[Kimchi-devel] [PATCH V4] spec: Open 8000 and 8001 port by default
Aline Manera
alinefm at linux.vnet.ibm.com
Mon Dec 30 10:36:45 UTC 2013
On 12/30/2013 12:26 AM, Eli Qiao wrote:
>
> 于 2013年12月27日 22:17, Aline Manera 写道:
>> On 12/26/2013 04:52 AM, taget at linux.vnet.ibm.com wrote:
>>> From: Eli Qiao <taget at linux.vnet.ibm.com>
>>>
>>> V4 - V3 changes:
>>> 1 Fix typo in firewalld.xml (Rodrigo)
>>>
>>> V3 - V2 changes:
>>>
>>> 1.Rename kimchid.xml to firewalld.xml (Mark)
>>> 2.Remove firewalld from serivce require (Mark)
>>> 3.Fix typo
>>>
>>> V2 - V1 changes:
>>
>> Add this patch history to cover letter instead of commit description
>>
> okay, thx.
>>>
>>> 1.Add firewalld sevice configure file kimchid.xml to help open
>>> iptables port (Mark)
>>> 2.Add Ubuntu iptables rule (Royce)
>>>
>>> Signed-off-by: Eli Qiao <taget at linux.vnet.ibm.com>
>>> ---
>>> contrib/DEBIAN/control.in | 3 ++-
>>> contrib/DEBIAN/postinst | 2 ++
>>> contrib/DEBIAN/postrm | 2 ++
>>> contrib/kimchi.spec.fedora.in | 19 +++++++++++++++++++
>>> contrib/kimchi.spec.suse.in | 10 ++++++++--
>>> src/Makefile.am | 1 +
>>> src/firewalld.xml | 7 +++++++
>>> 7 files changed, 41 insertions(+), 3 deletions(-)
>>> create mode 100644 src/firewalld.xml
>>>
>>> diff --git a/contrib/DEBIAN/control.in b/contrib/DEBIAN/control.in
>>> index 380584c..c0ea1f1 100644
>>> --- a/contrib/DEBIAN/control.in
>>> +++ b/contrib/DEBIAN/control.in
>>> @@ -17,7 +17,8 @@ Depends: python-cherrypy3 (>= 3.2.0),
>>> python-psutil (>= 0.6.0),
>>> python-ethtool,
>>> sosreport,
>>> - python-ipaddr
>>> + python-ipaddr,
>>> + firewalld
>>> Build-Depends:
>>> Maintainer: Aline Manera <alinefm at br.ibm.com>
>>> Description: Kimchi web server
>>> diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst
>>> index c1fc22e..b27205c 100755
>>> --- a/contrib/DEBIAN/postinst
>>> +++ b/contrib/DEBIAN/postinst
>>> @@ -19,3 +19,5 @@
>>> # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
>>> 02110-1301 USA
>>>
>>> service kimchid start
>>> +/usr/bin/firewall-cmd --reload
>>> +/usr/bin/firewall-cmd --add-service kimchid
>>
>> Any special reason to use full path for firewall-cmd?
> no , I will remove it next version.
>>
>>> diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm
>>> index ef90b49..3c70584 100755
>>> --- a/contrib/DEBIAN/postrm
>>> +++ b/contrib/DEBIAN/postrm
>>> @@ -26,3 +26,5 @@ case "$1" in
>>> rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/
>>> ;;
>>> esac
>>> +
>>> +/usr/bin/firewall-cmd --remove-service kimchid
>>> diff --git a/contrib/kimchi.spec.fedora.in
>>> b/contrib/kimchi.spec.fedora.in
>>> index 14ec359..57baead 100644
>>> --- a/contrib/kimchi.spec.fedora.in
>>> +++ b/contrib/kimchi.spec.fedora.in
>>> @@ -34,6 +34,7 @@ BuildRequires: python-unittest2
>>>
>>> %if 0%{?with_systemd}
>>> Requires: systemd
>>> +Requires: firewalld
>>> Requires(post): systemd
>>> Requires(preun): systemd
>>> Requires(postun): systemd
>>> @@ -63,6 +64,7 @@ make DESTDIR=%{buildroot} install
>>> %if 0%{?with_systemd}
>>> # Install the systemd scripts
>>> install -Dm 0644 contrib/kimchid.service.fedora
>>> %{buildroot}%{_unitdir}/kimchid.service
>>> +install -Dm 0640 src/firewalld.xml
>>> %{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml
>>> %endif
>>>
>>> %if 0%{?rhel} == 6
>>> @@ -83,16 +85,32 @@ fi
>>>
>>> %if 0%{?rhel} == 6
>>> start kimchid
>>> +# Add defult iptable rules to open 8000 and 8001 port
>>
>> typo: defult
> thanks
>>
>>> +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
>>> +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
>>> +service iptables save
>>> %else
>>> service kimchid start
>>> +# Add firewalld rules to open 8000 and 8001 port
>>> +/usr/bin/firewall-cmd --reload
>>> +/usr/bin/firewall-cmd --add-service kimchid
>>> %endif
>>>
>>> %preun
>>
>> Only RHEL 6 doesn't have firewalld support? All other RHEL and Fedora
>> version have it?
>>
> yes,
>
> RHEL>=7 and Fedora >=15 have firewalld support
>
So I think it's better if we can use with_systemd variable to check it
%if 0%{?with_systemd}
# has firewalld support
%else
# without firewalld support
> will kimchi support Fedora < 15 or RHEL < 6?
>
Kimchi doesn't support those distros officially but anyone can try
Kimchi in there.
>>
>>> +%if 0%{?rhel} == 6
>>> +iptables -D INPUT -p tcp --dport 8000 -j ACCEPT
>>> +iptables -D INPUT -p tcp --dport 8001 -j ACCEPT
>>> +service iptables save
>>> +%else
>>> +/usr/bin/firewall-cmd --remove-service kimchid
>>> +%endif
>>> +
>>
>> Don't you need to put the above code into the if below? Did you test
>> kimchi upgrade?
>>
> okay , I will move above code into if and do a test of upgrade.
>>> if [ $1 -eq 0 ] ; then
>>> # Package removal, not upgrade
>>> /bin/systemctl --no-reload disable kimchid.service > /dev/null 2>&1
>>> || :
>>> /bin/systemctl stop kimchid.service > /dev/null 2>&1 || :
>>> fi
>>> +
>>> exit 0
>>>
>>>
>>> @@ -153,6 +171,7 @@ rm -rf $RPM_BUILD_ROOT
>>>
>>> %if 0%{?with_systemd}
>>> %{_unitdir}/kimchid.service
>>> +%{_prefix}/lib/firewalld/services/kimchid.xml
>>> %endif
>>> %if 0%{?rhel} == 6
>>> /etc/init/kimchid.conf
>>> diff --git a/contrib/kimchi.spec.suse.in b/contrib/kimchi.spec.suse.in
>>> index 9051284..dde9dae 100644
>>> --- a/contrib/kimchi.spec.suse.in
>>> +++ b/contrib/kimchi.spec.suse.in
>>> @@ -46,10 +46,16 @@ install -Dm 0755 contrib/kimchid.sysvinit
>>> %{buildroot}%{_initrddir}/kimchid
>>> %post
>>> service kimchid start
>>> chkconfig kimchid on
>>> -
>>> +# Add iptables rules to open 8000 and 8001 port
>>> +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
>>> +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
>>> +service iptables save
>>> %preun
>>> service kimchid stop
>>> -
>>> +# Remove iptables rules to open 8000 and 8001 port
>>> +iptables -D INPUT -p tcp --dport 8000 -j ACCEPT
>>> +iptables -D INPUT -p tcp --dport 8001 -j ACCEPT
>>> +service iptables save
>>> %clean
>>> rm -rf $RPM_BUILD_ROOT
>>>
>>> diff --git a/src/Makefile.am b/src/Makefile.am
>>> index 7d29e28..7514870 100644
>>> --- a/src/Makefile.am
>>> +++ b/src/Makefile.am
>>> @@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d
>>>
>>> EXTRA_DIST = kimchid.in \
>>> kimchi.conf.in \
>>> + firewalld.xml \
>>> $(NULL)
>>>
>>> bin_SCRIPTS = kimchid
>>> diff --git a/src/firewalld.xml b/src/firewalld.xml
>>> new file mode 100644
>>> index 0000000..7472e20
>>> --- /dev/null
>>> +++ b/src/firewalld.xml
>>> @@ -0,0 +1,7 @@
>>> +<?xml version="1.0" encoding="utf-8"?>
>>> +<service>
>>> + <short>kimchid</short>
>>> + <description>Kimchid is a daemon service for kimchi which is a
>>> HTML5 based management tool for KVM. It is designed to make it as
>>> easy as possible to get started with KVM and create your first
>>> guest.</description>
>>> + <port protocol="tcp" port="8000"/>
>>> + <port protocol="tcp" port="8001"/>
>>> +</service>
>>
>
More information about the Kimchi-devel
mailing list