From 42435984dbfbb9863093017c8a8e5fbb02d11611 Mon Sep 17 00:00:00 2001
From: Vlastimil Holer <vholer@opennebula.org>
Date: Thu, 8 Jun 2017 15:47:00 +0200
Subject: [PATCH] Add ESX VNC firewall rules VIB package and build info.

---
 .gitignore                                    |   3 ++
 share/esx-fw-vnc/Makefile                     |  14 ++++++
 share/esx-fw-vnc/README.md                    |  44 ++++++++++++++++++
 share/esx-fw-vnc/Vagrantfile                  |  35 ++++++++++++++
 share/esx-fw-vnc/fw-vnc.vib                   | Bin 0 -> 1632 bytes
 share/esx-fw-vnc/fw-vnc.zip                   | Bin 0 -> 4055 bytes
 share/esx-fw-vnc/vib/descriptor.xml           |  33 +++++++++++++
 .../fw-vnc/etc/vmware/firewall/vnc.xml        |  16 +++++++
 8 files changed, 145 insertions(+)
 create mode 100644 share/esx-fw-vnc/Makefile
 create mode 100644 share/esx-fw-vnc/README.md
 create mode 100644 share/esx-fw-vnc/Vagrantfile
 create mode 100644 share/esx-fw-vnc/fw-vnc.vib
 create mode 100644 share/esx-fw-vnc/fw-vnc.zip
 create mode 100644 share/esx-fw-vnc/vib/descriptor.xml
 create mode 100644 share/esx-fw-vnc/vib/payloads/fw-vnc/etc/vmware/firewall/vnc.xml

diff --git a/.gitignore b/.gitignore
index 47fa967b0e..a6056c833a 100644
--- a/.gitignore
+++ b/.gitignore
@@ -26,3 +26,6 @@ src/sunstone/public/css/app.min.css
 src/sunstone/public/dist/
 src/sunstone/public/locale/languages/*.js
 .tx/config
+
+share/esx-fw-vnc/*.rpm
+share/esx-fw-vnc/.vagrant*
diff --git a/share/esx-fw-vnc/Makefile b/share/esx-fw-vnc/Makefile
new file mode 100644
index 0000000000..6fb0a210a1
--- /dev/null
+++ b/share/esx-fw-vnc/Makefile
@@ -0,0 +1,14 @@
+.PHONY: fw-vnc.vib clean
+
+fw-vnc.vib: vmware-esx-vib-author-5.0.0-0.0.847598.i386.rpm
+	vagrant plugin install vagrant-sshfs
+	vagrant up
+	vagrant destroy -f
+	@echo "Package successfully $@ built"
+
+vmware-esx-vib-author-5.0.0-0.0.847598.i386.rpm:
+	wget -O $@ https://download3.vmware.com/software/vmw-tools/vibauthor/vmware-esx-vib-author-5.0.0-0.0.847598.i386.rpm
+
+clean:
+	-rm -rf fw-vnc.vib fw-vnc.zip vmware-esx-vib-author*.rpm
+	-vagrant destroy -f
diff --git a/share/esx-fw-vnc/README.md b/share/esx-fw-vnc/README.md
new file mode 100644
index 0000000000..3cdae62ae0
--- /dev/null
+++ b/share/esx-fw-vnc/README.md
@@ -0,0 +1,44 @@
+# Building ESX VIB package
+
+Requirements:
+
+1. [Vagrant](https://www.vagrantup.com/)
+2. [VirtualBox](https://www.virtualbox.org/)
+
+Other requirements (automatically get by `Makefile`):
+
+3. Vagrant plugin vagrant-sshfs
+4. [VIB Author](https://labs.vmware.com/flings/vib-author) tool RPM in current directory
+
+# Build
+
+VIB package build is based on a deprecated, but still working, *VIB Author* tool.
+This tool works fine on old EL/CentOS 6, that's why the build process
+(unfortunately) requires the Vagrant+VirtualBox to provide the build
+environment with the CentOS&nbsp;6.
+
+There are two possible approaches to building the VIB package.
+
+### 1. Makefile
+
+Just start the `make` and required Vagrant plugin and latest known
+VIB Author tool will be automatically downloaded and new VIB
+packages built.
+
+```
+$ make
+```
+
+You can find the fresh packages in `fw-vnc.vib` and `fw-vnc.zip`.
+
+### 2. Manual
+
+1. download [VIB Author](https://labs.vmware.com/flings/vib-author) tool RPM into the current directory
+2. start Vagrant
+
+```
+$ vagrant plugin install vagrant-sshfs
+$ vagrant up && vagrant destroy -f
+```
+
+You can find the fresh packages in `fw-vnc.vib` and `fw-vnc.zip`.
diff --git a/share/esx-fw-vnc/Vagrantfile b/share/esx-fw-vnc/Vagrantfile
new file mode 100644
index 0000000000..37037553c9
--- /dev/null
+++ b/share/esx-fw-vnc/Vagrantfile
@@ -0,0 +1,35 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+#
+if Dir.glob('vmware-esx-vib-author*.rpm').size != 1
+    STDERR.puts <<EOT
+Missing vmware-esx-vib-author RPM, please download and put in current dir.:
+https://labs.vmware.com/flings/vib-author
+
+EOT
+end
+
+# Vagrant configurations
+ENV['VAGRANT_DEFAULT_PROVIDER'] = 'virtualbox'
+
+Vagrant.configure("2") do |config|
+    config.vm.box = "centos/6"
+
+    config.vm.provider :virtualbox do |v|
+        v.name = "VIB Vagrant Build"
+    end
+
+    config.vm.synced_folder ".", "/vagrant", type: "sshfs"
+
+    # install VIB author
+    config.vm.provision "shell", inline: <<-SCRIPT
+        yum -y install /vagrant/*.rpm
+    SCRIPT
+
+    # (always) generate VIB/ZIP
+    config.vm.provision "shell",  run: "always", inline: <<-SCRIPT
+        set -e
+        cd /vagrant/
+        vibauthor -C -t vib/ -v fw-vnc.vib -O fw-vnc.zip --force
+    SCRIPT
+end
diff --git a/share/esx-fw-vnc/fw-vnc.vib b/share/esx-fw-vnc/fw-vnc.vib
new file mode 100644
index 0000000000000000000000000000000000000000..ed8139fb2cb5d5c8859d95020e650e6b9707ffac
GIT binary patch
literal 1632
zcma)63uqig7><fs&YF~J5wXN|L7Fz~?e67n?=DO>7~2FRiDH`A8nrjOJDVGCU)kB)
z^MX<>kw!`j2?g<mEecVwK8Wu^n$ji#Q{#gcilDThLa~VvYJ;LZXYWDMw5SWa`_KRX
z-+cdk^UvG`psS|kkcNorV#l-H@RO#&Faopml<ehSh7m=foRSIwA1jQHT!L+@iH(H?
zRt8?)L9$}oo&v25;EO|GK@-V(j`J-Q@WlZr!(=fmgau9ne8oW{mS(&10}iq}k&-oF
zSDtvtBtc3s0!Y?0p_`X`TMcaWJ;t<R7v-Q~FmBdBgz;<!Sx_+$)6;n`<GE1RG3BkG
zKxN6aYWe>`mm`3S3<L?{H0U8YB8YKLkT@Z+RcvUCN{x|*a5RyOBx3b~&?pFizbqYO
zU4!s)FbDJ~KS^VU$h0E5SS<*swxt_b^-4*O0aX;3j%)jvR#D6_9g3yPdl-9Z>IfK?
zPeyFr%Rv`$9_$MMq$nTfqW&z^iL#jxTOL)&QW0m`8r>Oa5Cr%u{8Y1*SREUPGcfUF
z5STLZRNglOI$kgD0#A22=p{fsG^6w@W1y-c$15@$$VY~(+NPPcu$Kq?6)|97A92_s
z9^G4xzIG02vgc-Ltyc||04_3Zin~hwiU?4#X`56SO5l1G6)txI8uRFe6GHQ#mM_z<
z^a9H08Zcj(q%s5!%o{e;sOn{l3EIDjEgc4y3C>3o>-P<?48a4`Y=}nbDN@r&&CrHr
zDh5|dBx%S+ViGH(B$5)*q@?ReKw>fuB|*}ZNE|{%jf%Rcp@yg)(_jNF8YYk^DJZ6E
z5g{tYBk@F10(@oWe<u^!;DBR2&(Rj7y-1qazN|HX9afGDh<2x#gsPxK6;(*0n4*Xg
zB&b?U7okKelr$8HFQ?+mD$uT2QiiA3h)i%_*vY6QUcP?*>mFK)r$Qw$SKeEt@$%cN
zf}t9hlT)EP_pDmQcPF=3U00eVOnV{h(@)jh)*0&<v*to_$63BEb;mpHL-)@&UHJO2
z>I`n4m^_UO<9pUNKhizS-i_bT!!zd>w)tx|oviyTA{;oLXnp8gyMJ?w+p?`kOVl%8
zrDsR>KYsZAp?h+(qvyDNpSRU5>^wbJ|K7Wct7k91mU`udnu7i8bA`PZpV)Cb`E9o|
zUKm_Ad92WTCSJI)xB2PwCnjfyZWz1eQrF1e3(Xr=U)uT92cgb0NB%hS=P%dRe!5}d
zqp`g|j5pqPd{ak$^sfV%b<-0c-fHuieN64z@p#+KLxVN1SAVzt;M~;jJ#KV#>b^s{
zqo-zv9{gl|hcWVM&DpW;7XO+bhq<4ItG<8p(8s%E^~5(2WWH!WTKDC~w*JKYGe2{Q
zmu7aKJ2h3eao4ZikM^ggd*5EH4YOOiUaUU({B-rfx3;Y3US7PuV`Be&`%P6<{{T;e
BQThM?

literal 0
HcmV?d00001

diff --git a/share/esx-fw-vnc/fw-vnc.zip b/share/esx-fw-vnc/fw-vnc.zip
new file mode 100644
index 0000000000000000000000000000000000000000..c90d44620135cf3755e27133b52074a7f355fb2f
GIT binary patch
literal 4055
zcmbtXWl$VUlU^*iYaqA;f@>fIS=?Qg;ET&*K^F@W-~|>9&ISpx5OjkCSs(-_KyU~i
zf)m{Jc<-zGBz5=eW~yguruwPssh)cJX&rS8ObP%1fCCtW^r^j^V;6PD0RY5t0RV!B
zTZo;vwXL<cH6PT;17;K;Lg7ruXj753Db^z-I0eppJpWjjwV!OZ$2ZxWHKKnJB+NCK
zq@>&6${xrzPogXI!PR8k5xHQN7E3aV$G9YM?(MbbH+<f<ak&~WaveB)+`E5%!@w=<
zMuG_d9AH3iBsJqQs>U28P4=~7b`@wOI)o3Nq>wGECdevYT$Ac&V}(KGqI4@6+6Y)o
zT>FwkxBXjG12u}aQ*cV53RG)!i%S$Am@L{aoVz%aJAZ*K);?fyOG+P6rlM&1oHc2_
z2<~5xq`!0hHDtAnE#gA*o*s(s-fdBFv%VT%nJ`5jT2=o7p78i9Yl=55IXTsL`b*J+
zPfy^YZzlQSFY<h7Zs>3T6o+Vl@D})0bn0-jUtk6DHQ_hI2(!$JDcF+;M1QQfNlWeT
zXHmDmmE_-A{!shQdEWI}f=d1q>#?j!)ss|w;hM=>XJ;S0QH}<-*{zqBWkX4ON~Q;d
zHN@Osb0yWk3<dg!CT6{|FM+4uq(?gyc#+-oT8eDlgfM9Vfng%-h9_Jj#JFCWZ#GM$
z5P^`e@tTRd6=QrcKEhdl0yFH73)z|4CB%g1ojleSuE_r96ZQx&E5v1(on|*ahMyLV
zBd>qCZ3XMw4o)ktp=vErHa*M8CHfWUH3GjCT_SvNrKe^>=Ik`53jLh!tMiPo`O1J}
z8kud>dZCeozwCO7ZI?@n0Y^k{EiLLZDdtYl3;64D>z{*&Y32PF6;jGH5(fKVz587c
z!|~tb9QFnq9|Zi|t+5-+@>x3#w&qa!_}F$bU5wjZgjdSk>8#_r3QNgql2@MzFRTq>
zTPv{=<1SaEpJUY4g=q!}6mHi~$>-u9&$T$@yD@w2r8)4f^HR%UKzzjUKjGGJ=0(;_
zdX~OJ?85kMqL$MPP}56`m-dXTIbJC(mbbc>Kl_SUo&`p5IwwSzOm+8;S}B%>Y*J+^
zCc2Z?uMdi9%B0(vSE2r@xRdTE5s$C`QkIXwxmMxz9Mh*#t~F65(J8uCjG35^4T&BQ
zUNyr4&!tH%PX@hZkTvoXBC<lM+<#Op*Bl#2OL8s#elW#<8QhJc?S9kEN*wqZG*`xf
zbL1K<nKx;-GfG&$EVo-3kvEHZyN_;P{@YSIZ8o9MF{90A{Zhhk*vy(hZN759g*;ds
z!R=|`dk{qE|E*-UwLwavaQoIKx8>c;pz?B4@Up<q6i3a8^voeoApa^Pq#$a_pH|A3
zZx3XXT9ctViy^x1Y&gJ+zgpNisLufH*@{Xq!pNA4C}_;%?S_KgLY|_mej1)!7IYJl
z?3~jZ482!;R^7<M+MQ-Rhs@8Aj&@svo)kEXYI}lp#kW>AjOSbqEQ^`ea1}T9RDf`7
zK+;kgdUr(Z8J=<!RxZ%lO0?FWu$5!a51k=G|0}q5yM?yN*@a5HoTIKdMTh=rdzH9a
z-gXn)!Z)={eey!}xq&&Q_L?T$F<N>r#E&J_%}oE5AK8aK{?#=o(xoA)GQ!XdKwfP%
zFvU*@#L_M7f&N8`ta5GqqZX(wr9r{Zp$%8C!&(C;p-`H!y==0DZs^-iNWZ1zeVY1?
z|7!*>*S6WtR@XK8$p}rOQ-V1boH2(BFBXosT!qnm2|1V2cfkH!uHl#`y3I>Qvp%qi
zMm@<SpEr+w+0atZT8!}&+JfweT*Wsu<m`#hmkD~M<fl`ktV$yL{DMC^sgL&~Ei$LD
z6&npR>GQ;~aLF&!)+v;BhMgR-vGxJ>xm^JW<TMCZFGg!L$K&-4Wf+~%SR+DD2qIcV
zaLK@~%#ZqOt$y>ScBpJQj_kIT=L|P(Y5C+h|0ZUi>3*-e-^nE9{3~9OiwqG9MM#Dt
z0<NK_<N0J<e04cdVCZb3qaUV|l&7vM_t<N*KxWpKO_ymbNu|x{&Sc5-AWJ7<NM#W<
zT>p66o*Lmp=`Qs#w2PSG-KBT~P1Iv#7yd>)!NA8Qnb)Esl=oTe(@f~hkvhDo*;JdQ
zW!cpAFPg<2a5#N}?L4WN`4U=4p(#?-SfBb_$_RT_qKv(5hkLXhh4qkga-C`i!QVtX
z_}4$BGQB5Yd7fHGOqrd!p4k>le<ak^`&9VRz!_}PVIVZit#mh@aP>k2bTi;vJJMAc
zs-84f|Bd7GNhMd_*hY3RK@;yA3$zRr%>}ngStf#0%lBx2q?Q!r5)Lonp7xt^Hl_3C
zE}{#VhBtf)#YzxTT`&^44y6A*`ElMiUeS`)oK=%y1A&de5$n<W#r)WNu9+ssjlfS4
zr@N$5sokJqtkQrFzZi1%iiJw7wfmU6Q65Nby4wT*4AO_}w?QMXE|cXs(e6oZ+HD({
z9|=uHiWyeud*LtYy+xY8FD;4v1*U}x_-)HoYX6$y_-*=LLB6Ue%JZFZp^=5q4UE)q
zdYqWT(JY#AO?_OZD3O1&*-t=65Ig4$s4)R7MCkadw3NWkJXyOd7uow3o<^p<*sUiV
ze<dj@KpO$qp4t4>N^LOOtUDnW>1HBv!f9XP-_9#f%}g@PK-?2X0@mKir&KdMqPXMY
z6wpN$MQpyhI9Y~wyY&wq7Y&CA#Sz3@{5*VbSVpT34|05jO~o$q4y*QX;V^!qrpIC<
zRlRf}gLPvc`J%{Me6W>&NvSm~nyn;w=E!W%OxtpRo+nL2@tI6(yDV~=ha1l%u4Kve
zvt+zO9}w2rP-4g~zv6ZFs>yf2a0{~Us55pto>i2lojz4Aq&-$QD5YLk3)yJsyjGrr
zYs5)}ZR*#*E=V?6*-)KRh+u!-H?bL}nV<HUnxyl#-8dpt%adT)lIksL6XknLZhjaS
zu;2X~4w3OZoxh(hnlts_F9@M(9lqW_K?<#|EZm~~XhN4%!M$79mC^YRVN!Gq3krG=
zBts8I@?gGpZno}TyiRVmcK&?+5LeB_7Cdwyfns1g*d<QWj(W@l=ci1UYFAhQ&oRkt
z^)xe|i{D677#mIf;pDVZv{NTqCk#8tlgp&pg_;@WN2x0@{k*dZvRhnymAfgzNGewI
z%(fSZyF&f#jLgwgv^oSx)AQo|*E^AU@n?TYe~yki;O~XkFgnjlUjY6y(w0zy@`ry0
z&_V+M9#j<IpCKA14H1RQ5=8DxWAQVga)uULFEdEurzy)x{95P`Jgq3%h@X(Q;Uc(!
zk4mvSk<TDBl}*hfg*C|&F@m-gdEO{G`(3En=*!Ctl@;{~2~?l5o<J&%Xxfa7bKEN<
zw+-MA$&bq$s$w*J<*l`^z8J@j=Zl*8`3suC_89rFVv<3QTR~Dv<5tKKw;kk%L3vqo
z!DxEfc){QE6dL&Z`CZGikA<|oSLHeyj0HB<NGkZaKzDVV0n6C`df&GPi72);QO*A#
z*Q_1^05AT|gcDdufZyJa*VoO4U)#gZP0J4K<7%xR@Y>rB^4b#Y?(Pk?c5|`(hliyg
zp8%f#uOQz83}%4u_(YK=A@&tmQ>{J*^s|{slkUv-+^f-#nu9JL5}vH!ls!XRpS1uV
zf;Cp}?*0w{mZht(7Qc-Qcce7sQRu#6YQuL@%fZxu5x?RL9}CCp=1@Wq#-8P(l*idB
z{XHb_Z|?7d?``g~t^wYYMP^mZh0QaEuFp^6odn`Lcy1!?ETc#j3pjl<Fc`Vx6V1XQ
zAK$~GFpVBrOaYPLx%cRm6wAk^RzUK8Xw)$;<-sK(XQ!<oTO_6yW{@h7H{HJFh?NNW
zBPm79Dlpx@k1b4n5nbhnNI_0oOE!V)>C1i*YihfEYXP?(vXO_bk4$s~NycZ-m{yx~
zrUhZ9a$$P?z`A>E6fK&WEt3jKDUi6|8W`^x-i3R}3x=30l;clFu^cLhGgOjBz5oJl
zSp1TF2|G6=tU8oZW|)CWbs$~=L_;wh=oC*Y0nLyiCc)(zB#%WrUI5BowV6@Z!)lL=
zpJ~nr<NNt?h8&>M7MvRg9j^mzTgkZw)M=<I<~q5Y*yaOCmNT}TM$#YB#x&f~#T_Gb
zWU%-=!lTu~m0ep~B9pyiLkdrw6vL2G!a_PcEXcO6j#e0A&5wU!CuU{E=sCl}V7Iop
zG|Z%VHZL-Cnq7k4p;)4s;c~%W3!u#L)p=s)iPEE{;zl!n2@Q|bp`1V}HW$B=4KT;B
zS7$5c^{|?%DNw3X(Ga*hbzKpv(eRMjHfb+Sw8Po^0EV#1xhH2UIL8w4=#za8XH}Ks
zdy)ov%$`J%$i`-_j7~-_$cdX$5@|#7%voVVk#JJ!1o6nl2`Z4FpbFGA$Hyn-qDtr{
zC#(F_ceC_GLG1G~XvE7KbBiYh+VB)|Y8{<sgI+k!#gYGvlT?wCjI*2*OoLlaHL1us
zO2AI|*2XycXPh}G$<e|8D!vc%JTmv48aQt8{Z6|){@LD<oN&gKC8K&^5LV#+9wqlh
zLRSMa2aksty33pwGGO1JVbYsrNKHOBayYqg-a03AaNv5|?Vf<py6>qy6c&Hp9O(0P
zl|Ewk_9BTPyIG)d(z1TV;B>=!rQ<LE@%8=PMHtL&bxMoZ;%g8*m*L0xL^AOshCU7A
zyp6MvQ8TH=)o&U@*ZV`&xosy(=Pvxl>$}tz-+nipoSe1v@3-WRn%!p~t~OPDs-3Si
zCmb;smynk780@3Zn2Wy4asf3S9VIx(@VH9`o{W45y@lFLI_#`VGt3^ZIxd($6|1w4
zzL!pVB`k3^3Kz@!F=$Z9025u3{%(0`-+ewuG^}wmx}_BLl;K6LgfA4jJgPn2Kr3Hu
z{GM*h@x=YYDd{?(W;eQ#C={u0q#c3}+#XD~nY65Q--C@v-{Vt<`Z!Ntj+0OB_}xt%
zD!8B9PD>seGW+UZb5oXDWLJn^oR!qi-(BXI_MQzj%o`b<@$0Cgp;KV|-@WPs7yb7r
z3j2He_s;cC<e$alAGp8QtcTwB&(iWI`cH!Y7h3*-@Bc~n{|@`#c=LZ?Z^Bsd{y!|L
WqmK2!!~g*1!=!$wIpsuupZ*IdMq>5=

literal 0
HcmV?d00001

diff --git a/share/esx-fw-vnc/vib/descriptor.xml b/share/esx-fw-vnc/vib/descriptor.xml
new file mode 100644
index 0000000000..b6d76dcc20
--- /dev/null
+++ b/share/esx-fw-vnc/vib/descriptor.xml
@@ -0,0 +1,33 @@
+<?xml version="1.0"?>
+<vib version="5.0">
+  <type>bootbank</type>
+  <name>fw-vnc</name>
+  <version>1.0.0-1</version>
+  <vendor>OpenNebulaSystems</vendor>
+  <summary>Firewall rules to enable VNC traffic</summary>
+  <description>Firewall rules to enable VNC traffic</description>
+  <urls/>
+  <relationships>
+    <depends/>
+    <conflicts/>
+    <replaces/>
+    <provides/>
+    <compatibleWith/>
+  </relationships>
+  <software-tags/>
+  <system-requires>
+    <maintenance-mode>false</maintenance-mode>
+  </system-requires>
+  <file-list>
+    <file>etc/vmware/firewall/vnc.xml</file>
+  </file-list>
+  <acceptance-level>community</acceptance-level>
+  <live-install-allowed>true</live-install-allowed>
+  <live-remove-allowed>true</live-remove-allowed>
+  <cimom-restart>false</cimom-restart>
+  <stateless-ready>true</stateless-ready>
+  <overlay>false</overlay>
+  <payloads>
+    <payload name="fw-vnc" type="vgz"/>
+  </payloads>
+</vib>
diff --git a/share/esx-fw-vnc/vib/payloads/fw-vnc/etc/vmware/firewall/vnc.xml b/share/esx-fw-vnc/vib/payloads/fw-vnc/etc/vmware/firewall/vnc.xml
new file mode 100644
index 0000000000..9990c60716
--- /dev/null
+++ b/share/esx-fw-vnc/vib/payloads/fw-vnc/etc/vmware/firewall/vnc.xml
@@ -0,0 +1,16 @@
+<ConfigRoot>
+  <service>
+    <id>VNC</id>
+    <rule>
+      <direction>inbound</direction>
+      <protocol>tcp</protocol>
+      <porttype>dst</porttype>
+      <port>
+        <begin>5900</begin>
+        <end>65535</end>
+      </port>
+    </rule>
+    <enabled>true</enabled>
+    <required>false</required>
+  </service>
+</ConfigRoot>