[Kimchi-devel] [V2] spec: Open 8000 and 8001 port by default
Eli Qiao
taget at linux.vnet.ibm.com
Mon Dec 23 02:13:57 UTC 2013
于 2013年12月22日 22:26, Shu Ming 写道:
> 于 2013/12/20 17:21, taget at linux.vnet.ibm.com 写道:
>> From: Eli Qiao <taget at linux.vnet.ibm.com>
>>
>> V2 - V1 changes:
>>
>> 1.Add firewalld sevice configure file kimchid.xml to help open
>> iptables port (Mark)
>> 2.Add Ubuntu iptables rule (Royce)
>>
>> Signed-off-by: Eli Qiao <taget at linux.vnet.ibm.com>
>> ---
>> contrib/DEBIAN/control.in | 3 ++-
>> contrib/DEBIAN/postinst | 2 ++
>> contrib/DEBIAN/postrm | 2 ++
>> contrib/kimchi.spec.fedora.in | 19 +++++++++++++++++++
>> contrib/kimchi.spec.suse.in | 10 ++++++++--
>> contrib/kimchid.service.fedora | 1 +
>> src/Makefile.am | 1 +
>> src/kimchid.xml | 7 +++++++
>> 8 files changed, 42 insertions(+), 3 deletions(-)
>> create mode 100644 src/kimchid.xml
>>
>> diff --git a/contrib/DEBIAN/control.in b/contrib/DEBIAN/control.in
>> index 380584c..c0ea1f1 100644
>> --- a/contrib/DEBIAN/control.in
>> +++ b/contrib/DEBIAN/control.in
>> @@ -17,7 +17,8 @@ Depends: python-cherrypy3 (>= 3.2.0),
>> python-psutil (>= 0.6.0),
>> python-ethtool,
>> sosreport,
>> - python-ipaddr
>> + python-ipaddr,
>> + firewalld
>> Build-Depends:
>> Maintainer: Aline Manera <alinefm at br.ibm.com>
>> Description: Kimchi web server
>> diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst
>> index c1fc22e..b27205c 100755
>> --- a/contrib/DEBIAN/postinst
>> +++ b/contrib/DEBIAN/postinst
>> @@ -19,3 +19,5 @@
>> # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
>> 02110-1301 USA
>>
>> service kimchid start
>> +/usr/bin/firewall-cmd --reload
>> +/usr/bin/firewall-cmd --add-service kimchid
>> diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm
>> index ef90b49..3c70584 100755
>> --- a/contrib/DEBIAN/postrm
>> +++ b/contrib/DEBIAN/postrm
>> @@ -26,3 +26,5 @@ case "$1" in
>> rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/
>> ;;
>> esac
>> +
>> +/usr/bin/firewall-cmd --remove-service kimchid
>> diff --git a/contrib/kimchi.spec.fedora.in
>> b/contrib/kimchi.spec.fedora.in
>> index 14ec359..3a3ca4c 100644
>> --- a/contrib/kimchi.spec.fedora.in
>> +++ b/contrib/kimchi.spec.fedora.in
>> @@ -34,6 +34,7 @@ BuildRequires: python-unittest2
>>
>> %if 0%{?with_systemd}
>> Requires: systemd
>> +Requires: firewalld
>> Requires(post): systemd
>> Requires(preun): systemd
>> Requires(postun): systemd
>> @@ -63,6 +64,7 @@ make DESTDIR=%{buildroot} install
>> %if 0%{?with_systemd}
>> # Install the systemd scripts
>> install -Dm 0644 contrib/kimchid.service.fedora
>> %{buildroot}%{_unitdir}/kimchid.service
>> +install -Dm 0640 src/kimchid.xml
>> %{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml
>
> It seems that you may need to check if this file is required on rhel
> or Fedora.
if with_systemd defined
it's mean RHEL7 or fedora , so no require to check
>> %endif
>>
>> %if 0%{?rhel} == 6
>> @@ -83,16 +85,32 @@ fi
>>
>> %if 0%{?rhel} == 6
>> start kimchid
>> +# Add defult iptable rules to open 8000 and 8001 port
>> +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
>> +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
>> +service iptables save
>> %else
>> service kimchid start
>> +# Add firewalld rull to open 8000 and 8001 port
>> +/usr/bin/firewall-cmd --reload
>> +/usr/bin/firewall-cmd --add-service kimchid
>> %endif
>>
>> %preun
>> +%if 0%{?rhel} == 6
>> +iptables -D INPUT -p tcp --dport 8000 -j ACCEPT
>> +iptables -D INPUT -p tcp --dport 8001 -j ACCEPT
>> +service iptables save
>> +%else
>> +/usr/bin/firewall-cmd --remove-service kimchid
>> +%endif
>> +
>> if [ $1 -eq 0 ] ; then
>> # Package removal, not upgrade
>> /bin/systemctl --no-reload disable kimchid.service > /dev/null
>> 2>&1 || :
>> /bin/systemctl stop kimchid.service > /dev/null 2>&1 || :
>> fi
>> +
>> exit 0
>>
>>
>> @@ -153,6 +171,7 @@ rm -rf $RPM_BUILD_ROOT
>>
>> %if 0%{?with_systemd}
>> %{_unitdir}/kimchid.service
>> +%{_prefix}/lib/firewalld/services/kimchid.xml
>> %endif
>> %if 0%{?rhel} == 6
>> /etc/init/kimchid.conf
>> diff --git a/contrib/kimchi.spec.suse.in b/contrib/kimchi.spec.suse.in
>> index 9051284..dde9dae 100644
>> --- a/contrib/kimchi.spec.suse.in
>> +++ b/contrib/kimchi.spec.suse.in
>> @@ -46,10 +46,16 @@ install -Dm 0755 contrib/kimchid.sysvinit
>> %{buildroot}%{_initrddir}/kimchid
>> %post
>> service kimchid start
>> chkconfig kimchid on
>> -
>> +# Add iptables rules to open 8000 and 8001 port
>> +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
>> +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
>> +service iptables save
>> %preun
>> service kimchid stop
>> -
>> +# Remove iptables rules to open 8000 and 8001 port
>> +iptables -D INPUT -p tcp --dport 8000 -j ACCEPT
>> +iptables -D INPUT -p tcp --dport 8001 -j ACCEPT
>> +service iptables save
>> %clean
>> rm -rf $RPM_BUILD_ROOT
> Can we use firewalld in open-suse like Fedora?
>
does open-suse have firewalld ? I didn't find it.
>
>>
>> diff --git a/contrib/kimchid.service.fedora
>> b/contrib/kimchid.service.fedora
>> index 7abe49b..e39f86b 100644
>> --- a/contrib/kimchid.service.fedora
>> +++ b/contrib/kimchid.service.fedora
>> @@ -1,6 +1,7 @@
>> [Unit]
>> Description=Kimchi server
>> Requires=libvirtd.service
>> +Requires=firewalld.service
>> After=libvirtd.service
>>
>> [Service]
>> diff --git a/src/Makefile.am b/src/Makefile.am
>> index 7d29e28..e3938a7 100644
>> --- a/src/Makefile.am
>> +++ b/src/Makefile.am
>> @@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d
>>
>> EXTRA_DIST = kimchid.in \
>> kimchi.conf.in \
>> + kimchid.xml \
>> $(NULL)
>>
>> bin_SCRIPTS = kimchid
>> diff --git a/src/kimchid.xml b/src/kimchid.xml
>> new file mode 100644
>> index 0000000..dee4599
>> --- /dev/null
>> +++ b/src/kimchid.xml
>> @@ -0,0 +1,7 @@
>> +<?xml version="1.0" encoding="utf-8"?>
>> +<service>
>> + <short>kimchid</short>
>> + <description>Kimchid is a daemon service for kimchi whichi is a
>> HTML5 based management tool for KVM. It is designed to make it as
>> easy as possible to get started with KVM and create your first
>> guest.</description>
>> + <port protocol="tcp" port="8000"/>
>> + <port protocol="tcp" port="8001"/>
>> +</service>
>
--
Thanks Eli (Li Yong) Qiao (qiaoly at cn.ibm.com)
CSTL-KVM Frobisher/RHEV-H
More information about the Kimchi-devel
mailing list