[ovs-dev] [PATCH v2] rhel: Firewall service files for OVN.

Russell Bryant russell at ovn.org
Fri Feb 3 20:50:10 UTC 2017 

From: Marcin Mirecki <mmirecki at redhat.com>

Firewall service files allowing to open firewalld
ports required for running OVN

Signed-off-by: Marcin Mirecki <mmirecki at redhat.com>
Acked-by: Ben Pfaff <blp at ovn.org>
Signed-off-by: Russell Bryant <russell at ovn.org>
---
 AUTHORS.rst                                                      | 1 +
 rhel/automake.mk                                                 | 5 ++++-
 rhel/openvswitch-fedora.spec.in                                  | 9 +++++++++
 rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml | 7 +++++++
 rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml    | 6 ++++++
 5 files changed, 27 insertions(+), 1 deletion(-)
 create mode 100644 rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml
 create mode 100644 rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml

diff --git a/AUTHORS.rst b/AUTHORS.rst
index 8f3fc26..b567fcc 100644
--- a/AUTHORS.rst
+++ b/AUTHORS.rst
@@ -192,6 +192,7 @@ Luigi Rizzo                     rizzo at iet.unipi.it
 Luis E. P.                      l31g at hotmail.com
 Lukasz Rzasik                   lukasz.rzasik at gmail.com
 Madhu Challa                    challa at noironetworks.com
+Marcin Mirecki                  mmirecki at redhat.com
 Mario Cabrera                   mario.cabrera at hpe.com
 Mark D. Gray                    mark.d.gray at intel.com
 Mark Hamilton                   mhamilton at nicira.com
diff --git a/rhel/automake.mk b/rhel/automake.mk
index 45aa9b1..df4c19a 100644
--- a/rhel/automake.mk
+++ b/rhel/automake.mk
@@ -30,7 +30,10 @@ EXTRA_DIST += \
 	rhel/usr_lib_systemd_system_ovs-vswitchd.service \
 	rhel/usr_lib_systemd_system_ovn-controller.service \
 	rhel/usr_lib_systemd_system_ovn-controller-vtep.service \
-	rhel/usr_lib_systemd_system_ovn-northd.service
+	rhel/usr_lib_systemd_system_ovn-northd.service \
+	rhel/usr_lib_systemd_system_ovn-northd.service \
+	rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml \
+	rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml
 
 update_rhel_spec = \
   $(AM_V_GEN)($(ro_shell) && sed -e 's,[@]VERSION[@],$(VERSION),g') \
diff --git a/rhel/openvswitch-fedora.spec.in b/rhel/openvswitch-fedora.spec.in
index 65e937c..262acd0 100644
--- a/rhel/openvswitch-fedora.spec.in
+++ b/rhel/openvswitch-fedora.spec.in
@@ -127,6 +127,7 @@ files needed to build an external application.
 Summary: Open vSwitch - Open Virtual Network support
 License: ASL 2.0
 Requires: openvswitch openvswitch-ovn-common
+Requires: firewalld-filesystem
 
 %description ovn-central
 OVN, the Open Virtual Network, is a system to support virtual network
@@ -138,6 +139,7 @@ overlays and security groups.
 Summary: Open vSwitch - Open Virtual Network support
 License: ASL 2.0
 Requires: openvswitch openvswitch-ovn-common
+Requires: firewalld-filesystem
 
 %description ovn-host
 OVN, the Open Virtual Network, is a system to support virtual network
@@ -232,6 +234,11 @@ touch $RPM_BUILD_ROOT%{_sysconfdir}/openvswitch/system-id.conf
 install -p -m 644 -D selinux/openvswitch-custom.pp \
         $RPM_BUILD_ROOT%{_datadir}/selinux/packages/%{name}/openvswitch-custom.pp
 
+install rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml \
+        $RPM_BUILD_ROOT%{_prefix}/lib/firewalld/services/ovn-central-firewall-service.xml
+install rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml \
+        $RPM_BUILD_ROOT%{_prefix}/lib/firewalld/services/ovn-host-firewall-service.xml
+
 # remove unpackaged files
 rm -f $RPM_BUILD_ROOT%{_bindir}/ovs-parse-backtrace \
         $RPM_BUILD_ROOT%{_sbindir}/ovs-vlan-bug-workaround \
@@ -517,11 +524,13 @@ fi
 %config %{_datadir}/openvswitch/ovn-nb.ovsschema
 %config %{_datadir}/openvswitch/ovn-sb.ovsschema
 %{_unitdir}/ovn-northd.service
+${_prefix}/lib/firewalld/services/ovn-central-firewall-service.xml
 
 %files ovn-host
 %{_bindir}/ovn-controller
 %{_mandir}/man8/ovn-controller.8*
 %{_unitdir}/ovn-controller.service
+${_prefix}/lib/firewalld/services/ovn-host-firewall-service.xml
 
 %files ovn-vtep
 %{_bindir}/ovn-controller-vtep
diff --git a/rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml b/rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml
new file mode 100644
index 0000000..e7f871d
--- /dev/null
+++ b/rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <short>ovn-central-firewall-service</short>
+  <description>Firewall service for ovn central</description>
+  <port protocol="tcp" port="6641"/>
+  <port protocol="tcp" port="6442"/>
+</service>
diff --git a/rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml b/rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml
new file mode 100644
index 0000000..f606890
--- /dev/null
+++ b/rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="utf-8"?>
+<service>
+  <short>ovn-host-firewall-service</short>
+  <description>Firewall service for ovn host</description>
+  <port protocol="udp" port="6081"/>
+</service>
-- 
2.9.3

More information about the dev mailing list