[V2] spec: Open 8000 and 8001 port by default
From: Eli Qiao <taget@linux.vnet.ibm.com> V2 - V1 changes: 1.Add firewalld sevice configure file kimchid.xml to help open iptables port (Mark) 2.Add Ubuntu iptables rule (Royce) Signed-off-by: Eli Qiao <taget@linux.vnet.ibm.com> --- contrib/DEBIAN/control.in | 3 ++- contrib/DEBIAN/postinst | 2 ++ contrib/DEBIAN/postrm | 2 ++ contrib/kimchi.spec.fedora.in | 19 +++++++++++++++++++ contrib/kimchi.spec.suse.in | 10 ++++++++-- contrib/kimchid.service.fedora | 1 + src/Makefile.am | 1 + src/kimchid.xml | 7 +++++++ 8 files changed, 42 insertions(+), 3 deletions(-) create mode 100644 src/kimchid.xml diff --git a/contrib/DEBIAN/control.in b/contrib/DEBIAN/control.in index 380584c..c0ea1f1 100644 --- a/contrib/DEBIAN/control.in +++ b/contrib/DEBIAN/control.in @@ -17,7 +17,8 @@ Depends: python-cherrypy3 (>= 3.2.0), python-psutil (>= 0.6.0), python-ethtool, sosreport, - python-ipaddr + python-ipaddr, + firewalld Build-Depends: Maintainer: Aline Manera <alinefm@br.ibm.com> Description: Kimchi web server diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst index c1fc22e..b27205c 100755 --- a/contrib/DEBIAN/postinst +++ b/contrib/DEBIAN/postinst @@ -19,3 +19,5 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA service kimchid start +/usr/bin/firewall-cmd --reload +/usr/bin/firewall-cmd --add-service kimchid diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm index ef90b49..3c70584 100755 --- a/contrib/DEBIAN/postrm +++ b/contrib/DEBIAN/postrm @@ -26,3 +26,5 @@ case "$1" in rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/ ;; esac + +/usr/bin/firewall-cmd --remove-service kimchid diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in index 14ec359..3a3ca4c 100644 --- a/contrib/kimchi.spec.fedora.in +++ b/contrib/kimchi.spec.fedora.in @@ -34,6 +34,7 @@ BuildRequires: python-unittest2 %if 0%{?with_systemd} Requires: systemd +Requires: firewalld Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -63,6 +64,7 @@ make DESTDIR=%{buildroot} install %if 0%{?with_systemd} # Install the systemd scripts install -Dm 0644 contrib/kimchid.service.fedora %{buildroot}%{_unitdir}/kimchid.service +install -Dm 0640 src/kimchid.xml %{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml %endif %if 0%{?rhel} == 6 @@ -83,16 +85,32 @@ fi %if 0%{?rhel} == 6 start kimchid +# Add defult iptable rules to open 8000 and 8001 port +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save %else service kimchid start +# Add firewalld rull to open 8000 and 8001 port +/usr/bin/firewall-cmd --reload +/usr/bin/firewall-cmd --add-service kimchid %endif %preun +%if 0%{?rhel} == 6 +iptables -D INPUT -p tcp --dport 8000 -j ACCEPT +iptables -D INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save +%else +/usr/bin/firewall-cmd --remove-service kimchid +%endif + if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable kimchid.service > /dev/null 2>&1 || : /bin/systemctl stop kimchid.service > /dev/null 2>&1 || : fi + exit 0 @@ -153,6 +171,7 @@ rm -rf $RPM_BUILD_ROOT %if 0%{?with_systemd} %{_unitdir}/kimchid.service +%{_prefix}/lib/firewalld/services/kimchid.xml %endif %if 0%{?rhel} == 6 /etc/init/kimchid.conf diff --git a/contrib/kimchi.spec.suse.in b/contrib/kimchi.spec.suse.in index 9051284..dde9dae 100644 --- a/contrib/kimchi.spec.suse.in +++ b/contrib/kimchi.spec.suse.in @@ -46,10 +46,16 @@ install -Dm 0755 contrib/kimchid.sysvinit %{buildroot}%{_initrddir}/kimchid %post service kimchid start chkconfig kimchid on - +# Add iptables rules to open 8000 and 8001 port +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save %preun service kimchid stop - +# Remove iptables rules to open 8000 and 8001 port +iptables -D INPUT -p tcp --dport 8000 -j ACCEPT +iptables -D INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save %clean rm -rf $RPM_BUILD_ROOT diff --git a/contrib/kimchid.service.fedora b/contrib/kimchid.service.fedora index 7abe49b..e39f86b 100644 --- a/contrib/kimchid.service.fedora +++ b/contrib/kimchid.service.fedora @@ -1,6 +1,7 @@ [Unit] Description=Kimchi server Requires=libvirtd.service +Requires=firewalld.service After=libvirtd.service [Service] diff --git a/src/Makefile.am b/src/Makefile.am index 7d29e28..e3938a7 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d EXTRA_DIST = kimchid.in \ kimchi.conf.in \ + kimchid.xml \ $(NULL) bin_SCRIPTS = kimchid diff --git a/src/kimchid.xml b/src/kimchid.xml new file mode 100644 index 0000000..dee4599 --- /dev/null +++ b/src/kimchid.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>kimchid</short> + <description>Kimchid is a daemon service for kimchi whichi is a HTML5 based management tool for KVM. It is designed to make it as easy as possible to get started with KVM and create your first guest.</description> + <port protocol="tcp" port="8000"/> + <port protocol="tcp" port="8001"/> +</service> -- 1.7.1
Hello Eli, Am I missing something or you're supporting only the distro's package managers? What happens if I decide to install Kimchi from the source code? Best regards, -- Paulo Ricardo Paz Vital <pvital@linux.vnet.ibm.com> IBM Linux Technology Center On Fri, 2013-12-20 at 17:21 +0800, taget@linux.vnet.ibm.com wrote:
From: Eli Qiao <taget@linux.vnet.ibm.com>
V2 - V1 changes:
1.Add firewalld sevice configure file kimchid.xml to help open iptables port (Mark) 2.Add Ubuntu iptables rule (Royce)
Signed-off-by: Eli Qiao <taget@linux.vnet.ibm.com> --- contrib/DEBIAN/control.in | 3 ++- contrib/DEBIAN/postinst | 2 ++ contrib/DEBIAN/postrm | 2 ++ contrib/kimchi.spec.fedora.in | 19 +++++++++++++++++++ contrib/kimchi.spec.suse.in | 10 ++++++++-- contrib/kimchid.service.fedora | 1 + src/Makefile.am | 1 + src/kimchid.xml | 7 +++++++ 8 files changed, 42 insertions(+), 3 deletions(-) create mode 100644 src/kimchid.xml
diff --git a/contrib/DEBIAN/control.in b/contrib/DEBIAN/control.in index 380584c..c0ea1f1 100644 --- a/contrib/DEBIAN/control.in +++ b/contrib/DEBIAN/control.in @@ -17,7 +17,8 @@ Depends: python-cherrypy3 (>= 3.2.0), python-psutil (>= 0.6.0), python-ethtool, sosreport, - python-ipaddr + python-ipaddr, + firewalld Build-Depends: Maintainer: Aline Manera <alinefm@br.ibm.com> Description: Kimchi web server diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst index c1fc22e..b27205c 100755 --- a/contrib/DEBIAN/postinst +++ b/contrib/DEBIAN/postinst @@ -19,3 +19,5 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
service kimchid start +/usr/bin/firewall-cmd --reload +/usr/bin/firewall-cmd --add-service kimchid diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm index ef90b49..3c70584 100755 --- a/contrib/DEBIAN/postrm +++ b/contrib/DEBIAN/postrm @@ -26,3 +26,5 @@ case "$1" in rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/ ;; esac + +/usr/bin/firewall-cmd --remove-service kimchid diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in index 14ec359..3a3ca4c 100644 --- a/contrib/kimchi.spec.fedora.in +++ b/contrib/kimchi.spec.fedora.in @@ -34,6 +34,7 @@ BuildRequires: python-unittest2
%if 0%{?with_systemd} Requires: systemd +Requires: firewalld Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -63,6 +64,7 @@ make DESTDIR=%{buildroot} install %if 0%{?with_systemd} # Install the systemd scripts install -Dm 0644 contrib/kimchid.service.fedora %{buildroot}%{_unitdir}/kimchid.service +install -Dm 0640 src/kimchid.xml %{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml %endif
%if 0%{?rhel} == 6 @@ -83,16 +85,32 @@ fi
%if 0%{?rhel} == 6 start kimchid +# Add defult iptable rules to open 8000 and 8001 port +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save %else service kimchid start +# Add firewalld rull to open 8000 and 8001 port +/usr/bin/firewall-cmd --reload +/usr/bin/firewall-cmd --add-service kimchid %endif
%preun +%if 0%{?rhel} == 6 +iptables -D INPUT -p tcp --dport 8000 -j ACCEPT +iptables -D INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save +%else +/usr/bin/firewall-cmd --remove-service kimchid +%endif + if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable kimchid.service > /dev/null 2>&1 || : /bin/systemctl stop kimchid.service > /dev/null 2>&1 || : fi + exit 0
@@ -153,6 +171,7 @@ rm -rf $RPM_BUILD_ROOT
%if 0%{?with_systemd} %{_unitdir}/kimchid.service +%{_prefix}/lib/firewalld/services/kimchid.xml %endif %if 0%{?rhel} == 6 /etc/init/kimchid.conf diff --git a/contrib/kimchi.spec.suse.in b/contrib/kimchi.spec.suse.in index 9051284..dde9dae 100644 --- a/contrib/kimchi.spec.suse.in +++ b/contrib/kimchi.spec.suse.in @@ -46,10 +46,16 @@ install -Dm 0755 contrib/kimchid.sysvinit %{buildroot}%{_initrddir}/kimchid %post service kimchid start chkconfig kimchid on - +# Add iptables rules to open 8000 and 8001 port +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save %preun service kimchid stop - +# Remove iptables rules to open 8000 and 8001 port +iptables -D INPUT -p tcp --dport 8000 -j ACCEPT +iptables -D INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save %clean rm -rf $RPM_BUILD_ROOT
diff --git a/contrib/kimchid.service.fedora b/contrib/kimchid.service.fedora index 7abe49b..e39f86b 100644 --- a/contrib/kimchid.service.fedora +++ b/contrib/kimchid.service.fedora @@ -1,6 +1,7 @@ [Unit] Description=Kimchi server Requires=libvirtd.service +Requires=firewalld.service After=libvirtd.service
[Service] diff --git a/src/Makefile.am b/src/Makefile.am index 7d29e28..e3938a7 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d
EXTRA_DIST = kimchid.in \ kimchi.conf.in \ + kimchid.xml \ $(NULL)
bin_SCRIPTS = kimchid diff --git a/src/kimchid.xml b/src/kimchid.xml new file mode 100644 index 0000000..dee4599 --- /dev/null +++ b/src/kimchid.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>kimchid</short> + <description>Kimchid is a daemon service for kimchi whichi is a HTML5 based management tool for KVM. It is designed to make it as easy as possible to get started with KVM and create your first guest.</description> + <port protocol="tcp" port="8000"/> + <port protocol="tcp" port="8001"/> +</service>
? 2013?12?21? 05:28, Rodrigo Trujillo ??:
Yeap .. maybe add same logic in "make install"
yes, thanks, I didn't add logic deal in "make install"
On 12/20/2013 11:28 AM, Paulo Ricardo Paz Vital wrote:
Hello Eli,
Am I missing something or you're supporting only the distro's package managers? What happens if I decide to install Kimchi from the source code?
Best regards,
-- Thanks Eli (Li Yong) Qiao (qiaoly@cn.ibm.com) CSTL-KVM Frobisher/RHEV-H
于 2013/12/20 17:21, taget@linux.vnet.ibm.com 写道:
From: Eli Qiao <taget@linux.vnet.ibm.com>
V2 - V1 changes:
1.Add firewalld sevice configure file kimchid.xml to help open iptables port (Mark) 2.Add Ubuntu iptables rule (Royce)
Signed-off-by: Eli Qiao <taget@linux.vnet.ibm.com> --- contrib/DEBIAN/control.in | 3 ++- contrib/DEBIAN/postinst | 2 ++ contrib/DEBIAN/postrm | 2 ++ contrib/kimchi.spec.fedora.in | 19 +++++++++++++++++++ contrib/kimchi.spec.suse.in | 10 ++++++++-- contrib/kimchid.service.fedora | 1 + src/Makefile.am | 1 + src/kimchid.xml | 7 +++++++ 8 files changed, 42 insertions(+), 3 deletions(-) create mode 100644 src/kimchid.xml
diff --git a/contrib/DEBIAN/control.in b/contrib/DEBIAN/control.in index 380584c..c0ea1f1 100644 --- a/contrib/DEBIAN/control.in +++ b/contrib/DEBIAN/control.in @@ -17,7 +17,8 @@ Depends: python-cherrypy3 (>= 3.2.0), python-psutil (>= 0.6.0), python-ethtool, sosreport, - python-ipaddr + python-ipaddr, + firewalld Build-Depends: Maintainer: Aline Manera <alinefm@br.ibm.com> Description: Kimchi web server diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst index c1fc22e..b27205c 100755 --- a/contrib/DEBIAN/postinst +++ b/contrib/DEBIAN/postinst @@ -19,3 +19,5 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
service kimchid start +/usr/bin/firewall-cmd --reload +/usr/bin/firewall-cmd --add-service kimchid diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm index ef90b49..3c70584 100755 --- a/contrib/DEBIAN/postrm +++ b/contrib/DEBIAN/postrm @@ -26,3 +26,5 @@ case "$1" in rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/ ;; esac + +/usr/bin/firewall-cmd --remove-service kimchid diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in index 14ec359..3a3ca4c 100644 --- a/contrib/kimchi.spec.fedora.in +++ b/contrib/kimchi.spec.fedora.in @@ -34,6 +34,7 @@ BuildRequires: python-unittest2
%if 0%{?with_systemd} Requires: systemd +Requires: firewalld Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -63,6 +64,7 @@ make DESTDIR=%{buildroot} install %if 0%{?with_systemd} # Install the systemd scripts install -Dm 0644 contrib/kimchid.service.fedora %{buildroot}%{_unitdir}/kimchid.service +install -Dm 0640 src/kimchid.xml %{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml
It seems that you may need to check if this file is required on rhel or Fedora.
%endif
%if 0%{?rhel} == 6 @@ -83,16 +85,32 @@ fi
%if 0%{?rhel} == 6 start kimchid +# Add defult iptable rules to open 8000 and 8001 port +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save %else service kimchid start +# Add firewalld rull to open 8000 and 8001 port +/usr/bin/firewall-cmd --reload +/usr/bin/firewall-cmd --add-service kimchid %endif
%preun +%if 0%{?rhel} == 6 +iptables -D INPUT -p tcp --dport 8000 -j ACCEPT +iptables -D INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save +%else +/usr/bin/firewall-cmd --remove-service kimchid +%endif + if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable kimchid.service > /dev/null 2>&1 || : /bin/systemctl stop kimchid.service > /dev/null 2>&1 || : fi + exit 0
@@ -153,6 +171,7 @@ rm -rf $RPM_BUILD_ROOT
%if 0%{?with_systemd} %{_unitdir}/kimchid.service +%{_prefix}/lib/firewalld/services/kimchid.xml %endif %if 0%{?rhel} == 6 /etc/init/kimchid.conf diff --git a/contrib/kimchi.spec.suse.in b/contrib/kimchi.spec.suse.in index 9051284..dde9dae 100644 --- a/contrib/kimchi.spec.suse.in +++ b/contrib/kimchi.spec.suse.in @@ -46,10 +46,16 @@ install -Dm 0755 contrib/kimchid.sysvinit %{buildroot}%{_initrddir}/kimchid %post service kimchid start chkconfig kimchid on - +# Add iptables rules to open 8000 and 8001 port +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save %preun service kimchid stop - +# Remove iptables rules to open 8000 and 8001 port +iptables -D INPUT -p tcp --dport 8000 -j ACCEPT +iptables -D INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save %clean rm -rf $RPM_BUILD_ROOT Can we use firewalld in open-suse like Fedora?
diff --git a/contrib/kimchid.service.fedora b/contrib/kimchid.service.fedora index 7abe49b..e39f86b 100644 --- a/contrib/kimchid.service.fedora +++ b/contrib/kimchid.service.fedora @@ -1,6 +1,7 @@ [Unit] Description=Kimchi server Requires=libvirtd.service +Requires=firewalld.service After=libvirtd.service
[Service] diff --git a/src/Makefile.am b/src/Makefile.am index 7d29e28..e3938a7 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d
EXTRA_DIST = kimchid.in \ kimchi.conf.in \ + kimchid.xml \ $(NULL)
bin_SCRIPTS = kimchid diff --git a/src/kimchid.xml b/src/kimchid.xml new file mode 100644 index 0000000..dee4599 --- /dev/null +++ b/src/kimchid.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>kimchid</short> + <description>Kimchid is a daemon service for kimchi whichi is a HTML5 based management tool for KVM. It is designed to make it as easy as possible to get started with KVM and create your first guest.</description> + <port protocol="tcp" port="8000"/> + <port protocol="tcp" port="8001"/> +</service>
于 2013年12月22日 22:26, Shu Ming 写道:
于 2013/12/20 17:21, taget@linux.vnet.ibm.com 写道:
From: Eli Qiao <taget@linux.vnet.ibm.com>
V2 - V1 changes:
1.Add firewalld sevice configure file kimchid.xml to help open iptables port (Mark) 2.Add Ubuntu iptables rule (Royce)
Signed-off-by: Eli Qiao <taget@linux.vnet.ibm.com> --- contrib/DEBIAN/control.in | 3 ++- contrib/DEBIAN/postinst | 2 ++ contrib/DEBIAN/postrm | 2 ++ contrib/kimchi.spec.fedora.in | 19 +++++++++++++++++++ contrib/kimchi.spec.suse.in | 10 ++++++++-- contrib/kimchid.service.fedora | 1 + src/Makefile.am | 1 + src/kimchid.xml | 7 +++++++ 8 files changed, 42 insertions(+), 3 deletions(-) create mode 100644 src/kimchid.xml
diff --git a/contrib/DEBIAN/control.in b/contrib/DEBIAN/control.in index 380584c..c0ea1f1 100644 --- a/contrib/DEBIAN/control.in +++ b/contrib/DEBIAN/control.in @@ -17,7 +17,8 @@ Depends: python-cherrypy3 (>= 3.2.0), python-psutil (>= 0.6.0), python-ethtool, sosreport, - python-ipaddr + python-ipaddr, + firewalld Build-Depends: Maintainer: Aline Manera <alinefm@br.ibm.com> Description: Kimchi web server diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst index c1fc22e..b27205c 100755 --- a/contrib/DEBIAN/postinst +++ b/contrib/DEBIAN/postinst @@ -19,3 +19,5 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
service kimchid start +/usr/bin/firewall-cmd --reload +/usr/bin/firewall-cmd --add-service kimchid diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm index ef90b49..3c70584 100755 --- a/contrib/DEBIAN/postrm +++ b/contrib/DEBIAN/postrm @@ -26,3 +26,5 @@ case "$1" in rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/ ;; esac + +/usr/bin/firewall-cmd --remove-service kimchid diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in index 14ec359..3a3ca4c 100644 --- a/contrib/kimchi.spec.fedora.in +++ b/contrib/kimchi.spec.fedora.in @@ -34,6 +34,7 @@ BuildRequires: python-unittest2
%if 0%{?with_systemd} Requires: systemd +Requires: firewalld Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -63,6 +64,7 @@ make DESTDIR=%{buildroot} install %if 0%{?with_systemd} # Install the systemd scripts install -Dm 0644 contrib/kimchid.service.fedora %{buildroot}%{_unitdir}/kimchid.service +install -Dm 0640 src/kimchid.xml %{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml
It seems that you may need to check if this file is required on rhel or Fedora. if with_systemd defined it's mean RHEL7 or fedora , so no require to check
%endif
%if 0%{?rhel} == 6 @@ -83,16 +85,32 @@ fi
%if 0%{?rhel} == 6 start kimchid +# Add defult iptable rules to open 8000 and 8001 port +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save %else service kimchid start +# Add firewalld rull to open 8000 and 8001 port +/usr/bin/firewall-cmd --reload +/usr/bin/firewall-cmd --add-service kimchid %endif
%preun +%if 0%{?rhel} == 6 +iptables -D INPUT -p tcp --dport 8000 -j ACCEPT +iptables -D INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save +%else +/usr/bin/firewall-cmd --remove-service kimchid +%endif + if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable kimchid.service > /dev/null 2>&1 || : /bin/systemctl stop kimchid.service > /dev/null 2>&1 || : fi + exit 0
@@ -153,6 +171,7 @@ rm -rf $RPM_BUILD_ROOT
%if 0%{?with_systemd} %{_unitdir}/kimchid.service +%{_prefix}/lib/firewalld/services/kimchid.xml %endif %if 0%{?rhel} == 6 /etc/init/kimchid.conf diff --git a/contrib/kimchi.spec.suse.in b/contrib/kimchi.spec.suse.in index 9051284..dde9dae 100644 --- a/contrib/kimchi.spec.suse.in +++ b/contrib/kimchi.spec.suse.in @@ -46,10 +46,16 @@ install -Dm 0755 contrib/kimchid.sysvinit %{buildroot}%{_initrddir}/kimchid %post service kimchid start chkconfig kimchid on - +# Add iptables rules to open 8000 and 8001 port +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save %preun service kimchid stop - +# Remove iptables rules to open 8000 and 8001 port +iptables -D INPUT -p tcp --dport 8000 -j ACCEPT +iptables -D INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save %clean rm -rf $RPM_BUILD_ROOT Can we use firewalld in open-suse like Fedora?
does open-suse have firewalld ? I didn't find it.
diff --git a/contrib/kimchid.service.fedora b/contrib/kimchid.service.fedora index 7abe49b..e39f86b 100644 --- a/contrib/kimchid.service.fedora +++ b/contrib/kimchid.service.fedora @@ -1,6 +1,7 @@ [Unit] Description=Kimchi server Requires=libvirtd.service +Requires=firewalld.service After=libvirtd.service
[Service] diff --git a/src/Makefile.am b/src/Makefile.am index 7d29e28..e3938a7 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d
EXTRA_DIST = kimchid.in \ kimchi.conf.in \ + kimchid.xml \ $(NULL)
bin_SCRIPTS = kimchid diff --git a/src/kimchid.xml b/src/kimchid.xml new file mode 100644 index 0000000..dee4599 --- /dev/null +++ b/src/kimchid.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>kimchid</short> + <description>Kimchid is a daemon service for kimchi whichi is a HTML5 based management tool for KVM. It is designed to make it as easy as possible to get started with KVM and create your first guest.</description> + <port protocol="tcp" port="8000"/> + <port protocol="tcp" port="8001"/> +</service>
-- Thanks Eli (Li Yong) Qiao (qiaoly@cn.ibm.com) CSTL-KVM Frobisher/RHEV-H
于 2013/12/23 10:13, Eli Qiao 写道:
于 2013年12月22日 22:26, Shu Ming 写道:
于 2013/12/20 17:21, taget@linux.vnet.ibm.com 写道:
From: Eli Qiao <taget@linux.vnet.ibm.com>
V2 - V1 changes:
1.Add firewalld sevice configure file kimchid.xml to help open iptables port (Mark) 2.Add Ubuntu iptables rule (Royce)
Signed-off-by: Eli Qiao <taget@linux.vnet.ibm.com> --- contrib/DEBIAN/control.in | 3 ++- contrib/DEBIAN/postinst | 2 ++ contrib/DEBIAN/postrm | 2 ++ contrib/kimchi.spec.fedora.in | 19 +++++++++++++++++++ contrib/kimchi.spec.suse.in | 10 ++++++++-- contrib/kimchid.service.fedora | 1 + src/Makefile.am | 1 + src/kimchid.xml | 7 +++++++ 8 files changed, 42 insertions(+), 3 deletions(-) create mode 100644 src/kimchid.xml
diff --git a/contrib/DEBIAN/control.in b/contrib/DEBIAN/control.in index 380584c..c0ea1f1 100644 --- a/contrib/DEBIAN/control.in +++ b/contrib/DEBIAN/control.in @@ -17,7 +17,8 @@ Depends: python-cherrypy3 (>= 3.2.0), python-psutil (>= 0.6.0), python-ethtool, sosreport, - python-ipaddr + python-ipaddr, + firewalld Build-Depends: Maintainer: Aline Manera <alinefm@br.ibm.com> Description: Kimchi web server diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst index c1fc22e..b27205c 100755 --- a/contrib/DEBIAN/postinst +++ b/contrib/DEBIAN/postinst @@ -19,3 +19,5 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
service kimchid start +/usr/bin/firewall-cmd --reload +/usr/bin/firewall-cmd --add-service kimchid diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm index ef90b49..3c70584 100755 --- a/contrib/DEBIAN/postrm +++ b/contrib/DEBIAN/postrm @@ -26,3 +26,5 @@ case "$1" in rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/ ;; esac + +/usr/bin/firewall-cmd --remove-service kimchid diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in index 14ec359..3a3ca4c 100644 --- a/contrib/kimchi.spec.fedora.in +++ b/contrib/kimchi.spec.fedora.in @@ -34,6 +34,7 @@ BuildRequires: python-unittest2
%if 0%{?with_systemd} Requires: systemd +Requires: firewalld Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -63,6 +64,7 @@ make DESTDIR=%{buildroot} install %if 0%{?with_systemd} # Install the systemd scripts install -Dm 0644 contrib/kimchid.service.fedora %{buildroot}%{_unitdir}/kimchid.service +install -Dm 0640 src/kimchid.xml %{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml
It seems that you may need to check if this file is required on rhel or Fedora. if with_systemd defined it's mean RHEL7 or fedora , so no require to check
Thanks for explain. That looks good.
%endif
%if 0%{?rhel} == 6 @@ -83,16 +85,32 @@ fi
%if 0%{?rhel} == 6 start kimchid +# Add defult iptable rules to open 8000 and 8001 port +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save %else service kimchid start +# Add firewalld rull to open 8000 and 8001 port +/usr/bin/firewall-cmd --reload +/usr/bin/firewall-cmd --add-service kimchid %endif
%preun +%if 0%{?rhel} == 6 +iptables -D INPUT -p tcp --dport 8000 -j ACCEPT +iptables -D INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save +%else +/usr/bin/firewall-cmd --remove-service kimchid +%endif + if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable kimchid.service > /dev/null 2>&1 || : /bin/systemctl stop kimchid.service > /dev/null 2>&1 || : fi + exit 0
@@ -153,6 +171,7 @@ rm -rf $RPM_BUILD_ROOT
%if 0%{?with_systemd} %{_unitdir}/kimchid.service +%{_prefix}/lib/firewalld/services/kimchid.xml %endif %if 0%{?rhel} == 6 /etc/init/kimchid.conf diff --git a/contrib/kimchi.spec.suse.in b/contrib/kimchi.spec.suse.in index 9051284..dde9dae 100644 --- a/contrib/kimchi.spec.suse.in +++ b/contrib/kimchi.spec.suse.in @@ -46,10 +46,16 @@ install -Dm 0755 contrib/kimchid.sysvinit %{buildroot}%{_initrddir}/kimchid %post service kimchid start chkconfig kimchid on - +# Add iptables rules to open 8000 and 8001 port +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save %preun service kimchid stop - +# Remove iptables rules to open 8000 and 8001 port +iptables -D INPUT -p tcp --dport 8000 -j ACCEPT +iptables -D INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save %clean rm -rf $RPM_BUILD_ROOT Can we use firewalld in open-suse like Fedora?
does open-suse have firewalld ? I didn't find it.
If it doesn't have, that 's fine.
diff --git a/contrib/kimchid.service.fedora b/contrib/kimchid.service.fedora index 7abe49b..e39f86b 100644 --- a/contrib/kimchid.service.fedora +++ b/contrib/kimchid.service.fedora @@ -1,6 +1,7 @@ [Unit] Description=Kimchi server Requires=libvirtd.service +Requires=firewalld.service After=libvirtd.service
[Service] diff --git a/src/Makefile.am b/src/Makefile.am index 7d29e28..e3938a7 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d
EXTRA_DIST = kimchid.in \ kimchi.conf.in \ + kimchid.xml \ $(NULL)
bin_SCRIPTS = kimchid diff --git a/src/kimchid.xml b/src/kimchid.xml new file mode 100644 index 0000000..dee4599 --- /dev/null +++ b/src/kimchid.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>kimchid</short> + <description>Kimchid is a daemon service for kimchi whichi is a HTML5 based management tool for KVM. It is designed to make it as easy as possible to get started with KVM and create your first guest.</description> + <port protocol="tcp" port="8000"/> + <port protocol="tcp" port="8001"/> +</service>
On 12/20/2013 05:21 PM, taget@linux.vnet.ibm.com wrote:
From: Eli Qiao <taget@linux.vnet.ibm.com>
V2 - V1 changes:
1.Add firewalld sevice configure file kimchid.xml to help open iptables port (Mark) 2.Add Ubuntu iptables rule (Royce)
Signed-off-by: Eli Qiao <taget@linux.vnet.ibm.com> --- contrib/DEBIAN/control.in | 3 ++- contrib/DEBIAN/postinst | 2 ++ contrib/DEBIAN/postrm | 2 ++ contrib/kimchi.spec.fedora.in | 19 +++++++++++++++++++ contrib/kimchi.spec.suse.in | 10 ++++++++-- contrib/kimchid.service.fedora | 1 + src/Makefile.am | 1 + src/kimchid.xml | 7 +++++++ 8 files changed, 42 insertions(+), 3 deletions(-) create mode 100644 src/kimchid.xml
diff --git a/contrib/DEBIAN/control.in b/contrib/DEBIAN/control.in index 380584c..c0ea1f1 100644 --- a/contrib/DEBIAN/control.in +++ b/contrib/DEBIAN/control.in @@ -17,7 +17,8 @@ Depends: python-cherrypy3 (>= 3.2.0), python-psutil (>= 0.6.0), python-ethtool, sosreport, - python-ipaddr + python-ipaddr, + firewalld Build-Depends: Maintainer: Aline Manera <alinefm@br.ibm.com> Description: Kimchi web server diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst index c1fc22e..b27205c 100755 --- a/contrib/DEBIAN/postinst +++ b/contrib/DEBIAN/postinst @@ -19,3 +19,5 @@ # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
service kimchid start +/usr/bin/firewall-cmd --reload +/usr/bin/firewall-cmd --add-service kimchid diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm index ef90b49..3c70584 100755 --- a/contrib/DEBIAN/postrm +++ b/contrib/DEBIAN/postrm @@ -26,3 +26,5 @@ case "$1" in rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/ ;; esac + +/usr/bin/firewall-cmd --remove-service kimchid diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in index 14ec359..3a3ca4c 100644 --- a/contrib/kimchi.spec.fedora.in +++ b/contrib/kimchi.spec.fedora.in @@ -34,6 +34,7 @@ BuildRequires: python-unittest2
%if 0%{?with_systemd} Requires: systemd +Requires: firewalld Requires(post): systemd Requires(preun): systemd Requires(postun): systemd @@ -63,6 +64,7 @@ make DESTDIR=%{buildroot} install %if 0%{?with_systemd} # Install the systemd scripts install -Dm 0644 contrib/kimchid.service.fedora %{buildroot}%{_unitdir}/kimchid.service +install -Dm 0640 src/kimchid.xml %{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml %endif
%if 0%{?rhel} == 6 @@ -83,16 +85,32 @@ fi
%if 0%{?rhel} == 6 start kimchid +# Add defult iptable rules to open 8000 and 8001 port +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save %else service kimchid start +# Add firewalld rull to open 8000 and 8001 port s/rull/rules/ +/usr/bin/firewall-cmd --reload +/usr/bin/firewall-cmd --add-service kimchid %endif
%preun +%if 0%{?rhel} == 6 +iptables -D INPUT -p tcp --dport 8000 -j ACCEPT +iptables -D INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save +%else +/usr/bin/firewall-cmd --remove-service kimchid +%endif + if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable kimchid.service > /dev/null 2>&1 || : /bin/systemctl stop kimchid.service > /dev/null 2>&1 || : fi + exit 0
@@ -153,6 +171,7 @@ rm -rf $RPM_BUILD_ROOT
%if 0%{?with_systemd} %{_unitdir}/kimchid.service +%{_prefix}/lib/firewalld/services/kimchid.xml %endif %if 0%{?rhel} == 6 /etc/init/kimchid.conf diff --git a/contrib/kimchi.spec.suse.in b/contrib/kimchi.spec.suse.in index 9051284..dde9dae 100644 --- a/contrib/kimchi.spec.suse.in +++ b/contrib/kimchi.spec.suse.in @@ -46,10 +46,16 @@ install -Dm 0755 contrib/kimchid.sysvinit %{buildroot}%{_initrddir}/kimchid %post service kimchid start chkconfig kimchid on - +# Add iptables rules to open 8000 and 8001 port +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save %preun service kimchid stop - +# Remove iptables rules to open 8000 and 8001 port +iptables -D INPUT -p tcp --dport 8000 -j ACCEPT +iptables -D INPUT -p tcp --dport 8001 -j ACCEPT +service iptables save %clean rm -rf $RPM_BUILD_ROOT
diff --git a/contrib/kimchid.service.fedora b/contrib/kimchid.service.fedora index 7abe49b..e39f86b 100644 --- a/contrib/kimchid.service.fedora +++ b/contrib/kimchid.service.fedora @@ -1,6 +1,7 @@ [Unit] Description=Kimchi server Requires=libvirtd.service +Requires=firewalld.service Kimchid can run even if firewalld is not running, so it doesn't have dependency on it. After=libvirtd.service
[Service] diff --git a/src/Makefile.am b/src/Makefile.am index 7d29e28..e3938a7 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d
EXTRA_DIST = kimchid.in \ kimchi.conf.in \ + kimchid.xml \ $(NULL)
bin_SCRIPTS = kimchid diff --git a/src/kimchid.xml b/src/kimchid.xml firewalld.xml is a better name when it's in kimchi source tree. You can rename it to kimchid.xml on installation. new file mode 100644 index 0000000..dee4599 --- /dev/null +++ b/src/kimchid.xml @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="utf-8"?> +<service> + <short>kimchid</short> + <description>Kimchid is a daemon service for kimchi whichi is a HTML5 based management tool for KVM. It is designed to make it as easy as possible to get started with KVM and create your first guest.</description> + <port protocol="tcp" port="8000"/> + <port protocol="tcp" port="8001"/> +</service>
participants (6)
-
Eli Qiao -
Mark Wu -
Paulo Ricardo Paz Vital -
Rodrigo Trujillo -
Shu Ming -
taget@linux.vnet.ibm.com