[Kimchi-devel] [PATCH V7 1/1] spec: Open 8000 and 8001 port by default
Aline Manera
alinefm at linux.vnet.ibm.com
Tue Jan 7 19:06:15 UTC 2014
On 01/07/2014 05:44 AM, Eli Qiao wrote:
>
> ? 2014?01?07? 01:31, Aline Manera ??:
>> *
>> **opensuse-vm*:~/kimchi # rpm -ivh
>> /root/kimchi/rpm/RPMS/x86_64/kimchi-1.1.0-51.git831ea68.x86_64.rpm
>> Preparing... ################################# [100%]
>> Updating / installing...
>> 1:kimchi-1.1.0-51.git831ea68 ################################# [100%]
>> warning: %post(kimchi-1.1.0-51.git831ea68.x86_64) scriptlet failed,
>> exit status 1
>>
>> While running all command from post section manually I got:
>>
>> opensuse-vm:~/kimchi # service iptables save
>> service: no such service iptables
>>
>> In opensuse you need to use /sbin/SuSEfirewall2
>>
> hello Aline
> thanks for your testing and comments
> I am not quite familiar with open suse or environment ,
> so I have not so much confident with the changes for suse.
> I'd like to remove changes for suse from this patch, and
> Could you please merge my patch and I will send a following separate
> patch to support suse
> later ?
> will send a new version to remove this change for suse.
No problem. Just don't forget to send the SUSE code
>
> thanks Eli
>>
>> On 01/06/2014 04:10 AM, taget at linux.vnet.ibm.com wrote:
>>> From: Eli Qiao<taget at linux.vnet.ibm.com>
>>>
>>> Use firewalld to manager firewall rules on RHEL7, fedora and ubuntu.
>>> Add static rules in iptables to on RHEL6.
>>>
>>> Signed-off-by: Eli Qiao<taget at linux.vnet.ibm.com>
>>> ---
>>> Makefile.am | 3 +++
>>> contrib/DEBIAN/control.in | 3 ++-
>>> contrib/DEBIAN/postinst | 6 ++++++
>>> contrib/DEBIAN/postrm | 2 ++
>>> contrib/kimchi.spec.fedora.in | 26 ++++++++++++++++++++++++++
>>> contrib/kimchi.spec.suse.in | 10 ++++++++--
>>> src/Makefile.am | 1 +
>>> src/firewalld.xml | 7 +++++++
>>> 8 files changed, 55 insertions(+), 3 deletions(-)
>>> create mode 100644 src/firewalld.xml
>>>
>>> diff --git a/Makefile.am b/Makefile.am
>>> index 1fb3502..83dab8b 100644
>>> --- a/Makefile.am
>>> +++ b/Makefile.am
>>> @@ -79,8 +79,11 @@ all-local:
>>> install-deb: install
>>> cp -R $(top_srcdir)/contrib/DEBIAN $(DESTDIR)/
>>> $(MKDIR_P) $(DESTDIR)/etc/init
>>> + $(MKDIR_P) $(DESTDIR)/usr/lib/firewalld/services
>>> cp -R $(top_srcdir)/contrib/kimchid-upstart.conf.debian \
>>> $(DESTDIR)/etc/init/kimchid.conf
>>> + cp -R $(top_srcdir)/src/firewalld.xml \
>>> + $(DESTDIR)/usr/lib/firewalld/services/kimchid.xml
>>>
>>>
>>> deb: contrib/make-deb.sh
>>> diff --git a/contrib/DEBIAN/control.in b/contrib/DEBIAN/control.in
>>> index 380584c..c0ea1f1 100644
>>> --- a/contrib/DEBIAN/control.in
>>> +++ b/contrib/DEBIAN/control.in
>>> @@ -17,7 +17,8 @@ Depends: python-cherrypy3 (>= 3.2.0),
>>> python-psutil (>= 0.6.0),
>>> python-ethtool,
>>> sosreport,
>>> - python-ipaddr
>>> + python-ipaddr,
>>> + firewalld
>>> Build-Depends:
>>> Maintainer: Aline Manera<alinefm at br.ibm.com>
>>> Description: Kimchi web server
>>> diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst
>>> index c1fc22e..2726753 100755
>>> --- a/contrib/DEBIAN/postinst
>>> +++ b/contrib/DEBIAN/postinst
>>> @@ -19,3 +19,9 @@
>>> # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
>>>
>>> service kimchid start
>>> +service firewalld status | grep "not running" >/dev/null 2>&1
>>> +if [[ $? -eq 0 ]]; then
>>> + service firewalld start >/dev/null 2>&1
>>> +fi
>>> +firewall-cmd --reload >/dev/null 2>&1
>>> +firewall-cmd --add-service kimchid >/dev/null 2>&1
>>> diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm
>>> index ef90b49..22db3ce 100755
>>> --- a/contrib/DEBIAN/postrm
>>> +++ b/contrib/DEBIAN/postrm
>>> @@ -26,3 +26,5 @@ case "$1" in
>>> rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/
>>> ;;
>>> esac
>>> +
>>> +firewall-cmd --remove-service kimchid >/dev/null 2>&1
>>> diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in
>>> index 3044fc8..3bb5b1c 100644
>>> --- a/contrib/kimchi.spec.fedora.in
>>> +++ b/contrib/kimchi.spec.fedora.in
>>> @@ -34,6 +34,7 @@ BuildRequires: python-unittest2
>>>
>>> %if 0%{?with_systemd}
>>> Requires: systemd
>>> +Requires: firewalld
>>> Requires(post): systemd
>>> Requires(preun): systemd
>>> Requires(postun): systemd
>>> @@ -63,6 +64,7 @@ make DESTDIR=%{buildroot} install
>>> %if 0%{?with_systemd}
>>> # Install the systemd scripts
>>> install -Dm 0644 contrib/kimchid.service.fedora %{buildroot}%{_unitdir}/kimchid.service
>>> +install -Dm 0640 src/firewalld.xml %{buildroot}%{_prefix}/lib/firewalld/services/kimchid.xml
>>> %endif
>>>
>>> %if 0%{?rhel} == 6
>>> @@ -87,12 +89,35 @@ start kimchid
>>> service kimchid start
>>> %endif
>>>
>>> +%if 0%{?with_systemd}
>>> +service firewalld status | grep "active (running)" >/dev/null 2>&1
>>> +if [[ $? -ne 0 ]]; then
>>> + service firewalld start >/dev/null 2>&1
>>> +fi
>>> +# Add firewalld rules to open 8000 and 8001 port
>>> +firewall-cmd --reload >/dev/null 2>&1
>>> +firewall-cmd --add-service kimchid >/dev/null 2>&1
>>> +%else
>>> +# Add default iptable rules to open 8000 and 8001 port
>>> +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
>>> +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
>>> +service iptables save >/dev/null 2>&1
>>> +%endif
>>> +
>>> %preun
>>> +
>>> if [ $1 -eq 0 ] ; then
>>> # Package removal, not upgrade
>>> /bin/systemctl --no-reload disable kimchid.service > /dev/null 2>&1 || :
>>> /bin/systemctl stop kimchid.service > /dev/null 2>&1 || :
>>> + %if 0%{?with_systemd}
>>> + firewall-cmd --remove-service kimchid >/dev/null 2>&1 || :
>>> + %else
>>> + iptables -D INPUT -p tcp --dport 8000 -j ACCEPT || :
>>> + iptables -D INPUT -p tcp --dport 8001 -j ACCEPT || :
>>> + %endif
>>> fi
>>> +
>>> exit 0
>>>
>>>
>>> @@ -155,6 +180,7 @@ rm -rf $RPM_BUILD_ROOT
>>>
>>> %if 0%{?with_systemd}
>>> %{_unitdir}/kimchid.service
>>> +%{_prefix}/lib/firewalld/services/kimchid.xml
>>> %endif
>>> %if 0%{?rhel} == 6
>>> /etc/init/kimchid.conf
>>> diff --git a/contrib/kimchi.spec.suse.in b/contrib/kimchi.spec.suse.in
>>> index 190b2be..be5172d 100644
>>> --- a/contrib/kimchi.spec.suse.in
>>> +++ b/contrib/kimchi.spec.suse.in
>>> @@ -46,10 +46,16 @@ install -Dm 0755 contrib/kimchid.sysvinit %{buildroot}%{_initrddir}/kimchid
>>> %post
>>> service kimchid start
>>> chkconfig kimchid on
>>> -
>>> +# Add iptables rules to open 8000 and 8001 port
>>> +iptables -I INPUT -p tcp --dport 8000 -j ACCEPT
>>> +iptables -I INPUT -p tcp --dport 8001 -j ACCEPT
>>> +service iptables save >/dev/null 2>&1
>>> %preun
>>> service kimchid stop
>>> -
>>> +# Remove iptables rules to open 8000 and 8001 port
>>> +iptables -D INPUT -p tcp --dport 8000 -j ACCEPT
>>> +iptables -D INPUT -p tcp --dport 8001 -j ACCEPT
>>> +service iptables save >/dev/null 2>&1
>>> %clean
>>> rm -rf $RPM_BUILD_ROOT
>>>
>>> diff --git a/src/Makefile.am b/src/Makefile.am
>>> index 7d29e28..7514870 100644
>>> --- a/src/Makefile.am
>>> +++ b/src/Makefile.am
>>> @@ -24,6 +24,7 @@ SUBDIRS = kimchi distros.d
>>>
>>> EXTRA_DIST = kimchid.in \
>>> kimchi.conf.in \
>>> + firewalld.xml \
>>> $(NULL)
>>>
>>> bin_SCRIPTS = kimchid
>>> diff --git a/src/firewalld.xml b/src/firewalld.xml
>>> new file mode 100644
>>> index 0000000..7472e20
>>> --- /dev/null
>>> +++ b/src/firewalld.xml
>>> @@ -0,0 +1,7 @@
>>> +<?xml version="1.0" encoding="utf-8"?>
>>> +<service>
>>> + <short>kimchid</short>
>>> + <description>Kimchid is a daemon service for kimchi which is a HTML5 based management tool for KVM. It is designed to make it as easy as possible to get started with KVM and create your first guest.</description>
>>> + <port protocol="tcp" port="8000"/>
>>> + <port protocol="tcp" port="8001"/>
>>> +</service>
>>
>
> --
> Thanks Eli (Li Yong) Qiao (qiaoly at cn.ibm.com)
> CSTL-KVM Frobisher/RHEV-H
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ovirt.org/pipermail/kimchi-devel/attachments/20140107/80c3e582/attachment.html>
More information about the Kimchi-devel
mailing list