[PATCH V9 0/1] Open 8000 and 8001 port by default for distro packages

From: Eli Qiao <taget@linux.vnet.ibm.com> I tested on Fedora and Ubuntu system. V9 -V8 changes: 1. Fix rebase error. 2. Revert 2 in V8 3. Add set +e when checking firewalld service to avoid bad return status. V8 -V7 changes: 1. Rebase to latest code.(DEBIAN/control.in) 2. Install kimchid.xml to system dir (shu ming) 3. Remove changes for open suse.(Aline) V7 -V6 changes: 1. Remove firewalld message when install kimchi rpm on fedora/RHEL 2. Start firewalld service if not start 3. Ship kimchid.xml to ubuntu distro in Makefile.am V6 -V5 changes: 1.Keep specific condition for RHEL6 when starting kimchid service 2.Remove full path of firewall-cmd in postrm V5 - V4 changes: 1. Add cover-letter. (Aline) 2. Move clean up rules into if condition. (Aline) 3. Use with_systemd condition to check if use firewalld rules. (Aline) 4. Fix typo (Aline) V4 - V3 changes: 1 Fix typo in firewalld.xml (Rodrigo) V3 - V2 changes: 1.Rename kimchid.xml to firewalld.xml (Mark) 2.Remove firewalld from serivce require (Mark) 3.Fix typo V2 - V1 changes: 1.Add firewalld sevice configure file kimchid.xml to help open iptables port (Mark) 2.Add Ubuntu iptables rule (Royce) Eli Qiao (1): spec: Open 8000 and 8001 port by default Makefile.am | 2 ++ contrib/DEBIAN/control.in | 1 + contrib/DEBIAN/postinst | 6 ++++++ contrib/DEBIAN/postrm | 2 ++ contrib/kimchi.spec.fedora.in | 26 ++++++++++++++++++++++++++ src/Makefile.am | 1 + src/firewalld.xml | 7 +++++++ 7 files changed, 45 insertions(+) create mode 100644 src/firewalld.xml -- 1.8.3.1

From: Eli Qiao <taget@linux.vnet.ibm.com> Use firewalld to manager firewall rules on RHEL7, fedora and ubuntu. Add static rules in iptables to on RHEL6. Signed-off-by: Eli Qiao <taget@linux.vnet.ibm.com> --- Makefile.am | 3 +++ contrib/DEBIAN/control.in | 3 ++- contrib/DEBIAN/postinst | 8 ++++++++ contrib/DEBIAN/postrm | 7 +++++++ contrib/kimchi.spec.fedora.in | 26 ++++++++++++++++++++++++++ src/Makefile.am | 1 + src/firewalld.xml | 7 +++++++ 7 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 src/firewalld.xml diff --git a/Makefile.am b/Makefile.am index 04ad696..13cbe13 100644 --- a/Makefile.am +++ b/Makefile.am @@ -85,8 +85,11 @@ all-local: install-deb: install cp -R $(top_srcdir)/contrib/DEBIAN $(DESTDIR)/ $(MKDIR_P) $(DESTDIR)/etc/init + $(MKDIR_P) $(DESTDIR)/usr/lib/firewalld/services cp -R $(top_srcdir)/contrib/kimchid-upstart.conf.debian \ $(DESTDIR)/etc/init/kimchid.conf + cp -R $(top_srcdir)/src/firewalld.xml \ + $(DESTDIR)/usr/lib/firewalld/services/kimchid.xml deb: contrib/make-deb.sh diff --git a/contrib/DEBIAN/control.in b/contrib/DEBIAN/control.in index eecfb27..64ac2f4 100644 --- a/contrib/DEBIAN/control.in +++ b/contrib/DEBIAN/control.in @@ -18,7 +18,8 @@ Depends: python-cherrypy3 (>= 3.2.0), python-ethtool, sosreport, python-ipaddr, - open-iscsi + open-iscsi, + firewalld Build-Depends: Maintainer: Aline Manera <alinefm@br.ibm.com> Description: Kimchi web server diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst index c1fc22e..5f7e2ff 100755 --- a/contrib/DEBIAN/postinst +++ b/contrib/DEBIAN/postinst @@ -19,3 +19,11 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA service kimchid start +set +e +service firewalld status >/dev/null 2>&1 +if [ $? -ne 0 ]; then + service firewalld start >/dev/null 2>&1 +fi +firewall-cmd --reload >/dev/null 2>&1 +firewall-cmd --add-service kimchid >/dev/null 2>&1 +set -e diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm index ef90b49..9f1d895 100755 --- a/contrib/DEBIAN/postrm +++ b/contrib/DEBIAN/postrm @@ -26,3 +26,10 @@ case "$1" in rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/ ;; esac + +set +e +service firewalld status >/dev/null 2>&1 +if [ $? -eq 0 ]; then + firewall-cmd --remove-service kimchid >/dev/null 2>&1 +fi +set -e diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in index 75435b3..24485bd 100644 --- a/contrib/kimchi.spec.fedora.in +++ b/contrib/kimchi.spec.fedora.in @@ -35,6 +35,7 @@ BuildRequires: python-unittest2 %if 0%{?with_systemd} Requires: systemd +Requires: firewalld Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -64,6 +65,7 @@ make DESTDIR=%{buildroot} install %if 0%{?with_systemd} # Install the systemd scripts install -Dm 0644 contrib/kimchid.service.fedora %{buildroot}%{_unitdir}/kimchid.service +install -Dm 0640 src/firewalld.xml %{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml %endif %if 0%{?rhel} == 6 @@ -88,12 +90,35 @@ start kimchid service kimchid start %endif +%if 0%{?with_systemd} +service firewalld status >/dev/null 2>&1 +if [ $? -ne 0 ]; then + service firewalld start >/dev/null 2>&1 +fi +# Add firewalld rules to open 8000 and 8001 port +firewall-cmd --reload >/dev/null 2>&1 +firewall-cmd --add-service kimchid >/dev/null 2>&1 +%else +# Add default iptable rules to open 8000 and 8001 port +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save >/dev/null 2>&1 +%endif + %preun + if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable kimchid.service > /dev/null 2>&1 || : /bin/systemctl stop kimchid.service > /dev/null 2>&1 || : + %if 0%{?with_systemd} + firewall-cmd --remove-service kimchid >/dev/null 2>&1 || : + %else + iptables -D INPUT -p tcp --dport 8000 -j ACCEPT || : + iptables -D INPUT -p tcp --dport 8001 -j ACCEPT || : + %endif fi + exit 0 @@ -156,6 +181,7 @@ rm -rf $RPM_BUILD_ROOT %if 0%{?with_systemd} %{_unitdir}/kimchid.service +%{_prefix}/lib/firewalld/services/kimchid.xml %endif %if 0%{?rhel} == 6 /etc/init/kimchid.conf diff --git a/src/Makefile.am b/src/Makefile.am index 7d29e28..7514870 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d EXTRA_DIST = kimchid.in \ kimchi.conf.in \ + firewalld.xml \ $(NULL) bin_SCRIPTS = kimchid diff --git a/src/firewalld.xml b/src/firewalld.xml new file mode 100644 index 0000000..7472e20 --- /dev/null +++ b/src/firewalld.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>kimchid</short> + <description>Kimchid is a daemon service for kimchi which is a HTML5 based management tool for KVM. It is designed to make it as easy as possible to get started with KVM and create your first guest.</description> + <port protocol="tcp" port="8000"/> + <port protocol="tcp" port="8001"/> +</service> -- 1.8.3.1

ping Aline.
From: Eli Qiao <taget@linux.vnet.ibm.com>
Use firewalld to manager firewall rules on RHEL7, fedora and ubuntu. Add static rules in iptables to on RHEL6.
Signed-off-by: Eli Qiao <taget@linux.vnet.ibm.com> --- Makefile.am | 3 +++ contrib/DEBIAN/control.in | 3 ++- contrib/DEBIAN/postinst | 8 ++++++++ contrib/DEBIAN/postrm | 7 +++++++ contrib/kimchi.spec.fedora.in | 26 ++++++++++++++++++++++++++ src/Makefile.am | 1 + src/firewalld.xml | 7 +++++++ 7 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 src/firewalld.xml
diff --git a/Makefile.am b/Makefile.am index 04ad696..13cbe13 100644 --- a/Makefile.am +++ b/Makefile.am @@ -85,8 +85,11 @@ all-local: install-deb: install cp -R $(top_srcdir)/contrib/DEBIAN $(DESTDIR)/ $(MKDIR_P) $(DESTDIR)/etc/init + $(MKDIR_P) $(DESTDIR)/usr/lib/firewalld/services cp -R $(top_srcdir)/contrib/kimchid-upstart.conf.debian \ $(DESTDIR)/etc/init/kimchid.conf + cp -R $(top_srcdir)/src/firewalld.xml \ + $(DESTDIR)/usr/lib/firewalld/services/kimchid.xml
deb: contrib/make-deb.sh diff --git a/contrib/DEBIAN/control.in b/contrib/DEBIAN/control.in index eecfb27..64ac2f4 100644 --- a/contrib/DEBIAN/control.in +++ b/contrib/DEBIAN/control.in @@ -18,7 +18,8 @@ Depends: python-cherrypy3 (>= 3.2.0), python-ethtool, sosreport, python-ipaddr, - open-iscsi + open-iscsi, + firewalld Build-Depends: Maintainer: Aline Manera <alinefm@br.ibm.com> Description: Kimchi web server diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst index c1fc22e..5f7e2ff 100755 --- a/contrib/DEBIAN/postinst +++ b/contrib/DEBIAN/postinst @@ -19,3 +19,11 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
service kimchid start +set +e +service firewalld status >/dev/null 2>&1 +if [ $? -ne 0 ]; then + service firewalld start >/dev/null 2>&1 +fi +firewall-cmd --reload >/dev/null 2>&1 +firewall-cmd --add-service kimchid >/dev/null 2>&1 +set -e diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm index ef90b49..9f1d895 100755 --- a/contrib/DEBIAN/postrm +++ b/contrib/DEBIAN/postrm @@ -26,3 +26,10 @@ case "$1" in rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/ ;; esac + +set +e +service firewalld status >/dev/null 2>&1 +if [ $? -eq 0 ]; then + firewall-cmd --remove-service kimchid >/dev/null 2>&1 +fi +set -e diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in index 75435b3..24485bd 100644 --- a/contrib/kimchi.spec.fedora.in +++ b/contrib/kimchi.spec.fedora.in @@ -35,6 +35,7 @@ BuildRequires: python-unittest2
%if 0%{?with_systemd} Requires: systemd +Requires: firewalld Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -64,6 +65,7 @@ make DESTDIR=%{buildroot} install %if 0%{?with_systemd} # Install the systemd scripts install -Dm 0644 contrib/kimchid.service.fedora %{buildroot}%{_unitdir}/kimchid.service +install -Dm 0640 src/firewalld.xml %{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml %endif
%if 0%{?rhel} == 6 @@ -88,12 +90,35 @@ start kimchid service kimchid start %endif
+%if 0%{?with_systemd} +service firewalld status >/dev/null 2>&1 +if [ $? -ne 0 ]; then + service firewalld start >/dev/null 2>&1 +fi +# Add firewalld rules to open 8000 and 8001 port +firewall-cmd --reload >/dev/null 2>&1 +firewall-cmd --add-service kimchid >/dev/null 2>&1 +%else +# Add default iptable rules to open 8000 and 8001 port +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save >/dev/null 2>&1 +%endif + %preun + if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable kimchid.service > /dev/null 2>&1 || : /bin/systemctl stop kimchid.service > /dev/null 2>&1 || : + %if 0%{?with_systemd} + firewall-cmd --remove-service kimchid >/dev/null 2>&1 || : + %else + iptables -D INPUT -p tcp --dport 8000 -j ACCEPT || : + iptables -D INPUT -p tcp --dport 8001 -j ACCEPT || : + %endif fi + exit 0
@@ -156,6 +181,7 @@ rm -rf $RPM_BUILD_ROOT
%if 0%{?with_systemd} %{_unitdir}/kimchid.service +%{_prefix}/lib/firewalld/services/kimchid.xml %endif %if 0%{?rhel} == 6 /etc/init/kimchid.conf diff --git a/src/Makefile.am b/src/Makefile.am index 7d29e28..7514870 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d
EXTRA_DIST = kimchid.in \ kimchi.conf.in \ + firewalld.xml \ $(NULL)
bin_SCRIPTS = kimchid diff --git a/src/firewalld.xml b/src/firewalld.xml new file mode 100644 index 0000000..7472e20 --- /dev/null +++ b/src/firewalld.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>kimchid</short> + <description>Kimchid is a daemon service for kimchi which is a HTML5 based management tool for KVM. It is designed to make it as easy as possible to get started with KVM and create your first guest.</description> + <port protocol="tcp" port="8000"/> + <port protocol="tcp" port="8001"/> +</service>
-- Thanks Eli (Li Yong) Qiao (qiaoly@cn.ibm.com) CSTL-KVM Frobisher/RHEV-H

On 01/09/2014 03:27 AM, taget@linux.vnet.ibm.com wrote:
From: Eli Qiao <taget@linux.vnet.ibm.com>
Use firewalld to manager firewall rules on RHEL7, fedora and ubuntu. Add static rules in iptables to on RHEL6.
Signed-off-by: Eli Qiao <taget@linux.vnet.ibm.com> --- Makefile.am | 3 +++ contrib/DEBIAN/control.in | 3 ++- contrib/DEBIAN/postinst | 8 ++++++++ contrib/DEBIAN/postrm | 7 +++++++ contrib/kimchi.spec.fedora.in | 26 ++++++++++++++++++++++++++ src/Makefile.am | 1 + src/firewalld.xml | 7 +++++++ 7 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 src/firewalld.xml
diff --git a/Makefile.am b/Makefile.am index 04ad696..13cbe13 100644 --- a/Makefile.am +++ b/Makefile.am @@ -85,8 +85,11 @@ all-local: install-deb: install cp -R $(top_srcdir)/contrib/DEBIAN $(DESTDIR)/ $(MKDIR_P) $(DESTDIR)/etc/init + $(MKDIR_P) $(DESTDIR)/usr/lib/firewalld/services cp -R $(top_srcdir)/contrib/kimchid-upstart.conf.debian \ $(DESTDIR)/etc/init/kimchid.conf + cp -R $(top_srcdir)/src/firewalld.xml \ + $(DESTDIR)/usr/lib/firewalld/services/kimchid.xml
deb: contrib/make-deb.sh diff --git a/contrib/DEBIAN/control.in b/contrib/DEBIAN/control.in index eecfb27..64ac2f4 100644 --- a/contrib/DEBIAN/control.in +++ b/contrib/DEBIAN/control.in @@ -18,7 +18,8 @@ Depends: python-cherrypy3 (>= 3.2.0), python-ethtool, sosreport, python-ipaddr, - open-iscsi + open-iscsi, + firewalld Build-Depends: Maintainer: Aline Manera <alinefm@br.ibm.com> Description: Kimchi web server diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst index c1fc22e..5f7e2ff 100755 --- a/contrib/DEBIAN/postinst +++ b/contrib/DEBIAN/postinst @@ -19,3 +19,11 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
service kimchid start +set +e +service firewalld status >/dev/null 2>&1 +if [ $? -ne 0 ]; then + service firewalld start >/dev/null 2>&1 +fi +firewall-cmd --reload >/dev/null 2>&1 +firewall-cmd --add-service kimchid >/dev/null 2>&1 +set -e diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm index ef90b49..9f1d895 100755 --- a/contrib/DEBIAN/postrm +++ b/contrib/DEBIAN/postrm @@ -26,3 +26,10 @@ case "$1" in rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/ ;; esac + +set +e +service firewalld status >/dev/null 2>&1 +if [ $? -eq 0 ]; then + firewall-cmd --remove-service kimchid >/dev/null 2>&1 +fi +set -e diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in index 75435b3..24485bd 100644 --- a/contrib/kimchi.spec.fedora.in +++ b/contrib/kimchi.spec.fedora.in @@ -35,6 +35,7 @@ BuildRequires: python-unittest2
%if 0%{?with_systemd} Requires: systemd +Requires: firewalld Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -64,6 +65,7 @@ make DESTDIR=%{buildroot} install %if 0%{?with_systemd} # Install the systemd scripts install -Dm 0644 contrib/kimchid.service.fedora %{buildroot}%{_unitdir}/kimchid.service +install -Dm 0640 src/firewalld.xml %{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml %endif
%if 0%{?rhel} == 6 @@ -88,12 +90,35 @@ start kimchid service kimchid start %endif
+%if 0%{?with_systemd} +service firewalld status >/dev/null 2>&1 +if [ $? -ne 0 ]; then + service firewalld start >/dev/null 2>&1 +fi +# Add firewalld rules to open 8000 and 8001 port +firewall-cmd --reload >/dev/null 2>&1 +firewall-cmd --add-service kimchid >/dev/null 2>&1 +%else +# Add default iptable rules to open 8000 and 8001 port +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save >/dev/null 2>&1 +%endif + %preun + if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable kimchid.service > /dev/null 2>&1 || : /bin/systemctl stop kimchid.service > /dev/null 2>&1 || : + %if 0%{?with_systemd} + firewall-cmd --remove-service kimchid >/dev/null 2>&1 || : + %else + iptables -D INPUT -p tcp --dport 8000 -j ACCEPT || : + iptables -D INPUT -p tcp --dport 8001 -j ACCEPT || : + %endif fi + exit 0
@@ -156,6 +181,7 @@ rm -rf $RPM_BUILD_ROOT
%if 0%{?with_systemd} %{_unitdir}/kimchid.service +%{_prefix}/lib/firewalld/services/kimchid.xml %endif %if 0%{?rhel} == 6 /etc/init/kimchid.conf diff --git a/src/Makefile.am b/src/Makefile.am index 7d29e28..7514870 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d
EXTRA_DIST = kimchid.in \ kimchi.conf.in \ + firewalld.xml \ $(NULL)
bin_SCRIPTS = kimchid diff --git a/src/firewalld.xml b/src/firewalld.xml new file mode 100644 index 0000000..7472e20 --- /dev/null +++ b/src/firewalld.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>kimchid</short> + <description>Kimchid is a daemon service for kimchi which is a HTML5 based management tool for KVM. It is designed to make it as easy as possible to get started with KVM and create your first guest.</description> + <port protocol="tcp" port="8000"/> + <port protocol="tcp" port="8001"/> +</service>

Reviewed-by: Aline Manera <alinefm@linux.vnet.ibm.com> Please, send the code for opensuse asap. On 01/09/2014 03:27 AM, taget@linux.vnet.ibm.com wrote:
From: Eli Qiao <taget@linux.vnet.ibm.com>
Use firewalld to manager firewall rules on RHEL7, fedora and ubuntu. Add static rules in iptables to on RHEL6.
Signed-off-by: Eli Qiao <taget@linux.vnet.ibm.com> --- Makefile.am | 3 +++ contrib/DEBIAN/control.in | 3 ++- contrib/DEBIAN/postinst | 8 ++++++++ contrib/DEBIAN/postrm | 7 +++++++ contrib/kimchi.spec.fedora.in | 26 ++++++++++++++++++++++++++ src/Makefile.am | 1 + src/firewalld.xml | 7 +++++++ 7 files changed, 54 insertions(+), 1 deletion(-) create mode 100644 src/firewalld.xml
diff --git a/Makefile.am b/Makefile.am index 04ad696..13cbe13 100644 --- a/Makefile.am +++ b/Makefile.am @@ -85,8 +85,11 @@ all-local: install-deb: install cp -R $(top_srcdir)/contrib/DEBIAN $(DESTDIR)/ $(MKDIR_P) $(DESTDIR)/etc/init + $(MKDIR_P) $(DESTDIR)/usr/lib/firewalld/services cp -R $(top_srcdir)/contrib/kimchid-upstart.conf.debian \ $(DESTDIR)/etc/init/kimchid.conf + cp -R $(top_srcdir)/src/firewalld.xml \ + $(DESTDIR)/usr/lib/firewalld/services/kimchid.xml
deb: contrib/make-deb.sh diff --git a/contrib/DEBIAN/control.in b/contrib/DEBIAN/control.in index eecfb27..64ac2f4 100644 --- a/contrib/DEBIAN/control.in +++ b/contrib/DEBIAN/control.in @@ -18,7 +18,8 @@ Depends: python-cherrypy3 (>= 3.2.0), python-ethtool, sosreport, python-ipaddr, - open-iscsi + open-iscsi, + firewalld Build-Depends: Maintainer: Aline Manera <alinefm@br.ibm.com> Description: Kimchi web server diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst index c1fc22e..5f7e2ff 100755 --- a/contrib/DEBIAN/postinst +++ b/contrib/DEBIAN/postinst @@ -19,3 +19,11 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
service kimchid start +set +e +service firewalld status >/dev/null 2>&1 +if [ $? -ne 0 ]; then + service firewalld start >/dev/null 2>&1 +fi +firewall-cmd --reload >/dev/null 2>&1 +firewall-cmd --add-service kimchid >/dev/null 2>&1 +set -e diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm index ef90b49..9f1d895 100755 --- a/contrib/DEBIAN/postrm +++ b/contrib/DEBIAN/postrm @@ -26,3 +26,10 @@ case "$1" in rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/ ;; esac + +set +e +service firewalld status >/dev/null 2>&1 +if [ $? -eq 0 ]; then + firewall-cmd --remove-service kimchid >/dev/null 2>&1 +fi +set -e diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in index 75435b3..24485bd 100644 --- a/contrib/kimchi.spec.fedora.in +++ b/contrib/kimchi.spec.fedora.in @@ -35,6 +35,7 @@ BuildRequires: python-unittest2
%if 0%{?with_systemd} Requires: systemd +Requires: firewalld Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -64,6 +65,7 @@ make DESTDIR=%{buildroot} install %if 0%{?with_systemd} # Install the systemd scripts install -Dm 0644 contrib/kimchid.service.fedora %{buildroot}%{_unitdir}/kimchid.service +install -Dm 0640 src/firewalld.xml %{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml %endif
%if 0%{?rhel} == 6 @@ -88,12 +90,35 @@ start kimchid service kimchid start %endif
+%if 0%{?with_systemd} +service firewalld status >/dev/null 2>&1 +if [ $? -ne 0 ]; then + service firewalld start >/dev/null 2>&1 +fi +# Add firewalld rules to open 8000 and 8001 port +firewall-cmd --reload >/dev/null 2>&1 +firewall-cmd --add-service kimchid >/dev/null 2>&1 +%else +# Add default iptable rules to open 8000 and 8001 port +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save >/dev/null 2>&1 +%endif + %preun + if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable kimchid.service > /dev/null 2>&1 || : /bin/systemctl stop kimchid.service > /dev/null 2>&1 || : + %if 0%{?with_systemd} + firewall-cmd --remove-service kimchid >/dev/null 2>&1 || : + %else + iptables -D INPUT -p tcp --dport 8000 -j ACCEPT || : + iptables -D INPUT -p tcp --dport 8001 -j ACCEPT || : + %endif fi + exit 0
@@ -156,6 +181,7 @@ rm -rf $RPM_BUILD_ROOT
%if 0%{?with_systemd} %{_unitdir}/kimchid.service +%{_prefix}/lib/firewalld/services/kimchid.xml %endif %if 0%{?rhel} == 6 /etc/init/kimchid.conf diff --git a/src/Makefile.am b/src/Makefile.am index 7d29e28..7514870 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d
EXTRA_DIST = kimchid.in \ kimchi.conf.in \ + firewalld.xml \ $(NULL)
bin_SCRIPTS = kimchid diff --git a/src/firewalld.xml b/src/firewalld.xml new file mode 100644 index 0000000..7472e20 --- /dev/null +++ b/src/firewalld.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>kimchid</short> + <description>Kimchid is a daemon service for kimchi which is a HTML5 based management tool for KVM. It is designed to make it as easy as possible to get started with KVM and create your first guest.</description> + <port protocol="tcp" port="8000"/> + <port protocol="tcp" port="8001"/> +</service>

Applied. Thanks. Regards, Aline Manera
participants (3)
-
Aline Manera
-
Eli Qiao
-
taget@linux.vnet.ibm.com