[Kimchi-devel] [PATCH V8 1/1] spec: Open 8000 and 8001 port by default
Aline Manera
alinefm at linux.vnet.ibm.com
Tue Jan 7 17:27:08 UTC 2014
On 01/07/2014 03:16 PM, Aline Manera wrote:
> On 01/07/2014 05:52 AM, taget at linux.vnet.ibm.com wrote:
>> From: Eli Qiao <taget at linux.vnet.ibm.com>
>>
>> Use firewalld to manager firewall rules on RHEL7, fedora and ubuntu.
>
> Please, make sure to test the patch in all those distros.
>
> More comments below.
>
>> Add static rules in iptables to on RHEL6.
>>
>> Signed-off-by: Eli Qiao <taget at linux.vnet.ibm.com>
>> ---
>> Makefile.am | 2 ++
>> contrib/DEBIAN/control.in | 1 +
>> contrib/DEBIAN/postinst | 6 ++++++
>> contrib/DEBIAN/postrm | 2 ++
>> contrib/kimchi.spec.fedora.in | 26 ++++++++++++++++++++++++++
>> src/Makefile.am | 1 +
>> src/firewalld.xml | 7 +++++++
>> 7 files changed, 45 insertions(+)
>> create mode 100644 src/firewalld.xml
>>
>> diff --git a/Makefile.am b/Makefile.am
>> index 7ab1bd8..b2917eb 100644
>> --- a/Makefile.am
>> +++ b/Makefile.am
>> @@ -86,6 +86,8 @@ install-deb: install
>> $(MKDIR_P) $(DESTDIR)/etc/init
>> cp -R $(top_srcdir)/contrib/kimchid-upstart.conf.debian \
>> $(DESTDIR)/etc/init/kimchid.conf
>
>> + cp -R $(top_srcdir)/src/firewalld.xml \
>> + /usr/lib/firewalld/services/kimchid.xml
>
> Why did you change the previous script?
> That way you are installing kimchid.xml in the build system.
>
> It should be:
>
> # Create the dir first
> $(MKDIR_P) $(DESTDIR)/usr/lib/firewalld/services
>
> # copy it to the right location
> cp -R $(top_srcdir)/src/firewalld.xml
> $(DESTDIR)/usr/lib/firewalld/services/kimchid.xml
>
>
>>
>>
>> deb: contrib/make-deb.sh
>> diff --git a/contrib/DEBIAN/control.in b/contrib/DEBIAN/control.in
>> index eecfb27..bfbe83d 100644
>> --- a/contrib/DEBIAN/control.in
>> +++ b/contrib/DEBIAN/control.in
>> @@ -19,6 +19,7 @@ Depends: python-cherrypy3 (>= 3.2.0),
>> sosreport,
>> python-ipaddr,
>> open-iscsi
>> + firewalld
>
> make[1]: Leaving directory `/home/alinefm/kimchi'
> dpkg-deb: error: parsing file '/tmp/tmp.V1vHEVEY9P/DEBIAN/control'
> near line 22 package 'kimchi':
> `Depends' field, syntax error after reference to package `open-iscsi'
>
> There is missing a comma after 'open-iscsi'
>
>> Build-Depends:
>> Maintainer: Aline Manera <alinefm at br.ibm.com>
>> Description: Kimchi web server
>> diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst
>> index c1fc22e..2726753 100755
>> --- a/contrib/DEBIAN/postinst
>> +++ b/contrib/DEBIAN/postinst
>> @@ -19,3 +19,9 @@
>> # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
>> 02110-1301 USA
>>
>> service kimchid start
>> +service firewalld status | grep "not running" >/dev/null 2>&1
>> +if [[ $? -eq 0 ]]; then
>> + service firewalld start >/dev/null 2>&1
>> +fi
>> +firewall-cmd --reload >/dev/null 2>&1
>> +firewall-cmd --add-service kimchid >/dev/null 2>&1
alinefm at alinefm-virtual-machine:~/kimchi$ sudo dpkg -i
kimchi-1.1.0-57.git2163670.noarch.deb
Selecting previously unselected package kimchi.
(Reading database ... 171601 files and directories currently installed.)
Unpacking kimchi (from kimchi-1.1.0-57.git2163670.noarch.deb) ...
Setting up kimchi (1.1.0) ...
+ service kimchid start
kimchid start/running, process 8553
+ grep not running
+ service firewalld status
*dpkg: error processing kimchi (--install):**
** subprocess installed post-installation script returned error exit
status 1**
**Processing triggers for ureadahead ...**
**Errors were encountered while processing:**
** kimchi*
alinefm at alinefm-virtual-machine:~/kimchi$ sudo service firewalld status
| grep "not running" >/dev/null 2>&1
alinefm at alinefm-virtual-machine:~/kimchi$ echo $?
1
It is because firewalld service is running, so the command above return
error code.
>> diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm
>> index ef90b49..22db3ce 100755
>> --- a/contrib/DEBIAN/postrm
>> +++ b/contrib/DEBIAN/postrm
>> @@ -26,3 +26,5 @@ case "$1" in
>> rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/
>> ;;
>> esac
>> +
>> +firewall-cmd --remove-service kimchid >/dev/null 2>&1
>> diff --git a/contrib/kimchi.spec.fedora.in
>> b/contrib/kimchi.spec.fedora.in
>> index 75435b3..a8e4e4d 100644
>> --- a/contrib/kimchi.spec.fedora.in
>> +++ b/contrib/kimchi.spec.fedora.in
>> @@ -35,6 +35,7 @@ BuildRequires: python-unittest2
>>
>> %if 0%{?with_systemd}
>> Requires: systemd
>> +Requires: firewalld
>> Requires(post): systemd
>> Requires(preun): systemd
>> Requires(postun): systemd
>> @@ -64,6 +65,7 @@ make DESTDIR=%{buildroot} install
>> %if 0%{?with_systemd}
>> # Install the systemd scripts
>> install -Dm 0644 contrib/kimchid.service.fedora
>> %{buildroot}%{_unitdir}/kimchid.service
>> +install -Dm 0640 src/firewalld.xml
>> %{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml
>> %endif
>>
>> %if 0%{?rhel} == 6
>> @@ -88,12 +90,35 @@ start kimchid
>> service kimchid start
>> %endif
>>
>> +%if 0%{?with_systemd}
>> +service firewalld status | grep "active (running)" >/dev/null 2>&1
>> +if [[ $? -ne 0 ]]; then
>> + service firewalld start >/dev/null 2>&1
>> +fi
>> +# Add firewalld rules to open 8000 and 8001 port
>> +firewall-cmd --reload >/dev/null 2>&1
>> +firewall-cmd --add-service kimchid >/dev/null 2>&1
>> +%else
>> +# Add default iptable rules to open 8000 and 8001 port
>> +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
>> +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
>> +service iptables save >/dev/null 2>&1
>> +%endif
>> +
>> %preun
>> +
>> if [ $1 -eq 0 ] ; then
>> # Package removal, not upgrade
>> /bin/systemctl --no-reload disable kimchid.service > /dev/null
>> 2>&1 || :
>> /bin/systemctl stop kimchid.service > /dev/null 2>&1 || :
>> + %if 0%{?with_systemd}
>> + firewall-cmd --remove-service kimchid >/dev/null 2>&1 || :
>> + %else
>> + iptables -D INPUT -p tcp --dport 8000 -j ACCEPT || :
>> + iptables -D INPUT -p tcp --dport 8001 -j ACCEPT || :
>> + %endif
>> fi
>> +
>> exit 0
>>
>>
>> @@ -156,6 +181,7 @@ rm -rf $RPM_BUILD_ROOT
>>
>> %if 0%{?with_systemd}
>> %{_unitdir}/kimchid.service
>> +%{_prefix}/lib/firewalld/services/kimchid.xml
>> %endif
>> %if 0%{?rhel} == 6
>> /etc/init/kimchid.conf
>> diff --git a/src/Makefile.am b/src/Makefile.am
>> index 7d29e28..7514870 100644
>> --- a/src/Makefile.am
>> +++ b/src/Makefile.am
>> @@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d
>>
>> EXTRA_DIST = kimchid.in \
>> kimchi.conf.in \
>> + firewalld.xml \
>> $(NULL)
>>
>> bin_SCRIPTS = kimchid
>> diff --git a/src/firewalld.xml b/src/firewalld.xml
>> new file mode 100644
>> index 0000000..7472e20
>> --- /dev/null
>> +++ b/src/firewalld.xml
>> @@ -0,0 +1,7 @@
>> +<?xml version="1.0" encoding="utf-8"?>
>> +<service>
>> + <short>kimchid</short>
>> + <description>Kimchid is a daemon service for kimchi which is a
>> HTML5 based management tool for KVM. It is designed to make it as
>> easy as possible to get started with KVM and create your first
>> guest.</description>
>> + <port protocol="tcp" port="8000"/>
>> + <port protocol="tcp" port="8001"/>
>> +</service>
>
> _______________________________________________
> Kimchi-devel mailing list
> Kimchi-devel at ovirt.org
> http://lists.ovirt.org/mailman/listinfo/kimchi-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/kimchi-devel/attachments/20140107/61475a59/attachment.html>
More information about the Kimchi-devel
mailing list