diff options
| author | anand <anekkunt@redhat.com> | 2015-08-22 01:09:53 +0530 |
|---|---|---|
| committer | Vijay Bellur <vbellur@redhat.com> | 2015-09-10 23:44:50 -0700 |
| commit | 7f327d3b4f9222995d2ee78862e48ca44c28411c (patch) | |
| tree | d9bfa0ce8ab13e073fca84114ef8eb5a2307125d /glusterfs.spec.in | |
| parent | 22cad7b522f223b47d87df6724f34273306ab7cd (diff) | |
firewall/spec: Create glusterfs firewall service if firewalld installed.
It creates glusterfs firewall service during installation.
glusterfs service : It contains all default ports which needs to be opened.
During installation glusterfs.xml is copied into firewall service directory(/usr/lib/firewalld/services/).
Note:
1.For bricks: It opens the 512 ports, if brick is running out side this range(>49664) then admin need to open the port
for that brick.
2.By default this service is not enabled in any of zone.
To enable this service(glusterfs) in firewall:
1. Get active zone(s) in node
firewall-cmd --get-active-zones
2. Attached this service(glusterfs) to zone(s)
firewall-cmd --zone=<zone_name> --add-service=glusterfs --To apply runtime
firewall-cmd --permanent --zone=<zone_name> --add-service=glusterfs --To apply permanent
Note:
we can also use firewall-config which gives GUI to configure firewall.
Change-Id: Id97fe620c560fd10599511d751aed11a99ba4da5
BUG: 1253967
Signed-off-by: anand <anekkunt@redhat.com>
Reviewed-on: http://review.gluster.org/11989
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Tested-by: Gluster Build System <jenkins@build.gluster.com>
Diffstat (limited to 'glusterfs.spec.in')
| -rw-r--r-- | glusterfs.spec.in | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/glusterfs.spec.in b/glusterfs.spec.in index 93cefe2a1b3..109819f3ecf 100644 --- a/glusterfs.spec.in +++ b/glusterfs.spec.in @@ -89,6 +89,10 @@ %global _with_systemd true %endif +%if ( 0%{?fedora} ) || ( 0%{?rhel} && 0%{?rhel} >= 7 ) +%global _with_firewalld --enable-firewalld +%endif + %if 0%{?_tmpfilesdir:1} %define _with_tmpfilesdir --with-tmpfilesdir=%{_tmpfilesdir} %else @@ -229,6 +233,10 @@ BuildRequires: glib2-devel BuildRequires: libattr-devel %endif +%if (0%{?_with_firewalld:1}) +BuildRequires: firewalld +%endif + Obsoletes: hekafs Obsoletes: %{name}-common < %{version}-%{release} Obsoletes: %{name}-core < %{version}-%{release} @@ -595,6 +603,7 @@ This package provides the translators needed on any GlusterFS client. %{?_without_epoll} \ %{?_without_fusermount} \ %{?_without_georeplication} \ + %{?_with_firewalld} \ %{?_without_ocf} \ %{?_without_qemu_block} \ %{?_without_rdma} \ @@ -875,6 +884,15 @@ if [ -e /etc/ld.so.conf.d/glusterfs.conf ]; then rm -f /etc/ld.so.conf.d/glusterfs.conf /sbin/ldconfig fi + +%if (0%{?_with_firewalld:1}) +#reload service files if firewalld running +if $(systemctl is-active firewalld 1>/dev/null 2>&1); then + #firewalld-filesystem is not available for rhel7, so command used for reload. + firewall-cmd --reload +fi +%endif + pidof -c -o %PPID -x glusterd &> /dev/null if [ $? -eq 0 ]; then kill -9 `pgrep -f gsyncd.py` &> /dev/null @@ -932,6 +950,15 @@ fi %postun api /sbin/ldconfig +%postun server +%if (0%{?_with_firewalld:1}) +#reload service files if firewalld running +if $(systemctl is-active firewalld 1>/dev/null 2>&1); then + firewall-cmd --reload +fi +%endif + + %postun libs /sbin/ldconfig @@ -1232,11 +1259,18 @@ fi %{_libexecdir}/glusterfs/peer_add_secret_pub %{_sharedstatedir}/glusterd/hooks/1/delete/post/S57glusterfind-delete-post.py +%if ( 0%{?_with_firewalld:1} ) +/usr/lib/firewalld/services/glusterfs.xml +%endif + %changelog * Tue Sep 1 2015 Kaleb S. KEITHLEY <kkeithle@redhat.com> - erroneous ghost of ../hooks/1/delete causes install failure (#1258975) +* Tue Aug 25 2015 Anand Nekkunti <anekkunt@redhat.com> +- adding glusterfs-firewalld service (#1253967) + * Tue Aug 18 2015 Niels de Vos <ndevos@redhat.com> - Include missing directories for glusterfind hooks scripts (#1225465) |