[PATCH V8 0/1] Open 8000 and 8001 port by default for distro packages
From: Eli Qiao <taget@linux.vnet.ibm.com> V8 -V7 changes: 1. Rebase to latest code.(DEBIAN/control.in) 2. Install kimchid.xml to system dir (shu ming) 3. Remove changes for open suse.(Aline) V7 -V6 changes: 1. Remove firewalld message when install kimchi rpm on fedora/RHEL 2. Start firewalld service if not start 3. Ship kimchid.xml to ubuntu distro in Makefile.am V6 -V5 changes: 1.Keep specific condition for RHEL6 when starting kimchid service 2.Remove full path of firewall-cmd in postrm V5 - V4 changes: 1. Add cover-letter. (Aline) 2. Move clean up rules into if condition. (Aline) 3. Use with_systemd condition to check if use firewalld rules. (Aline) 4. Fix typo (Aline) V4 - V3 changes: 1 Fix typo in firewalld.xml (Rodrigo) V3 - V2 changes: 1.Rename kimchid.xml to firewalld.xml (Mark) 2.Remove firewalld from serivce require (Mark) 3.Fix typo V2 - V1 changes: 1.Add firewalld sevice configure file kimchid.xml to help open iptables port (Mark) 2.Add Ubuntu iptables rule (Royce) Eli Qiao (1): spec: Open 8000 and 8001 port by default Makefile.am | 2 ++ contrib/DEBIAN/control.in | 1 + contrib/DEBIAN/postinst | 6 ++++++ contrib/DEBIAN/postrm | 2 ++ contrib/kimchi.spec.fedora.in | 26 ++++++++++++++++++++++++++ src/Makefile.am | 1 + src/firewalld.xml | 7 +++++++ 7 files changed, 45 insertions(+) create mode 100644 src/firewalld.xml -- 1.8.3.1
From: Eli Qiao <taget@linux.vnet.ibm.com> Use firewalld to manager firewall rules on RHEL7, fedora and ubuntu. Add static rules in iptables to on RHEL6. Signed-off-by: Eli Qiao <taget@linux.vnet.ibm.com> --- Makefile.am | 2 ++ contrib/DEBIAN/control.in | 1 + contrib/DEBIAN/postinst | 6 ++++++ contrib/DEBIAN/postrm | 2 ++ contrib/kimchi.spec.fedora.in | 26 ++++++++++++++++++++++++++ src/Makefile.am | 1 + src/firewalld.xml | 7 +++++++ 7 files changed, 45 insertions(+) create mode 100644 src/firewalld.xml diff --git a/Makefile.am b/Makefile.am index 7ab1bd8..b2917eb 100644 --- a/Makefile.am +++ b/Makefile.am @@ -86,6 +86,8 @@ install-deb: install $(MKDIR_P) $(DESTDIR)/etc/init cp -R $(top_srcdir)/contrib/kimchid-upstart.conf.debian \ $(DESTDIR)/etc/init/kimchid.conf + cp -R $(top_srcdir)/src/firewalld.xml \ + /usr/lib/firewalld/services/kimchid.xml deb: contrib/make-deb.sh diff --git a/contrib/DEBIAN/control.in b/contrib/DEBIAN/control.in index eecfb27..bfbe83d 100644 --- a/contrib/DEBIAN/control.in +++ b/contrib/DEBIAN/control.in @@ -19,6 +19,7 @@ Depends: python-cherrypy3 (>= 3.2.0), sosreport, python-ipaddr, open-iscsi + firewalld Build-Depends: Maintainer: Aline Manera <alinefm@br.ibm.com> Description: Kimchi web server diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst index c1fc22e..2726753 100755 --- a/contrib/DEBIAN/postinst +++ b/contrib/DEBIAN/postinst @@ -19,3 +19,9 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA service kimchid start +service firewalld status | grep "not running" >/dev/null 2>&1 +if [[ $? -eq 0 ]]; then + service firewalld start >/dev/null 2>&1 +fi +firewall-cmd --reload >/dev/null 2>&1 +firewall-cmd --add-service kimchid >/dev/null 2>&1 diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm index ef90b49..22db3ce 100755 --- a/contrib/DEBIAN/postrm +++ b/contrib/DEBIAN/postrm @@ -26,3 +26,5 @@ case "$1" in rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/ ;; esac + +firewall-cmd --remove-service kimchid >/dev/null 2>&1 diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in index 75435b3..a8e4e4d 100644 --- a/contrib/kimchi.spec.fedora.in +++ b/contrib/kimchi.spec.fedora.in @@ -35,6 +35,7 @@ BuildRequires: python-unittest2 %if 0%{?with_systemd} Requires: systemd +Requires: firewalld Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -64,6 +65,7 @@ make DESTDIR=%{buildroot} install %if 0%{?with_systemd} # Install the systemd scripts install -Dm 0644 contrib/kimchid.service.fedora %{buildroot}%{_unitdir}/kimchid.service +install -Dm 0640 src/firewalld.xml %{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml %endif %if 0%{?rhel} == 6 @@ -88,12 +90,35 @@ start kimchid service kimchid start %endif +%if 0%{?with_systemd} +service firewalld status | grep "active (running)" >/dev/null 2>&1 +if [[ $? -ne 0 ]]; then + service firewalld start >/dev/null 2>&1 +fi +# Add firewalld rules to open 8000 and 8001 port +firewall-cmd --reload >/dev/null 2>&1 +firewall-cmd --add-service kimchid >/dev/null 2>&1 +%else +# Add default iptable rules to open 8000 and 8001 port +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save >/dev/null 2>&1 +%endif + %preun + if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable kimchid.service > /dev/null 2>&1 || : /bin/systemctl stop kimchid.service > /dev/null 2>&1 || : + %if 0%{?with_systemd} + firewall-cmd --remove-service kimchid >/dev/null 2>&1 || : + %else + iptables -D INPUT -p tcp --dport 8000 -j ACCEPT || : + iptables -D INPUT -p tcp --dport 8001 -j ACCEPT || : + %endif fi + exit 0 @@ -156,6 +181,7 @@ rm -rf $RPM_BUILD_ROOT %if 0%{?with_systemd} %{_unitdir}/kimchid.service +%{_prefix}/lib/firewalld/services/kimchid.xml %endif %if 0%{?rhel} == 6 /etc/init/kimchid.conf diff --git a/src/Makefile.am b/src/Makefile.am index 7d29e28..7514870 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d EXTRA_DIST = kimchid.in \ kimchi.conf.in \ + firewalld.xml \ $(NULL) bin_SCRIPTS = kimchid diff --git a/src/firewalld.xml b/src/firewalld.xml new file mode 100644 index 0000000..7472e20 --- /dev/null +++ b/src/firewalld.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>kimchid</short> + <description>Kimchid is a daemon service for kimchi which is a HTML5 based management tool for KVM. It is designed to make it as easy as possible to get started with KVM and create your first guest.</description> + <port protocol="tcp" port="8000"/> + <port protocol="tcp" port="8001"/> +</service> -- 1.8.3.1
Reviewed-by: Shu Ming <shuming@linux.vnet.ibm.com> 2014/1/7 15:52, taget@linux.vnet.ibm.com:
From: Eli Qiao <taget@linux.vnet.ibm.com>
Use firewalld to manager firewall rules on RHEL7, fedora and ubuntu. Add static rules in iptables to on RHEL6.
Signed-off-by: Eli Qiao <taget@linux.vnet.ibm.com> --- Makefile.am | 2 ++ contrib/DEBIAN/control.in | 1 + contrib/DEBIAN/postinst | 6 ++++++ contrib/DEBIAN/postrm | 2 ++ contrib/kimchi.spec.fedora.in | 26 ++++++++++++++++++++++++++ src/Makefile.am | 1 + src/firewalld.xml | 7 +++++++ 7 files changed, 45 insertions(+) create mode 100644 src/firewalld.xml
diff --git a/Makefile.am b/Makefile.am index 7ab1bd8..b2917eb 100644 --- a/Makefile.am +++ b/Makefile.am @@ -86,6 +86,8 @@ install-deb: install $(MKDIR_P) $(DESTDIR)/etc/init cp -R $(top_srcdir)/contrib/kimchid-upstart.conf.debian \ $(DESTDIR)/etc/init/kimchid.conf + cp -R $(top_srcdir)/src/firewalld.xml \ + /usr/lib/firewalld/services/kimchid.xml
deb: contrib/make-deb.sh diff --git a/contrib/DEBIAN/control.in b/contrib/DEBIAN/control.in index eecfb27..bfbe83d 100644 --- a/contrib/DEBIAN/control.in +++ b/contrib/DEBIAN/control.in @@ -19,6 +19,7 @@ Depends: python-cherrypy3 (>= 3.2.0), sosreport, python-ipaddr, open-iscsi + firewalld Build-Depends: Maintainer: Aline Manera <alinefm@br.ibm.com> Description: Kimchi web server diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst index c1fc22e..2726753 100755 --- a/contrib/DEBIAN/postinst +++ b/contrib/DEBIAN/postinst @@ -19,3 +19,9 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
service kimchid start +service firewalld status | grep "not running" >/dev/null 2>&1 +if [[ $? -eq 0 ]]; then + service firewalld start >/dev/null 2>&1 +fi +firewall-cmd --reload >/dev/null 2>&1 +firewall-cmd --add-service kimchid >/dev/null 2>&1 diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm index ef90b49..22db3ce 100755 --- a/contrib/DEBIAN/postrm +++ b/contrib/DEBIAN/postrm @@ -26,3 +26,5 @@ case "$1" in rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/ ;; esac + +firewall-cmd --remove-service kimchid >/dev/null 2>&1 diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in index 75435b3..a8e4e4d 100644 --- a/contrib/kimchi.spec.fedora.in +++ b/contrib/kimchi.spec.fedora.in @@ -35,6 +35,7 @@ BuildRequires: python-unittest2
%if 0%{?with_systemd} Requires: systemd +Requires: firewalld Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -64,6 +65,7 @@ make DESTDIR=%{buildroot} install %if 0%{?with_systemd} # Install the systemd scripts install -Dm 0644 contrib/kimchid.service.fedora %{buildroot}%{_unitdir}/kimchid.service +install -Dm 0640 src/firewalld.xml %{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml %endif
%if 0%{?rhel} == 6 @@ -88,12 +90,35 @@ start kimchid service kimchid start %endif
+%if 0%{?with_systemd} +service firewalld status | grep "active (running)" >/dev/null 2>&1 +if [[ $? -ne 0 ]]; then + service firewalld start >/dev/null 2>&1 +fi +# Add firewalld rules to open 8000 and 8001 port +firewall-cmd --reload >/dev/null 2>&1 +firewall-cmd --add-service kimchid >/dev/null 2>&1 +%else +# Add default iptable rules to open 8000 and 8001 port +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save >/dev/null 2>&1 +%endif + %preun + if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable kimchid.service > /dev/null 2>&1 || : /bin/systemctl stop kimchid.service > /dev/null 2>&1 || : + %if 0%{?with_systemd} + firewall-cmd --remove-service kimchid >/dev/null 2>&1 || : + %else + iptables -D INPUT -p tcp --dport 8000 -j ACCEPT || : + iptables -D INPUT -p tcp --dport 8001 -j ACCEPT || : + %endif fi + exit 0
@@ -156,6 +181,7 @@ rm -rf $RPM_BUILD_ROOT
%if 0%{?with_systemd} %{_unitdir}/kimchid.service +%{_prefix}/lib/firewalld/services/kimchid.xml %endif %if 0%{?rhel} == 6 /etc/init/kimchid.conf diff --git a/src/Makefile.am b/src/Makefile.am index 7d29e28..7514870 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d
EXTRA_DIST = kimchid.in \ kimchi.conf.in \ + firewalld.xml \ $(NULL)
bin_SCRIPTS = kimchid diff --git a/src/firewalld.xml b/src/firewalld.xml new file mode 100644 index 0000000..7472e20 --- /dev/null +++ b/src/firewalld.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>kimchid</short> + <description>Kimchid is a daemon service for kimchi which is a HTML5 based management tool for KVM. It is designed to make it as easy as possible to get started with KVM and create your first guest.</description> + <port protocol="tcp" port="8000"/> + <port protocol="tcp" port="8001"/> +</service>
On 01/07/2014 05:52 AM, taget@linux.vnet.ibm.com wrote:
From: Eli Qiao <taget@linux.vnet.ibm.com>
Use firewalld to manager firewall rules on RHEL7, fedora and ubuntu.
Please, make sure to test the patch in all those distros. More comments below.
Add static rules in iptables to on RHEL6.
Signed-off-by: Eli Qiao <taget@linux.vnet.ibm.com> --- Makefile.am | 2 ++ contrib/DEBIAN/control.in | 1 + contrib/DEBIAN/postinst | 6 ++++++ contrib/DEBIAN/postrm | 2 ++ contrib/kimchi.spec.fedora.in | 26 ++++++++++++++++++++++++++ src/Makefile.am | 1 + src/firewalld.xml | 7 +++++++ 7 files changed, 45 insertions(+) create mode 100644 src/firewalld.xml
diff --git a/Makefile.am b/Makefile.am index 7ab1bd8..b2917eb 100644 --- a/Makefile.am +++ b/Makefile.am @@ -86,6 +86,8 @@ install-deb: install $(MKDIR_P) $(DESTDIR)/etc/init cp -R $(top_srcdir)/contrib/kimchid-upstart.conf.debian \ $(DESTDIR)/etc/init/kimchid.conf
+ cp -R $(top_srcdir)/src/firewalld.xml \ + /usr/lib/firewalld/services/kimchid.xml
Why did you change the previous script? That way you are installing kimchid.xml in the build system. It should be: # Create the dir first $(MKDIR_P) $(DESTDIR)/usr/lib/firewalld/services # copy it to the right location cp -R $(top_srcdir)/src/firewalld.xml $(DESTDIR)/usr/lib/firewalld/services/kimchid.xml
deb: contrib/make-deb.sh diff --git a/contrib/DEBIAN/control.in b/contrib/DEBIAN/control.in index eecfb27..bfbe83d 100644 --- a/contrib/DEBIAN/control.in +++ b/contrib/DEBIAN/control.in @@ -19,6 +19,7 @@ Depends: python-cherrypy3 (>= 3.2.0), sosreport, python-ipaddr, open-iscsi + firewalld
make[1]: Leaving directory `/home/alinefm/kimchi' dpkg-deb: error: parsing file '/tmp/tmp.V1vHEVEY9P/DEBIAN/control' near line 22 package 'kimchi': `Depends' field, syntax error after reference to package `open-iscsi' There is missing a comma after 'open-iscsi'
Build-Depends: Maintainer: Aline Manera <alinefm@br.ibm.com> Description: Kimchi web server diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst index c1fc22e..2726753 100755 --- a/contrib/DEBIAN/postinst +++ b/contrib/DEBIAN/postinst @@ -19,3 +19,9 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
service kimchid start +service firewalld status | grep "not running" >/dev/null 2>&1 +if [[ $? -eq 0 ]]; then + service firewalld start >/dev/null 2>&1 +fi +firewall-cmd --reload >/dev/null 2>&1 +firewall-cmd --add-service kimchid >/dev/null 2>&1 diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm index ef90b49..22db3ce 100755 --- a/contrib/DEBIAN/postrm +++ b/contrib/DEBIAN/postrm @@ -26,3 +26,5 @@ case "$1" in rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/ ;; esac + +firewall-cmd --remove-service kimchid >/dev/null 2>&1 diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in index 75435b3..a8e4e4d 100644 --- a/contrib/kimchi.spec.fedora.in +++ b/contrib/kimchi.spec.fedora.in @@ -35,6 +35,7 @@ BuildRequires: python-unittest2
%if 0%{?with_systemd} Requires: systemd +Requires: firewalld Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -64,6 +65,7 @@ make DESTDIR=%{buildroot} install %if 0%{?with_systemd} # Install the systemd scripts install -Dm 0644 contrib/kimchid.service.fedora %{buildroot}%{_unitdir}/kimchid.service +install -Dm 0640 src/firewalld.xml %{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml %endif
%if 0%{?rhel} == 6 @@ -88,12 +90,35 @@ start kimchid service kimchid start %endif
+%if 0%{?with_systemd} +service firewalld status | grep "active (running)" >/dev/null 2>&1 +if [[ $? -ne 0 ]]; then + service firewalld start >/dev/null 2>&1 +fi +# Add firewalld rules to open 8000 and 8001 port +firewall-cmd --reload >/dev/null 2>&1 +firewall-cmd --add-service kimchid >/dev/null 2>&1 +%else +# Add default iptable rules to open 8000 and 8001 port +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save >/dev/null 2>&1 +%endif + %preun + if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable kimchid.service > /dev/null 2>&1 || : /bin/systemctl stop kimchid.service > /dev/null 2>&1 || : + %if 0%{?with_systemd} + firewall-cmd --remove-service kimchid >/dev/null 2>&1 || : + %else + iptables -D INPUT -p tcp --dport 8000 -j ACCEPT || : + iptables -D INPUT -p tcp --dport 8001 -j ACCEPT || : + %endif fi + exit 0
@@ -156,6 +181,7 @@ rm -rf $RPM_BUILD_ROOT
%if 0%{?with_systemd} %{_unitdir}/kimchid.service +%{_prefix}/lib/firewalld/services/kimchid.xml %endif %if 0%{?rhel} == 6 /etc/init/kimchid.conf diff --git a/src/Makefile.am b/src/Makefile.am index 7d29e28..7514870 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d
EXTRA_DIST = kimchid.in \ kimchi.conf.in \ + firewalld.xml \ $(NULL)
bin_SCRIPTS = kimchid diff --git a/src/firewalld.xml b/src/firewalld.xml new file mode 100644 index 0000000..7472e20 --- /dev/null +++ b/src/firewalld.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>kimchid</short> + <description>Kimchid is a daemon service for kimchi which is a HTML5 based management tool for KVM. It is designed to make it as easy as possible to get started with KVM and create your first guest.</description> + <port protocol="tcp" port="8000"/> + <port protocol="tcp" port="8001"/> +</service>
On 01/07/2014 03:16 PM, Aline Manera wrote:
On 01/07/2014 05:52 AM, taget@linux.vnet.ibm.com wrote:
From: Eli Qiao <taget@linux.vnet.ibm.com>
Use firewalld to manager firewall rules on RHEL7, fedora and ubuntu.
Please, make sure to test the patch in all those distros.
More comments below.
Add static rules in iptables to on RHEL6.
Signed-off-by: Eli Qiao <taget@linux.vnet.ibm.com> --- Makefile.am | 2 ++ contrib/DEBIAN/control.in | 1 + contrib/DEBIAN/postinst | 6 ++++++ contrib/DEBIAN/postrm | 2 ++ contrib/kimchi.spec.fedora.in | 26 ++++++++++++++++++++++++++ src/Makefile.am | 1 + src/firewalld.xml | 7 +++++++ 7 files changed, 45 insertions(+) create mode 100644 src/firewalld.xml
diff --git a/Makefile.am b/Makefile.am index 7ab1bd8..b2917eb 100644 --- a/Makefile.am +++ b/Makefile.am @@ -86,6 +86,8 @@ install-deb: install $(MKDIR_P) $(DESTDIR)/etc/init cp -R $(top_srcdir)/contrib/kimchid-upstart.conf.debian \ $(DESTDIR)/etc/init/kimchid.conf
+ cp -R $(top_srcdir)/src/firewalld.xml \ + /usr/lib/firewalld/services/kimchid.xml
Why did you change the previous script? That way you are installing kimchid.xml in the build system.
It should be:
# Create the dir first $(MKDIR_P) $(DESTDIR)/usr/lib/firewalld/services
# copy it to the right location cp -R $(top_srcdir)/src/firewalld.xml $(DESTDIR)/usr/lib/firewalld/services/kimchid.xml
deb: contrib/make-deb.sh diff --git a/contrib/DEBIAN/control.in b/contrib/DEBIAN/control.in index eecfb27..bfbe83d 100644 --- a/contrib/DEBIAN/control.in +++ b/contrib/DEBIAN/control.in @@ -19,6 +19,7 @@ Depends: python-cherrypy3 (>= 3.2.0), sosreport, python-ipaddr, open-iscsi + firewalld
make[1]: Leaving directory `/home/alinefm/kimchi' dpkg-deb: error: parsing file '/tmp/tmp.V1vHEVEY9P/DEBIAN/control' near line 22 package 'kimchi': `Depends' field, syntax error after reference to package `open-iscsi'
There is missing a comma after 'open-iscsi'
Build-Depends: Maintainer: Aline Manera <alinefm@br.ibm.com> Description: Kimchi web server diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst index c1fc22e..2726753 100755 --- a/contrib/DEBIAN/postinst +++ b/contrib/DEBIAN/postinst @@ -19,3 +19,9 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
service kimchid start
+service firewalld status | grep "not running" >/dev/null 2>&1 +if [[ $? -eq 0 ]]; then + service firewalld start >/dev/null 2>&1 +fi +firewall-cmd --reload >/dev/null 2>&1 +firewall-cmd --add-service kimchid >/dev/null 2>&1
alinefm@alinefm-virtual-machine:~/kimchi$ sudo dpkg -i kimchi-1.1.0-57.git2163670.noarch.deb Selecting previously unselected package kimchi. (Reading database ... 171601 files and directories currently installed.) Unpacking kimchi (from kimchi-1.1.0-57.git2163670.noarch.deb) ... Setting up kimchi (1.1.0) ... + service kimchid start kimchid start/running, process 8553 + grep not running + service firewalld status *dpkg: error processing kimchi (--install):** ** subprocess installed post-installation script returned error exit status 1** **Processing triggers for ureadahead ...** **Errors were encountered while processing:** ** kimchi* alinefm@alinefm-virtual-machine:~/kimchi$ sudo service firewalld status | grep "not running" >/dev/null 2>&1 alinefm@alinefm-virtual-machine:~/kimchi$ echo $? 1 It is because firewalld service is running, so the command above return error code.
diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm index ef90b49..22db3ce 100755 --- a/contrib/DEBIAN/postrm +++ b/contrib/DEBIAN/postrm @@ -26,3 +26,5 @@ case "$1" in rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/ ;; esac + +firewall-cmd --remove-service kimchid >/dev/null 2>&1 diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in index 75435b3..a8e4e4d 100644 --- a/contrib/kimchi.spec.fedora.in +++ b/contrib/kimchi.spec.fedora.in @@ -35,6 +35,7 @@ BuildRequires: python-unittest2
%if 0%{?with_systemd} Requires: systemd +Requires: firewalld Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -64,6 +65,7 @@ make DESTDIR=%{buildroot} install %if 0%{?with_systemd} # Install the systemd scripts install -Dm 0644 contrib/kimchid.service.fedora %{buildroot}%{_unitdir}/kimchid.service +install -Dm 0640 src/firewalld.xml %{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml %endif
%if 0%{?rhel} == 6 @@ -88,12 +90,35 @@ start kimchid service kimchid start %endif
+%if 0%{?with_systemd} +service firewalld status | grep "active (running)" >/dev/null 2>&1 +if [[ $? -ne 0 ]]; then + service firewalld start >/dev/null 2>&1 +fi +# Add firewalld rules to open 8000 and 8001 port +firewall-cmd --reload >/dev/null 2>&1 +firewall-cmd --add-service kimchid >/dev/null 2>&1 +%else +# Add default iptable rules to open 8000 and 8001 port +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save >/dev/null 2>&1 +%endif + %preun + if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable kimchid.service > /dev/null 2>&1 || : /bin/systemctl stop kimchid.service > /dev/null 2>&1 || : + %if 0%{?with_systemd} + firewall-cmd --remove-service kimchid >/dev/null 2>&1 || : + %else + iptables -D INPUT -p tcp --dport 8000 -j ACCEPT || : + iptables -D INPUT -p tcp --dport 8001 -j ACCEPT || : + %endif fi + exit 0
@@ -156,6 +181,7 @@ rm -rf $RPM_BUILD_ROOT
%if 0%{?with_systemd} %{_unitdir}/kimchid.service +%{_prefix}/lib/firewalld/services/kimchid.xml %endif %if 0%{?rhel} == 6 /etc/init/kimchid.conf diff --git a/src/Makefile.am b/src/Makefile.am index 7d29e28..7514870 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d
EXTRA_DIST = kimchid.in \ kimchi.conf.in \ + firewalld.xml \ $(NULL)
bin_SCRIPTS = kimchid diff --git a/src/firewalld.xml b/src/firewalld.xml new file mode 100644 index 0000000..7472e20 --- /dev/null +++ b/src/firewalld.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>kimchid</short> + <description>Kimchid is a daemon service for kimchi which is a HTML5 based management tool for KVM. It is designed to make it as easy as possible to get started with KVM and create your first guest.</description> + <port protocol="tcp" port="8000"/> + <port protocol="tcp" port="8001"/> +</service>
_______________________________________________ Kimchi-devel mailing list Kimchi-devel@ovirt.org http://lists.ovirt.org/mailman/listinfo/kimchi-devel
? 2014/1/8 1:27, Aline Manera ??:
alinefm@alinefm-virtual-machine:~/kimchi$ sudo dpkg -i kimchi-1.1.0-57.git2163670.noarch.deb Selecting previously unselected package kimchi. (Reading database ... 171601 files and directories currently installed.) Unpacking kimchi (from kimchi-1.1.0-57.git2163670.noarch.deb) ... Setting up kimchi (1.1.0) ... + service kimchid start kimchid start/running, process 8553 + grep not running + service firewalld status *dpkg: error processing kimchi (--install):** ** subprocess installed post-installation script returned error exit status 1** **Processing triggers for ureadahead ...** **Errors were encountered while processing:** ** kimchi*
alinefm@alinefm-virtual-machine:~/kimchi$ sudo service firewalld status | grep "not running" >/dev/null 2>&1 alinefm@alinefm-virtual-machine:~/kimchi$ echo $? 1
It is because firewalld service is running, so the command above return error code. hmm. if grep return error code cause installation failed, then how can I check if firewalld service running or not ? could you help to provide a solution?
-- Thanks Eli Qiao(qiaoly@cn.ibm.com)
于 2014/1/8 1:16, Aline Manera 写道:
On 01/07/2014 05:52 AM, taget@linux.vnet.ibm.com wrote:
From: Eli Qiao <taget@linux.vnet.ibm.com>
Use firewalld to manager firewall rules on RHEL7, fedora and ubuntu.
Please, make sure to test the patch in all those distros.
More comments below.
Add static rules in iptables to on RHEL6.
Signed-off-by: Eli Qiao <taget@linux.vnet.ibm.com> --- Makefile.am | 2 ++ contrib/DEBIAN/control.in | 1 + contrib/DEBIAN/postinst | 6 ++++++ contrib/DEBIAN/postrm | 2 ++ contrib/kimchi.spec.fedora.in | 26 ++++++++++++++++++++++++++ src/Makefile.am | 1 + src/firewalld.xml | 7 +++++++ 7 files changed, 45 insertions(+) create mode 100644 src/firewalld.xml
diff --git a/Makefile.am b/Makefile.am index 7ab1bd8..b2917eb 100644 --- a/Makefile.am +++ b/Makefile.am @@ -86,6 +86,8 @@ install-deb: install $(MKDIR_P) $(DESTDIR)/etc/init cp -R $(top_srcdir)/contrib/kimchid-upstart.conf.debian \ $(DESTDIR)/etc/init/kimchid.conf
+ cp -R $(top_srcdir)/src/firewalld.xml \ + /usr/lib/firewalld/services/kimchid.xml
Why did you change the previous script? That way you are installing kimchid.xml in the build system.
It should be:
# Create the dir first $(MKDIR_P) $(DESTDIR)/usr/lib/firewalld/services
# copy it to the right location cp -R $(top_srcdir)/src/firewalld.xml $(DESTDIR)/usr/lib/firewalld/services/kimchid.xml
firewalld is always installed in /usr/lib/firewalld/services, so if user specify the DESTDIR when configure the kimchi, kimchid.xml won't instlled to right place, so I use the full pach of /usr/lib/firewalld/services instead of $(DESTDIR)/usr/lib/firewalld/services
deb: contrib/make-deb.sh diff --git a/contrib/DEBIAN/control.in b/contrib/DEBIAN/control.in index eecfb27..bfbe83d 100644 --- a/contrib/DEBIAN/control.in +++ b/contrib/DEBIAN/control.in @@ -19,6 +19,7 @@ Depends: python-cherrypy3 (>= 3.2.0), sosreport, python-ipaddr, open-iscsi + firewalld
make[1]: Leaving directory `/home/alinefm/kimchi' dpkg-deb: error: parsing file '/tmp/tmp.V1vHEVEY9P/DEBIAN/control' near line 22 package 'kimchi': `Depends' field, syntax error after reference to package `open-iscsi'
There is missing a comma after 'open-iscsi'
sorry for miss it when I rebase the code after zheng zheng adding open-iscsi
Build-Depends: Maintainer: Aline Manera <alinefm@br.ibm.com> Description: Kimchi web server diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst index c1fc22e..2726753 100755 --- a/contrib/DEBIAN/postinst +++ b/contrib/DEBIAN/postinst @@ -19,3 +19,9 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
service kimchid start +service firewalld status | grep "not running" >/dev/null 2>&1 +if [[ $? -eq 0 ]]; then + service firewalld start >/dev/null 2>&1 +fi +firewall-cmd --reload >/dev/null 2>&1 +firewall-cmd --add-service kimchid >/dev/null 2>&1 diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm index ef90b49..22db3ce 100755 --- a/contrib/DEBIAN/postrm +++ b/contrib/DEBIAN/postrm @@ -26,3 +26,5 @@ case "$1" in rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/ ;; esac + +firewall-cmd --remove-service kimchid >/dev/null 2>&1 diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in index 75435b3..a8e4e4d 100644 --- a/contrib/kimchi.spec.fedora.in +++ b/contrib/kimchi.spec.fedora.in @@ -35,6 +35,7 @@ BuildRequires: python-unittest2
%if 0%{?with_systemd} Requires: systemd +Requires: firewalld Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -64,6 +65,7 @@ make DESTDIR=%{buildroot} install %if 0%{?with_systemd} # Install the systemd scripts install -Dm 0644 contrib/kimchid.service.fedora %{buildroot}%{_unitdir}/kimchid.service +install -Dm 0640 src/firewalld.xml %{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml %endif
%if 0%{?rhel} == 6 @@ -88,12 +90,35 @@ start kimchid service kimchid start %endif
+%if 0%{?with_systemd} +service firewalld status | grep "active (running)" >/dev/null 2>&1 +if [[ $? -ne 0 ]]; then + service firewalld start >/dev/null 2>&1 +fi +# Add firewalld rules to open 8000 and 8001 port +firewall-cmd --reload >/dev/null 2>&1 +firewall-cmd --add-service kimchid >/dev/null 2>&1 +%else +# Add default iptable rules to open 8000 and 8001 port +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save >/dev/null 2>&1 +%endif + %preun + if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable kimchid.service > /dev/null 2>&1 || : /bin/systemctl stop kimchid.service > /dev/null 2>&1 || : + %if 0%{?with_systemd} + firewall-cmd --remove-service kimchid >/dev/null 2>&1 || : + %else + iptables -D INPUT -p tcp --dport 8000 -j ACCEPT || : + iptables -D INPUT -p tcp --dport 8001 -j ACCEPT || : + %endif fi + exit 0
@@ -156,6 +181,7 @@ rm -rf $RPM_BUILD_ROOT
%if 0%{?with_systemd} %{_unitdir}/kimchid.service +%{_prefix}/lib/firewalld/services/kimchid.xml %endif %if 0%{?rhel} == 6 /etc/init/kimchid.conf diff --git a/src/Makefile.am b/src/Makefile.am index 7d29e28..7514870 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d
EXTRA_DIST = kimchid.in \ kimchi.conf.in \ + firewalld.xml \ $(NULL)
bin_SCRIPTS = kimchid diff --git a/src/firewalld.xml b/src/firewalld.xml new file mode 100644 index 0000000..7472e20 --- /dev/null +++ b/src/firewalld.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>kimchid</short> + <description>Kimchid is a daemon service for kimchi which is a HTML5 based management tool for KVM. It is designed to make it as easy as possible to get started with KVM and create your first guest.</description> + <port protocol="tcp" port="8000"/> + <port protocol="tcp" port="8001"/> +</service>
-- Thanks Eli Qiao(qiaoly@cn.ibm.com)
On 01/08/2014 01:25 AM, Eli Qiao(Li Yong Qiao) wrote:
于 2014/1/8 1:16, Aline Manera 写道:
On 01/07/2014 05:52 AM, taget@linux.vnet.ibm.com wrote:
From: Eli Qiao <taget@linux.vnet.ibm.com>
Use firewalld to manager firewall rules on RHEL7, fedora and ubuntu.
Please, make sure to test the patch in all those distros.
More comments below.
Add static rules in iptables to on RHEL6.
Signed-off-by: Eli Qiao <taget@linux.vnet.ibm.com> --- Makefile.am | 2 ++ contrib/DEBIAN/control.in | 1 + contrib/DEBIAN/postinst | 6 ++++++ contrib/DEBIAN/postrm | 2 ++ contrib/kimchi.spec.fedora.in | 26 ++++++++++++++++++++++++++ src/Makefile.am | 1 + src/firewalld.xml | 7 +++++++ 7 files changed, 45 insertions(+) create mode 100644 src/firewalld.xml
diff --git a/Makefile.am b/Makefile.am index 7ab1bd8..b2917eb 100644 --- a/Makefile.am +++ b/Makefile.am @@ -86,6 +86,8 @@ install-deb: install $(MKDIR_P) $(DESTDIR)/etc/init cp -R $(top_srcdir)/contrib/kimchid-upstart.conf.debian \ $(DESTDIR)/etc/init/kimchid.conf
+ cp -R $(top_srcdir)/src/firewalld.xml \ + /usr/lib/firewalld/services/kimchid.xml
Why did you change the previous script? That way you are installing kimchid.xml in the build system.
It should be:
# Create the dir first $(MKDIR_P) $(DESTDIR)/usr/lib/firewalld/services
# copy it to the right location cp -R $(top_srcdir)/src/firewalld.xml $(DESTDIR)/usr/lib/firewalld/services/kimchid.xml
firewalld is always installed in /usr/lib/firewalld/services, so if user specify the DESTDIR when configure the kimchi, kimchid.xml won't instlled to right place, so I use the full pach of /usr/lib/firewalld/services instead of $(DESTDIR)/usr/lib/firewalld/services
You are building a package. So you need to put /usr/lib/firewalld/services/kimchid.xml inside the package instead of install it in the build server. $(DESTDIR) is a temp directory which contains all files that will be packaged. Because that you need to copy all files to there or your package won't have all files needed to create the package. Try the following test with this patch: 1) create a deb package sudo make deb 2) list the files in the created package dpkg --contents <deb-package> | grep kimchid You will notice the /usr/lib/firewalld/services/kimchid.xml wasn't packaged
deb: contrib/make-deb.sh diff --git a/contrib/DEBIAN/control.in b/contrib/DEBIAN/control.in index eecfb27..bfbe83d 100644 --- a/contrib/DEBIAN/control.in +++ b/contrib/DEBIAN/control.in @@ -19,6 +19,7 @@ Depends: python-cherrypy3 (>= 3.2.0), sosreport, python-ipaddr, open-iscsi + firewalld
make[1]: Leaving directory `/home/alinefm/kimchi' dpkg-deb: error: parsing file '/tmp/tmp.V1vHEVEY9P/DEBIAN/control' near line 22 package 'kimchi': `Depends' field, syntax error after reference to package `open-iscsi'
There is missing a comma after 'open-iscsi'
sorry for miss it when I rebase the code after zheng zheng adding open-iscsi
Build-Depends: Maintainer: Aline Manera <alinefm@br.ibm.com> Description: Kimchi web server diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst index c1fc22e..2726753 100755 --- a/contrib/DEBIAN/postinst +++ b/contrib/DEBIAN/postinst @@ -19,3 +19,9 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
service kimchid start +service firewalld status | grep "not running" >/dev/null 2>&1 +if [[ $? -eq 0 ]]; then + service firewalld start >/dev/null 2>&1 +fi +firewall-cmd --reload >/dev/null 2>&1 +firewall-cmd --add-service kimchid >/dev/null 2>&1 diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm index ef90b49..22db3ce 100755 --- a/contrib/DEBIAN/postrm +++ b/contrib/DEBIAN/postrm @@ -26,3 +26,5 @@ case "$1" in rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/ ;; esac + +firewall-cmd --remove-service kimchid >/dev/null 2>&1 diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in index 75435b3..a8e4e4d 100644 --- a/contrib/kimchi.spec.fedora.in +++ b/contrib/kimchi.spec.fedora.in @@ -35,6 +35,7 @@ BuildRequires: python-unittest2
%if 0%{?with_systemd} Requires: systemd +Requires: firewalld Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -64,6 +65,7 @@ make DESTDIR=%{buildroot} install %if 0%{?with_systemd} # Install the systemd scripts install -Dm 0644 contrib/kimchid.service.fedora %{buildroot}%{_unitdir}/kimchid.service +install -Dm 0640 src/firewalld.xml %{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml %endif
%if 0%{?rhel} == 6 @@ -88,12 +90,35 @@ start kimchid service kimchid start %endif
+%if 0%{?with_systemd} +service firewalld status | grep "active (running)" >/dev/null 2>&1 +if [[ $? -ne 0 ]]; then + service firewalld start >/dev/null 2>&1 +fi +# Add firewalld rules to open 8000 and 8001 port +firewall-cmd --reload >/dev/null 2>&1 +firewall-cmd --add-service kimchid >/dev/null 2>&1 +%else +# Add default iptable rules to open 8000 and 8001 port +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save >/dev/null 2>&1 +%endif + %preun + if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable kimchid.service > /dev/null 2>&1 || : /bin/systemctl stop kimchid.service > /dev/null 2>&1 || : + %if 0%{?with_systemd} + firewall-cmd --remove-service kimchid >/dev/null 2>&1 || : + %else + iptables -D INPUT -p tcp --dport 8000 -j ACCEPT || : + iptables -D INPUT -p tcp --dport 8001 -j ACCEPT || : + %endif fi + exit 0
@@ -156,6 +181,7 @@ rm -rf $RPM_BUILD_ROOT
%if 0%{?with_systemd} %{_unitdir}/kimchid.service +%{_prefix}/lib/firewalld/services/kimchid.xml %endif %if 0%{?rhel} == 6 /etc/init/kimchid.conf diff --git a/src/Makefile.am b/src/Makefile.am index 7d29e28..7514870 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d
EXTRA_DIST = kimchid.in \ kimchi.conf.in \ + firewalld.xml \ $(NULL)
bin_SCRIPTS = kimchid diff --git a/src/firewalld.xml b/src/firewalld.xml new file mode 100644 index 0000000..7472e20 --- /dev/null +++ b/src/firewalld.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>kimchid</short> + <description>Kimchid is a daemon service for kimchi which is a HTML5 based management tool for KVM. It is designed to make it as easy as possible to get started with KVM and create your first guest.</description> + <port protocol="tcp" port="8000"/> + <port protocol="tcp" port="8001"/> +</service>
participants (4)
-
Aline Manera -
Eli Qiao(Li Yong Qiao) -
Shu Ming -
taget@linux.vnet.ibm.com