diff --git a/contrib/DEBIAN/postinst b/contrib/DEBIAN/postinst deleted file mode 100755 index 5bca009ec..000000000 --- a/contrib/DEBIAN/postinst +++ /dev/null @@ -1,28 +0,0 @@ -#!/bin/sh -e -# -# Project Kimchi -# -# Copyright IBM, Corp. 2013 -# -# This library is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public -# License as published by the Free Software Foundation; either -# version 2.1 of the License, or (at your option) any later version. -# -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. -# -# You should have received a copy of the GNU Lesser General Public -# License along with this library; if not, write to the Free Software -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - -set +e -service firewalld status >/dev/null 2>&1 -if [ $? -ne 0 ]; then - service firewalld start >/dev/null 2>&1 -fi -firewall-cmd --reload >/dev/null 2>&1 -firewall-cmd --add-service kimchid >/dev/null 2>&1 -set -e diff --git a/contrib/DEBIAN/postrm b/contrib/DEBIAN/postrm index 9f1d89584..ef90b493f 100755 --- a/contrib/DEBIAN/postrm +++ b/contrib/DEBIAN/postrm @@ -26,10 +26,3 @@ case "$1" in rm -rf /var/log/kimchi /var/run/kimchi.pid /usr/share/kimchi/ ;; esac - -set +e -service firewalld status >/dev/null 2>&1 -if [ $? -eq 0 ]; then - firewall-cmd --remove-service kimchid >/dev/null 2>&1 -fi -set -e diff --git a/contrib/kimchi.spec.fedora.in b/contrib/kimchi.spec.fedora.in index e75018e84..92d3e4914 100644 --- a/contrib/kimchi.spec.fedora.in +++ b/contrib/kimchi.spec.fedora.in @@ -113,23 +113,6 @@ if [ $1 -eq 1 ] ; then /bin/systemctl daemon-reload >/dev/null 2>&1 || : fi -%if 0%{?with_systemd} -service firewalld status >/dev/null 2>&1 -if [ $? -ne 0 ]; then - service firewalld start >/dev/null 2>&1 -fi -# Add firewalld rules to open 8000 and 8001 port -firewall-cmd --reload >/dev/null 2>&1 -firewall-cmd --add-service kimchid >/dev/null 2>&1 -%else -# Add default iptable rules to open 8000 and 8001 port -iptables -I INPUT -p tcp --dport 8000 -j ACCEPT -iptables -I INPUT -p tcp --dport 8001 -j ACCEPT -iptables -I INPUT -p tcp --dport 64667 -j ACCEPT -service iptables save >/dev/null 2>&1 -%endif -# Add SELinux rules to "open" Kimchi ports -semanage permissive -a httpd_t %preun @@ -137,13 +120,6 @@ if [ $1 -eq 0 ] ; then # Package removal, not upgrade /bin/systemctl --no-reload disable kimchid.service > /dev/null 2>&1 || : /bin/systemctl stop kimchid.service > /dev/null 2>&1 || : - %if 0%{?with_systemd} - firewall-cmd --remove-service kimchid >/dev/null 2>&1 || : - %else - iptables -D INPUT -p tcp --dport 8000 -j ACCEPT || : - iptables -D INPUT -p tcp --dport 8001 -j ACCEPT || : - iptables -D INPUT -p tcp --dport 64667 -j ACCEPT || : - %endif fi exit 0 @@ -154,8 +130,6 @@ if [ "$1" -ge 1 ] ; then /bin/systemctl try-restart kimchid.service >/dev/null 2>&1 || : fi exit 0 -# Rollback SELinux rules -semanage permissive -d httpd_t %clean rm -rf $RPM_BUILD_ROOT diff --git a/docs/README.md b/docs/README.md index 823c8569e..0d20b2b23 100644 --- a/docs/README.md +++ b/docs/README.md @@ -142,6 +142,35 @@ Run $ sudo kimchid --host=0.0.0.0 +If you cannot access Kimchi, take a look at these 2 points: + +1. Firewall +Kimchi uses by default the ports 8000, 8001 and 64667. To allow incoming connections: + + For system using firewalld, do: + sudo firewall-cmd --add-port 8000 --permanent + sudo firewall-cmd --add-port 8001 --permanent + sudo firewall-cmd --add-port 64667 --permanent + sudo firewall-cmd --reload + + For openSUSE systems, do: + sudo /sbin/SuSEfirewall2 open EXT TCP 8000 + sudo /sbin/SuSEfirewall2 open EXT TCP 8001 + sudo /sbin/SuSEfirewall2 open EXT TCP 64667 + + For system using iptables, do: + sudo iptables -A INPUT -p tcp --dport 8000 -j ACCEPT + sudo iptables -A INPUT -p tcp --dport 8001 -j ACCEPT + sudo iptables -A INPUT -p tcp --dport 64667 -j ACCEPT + + Don't forget to correctly save the rules. + + +2. SELinux +Allow httpd_t context for Kimchi web server: + + semanage permissive -a httpd_t + Test ----