[Kimchi-devel] [V2] spec: Open 8000 and 8001 port by default

Shu Ming shuming at linux.vnet.ibm.com
Mon Dec 23 08:55:08 UTC 2013 

于 2013/12/23 10:13, Eli Qiao 写道:
>
> 于 2013年12月22日 22:26, Shu Ming 写道:
>> 于 2013/12/20 17:21, taget at linux.vnet.ibm.com 写道:
>>> From: Eli Qiao <taget at linux.vnet.ibm.com>
>>>
>>> V2 - V1 changes:
>>>
>>> 1.Add firewalld sevice configure file kimchid.xml to help open 
>>> iptables port (Mark)
>>> 2.Add Ubuntu iptables rule (Royce)
>>>
>>> Signed-off-by: Eli Qiao <taget at linux.vnet.ibm.com>
>>> ---
>>>   contrib/DEBIAN/control.in      |    3 ++-
>>>   contrib/DEBIAN/postinst        |    2 ++
>>>   contrib/DEBIAN/postrm          |    2 ++
>>>   contrib/kimchi.spec.fedora.in  |   19 +++++++++++++++++++
>>>   contrib/kimchi.spec.suse.in    |   10 ++++++++--
>>>   contrib/kimchid.service.fedora |    1 +
>>>   src/Makefile.am                |    1 +
>>>   src/kimchid.xml                |    7 +++++++
>>>   8 files changed, 42 insertions(+), 3 deletions(-)
>>>   create mode 100644 src/kimchid.xml
>>>
>>> diff --git a/contrib/DEBIAN/control.in b/contrib/DEBIAN/control.in
>>> index 380584c..c0ea1f1 100644
>>> --- a/contrib/DEBIAN/control.in
>>> +++ b/contrib/DEBIAN/control.in
>>> @@ -17,7 +17,8 @@ Depends: python-cherrypy3 (>= 3.2.0),
>>>            python-psutil (>= 0.6.0),
>>>            python-ethtool,
>>>            sosreport,
>>> -         python-ipaddr
>>> +         python-ipaddr,
>>> +         firewalld
>>>   Build-Depends:
>>>   Maintainer: Aline Manera <alinefm at br.ibm.com>
>>>   Description: Kimchi web server
>>> diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst
>>> index c1fc22e..b27205c 100755
>>> --- a/contrib/DEBIAN/postinst
>>> +++ b/contrib/DEBIAN/postinst
>>> @@ -19,3 +19,5 @@
>>>   # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  
>>> 02110-1301  USA
>>>
>>>   service kimchid start
>>> +/usr/bin/firewall-cmd --reload
>>> +/usr/bin/firewall-cmd --add-service kimchid
>>> diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm
>>> index ef90b49..3c70584 100755
>>> --- a/contrib/DEBIAN/postrm
>>> +++ b/contrib/DEBIAN/postrm
>>> @@ -26,3 +26,5 @@ case "$1" in
>>>           rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/
>>>       ;;
>>>   esac
>>> +
>>> +/usr/bin/firewall-cmd --remove-service kimchid
>>> diff --git a/contrib/kimchi.spec.fedora.in 
>>> b/contrib/kimchi.spec.fedora.in
>>> index 14ec359..3a3ca4c 100644
>>> --- a/contrib/kimchi.spec.fedora.in
>>> +++ b/contrib/kimchi.spec.fedora.in
>>> @@ -34,6 +34,7 @@ BuildRequires:    python-unittest2
>>>
>>>   %if 0%{?with_systemd}
>>>   Requires:    systemd
>>> +Requires:    firewalld
>>>   Requires(post): systemd
>>>   Requires(preun): systemd
>>>   Requires(postun): systemd
>>> @@ -63,6 +64,7 @@ make DESTDIR=%{buildroot} install
>>>   %if 0%{?with_systemd}
>>>   # Install the systemd scripts
>>>   install -Dm 0644 contrib/kimchid.service.fedora 
>>> %{buildroot}%{_unitdir}/kimchid.service
>>> +install -Dm 0640 src/kimchid.xml 
>>> %{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml
>>
>> It seems that you may need to check if this file is required on rhel 
>> or Fedora.
> if with_systemd defined
> it's mean RHEL7 or fedora , so no require to check

Thanks for explain.  That looks good.

>>>   %endif
>>>
>>>   %if 0%{?rhel} == 6
>>> @@ -83,16 +85,32 @@ fi
>>>
>>>   %if 0%{?rhel} == 6
>>>   start kimchid
>>> +# Add defult iptable rules to open 8000 and 8001 port
>>> +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
>>> +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
>>> +service iptables save
>>>   %else
>>>   service kimchid start
>>> +# Add firewalld rull to open 8000 and 8001 port
>>> +/usr/bin/firewall-cmd --reload
>>> +/usr/bin/firewall-cmd --add-service kimchid
>>>   %endif
>>>
>>>   %preun
>>> +%if 0%{?rhel} == 6
>>> +iptables -D INPUT -p tcp --dport 8000 -j ACCEPT
>>> +iptables -D INPUT -p tcp --dport 8001 -j ACCEPT
>>> +service iptables save
>>> +%else
>>> +/usr/bin/firewall-cmd --remove-service kimchid
>>> +%endif
>>> +
>>>   if [ $1 -eq 0 ] ; then
>>>       # Package removal, not upgrade
>>>       /bin/systemctl --no-reload disable kimchid.service > /dev/null 
>>> 2>&1 || :
>>>       /bin/systemctl stop kimchid.service > /dev/null 2>&1 || :
>>>   fi
>>> +
>>>   exit 0
>>>
>>>
>>> @@ -153,6 +171,7 @@ rm -rf $RPM_BUILD_ROOT
>>>
>>>   %if 0%{?with_systemd}
>>>   %{_unitdir}/kimchid.service
>>> +%{_prefix}/lib/firewalld/services/kimchid.xml
>>>   %endif
>>>   %if 0%{?rhel} == 6
>>>   /etc/init/kimchid.conf
>>> diff --git a/contrib/kimchi.spec.suse.in b/contrib/kimchi.spec.suse.in
>>> index 9051284..dde9dae 100644
>>> --- a/contrib/kimchi.spec.suse.in
>>> +++ b/contrib/kimchi.spec.suse.in
>>> @@ -46,10 +46,16 @@ install -Dm 0755 contrib/kimchid.sysvinit 
>>> %{buildroot}%{_initrddir}/kimchid
>>>   %post
>>>   service kimchid start
>>>   chkconfig kimchid on
>>> -
>>> +# Add iptables rules to open 8000 and 8001 port
>>> +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
>>> +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
>>> +service iptables save
>>>   %preun
>>>   service kimchid stop
>>> -
>>> +# Remove iptables rules to open 8000 and 8001 port
>>> +iptables -D INPUT -p tcp --dport 8000 -j ACCEPT
>>> +iptables -D INPUT -p tcp --dport 8001 -j ACCEPT
>>> +service iptables save
>>>   %clean
>>>   rm -rf $RPM_BUILD_ROOT
>> Can we use firewalld in open-suse like Fedora?
>>
> does open-suse have firewalld ? I didn't find it.

If it doesn't have, that 's fine.

>>
>>>
>>> diff --git a/contrib/kimchid.service.fedora 
>>> b/contrib/kimchid.service.fedora
>>> index 7abe49b..e39f86b 100644
>>> --- a/contrib/kimchid.service.fedora
>>> +++ b/contrib/kimchid.service.fedora
>>> @@ -1,6 +1,7 @@
>>>   [Unit]
>>>   Description=Kimchi server
>>>   Requires=libvirtd.service
>>> +Requires=firewalld.service
>>>   After=libvirtd.service
>>>
>>>   [Service]
>>> diff --git a/src/Makefile.am b/src/Makefile.am
>>> index 7d29e28..e3938a7 100644
>>> --- a/src/Makefile.am
>>> +++ b/src/Makefile.am
>>> @@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d
>>>
>>>   EXTRA_DIST = kimchid.in \
>>>       kimchi.conf.in \
>>> +    kimchid.xml \
>>>       $(NULL)
>>>
>>>   bin_SCRIPTS = kimchid
>>> diff --git a/src/kimchid.xml b/src/kimchid.xml
>>> new file mode 100644
>>> index 0000000..dee4599
>>> --- /dev/null
>>> +++ b/src/kimchid.xml
>>> @@ -0,0 +1,7 @@
>>> +<?xml version="1.0" encoding="utf-8"?>
>>> +<service>
>>> +  <short>kimchid</short>
>>> +  <description>Kimchid is a daemon service for kimchi whichi is a 
>>> HTML5 based management tool for KVM.  It is designed to make it as 
>>> easy as possible to get started with KVM and create your first 
>>> guest.</description>
>>> +  <port protocol="tcp" port="8000"/>
>>> +  <port protocol="tcp" port="8001"/>
>>> +</service>
>>
>

More information about the Kimchi-devel mailing list