[Kimchi-devel] [V2] spec: Open 8000 and 8001 port by default

taget at linux.vnet.ibm.com taget at linux.vnet.ibm.com
Fri Dec 20 09:21:54 UTC 2013


From: Eli Qiao <taget at linux.vnet.ibm.com>

V2 - V1 changes:

1.Add firewalld sevice configure file kimchid.xml to help open iptables port (Mark)
2.Add Ubuntu iptables rule (Royce)

Signed-off-by: Eli Qiao <taget at linux.vnet.ibm.com>
---
 contrib/DEBIAN/control.in      |    3 ++-
 contrib/DEBIAN/postinst        |    2 ++
 contrib/DEBIAN/postrm          |    2 ++
 contrib/kimchi.spec.fedora.in  |   19 +++++++++++++++++++
 contrib/kimchi.spec.suse.in    |   10 ++++++++--
 contrib/kimchid.service.fedora |    1 +
 src/Makefile.am                |    1 +
 src/kimchid.xml                |    7 +++++++
 8 files changed, 42 insertions(+), 3 deletions(-)
 create mode 100644 src/kimchid.xml

diff --git a/contrib/DEBIAN/control.in b/contrib/DEBIAN/control.in
index 380584c..c0ea1f1 100644
--- a/contrib/DEBIAN/control.in
+++ b/contrib/DEBIAN/control.in
@@ -17,7 +17,8 @@ Depends: python-cherrypy3 (>= 3.2.0),
          python-psutil (>= 0.6.0),
          python-ethtool,
          sosreport,
-         python-ipaddr
+         python-ipaddr,
+         firewalld
 Build-Depends:
 Maintainer: Aline Manera <alinefm at br.ibm.com>
 Description: Kimchi web server
diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst
index c1fc22e..b27205c 100755
--- a/contrib/DEBIAN/postinst
+++ b/contrib/DEBIAN/postinst
@@ -19,3 +19,5 @@
 # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 
 service kimchid start
+/usr/bin/firewall-cmd --reload
+/usr/bin/firewall-cmd --add-service kimchid
diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm
index ef90b49..3c70584 100755
--- a/contrib/DEBIAN/postrm
+++ b/contrib/DEBIAN/postrm
@@ -26,3 +26,5 @@ case "$1" in
         rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/
     ;;
 esac
+
+/usr/bin/firewall-cmd --remove-service kimchid
diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in
index 14ec359..3a3ca4c 100644
--- a/contrib/kimchi.spec.fedora.in
+++ b/contrib/kimchi.spec.fedora.in
@@ -34,6 +34,7 @@ BuildRequires:    python-unittest2
 
 %if 0%{?with_systemd}
 Requires:	systemd
+Requires:	firewalld
 Requires(post): systemd
 Requires(preun): systemd
 Requires(postun): systemd
@@ -63,6 +64,7 @@ make DESTDIR=%{buildroot} install
 %if 0%{?with_systemd}
 # Install the systemd scripts
 install -Dm 0644 contrib/kimchid.service.fedora %{buildroot}%{_unitdir}/kimchid.service
+install -Dm 0640 src/kimchid.xml %{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml
 %endif
 
 %if 0%{?rhel} == 6
@@ -83,16 +85,32 @@ fi
 
 %if 0%{?rhel} == 6
 start kimchid
+# Add defult iptable rules to open 8000 and 8001 port
+iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
+iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
+service iptables save
 %else
 service kimchid start
+# Add firewalld rull to open 8000 and 8001 port
+/usr/bin/firewall-cmd --reload
+/usr/bin/firewall-cmd --add-service kimchid
 %endif
 
 %preun
+%if 0%{?rhel} == 6
+iptables -D INPUT -p tcp --dport 8000 -j ACCEPT
+iptables -D INPUT -p tcp --dport 8001 -j ACCEPT
+service iptables save
+%else
+/usr/bin/firewall-cmd --remove-service kimchid
+%endif
+
 if [ $1 -eq 0 ] ; then
     # Package removal, not upgrade
     /bin/systemctl --no-reload disable kimchid.service > /dev/null 2>&1 || :
     /bin/systemctl stop kimchid.service > /dev/null 2>&1 || :
 fi
+
 exit 0
 
 
@@ -153,6 +171,7 @@ rm -rf $RPM_BUILD_ROOT
 
 %if 0%{?with_systemd}
 %{_unitdir}/kimchid.service
+%{_prefix}/lib/firewalld/services/kimchid.xml
 %endif
 %if 0%{?rhel} == 6
 /etc/init/kimchid.conf
diff --git a/contrib/kimchi.spec.suse.in b/contrib/kimchi.spec.suse.in
index 9051284..dde9dae 100644
--- a/contrib/kimchi.spec.suse.in
+++ b/contrib/kimchi.spec.suse.in
@@ -46,10 +46,16 @@ install -Dm 0755 contrib/kimchid.sysvinit %{buildroot}%{_initrddir}/kimchid
 %post
 service kimchid start
 chkconfig kimchid on
-
+# Add iptables rules to open 8000 and 8001 port
+iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
+iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
+service iptables save
 %preun
 service kimchid stop
-
+# Remove iptables rules to open 8000 and 8001 port
+iptables -D INPUT -p tcp --dport 8000 -j ACCEPT
+iptables -D INPUT -p tcp --dport 8001 -j ACCEPT
+service iptables save
 %clean
 rm -rf $RPM_BUILD_ROOT
 
diff --git a/contrib/kimchid.service.fedora b/contrib/kimchid.service.fedora
index 7abe49b..e39f86b 100644
--- a/contrib/kimchid.service.fedora
+++ b/contrib/kimchid.service.fedora
@@ -1,6 +1,7 @@
 [Unit]
 Description=Kimchi server
 Requires=libvirtd.service
+Requires=firewalld.service
 After=libvirtd.service
 
 [Service]
diff --git a/src/Makefile.am b/src/Makefile.am
index 7d29e28..e3938a7 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d
 
 EXTRA_DIST = kimchid.in \
 	kimchi.conf.in \
+	kimchid.xml \
 	$(NULL)
 
 bin_SCRIPTS = kimchid
diff --git a/src/kimchid.xml b/src/kimchid.xml
new file mode 100644
index 0000000..dee4599
--- /dev/null
+++ b/src/kimchid.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <short>kimchid</short>
+  <description>Kimchid is a daemon service for kimchi whichi is a HTML5 based management tool for KVM.  It is designed to make it as easy as possible to get started with KVM and create your first guest.</description>
+  <port protocol="tcp" port="8000"/>
+  <port protocol="tcp" port="8001"/>
+</service>
-- 
1.7.1




More information about the Kimchi-devel mailing list