<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 01/07/2014 03:16 PM, Aline Manera
wrote:<br>
</div>
<blockquote cite="mid:52CC3689.8080704@linux.vnet.ibm.com"
type="cite">On 01/07/2014 05:52 AM, <a class="moz-txt-link-abbreviated" href="mailto:taget@linux.vnet.ibm.com">taget@linux.vnet.ibm.com</a>
wrote:
<br>
<blockquote type="cite">From: Eli Qiao
<a class="moz-txt-link-rfc2396E" href="mailto:taget@linux.vnet.ibm.com"><taget@linux.vnet.ibm.com></a>
<br>
<br>
Use firewalld to manager firewall rules on RHEL7, fedora and
ubuntu.
<br>
</blockquote>
<br>
Please, make sure to test the patch in all those distros.
<br>
<br>
More comments below.
<br>
<br>
<blockquote type="cite">Add static rules in iptables to on RHEL6.
<br>
<br>
Signed-off-by: Eli Qiao <a class="moz-txt-link-rfc2396E" href="mailto:taget@linux.vnet.ibm.com"><taget@linux.vnet.ibm.com></a>
<br>
---
<br>
Makefile.am | 2 ++
<br>
contrib/DEBIAN/control.in | 1 +
<br>
contrib/DEBIAN/postinst | 6 ++++++
<br>
contrib/DEBIAN/postrm | 2 ++
<br>
contrib/kimchi.spec.fedora.in | 26 ++++++++++++++++++++++++++
<br>
src/Makefile.am | 1 +
<br>
src/firewalld.xml | 7 +++++++
<br>
7 files changed, 45 insertions(+)
<br>
create mode 100644 src/firewalld.xml
<br>
<br>
diff --git a/Makefile.am b/Makefile.am
<br>
index 7ab1bd8..b2917eb 100644
<br>
--- a/Makefile.am
<br>
+++ b/Makefile.am
<br>
@@ -86,6 +86,8 @@ install-deb: install
<br>
$(MKDIR_P) $(DESTDIR)/etc/init
<br>
cp -R $(top_srcdir)/contrib/kimchid-upstart.conf.debian \
<br>
$(DESTDIR)/etc/init/kimchid.conf
<br>
</blockquote>
<br>
<blockquote type="cite">+ cp -R $(top_srcdir)/src/firewalld.xml
\
<br>
+ /usr/lib/firewalld/services/kimchid.xml
<br>
</blockquote>
<br>
Why did you change the previous script?
<br>
That way you are installing kimchid.xml in the build system.
<br>
<br>
It should be:
<br>
<br>
# Create the dir first
<br>
$(MKDIR_P) $(DESTDIR)/usr/lib/firewalld/services
<br>
<br>
# copy it to the right location
<br>
cp -R $(top_srcdir)/src/firewalld.xml
$(DESTDIR)/usr/lib/firewalld/services/kimchid.xml
<br>
<br>
<br>
<blockquote type="cite">
<br>
<br>
deb: contrib/make-deb.sh
<br>
diff --git a/contrib/DEBIAN/control.in
b/contrib/DEBIAN/control.in
<br>
index eecfb27..bfbe83d 100644
<br>
--- a/contrib/DEBIAN/control.in
<br>
+++ b/contrib/DEBIAN/control.in
<br>
@@ -19,6 +19,7 @@ Depends: python-cherrypy3 (>= 3.2.0),
<br>
sosreport,
<br>
python-ipaddr,
<br>
open-iscsi
<br>
+ firewalld
<br>
</blockquote>
<br>
make[1]: Leaving directory `/home/alinefm/kimchi'
<br>
dpkg-deb: error: parsing file '/tmp/tmp.V1vHEVEY9P/DEBIAN/control'
near line 22 package 'kimchi':
<br>
`Depends' field, syntax error after reference to package
`open-iscsi'
<br>
<br>
There is missing a comma after 'open-iscsi'
<br>
<br>
<blockquote type="cite"> Build-Depends:
<br>
Maintainer: Aline Manera <a class="moz-txt-link-rfc2396E" href="mailto:alinefm@br.ibm.com"><alinefm@br.ibm.com></a>
<br>
Description: Kimchi web server
<br>
diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst
<br>
index c1fc22e..2726753 100755
<br>
--- a/contrib/DEBIAN/postinst
<br>
+++ b/contrib/DEBIAN/postinst
<br>
@@ -19,3 +19,9 @@
<br>
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston,
MA 02110-1301 USA
<br>
<br>
service kimchid start
<br>
</blockquote>
</blockquote>
<br>
<blockquote cite="mid:52CC3689.8080704@linux.vnet.ibm.com"
type="cite">
<blockquote type="cite">+service firewalld status | grep "not
running" >/dev/null 2>&1
<br>
+if [[ $? -eq 0 ]]; then
<br>
+ service firewalld start >/dev/null 2>&1
<br>
+fi
<br>
+firewall-cmd --reload >/dev/null 2>&1
<br>
+firewall-cmd --add-service kimchid >/dev/null 2>&1
<br>
</blockquote>
</blockquote>
<br>
alinefm@alinefm-virtual-machine:~/kimchi$ sudo dpkg -i
kimchi-1.1.0-57.git2163670.noarch.deb<br>
Selecting previously unselected package kimchi.<br>
(Reading database ... 171601 files and directories currently
installed.)<br>
Unpacking kimchi (from kimchi-1.1.0-57.git2163670.noarch.deb) ...<br>
Setting up kimchi (1.1.0) ...<br>
+ service kimchid start<br>
kimchid start/running, process 8553<br>
+ grep not running<br>
+ service firewalld status<br>
<b>dpkg: error processing kimchi (--install):</b><b><br>
</b><b> subprocess installed post-installation script returned error
exit status 1</b><b><br>
</b><b>Processing triggers for ureadahead ...</b><b><br>
</b><b>Errors were encountered while processing:</b><b><br>
</b><b> kimchi</b><br>
<br>
alinefm@alinefm-virtual-machine:~/kimchi$ sudo service firewalld
status | grep "not running" >/dev/null 2>&1<br>
alinefm@alinefm-virtual-machine:~/kimchi$ echo $?<br>
1<br>
<br>
It is because firewalld service is running, so the command above
return error code.<br>
<br>
<blockquote cite="mid:52CC3689.8080704@linux.vnet.ibm.com"
type="cite">
<blockquote type="cite">diff --git a/contrib/DEBIAN/postrm
b/contrib/DEBIAN/postrm
<br>
index ef90b49..22db3ce 100755
<br>
--- a/contrib/DEBIAN/postrm
<br>
+++ b/contrib/DEBIAN/postrm
<br>
@@ -26,3 +26,5 @@ case "$1" in
<br>
rm -rf /var/log/kimchi /var/run/kimchi.pid
/usr/share/kimchi/
<br>
;;
<br>
esac
<br>
+
<br>
+firewall-cmd --remove-service kimchid >/dev/null 2>&1
<br>
diff --git a/contrib/kimchi.spec.fedora.in
b/contrib/kimchi.spec.fedora.in
<br>
index 75435b3..a8e4e4d 100644
<br>
--- a/contrib/kimchi.spec.fedora.in
<br>
+++ b/contrib/kimchi.spec.fedora.in
<br>
@@ -35,6 +35,7 @@ BuildRequires: python-unittest2
<br>
<br>
%if 0%{?with_systemd}
<br>
Requires: systemd
<br>
+Requires: firewalld
<br>
Requires(post): systemd
<br>
Requires(preun): systemd
<br>
Requires(postun): systemd
<br>
@@ -64,6 +65,7 @@ make DESTDIR=%{buildroot} install
<br>
%if 0%{?with_systemd}
<br>
# Install the systemd scripts
<br>
install -Dm 0644 contrib/kimchid.service.fedora
%{buildroot}%{_unitdir}/kimchid.service
<br>
+install -Dm 0640 src/firewalld.xml
%{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml
<br>
%endif
<br>
<br>
%if 0%{?rhel} == 6
<br>
@@ -88,12 +90,35 @@ start kimchid
<br>
service kimchid start
<br>
%endif
<br>
<br>
+%if 0%{?with_systemd}
<br>
+service firewalld status | grep "active (running)"
>/dev/null 2>&1
<br>
+if [[ $? -ne 0 ]]; then
<br>
+ service firewalld start >/dev/null 2>&1
<br>
+fi
<br>
+# Add firewalld rules to open 8000 and 8001 port
<br>
+firewall-cmd --reload >/dev/null 2>&1
<br>
+firewall-cmd --add-service kimchid >/dev/null 2>&1
<br>
+%else
<br>
+# Add default iptable rules to open 8000 and 8001 port
<br>
+iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
<br>
+iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
<br>
+service iptables save >/dev/null 2>&1
<br>
+%endif
<br>
+
<br>
%preun
<br>
+
<br>
if [ $1 -eq 0 ] ; then
<br>
# Package removal, not upgrade
<br>
/bin/systemctl --no-reload disable kimchid.service >
/dev/null 2>&1 || :
<br>
/bin/systemctl stop kimchid.service > /dev/null
2>&1 || :
<br>
+ %if 0%{?with_systemd}
<br>
+ firewall-cmd --remove-service kimchid >/dev/null
2>&1 || :
<br>
+ %else
<br>
+ iptables -D INPUT -p tcp --dport 8000 -j ACCEPT || :
<br>
+ iptables -D INPUT -p tcp --dport 8001 -j ACCEPT || :
<br>
+ %endif
<br>
fi
<br>
+
<br>
exit 0
<br>
<br>
<br>
@@ -156,6 +181,7 @@ rm -rf $RPM_BUILD_ROOT
<br>
<br>
%if 0%{?with_systemd}
<br>
%{_unitdir}/kimchid.service
<br>
+%{_prefix}/lib/firewalld/services/kimchid.xml
<br>
%endif
<br>
%if 0%{?rhel} == 6
<br>
/etc/init/kimchid.conf
<br>
diff --git a/src/Makefile.am b/src/Makefile.am
<br>
index 7d29e28..7514870 100644
<br>
--- a/src/Makefile.am
<br>
+++ b/src/Makefile.am
<br>
@@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d
<br>
<br>
EXTRA_DIST = kimchid.in \
<br>
kimchi.conf.in \
<br>
+ firewalld.xml \
<br>
$(NULL)
<br>
<br>
bin_SCRIPTS = kimchid
<br>
diff --git a/src/firewalld.xml b/src/firewalld.xml
<br>
new file mode 100644
<br>
index 0000000..7472e20
<br>
--- /dev/null
<br>
+++ b/src/firewalld.xml
<br>
@@ -0,0 +1,7 @@
<br>
+<?xml version="1.0" encoding="utf-8"?>
<br>
+<service>
<br>
+ <short>kimchid</short>
<br>
+ <description>Kimchid is a daemon service for kimchi
which is a HTML5 based management tool for KVM. It is designed
to make it as easy as possible to get started with KVM and
create your first guest.</description>
<br>
+ <port protocol="tcp" port="8000"/>
<br>
+ <port protocol="tcp" port="8001"/>
<br>
+</service>
<br>
</blockquote>
<br>
_______________________________________________
<br>
Kimchi-devel mailing list
<br>
<a class="moz-txt-link-abbreviated" href="mailto:Kimchi-devel@ovirt.org">Kimchi-devel@ovirt.org</a>
<br>
<a class="moz-txt-link-freetext" href="http://lists.ovirt.org/mailman/listinfo/kimchi-devel">http://lists.ovirt.org/mailman/listinfo/kimchi-devel</a>
<br>
<br>
</blockquote>
<br>
</body>
</html>