[Kimchi-devel] [V2] spec: Open 8000 and 8001 port by default

Eli Qiao taget at linux.vnet.ibm.com
Mon Dec 23 02:13:57 UTC 2013


于 2013年12月22日 22:26, Shu Ming 写道:
> 于 2013/12/20 17:21, taget at linux.vnet.ibm.com 写道:
>> From: Eli Qiao <taget at linux.vnet.ibm.com>
>>
>> V2 - V1 changes:
>>
>> 1.Add firewalld sevice configure file kimchid.xml to help open 
>> iptables port (Mark)
>> 2.Add Ubuntu iptables rule (Royce)
>>
>> Signed-off-by: Eli Qiao <taget at linux.vnet.ibm.com>
>> ---
>>   contrib/DEBIAN/control.in      |    3 ++-
>>   contrib/DEBIAN/postinst        |    2 ++
>>   contrib/DEBIAN/postrm          |    2 ++
>>   contrib/kimchi.spec.fedora.in  |   19 +++++++++++++++++++
>>   contrib/kimchi.spec.suse.in    |   10 ++++++++--
>>   contrib/kimchid.service.fedora |    1 +
>>   src/Makefile.am                |    1 +
>>   src/kimchid.xml                |    7 +++++++
>>   8 files changed, 42 insertions(+), 3 deletions(-)
>>   create mode 100644 src/kimchid.xml
>>
>> diff --git a/contrib/DEBIAN/control.in b/contrib/DEBIAN/control.in
>> index 380584c..c0ea1f1 100644
>> --- a/contrib/DEBIAN/control.in
>> +++ b/contrib/DEBIAN/control.in
>> @@ -17,7 +17,8 @@ Depends: python-cherrypy3 (>= 3.2.0),
>>            python-psutil (>= 0.6.0),
>>            python-ethtool,
>>            sosreport,
>> -         python-ipaddr
>> +         python-ipaddr,
>> +         firewalld
>>   Build-Depends:
>>   Maintainer: Aline Manera <alinefm at br.ibm.com>
>>   Description: Kimchi web server
>> diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst
>> index c1fc22e..b27205c 100755
>> --- a/contrib/DEBIAN/postinst
>> +++ b/contrib/DEBIAN/postinst
>> @@ -19,3 +19,5 @@
>>   # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  
>> 02110-1301  USA
>>
>>   service kimchid start
>> +/usr/bin/firewall-cmd --reload
>> +/usr/bin/firewall-cmd --add-service kimchid
>> diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm
>> index ef90b49..3c70584 100755
>> --- a/contrib/DEBIAN/postrm
>> +++ b/contrib/DEBIAN/postrm
>> @@ -26,3 +26,5 @@ case "$1" in
>>           rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/
>>       ;;
>>   esac
>> +
>> +/usr/bin/firewall-cmd --remove-service kimchid
>> diff --git a/contrib/kimchi.spec.fedora.in 
>> b/contrib/kimchi.spec.fedora.in
>> index 14ec359..3a3ca4c 100644
>> --- a/contrib/kimchi.spec.fedora.in
>> +++ b/contrib/kimchi.spec.fedora.in
>> @@ -34,6 +34,7 @@ BuildRequires:    python-unittest2
>>
>>   %if 0%{?with_systemd}
>>   Requires:    systemd
>> +Requires:    firewalld
>>   Requires(post): systemd
>>   Requires(preun): systemd
>>   Requires(postun): systemd
>> @@ -63,6 +64,7 @@ make DESTDIR=%{buildroot} install
>>   %if 0%{?with_systemd}
>>   # Install the systemd scripts
>>   install -Dm 0644 contrib/kimchid.service.fedora 
>> %{buildroot}%{_unitdir}/kimchid.service
>> +install -Dm 0640 src/kimchid.xml 
>> %{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml
>
> It seems that you may need to check if this file is required on rhel 
> or Fedora.
if with_systemd defined
it's mean RHEL7 or fedora , so no require to check
>>   %endif
>>
>>   %if 0%{?rhel} == 6
>> @@ -83,16 +85,32 @@ fi
>>
>>   %if 0%{?rhel} == 6
>>   start kimchid
>> +# Add defult iptable rules to open 8000 and 8001 port
>> +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
>> +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
>> +service iptables save
>>   %else
>>   service kimchid start
>> +# Add firewalld rull to open 8000 and 8001 port
>> +/usr/bin/firewall-cmd --reload
>> +/usr/bin/firewall-cmd --add-service kimchid
>>   %endif
>>
>>   %preun
>> +%if 0%{?rhel} == 6
>> +iptables -D INPUT -p tcp --dport 8000 -j ACCEPT
>> +iptables -D INPUT -p tcp --dport 8001 -j ACCEPT
>> +service iptables save
>> +%else
>> +/usr/bin/firewall-cmd --remove-service kimchid
>> +%endif
>> +
>>   if [ $1 -eq 0 ] ; then
>>       # Package removal, not upgrade
>>       /bin/systemctl --no-reload disable kimchid.service > /dev/null 
>> 2>&1 || :
>>       /bin/systemctl stop kimchid.service > /dev/null 2>&1 || :
>>   fi
>> +
>>   exit 0
>>
>>
>> @@ -153,6 +171,7 @@ rm -rf $RPM_BUILD_ROOT
>>
>>   %if 0%{?with_systemd}
>>   %{_unitdir}/kimchid.service
>> +%{_prefix}/lib/firewalld/services/kimchid.xml
>>   %endif
>>   %if 0%{?rhel} == 6
>>   /etc/init/kimchid.conf
>> diff --git a/contrib/kimchi.spec.suse.in b/contrib/kimchi.spec.suse.in
>> index 9051284..dde9dae 100644
>> --- a/contrib/kimchi.spec.suse.in
>> +++ b/contrib/kimchi.spec.suse.in
>> @@ -46,10 +46,16 @@ install -Dm 0755 contrib/kimchid.sysvinit 
>> %{buildroot}%{_initrddir}/kimchid
>>   %post
>>   service kimchid start
>>   chkconfig kimchid on
>> -
>> +# Add iptables rules to open 8000 and 8001 port
>> +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
>> +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
>> +service iptables save
>>   %preun
>>   service kimchid stop
>> -
>> +# Remove iptables rules to open 8000 and 8001 port
>> +iptables -D INPUT -p tcp --dport 8000 -j ACCEPT
>> +iptables -D INPUT -p tcp --dport 8001 -j ACCEPT
>> +service iptables save
>>   %clean
>>   rm -rf $RPM_BUILD_ROOT
> Can we use firewalld in open-suse like Fedora?
>
does open-suse have firewalld ? I didn't find it.
>
>>
>> diff --git a/contrib/kimchid.service.fedora 
>> b/contrib/kimchid.service.fedora
>> index 7abe49b..e39f86b 100644
>> --- a/contrib/kimchid.service.fedora
>> +++ b/contrib/kimchid.service.fedora
>> @@ -1,6 +1,7 @@
>>   [Unit]
>>   Description=Kimchi server
>>   Requires=libvirtd.service
>> +Requires=firewalld.service
>>   After=libvirtd.service
>>
>>   [Service]
>> diff --git a/src/Makefile.am b/src/Makefile.am
>> index 7d29e28..e3938a7 100644
>> --- a/src/Makefile.am
>> +++ b/src/Makefile.am
>> @@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d
>>
>>   EXTRA_DIST = kimchid.in \
>>       kimchi.conf.in \
>> +    kimchid.xml \
>>       $(NULL)
>>
>>   bin_SCRIPTS = kimchid
>> diff --git a/src/kimchid.xml b/src/kimchid.xml
>> new file mode 100644
>> index 0000000..dee4599
>> --- /dev/null
>> +++ b/src/kimchid.xml
>> @@ -0,0 +1,7 @@
>> +<?xml version="1.0" encoding="utf-8"?>
>> +<service>
>> +  <short>kimchid</short>
>> +  <description>Kimchid is a daemon service for kimchi whichi is a 
>> HTML5 based management tool for KVM.  It is designed to make it as 
>> easy as possible to get started with KVM and create your first 
>> guest.</description>
>> +  <port protocol="tcp" port="8000"/>
>> +  <port protocol="tcp" port="8001"/>
>> +</service>
>

-- 
Thanks Eli (Li Yong) Qiao (qiaoly at cn.ibm.com)
CSTL-KVM Frobisher/RHEV-H




More information about the Kimchi-devel mailing list