<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 01/07/2014 05:44 AM, Eli Qiao wrote:<br>
</div>
<blockquote cite="mid:52CBB046.4060200@linux.vnet.ibm.com"
type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<br>
<div class="moz-cite-prefix">于 2014年01月07日 01:31, Aline Manera 写道:<br>
</div>
<blockquote cite="mid:52CAE859.90102@linux.vnet.ibm.com"
type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<div class="moz-cite-prefix"><b><br>
</b><b>opensuse-vm</b>:~/kimchi # rpm -ivh
/root/kimchi/rpm/RPMS/x86_64/kimchi-1.1.0-51.git831ea68.x86_64.rpm<br>
Preparing...
################################# [100%]<br>
Updating / installing...<br>
1:kimchi-1.1.0-51.git831ea68
################################# [100%]<br>
warning: %post(kimchi-1.1.0-51.git831ea68.x86_64) scriptlet
failed, exit status 1<br>
<br>
While running all command from post section manually I got:<br>
<br>
opensuse-vm:~/kimchi # service iptables save<br>
service: no such service iptables<br>
<br>
In opensuse you need to use /sbin/SuSEfirewall2<br>
<br>
</div>
</blockquote>
hello Aline<br>
thanks for your testing and comments<br>
I am not quite familiar with open suse or environment , <br>
so I have not so much confident with the changes for suse.<br>
I‘d like to remove changes for suse from this patch, and<br>
Could you please merge my patch and I will send a following
separate patch to support suse<br>
later ?<br>
will send a new version to remove this change for suse.<br>
</blockquote>
<br>
No problem. Just don't forget to send the SUSE code<br>
<br>
<blockquote cite="mid:52CBB046.4060200@linux.vnet.ibm.com"
type="cite"> <br>
thanks Eli<br>
<blockquote cite="mid:52CAE859.90102@linux.vnet.ibm.com"
type="cite">
<div class="moz-cite-prefix"> <br>
On 01/06/2014 04:10 AM, <a moz-do-not-send="true"
class="moz-txt-link-abbreviated"
href="mailto:taget@linux.vnet.ibm.com">taget@linux.vnet.ibm.com</a>
wrote:<br>
</div>
<blockquote
cite="mid:1388988611-8816-2-git-send-email-taget@linux.vnet.ibm.com"
type="cite">
<pre wrap="">From: Eli Qiao <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:taget@linux.vnet.ibm.com"><taget@linux.vnet.ibm.com></a>
Use firewalld to manager firewall rules on RHEL7, fedora and ubuntu.
Add static rules in iptables to on RHEL6.
Signed-off-by: Eli Qiao <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:taget@linux.vnet.ibm.com"><taget@linux.vnet.ibm.com></a>
---
Makefile.am | 3 +++
contrib/DEBIAN/control.in | 3 ++-
contrib/DEBIAN/postinst | 6 ++++++
contrib/DEBIAN/postrm | 2 ++
contrib/kimchi.spec.fedora.in | 26 ++++++++++++++++++++++++++
contrib/kimchi.spec.suse.in | 10 ++++++++--
src/Makefile.am | 1 +
src/firewalld.xml | 7 +++++++
8 files changed, 55 insertions(+), 3 deletions(-)
create mode 100644 src/firewalld.xml
diff --git a/Makefile.am b/Makefile.am
index 1fb3502..83dab8b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -79,8 +79,11 @@ all-local:
install-deb: install
        cp -R $(top_srcdir)/contrib/DEBIAN $(DESTDIR)/
        $(MKDIR_P) $(DESTDIR)/etc/init
+        $(MKDIR_P) $(DESTDIR)/usr/lib/firewalld/services
        cp -R $(top_srcdir)/contrib/kimchid-upstart.conf.debian \
                $(DESTDIR)/etc/init/kimchid.conf
+        cp -R $(top_srcdir)/src/firewalld.xml \
+                $(DESTDIR)/usr/lib/firewalld/services/kimchid.xml
deb: contrib/make-deb.sh
diff --git a/contrib/DEBIAN/control.in b/contrib/DEBIAN/control.in
index 380584c..c0ea1f1 100644
--- a/contrib/DEBIAN/control.in
+++ b/contrib/DEBIAN/control.in
@@ -17,7 +17,8 @@ Depends: python-cherrypy3 (>= 3.2.0),
python-psutil (>= 0.6.0),
python-ethtool,
sosreport,
- python-ipaddr
+ python-ipaddr,
+ firewalld
Build-Depends:
Maintainer: Aline Manera <a moz-do-not-send="true" class="moz-txt-link-rfc2396E" href="mailto:alinefm@br.ibm.com"><alinefm@br.ibm.com></a>
Description: Kimchi web server
diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst
index c1fc22e..2726753 100755
--- a/contrib/DEBIAN/postinst
+++ b/contrib/DEBIAN/postinst
@@ -19,3 +19,9 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
service kimchid start
+service firewalld status | grep "not running" >/dev/null 2>&1
+if [[ $? -eq 0 ]]; then
+ service firewalld start >/dev/null 2>&1
+fi
+firewall-cmd --reload >/dev/null 2>&1
+firewall-cmd --add-service kimchid >/dev/null 2>&1
diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm
index ef90b49..22db3ce 100755
--- a/contrib/DEBIAN/postrm
+++ b/contrib/DEBIAN/postrm
@@ -26,3 +26,5 @@ case "$1" in
rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/
;;
esac
+
+firewall-cmd --remove-service kimchid >/dev/null 2>&1
diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in
index 3044fc8..3bb5b1c 100644
--- a/contrib/kimchi.spec.fedora.in
+++ b/contrib/kimchi.spec.fedora.in
@@ -34,6 +34,7 @@ BuildRequires: python-unittest2
%if 0%{?with_systemd}
Requires:        systemd
+Requires:        firewalld
Requires(post): systemd
Requires(preun): systemd
Requires(postun): systemd
@@ -63,6 +64,7 @@ make DESTDIR=%{buildroot} install
%if 0%{?with_systemd}
# Install the systemd scripts
install -Dm 0644 contrib/kimchid.service.fedora %{buildroot}%{_unitdir}/kimchid.service
+install -Dm 0640 src/firewalld.xml %{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml
%endif
%if 0%{?rhel} == 6
@@ -87,12 +89,35 @@ start kimchid
service kimchid start
%endif
+%if 0%{?with_systemd}
+service firewalld status | grep "active (running)" >/dev/null 2>&1
+if [[ $? -ne 0 ]]; then
+ service firewalld start >/dev/null 2>&1
+fi
+# Add firewalld rules to open 8000 and 8001 port
+firewall-cmd --reload >/dev/null 2>&1
+firewall-cmd --add-service kimchid >/dev/null 2>&1
+%else
+# Add default iptable rules to open 8000 and 8001 port
+iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
+iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
+service iptables save >/dev/null 2>&1
+%endif
+
%preun
+
if [ $1 -eq 0 ] ; then
# Package removal, not upgrade
/bin/systemctl --no-reload disable kimchid.service > /dev/null 2>&1 || :
/bin/systemctl stop kimchid.service > /dev/null 2>&1 || :
+ %if 0%{?with_systemd}
+ firewall-cmd --remove-service kimchid >/dev/null 2>&1 || :
+ %else
+ iptables -D INPUT -p tcp --dport 8000 -j ACCEPT || :
+ iptables -D INPUT -p tcp --dport 8001 -j ACCEPT || :
+ %endif
fi
+
exit 0
@@ -155,6 +180,7 @@ rm -rf $RPM_BUILD_ROOT
%if 0%{?with_systemd}
%{_unitdir}/kimchid.service
+%{_prefix}/lib/firewalld/services/kimchid.xml
%endif
%if 0%{?rhel} == 6
/etc/init/kimchid.conf
diff --git a/contrib/kimchi.spec.suse.in b/contrib/kimchi.spec.suse.in
index 190b2be..be5172d 100644
--- a/contrib/kimchi.spec.suse.in
+++ b/contrib/kimchi.spec.suse.in
@@ -46,10 +46,16 @@ install -Dm 0755 contrib/kimchid.sysvinit %{buildroot}%{_initrddir}/kimchid
%post
service kimchid start
chkconfig kimchid on
-
+# Add iptables rules to open 8000 and 8001 port
+iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
+iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
+service iptables save >/dev/null 2>&1
%preun
service kimchid stop
-
+# Remove iptables rules to open 8000 and 8001 port
+iptables -D INPUT -p tcp --dport 8000 -j ACCEPT
+iptables -D INPUT -p tcp --dport 8001 -j ACCEPT
+service iptables save >/dev/null 2>&1
%clean
rm -rf $RPM_BUILD_ROOT
diff --git a/src/Makefile.am b/src/Makefile.am
index 7d29e28..7514870 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d
EXTRA_DIST = kimchid.in \
        kimchi.conf.in \
+        firewalld.xml \
        $(NULL)
bin_SCRIPTS = kimchid
diff --git a/src/firewalld.xml b/src/firewalld.xml
new file mode 100644
index 0000000..7472e20
--- /dev/null
+++ b/src/firewalld.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+ <short>kimchid</short>
+ <description>Kimchid is a daemon service for kimchi which is a HTML5 based management tool for KVM. It is designed to make it as easy as possible to get started with KVM and create your first guest.</description>
+ <port protocol="tcp" port="8000"/>
+ <port protocol="tcp" port="8001"/>
+</service>
</pre>
</blockquote>
<br>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Thanks Eli (Li Yong) Qiao (<a moz-do-not-send="true" class="moz-txt-link-abbreviated" href="mailto:qiaoly@cn.ibm.com">qiaoly@cn.ibm.com</a>)
CSTL-KVM Frobisher/RHEV-H</pre>
</blockquote>
<br>
</body>
</html>