(+), 0 deletions(-)
>>
>> diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in
>> index 14ec359..f21ae49 100644
>> --- a/contrib/kimchi.spec.fedora.in
>> +++ b/contrib/kimchi.spec.fedora.in
>> @@ -81,6 +81,11 @@ if [ $1 -eq 1 ] ; then
>>       /bin/systemctl daemon-reload >/dev/null 2>&1 || :
>>   fi
>>
>> +# open 8000 and 8001 port for firewall
>> +
>> +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
>> +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
>> +
>>   %if 0%{?rhel} == 6
>>   start kimchid
>>   %else
>> diff --git a/contrib/kimchi.spec.suse.in b/contrib/kimchi.spec.suse.in
>> index 9051284..5209e03 100644
>> --- a/contrib/kimchi.spec.suse.in
>> +++ b/contrib/kimchi.spec.suse.in
>> @@ -47,6 +47,11 @@ install -Dm 0755 contrib/kimchid.sysvinit %{buildroot}%{_initrddir}/kimchid
>>   service kimchid start
>>   chkconfig kimchid on
>>
>> +# open 8000 and 8001 port for firewall
>> +
>> +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
>> +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
>> +
>>   %preun
>>   service kimchid stop
>>
> Eli,
> Thanks for the patch. But it's not a reliable configuration. This rule 
> will be lost after reboot.
> And shipping a configuration file is better than running commands in 
> spec file.
>
> Please take a look at firewalld and firewalld.service 
> http://manpages.ubuntu.com/manpages/raring/man5/firewalld.service.5.html
>
> It could be a better solution for the platforms where firewalld is 
> available.
Good point, took a look at vdsm, it manipulates with 
'/etc/sysconfig/iptables' when installation. We may also try this way.
> -- 
> project-kimchi mailing list <project-kimchi at googlegroups.com>
> https://groups.google.com/forum/#!forum/project-kimchi 
> <https://groups.google.com/forum/#%21forum/project-kimchi>
> ---
> You received this message because you are subscribed to the Google 
> Groups "project-kimchi" group.
> To unsubscribe from this group and stop receiving emails from it, send 
> an email to project-kimchi+unsubscribe at googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/kimchi-devel/attachments/20131219/38378d6b/attachment.html>

More information about the Kimchi-devel mailing list