firewall/spec: Create glusterfs firewall service if firewalld installed.

It creates glusterfs firewall service during installation.

glusterfs service : It contains all default ports which needs to be opened.
During installation  glusterfs.xml is copied into firewall service directory(/usr/lib/firewalld/services/).

Note:
1.For bricks: It opens the 512 ports, if brick is running out side this range(>49664) then admin need to open the port
for that brick.
2.By default this service is not enabled in any of zone.

To enable this service(glusterfs) in firewall:

1. Get active zone(s) in node
     firewall-cmd  --get-active-zones

2. Attached this service(glusterfs) to zone(s)
   firewall-cmd  --zone=<zone_name>  --add-service=glusterfs               --To apply runtime
   firewall-cmd  --permanent  --zone=<zone_name>  --add-service=glusterfs  --To apply permanent

Note:
  we can also use firewall-config which gives GUI to configure firewall.

Backport of:
>Change-Id: Id97fe620c560fd10599511d751aed11a99ba4da5
>BUG: 1253967
>Signed-off-by: anand <anekkunt@redhat.com>
>Reviewed-on: http://review.gluster.org/11989
>Reviewed-by: Niels de Vos <ndevos@redhat.com>
>Tested-by: NetBSD Build System <jenkins@build.gluster.org>
>Tested-by: Gluster Build System <jenkins@build.gluster.com>
>(cherry picked from commit 7f327d3b4f9222995d2ee78862e48ca44c28411c)

Change-Id: Iacf44b15ffb176c965c7f3b074065a54cf785dc7
BUG: 1057295
Signed-off-by: anand <anekkunt@redhat.com>;
Reviewed-on: http://review.gluster.org/12357
Reviewed-by: Niels de Vos <ndevos@redhat.com>
Tested-by: NetBSD Build System <jenkins@build.gluster.org>
Tested-by: Gluster Build System <jenkins@build.gluster.com>

1 files changed, 34 insertions, 0 deletions

diff --git a/glusterfs.spec.in b/glusterfs.spec.in
index cd1b272fe9c..94f6144e713 100644
--- a/glusterfs.spec.in
+++ b/glusterfs.spec.in
@@ -85,6 +85,10 @@
 %global _with_systemd true
 %endif
 
+%if ( 0%{?fedora} ) || ( 0%{?rhel} && 0%{?rhel} >= 7 )
+%global _with_firewalld --enable-firewalld
+%endif
+
 %if 0%{?_tmpfilesdir:1}
 %define _with_tmpfilesdir --with-tmpfilesdir=%{_tmpfilesdir}
 %else
@@ -225,6 +229,10 @@ BuildRequires:    glib2-devel
 BuildRequires:    libattr-devel
 %endif
 
+%if (0%{?_with_firewalld:1})
+BuildRequires:    firewalld
+%endif
+
 Obsoletes:        hekafs
 Obsoletes:        %{name}-common < %{version}-%{release}
 Obsoletes:        %{name}-core < %{version}-%{release}
@@ -594,6 +602,7 @@ This package provides the translators needed on any GlusterFS client.
         %{?_without_epoll} \
         %{?_without_fusermount} \
         %{?_without_georeplication} \
+        %{?_with_firewalld} \
         %{?_without_ocf} \
         %{?_without_qemu_block} \
         %{?_without_rdma} \
@@ -874,6 +883,15 @@ if [ -e /etc/ld.so.conf.d/glusterfs.conf ]; then
     rm -f /etc/ld.so.conf.d/glusterfs.conf
     /sbin/ldconfig
 fi
+
+%if (0%{?_with_firewalld:1})
+#reload service files if firewalld running
+if $(systemctl is-active firewalld 1>/dev/null 2>&1); then
+  #firewalld-filesystem is not available for rhel7, so command used for reload.
+  firewall-cmd  --reload
+fi
+%endif
+
 pidof -c -o %PPID -x glusterd &> /dev/null
 if [ $? -eq 0 ]; then
     kill -9 `pgrep -f gsyncd.py` &> /dev/null
@@ -931,6 +949,15 @@ fi
 %postun api
 /sbin/ldconfig
 
+%postun server
+%if (0%{?_with_firewalld:1})
+#reload service files if firewalld running
+if $(systemctl is-active firewalld 1>/dev/null 2>&1); then
+    firewall-cmd  --reload
+fi
+%endif
+
+
 %postun libs
 /sbin/ldconfig
 
@@ -1231,8 +1258,15 @@ fi
 %{_libexecdir}/glusterfs/peer_add_secret_pub
 %{_sharedstatedir}/glusterd/hooks/1/delete/post/S57glusterfind-delete-post.py
 
+%if ( 0%{?_with_firewalld:1} )
+/usr/lib/firewalld/services/glusterfs.xml
+%endif
+
 
 %changelog
+* Tue Sep 15 2015 Anand Nekkunti <anekkunt@redhat.com>
+- adding glusterfs-firewalld service (#1057295)
+
 * Tue Sep 1 2015 Kaleb S. KEITHLEY <kkeithle@redhat.com>
 - erroneous ghost of ../hooks/1/delete causes install failure (#1258976)