From 78bb74188dd4d8c81930eedd021492b9f346ec32 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Sun, 23 Jul 2017 18:01:35 +0200 Subject: [PATCH 01/22] CLOUDSTACK-10013: Migrate systemvmtemplate to Debian9 SystemVM changes to work on Debian 9 - Migrate away from chkconfig to systemctl - Remove xenstore-utils override deb pkg - Fix runlevel in sysv scripts for systemd Signed-off-by: Rohit Yadav --- systemvm/patches/debian/buildsystemvm.sh | 577 ------------------ .../patches/debian/config/etc/init.d/cloud | 10 +- .../config/etc/init.d/cloud-early-config | 23 +- .../config/etc/init.d/cloud-passwd-srvr | 10 +- .../patches/debian/config/etc/init.d/postinit | 6 +- systemvm/patches/debian/config/etc/rc.local | 2 +- .../patches/debian/config/etc/ssh/sshd_config | 1 - .../config/opt/cloud/bin/patchsystemvm.sh | 128 ++-- tools/appliance/build.sh | 2 +- .../systemvmtemplate/apt_upgrade.sh | 9 +- .../systemvmtemplate/authorized_keys.sh | 1 + .../systemvmtemplate/build_time.sh | 26 - .../definitions/systemvmtemplate/cleanup.sh | 1 - .../systemvmtemplate/configure_grub.sh | 6 +- .../systemvmtemplate/configure_login.sh | 15 +- .../systemvmtemplate/configure_networking.sh | 25 +- .../configure_systemvm_services.sh | 94 ++- .../systemvmtemplate/definition.rb | 36 +- .../install_systemvm_packages.sh | 32 +- .../definitions/systemvmtemplate/preseed.cfg | 69 +-- .../definitions/systemvmtemplate/zerodisk.sh | 9 +- 21 files changed, 267 insertions(+), 815 deletions(-) delete mode 100755 systemvm/patches/debian/buildsystemvm.sh delete mode 100644 tools/appliance/definitions/systemvmtemplate/build_time.sh diff --git a/systemvm/patches/debian/buildsystemvm.sh b/systemvm/patches/debian/buildsystemvm.sh deleted file mode 100755 index a34b1dd0a61d..000000000000 --- a/systemvm/patches/debian/buildsystemvm.sh +++ /dev/null @@ -1,577 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -echo "####################################################" -echo " Note there is a new systemvm build script based on " -echo " Veewee(Vagrant) under tools/appliance." -echo "####################################################" - -set -e -set -x - -IMAGENAME=systemvm -LOCATION=/var/lib/images/systemvm -PASSWORD=password -#APT_PROXY=192.168.1.115:3142/ -APT_PROXY= -HOSTNAME=systemvm -SIZE=2000 -DEBIAN_MIRROR=ftp.us.debian.org/debian -MINIMIZE=true -CLOUDSTACK_RELEASE=4.0 -offset=4096 -baseimage() { - mkdir -p $LOCATION - #dd if=/dev/zero of=$IMAGELOC bs=1M count=$SIZE - dd if=/dev/zero of=$IMAGELOC bs=1M seek=$((SIZE - 1)) count=1 - loopdev=$(losetup -f) - losetup $loopdev $IMAGELOC - parted $loopdev -s 'mklabel msdos' - parted $loopdev -s 'mkpart primary ext3 4096B -1' - sleep 2 - losetup -d $loopdev - loopdev=$(losetup --show -o $offset -f $IMAGELOC ) - mkfs.ext3 -L ROOT $loopdev - mkdir -p $MOUNTPOINT - tune2fs -c 100 -i 0 $loopdev - sleep 2 - losetup -d $loopdev - - mount -o loop,offset=$offset $IMAGELOC $MOUNTPOINT - - #debootstrap --variant=minbase --keyring=/usr/share/keyrings/debian-archive-keyring.gpg wheezy $MOUNTPOINT http://${APT_PROXY}${DEBIAN_MIRROR} - debootstrap --variant=minbase --arch=i386 wheezy $MOUNTPOINT http://${APT_PROXY}${DEBIAN_MIRROR} -} - - -fixapt() { - if [ "$APT_PROXY" != "" ]; then - cat >> etc/apt/apt.conf.d/01proxy << EOF -Acquire::http::Proxy "http://${APT_PROXY}"; -EOF - fi - - cat > etc/apt/sources.list << EOF -deb http://http.debian.net/debian/ wheezy main contrib non-free -deb-src http://http.debian.net/debian/ wheezy main contrib non-free - -deb http://security.debian.org/ wheezy/updates main -deb-src http://security.debian.org/ wheezy/updates main - -deb http://http.debian.net/debian/ wheezy-backports main -deb-src http://http.debian.net/debian/ wheezy-backports main -EOF - - cat >> etc/apt/apt.conf << EOF -APT::Default-Release "stable"; -EOF - - cat >> etc/apt/preferences << EOF -Package: * -Pin: release o=Debian,a=stable -Pin-Priority: 900 -EOF - - #apt-key exportall | chroot . apt-key add - && - chroot . apt-get update && - echo "Apt::Install-Recommends 0;" > etc/apt/apt.conf.d/local-recommends - - cat >> usr/sbin/policy-rc.d << EOF -#!/bin/sh -exit 101 -EOF - chmod a+x usr/sbin/policy-rc.d - - cat >> etc/default/locale << EOF -LANG=en_US.UTF-8 -LC_ALL=en_US.UTF-8 -EOF - - cat >> etc/locale.gen << EOF -en_US.UTF-8 UTF-8 -EOF - - DEBIAN_FRONTEND=noninteractive - DEBIAN_PRIORITY=critical - export DEBIAN_FRONTEND DEBIAN_PRIORITY - chroot . dpkg-reconfigure debconf --frontend=noninteractive - chroot . apt-get -q -y install locales -} - -network() { - - echo "$HOSTNAME" > etc/hostname && - cat > etc/hosts << EOF -127.0.0.1 localhost -# The following lines are desirable for IPv6 capable hosts -::1 localhost ip6-localhost ip6-loopback -fe00::0 ip6-localnet -ff00::0 ip6-mcastprefix -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters -ff02::3 ip6-allhosts -EOF - - cat >> etc/network/interfaces << EOF -auto lo eth0 -iface lo inet loopback - -# The primary network interface -iface eth0 inet static - -EOF -} - -install_kernel() { - DEBIAN_FRONTEND=noninteractive - DEBIAN_PRIORITY=critical - export DEBIAN_FRONTEND DEBIAN_PRIORITY - - chroot . apt-get -qq -y --force-yes install grub-legacy && - cp -av usr/lib/grub/i386-pc boot/grub - #for some reason apt-get install grub does not install grub/stage1 etc - #loopd=$(losetup -f --show $1) - #grub-install $loopd --root-directory=$MOUNTPOINT - #losetup -d $loopd - grub << EOF && -device (hd0) $1 -root (hd0,0) -setup (hd0) -quit -EOF - # install a kernel image - cat > etc/kernel-img.conf << EOF && -do_symlinks = yes -link_in_boot = yes -do_initrd = yes -EOF - touch /mnt/systemvm/boot/grub/default - chroot . apt-get install -qq -y --force-yes linux-image-686-bigmem - cat >> etc/kernel-img.conf << EOF -postinst_hook = /usr/sbin/update-grub -postrm_hook = /usr/sbin/update-grub -EOF -} - - -fixgrub() { - kern=$(basename $(ls boot/vmlinuz-*)) - ver=${kern#vmlinuz-} - cat > boot/grub/menu.lst << EOF -default 0 -timeout 2 -color cyan/blue white/blue - -### BEGIN AUTOMAGIC KERNELS LIST -# kopt=root=LABEL=ROOT ro - -## ## End Default Options ## -title Debian GNU/Linux, kernel $ver -root (hd0,0) -kernel /boot/$kern root=LABEL=ROOT ro console=tty0 xencons=ttyS0,115200 console=hvc0 quiet -initrd /boot/initrd.img-$ver - -### END DEBIAN AUTOMAGIC KERNELS LIST -EOF - (cd boot/grub; ln -s menu.lst grub.conf) -} - -fixinittab() { - cat >> etc/inittab << EOF - -vc:2345:respawn:/sbin/getty 38400 hvc0 -EOF -} - -fixfstab() { - cat > etc/fstab << EOF -# -proc /proc proc defaults 0 0 -LABEL=ROOT / ext3 errors=remount-ro,sync,noatime 0 1 -EOF -} - -fixacpid() { - mkdir -p etc/acpi/events - cat >> etc/acpi/events/power << EOF -event=button/power.* -action=/usr/local/sbin/power.sh "%e" -EOF - cat >> usr/local/sbin/power.sh << EOF -#!/bin/bash -/sbin/poweroff -EOF - chmod a+x usr/local/sbin/power.sh -} - -fixiptables() { -cat >> etc/modules << EOF -nf_conntrack -nf_conntrack_ipv4 -EOF -cat > etc/init.d/iptables-persistent << EOF -#!/bin/sh -### BEGIN INIT INFO -# Provides: iptables -# Required-Start: mountkernfs $local_fs -# Required-Stop: $local_fs -# Should-Start: cloud-early-config -# Default-Start: S -# Default-Stop: -# Short-Description: Set up iptables rules -### END INIT INFO - -PATH="/sbin:/bin:/usr/sbin:/usr/bin" - -# Include config file for iptables-persistent -. /etc/iptables/iptables.conf - -case "\$1" in -start) - if [ -e /var/run/iptables ]; then - echo "iptables is already started!" - exit 1 - else - touch /var/run/iptables - fi - - if [ \$ENABLE_ROUTING -ne 0 ]; then - # Enable Routing - echo 1 > /proc/sys/net/ipv4/ip_forward - fi - - # Load Modules - modprobe -a \$MODULES - - # Load saved rules - if [ -f /etc/iptables/rules ]; then - iptables-restore /etc/iptables/rules - fi - - # Restore Default Policies - iptables -P INPUT ACCEPT - iptables -P FORWARD ACCEPT - iptables -P OUTPUT ACCEPT - - # Flush rules on default tables - iptables -F - iptables -t nat -F - iptables -t mangle -F - - # Unload previously loaded modules - modprobe -r \$MODULES - - # Disable Routing if enabled - if [ \$ENABLE_ROUTING -ne 0 ]; then - # Disable Routing - echo 0 > /proc/sys/net/ipv4/ip_forward - fi - - ;; -restart|force-reload) - \$0 stop - \$0 start - ;; -status) - echo "Filter Rules:" - echo "--------------" - iptables -L -v - echo "" - echo "NAT Rules:" - echo "-------------" - iptables -t nat -L -v - echo "" - echo "Mangle Rules:" - echo "----------------" - iptables -t mangle -L -v - ;; -*) - echo "Usage: \$0 {start|stop|force-stop|restart|force-reload|status}" >&2 - exit 1 - ;; -esac - -exit 0 -EOF - chmod a+x etc/init.d/iptables-persistent - - - touch etc/iptables/iptables.conf - cat > etc/iptables/iptables.conf << EOF -# A basic config file for the /etc/init.d/iptable-persistent script - -# Should new manually added rules from command line be saved on reboot? Assign to a value different that 0 if you want this enabled. -SAVE_NEW_RULES=0 - -# Modules to load: -MODULES="nf_nat_ftp nf_conntrack_ftp" - -# Enable Routing? -ENABLE_ROUTING=1 -EOF - chmod a+x etc/iptables/iptables.conf - -} - -vpn_config() { - cp -r ${scriptdir}/vpn/* ./ -} - -# -# IMPORTANT REMARK -# Package intallation is no longer done via this script. We are not removing the code yet, but we want to -# make sure that everybody willing to install/update packages should refer to the file: -# ==> cloud-tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh -# -packages() { - DEBIAN_FRONTEND=noninteractive - DEBIAN_PRIORITY=critical - DEBCONF_DB_OVERRIDE=’File{/root/config.dat}’ - export DEBIAN_FRONTEND DEBIAN_PRIORITY DEBCONF_DB_OVERRIDE - - #basic stuff - chroot . apt-get --no-install-recommends -q -y --force-yes install rsyslog logrotate cron chkconfig insserv net-tools ifupdown vim-tiny netbase iptables openssh-server grub-legacy e2fsprogs dhcp3-client dnsmasq tcpdump socat wget python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps monit inetutils-ping iputils-arping httping dnsutils zip unzip ethtool uuid file iproute acpid iptables-persistent virt-what sudo - #fix hostname in openssh-server generated keys - sed -i "s/root@\(.*\)$/root@systemvm/g" etc/ssh/ssh_host_*.pub - - #sysstat - chroot . echo 'sysstat sysstat/enable boolean true' | chroot . debconf-set-selections - chroot . apt-get --no-install-recommends -q -y --force-yes install sysstat - #apache - chroot . apt-get --no-install-recommends -q -y --force-yes install apache2 ssl-cert - #haproxy - chroot . apt-get --no-install-recommends -q -y --force-yes install haproxy - #dnsmasq - chroot . apt-get --no-install-recommends -q -y --force-yes install dnsmasq - #nfs client - chroot . apt-get --no-install-recommends -q -y --force-yes install nfs-common - #vpn stuff - chroot . apt-get --no-install-recommends -q -y --force-yes install xl2tpd openswan bcrelay ppp ipsec-tools tdb-tools - #vmware tools - chroot . apt-get --no-install-recommends -q -y --force-yes install open-vm-tools - #xenstore utils - chroot . apt-get --no-install-recommends -q -y --force-yes install xenstore-utils libxenstore3.0 - #keepalived - install version 1.2.13 from wheezy backports - chroot . apt-get --no-install-recommends -q -y --force-yes -t wheezy-backports install keepalived - #conntrackd - chroot . apt-get --no-install-recommends -q -y --force-yes install conntrackd ipvsadm libnetfilter-conntrack3 libnl1 - #ipcalc - chroot . apt-get --no-install-recommends -q -y --force-yes install ipcalc - #irqbalance from wheezy-backports - chroot . apt-get --no-install-recommends -q -y --force-yes -t wheezy-backports install irqbalance - - echo "***** getting jre 7 *********" - chroot . apt-get --no-install-recommends -q -y install openjdk-7-jre-headless -} - - -password() { - chroot . echo "root:$PASSWORD" | chroot . chpasswd -} - -apache2() { - chroot . a2enmod ssl rewrite auth_basic auth_digest - chroot . a2ensite default-ssl - cp etc/apache2/sites-available/default etc/apache2/sites-available/default.orig - cp etc/apache2/sites-available/default-ssl etc/apache2/sites-available/default-ssl.orig -} - -services() { - mkdir -p ./var/www/html - mkdir -p ./opt/cloud/bin - mkdir -p ./var/cache/cloud - mkdir -p ./usr/share/cloud - mkdir -p ./usr/local/cloud - mkdir -p ./root/.ssh - #Fix haproxy directory issue - mkdir -p ./var/lib/haproxy - - /bin/cp -r ${scriptdir}/config/* ./ - chroot . chkconfig xl2tpd off - chroot . chkconfig --add cloud-early-config - chroot . chkconfig cloud-early-config on - chroot . chkconfig --add iptables-persistent - chroot . chkconfig iptables-persistent off - chroot . chkconfig --force --add cloud-passwd-srvr - chroot . chkconfig cloud-passwd-srvr off - chroot . chkconfig --add cloud - chroot . chkconfig cloud off - chroot . chkconfig monit off -} - -dhcp_fix() { - #deal with virtio DHCP issue, copy and install customized kernel module and iptables - mkdir -p tmp - cp /tmp/systemvm/xt_CHECKSUM.ko lib/modules/2.6.32-5-686-bigmem/kernel/net/netfilter - chroot . depmod -a 2.6.32-5-686-bigmem - cp /tmp/systemvm/iptables_1.4.8-3local1checksum1_i386.deb tmp/ - chroot . dpkg -i tmp/iptables_1.4.8-3local1checksum1_i386.deb - rm tmp/iptables_1.4.8-3local1checksum1_i386.deb -} - -install_xs_tool() { - #deal with virtio DHCP issue, copy and install customized kernel module and iptables - mkdir -p tmp - cp /tmp/systemvm/xe-guest-utilities_5.6.0-595_i386.deb tmp/ - chroot . dpkg -i tmp/xe-guest-utilities_5.6.0-595_i386.deb - rm tmp/xe-guest-utilities_5.6.0-595_i386.deb -} - -cleanup() { - rm -f usr/sbin/policy-rc.d - rm -f root/config.dat - rm -f etc/apt/apt.conf.d/01proxy - - if [ "$MINIMIZE" == "true" ] - then - rm -rf var/cache/apt/* - rm -rf var/lib/apt/* - rm -rf usr/share/locale/[a-d]* - rm -rf usr/share/locale/[f-z]* - rm -rf usr/share/doc/* - size=$(df $MOUNTPOINT | awk '{print $4}' | grep -v Available) - dd if=/dev/zero of=$MOUNTPOINT/zeros.img bs=1M count=$((((size-150000)) / 1000)) - rm -f $MOUNTPOINT/zeros.img - fi -} - -signature() { - (cd ${scriptdir}/config; tar cvf ${MOUNTPOINT}/usr/share/cloud/cloud-scripts.tar *) - (cd ${scriptdir}/vpn; tar rvf ${MOUNTPOINT}/usr/share/cloud/cloud-scripts.tar *) - gzip -c ${MOUNTPOINT}/usr/share/cloud/cloud-scripts.tar > ${MOUNTPOINT}/usr/share/cloud/cloud-scripts.tgz - md5sum ${MOUNTPOINT}/usr/share/cloud/cloud-scripts.tgz |awk '{print $1}' > ${MOUNTPOINT}/var/cache/cloud/cloud-scripts-signature - echo "Cloudstack Release $CLOUDSTACK_RELEASE $(date)" > ${MOUNTPOINT}/etc/cloudstack-release -} - -#check grub version - -grub --version | grep "0.9" > /dev/null -if [ $? -ne 0 ] -then - echo You need grub 0.9x\(grub-legacy\) to use this script! - exit 1 -fi - -mkdir -p $IMAGENAME -mkdir -p $LOCATION -MOUNTPOINT=/mnt/$IMAGENAME/ -IMAGELOC=$LOCATION/$IMAGENAME.img -scriptdir=$(dirname $PWD/$0) - -rm -rf /tmp/systemvm -mkdir -p /tmp/systemvm -#cp ./xt_CHECKSUM.ko /tmp/systemvm -#cp ./iptables_1.4.8-3local1checksum1_i386.deb /tmp/systemvm -#cp ./xe-guest-utilities_5.6.0-595_i386.deb /tmp/systemvm - -rm -f $IMAGELOC -begin=$(date +%s) -echo "*************INSTALLING BASEIMAGE********************" -baseimage - -cp $scriptdir/config.dat $MOUNTPOINT/root/ -cd $MOUNTPOINT - -mount -o bind /proc $MOUNTPOINT/proc -mount -o bind /dev $MOUNTPOINT/dev - -echo "*************CONFIGURING APT********************" -fixapt -echo "*************DONE CONFIGURING APT********************" - -echo "*************CONFIGURING NETWORK********************" -network -echo "*************DONE CONFIGURING NETWORK********************" - -echo "*************INSTALLING KERNEL********************" -install_kernel $IMAGELOC -echo "*************DONE INSTALLING KERNEL********************" - -echo "*************CONFIGURING GRUB********************" -fixgrub $IMAGELOC -echo "*************DONE CONFIGURING GRUB********************" - - -echo "*************CONFIGURING INITTAB********************" -fixinittab -echo "*************DONE CONFIGURING INITTAB********************" - -echo "*************CONFIGURING FSTAB********************" -fixfstab -echo "*************DONE CONFIGURING FSTAB********************" - -echo "*************CONFIGURING ACPID********************" -fixacpid -echo "*************DONE CONFIGURING ACPID********************" - -echo "*************INSTALLING PACKAGES********************" -packages -echo "*************DONE INSTALLING PACKAGES********************" - -echo "*************CONFIGURING IPTABLES********************" -fixiptables -echo "*************DONE CONFIGURING IPTABLES********************" - -echo "*************CONFIGURING PASSWORD********************" -password - -echo "*************CONFIGURING SERVICES********************" -services - -echo "*************CONFIGURING APACHE********************" -apache2 - -echo "*************CONFIGURING VPN********************" -vpn_config - -echo "*************FIX DHCP ISSUE********************" -#dhcp_fix - -echo "*************INSTALL XS TOOLS********************" -#install_xs_tool - -echo "*************CLEANING UP********************" -cleanup - -echo "*************GENERATING SIGNATURE********************" -signature - -cd $scriptdir - -umount $MOUNTPOINT/proc -umount $MOUNTPOINT/dev -umount $MOUNTPOINT -fin=$(date +%s) -t=$((fin-begin)) -echo "Finished building image $IMAGELOC in $t seconds" - diff --git a/systemvm/patches/debian/config/etc/init.d/cloud b/systemvm/patches/debian/config/etc/init.d/cloud index f9a9915223ed..9b3a63b6d464 100755 --- a/systemvm/patches/debian/config/etc/init.d/cloud +++ b/systemvm/patches/debian/config/etc/init.d/cloud @@ -1,13 +1,11 @@ -#!/bin/bash +#!/bin/bash ### BEGIN INIT INFO # Provides: cloud -# Required-Start: mountkernfs $local_fs cloud-early-config +# Required-Start: $local_fs cloud-early-config # Required-Stop: $local_fs -# Should-Start: -# Should-Stop: -# Default-Start: +# Default-Start: 3 4 5 # Default-Stop: 0 1 6 -# Short-Description: Start up the CloudStack cloud service +# Short-Description: Start up the CloudStack cloud service ### END INIT INFO # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file diff --git a/systemvm/patches/debian/config/etc/init.d/cloud-early-config b/systemvm/patches/debian/config/etc/init.d/cloud-early-config index 3bdebdbb7989..1d3a89031b76 100755 --- a/systemvm/patches/debian/config/etc/init.d/cloud-early-config +++ b/systemvm/patches/debian/config/etc/init.d/cloud-early-config @@ -1,10 +1,8 @@ #!/bin/bash ### BEGIN INIT INFO # Provides: cloud-early-config -# Required-Start: mountkernfs $local_fs +# Required-Start: $local_fs # Required-Stop: $local_fs -# Should-Start: -# Should-Stop: # Default-Start: S # Default-Stop: 0 6 # Short-Description: configure according to cmdline @@ -38,6 +36,9 @@ mkdir -p /var/lib/haproxy # Clear boot up flag, it would be created by rc.local after boot up done rm -f /var/cache/cloud/boot_up_done +# Randomize cloud password so only ssh login is allowed +echo "cloud:`openssl rand -base64 32`" | chpasswd + [ -x /sbin/ifup ] || exit 0 . /lib/lsb/init-functions @@ -807,7 +808,7 @@ setup_sshd(){ setup_vpc_apache2() { log_it "Setting up apache web server for VPC" - chkconfig apache2 off + systemctl disable apache2 clean_ipalias_config setup_apache2_common } @@ -942,7 +943,7 @@ setup_router() { disable_rpfilter_domR enable_fwding 1 enable_rpsrfs 1 - chkconfig nfs-common off + systemctl disable nfs-common cp /etc/iptables/iptables-router /etc/iptables/rules.v4 #for old templates cp /etc/iptables/iptables-router /etc/iptables/rules @@ -1083,7 +1084,7 @@ setup_dhcpsrvr() { enable_svc cloud-passwd-srvr 1 enable_svc cloud 0 enable_fwding 0 - chkconfig nfs-common off + systemctl disable nfs-common cp /etc/iptables/iptables-router /etc/iptables/rules.v4 cp /etc/iptables/iptables-router /etc/iptables/rules @@ -1239,7 +1240,7 @@ setup_console_proxy() { enable_svc dnsmasq 0 enable_svc cloud-passwd-srvr 0 enable_svc cloud 1 - chkconfig nfs-common off + systemctl disable nfs-common rm /etc/logrotate.d/cloud } @@ -1267,8 +1268,8 @@ setup_elbvm() { enable_svc dnsmasq 0 enable_svc cloud-passwd-srvr 0 enable_svc cloud 0 - chkconfig nfs-common off - chkconfig portmap off + systemctl disable nfs-common + systemctl disable portmap } setup_ilbvm() { @@ -1290,8 +1291,8 @@ setup_ilbvm() { enable_svc dnsmasq 0 enable_svc cloud-passwd-srvr 0 enable_svc cloud 0 - chkconfig nfs-common off - chkconfig portmap off + systemctl disable nfs-common + systemctl disable portmap } setup_default() { diff --git a/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr b/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr index 33b0ea310cbe..c089e72ebc82 100755 --- a/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr +++ b/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr @@ -1,12 +1,10 @@ -#!/bin/bash +#!/bin/bash ### BEGIN INIT INFO # Provides: cloud-passwd-srvr -# Required-Start: mountkernfs $local_fs cloud-early-config iptables-persistent +# Required-Start: $local_fs cloud-early-config # Required-Stop: $local_fs -# Should-Start: -# Should-Stop: -# Default-Start: -# Default-Stop: 0 6 +# Default-Start: 3 4 5 +# Default-Stop: 0 1 6 # Short-Description: Web server that sends passwords to User VMs ### END INIT INFO # Licensed to the Apache Software Foundation (ASF) under one diff --git a/systemvm/patches/debian/config/etc/init.d/postinit b/systemvm/patches/debian/config/etc/init.d/postinit index 818959fde3be..ddbcb083f5e2 100755 --- a/systemvm/patches/debian/config/etc/init.d/postinit +++ b/systemvm/patches/debian/config/etc/init.d/postinit @@ -1,13 +1,11 @@ #!/bin/bash -e ### BEGIN INIT INFO # Provides: postinit -# Required-Start: mountkernfs $local_fs cloud-early-config +# Required-Start: $local_fs cloud-early-config # Required-Stop: $local_fs -# Should-Start: -# Should-Stop: # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 -# Short-Description: post-init +# Short-Description: post-init ### END INIT INFO # Licensed to the Apache Software Foundation (ASF) under one diff --git a/systemvm/patches/debian/config/etc/rc.local b/systemvm/patches/debian/config/etc/rc.local index 3b19218cdc99..c0b19395ae74 100755 --- a/systemvm/patches/debian/config/etc/rc.local +++ b/systemvm/patches/debian/config/etc/rc.local @@ -1,4 +1,4 @@ -#/bin/bash +#!/bin/bash #Licensed to the Apache Software Foundation (ASF) under one #or more contributor license agreements. See the NOTICE file diff --git a/systemvm/patches/debian/config/etc/ssh/sshd_config b/systemvm/patches/debian/config/etc/ssh/sshd_config index 6c64719e4d3f..75f30cc1f363 100644 --- a/systemvm/patches/debian/config/etc/ssh/sshd_config +++ b/systemvm/patches/debian/config/etc/ssh/sshd_config @@ -13,7 +13,6 @@ Port 3922 #AddressFamily any #ListenAddress 0.0.0.0 -#ListenAddress :: # Disable legacy (protocol version 1) support in the server for new # installations. In future the default will change to require explicit diff --git a/systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh b/systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh index 34450dc08ca0..81a1b149b3f1 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh +++ b/systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh @@ -40,34 +40,34 @@ patch_console_proxy() { } consoleproxy_svcs() { - chkconfig cloud on - chkconfig postinit on - chkconfig cloud-passwd-srvr off - chkconfig haproxy off ; - chkconfig dnsmasq off - chkconfig ssh on - chkconfig apache2 off - chkconfig nfs-common off - chkconfig portmap off - chkconfig keepalived off - chkconfig conntrackd off + systemctl enable cloud + systemctl enable postinit + systemctl disable cloud-passwd-srvr + systemctl disable haproxy + systemctl disable dnsmasq + systemctl enable ssh + systemctl disable apache2 + systemctl disable nfs-common + systemctl disable portmap + systemctl disable keepalived + systemctl disable conntrackd echo "cloud postinit ssh" > /var/cache/cloud/enabled_svcs echo "cloud-passwd-srvr haproxy dnsmasq apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs mkdir -p /var/log/cloud } secstorage_svcs() { - chkconfig cloud on - chkconfig postinit on - chkconfig cloud-passwd-srvr off - chkconfig haproxy off ; - chkconfig dnsmasq off - chkconfig portmap on - chkconfig nfs-common on - chkconfig ssh on - chkconfig apache2 off - chkconfig keepalived off - chkconfig conntrackd off + systemctl enable cloud on + systemctl enable postinit on + systemctl disable cloud-passwd-srvr + systemctl disable haproxy + systemctl disable dnsmasq + systemctl enable portmap + systemctl enable nfs-common + systemctl enable ssh + systemctl disable apache2 + systemctl disable keepalived + systemctl disable conntrackd echo "cloud postinit ssh nfs-common portmap" > /var/cache/cloud/enabled_svcs echo "cloud-passwd-srvr haproxy dnsmasq" > /var/cache/cloud/disabled_svcs mkdir -p /var/log/cloud @@ -76,67 +76,67 @@ secstorage_svcs() { routing_svcs() { grep "redundant_router=1" /var/cache/cloud/cmdline > /dev/null RROUTER=$? - chkconfig cloud off - chkconfig haproxy on ; - chkconfig ssh on - chkconfig nfs-common off - chkconfig portmap off + systemctl disable cloud + systemctl disable haproxy + systemctl enable ssh + systemctl disable nfs-common + systemctl disable portmap echo "ssh haproxy apache2" > /var/cache/cloud/enabled_svcs echo "cloud nfs-common portmap" > /var/cache/cloud/disabled_svcs if [ $RROUTER -eq 0 ] then - chkconfig dnsmasq off - chkconfig cloud-passwd-srvr off - chkconfig keepalived on - chkconfig conntrackd on - chkconfig postinit on + systemctl disable dnsmasq + systemctl disable cloud-passwd-srvr + systemctl enable keepalived + systemctl enable conntrackd + systemctl enable postinit echo "keepalived conntrackd postinit" >> /var/cache/cloud/enabled_svcs echo "dnsmasq cloud-passwd-srvr" >> /var/cache/cloud/disabled_svcs else - chkconfig dnsmasq on - chkconfig cloud-passwd-srvr on - chkconfig keepalived off - chkconfig conntrackd off + systemctl enable dnsmasq + systemctl enable cloud-passwd-srvr + systemctl disable keepalived + systemctl disable conntrackd echo "dnsmasq cloud-passwd-srvr " >> /var/cache/cloud/enabled_svcs echo "keepalived conntrackd " >> /var/cache/cloud/disabled_svcs fi } dhcpsrvr_svcs() { - chkconfig cloud off - chkconfig cloud-passwd-srvr on ; - chkconfig haproxy off ; - chkconfig dnsmasq on - chkconfig ssh on - chkconfig nfs-common off - chkconfig portmap off - chkconfig keepalived off - chkconfig conntrackd off + systemctl disable cloud + systemctl enable cloud-passwd-srvr + systemctl disable haproxy + systemctl enable dnsmasq + systemctl enable ssh + systemctl disable nfs-common + systemctl disable portmap + systemctl disable keepalived + systemctl disable conntrackd echo "ssh dnsmasq cloud-passwd-srvr apache2" > /var/cache/cloud/enabled_svcs echo "cloud nfs-common haproxy portmap" > /var/cache/cloud/disabled_svcs } elbvm_svcs() { - chkconfig cloud off - chkconfig haproxy on ; - chkconfig ssh on - chkconfig nfs-common off - chkconfig portmap off - chkconfig keepalived off - chkconfig conntrackd off + systemctl disable cloud + systemctl disable haproxy + systemctl enable ssh + systemctl disable nfs-common + systemctl disable portmap + systemctl disable keepalived + systemctl disable conntrackd echo "ssh haproxy" > /var/cache/cloud/enabled_svcs echo "cloud dnsmasq cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs } ilbvm_svcs() { - chkconfig cloud off - chkconfig haproxy on ; - chkconfig ssh on - chkconfig nfs-common off - chkconfig portmap off - chkconfig keepalived off - chkconfig conntrackd off + systemctl disable cloud + systemctl enable haproxy + systemctl enable ssh + systemctl disable nfs-common + systemctl disable portmap + systemctl disable keepalived + systemctl disable conntrackd echo "ssh haproxy" > /var/cache/cloud/enabled_svcs echo "cloud dnsmasq cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs } @@ -149,11 +149,11 @@ enable_pcihotplug() { } enable_serial_console() { - sed -i -e "/^serial.*/d" /boot/grub/grub.conf - sed -i -e "/^terminal.*/d" /boot/grub/grub.conf - sed -i -e "/^default.*/a\serial --unit=0 --speed=115200 --parity=no --stop=1" /boot/grub/grub.conf - sed -i -e "/^serial.*/a\terminal --timeout=0 serial console" /boot/grub/grub.conf - sed -i -e "s/\(^kernel.* ro\) \(console.*\)/\1 console=tty0 console=ttyS0,115200n8/" /boot/grub/grub.conf + #sed -i -e "/^serial.*/d" /boot/grub/grub.conf + #sed -i -e "/^terminal.*/d" /boot/grub/grub.conf + #sed -i -e "/^default.*/a\serial --unit=0 --speed=115200 --parity=no --stop=1" /boot/grub/grub.conf + #sed -i -e "/^serial.*/a\terminal --timeout=0 serial console" /boot/grub/grub.conf + #sed -i -e "s/\(^kernel.* ro\) \(console.*\)/\1 console=tty0 console=ttyS0,115200n8/" /boot/grub/grub.conf sed -i -e "/^s0:2345:respawn.*/d" /etc/inittab sed -i -e "/6:23:respawn/a\s0:2345:respawn:/sbin/getty -L 115200 ttyS0 vt102" /etc/inittab } diff --git a/tools/appliance/build.sh b/tools/appliance/build.sh index 0b31cc1a5588..45f472802951 100755 --- a/tools/appliance/build.sh +++ b/tools/appliance/build.sh @@ -594,7 +594,7 @@ function main() { add_on_exit veewee_destroy veewee_build save_mac_address - veewee_halt + veewee_halt || true retry 10 check_appliance_shutdown retry 10 check_appliance_disk_ready retry 10 remove_shares diff --git a/tools/appliance/definitions/systemvmtemplate/apt_upgrade.sh b/tools/appliance/definitions/systemvmtemplate/apt_upgrade.sh index f98c6b57c935..eb9b7901d6dc 100644 --- a/tools/appliance/definitions/systemvmtemplate/apt_upgrade.sh +++ b/tools/appliance/definitions/systemvmtemplate/apt_upgrade.sh @@ -23,20 +23,23 @@ function add_backports() { sed -i '/cdrom/d' /etc/apt/sources.list sed -i '/deb-src/d' /etc/apt/sources.list sed -i '/backports/d' /etc/apt/sources.list - echo 'deb http://http.debian.net/debian wheezy-backports main' >> /etc/apt/sources.list + echo 'deb http://http.debian.net/debian stretch-backports main' >> /etc/apt/sources.list } function apt_upgrade() { DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical + # Setup sudo + echo 'cloud ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/cloud + add_backports rm -fv /root/*.iso apt-get -y autoremove apt-get autoclean - apt-get -q -y --force-yes update - apt-get -q -y --force-yes upgrade + apt-get -q -y update + apt-get -q -y upgrade df -h } diff --git a/tools/appliance/definitions/systemvmtemplate/authorized_keys.sh b/tools/appliance/definitions/systemvmtemplate/authorized_keys.sh index 63da2f4af9e7..d18572310747 100644 --- a/tools/appliance/definitions/systemvmtemplate/authorized_keys.sh +++ b/tools/appliance/definitions/systemvmtemplate/authorized_keys.sh @@ -25,5 +25,6 @@ set -x key='ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvFu3MLSPphFRBR1yM7nBukXWS9gPdAXfqq9cfC8ZqQN9ybi531aj44CybZ4BVT4kLfzbAs7+7nJeSIpPHxjv9XFqbxjIxoFeGYkj7s0RrJgtsEmvAAubZ3mYboUAYUivMgnJFLnv4VqyAbpjix6CfECUiU4ygwo24F3F6bAmhl4Vo1R5TSUdDIX876YePJTFtuVkLl4lu/+xw1QRWrgaSFosGICT37IKY7RjE79Ozb0GjNHyJPPgVAGkUVO4LawroL9dYOBlzdHpmqqA9Kc44oQBpvcU7s1+ezRTt7fZNnP7TG9ninZtrvnP4qmwAc4iUJ7N1bwh0mCblnoTfZ28hw== anthony@mobl-ant' mkdir -p /root/.ssh chmod 644 /root/.ssh +#touch /root/.ssh/authorized_keys echo ${key} > /root/.ssh/authorized_keys chmod 600 /root/.ssh/authorized_keys diff --git a/tools/appliance/definitions/systemvmtemplate/build_time.sh b/tools/appliance/definitions/systemvmtemplate/build_time.sh deleted file mode 100644 index c25644bf08f3..000000000000 --- a/tools/appliance/definitions/systemvmtemplate/build_time.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -set -e -set -x - -function build_time() { - date > /etc/vagrant_box_build_time -} - -return 2>/dev/null || build_time diff --git a/tools/appliance/definitions/systemvmtemplate/cleanup.sh b/tools/appliance/definitions/systemvmtemplate/cleanup.sh index cd32d5b42aa3..67d6c236ebf1 100644 --- a/tools/appliance/definitions/systemvmtemplate/cleanup.sh +++ b/tools/appliance/definitions/systemvmtemplate/cleanup.sh @@ -20,7 +20,6 @@ set -e set -x function cleanup_apt() { - #apt-get -y remove linux-headers-$(uname -r) build-essential apt-get -y remove dictionaries-common busybox apt-get -y autoremove apt-get autoclean diff --git a/tools/appliance/definitions/systemvmtemplate/configure_grub.sh b/tools/appliance/definitions/systemvmtemplate/configure_grub.sh index 5b6a80aacb99..ec40b7c77bbb 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_grub.sh +++ b/tools/appliance/definitions/systemvmtemplate/configure_grub.sh @@ -31,9 +31,13 @@ GRUB_DEFAULT=0 GRUB_TIMEOUT=0 GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian` GRUB_CMDLINE_LINUX_DEFAULT="quiet" -GRUB_CMDLINE_LINUX="debian-installer=en_US" +GRUB_CMDLINE_LINUX="console=tty1 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 debian-installer=en_US" +GRUB_TERMINAL="console serial" +GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1" + EOF + grub-mkconfig -o /boot/grub/grub.cfg update-grub } diff --git a/tools/appliance/definitions/systemvmtemplate/configure_login.sh b/tools/appliance/definitions/systemvmtemplate/configure_login.sh index 36fccabc5fa4..1735b810f7ed 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_login.sh +++ b/tools/appliance/definitions/systemvmtemplate/configure_login.sh @@ -23,11 +23,12 @@ function add_admin_group() { groupadd -f -r admin } -function configure_cloud_user() { +function configure_user() { usermod -a -G admin cloud mkdir -p /home/cloud/.ssh chmod 700 /home/cloud/.ssh echo "cloud:`openssl rand -base64 32`" | chpasswd + echo "root:password" | chpasswd } function configure_sudoers() { @@ -42,7 +43,7 @@ root ALL=(ALL:ALL) ALL #includedir /etc/sudoers.d END - echo 'cloud ALL=NOPASSWD:/bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount' > /etc/sudoers.d/cloud + echo 'cloud ALL=NOPASSWD:/bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount, /sbin/halt' > /etc/sudoers.d/cloud } # sshd_config is overwritten from cloud_scripts @@ -58,8 +59,6 @@ END #} function configure_inittab() { - grep "vc:2345:respawn:/sbin/getty" /etc/inittab && return - # Fix inittab cat >> /etc/inittab << EOF @@ -68,11 +67,13 @@ EOF } function configure_login() { - add_admin_group - configure_cloud_user - configure_sudoers # configure_sshd configure_inittab + add_admin_group + configure_sudoers + configure_user + rm -fv /home/cloud/configure_login.sh + halt -p } return 2>/dev/null || configure_login diff --git a/tools/appliance/definitions/systemvmtemplate/configure_networking.sh b/tools/appliance/definitions/systemvmtemplate/configure_networking.sh index bddcd6c0f3d1..2ebd3a2e764a 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_networking.sh +++ b/tools/appliance/definitions/systemvmtemplate/configure_networking.sh @@ -21,13 +21,6 @@ set -x HOSTNAME=systemvm -# Adding a 2 sec delay to the interface up, to make the dhclient happy -function set_interface_sleep() { - grep "pre-up sleep 2" /etc/network/interfaces && return - - echo "pre-up sleep 2" >> /etc/network/interfaces -} - function configure_resolv_conf() { grep 8.8.8.8 /etc/resolv.conf && grep 8.8.4.4 /etc/resolv.conf && return @@ -52,8 +45,24 @@ function configure_hostname() { hostname $HOSTNAME } +function configure_interfaces() { + cat > /etc/network/interfaces << EOF +source /etc/network/interfaces.d/* + +# The loopback network interface +auto lo +iface lo inet loopback + +# The primary network interface +auto eth0 +iface eth0 inet dhcp +pre-up sleep 2 + +EOF +} + function configure_networking() { - set_interface_sleep + configure_interfaces configure_resolv_conf delete_dhcp_ip configure_hostname diff --git a/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh b/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh index 60082e380a05..f3bd52acc192 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh +++ b/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh @@ -19,15 +19,15 @@ set -e set -x -CLOUDSTACK_RELEASE=4.6.0 +CLOUDSTACK_RELEASE=4.11.0 function configure_apache2() { # Enable ssl, rewrite and auth a2enmod ssl rewrite auth_basic auth_digest a2ensite default-ssl # Backup stock apache configuration since we may modify it in Secondary Storage VM - cp /etc/apache2/sites-available/default /etc/apache2/sites-available/default.orig - cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/default-ssl.orig + cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/default.orig + cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.orig sed -i 's/SSLProtocol all -SSLv2$/SSLProtocol all -SSLv2 -SSLv3/g' /etc/apache2/mods-available/ssl.conf } @@ -39,12 +39,76 @@ function install_cloud_scripts() { /etc/init.d/{cloud,cloud-early-config,cloud-passwd-srvr,postinit} \ /etc/profile.d/cloud.sh - chkconfig --add cloud-early-config - chkconfig cloud-early-config on - chkconfig --add cloud-passwd-srvr - chkconfig cloud-passwd-srvr off - chkconfig --add cloud - chkconfig cloud off + cat > /lib/systemd/system/cloud-early-config.service << EOF +[Unit] +Description=cloud-early-config: configure according to cmdline +DefaultDependencies=no +After=local-fs.target apparmor.service systemd-sysctl.service systemd-modules-load.service + +[Install] +WantedBy=multi-user.target + +[Service] +Type=oneshot +ExecStart=/etc/init.d/cloud-early-config start +ExecStop=/etc/init.d/cloud-early-config stop +RemainAfterExit=true +TimeoutStartSec=5min + +EOF + + cat > /lib/systemd/system/cloud.service << EOF +[Unit] +Description=cloud: startup cloud service +After=cloud-early-config.service network.target local-fs.target + +[Install] +WantedBy=multi-user.target + +[Service] +Type=forking +ExecStart=/etc/init.d/cloud start +ExecStop=/etc/init.d/cloud stop +RemainAfterExit=true +TimeoutStartSec=5min +EOF + + cat > /lib/systemd/system/cloud-passwd-srvr.service << EOF +[Unit] +Description=cloud-passwd-srvr: cloud password server +After=network.target local-fs.target + +[Install] +WantedBy=multi-user.target + +[Service] +Type=forking +ExecStart=/etc/init.d/cloud-passwd-srvr start +ExecStop=/etc/init.d/cloud-passwd-srvr stop +RemainAfterExit=true +TimeoutStartSec=5min +EOF + + cat > /lib/systemd/system/postinit.service << EOF +[Unit] +Description=cloud post-init service +After=cloud-early-config.service network.target local-fs.target + +[Install] +WantedBy=multi-user.target + +[Service] +Type=forking +ExecStart=/etc/init.d/postinit start +ExecStop=/etc/init.d/postinit stop +RemainAfterExit=true +TimeoutStartSec=5min +EOF + + systemctl daemon-reload + systemctl enable cloud-early-config + systemctl disable cloud-passwd-srvr + systemctl disable cloud } function do_signature() { @@ -72,18 +136,20 @@ function configure_services() { install_cloud_scripts do_signature - chkconfig xl2tpd off + systemctl daemon-reload + systemctl disable xl2tpd # Disable services that slow down boot and are not used anyway - chkconfig x11-common off - chkconfig console-setup off + systemctl disable x11-common + systemctl disable console-setup + systemctl disable haproxy # Hyperv kvp daemon - 64bit only local arch=`dpkg --print-architecture` if [ "${arch}" == "amd64" ]; then - chkconfig hv_kvp_daemon off + systemctl disable hv_kvp_daemon fi - chkconfig radvd off + systemctl disable radvd configure_apache2 configure_strongswan diff --git a/tools/appliance/definitions/systemvmtemplate/definition.rb b/tools/appliance/definitions/systemvmtemplate/definition.rb index e0c44e2f6283..cea7bd2082b8 100644 --- a/tools/appliance/definitions/systemvmtemplate/definition.rb +++ b/tools/appliance/definitions/systemvmtemplate/definition.rb @@ -15,7 +15,7 @@ # specific language governing permissions and limitations # under the License. -arch = ENV['VM_ARCH'] || 'i386' +arch = 'amd64' # # NOTE: Before changing the version of the debian image make @@ -25,25 +25,19 @@ # removed from the debian mirrors # architectures = { - :i386 => { - :os_type_id => 'Debian', - :iso_file => 'debian-7.11.0-i386-netinst.iso', - :iso_src => 'http://cdimage.debian.org/cdimage/archive/7.11.0/i386/iso-cd/debian-7.11.0-i386-netinst.iso', - :iso_md5 => '75055a694508f5b891038ec12d703c9e', - }, :amd64 => { :os_type_id => 'Debian_64', - :iso_file => 'debian-7.11.0-amd64-netinst.iso', - :iso_src => 'http://cdimage.debian.org/cdimage/archive/7.11.0/amd64/iso-cd/debian-7.11.0-amd64-netinst.iso', - :iso_md5 => '096c1c18b44c269808bd815d58c53c8f' + :iso_file => 'debian-9.1.0-amd64-netinst.iso', + :iso_src => 'https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.1.0-amd64-netinst.iso', + :iso_md5 => 'ddd8f6542dae8baf410e90b9ae0fe986' } } config = { :cpu_count => '1', - :memory_size => '256', - :disk_size => '3200', :disk_format => 'VDI', :hostiocache => 'off', - :iso_download_timeout => '1200', + :memory_size => '512', + :disk_size => '2000', :disk_format => 'VDI', :hostiocache => 'off', + :iso_download_timeout => '1000', :boot_wait => '10', :boot_cmd_sequence => [ '', @@ -63,11 +57,11 @@ '' ], :kickstart_port => '7122', - :kickstart_timeout => '1200', + :kickstart_timeout => '1000', :kickstart_file => 'preseed.cfg', - :ssh_login_timeout => '1200', - :ssh_user => 'root', - :ssh_password => 'password', + :ssh_login_timeout => '10000', + :ssh_user => 'cloud', + :ssh_password => 'cloud', :ssh_key => '', :ssh_host_port => '7222', :ssh_guest_port => '22', @@ -75,11 +69,9 @@ :shutdown_cmd => 'halt -p', :postinstall_files => [ # basic minimal vm creation - 'build_time.sh', 'apt_upgrade.sh', 'configure_grub.sh', 'configure_locale.sh', - 'configure_login.sh', 'configure_networking.sh', 'configure_acpid.sh', # turning it into a systemvm @@ -91,9 +83,11 @@ 'configure_persistent_config.sh', # cleanup & space-saving 'cleanup.sh', - 'zerodisk.sh' + 'zerodisk.sh', + # setup login stuff + 'configure_login.sh' ], - :postinstall_timeout => '1200' + :postinstall_timeout => '10000' } config.merge! architectures[arch.to_sym] diff --git a/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh b/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh index 9daa2d8fda67..227f533489e9 100644 --- a/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh +++ b/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh @@ -43,7 +43,7 @@ function install_packages() { debconf_packages install_vhd_util - local apt_get="apt-get --no-install-recommends -q -y --force-yes" + local apt_get="apt-get --no-install-recommends -q -y" #32 bit architecture support:: not required for 32 bit template if [ "${arch}" != "i386" ]; then @@ -53,8 +53,8 @@ function install_packages() { fi ${apt_get} install \ - rsyslog logrotate cron chkconfig insserv net-tools ifupdown vim-tiny netbase iptables \ - openssh-server e2fsprogs dhcp3-client tcpdump socat wget \ + rsyslog logrotate cron insserv net-tools ifupdown vim netbase iptables \ + openssh-server e2fsprogs isc-dhcp-client tcpdump socat wget \ python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps \ inetutils-ping iputils-arping httping curl \ dnsutils zip unzip ethtool uuid file iproute acpid virt-what sudo \ @@ -67,19 +67,22 @@ function install_packages() { xenstore-utils libxenstore3.0 \ conntrackd ipvsadm libnetfilter-conntrack3 libnl-3-200 libnl-genl-3-200 \ ipcalc \ + openjdk-8-jre-headless \ ipset \ iptables-persistent \ libtcnative-1 libssl-dev libapr1-dev \ python-flask \ haproxy \ radvd \ - sharutils + sharutils \ + keepalived irqbalance open-vm-tools qemu-guest-agent \ + strongswan libcharon-extra-plugins libstrongswan-extra-plugins - ${apt_get} -t wheezy-backports install keepalived irqbalance open-vm-tools qemu-guest-agent - ${apt_get} -t wheezy-backports install strongswan libcharon-extra-plugins libstrongswan-extra-plugins + apt-get autoclean + apt-get clean apt-get update - apt-get -y --force-yes upgrade + apt-get -y upgrade if [ "${arch}" == "amd64" ]; then # Hyperv kvp daemon - 64bit only @@ -87,22 +90,7 @@ function install_packages() { wget http://people.apache.org/~rajeshbattala/hv-kvp-daemon_3.1_amd64.deb dpkg -i hv-kvp-daemon_3.1_amd64.deb rm -f hv-kvp-daemon_3.1_amd64.deb - # XS tools - wget --no-check-certificate https://raw.githubusercontent.com/rhtyd/cloudstack-nonoss/master/xe-guest-utilities_6.5.0_amd64.deb - md5sum xe-guest-utilities_6.5.0_amd64.deb - dpkg -i xe-guest-utilities_6.5.0_amd64.deb - rm -f xe-guest-utilities_6.5.0_amd64.deb fi - - # Install OpenJDK8 pkgs maintained by Azul - apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0x219BD9C9 - echo 'deb http://repos.azulsystems.com/debian stable main' > /etc/apt/sources.list.d/zulu.list - apt-get -y autoremove - apt-get autoclean - apt-get clean - apt-get update - ${apt_get} install zulu-8 - java -version } return 2>/dev/null || install_packages diff --git a/tools/appliance/definitions/systemvmtemplate/preseed.cfg b/tools/appliance/definitions/systemvmtemplate/preseed.cfg index 77402d73cd5d..6d56b76df058 100644 --- a/tools/appliance/definitions/systemvmtemplate/preseed.cfg +++ b/tools/appliance/definitions/systemvmtemplate/preseed.cfg @@ -17,22 +17,35 @@ ### Localization # Locale sets language and country. -d-i debian-installer/locale string en_US +d-i debian-installer/locale string en_US.UTF-8 # Keyboard selection. -d-i console-keymaps-at/keymap select us +d-i keyboard-configuration/xkb-keymap select us ### Network configuration d-i netcfg/choose_interface select auto d-i netcfg/get_hostname string systemvm -d-i netcfg/get_domain string cloudstack.org +d-i netcfg/get_domain string apache.org +d-i netcfg/wireless_wep string + +d-i hw-detect/load_firmware boolean true ### Mirror settings d-i mirror/country string manual -d-i mirror/http/hostname string http.us.debian.org +d-i mirror/http/hostname string http.debian.net d-i mirror/http/directory string /debian d-i mirror/http/proxy string +### Apt setup +d-i apt-setup/cdrom/set-first false +#d-i apt-setup/non-free boolean true +#d-i apt-setup/contrib boolean true +#d-i apt-setup/use_mirror boolean true +d-i apt-setup/services-select multiselect security, updates +d-i apt-setup/security_host string security.debian.org +d-i apt-setup/local0/source boolean false +d-i apt-setup/multiarch string i386 + ### Clock and time zone setup d-i clock-setup/utc boolean true d-i time/zone string UTC @@ -44,51 +57,33 @@ d-i partman-auto/method string regular d-i partman-auto/choose_recipe select atomic d-i partman-auto/expert_recipe string \ boot-root :: \ - 80 50 160 ext4 \ + 80 50 100 ext4 \ $primary{ } $bootable{ } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /boot } \ . \ - 500 40 800 ext4 \ + 1500 40 1600 ext4 \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ / } \ . \ - 50 100 100 ext4 \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /home } \ - . \ - 1000 60 1400 ext4 \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /usr } \ - . \ - 200 40 300 ext4 \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /opt } \ - . \ - 600 70 1200 ext4 \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /var } \ - . \ - 400 50 500 ext4 \ + 300 50 300 ext4 \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /var/log } \ . \ - 100 90 200 ext4 \ + 100 90 100 ext4 \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /tmp } \ . \ - 256 100 1024 linux-swap \ + 100 100 200 linux-swap \ method{ swap } format{ } \ . -d-i partman/confirm_write_new_label boolean true + +d-i partman-md/confirm boolean true +d-i partman-partitioning/confirm_write_new_label boolean true d-i partman/choose_partition select finish d-i partman/confirm boolean true d-i partman/confirm_nooverwrite boolean true @@ -97,10 +92,10 @@ d-i partman/confirm_nooverwrite boolean true # ... ### Account setup -d-i passwd/root-login boolean true +d-i passwd/root-login boolean false d-i passwd/root-password password password d-i passwd/root-password-again password password -d-i passwd/user-fullname string Cloud Stack +d-i passwd/user-fullname string Cloud User d-i passwd/username string cloud d-i passwd/user-password password cloud d-i passwd/user-password-again password cloud @@ -108,12 +103,14 @@ d-i user-setup/encrypt-home boolean false d-i user-setup/allow-password-weak boolean true d-i passwd/user-default-groups string audio cdrom video admin +#openssh-server openssh-server/permit-root-login boolean true + ### Apt setup # ... ### Package selection tasksel tasksel/first multiselect ssh-server -d-i pkgsel/include string openssh-server ntp acpid sudo bzip2 openssl +d-i pkgsel/include string openssh-server ntp acpid sudo bzip2 openssl # Allowed values: none, safe-upgrade, full-upgrade d-i pkgsel/upgrade select none @@ -121,12 +118,10 @@ popularity-contest popularity-contest/participate boolean false ### Boot loader installation d-i grub-installer/only_debian boolean true +d-i grub-installer/with_other_os boolean true +d-i grub-installer/bootdev string default d-i finish-install/reboot_in_progress note -### Preseeding other packages -libssl1.0.0 libssl1.0.0/restart-services string -libssl1.0.0 libssl1.0.0/restart-failed error - #### Advanced options # Prevent packaged version of VirtualBox Guest Additions being installed: d-i preseed/early_command string sed -i \ diff --git a/tools/appliance/definitions/systemvmtemplate/zerodisk.sh b/tools/appliance/definitions/systemvmtemplate/zerodisk.sh index d0cc13191878..7adea8a438ba 100644 --- a/tools/appliance/definitions/systemvmtemplate/zerodisk.sh +++ b/tools/appliance/definitions/systemvmtemplate/zerodisk.sh @@ -22,9 +22,10 @@ set -x # clean up stuff copied in by veewee function cleanup_veewee() { # this has to be here since it is the last file to run (and we remove ourselves) - rm -fv /root/*.iso - rm -fv /root/{apt_upgrade,authorized_keys,build_time,cleanup,install_systemvm_packages,zerodisk}.sh - rm -fv /root/configure_{acpid,conntrack,grub,locale,login,networking,systemvm_services}.sh + cd /home/cloud + rm -fv *.iso + rm -fv {apt_upgrade,authorized_keys,cleanup,install_systemvm_packages,zerodisk}.sh + rm -fv configure_{acpid,conntrack,grub,locale,networking,persistent_config,systemvm_services}.sh /home/cloud/install_systemvm_packages.sh rm -fv .veewee_version .veewee_params .vbox_version } @@ -32,7 +33,7 @@ function cleanup_veewee() { function zero_disk() { cleanup_veewee - for path in / /boot /usr /var /var/log /opt /tmp /home + for path in / /boot /var/log /tmp do dd if=/dev/zero of=${path}/zero bs=1M || true sync From 2aa70eecceb94c6c6dc6f89889b1b3cdd7b25dc8 Mon Sep 17 00:00:00 2001 From: Wido den Hollander Date: Thu, 10 Aug 2017 13:51:11 +0200 Subject: [PATCH 02/22] CLOUDSTACK-10013: Make Debian9 systemvmtemplates work with systemd - Load the nf_conntrack_ipv6 module for IPv6 connection tracking on SSVM - Move systemd services to /etc and enable services after they have been installed - Disable most services by default and enable in cloud-early-config - Start services after enabling them using systemd - In addition remove /etc/init.d/cloud as this is no longer needed and done by systemd - Accept DOS/MBR as file format for ISO images as well Under Debian 7 the 'file' command would return: debian-9.1.0-amd64-netinst.iso: ISO 9660 CD-ROM filesystem data UDF filesystem data Under Debian 9 however it will return debian-9.1.0-amd64-netinst.iso: DOS/MBR boot sector This would make the HTTPTemplateDownloader in the Secondary Storage VM refuse the ISO as a valid template because it's not a correct format. Changes this behavior so that it accepts both. This allows us to use Debian 9 as a System VM template. Not sure though if enabling them is enough for systemd to still start them on first boot Signed-off-by: Wido den Hollander --- .gitignore | 2 + .../patches/debian/config/etc/init.d/cloud | 155 ------------------ .../config/etc/init.d/cloud-early-config | 55 ++----- .../systemvmtemplate/configure_conntrack.sh | 1 + .../configure_systemvm_services.sh | 22 +-- .../utils/imagestore/ImageStoreUtil.java | 2 +- 6 files changed, 30 insertions(+), 207 deletions(-) delete mode 100755 systemvm/patches/debian/config/etc/init.d/cloud diff --git a/.gitignore b/.gitignore index 29b4ffc30d71..1a73724c1172 100644 --- a/.gitignore +++ b/.gitignore @@ -97,3 +97,5 @@ systemvm/.pydevproject test/.pydevprojec plugins/hypervisors/kvm/.pydevproject scripts/.pydevproject +*.qcow2 +*.raw diff --git a/systemvm/patches/debian/config/etc/init.d/cloud b/systemvm/patches/debian/config/etc/init.d/cloud deleted file mode 100755 index 9b3a63b6d464..000000000000 --- a/systemvm/patches/debian/config/etc/init.d/cloud +++ /dev/null @@ -1,155 +0,0 @@ -#!/bin/bash -### BEGIN INIT INFO -# Provides: cloud -# Required-Start: $local_fs cloud-early-config -# Required-Stop: $local_fs -# Default-Start: 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Start up the CloudStack cloud service -### END INIT INFO -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -#set -x - -ENABLED=0 -[ -e /etc/default/cloud ] && . /etc/default/cloud - -CMDLINE=$(cat /var/cache/cloud/cmdline) - -if [ ! -z $CLOUD_DEBUG ];then - LOG_FILE=/var/log/cloud/cloud.out -else - LOG_FILE=/dev/null -fi - -TYPE="router" -for i in $CMDLINE - do - # search for foo=bar pattern and cut out foo - FIRSTPATTERN=$(echo $i | cut -d= -f1) - case $FIRSTPATTERN in - type) - TYPE=$(echo $i | cut -d= -f2) - ;; - esac -done - -# Source function library. -if [ -f /etc/init.d/functions ] -then - . /etc/init.d/functions -fi - -if [ -f ./lib/lsb/init-functions ] -then - . /lib/lsb/init-functions -fi - -_success() { - if [ -f /etc/init.d/functions ] - then - success - else - echo "Success" - fi -} - -_failure() { - if [ -f /etc/init.d/functions ] - then - failure - else - echo "Failed" - fi -} -RETVAL=$? -CLOUDSTACK_HOME="/usr/local/cloud" -if [ -f $CLOUDSTACK_HOME/systemvm/utils.sh ]; -then - . $CLOUDSTACK_HOME/systemvm/utils.sh -else - _failure -fi - -# mkdir -p /var/log/vmops - -start() { - local pid=$(get_pids) - if [ "$pid" != "" ]; then - echo "CloudStack cloud sevice is already running, PID = $pid" - return 0 - fi - - echo -n "Starting CloudStack cloud service (type=$TYPE) " - if [ -f $CLOUDSTACK_HOME/systemvm/run.sh ]; - then - if [ "$pid" == "" ] - then - (cd $CLOUDSTACK_HOME/systemvm; nohup ./run.sh > $LOG_FILE 2>&1 & ) - pid=$(get_pids) - echo $pid > /var/run/cloud.pid - fi - _success - else - _failure - fi - echo - echo 'start' > $CLOUDSTACK_HOME/systemvm/user_request -} - -stop() { - local pid - echo -n "Stopping CloudStack cloud service (type=$TYPE): " - for pid in $(get_pids) - do - kill $pid - done - _success - echo - echo 'stop' > $CLOUDSTACK_HOME/systemvm/user_request -} - -status() { - local pids=$(get_pids) - if [ "$pids" == "" ] - then - echo "CloudStack cloud service is not running" - return 1 - fi - echo "CloudStack cloud service (type=$TYPE) is running: process id: $pids" - return 0 -} - -[ "$ENABLED" != 0 ] || exit 0 - -case "$1" in - start) start - ;; - stop) stop - ;; - status) status - ;; - restart) stop - start - ;; - *) echo "Usage: $0 {start|stop|status|restart}" - exit 1 - ;; -esac - -exit $RETVAL diff --git a/systemvm/patches/debian/config/etc/init.d/cloud-early-config b/systemvm/patches/debian/config/etc/init.d/cloud-early-config index 1d3a89031b76..6eaed913c516 100755 --- a/systemvm/patches/debian/config/etc/init.d/cloud-early-config +++ b/systemvm/patches/debian/config/etc/init.d/cloud-early-config @@ -497,16 +497,6 @@ disable_rpfilter_domR() { echo "1" > /proc/sys/net/ipv4/conf/lo/rp_filter } -enable_svc() { - local svc=$1 - local enabled=$2 - - log_it "Enable service ${svc} = $enabled" - local cfg=/etc/default/${svc} - [ -f $cfg ] && sed -i "s/ENABLED=.*$/ENABLED=$enabled/" $cfg && return -} - - enable_irqbalance() { local enabled=$1 local proc=0 @@ -803,6 +793,7 @@ setup_sshd(){ [ -f /etc/ssh/sshd_config ] && sed -i -e "s/^[#]*ListenAddress.*$/ListenAddress $ip/" /etc/ssh/sshd_config sed -i "/3922/s/eth./$eth/" /etc/iptables/rules.v4 sed -i "/3922/s/eth./$eth/" /etc/iptables/rules + systemctl restart sshd } @@ -935,11 +926,9 @@ setup_router() { echo "$ETH0_IP $NAME" >> /etc/hosts - enable_svc dnsmasq 1 - enable_svc haproxy 1 + systemctl enable dnsmasq haproxy cloud-passwd-srvr + systemctl restart dnsmasq haproxy cloud-passwd-srvr enable_irqbalance 1 - enable_svc cloud-passwd-srvr 1 - enable_svc cloud 0 disable_rpfilter_domR enable_fwding 1 enable_rpsrfs 1 @@ -1028,12 +1017,9 @@ EOF setup_vpc_apache2 - enable_svc dnsmasq 1 - enable_svc haproxy 1 + systemctl enable dnsmasq haproxy cloud-passwd-srvr enable_irqbalance 1 enable_vpc_rpsrfs 1 - enable_svc cloud 0 - enable_svc cloud-passwd-srvr 1 disable_rpfilter enable_fwding 1 cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules.v4 @@ -1061,6 +1047,8 @@ EOF fi load_modules + systemctl restart dnsmasq haproxy cloud-passwd-srvr + #setup hourly logrotate mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1 @@ -1078,11 +1066,9 @@ setup_dhcpsrvr() { [ $ETH0_IP ] && echo "$ETH0_IP $NAME" >> /etc/hosts [ $ETH0_IP6 ] && echo "$ETH0_IP6 $NAME" >> /etc/hosts - enable_svc dnsmasq 1 - enable_svc haproxy 0 + systemctl enable dnsmasq cloud-passwd-srvr + systemctl restart dnsmasq cloud-passwd-srvr enable_irqbalance 0 - enable_svc cloud-passwd-srvr 1 - enable_svc cloud 0 enable_fwding 0 systemctl disable nfs-common @@ -1156,7 +1142,7 @@ setup_ntp() { fi sed -i "0,/^server/s//$PATTERN\nserver/" $NTP_CONF_FILE done - service ntp restart + systemctl restart ntp else log_it "NTP configuration file not found" fi @@ -1204,15 +1190,12 @@ Header always set Access-Control-Allow-Methods "POST, OPTIONS" Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token, x-signature, x-metadata, x-expires" CORS - service apache2 restart - disable_rpfilter enable_fwding 0 - enable_svc haproxy 0 + systemctl disable haproxy dnsmasq cloud-passwd-srvr + systemctl enable cloud apache2 + systemctl restart cloud apache2 enable_irqbalance 0 - enable_svc dnsmasq 0 - enable_svc cloud-passwd-srvr 0 - enable_svc cloud 1 rm /etc/logrotate.d/cloud setup_ntp } @@ -1233,13 +1216,10 @@ setup_console_proxy() { setup_sshd $ETH0_IP "eth0" fi + systemctl enable cloud disable_rpfilter enable_fwding 0 - enable_svc haproxy 0 enable_irqbalance 0 - enable_svc dnsmasq 0 - enable_svc cloud-passwd-srvr 0 - enable_svc cloud 1 systemctl disable nfs-common rm /etc/logrotate.d/cloud } @@ -1263,11 +1243,7 @@ setup_elbvm() { fi enable_fwding 0 - enable_svc haproxy 0 enable_irqbalance 0 - enable_svc dnsmasq 0 - enable_svc cloud-passwd-srvr 0 - enable_svc cloud 0 systemctl disable nfs-common systemctl disable portmap } @@ -1286,11 +1262,8 @@ setup_ilbvm() { setup_sshd $ETH1_IP "eth1" enable_fwding 0 - enable_svc haproxy 1 + systemctl enable haproxy enable_irqbalance 1 - enable_svc dnsmasq 0 - enable_svc cloud-passwd-srvr 0 - enable_svc cloud 0 systemctl disable nfs-common systemctl disable portmap } diff --git a/tools/appliance/definitions/systemvmtemplate/configure_conntrack.sh b/tools/appliance/definitions/systemvmtemplate/configure_conntrack.sh index 54ec41b42799..c898afc4778d 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_conntrack.sh +++ b/tools/appliance/definitions/systemvmtemplate/configure_conntrack.sh @@ -35,6 +35,7 @@ function load_conntrack_modules() { cat >> /etc/modules << EOF nf_conntrack_ipv4 +nf_conntrack_ipv6 nf_conntrack nf_conntrack_ftp nf_nat_ftp diff --git a/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh b/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh index f3bd52acc192..138646563b50 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh +++ b/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh @@ -36,10 +36,10 @@ function install_cloud_scripts() { rsync -av ./cloud_scripts/ / chmod +x /opt/cloud/bin/* \ /root/{clearUsageRules.sh,reconfigLB.sh,monitorServices.py} \ - /etc/init.d/{cloud,cloud-early-config,cloud-passwd-srvr,postinit} \ + /etc/init.d/{cloud-early-config,cloud-passwd-srvr,postinit} \ /etc/profile.d/cloud.sh - cat > /lib/systemd/system/cloud-early-config.service << EOF + cat > /etc/systemd/system/cloud-early-config.service << EOF [Unit] Description=cloud-early-config: configure according to cmdline DefaultDependencies=no @@ -57,7 +57,7 @@ TimeoutStartSec=5min EOF - cat > /lib/systemd/system/cloud.service << EOF + cat > /etc/systemd/system/cloud.service << EOF [Unit] Description=cloud: startup cloud service After=cloud-early-config.service network.target local-fs.target @@ -66,14 +66,14 @@ After=cloud-early-config.service network.target local-fs.target WantedBy=multi-user.target [Service] -Type=forking -ExecStart=/etc/init.d/cloud start -ExecStop=/etc/init.d/cloud stop -RemainAfterExit=true -TimeoutStartSec=5min +Type=simple +WorkingDirectory=/usr/local/cloud/systemvm +ExecStart=/usr/local/cloud/systemvm/_run.sh +Restart=always +RestartSec=5 EOF - cat > /lib/systemd/system/cloud-passwd-srvr.service << EOF + cat > /etc/systemd/system/cloud-passwd-srvr.service << EOF [Unit] Description=cloud-passwd-srvr: cloud password server After=network.target local-fs.target @@ -89,7 +89,7 @@ RemainAfterExit=true TimeoutStartSec=5min EOF - cat > /lib/systemd/system/postinit.service << EOF + cat > /etc/systemd/system/postinit.service << EOF [Unit] Description=cloud post-init service After=cloud-early-config.service network.target local-fs.target @@ -143,6 +143,8 @@ function configure_services() { systemctl disable x11-common systemctl disable console-setup systemctl disable haproxy + systemctl disable apache2 + systemctl disable dnsmasq # Hyperv kvp daemon - 64bit only local arch=`dpkg --print-architecture` diff --git a/utils/src/main/java/org/apache/cloudstack/utils/imagestore/ImageStoreUtil.java b/utils/src/main/java/org/apache/cloudstack/utils/imagestore/ImageStoreUtil.java index ed1336027ebd..e754a8e1d524 100644 --- a/utils/src/main/java/org/apache/cloudstack/utils/imagestore/ImageStoreUtil.java +++ b/utils/src/main/java/org/apache/cloudstack/utils/imagestore/ImageStoreUtil.java @@ -81,7 +81,7 @@ public static String checkTemplateFormat(String path, String uripath) { return ""; } - if (output.contains("ISO 9660") && isCorrectExtension(uripath, "iso")) { + if ((output.startsWith("ISO 9660") || output.startsWith("DOS/MBR")) && isCorrectExtension(uripath, "iso")) { s_logger.debug("File at path " + path + " looks like an iso : " + output); return ""; } From bb965649d90768d27b55105de882873863bb8012 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Fri, 17 Nov 2017 14:53:57 +0530 Subject: [PATCH 03/22] CLOUDSTACK-10013: Debian9 SystemVM appliance improvements - Refactor cloud-early-config and make appliance specific scripts - Make patching work without requiring restart of appliance and remove postinit script - Migrate to systemd, speedup booting/loading - Takes about 5-15s to boot on KVM, and 10-30seconds for VMware and XenServer - Appliance boots and works on KVM, VMware, XenServer and HyperV - Update Debian9 ISO url with sha512 checksum - Speedup console proxy service launch - Enable additional kernel modules - Remove unknown ssh key - Update vhd-util URL as previous URL was down - Enable sshd by default - Use hostnamectl to add hostname - Disable services by default - Use existing log4j xml, patching not necessary by cloud-early-config - Several minor fixes and file refactorings, removed dead code/files - Removes inserv - Fix dnsmasq config syntax - Fix haproxy config syntax - Fix smoke tests and improve performance - Fix apache pid file path in cloud.monitoring per the new template Signed-off-by: Rohit Yadav --- .../consoleproxy/ConsoleProxyResource.java | 21 +- .../cloud/network/HAProxyConfigurator.java | 16 +- .../VirtualRoutingResourceTest.java | 8 +- .../META-INF/db/schema-41000to41100.sql | 3 + .../com/cloud/consoleproxy/ConsoleProxy.java | 41 +- systemvm/conf/log4j-cloud.xml | 95 +- .../debian/config/etc/apache2/vhost.template | 7 - .../debian/config/etc/haproxy/haproxy.cfg | 3 +- .../config/etc/init.d/cloud-early-config | 1541 ++--------------- .../config/etc/init.d/cloud-passwd-srvr | 4 - .../patches/debian/config/etc/init.d/postinit | 176 -- systemvm/patches/debian/config/etc/rc.local | 56 +- .../patches/debian/config/etc/sysctl.conf | 1 - .../debian/config/opt/cloud/bin/configure.py | 4 +- .../debian/config/opt/cloud/bin/cs/CsApp.py | 1 - .../debian/config/opt/cloud/bin/cs/CsDhcp.py | 4 +- .../config/opt/cloud/bin/cs/CsHelper.py | 6 +- .../debian/config/opt/cloud/bin/dnsmasq.sh | 4 +- .../debian/config/opt/cloud/bin/edithosts.sh | 2 +- .../config/opt/cloud/bin/ipsectunnel.sh | 62 +- .../config/opt/cloud/bin/passwd_server_ip | 4 +- .../config/opt/cloud/bin/patchsystemvm.sh | 262 --- .../config/opt/cloud/bin/setup/common.sh | 862 +++++++++ .../opt/cloud/bin/setup/consoleproxy.sh | 61 + .../cloud => opt/cloud/bin/setup/default.sh} | 14 +- .../config/opt/cloud/bin/setup/dhcpsrvr.sh | 62 + .../config/opt/cloud/bin/setup/elbvm.sh | 53 + .../cloud/bin/setup/ilbvm.sh} | 33 +- .../opt/cloud/bin/setup/patchsystemvm.sh | 57 + .../config/opt/cloud/bin/setup/router.sh | 106 ++ .../config/opt/cloud/bin/setup/secstorage.sh | 90 + .../config/opt/cloud/bin/setup/vpcrouter.sh | 129 ++ .../cloud/templates/check_heartbeat.sh.templ | 6 +- .../debian/config/root/.ssh/authorized_keys | 2 +- systemvm/scripts/_run.sh | 24 +- systemvm/scripts/config_ssl.sh | 1 - systemvm/scripts/run.sh | 4 - systemvm/systemvm-descriptor.xml | 6 +- .../component/test_browse_templates.py | 6 +- .../component/test_browse_volumes.py | 6 +- .../component/test_security_groups.py | 4 +- .../smoke/test_list_ids_parameter.py | 70 +- test/integration/smoke/test_loadbalance.py | 15 +- test/integration/smoke/test_router_dns.py | 2 +- .../smoke/test_router_dnsservice.py | 16 +- test/integration/smoke/test_routers.py | 18 +- test/integration/smoke/test_ssvm.py | 237 +-- .../systemvmtemplate/authorized_keys.sh | 7 +- .../definitions/systemvmtemplate/cleanup.sh | 13 +- .../systemvmtemplate/configure_conntrack.sh | 3 + .../systemvmtemplate/configure_grub.sh | 8 +- .../systemvmtemplate/configure_login.sh | 1 + .../systemvmtemplate/configure_networking.sh | 1 - .../configure_systemvm_services.sh | 56 +- .../systemvmtemplate/definition.rb | 6 +- .../install_systemvm_packages.sh | 31 +- .../definitions/systemvmtemplate/preseed.cfg | 4 +- .../definitions/systemvmtemplate/zerodisk.sh | 5 + .../java/com/cloud/utils/ReflectUtil.java | 21 + .../main/java/com/cloud/utils/nio/Link.java | 4 +- 60 files changed, 1995 insertions(+), 2370 deletions(-) delete mode 100755 systemvm/patches/debian/config/etc/init.d/postinit delete mode 100755 systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh create mode 100755 systemvm/patches/debian/config/opt/cloud/bin/setup/common.sh create mode 100755 systemvm/patches/debian/config/opt/cloud/bin/setup/consoleproxy.sh rename systemvm/patches/debian/config/{etc/default/cloud => opt/cloud/bin/setup/default.sh} (78%) mode change 100644 => 100755 create mode 100755 systemvm/patches/debian/config/opt/cloud/bin/setup/dhcpsrvr.sh create mode 100755 systemvm/patches/debian/config/opt/cloud/bin/setup/elbvm.sh rename systemvm/patches/debian/config/{etc/default/cloud-passwd-srvr => opt/cloud/bin/setup/ilbvm.sh} (51%) mode change 100644 => 100755 create mode 100755 systemvm/patches/debian/config/opt/cloud/bin/setup/patchsystemvm.sh create mode 100755 systemvm/patches/debian/config/opt/cloud/bin/setup/router.sh create mode 100755 systemvm/patches/debian/config/opt/cloud/bin/setup/secstorage.sh create mode 100755 systemvm/patches/debian/config/opt/cloud/bin/setup/vpcrouter.sh diff --git a/agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java b/agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java index 1fed3be753ca..24e825721095 100644 --- a/agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java +++ b/agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java @@ -59,6 +59,7 @@ import com.cloud.resource.ServerResource; import com.cloud.resource.ServerResourceBase; import com.cloud.utils.NumbersUtil; +import com.cloud.utils.ReflectUtil; import com.cloud.utils.net.NetUtils; import com.cloud.utils.script.Script; import com.google.gson.Gson; @@ -315,20 +316,19 @@ public String getName() { private void launchConsoleProxy(final byte[] ksBits, final String ksPassword, final String encryptorPassword) { final Object resource = this; + s_logger.info("Building class loader for com.cloud.consoleproxy.ConsoleProxy"); + final ClassLoader loader = ReflectUtil.getClassLoaderForName("console-proxy"); if (_consoleProxyMain == null) { + s_logger.info("Running com.cloud.consoleproxy.ConsoleProxy with encryptor password=" + encryptorPassword); _consoleProxyMain = new Thread(new ManagedContextRunnable() { @Override protected void runInContext() { try { - Class consoleProxyClazz = Class.forName("com.cloud.consoleproxy.ConsoleProxy"); + Class consoleProxyClazz = loader.loadClass("com.cloud.consoleproxy.ConsoleProxy"); try { - s_logger.info("Invoke setEncryptorPassword(), ecnryptorPassword: " + encryptorPassword); - Method methodSetup = consoleProxyClazz.getMethod("setEncryptorPassword", String.class); - methodSetup.invoke(null, encryptorPassword); - s_logger.info("Invoke startWithContext()"); - Method method = consoleProxyClazz.getMethod("startWithContext", Properties.class, Object.class, byte[].class, String.class); - method.invoke(null, _properties, resource, ksBits, ksPassword); + Method method = consoleProxyClazz.getMethod("startWithContext", Properties.class, Object.class, byte[].class, String.class, String.class); + method.invoke(null, _properties, resource, ksBits, ksPassword, encryptorPassword); } catch (SecurityException e) { s_logger.error("Unable to launch console proxy due to SecurityException", e); System.exit(ExitStatus.Error.value()); @@ -357,7 +357,7 @@ protected void runInContext() { s_logger.info("com.cloud.consoleproxy.ConsoleProxy is already running"); try { - Class consoleProxyClazz = Class.forName("com.cloud.consoleproxy.ConsoleProxy"); + Class consoleProxyClazz = loader.loadClass("com.cloud.consoleproxy.ConsoleProxy"); Method methodSetup = consoleProxyClazz.getMethod("setEncryptorPassword", String.class); methodSetup.invoke(null, encryptorPassword); } catch (SecurityException e) { @@ -440,6 +440,11 @@ public void ensureRoute(String address) { } } + @Override + public boolean stop() { + return true; + } + @Override public void setName(String name) { } diff --git a/core/src/com/cloud/network/HAProxyConfigurator.java b/core/src/com/cloud/network/HAProxyConfigurator.java index d3db0db61323..3b5f23faac1c 100644 --- a/core/src/com/cloud/network/HAProxyConfigurator.java +++ b/core/src/com/cloud/network/HAProxyConfigurator.java @@ -48,7 +48,7 @@ public class HAProxyConfigurator implements LoadBalancerConfigurator { private static String[] defaultsSection = {"defaults", "\tlog global", "\tmode tcp", "\toption dontlognull", "\tretries 3", "\toption redispatch", "\toption forwardfor", "\toption forceclose", "\ttimeout connect 5000", "\ttimeout client 50000", "\ttimeout server 50000"}; - private static String[] defaultListen = {"listen vmops 0.0.0.0:9", "\toption transparent"}; + private static String[] defaultListen = {"listen vmops", "\tbind 0.0.0.0:9", "\toption transparent"}; @Override public String[] generateConfiguration(final List fwRules) { @@ -100,7 +100,10 @@ private List getRulesForPool(final String poolName, final List result = new ArrayList(); // add line like this: "listen 65_37_141_30-80 65.37.141.30:80" StringBuilder sb = new StringBuilder(); - sb.append("listen ").append(poolName).append(" ").append(publicIP).append(":").append(publicPort); + sb.append("listen ").append(poolName); + result.add(sb.toString()); + sb = new StringBuilder(); + sb.append("\tbind ").append(publicIP).append(":").append(publicPort); result.add(sb.toString()); sb = new StringBuilder(); // FIXME sb.append("\t").append("balance ").append(algorithm); @@ -474,9 +477,12 @@ private List getRulesForPool(final LoadBalancerTO lbTO, final boolean ke final String algorithm = lbTO.getAlgorithm(); final List result = new ArrayList(); - // add line like this: "listen 65_37_141_30-80 65.37.141.30:80" + // add line like this: "listen 65_37_141_30-80\n\tbind 65.37.141.30:80" + sb = new StringBuilder(); + sb.append("listen ").append(poolName); + result.add(sb.toString()); sb = new StringBuilder(); - sb.append("listen ").append(poolName).append(" ").append(publicIP).append(":").append(publicPort); + sb.append("\tbind ").append(publicIP).append(":").append(publicPort); result.add(sb.toString()); sb = new StringBuilder(); sb.append("\t").append("balance ").append(algorithm); @@ -552,7 +558,7 @@ private List getRulesForPool(final LoadBalancerTO lbTO, final boolean ke } private String generateStatsRule(final LoadBalancerConfigCommand lbCmd, final String ruleName, final String statsIp) { - final StringBuilder rule = new StringBuilder("\nlisten ").append(ruleName).append(" ").append(statsIp).append(":").append(lbCmd.lbStatsPort); + final StringBuilder rule = new StringBuilder("\nlisten ").append(ruleName).append("\n\tbind ").append(statsIp).append(":").append(lbCmd.lbStatsPort); // TODO DH: write test for this in both cases if (!lbCmd.keepAliveEnabled) { s_logger.info("Haproxy mode http enabled"); diff --git a/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java b/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java index 6405037dd0fd..200f266b9251 100644 --- a/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java +++ b/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java @@ -834,7 +834,8 @@ protected void verifyFile(final LoadBalancerConfigCommand cmd, final String path "\ttimeout client 50000\n" + "\ttimeout server 50000\n" + "\n" + - "listen stats_on_guest 10.1.10.2:8081\n" + + "listen stats_on_guest\n" + + "\tbind 10.1.10.2:8081\n" + "\tmode http\n" + "\toption httpclose\n" + "\tstats enable\n" + @@ -843,7 +844,8 @@ protected void verifyFile(final LoadBalancerConfigCommand cmd, final String path "\tstats auth admin1:AdMiN123\n" + "\n" + "\t \n" + - "listen 64_10_1_10-80 64.10.1.10:80\n" + + "listen 64_10_1_10-80\n" + + "\tbind 64.10.1.10:80\n" + "\tbalance algo\n" + "\tserver 64_10_1_10-80_0 10.1.10.2:80 check\n" + "\tmode http\n" + @@ -917,4 +919,4 @@ private void verifyArgs(final AggregationControlCommand cmd, final String script assertTrue(args.startsWith("-c /var/cache/cloud/VR-")); assertTrue(args.endsWith(".cfg")); } -} \ No newline at end of file +} diff --git a/engine/schema/resources/META-INF/db/schema-41000to41100.sql b/engine/schema/resources/META-INF/db/schema-41000to41100.sql index f546027f5174..5f7eff2dd9ec 100644 --- a/engine/schema/resources/META-INF/db/schema-41000to41100.sql +++ b/engine/schema/resources/META-INF/db/schema-41000to41100.sql @@ -489,3 +489,6 @@ INSERT IGNORE INTO `cloud`.`guest_os_hypervisor` (uuid, hypervisor_type, hypervi -- Add XenServer 7.2 hypervisor guest OS mappings (copy 7.1.0 & remove Windows Vista, Windows XP, Windows 2003, CentOS 4.x, RHEL 4.xS, LES 10 (all versions) as per XenServer 7.2 Release Notes) INSERT IGNORE INTO `cloud`.`guest_os_hypervisor` (uuid,hypervisor_type, hypervisor_version, guest_os_name, guest_os_id, created, is_user_defined) SELECT UUID(),'Xenserver', '7.2.0', guest_os_name, guest_os_id, utc_timestamp(), 0 FROM `cloud`.`guest_os_hypervisor` WHERE hypervisor_type='Xenserver' AND hypervisor_version='7.1.0' AND guest_os_id not in (1,2,3,4,56,101,56,58,93,94,50,51,87,88,89,90,91,92,26,27,28,29,40,41,42,43,44,45,96,97,107,108,109,110,151,152,153); + +-- Change monitor patch for apache2 in systemvm +UPDATE `cloud`.`monitoring_services` SET pidfile="/var/run/apache2/apache2.pid" WHERE process_name="apache2" AND service_name="apache2"; diff --git a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxy.java b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxy.java index 863f0bfc2e0c..f0c3c4e46441 100644 --- a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxy.java +++ b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxy.java @@ -26,21 +26,18 @@ import java.net.InetSocketAddress; import java.net.URISyntaxException; import java.net.URL; -import java.security.NoSuchAlgorithmException; -import java.security.SecureRandom; import java.util.Hashtable; import java.util.Map; import java.util.Properties; import java.util.concurrent.Executor; -import org.apache.commons.codec.binary.Base64; import org.apache.log4j.xml.DOMConfigurator; -import com.google.gson.Gson; -import com.sun.net.httpserver.HttpServer; - import com.cloud.consoleproxy.util.Logger; import com.cloud.utils.PropertiesUtil; +import com.cloud.utils.ReflectUtil; +import com.google.gson.Gson; +import com.sun.net.httpserver.HttpServer; /** * @@ -74,25 +71,11 @@ public class ConsoleProxy { static String factoryClzName; static boolean standaloneStart = false; - static String encryptorPassword = genDefaultEncryptorPassword(); - - private static String genDefaultEncryptorPassword() { - try { - SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); - - byte[] randomBytes = new byte[16]; - random.nextBytes(randomBytes); - return Base64.encodeBase64String(randomBytes); - } catch (NoSuchAlgorithmException e) { - s_logger.error("Unexpected exception ", e); - assert (false); - } - - return "Dummy"; - } + static String encryptorPassword = "Dummy"; private static void configLog4j() { - URL configUrl = System.class.getResource("/conf/log4j-cloud.xml"); + final ClassLoader loader = ReflectUtil.getClassLoaderForName("conf"); + URL configUrl = loader.getResource("/conf/log4j-cloud.xml"); if (configUrl == null) configUrl = ClassLoader.getSystemResource("log4j-cloud.xml"); @@ -249,23 +232,25 @@ public static void ensureRoute(String address) { } } - public static void startWithContext(Properties conf, Object context, byte[] ksBits, String ksPassword) { + public static void startWithContext(Properties conf, Object context, byte[] ksBits, String ksPassword, String password) { + setEncryptorPassword(password); + configLog4j(); + Logger.setFactory(new ConsoleProxyLoggerFactory()); s_logger.info("Start console proxy with context"); + if (conf != null) { for (Object key : conf.keySet()) { s_logger.info("Context property " + (String)key + ": " + conf.getProperty((String)key)); } } - configLog4j(); - Logger.setFactory(new ConsoleProxyLoggerFactory()); - // Using reflection to setup private/secure communication channel towards management server ConsoleProxy.context = context; ConsoleProxy.ksBits = ksBits; ConsoleProxy.ksPassword = ksPassword; try { - Class contextClazz = Class.forName("com.cloud.agent.resource.consoleproxy.ConsoleProxyResource"); + final ClassLoader loader = ReflectUtil.getClassLoaderForName("agent"); + Class contextClazz = loader.loadClass("com.cloud.agent.resource.consoleproxy.ConsoleProxyResource"); authMethod = contextClazz.getDeclaredMethod("authenticateConsoleAccess", String.class, String.class, String.class, String.class, String.class, Boolean.class); reportMethod = contextClazz.getDeclaredMethod("reportLoadInfo", String.class); ensureRouteMethod = contextClazz.getDeclaredMethod("ensureRoute", String.class); diff --git a/systemvm/conf/log4j-cloud.xml b/systemvm/conf/log4j-cloud.xml index 9c26bf4dd7c4..b32bb570d57a 100644 --- a/systemvm/conf/log4j-cloud.xml +++ b/systemvm/conf/log4j-cloud.xml @@ -18,37 +18,67 @@ specific language governing permissions and limitations under the License. --> - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - + + - + - + - - + + @@ -56,26 +86,14 @@ under the License. - - - - - - - - - - - - - - + + - + - + @@ -84,20 +102,19 @@ under the License. - + - - - + + - - - - + + + + @@ -106,7 +123,9 @@ under the License. - + + + diff --git a/systemvm/patches/debian/config/etc/apache2/vhost.template b/systemvm/patches/debian/config/etc/apache2/vhost.template index 043a286680d4..7b89c3b5b469 100644 --- a/systemvm/patches/debian/config/etc/apache2/vhost.template +++ b/systemvm/patches/debian/config/etc/apache2/vhost.template @@ -83,9 +83,6 @@ Allow from 127.0.0.0/255.0.0.0 ::1/128 - # Include CORS configuration **IF SET** - Include /etc/apache2/[cC][oO][rR][sS].conf - # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on @@ -228,12 +225,8 @@ # README.Debian.gz Listen 10.1.1.1:80 -NameVirtualHost 10.1.1.1:80 - # If you add NameVirtualHost *:443 here, you will also have to change - # the VirtualHost statement in /etc/apache2/sites-available/default-ssl - # to # Server Name Indication for SSL named virtual hosts is currently not # supported by MSIE on Windows XP. Listen 10.1.1.1:443 diff --git a/systemvm/patches/debian/config/etc/haproxy/haproxy.cfg b/systemvm/patches/debian/config/etc/haproxy/haproxy.cfg index 94737ac328e7..0adbfc6f3bb3 100644 --- a/systemvm/patches/debian/config/etc/haproxy/haproxy.cfg +++ b/systemvm/patches/debian/config/etc/haproxy/haproxy.cfg @@ -22,5 +22,6 @@ defaults timeout server 50000 -listen cloud-default 0.0.0.0:35999 +listen cloud-default + bind 0.0.0.0:35999 option transparent diff --git a/systemvm/patches/debian/config/etc/init.d/cloud-early-config b/systemvm/patches/debian/config/etc/init.d/cloud-early-config index 6eaed913c516..9964f9037542 100755 --- a/systemvm/patches/debian/config/etc/init.d/cloud-early-config +++ b/systemvm/patches/debian/config/etc/init.d/cloud-early-config @@ -5,7 +5,7 @@ # Required-Stop: $local_fs # Default-Start: S # Default-Stop: 0 6 -# Short-Description: configure according to cmdline +# Short-Description: configures systemvm using cmdline ### END INIT INFO # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file @@ -24,21 +24,14 @@ # specific language governing permissions and limitations # under the License. -PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" #set -x #exec 3>&0 4>&1 > /var/log/test.log 2>&1 -#start hv_kvp daemon -[ -f /usr/sbin/hv_kvp_daemon ] && /usr/sbin/hv_kvp_daemon - -# Fix haproxy directory issue -mkdir -p /var/lib/haproxy +PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" +CMDLINE=/var/cache/cloud/cmdline # Clear boot up flag, it would be created by rc.local after boot up done rm -f /var/cache/cloud/boot_up_done -# Randomize cloud password so only ssh login is allowed -echo "cloud:`openssl rand -base64 32`" | chpasswd - [ -x /sbin/ifup ] || exit 0 . /lib/lsb/init-functions @@ -48,71 +41,45 @@ log_it() { log_action_msg "$@" } -init_interfaces_orderby_macs() { - macs=( $(echo $1 | sed "s/|/ /g") ) - total_nics=${#macs[@]} - interface_file=${2:-"/etc/network/interfaces"} - rule_file=${3:-"/etc/udev/rules.d/70-persistent-net.rules"} - - echo -n "auto lo" > $interface_file - for((i=0; i> $interface_file - fi - done - cat >> $interface_file << EOF - -iface lo inet loopback - -EOF - - echo "" > $rule_file - for((i=0; i < ${#macs[@]}; i++)) - do - echo "SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", ATTR{address}==\"${macs[$i]}\", NAME=\"eth$i\"" >> $rule_file - done -} - -init_interfaces() { - if [ "$NIC_MACS" == "" ] - then - cat > /etc/network/interfaces << EOF -auto lo $1 $2 $3 -iface lo inet loopback - -EOF - else - init_interfaces_orderby_macs "$NIC_MACS" - fi -} - hypervisor() { - [ -d /proc/xen ] && mount -t xenfs none /proc/xen - [ -d /proc/xen ] && echo "xen-domU" && return 0 - local try=$([ -x /usr/sbin/virt-what ] && virt-what | tail -1) [ "$try" != "" ] && echo $try && return 0 - vmware-checkvm &> /dev/null && echo "vmware" && return 0 - grep -q QEMU /proc/cpuinfo && echo "kvm" && return 0 grep -q QEMU /var/log/messages && echo "kvm" && return 0 + [ -d /proc/xen ] && mount -t xenfs none /proc/xen + [ -d /proc/xen ] && echo "xen-domU" && return 0 + + vmware-checkvm &> /dev/null && echo "vmware" && return 0 + echo "unknown" && return 1 +} +config_guest() { + if [ "$HYPERVISOR" == "kvm" ] + then + # Configure hot-plug + modprobe acpiphp || true + modprobe pci_hotplug || true + # Configure serial console FIXME: remove during build we enable it? + #sed -i -e "/^serial.*/d" /boot/grub/grub.conf + #sed -i -e "/^terminal.*/d" /boot/grub/grub.conf + #sed -i -e "/^default.*/a\serial --unit=0 --speed=115200 --parity=no --stop=1" /boot/grub/grub.conf + #sed -i -e "/^serial.*/a\terminal --timeout=0 serial console" /boot/grub/grub.conf + #sed -i -e "s/\(^kernel.* ro\) \(console.*\)/\1 console=tty0 console=ttyS0,115200n8/" /boot/grub/grub.conf + sed -i -e "/^s0:2345:respawn.*/d" /etc/inittab + sed -i -e "/6:23:respawn/a\s0:2345:respawn:/sbin/getty -L 115200 ttyS0 vt102" /etc/inittab + fi + [ ! -d /proc/xen ] && sed -i 's/^vc/#vc/' /etc/inittab && telinit q + [ -d /proc/xen ] && sed -i 's/^#vc/vc/' /etc/inittab && telinit q } get_boot_params() { - local EXTRA_MOUNT=/media/extra - local hyp=$(hypervisor) - [ $? -ne 0 ] && log_it "Failed to detect hypervisor type, bailing out of early init" && exit 10 - - case $hyp in + case $HYPERVISOR in xen-domU|xen-hvm) - cat /proc/cmdline > /var/cache/cloud/cmdline - sed -i "s/%/ /g" /var/cache/cloud/cmdline + cat /proc/cmdline > $CMDLINE + sed -i "s/%/ /g" $CMDLINE ;; kvm) VPORT=$(find /dev/virtio-ports -type l -name '*.vport' 2>/dev/null|head -1) @@ -125,66 +92,79 @@ get_boot_params() { log_it "${VPORT} not loaded, perhaps guest kernel is too old." && exit 2 fi - local factor=2 - local progress=1 - for i in {1..5} - do - while read line; do - if [[ $line == cmdline:* ]]; then - cmd=${line//cmdline:/} - echo $cmd > /var/cache/cloud/cmdline - elif [[ $line == pubkey:* ]]; then - pubkey=${line//pubkey:/} - echo $pubkey > /var/cache/cloud/authorized_keys - echo $pubkey > /root/.ssh/authorized_keys + local factor=2 + local progress=1 + for i in {1..5} + do + while read line; do + if [[ $line == cmdline:* ]]; then + cmd=${line//cmdline:/} + echo $cmd > $CMDLINE + elif [[ $line == pubkey:* ]]; then + pubkey=${line//pubkey:/} + echo $pubkey > /var/cache/cloud/authorized_keys + echo $pubkey > /root/.ssh/authorized_keys fi - done < $VPORT - # In case of reboot we do not send the boot args again. - # So, no need to wait for them, as the boot args are already set at startup - if [ -s /var/cache/cloud/cmdline ] - then + done < $VPORT + # In case of reboot we do not send the boot args again. + # So, no need to wait for them, as the boot args are already set at startup + if [ -s $CMDLINE ] + then log_it "Found a non empty cmdline file. Will now exit the loop and proceed with configuration." break; fi sleep ${progress}s progress=$[ progress * factor ] - done + done chmod go-rwx /root/.ssh/authorized_keys ;; vmware) - vmtoolsd --cmd 'machine.id.get' > /var/cache/cloud/cmdline + vmtoolsd --cmd 'machine.id.get' > $CMDLINE ;; virtualpc|hyperv) # Hyper-V is recognized as virtualpc hypervisor type. Boot args are passed using KVP Daemon #waiting for the hv_kvp_daemon to start up #sleep need to fix the race condition of hv_kvp_daemon and cloud-early-config + [ -f /usr/sbin/hv_kvp_daemon ] && /usr/sbin/hv_kvp_daemon sleep 5 - cp -f /var/opt/hyperv/.kvp_pool_0 /var/cache/cloud/cmdline + cp -f /var/opt/hyperv/.kvp_pool_0 $CMDLINE cat /dev/null > /var/opt/hyperv/.kvp_pool_0 ;; virtualbox) # Virtualbox is used to test the virtual router # get the commandline from a dmistring (yes, hacky!) - dmidecode | grep cmdline | sed 's/^.*cmdline://' > /var/cache/cloud/cmdline + dmidecode | grep cmdline | sed 's/^.*cmdline://' > $CMDLINE RV=$? if [ $RV -ne 0 ] ; then log_it "Failed to get cmdline from a virtualbox dmi property" fi ;; esac +} +get_systemvm_type() { + for str in $(cat $CMDLINE) + do + KEY=$(echo $str | cut -d= -f1) + VALUE=$(echo $str | cut -d= -f2) + case $KEY in + type) + export TYPE=$VALUE + ;; + *) + ;; + esac + done } patch() { local PATCH_MOUNT=/media/cdrom local patchfile=$PATCH_MOUNT/cloud-scripts.tgz - local md5file=/var/cache/cloud/cloud-scripts-signature local privkey=$PATCH_MOUNT/authorized_keys - local shouldpatch=false + local md5file=/var/cache/cloud/cloud-scripts-signature local cdrom_dev= mkdir -p $PATCH_MOUNT - if [ -e /dev/xvdd ]; then cdrom_dev=/dev/xvdd elif [ -e /dev/cdrom ]; then @@ -196,1370 +176,101 @@ patch() { elif [ -e /dev/cdrom3 ]; then cdrom_dev=/dev/cdrom3 fi + [ -f /var/cache/cloud/authorized_keys ] && privkey=/var/cache/cloud/authorized_keys if [ -n "$cdrom_dev" ]; then mount -o ro $cdrom_dev $PATCH_MOUNT - [ -f $privkey ] && cp -f $privkey /root/.ssh/ && chmod go-rwx /root/.ssh/authorized_keys local oldmd5= [ -f ${md5file} ] && oldmd5=$(cat ${md5file}) local newmd5= [ -f ${patchfile} ] && newmd5=$(md5sum ${patchfile} | awk '{print $1}') - - if [ "$oldmd5" != "$newmd5" ] && [ -f ${patchfile} ] && [ "$newmd5" != "" ] + + log_it "Scripts checksum detected: oldmd5=$oldmd5 newmd5=$newmd5" + if [ "$oldmd5" != "$newmd5" ] && [ -f ${patchfile} ] && [ "$newmd5" != "" ] then - shouldpatch=true - log_it "Patching scripts oldmd5=$oldmd5 newmd5=$newmd5" tar xzf $patchfile -C / echo ${newmd5} > ${md5file} + log_it "Patched scripts using $patchfile" fi - log_it "Patching cloud service" - hyperVisor=$(hypervisor) - /opt/cloud/bin/patchsystemvm.sh $PATCH_MOUNT $hyperVisor - umount $PATCH_MOUNT - - if [ "$shouldpatch" == "true" ] - then - log_it "Rebooting system since we patched init scripts" - sync - sleep 2 - reboot - fi - fi - if [ -f /mnt/cmdline ]; then - cat /mnt/cmdline > /var/cache/cloud/cmdline - fi - return 0 -} - -patch_log4j() { -log_it "Updating log4j-cloud.xml" -mkdir -p /usr/local/cloud/systemvm/conf -cat << "EOF" > /usr/local/cloud/systemvm/conf/temp.xml - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -EOF -mv /usr/local/cloud/systemvm/conf/temp.xml /usr/local/cloud/systemvm/conf/log4j-cloud.xml -} - -setup_interface() { - local intfnum=$1 - local ip=$2 - local mask=$3 - local gw=$4 - local force=$5 - local intf=eth${intfnum} - local bootproto="static" - - - if [ "$BOOTPROTO" == "dhcp" ] - then - if [ "$intfnum" != "0" ] - then - bootproto="dhcp" - fi - fi - - if [ "$ip" != "0.0.0.0" -a "$ip" != "" -o "$force" == "force" ] - then - echo "iface $intf inet $bootproto" >> /etc/network/interfaces - if [ "$bootproto" == "static" ] - then - echo " address $ip " >> /etc/network/interfaces - echo " netmask $mask" >> /etc/network/interfaces - fi - fi - - if [ "$ip" == "0.0.0.0" -o "$ip" == "" ] - then - ifconfig $intf down - fi - - if [ "$force" == "force" ] - then - ifdown $intf - else - ifdown $intf - if [ "$RROUTER" != "1" -o "$1" != "2" ] - then - ifup $intf - timer=0 - log_it "checking that $intf has IP " - while true - do - ip=$(ifconfig $intf | grep "inet addr:" | awk '{print $2}' | awk -F: '{print $2}') - if [ -z $ip ] - then - sleep 1; - #waiting for the interface to setup with ip - log_it "waiting for $intf interface setup with ip timer=$timer" - else - break - fi - - if [ $timer -gt 15 ] - then - log_it "interface $intf is not set up with ip... exiting"; - break - fi - - timer=`expr $timer + 1` - done - fi - fi -} - -setup_interface_ipv6() { - sysctl net.ipv6.conf.all.disable_ipv6=0 - sysctl net.ipv6.conf.all.forwarding=1 - sysctl net.ipv6.conf.all.accept_ra=1 - - sed -i "s/net.ipv6.conf.all.disable_ipv6 =.*$/net.ipv6.conf.all.disable_ipv6 = 0/" /etc/sysctl.conf - sed -i "s/net.ipv6.conf.all.forwarding =.*$/net.ipv6.conf.all.forwarding = 1/" /etc/sysctl.conf - sed -i "s/net.ipv6.conf.all.accept_ra =.*$/net.ipv6.conf.all.accept_ra = 1/" /etc/sysctl.conf - - local intfnum=$1 - local ipv6="$2" - local prelen="$3" - local intf=eth${intfnum} - - echo "iface $intf inet6 static" >> /etc/network/interfaces - echo " address $ipv6 " >> /etc/network/interfaces - echo " netmask $prelen" >> /etc/network/interfaces - echo " accept_ra 1" >> /etc/network/interfaces - ifdown $intf - ifup $intf -} - -enable_fwding() { - local enabled=$1 - log_it "cloud: enable_fwding = $1" - log_it "enable_fwding = $1" - echo "$1" > /proc/sys/net/ipv4/ip_forward - [ -f /etc/iptables/iptables.conf ] && sed -i "s/ENABLE_ROUTING=.*$/ENABLE_ROUTING=$enabled/" /etc/iptables/iptables.conf && return -} - -disable_rpfilter() { - log_it "cloud: disable rp_filter" - log_it "disable rpfilter" - sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf -} - -get_public_vif_list() { - local vif_list="" - for i in /sys/class/net/eth*; do - vif=$(basename $i); - if [ "$vif" != "eth0" ] && [ "$vif" != "eth1" ] - then - vif_list="$vif_list $vif"; - fi - done - - echo $vif_list -} - -disable_rpfilter_domR() { - log_it "cloud: Tuning rp_filter on public interfaces" - - VIF_LIST=$(get_public_vif_list) - log_it "rpfilter public interfaces : $VIF_LIST" - if [ "$DISABLE_RP_FILTER" == "true" ] - then - log_it "cloud: disable rp_filter on public interfaces" - sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf - echo "0" > /proc/sys/net/ipv4/conf/default/rp_filter - for vif in $VIF_LIST; do - log_it "cloud: disable rp_filter on public interface: $vif" - sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 0/" /etc/sysctl.conf - echo "0" > /proc/sys/net/ipv4/conf/$vif/rp_filter - done - else - log_it "cloud: enable rp_filter on public interfaces" - sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 1/" /etc/sysctl.conf - echo "1" > /proc/sys/net/ipv4/conf/default/rp_filter - for vif in $VIF_LIST; do - log_it "cloud: enable rp_filter on public interface: $vif" - sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 1/" /etc/sysctl.conf - echo "1" > /proc/sys/net/ipv4/conf/$vif/rp_filter - done - fi - log_it "cloud: Enabling rp_filter on Non-public interfaces(eth0,eth1,lo)" - echo "1" > /proc/sys/net/ipv4/conf/eth0/rp_filter - echo "1" > /proc/sys/net/ipv4/conf/eth1/rp_filter - echo "1" > /proc/sys/net/ipv4/conf/lo/rp_filter -} - -enable_irqbalance() { - local enabled=$1 - local proc=0 - - proc=$(cat /proc/cpuinfo | grep "processor" | wc -l) - if [ $proc -le 1 ] && [ $enabled -eq 1 ] - then - enabled=0 - fi - - log_it "Processors = $proc Enable service ${svc} = $enabled" - local cfg=/etc/default/irqbalance - [ -f $cfg ] && sed -i "s/ENABLED=.*$/ENABLED=$enabled/" $cfg && return -} - -disable_hvc() { - [ ! -d /proc/xen ] && sed -i 's/^vc/#vc/' /etc/inittab && telinit q - [ -d /proc/xen ] && sed -i 's/^#vc/vc/' /etc/inittab && telinit q -} - -enable_vpc_rpsrfs() { - local enable=$1 - if [ $enable -eq 0 ] - then - echo 0 > /etc/rpsrfsenable - else - echo 1 > /etc/rpsrfsenable - fi - - return 0 -} - -enable_rpsrfs() { - local enable=$1 - - if [ $enable -eq 0 ] - then - echo 0 > /etc/rpsrfsenable - return 0 - fi - - if [ ! -f /sys/class/net/eth0/queues/rx-0/rps_cpus ] - then - echo "rps is not enabled in the kernel" - echo 0 > /etc/rpsrfsenable - return 0 - fi - - proc=$(cat /proc/cpuinfo | grep "processor" | wc -l) - if [ $proc -le 1 ] - then - echo 0 > /etc/rpsrfsenable - return 0; - fi - - echo 1 > /etc/rpsrfsenable - num=1 - num=$(($num<<$proc)) - num=$(($num-1)); - echo $num; - hex=$(printf "%x\n" $num) - echo $hex; - #enable rps - echo $hex > /sys/class/net/eth0/queues/rx-0/rps_cpus - echo $hex > /sys/class/net/eth2/queues/rx-0/rps_cpus - - #enble rfs - echo 256 > /proc/sys/net/core/rps_sock_flow_entries - echo 256 > /sys/class/net/eth0/queues/rx-0/rps_flow_cnt - echo 256 > /sys/class/net/eth2/queues/rx-0/rps_flow_cnt -} - -setup_common() { - init_interfaces $1 $2 $3 - if [ -n "$ETH0_IP" ] - then - setup_interface "0" $ETH0_IP $ETH0_MASK $GW - fi - if [ -n "$ETH0_IP6" ] - then - setup_interface_ipv6 "0" $ETH0_IP6 $ETH0_IP6_PRELEN - fi - setup_interface "1" $ETH1_IP $ETH1_MASK $GW - if [ -n "$ETH2_IP" ] - then - setup_interface "2" $ETH2_IP $ETH2_MASK $GW - fi - - echo $NAME > /etc/hostname - echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon - hostname $NAME - - #Nameserver - sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries - sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries - if [ -n "$internalNS1" ] - then - echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf - echo "nameserver $internalNS1" > /etc/resolv.conf - fi - - if [ -n "$internalNS2" ] - then - echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf - echo "nameserver $internalNS2" >> /etc/resolv.conf - fi - if [ -n "$NS1" ] - then - echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf - echo "nameserver $NS1" >> /etc/resolv.conf - fi - - if [ -n "$NS2" ] - then - echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf - echo "nameserver $NS2" >> /etc/resolv.conf - fi - - if [ -n "$IP6_NS1" ] - then - echo "nameserver $IP6_NS1" >> /etc/dnsmasq-resolv.conf - echo "nameserver $IP6_NS1" >> /etc/resolv.conf - fi - if [ -n "$IP6_NS2" ] - then - echo "nameserver $IP6_NS2" >> /etc/dnsmasq-resolv.conf - echo "nameserver $IP6_NS2" >> /etc/resolv.conf - fi - - if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ] - then - ip route add $MGMTNET via $LOCAL_GW dev eth1 - fi - - ip route delete default - if [ "$RROUTER" != "1" ] - then - gwdev=$3 - if [ -z "$gwdev" ] - then - gwdev="eth0" - fi - - ip route add default via $GW dev $gwdev - fi - - # a hacking way to activate vSwitch under VMware - ping -n -c 3 $GW & - sleep 3 - pkill ping - if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ] - then - ping -n -c 3 $LOCAL_GW & - sleep 3 - pkill ping - #This code is added to address ARP issue by pinging MGMT_GW - MGMT_GW=$(echo $MGMTNET | awk -F "." '{print $1"."$2"."$3".1"}') - ping -n -c 3 $MGMT_GW & - sleep 3 - pkill ping - - fi - - local hyp=$(hypervisor) - if [ "$hyp" == "vmware" ]; then - ntpq -p &> /dev/null || vmware-toolbox-cmd timesync enable - fi -} + log_it "Patching cloud service" + /opt/cloud/bin/setup/patchsystemvm.sh $PATCH_MOUNT $TYPE -setup_dnsmasq() { - log_it "Setting up dnsmasq" - - touch /etc/dhcpopts.txt - - [ -z $DHCP_RANGE ] && [ $ETH0_IP ] && DHCP_RANGE=$ETH0_IP - [ $ETH0_IP6 ] && DHCP_RANGE_IP6=$ETH0_IP6 - [ -z $DOMAIN ] && DOMAIN="cloudnine.internal" - #removing the dnsmasq multiple ranges config file. - rm /etc/dnsmasq.d/multiple_ranges.conf - - #get the template - cp /etc/dnsmasq.conf.tmpl /etc/dnsmasq.conf - - if [ -n "$DOMAIN" ] - then - #send domain name to dhcp clients - sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\"$DOMAIN\"/ /etc/dnsmasq.conf - #DNS server will append $DOMAIN to local queries - sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf - #answer all local domain queries - sed -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf - fi - - if [ -n "$DNS_SEARCH_ORDER" ] - then - sed -i -e "/^[#]*dhcp-option.*=119.*$/d" /etc/dnsmasq.conf - echo "dhcp-option-force=119,$DNS_SEARCH_ORDER" >> /etc/dnsmasq.conf - # set the domain search order as a space seprated list for option 15 - DNS_SEARCH_ORDER=$(echo $DNS_SEARCH_ORDER | sed 's/,/ /g') - #send domain name to dhcp clients - sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\""$DNS_SEARCH_ORDER"\"/ /etc/dnsmasq.conf - fi - - if [ $DHCP_RANGE ] - then - sed -i -e "s/^dhcp-range_ip4=.*$/dhcp-range=$DHCP_RANGE,static/" /etc/dnsmasq.conf - else - sed -i -e "s/^dhcp-range_ip4=.*$//" /etc/dnsmasq.conf - fi - if [ $DHCP_RANGE_IP6 ] - then - sed -i -e "s/^dhcp-range_ip6=.*$/dhcp-range=$DHCP_RANGE_IP6,static/" /etc/dnsmasq.conf - # For nondefault6 tagged host, don't send dns-server information - sed -i /nondefault6/d /etc/dnsmasq.conf - echo "dhcp-option=nondefault6,option6:dns-server" >> /etc/dnsmasq.conf - else - sed -i -e "s/^dhcp-range_ip6=.*$//" /etc/dnsmasq.conf - fi - - if [ "$RROUTER" == "1" ] - then - DEFAULT_GW=$GUEST_GW - INTERNAL_DNS=$GUEST_GW - else - if [ "$TYPE" == "dhcpsrvr" ] - then - DEFAULT_GW=$GW - else - DEFAULT_GW=$ETH0_IP - fi - INTERNAL_DNS=$ETH0_IP - fi - sed -i -e "/^[#]*dhcp-option=option:router.*$/d" /etc/dnsmasq.conf - [ $DEFAULT_GW ] && echo "dhcp-option=option:router,$DEFAULT_GW" >> /etc/dnsmasq.conf - - [ $ETH0_IP ] && [ $NS1 ] && NS="$NS1," - [ $ETH0_IP ] && [ $NS2 ] && NS="$NS$NS2," - [ $ETH0_IP6 ] && [ $IP6_NS1 ] && NS6="[$IP6_NS1]," - [ $ETH0_IP6 ] && [ $IP6_NS2 ] && NS6="$NS6[$IP6_NS2]," - #for now set up ourself as the dns server as well - sed -i -e "/^[#]*dhcp-option=6,.*$/d" /etc/dnsmasq.conf - sed -i -e "/^[#]*dhcp-option=option6:dns-server,.*$/d" /etc/dnsmasq.conf - if [ "$USE_EXTERNAL_DNS" != "true" ] - then - [ $ETH0_IP ] && NS="$INTERNAL_DNS,$NS" - [ $ETH0_IP6 ] && NS6="[::],$NS6" - # enable dns - sed -i -e "/^[#]*port=.*$/d" /etc/dnsmasq.conf - else - # disable dns - sed -i -e "/^[#]*port=.*$/d" /etc/dnsmasq.conf - echo "port=0" >> /etc/dnsmasq.conf - fi - NS=${NS%?} - NS6=${NS6%?} - [ $ETH0_IP ] && echo "dhcp-option=6,$NS" >> /etc/dnsmasq.conf - [ $ETH0_IP6 ] && echo "dhcp-option=option6:dns-server,$NS6" >> /etc/dnsmasq.conf -#adding the name data-server to the /etc/hosts for allowing the access to user-data service and ssh-key reset in every subnet. -#removing the existing entires to avoid duplicates on restarts. - sed -i '/data-server/d' /etc/hosts - if [ -n "$ETH0_IP" ] - then - echo "$ETH0_IP data-server" >> /etc/hosts - fi - if [ -n "$ETH0_IP6" ] - then - echo "$ETH0_IP6 data-server" >> /etc/hosts - fi -#add the dhcp-client-update only if dnsmasq version is 2.6 and above - dnsmasqVersion=$(dnsmasq -v | grep version -m 1 | grep -o "[[:digit:]]\.[[:digit:]]") - major=$(echo "$dnsmasqVersion" | cut -d '.' -f 1) - minor=$(echo "$dnsmasqVersion" | cut -d '.' -f 2) - if [ "$major" -eq '2' -a "$minor" -ge '6' ] || [ "$major" -gt '2' ] - then - sed -i -e "/^dhcp-client-update/d" /etc/dnsmasq.conf - echo 'dhcp-client-update' >> /etc/dnsmasq.conf - fi - - command -v dhcp_release > /dev/null 2>&1 - no_dhcp_release=$? - if [ $no_dhcp_release -eq 0 -a -z "$ETH0_IP6" ] - then - echo 1 > /var/cache/cloud/dnsmasq_managed_lease - sed -i -e "/^leasefile-ro/d" /etc/dnsmasq.conf - else - echo 0 > /var/cache/cloud/dnsmasq_managed_lease - fi -} - -setup_sshd(){ - local ip=$1 - local eth=$2 - [ -f /etc/ssh/sshd_config ] && sed -i -e "s/^[#]*ListenAddress.*$/ListenAddress $ip/" /etc/ssh/sshd_config - sed -i "/3922/s/eth./$eth/" /etc/iptables/rules.v4 - sed -i "/3922/s/eth./$eth/" /etc/iptables/rules - systemctl restart sshd -} - - -setup_vpc_apache2() { - log_it "Setting up apache web server for VPC" - systemctl disable apache2 - clean_ipalias_config - setup_apache2_common -} - - -clean_ipalias_config() { - # Old - rm -f /etc/apache2/conf.d/ports.*.meta-data.conf - rm -f /etc/apache2/sites-available/ipAlias* - rm -f /etc/apache2/sites-enabled/ipAlias* - rm -f /etc/apache2/conf.d/vhost*.conf - rm -f /etc/apache2/ports.conf - rm -f /etc/apache2/vhostexample.conf - rm -f /etc/apache2/sites-available/default - rm -f /etc/apache2/sites-available/default-ssl - rm -f /etc/apache2/sites-enabled/default - rm -f /etc/apache2/sites-enabled/default-ssl - - # New - rm -f /etc/apache2/sites-enabled/vhost-*.conf - rm -f /etc/apache2/sites-enabled/000-default - - rm -rf /etc/failure_config -} - -setup_apache2_common() { - sed -i 's/^Include ports.conf.*/# CS: Done by Python CsApp config\n#Include ports.conf/g' /etc/apache2/apache2.conf - [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerTokens .*/ServerTokens Prod/g" /etc/apache2/conf.d/security - [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerSignature .*/ServerSignature Off/g" /etc/apache2/conf.d/security - - # Disable listing of http://SSVM-IP/icons folder for security issue. see article http://www.i-lateral.com/tutorials/disabling-the-icons-folder-on-an-ubuntu-web-server/ - [ -f /etc/apache2/mods-available/alias.conf ] && sed -i s/"Options Indexes MultiViews"/"Options -Indexes MultiViews"/ /etc/apache2/mods-available/alias.conf - - echo "Options -Indexes" > /var/www/html/.htaccess -} - -setup_apache2() { - log_it "Setting up apache web server" - clean_ipalias_config - setup_apache2_common - local ip=$1 - - # Deprecated, functionality moved to Cs Python code - # [ -f /etc/apache2/sites-available/default ] && sed -i -e "s///" /etc/apache2/sites-available/default - # [ -f /etc/apache2/sites-available/default-ssl ] && sed -i -e "s///" /etc/apache2/sites-available/default-ssl - # [ -f /etc/apache2/ports.conf ] && sed -i -e "s/Listen .*:80/Listen $ip:80/g" /etc/apache2/ports.conf - # [ -f /etc/apache2/ports.conf ] && sed -i -e "s/Listen .*:443/Listen $ip:443/g" /etc/apache2/ports.conf - # [ -f /etc/apache2/ports.conf ] && sed -i -e "s/NameVirtualHost .*:80/NameVirtualHost $ip:80/g" /etc/apache2/ports.conf -} - -setup_aesni() { - if [ `grep aes /proc/cpuinfo | wc -l` -gt 0 ] - then - modprobe aesni_intel - fi -} - -load_modules() { - - #load nf modules for ftp - modprobe nf_nat_ftp - modprobe nf_conntrack_ftp -} - -setup_router() { - log_it "Setting up virtual router system vm" - - #To save router public interface and gw ip information - touch /var/cache/cloud/ifaceGwIp - - oldmd5= - [ -f "/etc/udev/rules.d/70-persistent-net.rules" ] && oldmd5=$(md5sum "/etc/udev/rules.d/70-persistent-net.rules" | awk '{print $1}') - - if [ -n "$ETH2_IP" ] - then - setup_common eth0 eth1 eth2 - - if [ -n "$EXTRA_PUBNICS" ] - then - for((i = 3; i < 3 + $EXTRA_PUBNICS; i++)) - do - setup_interface "$i" "0.0.0.0" "255.255.255.255" $GW "force" - done - fi - else - setup_common eth0 eth1 - if [ -n "$EXTRA_PUBNICS" ] - then - for((i = 2; i < 2 + $EXTRA_PUBNICS; i++)) - do - setup_interface "$i" "0.0.0.0" "255.255.255.255" $GW "force" - done - fi - fi - - # Moved to Cs Python code - #if [ -n "$ETH2_IP" -a "$RROUTER" == "1" ] - #then - #setup_redundant_router - #fi - - log_it "Checking udev NIC assignment order changes" - if [ "$NIC_MACS" != "" ] - then - init_interfaces_orderby_macs "$NIC_MACS" "/tmp/interfaces" "/tmp/udev-rules" - newmd5=$(md5sum "/tmp/udev-rules" | awk '{print $1}') - rm /tmp/interfaces - rm /tmp/udev-rules - - if [ "$oldmd5" != "$newmd5" ] - then - log_it "udev NIC assignment requires reboot to take effect" - sync - sleep 2 - reboot - fi - fi - - setup_aesni - setup_dnsmasq - setup_apache2 $ETH0_IP - - sed -i /gateway/d /etc/hosts - echo "$ETH0_IP $NAME" >> /etc/hosts - - - systemctl enable dnsmasq haproxy cloud-passwd-srvr - systemctl restart dnsmasq haproxy cloud-passwd-srvr - enable_irqbalance 1 - disable_rpfilter_domR - enable_fwding 1 - enable_rpsrfs 1 - systemctl disable nfs-common - cp /etc/iptables/iptables-router /etc/iptables/rules.v4 -#for old templates - cp /etc/iptables/iptables-router /etc/iptables/rules - setup_sshd $ETH1_IP "eth1" - load_modules - - #Only allow DNS service for current network - sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4 - sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules - sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4 - sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules - - #setup hourly logrotate - mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1 - -} - - - -setup_vpcrouter() { - log_it "Setting up VPC virtual router system vm" - - if [ -f /etc/hosts ]; then - grep -q $NAME /etc/hosts || echo "127.0.0.1 $NAME" >> /etc/hosts; - fi - - cat > /etc/network/interfaces << EOF -auto lo eth0 -iface lo inet loopback -EOF - setup_interface "0" $ETH0_IP $ETH0_MASK $GW - - echo $NAME > /etc/hostname - echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon - hostname $NAME - - #Nameserver - sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries - sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries - if [ -n "$internalNS1" ] - then - echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf - echo "nameserver $internalNS1" > /etc/resolv.conf - fi - - if [ -n "$internalNS2" ] - then - echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf - echo "nameserver $internalNS2" >> /etc/resolv.conf - fi - if [ -n "$NS1" ] - then - echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf - echo "nameserver $NS1" >> /etc/resolv.conf - fi - - if [ -n "$NS2" ] - then - echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf - echo "nameserver $NS2" >> /etc/resolv.conf - fi - if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ] - then - if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ]; - then - ip route add $MGMTNET via $LOCAL_GW dev eth0 - - # a hacking way to activate vSwitch under VMware - ping -n -c 3 $LOCAL_GW & - sleep 3 - pkill ping - fi - fi - - ip route delete default - # create route table for static route - - sudo echo "252 static_route" >> /etc/iproute2/rt_tables 2>/dev/null - sudo echo "251 static_route_back" >> /etc/iproute2/rt_tables 2>/dev/null - sudo ip rule add from $VPCCIDR table static_route 2>/dev/null - sudo ip rule add from $VPCCIDR table static_route_back 2>/dev/null - - setup_vpc_apache2 - - systemctl enable dnsmasq haproxy cloud-passwd-srvr - enable_irqbalance 1 - enable_vpc_rpsrfs 1 - disable_rpfilter - enable_fwding 1 - cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules.v4 - cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules - setup_sshd $ETH0_IP "eth0" - cp /etc/vpcdnsmasq.conf /etc/dnsmasq.conf - cp /etc/cloud-nic.rules /etc/udev/rules.d/cloud-nic.rules - echo "" > /etc/dnsmasq.d/dhcphosts.txt - echo "dhcp-hostsfile=/etc/dhcphosts.txt" > /etc/dnsmasq.d/cloud.conf - - [ -z $DOMAIN ] && DOMAIN="cloudnine.internal" - #DNS server will append $DOMAIN to local queries - sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf - #answer all local domain queries - sed -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf - - command -v dhcp_release > /dev/null 2>&1 - no_dhcp_release=$? - if [ $no_dhcp_release -eq 0 ] - then - echo 1 > /var/cache/cloud/dnsmasq_managed_lease - sed -i -e "/^leasefile-ro/d" /etc/dnsmasq.conf - else - echo 0 > /var/cache/cloud/dnsmasq_managed_lease - fi - load_modules - - systemctl restart dnsmasq haproxy cloud-passwd-srvr - - #setup hourly logrotate - mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1 - -} - - - -setup_dhcpsrvr() { - log_it "Setting up dhcp server system vm" - setup_common eth0 eth1 - setup_dnsmasq - setup_apache2 $ETH0_IP - - sed -i /gateway/d /etc/hosts - [ $ETH0_IP ] && echo "$ETH0_IP $NAME" >> /etc/hosts - [ $ETH0_IP6 ] && echo "$ETH0_IP6 $NAME" >> /etc/hosts - - systemctl enable dnsmasq cloud-passwd-srvr - systemctl restart dnsmasq cloud-passwd-srvr - enable_irqbalance 0 - enable_fwding 0 - systemctl disable nfs-common - - cp /etc/iptables/iptables-router /etc/iptables/rules.v4 - cp /etc/iptables/iptables-router /etc/iptables/rules - - #Only allow DNS service for current network - sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4 - sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules - sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4 - sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules - - if [ "$SSHONGUEST" == "true" ] - then - setup_sshd $ETH0_IP "eth0" - else - setup_sshd $ETH1_IP "eth1" - fi -} - -setup_storage_network() { - if [ x"$STORAGE_IP" == "x" -o x"$STORAGE_NETMASK" == "x" ] - then - log_it "Incompleted parameters STORAGE_IP:$STORAGE_IP, STORAGE_NETMASK:$STORAGE_NETMASK, STORAGE_CIDR:$STORAGE_CIDR. Cannot setup storage network" - return - fi - - echo "" >> /etc/network/interfaces - echo "auto eth3" >> /etc/network/interfaces - - setup_interface "3" "$STORAGE_IP" "$STORAGE_NETMASK" - [ -n "$MTU" ] && ifconfig eth3 mtu $MTU && echo " mtu $MTU" >> /etc/network/interfaces - #ip route add "$STORAGE_CIDR" via "$STORAGE_IP" - log_it "Successfully setup storage network with STORAGE_IP:$STORAGE_IP, STORAGE_NETMASK:$STORAGE_NETMASK, STORAGE_CIDR:$STORAGE_CIDR" -} - -setup_system_rfc1918_internal() { - public_ip=`getPublicIp` - echo "$public_ip" | grep -E "^((127\.)|(10\.)|(172\.1[6-9]\.)|(172\.2[0-9]\.)|(172\.3[0-1]\.)|(192\.168\.))" - if [ "$?" == "0" ]; then - log_it "Not setting up route of RFC1918 space to $LOCAL_GW befause $public_ip is RFC1918." - else - log_it "Setting up route of RFC1918 space to $LOCAL_GW" - # Setup general route for RFC 1918 space, as otherwise it will be sent to - # the public gateway and not work - # More specific routes that may be set have preference over this generic route. - ip route add 10.0.0.0/8 via $LOCAL_GW - ip route add 172.16.0.0/12 via $LOCAL_GW - ip route add 192.168.0.0/16 via $LOCAL_GW - fi -} - -getPublicIp() { - public_ip=$ETH2_IP - [ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH1_IP - echo $public_ip -} - -setup_ntp() { - log_it "Setting up NTP" - NTP_CONF_FILE="/etc/ntp.conf" - if [ -f $NTP_CONF_FILE ] - then - IFS=',' read -a server_list <<< "$NTP_SERVER_LIST" - for (( iterator=${#server_list[@]}-1 ; iterator>=0 ; iterator-- )) - do - server=$(echo ${server_list[iterator]} | tr -d '\r') - PATTERN="server $server" - if grep -q "^$PATTERN$" $NTP_CONF_FILE ; then - sed -i "/^$PATTERN$/d" $NTP_CONF_FILE - fi - sed -i "0,/^server/s//$PATTERN\nserver/" $NTP_CONF_FILE - done - systemctl restart ntp - else - log_it "NTP configuration file not found" - fi -} - -setup_secstorage() { - log_it "Setting up secondary storage system vm" - sysctl vm.min_free_kbytes=8192 - local hyp=$1 - setup_common eth0 eth1 eth2 - setup_storage_network - setup_system_rfc1918_internal - sed -i /gateway/d /etc/hosts - public_ip=`getPublicIp` - echo "$public_ip $NAME" >> /etc/hosts - - cp /etc/iptables/iptables-secstorage /etc/iptables/rules.v4 - cp /etc/iptables/iptables-secstorage /etc/iptables/rules - if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ]; then - setup_sshd $ETH1_IP "eth1" - else - setup_sshd $ETH0_IP "eth0" - fi - setup_apache2 $ETH2_IP - - # Deprecated, should move to Cs Python all of it - sed -e "s///" \ - -e "s///" \ - -e "s/Listen .*:80/Listen $ETH2_IP:80/g" \ - -e "s/Listen .*:443/Listen $ETH2_IP:443/g" \ - -e "s/NameVirtualHost .*:80/NameVirtualHost $ETH2_IP:80/g" /etc/apache2/vhost.template > /etc/apache2/sites-enabled/vhost-${ETH2_IP}.conf - - log_it "setting up apache2 for post upload of volume/template" - a2enmod proxy - a2enmod proxy_http - a2enmod headers - - cat >/etc/apache2/cors.conf <> /etc/hosts - cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules.v4 - cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules - if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ]; then - setup_sshd $ETH1_IP "eth1" - else - setup_sshd $ETH0_IP "eth0" + [ -f $privkey ] && cp -f $privkey /root/.ssh/ && chmod go-rwx /root/.ssh/authorized_keys + umount $PATCH_MOUNT fi - systemctl enable cloud - disable_rpfilter - enable_fwding 0 - enable_irqbalance 0 - systemctl disable nfs-common - rm /etc/logrotate.d/cloud -} - -setup_elbvm() { - log_it "Setting up Elastic Load Balancer system vm" - local hyp=$1 - setup_common eth0 eth1 - sed -i /gateway/d /etc/hosts - public_ip=$ETH2_IP - [ "$ETH2_IP" == "0.0.0.0" ] || [ "$ETH2_IP" == "" ] && public_ip=$ETH0_IP - echo "$public_ip $NAME" >> /etc/hosts - - cp /etc/iptables/iptables-elbvm /etc/iptables/rules.v4 - cp /etc/iptables/iptables-elbvm /etc/iptables/rules - if [ "$SSHONGUEST" == "true" ] - then - setup_sshd $ETH0_IP "eth0" - else - setup_sshd $ETH1_IP "eth1" + if [ -f /mnt/cmdline ]; then + cat /mnt/cmdline > $CMDLINE fi - - enable_fwding 0 - enable_irqbalance 0 - systemctl disable nfs-common - systemctl disable portmap -} - -setup_ilbvm() { - log_it "Setting up Internal Load Balancer system vm" - local hyp=$1 - setup_common eth0 eth1 - #eth0 = guest network, eth1=control network - - sed -i /$NAME/d /etc/hosts - echo "$ETH0_IP $NAME" >> /etc/hosts - cp /etc/iptables/iptables-ilbvm /etc/iptables/rules.v4 - cp /etc/iptables/iptables-ilbvm /etc/iptables/rules - setup_sshd $ETH1_IP "eth1" - - enable_fwding 0 - systemctl enable haproxy - enable_irqbalance 1 - systemctl disable nfs-common - systemctl disable portmap -} - -setup_default() { - cat > /etc/network/interfaces << EOF -auto lo -iface lo inet loopback -EOF - cp -f /etc/iptables/rt_tables_init /etc/iproute2/rt_tables -} - -change_password() { - if [ x"$VM_PASSWORD" != x"" ] - then - echo "root:$VM_PASSWORD" | chpasswd - fi + return 0 } start() { # Clear /tmp for file lock rm -f /tmp/*.lock rm -f /tmp/rrouter_bumped - local hyp=$(hypervisor) + rm -f /root/.rnd + echo "" > /root/.ssh/known_hosts + + export HYPERVISOR=$(hypervisor) [ $? -ne 0 ] && log_it "Failed to detect hypervisor type, bailing out of early init" && exit 10 - log_it "Detected that we are running inside $hyp guest" + log_it "Detected that we are running inside $HYPERVISOR" + + config_guest get_boot_params + get_systemvm_type patch - patch_log4j - parse_cmd_line - change_password - case $TYPE in - router) - [ "$NAME" == "" ] && NAME=router - setup_router - if [ -x /opt/cloud/bin/update_config.py ] - then - /opt/cloud/bin/update_config.py cmd_line.json - fi - ;; - vpcrouter) - [ "$NAME" == "" ] && NAME=vpcrouter - setup_vpcrouter - if [ -x /opt/cloud/bin/update_config.py ] - then - /opt/cloud/bin/update_config.py cmd_line.json - fi - ;; - dhcpsrvr) - [ "$NAME" == "" ] && NAME=dhcpsrvr - setup_dhcpsrvr - if [ -x /opt/cloud/bin/update_config.py ] - then - /opt/cloud/bin/update_config.py cmd_line.json - fi - ;; - secstorage) - [ "$NAME" == "" ] && NAME=secstorage - setup_secstorage $hyp; - ;; - consoleproxy) - [ "$NAME" == "" ] && NAME=consoleproxy - setup_console_proxy $hyp; - ;; - elbvm) - [ "$NAME" == "" ] && NAME=elb - setup_elbvm - ;; - ilbvm) - [ "$NAME" == "" ] && NAME=ilb - setup_ilbvm - ;; - unknown) - [ "$NAME" == "" ] && NAME=systemvm - setup_default; - ;; - esac - if [ "$hyp" == "hyperv" ]; then - # eject the systemvm.iso - eject - fi - return 0 -} + sync + sysctl -p -disable_hvc + log_it "Configuring systemvm type=$TYPE" -parse_cmd_line() { -CMDLINE=$(cat /var/cache/cloud/cmdline) -TYPE="unknown" -BOOTPROTO="static" -DISABLE_RP_FILTER="false" -STORAGE_IP="" -STORAGE_NETMASK="" -STORAGE_CIDR="" -VM_PASSWORD="" + if [ -f "/opt/cloud/bin/setup/$TYPE.sh" ]; then + /opt/cloud/bin/setup/$TYPE.sh + else + /opt/cloud/bin/setup/default.sh + fi -CHEF_TMP_FILE=/tmp/cmdline.json -COMMA="\t" -echo -e "{\n\"type\": \"cmdline\"," > ${CHEF_TMP_FILE} -echo -e "\n\"cmd_line\": {" >> ${CHEF_TMP_FILE} + log_it "Finished setting up systemvm" -for i in $CMDLINE - do - # search for foo=bar pattern and cut out foo - KEY=$(echo $i | cut -d= -f1) - VALUE=$(echo $i | cut -d= -f2) - echo -en ${COMMA} >> ${CHEF_TMP_FILE} - # Two lines so values do not accidently interpretted as escapes!! - echo -n \"${KEY}\"': '\"${VALUE}\" >> ${CHEF_TMP_FILE} - COMMA=",\n\t" - case $KEY in - disable_rp_filter) - DISABLE_RP_FILTER=$VALUE - ;; - eth0ip) - ETH0_IP=$VALUE - ;; - eth1ip) - ETH1_IP=$VALUE - ;; - eth2ip) - ETH2_IP=$VALUE - ;; - host) - MGMT_HOST=$VALUE - ;; - gateway) - GW=$VALUE - ;; - ip6gateway) - IP6GW=$VALUE - ;; - eth0mask) - ETH0_MASK=$VALUE - ;; - eth1mask) - ETH1_MASK=$VALUE - ;; - eth2mask) - ETH2_MASK=$VALUE - ;; - eth0ip6) - ETH0_IP6=$VALUE - ;; - eth0ip6prelen) - ETH0_IP6_PRELEN=$VALUE - ;; - internaldns1) - internalNS1=$VALUE - ;; - internaldns2) - internalNS2=$VALUE - ;; - dns1) - NS1=$VALUE - ;; - dns2) - NS2=$VALUE - ;; - ip6dns1) - IP6_NS1=$VALUE - ;; - ip6dns2) - IP6_NS2=$VALUE - ;; - domain) - DOMAIN=$VALUE - ;; - dnssearchorder) - DNS_SEARCH_ORDER=$VALUE - ;; - useextdns) - USE_EXTERNAL_DNS=$VALUE - ;; - mgmtcidr) - MGMTNET=$VALUE - ;; - localgw) - LOCAL_GW=$VALUE - ;; - template) - TEMPLATE=$VALUE - ;; - sshonguest) - SSHONGUEST=$VALUE - ;; - name) - NAME=$VALUE - ;; - dhcprange) - DHCP_RANGE=$(echo $VALUE | tr ':' ',') - ;; - bootproto) - BOOTPROTO=$VALUE - ;; - type) - TYPE=$VALUE - ;; - defaultroute) - DEFAULTROUTE=$VALUE - ;; - redundant_router) - RROUTER=$VALUE - ;; - guestgw) - GUEST_GW=$VALUE - ;; - guestbrd) - GUEST_BRD=$VALUE - ;; - guestcidrsize) - GUEST_CIDR_SIZE=$VALUE - ;; - router_pr) - ROUTER_PR=$VALUE - ;; - extra_pubnics) - EXTRA_PUBNICS=$VALUE - ;; - nic_macs) - NIC_MACS=$VALUE - ;; - mtu) - MTU=$VALUE - ;; - storageip) - STORAGE_IP=$VALUE - ;; - storagenetmask) - STORAGE_NETMASK=$VALUE - ;; - storagecidr) - STORAGE_CIDR=$VALUE - ;; - vmpassword) - VM_PASSWORD=$VALUE - ;; - vpccidr) - VPCCIDR=$VALUE - ;; - cidrsize) - CIDR_SIZE=$VALUE - ;; - advert_int) - ADVERT_INT=$VALUE - ;; - ntpserverlist) - NTP_SERVER_LIST=$VALUE - ;; - esac -done -echo -e "\n\t}\n}" >> ${CHEF_TMP_FILE} -if [ "$TYPE" != "unknown" ] -then - mv ${CHEF_TMP_FILE} /var/cache/cloud/cmd_line.json -fi - -[ $ETH0_IP ] && LOCAL_ADDRS=$ETH0_IP -[ $ETH0_IP6 ] && LOCAL_ADDRS=$ETH0_IP6 -[ $ETH0_IP ] && [ $ETH0_IP6 ] && LOCAL_ADDRS="$ETH0_IP,$ETH0_IP6" + return 0 } case "$1" in -start) - - log_action_begin_msg "Executing cloud-early-config" - log_it "Executing cloud-early-config" - if start; then - log_action_end_msg $? - else - log_action_end_msg $? - fi - ;; - -stop) - log_action_begin_msg "Stopping cloud-early-config" - #Override old system's interface setting - setup_default; - log_action_end_msg 0 - ;; - -force-reload|restart) - - log_warning_msg "Running $0 is deprecated because it may not enable again some interfaces" - log_action_begin_msg "Executing cloud-early-config" - if start; then - log_action_end_msg $? - else - log_action_end_msg $? - fi - ;; + start) + log_action_begin_msg "Executing cloud-early-config" + log_it "Executing cloud-early-config" + if start; then + log_action_end_msg $? + else + log_action_end_msg $? + fi + ;; + + stop) + log_action_begin_msg "Stopping cloud-early-config" + #Override old system's interface setting + setup_default; + log_action_end_msg 0 + ;; + + force-reload|restart) + log_warning_msg "Running $0 is deprecated because it may not enable again some interfaces" + log_action_begin_msg "Executing cloud-early-config" + if start; then + log_action_end_msg $? + else + log_action_end_msg $? + fi + ;; -*) - echo "Usage: /etc/init.d/cloud-early-config {start|stop}" - exit 1 - ;; + *) + echo "Usage: /etc/init.d/cloud-early-config {start|stop}" + exit 1 + ;; esac exit 0 diff --git a/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr b/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr index c089e72ebc82..05e2f37a336f 100755 --- a/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr +++ b/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr @@ -24,9 +24,6 @@ # specific language governing permissions and limitations # under the License. -ENABLED=0 -[ -e /etc/default/cloud-passwd-srvr ] && . /etc/default/cloud-passwd-srvr - add_iptables_rules() { #Delete any old iptables rule for port 8080 on eth0 @@ -72,7 +69,6 @@ remove_iptables_rules() } start() { - [ "$ENABLED" != 0 ] || exit 0 pid=$(getpid) [ "$pid" != "" ] && echo "Password server is already running (pid=$pid)" && return 0 add_iptables_rules diff --git a/systemvm/patches/debian/config/etc/init.d/postinit b/systemvm/patches/debian/config/etc/init.d/postinit deleted file mode 100755 index ddbcb083f5e2..000000000000 --- a/systemvm/patches/debian/config/etc/init.d/postinit +++ /dev/null @@ -1,176 +0,0 @@ -#!/bin/bash -e -### BEGIN INIT INFO -# Provides: postinit -# Required-Start: $local_fs cloud-early-config -# Required-Stop: $local_fs -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: post-init -### END INIT INFO - -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -replace_in_file() { - local filename=$1 - local keyname=$2 - local value=$3 - sed -i /$keyname=/d $filename - echo "$keyname=$value" >> $filename - return $? -} - -setup_secstorage() { - public_ip=$ETH2_IP - sed -i /$NAME/d /etc/hosts - echo "$public_ip $NAME" >> /etc/hosts - [ -f /etc/httpd/conf/httpd.conf ] && sed -i -e "s/^Listen.*:80$/Listen $public_ip:80/" /etc/httpd/conf/httpd.conf - [ -f /etc/httpd/conf/httpd.conf ] && sed -i -e "s/^Listen.*:443$/Listen $public_ip:443/" /etc/httpd/conf/httpd.conf -} - -setup_console_proxy() { - public_ip=$ETH2_IP - sed -i /$NAME/d /etc/hosts - echo "$public_ip $NAME" >> /etc/hosts -} - -setup_redundant_router() { - if [ "$RROUTER" != "1" ] - then - return 1 - fi - rrouter_bin_path="/ramdisk/rrouter" - eth2mac=`ip link show eth2 | awk '/ether/ {print $2}'` - sed -i "s/\[ETH2MAC\]/$eth2mac/g" $rrouter_bin_path/enable_pubip.sh -} - -start() { - case $TYPE in - secstorage) - [ "$NAME" == "" ] && NAME=secstorage - setup_secstorage; - ;; - consoleproxy) - [ "$NAME" == "" ] && NAME=consoleproxy - setup_console_proxy; - ;; - router) - [ "$NAME" == "" ] && NAME=router - setup_redundant_router; - ;; - - esac -} - -stop() { - echo "" -} - -status() { - echo "" -} - -CMDLINE=$(cat /var/cache/cloud/cmdline) -TYPE="router" -BOOTPROTO="static" - -for i in $CMDLINE - do - # search for foo=bar pattern and cut out foo - KEY=$(echo $i | cut -d= -f1) - VALUE=$(echo $i | cut -d= -f2) - case $KEY in - eth0ip) - ETH0_IP=$VALUE - ;; - eth1ip) - ETH1_IP=$VALUE - ;; - eth2ip) - ETH2_IP=$VALUE - ;; - gateway) - GW=$VALUE - ;; - eth0mask) - ETH0_MASK=$VALUE - ;; - eth1mask) - ETH1_MASK=$VALUE - ;; - eth2mask) - ETH2_MASK=$VALUE - ;; - dns1) - NS1=$VALUE - ;; - dns2) - NS2=$VALUE - ;; - domain) - DOMAIN=$VALUE - ;; - mgmtcidr) - MGMTNET=$VALUE - ;; - localgw) - LOCAL_GW=$VALUE - ;; - template) - TEMPLATE=$VALUE - ;; - name) - NAME=$VALUE - ;; - dhcprange) - DHCP_RANGE=$(echo $VALUE | tr ':' ',') - ;; - bootproto) - BOOTPROTO=$VALUE - ;; - type) - TYPE=$VALUE - ;; - redundant_router) - RROUTER=$VALUE - ;; - esac -done - -if [ "$BOOTPROTO" == "static" -a "$RROUTER" != "1" ] -then - exit 0 -fi - -ETH1_IP=$(ifconfig eth1|grep 'inet addr:'|cut -d : -f 2|cut -d \ -f 1) -ETH2_IP=$(ifconfig eth2|grep 'inet addr:'|cut -d : -f 2|cut -d \ -f 1) - - -case "$1" in - start) start - ;; - stop) stop - ;; - status) status - ;; - restart) stop - start - ;; - *) echo "Usage: $0 {start|stop|status|restart}" - exit 1 - ;; -esac diff --git a/systemvm/patches/debian/config/etc/rc.local b/systemvm/patches/debian/config/etc/rc.local index c0b19395ae74..bb4e251d4378 100755 --- a/systemvm/patches/debian/config/etc/rc.local +++ b/systemvm/patches/debian/config/etc/rc.local @@ -18,47 +18,61 @@ #under the License. [ ! -f /var/cache/cloud/enabled_svcs ] && touch /var/cache/cloud/enabled_svcs -for svc in $(cat /var/cache/cloud/enabled_svcs) +for svc in $(cat /var/cache/cloud/enabled_svcs) do logger -t cloud "Starting $svc" - service $svc start + systemctl enable --now $svc done [ ! -f /var/cache/cloud/disabled_svcs ] && touch /var/cache/cloud/disabled_svcs -for svc in $(cat /var/cache/cloud/disabled_svcs) +for svc in $(cat /var/cache/cloud/disabled_svcs) do logger -t cloud "Stopping $svc" - service $svc stop + systemctl disable --now $svc done -CMDLINE=$(cat /var/cache/cloud/cmdline) -router=$(echo "$CMDLINE" | grep -o type=router) -vpcrouter=$(echo "$CMDLINE" | grep -o type=vpcrouter) -if [ "$router" != "" ] || [ "$vpcrouter" != "" ] +#Restore the persistent iptables nat, rules and filters for IPv4 and IPv6 if they exist +ipv4="/etc/iptables/router_rules.v4" +if [ -e $ipv4 ] then - echo 1000000 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max - echo 1000000 > /proc/sys/net/netfilter/nf_conntrack_max - echo 1000000 > /proc/sys/net/nf_conntrack_max + iptables-restore < $ipv4 fi -if [ "$router" != "" ] +ipv6="/etc/iptables/router_rules.v6" +if [ -e $ipv6 ] then - python /opt/cloud/bin/baremetal-vr.py & + iptables-restore < $ipv6 fi date > /var/cache/cloud/boot_up_done logger -t cloud "Boot up process done" -#Restore the persistent iptables nat, rules and filters for IPv4 and IPv6 if they exist -ipv4="/etc/iptables/router_rules.v4" -if [ -e $ipv4 ] +CMDLINE=/var/cache/cloud/cmdline +for str in $(cat $CMDLINE) + do + KEY=$(echo $str | cut -d= -f1) + VALUE=$(echo $str | cut -d= -f2) + case $KEY in + type) + export TYPE=$VALUE + ;; + *) + ;; + esac +done + +if [ "$TYPE" == "router" ] then - iptables-restore < $ipv4 + python /opt/cloud/bin/baremetal-vr.py & + logger -t cloud "Started baremetal-vr service" fi -ipv6="/etc/iptables/router_rules.v6" -if [ -e $ipv6 ] +if [ "$TYPE" == "router" ] || [ "$TYPE" == "vpcrouter" ] || [ "$TYPE" == "dhcpsrvr" ] then - iptables-restore < $ipv6 -fi \ No newline at end of file + if [ -x /opt/cloud/bin/update_config.py ] + then + /opt/cloud/bin/update_config.py cmd_line.json + logger -t cloud "Updated config: cmd_line.json" + fi +fi diff --git a/systemvm/patches/debian/config/etc/sysctl.conf b/systemvm/patches/debian/config/etc/sysctl.conf index b8a8fe01bd96..91baa5d31ed3 100644 --- a/systemvm/patches/debian/config/etc/sysctl.conf +++ b/systemvm/patches/debian/config/etc/sysctl.conf @@ -48,7 +48,6 @@ net.ipv4.tcp_syncookies = 1 # disable tcp time stamps net.ipv4.tcp_timestamps = 0 -net.ipv4.netfilter.ip_conntrack_max = 1000000 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_max_tw_buckets = 1000000 net.core.somaxconn = 65535 diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py index 7468cf56b947..afbf2dd11743 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py @@ -678,13 +678,13 @@ def process(self): self.remoteaccessvpn_iptables(public_ip, self.dbag[public_ip]) CsHelper.execute("ipsec update") - CsHelper.execute("service xl2tpd start") + CsHelper.execute("systemctl start xl2tpd") CsHelper.execute("ipsec rereadsecrets") else: logging.debug("Disabling remote access vpn .....") #disable remote access vpn CsHelper.execute("ipsec down L2TP-PSK") - CsHelper.execute("service xl2tpd stop") + CsHelper.execute("systemctl stop xl2tpd") def configure_l2tpIpsec(self, left, obj): diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py index 9762e04875a8..496a0e7876a8 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py @@ -49,7 +49,6 @@ def setup(self): file.search("", "\t" % (self.ip)) file.search("Listen .*:80", "Listen %s:80" % (self.ip)) file.search("Listen .*:443", "Listen %s:443" % (self.ip)) - file.search("NameVirtualHost .*:80", "NameVirtualHost %s:80" % (self.ip)) file.search("ServerName.*", "\tServerName %s.%s" % (self.config.cl.get_type(), self.config.get_domain())) if file.is_changed(): file.commit() diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py index 4bd94df3bea3..3c267a0aca1b 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py @@ -70,8 +70,8 @@ def configure_server(self): continue device = i['dev'] ip = i['ip'].split('/')[0] - sline = "dhcp-range=interface:%s,set:interface-%s-%s" % (device, device, idx) - line = "dhcp-range=interface:%s,set:interface-%s-%s,%s,static" % (device, device, idx, ip) + sline = "dhcp-range=set:interface-%s-%s" % (device, idx) + line = "dhcp-range=set:interface-%s-%s,%s,static" % (device, idx, ip) self.conf.search(sline, line) gn = CsGuestNetwork(device, self.config) sline = "dhcp-option=tag:interface-%s-%s,15" % (device, idx) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py index d0e512ef0b67..7ff32ee6ad42 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py @@ -212,14 +212,14 @@ def execute2(command): def service(name, op): - execute("service %s %s" % (name, op)) + execute("systemctl %s %s" % (op, name)) logging.info("Service %s %s" % (name, op)) def start_if_stopped(name): - ret = execute2("service %s status" % name) + ret = execute2("systemctl is-active %s" % name) if ret.returncode: - execute2("service %s start" % name) + execute2("systemctl start %s" % name) def hup_dnsmasq(name, user): diff --git a/systemvm/patches/debian/config/opt/cloud/bin/dnsmasq.sh b/systemvm/patches/debian/config/opt/cloud/bin/dnsmasq.sh index 8fae25c5b5e7..11c0ffe351b6 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/dnsmasq.sh +++ b/systemvm/patches/debian/config/opt/cloud/bin/dnsmasq.sh @@ -111,7 +111,7 @@ echo -e "$dns_option" >> "$DHCP_CONFIG" #restart the dnsmasq -service dnsmasq restart +systemctl restart dnsmasq result=$? if [ "$result" -ne "0" ] then @@ -122,7 +122,7 @@ then cp "$DHCP_CONFIG_MAIN" "$DHCP_FAILURE_CONFIG_MAIN" cp "$DHCP_CONFIG_BAK" "$DHCP_CONFIG" cp "$DHCP_CONFIG_MAIN_BAK" "$DHCP_CONFIG_MAIN" - service dnsmasq restart + systemctl restart dnsmasq unlock_exit $result $lock $locked fi rm "$DHCP_CONFIG_BAK" diff --git a/systemvm/patches/debian/config/opt/cloud/bin/edithosts.sh b/systemvm/patches/debian/config/opt/cloud/bin/edithosts.sh index f0d9c00ddf46..ab3f539848da 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/edithosts.sh +++ b/systemvm/patches/debian/config/opt/cloud/bin/edithosts.sh @@ -215,7 +215,7 @@ then then kill -HUP $pid else - service dnsmasq restart + systemctl restart dnsmasq fi else if [ $no_redundant -eq 1 ] diff --git a/systemvm/patches/debian/config/opt/cloud/bin/ipsectunnel.sh b/systemvm/patches/debian/config/opt/cloud/bin/ipsectunnel.sh index e0af6a2d20f1..20caec5e79cf 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/ipsectunnel.sh +++ b/systemvm/patches/debian/config/opt/cloud/bin/ipsectunnel.sh @@ -29,15 +29,15 @@ usage() { #set -x start_ipsec() { - service ipsec status > /dev/null + systemctl is-active ipsec > /dev/null if [ $? -ne 0 ] then - service ipsec start > /dev/null + systemctl start ipsec > /dev/null #Wait until ipsec started, 5 seconds at most for i in {1..5} do logger -t cloud "$(basename $0): waiting ipsec start..." - service ipsec status > /dev/null + systemctl is-active ipsec > /dev/null result=$? if [ $result -eq 0 ] then @@ -46,7 +46,7 @@ start_ipsec() { sleep 1 done fi - service ipsec status > /dev/null + systemctl is-active ipsec > /dev/null return $? } @@ -139,36 +139,36 @@ ipsec_tunnel_add() { check_and_enable_iptables - sudo echo "conn vpn-$rightpeer" > $vpnconffile && - sudo echo " left=$leftpeer" >> $vpnconffile && - sudo echo " leftsubnet=$leftnet" >> $vpnconffile && - sudo echo " leftnexthop=$leftnexthop" >> $vpnconffile && - sudo echo " right=$rightpeer" >> $vpnconffile && - sudo echo " rightsubnets={$rightnets}" >> $vpnconffile && - sudo echo " type=tunnel" >> $vpnconffile && - sudo echo " authby=secret" >> $vpnconffile && - sudo echo " keyexchange=ike" >> $vpnconffile && - sudo echo " ike=$ikepolicy" >> $vpnconffile && - sudo echo " ikelifetime=${ikelifetime}s" >> $vpnconffile && - sudo echo " esp=$esppolicy" >> $vpnconffile && - sudo echo " salifetime=${esplifetime}s" >> $vpnconffile && - sudo echo " pfs=$pfs" >> $vpnconffile && - sudo echo " keyingtries=2" >> $vpnconffile && - sudo echo " auto=start" >> $vpnconffile && - sudo echo "$leftpeer $rightpeer: PSK \"$secret\"" > $vpnsecretsfile && - sudo chmod 0400 $vpnsecretsfile + sudo echo "conn vpn-$rightpeer" > $vpnconffile && + sudo echo " left=$leftpeer" >> $vpnconffile && + sudo echo " leftsubnet=$leftnet" >> $vpnconffile && + sudo echo " leftnexthop=$leftnexthop" >> $vpnconffile && + sudo echo " right=$rightpeer" >> $vpnconffile && + sudo echo " rightsubnets={$rightnets}" >> $vpnconffile && + sudo echo " type=tunnel" >> $vpnconffile && + sudo echo " authby=secret" >> $vpnconffile && + sudo echo " keyexchange=ike" >> $vpnconffile && + sudo echo " ike=$ikepolicy" >> $vpnconffile && + sudo echo " ikelifetime=${ikelifetime}s" >> $vpnconffile && + sudo echo " esp=$esppolicy" >> $vpnconffile && + sudo echo " salifetime=${esplifetime}s" >> $vpnconffile && + sudo echo " pfs=$pfs" >> $vpnconffile && + sudo echo " keyingtries=2" >> $vpnconffile && + sudo echo " auto=start" >> $vpnconffile && + sudo echo "$leftpeer $rightpeer: PSK \"$secret\"" > $vpnsecretsfile && + sudo chmod 0400 $vpnsecretsfile - if [ $dpd -ne 0 ] - then - sudo echo " dpddelay=30" >> $vpnconffile && - sudo echo " dpdtimeout=120" >> $vpnconffile && - sudo echo " dpdaction=restart" >> $vpnconffile - fi + if [ $dpd -ne 0 ] + then + sudo echo " dpddelay=30" >> $vpnconffile && + sudo echo " dpdtimeout=120" >> $vpnconffile && + sudo echo " dpdaction=restart" >> $vpnconffile + fi - enable_iptables_subnets + enable_iptables_subnets - sudo ipsec auto --rereadall - sudo ipsec auto --add vpn-$rightpeer + sudo ipsec auto --rereadall + sudo ipsec auto --add vpn-$rightpeer logger -t cloud "$(basename $0): done ipsec tunnel entry for right peer=$rightpeer right networks=$rightnets" diff --git a/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip b/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip index 5e15a19ad82f..ce21b53832be 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip +++ b/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip @@ -16,9 +16,8 @@ # specific language governing permissions and limitations # under the License. -. /etc/default/cloud-passwd-srvr addr=$1; -while [ "$ENABLED" == "1" ] +while true do python /opt/cloud/bin/passwd_server_ip.py $addr >/dev/null 2>/dev/null rc=$? @@ -27,5 +26,4 @@ do logger -t cloud "Password server failed with error code $rc. Restarting it..." sleep 3 fi - . /etc/default/cloud-passwd-srvr done diff --git a/systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh b/systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh deleted file mode 100755 index 81a1b149b3f1..000000000000 --- a/systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh +++ /dev/null @@ -1,262 +0,0 @@ -#/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -#set -x -logfile="/var/log/patchsystemvm.log" -# To use existing console proxy .zip-based package file -patch_console_proxy() { - local patchfile=$1 - local backupfolder="/tmp/.conf.backup" - if [ -f /usr/local/cloud/systemvm/conf/cloud.jks ]; then - rm -fr $backupfolder - mkdir -p $backupfolder - cp -r /usr/local/cloud/systemvm/conf/* $backupfolder/ - fi - rm /usr/local/cloud/systemvm -rf - mkdir -p /usr/local/cloud/systemvm - echo "All" | unzip $patchfile -d /usr/local/cloud/systemvm >$logfile 2>&1 - find /usr/local/cloud/systemvm/ -name \*.sh | xargs chmod 555 - if [ -f $backupfolder/cloud.jks ]; then - cp -r $backupfolder/* /usr/local/cloud/systemvm/conf/ - echo "Restored keystore file and certs using backup" >> $logfile - fi - rm -fr $backupfolder - return 0 -} - -consoleproxy_svcs() { - systemctl enable cloud - systemctl enable postinit - systemctl disable cloud-passwd-srvr - systemctl disable haproxy - systemctl disable dnsmasq - systemctl enable ssh - systemctl disable apache2 - systemctl disable nfs-common - systemctl disable portmap - systemctl disable keepalived - systemctl disable conntrackd - echo "cloud postinit ssh" > /var/cache/cloud/enabled_svcs - echo "cloud-passwd-srvr haproxy dnsmasq apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs - mkdir -p /var/log/cloud -} - -secstorage_svcs() { - systemctl enable cloud on - systemctl enable postinit on - systemctl disable cloud-passwd-srvr - systemctl disable haproxy - systemctl disable dnsmasq - systemctl enable portmap - systemctl enable nfs-common - systemctl enable ssh - systemctl disable apache2 - systemctl disable keepalived - systemctl disable conntrackd - echo "cloud postinit ssh nfs-common portmap" > /var/cache/cloud/enabled_svcs - echo "cloud-passwd-srvr haproxy dnsmasq" > /var/cache/cloud/disabled_svcs - mkdir -p /var/log/cloud -} - -routing_svcs() { - grep "redundant_router=1" /var/cache/cloud/cmdline > /dev/null - RROUTER=$? - systemctl disable cloud - systemctl disable haproxy - systemctl enable ssh - systemctl disable nfs-common - systemctl disable portmap - echo "ssh haproxy apache2" > /var/cache/cloud/enabled_svcs - echo "cloud nfs-common portmap" > /var/cache/cloud/disabled_svcs - if [ $RROUTER -eq 0 ] - then - systemctl disable dnsmasq - systemctl disable cloud-passwd-srvr - systemctl enable keepalived - systemctl enable conntrackd - systemctl enable postinit - echo "keepalived conntrackd postinit" >> /var/cache/cloud/enabled_svcs - echo "dnsmasq cloud-passwd-srvr" >> /var/cache/cloud/disabled_svcs - else - systemctl enable dnsmasq - systemctl enable cloud-passwd-srvr - systemctl disable keepalived - systemctl disable conntrackd - echo "dnsmasq cloud-passwd-srvr " >> /var/cache/cloud/enabled_svcs - echo "keepalived conntrackd " >> /var/cache/cloud/disabled_svcs - fi -} - -dhcpsrvr_svcs() { - systemctl disable cloud - systemctl enable cloud-passwd-srvr - systemctl disable haproxy - systemctl enable dnsmasq - systemctl enable ssh - systemctl disable nfs-common - systemctl disable portmap - systemctl disable keepalived - systemctl disable conntrackd - echo "ssh dnsmasq cloud-passwd-srvr apache2" > /var/cache/cloud/enabled_svcs - echo "cloud nfs-common haproxy portmap" > /var/cache/cloud/disabled_svcs -} - -elbvm_svcs() { - systemctl disable cloud - systemctl disable haproxy - systemctl enable ssh - systemctl disable nfs-common - systemctl disable portmap - systemctl disable keepalived - systemctl disable conntrackd - echo "ssh haproxy" > /var/cache/cloud/enabled_svcs - echo "cloud dnsmasq cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs -} - - -ilbvm_svcs() { - systemctl disable cloud - systemctl enable haproxy - systemctl enable ssh - systemctl disable nfs-common - systemctl disable portmap - systemctl disable keepalived - systemctl disable conntrackd - echo "ssh haproxy" > /var/cache/cloud/enabled_svcs - echo "cloud dnsmasq cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs -} - -enable_pcihotplug() { - sed -i -e "/acpiphp/d" /etc/modules - sed -i -e "/pci_hotplug/d" /etc/modules - echo acpiphp >> /etc/modules - echo pci_hotplug >> /etc/modules -} - -enable_serial_console() { - #sed -i -e "/^serial.*/d" /boot/grub/grub.conf - #sed -i -e "/^terminal.*/d" /boot/grub/grub.conf - #sed -i -e "/^default.*/a\serial --unit=0 --speed=115200 --parity=no --stop=1" /boot/grub/grub.conf - #sed -i -e "/^serial.*/a\terminal --timeout=0 serial console" /boot/grub/grub.conf - #sed -i -e "s/\(^kernel.* ro\) \(console.*\)/\1 console=tty0 console=ttyS0,115200n8/" /boot/grub/grub.conf - sed -i -e "/^s0:2345:respawn.*/d" /etc/inittab - sed -i -e "/6:23:respawn/a\s0:2345:respawn:/sbin/getty -L 115200 ttyS0 vt102" /etc/inittab -} - - -CMDLINE=$(cat /var/cache/cloud/cmdline) -TYPE="router" -PATCH_MOUNT=$1 -Hypervisor=$2 - -for i in $CMDLINE - do - # search for foo=bar pattern and cut out foo - KEY=$(echo $i | cut -d= -f1) - VALUE=$(echo $i | cut -d= -f2) - case $KEY in - type) - TYPE=$VALUE - ;; - *) - ;; - esac -done - -if [ "$TYPE" == "consoleproxy" ] || [ "$TYPE" == "secstorage" ] && [ -f ${PATCH_MOUNT}/systemvm.zip ] -then - patch_console_proxy ${PATCH_MOUNT}/systemvm.zip - if [ $? -gt 0 ] - then - printf "Failed to apply patch systemvm\n" >$logfile - exit 5 - fi -fi - - -#empty known hosts -echo "" > /root/.ssh/known_hosts - -if [ "$Hypervisor" == "kvm" ] -then - enable_pcihotplug - enable_serial_console -fi - -if [ "$TYPE" == "router" ] || [ "$TYPE" == "vpcrouter" ] -then - routing_svcs - if [ $? -gt 0 ] - then - printf "Failed to execute routing_svcs\n" >$logfile - exit 6 - fi -fi - -if [ "$TYPE" == "dhcpsrvr" ] -then - dhcpsrvr_svcs - if [ $? -gt 0 ] - then - printf "Failed to execute dhcpsrvr_svcs\n" >$logfile - exit 6 - fi -fi - - -if [ "$TYPE" == "consoleproxy" ] -then - consoleproxy_svcs - if [ $? -gt 0 ] - then - printf "Failed to execute consoleproxy_svcs\n" >$logfile - exit 7 - fi -fi - -if [ "$TYPE" == "secstorage" ] -then - secstorage_svcs - if [ $? -gt 0 ] - then - printf "Failed to execute secstorage_svcs\n" >$logfile - exit 8 - fi -fi - -if [ "$TYPE" == "elbvm" ] -then - elbvm_svcs - if [ $? -gt 0 ] - then - printf "Failed to execute elbvm svcs\n" >$logfile - exit 9 - fi -fi - -if [ "$TYPE" == "ilbvm" ] -then - ilbvm_svcs - if [ $? -gt 0 ] - then - printf "Failed to execute ilbvm svcs\n" >$logfile - exit 9 - fi -fi - -exit $? diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/common.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/common.sh new file mode 100755 index 000000000000..3b766efc3892 --- /dev/null +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/common.sh @@ -0,0 +1,862 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" + +. /lib/lsb/init-functions + +log_it() { + echo "$(date) $@" >> /var/log/cloud.log + log_action_msg "$@" +} + +init_interfaces_orderby_macs() { + macs=( $(echo $1 | sed "s/|/ /g") ) + total_nics=${#macs[@]} + interface_file=${2:-"/etc/network/interfaces"} + rule_file=${3:-"/etc/udev/rules.d/70-persistent-net.rules"} + + echo -n "auto lo" > $interface_file + for((i=0; i> $interface_file + fi + done + cat >> $interface_file << EOF + +iface lo inet loopback + +EOF + + echo "" > $rule_file + for((i=0; i < ${#macs[@]}; i++)) + do + echo "SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", ATTR{address}==\"${macs[$i]}\", NAME=\"eth$i\"" >> $rule_file + done +} + +init_interfaces() { + if [ "$NIC_MACS" == "" ] + then + cat > /etc/network/interfaces << EOF +auto lo $1 $2 $3 +iface lo inet loopback + +EOF + else + init_interfaces_orderby_macs "$NIC_MACS" + fi +} + +setup_interface() { + local intfnum=$1 + local ip=$2 + local mask=$3 + local gw=$4 + local force=$5 + local intf=eth${intfnum} + local bootproto="static" + + if [ "$BOOTPROTO" == "dhcp" ] + then + if [ "$intfnum" != "0" ] + then + bootproto="dhcp" + fi + fi + + if [ "$ip" != "0.0.0.0" -a "$ip" != "" -o "$force" == "force" ] + then + echo "iface $intf inet $bootproto" >> /etc/network/interfaces + if [ "$bootproto" == "static" ] + then + echo " address $ip " >> /etc/network/interfaces + echo " netmask $mask" >> /etc/network/interfaces + fi + fi + + if [ "$ip" == "0.0.0.0" -o "$ip" == "" ] + then + ifconfig $intf down + fi + + if [ "$force" == "force" ] + then + ifdown $intf + else + ifdown $intf + if [ "$RROUTER" != "1" -o "$1" != "2" ] + then + ifup $intf + fi + fi +} + +setup_interface_ipv6() { + sysctl net.ipv6.conf.all.disable_ipv6=0 + sysctl net.ipv6.conf.all.forwarding=1 + sysctl net.ipv6.conf.all.accept_ra=1 + + sed -i "s/net.ipv6.conf.all.disable_ipv6 =.*$/net.ipv6.conf.all.disable_ipv6 = 0/" /etc/sysctl.conf + sed -i "s/net.ipv6.conf.all.forwarding =.*$/net.ipv6.conf.all.forwarding = 1/" /etc/sysctl.conf + sed -i "s/net.ipv6.conf.all.accept_ra =.*$/net.ipv6.conf.all.accept_ra = 1/" /etc/sysctl.conf + + local intfnum=$1 + local ipv6="$2" + local prelen="$3" + local intf=eth${intfnum} + + echo "iface $intf inet6 static" >> /etc/network/interfaces + echo " address $ipv6 " >> /etc/network/interfaces + echo " netmask $prelen" >> /etc/network/interfaces + echo " accept_ra 1" >> /etc/network/interfaces + ifdown $intf + ifup $intf +} + + +enable_fwding() { + local enabled=$1 + log_it "cloud: enable_fwding = $1" + log_it "enable_fwding = $1" + echo "$1" > /proc/sys/net/ipv4/ip_forward + [ -f /etc/iptables/iptables.conf ] && sed -i "s/ENABLE_ROUTING=.*$/ENABLE_ROUTING=$enabled/" /etc/iptables/iptables.conf && return +} + +disable_rpfilter() { + log_it "cloud: disable rp_filter" + log_it "disable rpfilter" + sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf +} + +get_public_vif_list() { + local vif_list="" + for i in /sys/class/net/eth*; do + vif=$(basename $i); + if [ "$vif" != "eth0" ] && [ "$vif" != "eth1" ] + then + vif_list="$vif_list $vif"; + fi + done + + echo $vif_list +} + +disable_rpfilter_domR() { + log_it "cloud: Tuning rp_filter on public interfaces" + + VIF_LIST=$(get_public_vif_list) + log_it "rpfilter public interfaces : $VIF_LIST" + if [ "$DISABLE_RP_FILTER" == "true" ] + then + log_it "cloud: disable rp_filter on public interfaces" + sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf + echo "0" > /proc/sys/net/ipv4/conf/default/rp_filter + for vif in $VIF_LIST; do + log_it "cloud: disable rp_filter on public interface: $vif" + sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 0/" /etc/sysctl.conf + echo "0" > /proc/sys/net/ipv4/conf/$vif/rp_filter + done + else + log_it "cloud: enable rp_filter on public interfaces" + sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 1/" /etc/sysctl.conf + echo "1" > /proc/sys/net/ipv4/conf/default/rp_filter + for vif in $VIF_LIST; do + log_it "cloud: enable rp_filter on public interface: $vif" + sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 1/" /etc/sysctl.conf + echo "1" > /proc/sys/net/ipv4/conf/$vif/rp_filter + done + fi + log_it "cloud: Enabling rp_filter on Non-public interfaces(eth0,eth1,lo)" + echo "1" > /proc/sys/net/ipv4/conf/eth0/rp_filter + echo "1" > /proc/sys/net/ipv4/conf/eth1/rp_filter + echo "1" > /proc/sys/net/ipv4/conf/lo/rp_filter +} + +enable_irqbalance() { + local enabled=$1 + local proc=0 + + proc=$(cat /proc/cpuinfo | grep "processor" | wc -l) + if [ $proc -le 1 ] && [ $enabled -eq 1 ] + then + enabled=0 + fi + + log_it "Processors = $proc Enable service ${svc} = $enabled" + local cfg=/etc/default/irqbalance + [ -f $cfg ] && sed -i "s/ENABLED=.*$/ENABLED=$enabled/" $cfg && return +} + +enable_vpc_rpsrfs() { + local enable=$1 + if [ $enable -eq 0 ] + then + echo 0 > /etc/rpsrfsenable + else + echo 1 > /etc/rpsrfsenable + fi + + return 0 +} + +enable_rpsrfs() { + local enable=$1 + + if [ $enable -eq 0 ] + then + echo 0 > /etc/rpsrfsenable + return 0 + fi + + if [ ! -f /sys/class/net/eth0/queues/rx-0/rps_cpus ] + then + echo "rps is not enabled in the kernel" + echo 0 > /etc/rpsrfsenable + return 0 + fi + + proc=$(cat /proc/cpuinfo | grep "processor" | wc -l) + if [ $proc -le 1 ] + then + echo 0 > /etc/rpsrfsenable + return 0; + fi + + echo 1 > /etc/rpsrfsenable + num=1 + num=$(($num<<$proc)) + num=$(($num-1)); + echo $num; + hex=$(printf "%x\n" $num) + echo $hex; + #enable rps + echo $hex > /sys/class/net/eth0/queues/rx-0/rps_cpus + echo $hex > /sys/class/net/eth2/queues/rx-0/rps_cpus + + #enble rfs + echo 256 > /proc/sys/net/core/rps_sock_flow_entries + echo 256 > /sys/class/net/eth0/queues/rx-0/rps_flow_cnt + echo 256 > /sys/class/net/eth2/queues/rx-0/rps_flow_cnt +} + +setup_common() { + init_interfaces $1 $2 $3 + if [ -n "$ETH0_IP" ] + then + setup_interface "0" $ETH0_IP $ETH0_MASK $GW + fi + if [ -n "$ETH0_IP6" ] + then + setup_interface_ipv6 "0" $ETH0_IP6 $ETH0_IP6_PRELEN + fi + setup_interface "1" $ETH1_IP $ETH1_MASK $GW + if [ -n "$ETH2_IP" ] + then + setup_interface "2" $ETH2_IP $ETH2_MASK $GW + fi + + echo $NAME > /etc/hostname + echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon + hostnamectl set-hostname $NAME + + #Nameserver + sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries + sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries + if [ -n "$internalNS1" ] + then + echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf + echo "nameserver $internalNS1" > /etc/resolv.conf + fi + + if [ -n "$internalNS2" ] + then + echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf + echo "nameserver $internalNS2" >> /etc/resolv.conf + fi + if [ -n "$NS1" ] + then + echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf + echo "nameserver $NS1" >> /etc/resolv.conf + fi + + if [ -n "$NS2" ] + then + echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf + echo "nameserver $NS2" >> /etc/resolv.conf + fi + + if [ -n "$IP6_NS1" ] + then + echo "nameserver $IP6_NS1" >> /etc/dnsmasq-resolv.conf + echo "nameserver $IP6_NS1" >> /etc/resolv.conf + fi + if [ -n "$IP6_NS2" ] + then + echo "nameserver $IP6_NS2" >> /etc/dnsmasq-resolv.conf + echo "nameserver $IP6_NS2" >> /etc/resolv.conf + fi + + if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ] + then + ip route add $MGMTNET via $LOCAL_GW dev eth1 + fi + + ip route delete default + if [ "$RROUTER" != "1" ] + then + gwdev=$3 + if [ -z "$gwdev" ] + then + gwdev="eth0" + fi + + ip route add default via $GW dev $gwdev + fi + + # a hacking way to activate vSwitch under VMware + ping -n -c 3 $GW & + if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ] + then + ping -n -c 3 $LOCAL_GW & + #This code is added to address ARP issue by pinging MGMT_GW + MGMT_GW=$(echo $MGMTNET | awk -F "." '{print $1"."$2"."$3".1"}') + ping -n -c 3 $MGMT_GW & + fi + + if [ "$HYPERVISOR" == "vmware" ]; then + ntpq -p &> /dev/null || vmware-toolbox-cmd timesync enable + fi +} + +setup_dnsmasq() { + log_it "Setting up dnsmasq" + + touch /etc/dhcpopts.txt + + [ -z $DHCP_RANGE ] && [ $ETH0_IP ] && DHCP_RANGE=$ETH0_IP + [ $ETH0_IP6 ] && DHCP_RANGE_IP6=$ETH0_IP6 + [ -z $DOMAIN ] && DOMAIN="cloudnine.internal" + #removing the dnsmasq multiple ranges config file. + rm /etc/dnsmasq.d/multiple_ranges.conf + + #get the template + cp /etc/dnsmasq.conf.tmpl /etc/dnsmasq.conf + + if [ -n "$DOMAIN" ] + then + #send domain name to dhcp clients + sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\"$DOMAIN\"/ /etc/dnsmasq.conf + #DNS server will append $DOMAIN to local queries + sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf + #answer all local domain queries + sed -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf + fi + + if [ -n "$DNS_SEARCH_ORDER" ] + then + sed -i -e "/^[#]*dhcp-option.*=119.*$/d" /etc/dnsmasq.conf + echo "dhcp-option-force=119,$DNS_SEARCH_ORDER" >> /etc/dnsmasq.conf + # set the domain search order as a space seprated list for option 15 + DNS_SEARCH_ORDER=$(echo $DNS_SEARCH_ORDER | sed 's/,/ /g') + #send domain name to dhcp clients + sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\""$DNS_SEARCH_ORDER"\"/ /etc/dnsmasq.conf + fi + + if [ $DHCP_RANGE ] + then + sed -i -e "s/^dhcp-range_ip4=.*$/dhcp-range=$DHCP_RANGE,static/" /etc/dnsmasq.conf + else + sed -i -e "s/^dhcp-range_ip4=.*$//" /etc/dnsmasq.conf + fi + if [ $DHCP_RANGE_IP6 ] + then + sed -i -e "s/^dhcp-range_ip6=.*$/dhcp-range=$DHCP_RANGE_IP6,static/" /etc/dnsmasq.conf + # For nondefault6 tagged host, don't send dns-server information + sed -i /nondefault6/d /etc/dnsmasq.conf + echo "dhcp-option=nondefault6,option6:dns-server" >> /etc/dnsmasq.conf + else + sed -i -e "s/^dhcp-range_ip6=.*$//" /etc/dnsmasq.conf + fi + + if [ "$RROUTER" == "1" ] + then + DEFAULT_GW=$GUEST_GW + INTERNAL_DNS=$GUEST_GW + else + if [ "$TYPE" == "dhcpsrvr" ] + then + DEFAULT_GW=$GW + else + DEFAULT_GW=$ETH0_IP + fi + INTERNAL_DNS=$ETH0_IP + fi + sed -i -e "/^[#]*dhcp-option=option:router.*$/d" /etc/dnsmasq.conf + [ $DEFAULT_GW ] && echo "dhcp-option=option:router,$DEFAULT_GW" >> /etc/dnsmasq.conf + + [ $ETH0_IP ] && [ $NS1 ] && NS="$NS1," + [ $ETH0_IP ] && [ $NS2 ] && NS="$NS$NS2," + [ $ETH0_IP6 ] && [ $IP6_NS1 ] && NS6="[$IP6_NS1]," + [ $ETH0_IP6 ] && [ $IP6_NS2 ] && NS6="$NS6[$IP6_NS2]," + #for now set up ourself as the dns server as well + sed -i -e "/^[#]*dhcp-option=6,.*$/d" /etc/dnsmasq.conf + sed -i -e "/^[#]*dhcp-option=option6:dns-server,.*$/d" /etc/dnsmasq.conf + if [ "$USE_EXTERNAL_DNS" != "true" ] + then + [ $ETH0_IP ] && NS="$INTERNAL_DNS,$NS" + [ $ETH0_IP6 ] && NS6="[::],$NS6" + # enable dns + sed -i -e "/^[#]*port=.*$/d" /etc/dnsmasq.conf + else + # disable dns + sed -i -e "/^[#]*port=.*$/d" /etc/dnsmasq.conf + echo "port=0" >> /etc/dnsmasq.conf + fi + NS=${NS%?} + NS6=${NS6%?} + [ $ETH0_IP ] && echo "dhcp-option=6,$NS" >> /etc/dnsmasq.conf + [ $ETH0_IP6 ] && echo "dhcp-option=option6:dns-server,$NS6" >> /etc/dnsmasq.conf + #adding the name data-server to the /etc/hosts for allowing the access to user-data service and ssh-key reset in every subnet. + #removing the existing entires to avoid duplicates on restarts. + sed -i '/data-server/d' /etc/hosts + if [ -n "$ETH0_IP" ] + then + echo "$ETH0_IP data-server" >> /etc/hosts + fi + if [ -n "$ETH0_IP6" ] + then + echo "$ETH0_IP6 data-server" >> /etc/hosts + fi + #add the dhcp-client-update only if dnsmasq version is 2.6 and above + dnsmasqVersion=$(dnsmasq -v | grep version -m 1 | grep -o "[[:digit:]]\.[[:digit:]]") + major=$(echo "$dnsmasqVersion" | cut -d '.' -f 1) + minor=$(echo "$dnsmasqVersion" | cut -d '.' -f 2) + if [ "$major" -eq '2' -a "$minor" -ge '6' ] || [ "$major" -gt '2' ] + then + sed -i -e "/^dhcp-client-update/d" /etc/dnsmasq.conf + echo 'dhcp-client-update' >> /etc/dnsmasq.conf + fi + + command -v dhcp_release > /dev/null 2>&1 + no_dhcp_release=$? + if [ $no_dhcp_release -eq 0 -a -z "$ETH0_IP6" ] + then + echo 1 > /var/cache/cloud/dnsmasq_managed_lease + sed -i -e "/^leasefile-ro/d" /etc/dnsmasq.conf + else + echo 0 > /var/cache/cloud/dnsmasq_managed_lease + fi +} + +setup_sshd(){ + local ip=$1 + local eth=$2 + [ -f /etc/ssh/sshd_config ] && sed -i -e "s/^[#]*ListenAddress.*$/ListenAddress $ip/" /etc/ssh/sshd_config + sed -i "/3922/s/eth./$eth/" /etc/iptables/rules.v4 + sed -i "/3922/s/eth./$eth/" /etc/iptables/rules +} + +setup_vpc_apache2() { + log_it "Setting up apache web server for VPC" + systemctl disable apache2 + clean_ipalias_config + setup_apache2_common +} + +clean_ipalias_config() { + # Old + rm -f /etc/apache2/conf.d/ports.*.meta-data.conf + rm -f /etc/apache2/sites-available/ipAlias* + rm -f /etc/apache2/sites-enabled/ipAlias* + rm -f /etc/apache2/conf.d/vhost*.conf + rm -f /etc/apache2/ports.conf + rm -f /etc/apache2/vhostexample.conf + rm -f /etc/apache2/sites-available/default + rm -f /etc/apache2/sites-available/default-ssl + rm -f /etc/apache2/sites-enabled/default + rm -f /etc/apache2/sites-enabled/default-ssl + + # New + rm -f /etc/apache2/sites-enabled/vhost-*.conf + rm -f /etc/apache2/sites-enabled/000-default + + rm -rf /etc/failure_config +} + +setup_apache2_common() { + sed -i 's/^Include ports.conf.*/# CS: Done by Python CsApp config\n#Include ports.conf/g' /etc/apache2/apache2.conf + [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerTokens .*/ServerTokens Prod/g" /etc/apache2/conf.d/security + [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerSignature .*/ServerSignature Off/g" /etc/apache2/conf.d/security + + # Disable listing of http://SSVM-IP/icons folder for security issue. see article http://www.i-lateral.com/tutorials/disabling-the-icons-folder-on-an-ubuntu-web-server/ + [ -f /etc/apache2/mods-available/alias.conf ] && sed -i s/"Options Indexes MultiViews"/"Options -Indexes MultiViews"/ /etc/apache2/mods-available/alias.conf + + echo "Options -Indexes" > /var/www/html/.htaccess +} + +setup_apache2() { + log_it "Setting up apache web server" + clean_ipalias_config + setup_apache2_common + local ip=$1 +} + +setup_aesni() { + if [ `grep aes /proc/cpuinfo | wc -l` -gt 0 ] + then + modprobe aesni_intel + fi +} + +setup_storage_network() { + if [ x"$STORAGE_IP" == "x" -o x"$STORAGE_NETMASK" == "x" ] + then + log_it "Incompleted parameters STORAGE_IP:$STORAGE_IP, STORAGE_NETMASK:$STORAGE_NETMASK, STORAGE_CIDR:$STORAGE_CIDR. Cannot setup storage network" + return + fi + + echo "" >> /etc/network/interfaces + echo "auto eth3" >> /etc/network/interfaces + + setup_interface "3" "$STORAGE_IP" "$STORAGE_NETMASK" + [ -n "$MTU" ] && ifconfig eth3 mtu $MTU && echo " mtu $MTU" >> /etc/network/interfaces + #ip route add "$STORAGE_CIDR" via "$STORAGE_IP" + log_it "Successfully setup storage network with STORAGE_IP:$STORAGE_IP, STORAGE_NETMASK:$STORAGE_NETMASK, STORAGE_CIDR:$STORAGE_CIDR" +} + +setup_system_rfc1918_internal() { + public_ip=`getPublicIp` + echo "$public_ip" | grep -E "^((127\.)|(10\.)|(172\.1[6-9]\.)|(172\.2[0-9]\.)|(172\.3[0-1]\.)|(192\.168\.))" + if [ "$?" == "0" ]; then + log_it "Not setting up route of RFC1918 space to $LOCAL_GW befause $public_ip is RFC1918." + else + log_it "Setting up route of RFC1918 space to $LOCAL_GW" + # Setup general route for RFC 1918 space, as otherwise it will be sent to + # the public gateway and not work + # More specific routes that may be set have preference over this generic route. + ip route add 10.0.0.0/8 via $LOCAL_GW + ip route add 172.16.0.0/12 via $LOCAL_GW + ip route add 192.168.0.0/16 via $LOCAL_GW + fi +} + +getPublicIp() { + public_ip=$ETH2_IP + [ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH1_IP + echo $public_ip +} + +setup_ntp() { + log_it "Setting up NTP" + NTP_CONF_FILE="/etc/ntp.conf" + if [ -f $NTP_CONF_FILE ] + then + IFS=',' read -a server_list <<< "$NTP_SERVER_LIST" + for (( iterator=${#server_list[@]}-1 ; iterator>=0 ; iterator-- )) + do + server=$(echo ${server_list[iterator]} | tr -d '\r') + PATTERN="server $server" + if grep -q "^$PATTERN$" $NTP_CONF_FILE ; then + sed -i "/^$PATTERN$/d" $NTP_CONF_FILE + fi + sed -i "0,/^server/s//$PATTERN\nserver/" $NTP_CONF_FILE + done + systemctl enable ntp + else + log_it "NTP configuration file not found" + fi +} + +routing_svcs() { + systemctl disable --now cloud + systemctl disable --now nfs-common + systemctl disable --now portmap + systemctl enable apache2 + systemctl enable haproxy + systemctl enable ssh + echo "ssh haproxy apache2" > /var/cache/cloud/enabled_svcs + echo "cloud nfs-common portmap" > /var/cache/cloud/disabled_svcs + if [ $RROUTER -eq 1 ] + then + systemctl disable --now cloud-passwd-srvr + systemctl disable --now dnsmasq + systemctl enable conntrackd + systemctl enable keepalived + echo "keepalived conntrackd" >> /var/cache/cloud/enabled_svcs + echo "dnsmasq cloud-passwd-srvr" >> /var/cache/cloud/disabled_svcs + else + systemctl disable --now conntrackd + systemctl disable --now keepalived + systemctl enable cloud-passwd-srvr + systemctl enable dnsmasq + echo "dnsmasq cloud-passwd-srvr " >> /var/cache/cloud/enabled_svcs + echo "keepalived conntrackd " >> /var/cache/cloud/disabled_svcs + fi +} + +setup_redundant_router() { + rrouter_bin_path="/ramdisk/rrouter" + rrouter_log="/ramdisk/rrouter/keepalived.log" + rrouter_bin_path_str="\/ramdisk\/rrouter" + rrouter_log_str="\/ramdisk\/rrouter\/keepalived.log" + mkdir -p /ramdisk + mount tmpfs /ramdisk -t tmpfs + mkdir -p /ramdisk/rrouter + ip route delete default + cp /root/redundant_router/keepalived.conf.templ /etc/keepalived/keepalived.conf + cp /root/redundant_router/conntrackd.conf.templ /etc/conntrackd/conntrackd.conf + cp /root/redundant_router/enable_pubip.sh.templ $rrouter_bin_path/enable_pubip.sh + cp /root/redundant_router/master.sh.templ $rrouter_bin_path/master.sh + cp /root/redundant_router/backup.sh.templ $rrouter_bin_path/backup.sh + cp /root/redundant_router/fault.sh.templ $rrouter_bin_path/fault.sh + cp /root/redundant_router/primary-backup.sh.templ $rrouter_bin_path/primary-backup.sh + cp /root/redundant_router/heartbeat.sh.templ $rrouter_bin_path/heartbeat.sh + cp /root/redundant_router/check_heartbeat.sh.templ $rrouter_bin_path/check_heartbeat.sh + cp /root/redundant_router/arping_gateways.sh.templ $rrouter_bin_path/arping_gateways.sh + cp /root/redundant_router/check_bumpup.sh $rrouter_bin_path/ + cp /root/redundant_router/disable_pubip.sh $rrouter_bin_path/ + cp /root/redundant_router/checkrouter.sh.templ /opt/cloud/bin/checkrouter.sh + cp /root/redundant_router/services.sh $rrouter_bin_path/ + sed -i "s/\[ROUTER_ID\]/$NAME/g" /etc/keepalived/keepalived.conf + sed -i "s/\[ROUTER_IP\]/$GUEST_GW\/$GUEST_CIDR_SIZE/g" /etc/keepalived/keepalived.conf + sed -i "s/\[BOARDCAST\]/$GUEST_BRD/g" /etc/keepalived/keepalived.conf + sed -i "s/\[PRIORITY\]/$ROUTER_PR/g" /etc/keepalived/keepalived.conf + sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" /etc/keepalived/keepalived.conf + sed -i "s/\[DELTA\]/2/g" /etc/keepalived/keepalived.conf + sed -i "s/\[LINK_IF\]/eth0/g" /etc/conntrackd/conntrackd.conf + sed -i "s/\[LINK_IP\]/$ETH0_IP/g" /etc/conntrackd/conntrackd.conf + sed -i "s/\[IGNORE_IP1\]/$GUEST_GW/g" /etc/conntrackd/conntrackd.conf + sed -i "s/\[IGNORE_IP2\]/$ETH0_IP/g" /etc/conntrackd/conntrackd.conf + sed -i "s/\[IGNORE_IP3\]/$ETH1_IP/g" /etc/conntrackd/conntrackd.conf + sed -i "s/\[ETH2IP\]/$ETH2_IP/g" $rrouter_bin_path/enable_pubip.sh + sed -i "s/\[ETH2MASK\]/$ETH2_MASK/g" $rrouter_bin_path/enable_pubip.sh + sed -i "s/\[GATEWAY\]/$GW/g" $rrouter_bin_path/enable_pubip.sh + sed -i "s/\[GATEWAY\]/$GW/g" $rrouter_bin_path/master.sh + sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/master.sh + sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/backup.sh + sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/fault.sh + sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/heartbeat.sh + sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/check_heartbeat.sh + sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/master.sh + sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/backup.sh + sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/fault.sh + sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/primary-backup.sh + sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/check_heartbeat.sh + sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/arping_gateways.sh + sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" /opt/cloud/bin/checkrouter.sh + if [ $ADVERT_INT ] + then + sed -i "s/advert_int 1/advert_int $ADVERT_INT/g" /etc/keepalived/keepalived.conf + fi + chmod a+x $rrouter_bin_path/*.sh + sed -i "s/--exec\ \$DAEMON;/--exec\ \$DAEMON\ --\ --vrrp;/g" /etc/init.d/keepalived + crontab -l|grep "check_heartbeat.sh" + if [ $? -ne 0 ] + then + (crontab -l; echo -e "SHELL=/bin/bash\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n*/1 * * * * $rrouter_bin_path/check_heartbeat.sh 2>&1 > /dev/null") | crontab + fi +} + +parse_cmd_line() { + CMDLINE=$(cat /var/cache/cloud/cmdline) + TYPE="unknown" + BOOTPROTO="static" + DISABLE_RP_FILTER="false" + STORAGE_IP="" + STORAGE_NETMASK="" + STORAGE_CIDR="" + VM_PASSWORD="" + + CHEF_TMP_FILE=/tmp/cmdline.json + COMMA="\t" + echo -e "{\n\"type\": \"cmdline\"," > ${CHEF_TMP_FILE} + echo -e "\"cmd_line\": {" >> ${CHEF_TMP_FILE} + + for i in $CMDLINE + do + # search for foo=bar pattern and cut out foo + KEY=$(echo $i | cut -d= -f1) + VALUE=$(echo $i | cut -d= -f2) + echo -en ${COMMA} >> ${CHEF_TMP_FILE} + # Two lines so values do not accidently interpretted as escapes!! + echo -n \"${KEY}\"': '\"${VALUE}\" >> ${CHEF_TMP_FILE} + COMMA=",\n\t" + case $KEY in + disable_rp_filter) + export DISABLE_RP_FILTER=$VALUE + ;; + eth0ip) + export ETH0_IP=$VALUE + ;; + eth1ip) + export ETH1_IP=$VALUE + ;; + eth2ip) + export ETH2_IP=$VALUE + ;; + host) + export MGMT_HOST=$VALUE + ;; + gateway) + export GW=$VALUE + ;; + ip6gateway) + export IP6GW=$VALUE + ;; + eth0mask) + export ETH0_MASK=$VALUE + ;; + eth1mask) + export ETH1_MASK=$VALUE + ;; + eth2mask) + export ETH2_MASK=$VALUE + ;; + eth0ip6) + export ETH0_IP6=$VALUE + ;; + eth0ip6prelen) + export ETH0_IP6_PRELEN=$VALUE + ;; + internaldns1) + export internalNS1=$VALUE + ;; + internaldns2) + export internalNS2=$VALUE + ;; + dns1) + export NS1=$VALUE + ;; + dns2) + export NS2=$VALUE + ;; + ip6dns1) + export IP6_NS1=$VALUE + ;; + ip6dns2) + export IP6_NS2=$VALUE + ;; + domain) + export DOMAIN=$VALUE + ;; + dnssearchorder) + export DNS_SEARCH_ORDER=$VALUE + ;; + useextdns) + export USE_EXTERNAL_DNS=$VALUE + ;; + mgmtcidr) + export MGMTNET=$VALUE + ;; + localgw) + export LOCAL_GW=$VALUE + ;; + template) + export TEMPLATE=$VALUE + ;; + sshonguest) + export SSHONGUEST=$VALUE + ;; + name) + export NAME=$VALUE + ;; + dhcprange) + export DHCP_RANGE=$(echo $VALUE | tr ':' ',') + ;; + bootproto) + export BOOTPROTO=$VALUE + ;; + type) + export TYPE=$VALUE + ;; + defaultroute) + export DEFAULTROUTE=$VALUE + ;; + redundant_router) + export RROUTER=$VALUE + ;; + guestgw) + export GUEST_GW=$VALUE + ;; + guestbrd) + export GUEST_BRD=$VALUE + ;; + guestcidrsize) + export GUEST_CIDR_SIZE=$VALUE + ;; + router_pr) + export ROUTER_PR=$VALUE + ;; + extra_pubnics) + export EXTRA_PUBNICS=$VALUE + ;; + nic_macs) + export NIC_MACS=$VALUE + ;; + mtu) + export MTU=$VALUE + ;; + storageip) + export STORAGE_IP=$VALUE + ;; + storagenetmask) + export STORAGE_NETMASK=$VALUE + ;; + storagecidr) + export STORAGE_CIDR=$VALUE + ;; + vmpassword) + export VM_PASSWORD=$VALUE + ;; + vpccidr) + export VPCCIDR=$VALUE + ;; + cidrsize) + export CIDR_SIZE=$VALUE + ;; + advert_int) + export ADVERT_INT=$VALUE + ;; + ntpserverlist) + export NTP_SERVER_LIST=$VALUE + ;; + esac + done + echo -e "\n\t}\n}" >> ${CHEF_TMP_FILE} + if [ "$TYPE" != "unknown" ] + then + mv ${CHEF_TMP_FILE} /var/cache/cloud/cmd_line.json + fi + + [ $ETH0_IP ] && export LOCAL_ADDRS=$ETH0_IP + [ $ETH0_IP6 ] && export LOCAL_ADDRS=$ETH0_IP6 + [ $ETH0_IP ] && [ $ETH0_IP6 ] && export LOCAL_ADDRS="$ETH0_IP,$ETH0_IP6" + + # Randomize cloud password so only ssh login is allowed + echo "cloud:`openssl rand -base64 32`" | chpasswd + + if [ x"$VM_PASSWORD" != x"" ] + then + echo "root:$VM_PASSWORD" | chpasswd + fi +} + +parse_cmd_line diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/consoleproxy.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/consoleproxy.sh new file mode 100755 index 000000000000..36c1fa41115a --- /dev/null +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/consoleproxy.sh @@ -0,0 +1,61 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +. /opt/cloud/bin/setup/common.sh + +consoleproxy_svcs() { + echo "cloud ssh" > /var/cache/cloud/enabled_svcs + echo "cloud-passwd-srvr haproxy dnsmasq apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs + mkdir -p /var/log/cloud +} + +setup_console_proxy() { + log_it "Setting up console proxy system vm" + setup_common eth0 eth1 eth2 + setup_system_rfc1918_internal + + log_it "Setting up entry in hosts" + sed -i /$NAME/d /etc/hosts + public_ip=`getPublicIp` + echo "$public_ip $NAME" >> /etc/hosts + + log_it "Applying iptables rules" + cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules.v4 + cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules + + log_it "Configuring sshd" + local hyp=$HYPERVISOR + if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ]; then + setup_sshd $ETH1_IP "eth1" + else + setup_sshd $ETH0_IP "eth0" + fi + + disable_rpfilter + enable_fwding 0 + enable_irqbalance 0 + rm -f /etc/logrotate.d/cloud +} + +consoleproxy_svcs +if [ $? -gt 0 ] +then + log_it "Failed to execute consoleproxy_svcs" + exit 1 +fi +setup_console_proxy diff --git a/systemvm/patches/debian/config/etc/default/cloud b/systemvm/patches/debian/config/opt/cloud/bin/setup/default.sh old mode 100644 new mode 100755 similarity index 78% rename from systemvm/patches/debian/config/etc/default/cloud rename to systemvm/patches/debian/config/opt/cloud/bin/setup/default.sh index 0b85c63f71eb..4272e645d416 --- a/systemvm/patches/debian/config/etc/default/cloud +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/default.sh @@ -1,3 +1,4 @@ +#!/bin/bash # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information @@ -15,5 +16,14 @@ # specific language governing permissions and limitations # under the License. -#set ENABLED to 1 if you want the init script to start the password server -ENABLED=0 +. /opt/cloud/bin/setup/common.sh + +setup_default() { + cat > /etc/network/interfaces << EOF +auto lo +iface lo inet loopback +EOF + cp -f /etc/iptables/rt_tables_init /etc/iproute2/rt_tables +} + +setup_default diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/dhcpsrvr.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/dhcpsrvr.sh new file mode 100755 index 000000000000..1e28ab458571 --- /dev/null +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/dhcpsrvr.sh @@ -0,0 +1,62 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +. /opt/cloud/bin/setup/common.sh + +dhcpsrvr_svcs() { + echo "ssh dnsmasq cloud-passwd-srvr apache2" > /var/cache/cloud/enabled_svcs + echo "cloud nfs-common conntrackd keepalived haproxy portmap" > /var/cache/cloud/disabled_svcs +} + +setup_dhcpsrvr() { + log_it "Setting up dhcp server system vm" + setup_common eth0 eth1 + setup_dnsmasq + setup_apache2 $ETH0_IP + + sed -i /$NAME/d /etc/hosts + [ $ETH0_IP ] && echo "$ETH0_IP $NAME" >> /etc/hosts + [ $ETH0_IP6 ] && echo "$ETH0_IP6 $NAME" >> /etc/hosts + + enable_irqbalance 0 + enable_fwding 0 + + cp /etc/iptables/iptables-router /etc/iptables/rules.v4 + cp /etc/iptables/iptables-router /etc/iptables/rules + + #Only allow DNS service for current network + sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4 + sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules + sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4 + sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules + + if [ "$SSHONGUEST" == "true" ] + then + setup_sshd $ETH0_IP "eth0" + else + setup_sshd $ETH1_IP "eth1" + fi +} + +dhcpsrvr_svcs +if [ $? -gt 0 ] +then + log_it "Failed to execute dhcpsrvr_svcs" + exit 1 +fi +setup_dhcpsrvr diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/elbvm.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/elbvm.sh new file mode 100755 index 000000000000..23a2607ff997 --- /dev/null +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/elbvm.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +. /opt/cloud/bin/setup/common.sh + +elbvm_svcs() { + echo "ssh haproxy" > /var/cache/cloud/enabled_svcs + echo "cloud dnsmasq conntrackd keepalived cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs +} + +setup_elbvm() { + log_it "Setting up Elastic Load Balancer system vm" + setup_common eth0 eth1 + sed -i /$NAME/d /etc/hosts + public_ip=$ETH2_IP + [ "$ETH2_IP" == "0.0.0.0" ] || [ "$ETH2_IP" == "" ] && public_ip=$ETH0_IP + echo "$public_ip $NAME" >> /etc/hosts + + cp /etc/iptables/iptables-elbvm /etc/iptables/rules.v4 + cp /etc/iptables/iptables-elbvm /etc/iptables/rules + if [ "$SSHONGUEST" == "true" ] + then + setup_sshd $ETH0_IP "eth0" + else + setup_sshd $ETH1_IP "eth1" + fi + + enable_fwding 0 + enable_irqbalance 0 +} + +elbvm_svcs +if [ $? -gt 0 ] +then + log_it "Failed to execute elbvm svcs" + exit 1 +fi +setup_elbvm diff --git a/systemvm/patches/debian/config/etc/default/cloud-passwd-srvr b/systemvm/patches/debian/config/opt/cloud/bin/setup/ilbvm.sh old mode 100644 new mode 100755 similarity index 51% rename from systemvm/patches/debian/config/etc/default/cloud-passwd-srvr rename to systemvm/patches/debian/config/opt/cloud/bin/setup/ilbvm.sh index 0b85c63f71eb..4cd599f59d7b --- a/systemvm/patches/debian/config/etc/default/cloud-passwd-srvr +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/ilbvm.sh @@ -1,3 +1,4 @@ +#!/bin/bash # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information @@ -15,5 +16,33 @@ # specific language governing permissions and limitations # under the License. -#set ENABLED to 1 if you want the init script to start the password server -ENABLED=0 +. /opt/cloud/bin/setup/common.sh + +ilbvm_svcs() { + echo "ssh haproxy" > /var/cache/cloud/enabled_svcs + echo "cloud dnsmasq conntrackd keepalived cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs +} + +setup_ilbvm() { + log_it "Setting up Internal Load Balancer system vm" + setup_common eth0 eth1 + #eth0 = guest network, eth1=control network + + sed -i /$NAME/d /etc/hosts + echo "$ETH0_IP $NAME" >> /etc/hosts + + cp /etc/iptables/iptables-ilbvm /etc/iptables/rules.v4 + cp /etc/iptables/iptables-ilbvm /etc/iptables/rules + setup_sshd $ETH1_IP "eth1" + + enable_fwding 0 + enable_irqbalance 1 +} + +ilbvm_svcs +if [ $? -gt 0 ] +then + log_it "Failed to execute ilbvm svcs" + exit 1 +fi +setup_ilbvm diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/patchsystemvm.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/patchsystemvm.sh new file mode 100755 index 000000000000..43c3c927e4f6 --- /dev/null +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/patchsystemvm.sh @@ -0,0 +1,57 @@ +#/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +#set -x +logfile="/var/log/patchsystemvm.log" + +# To use existing console proxy .zip-based package file +patch_systemvm() { + local patchfile=$1 + local backupfolder="/tmp/.conf.backup" + if [ -f /usr/local/cloud/systemvm/conf/cloud.jks ]; then + rm -fr $backupfolder + mkdir -p $backupfolder + cp -r /usr/local/cloud/systemvm/conf/* $backupfolder/ + fi + rm /usr/local/cloud/systemvm -rf + mkdir -p /usr/local/cloud/systemvm + echo "All" | unzip $patchfile -d /usr/local/cloud/systemvm >$logfile 2>&1 + find /usr/local/cloud/systemvm/ -name \*.sh | xargs chmod 555 + if [ -f $backupfolder/cloud.jks ]; then + cp -r $backupfolder/* /usr/local/cloud/systemvm/conf/ + echo "Restored keystore file and certs using backup" >> $logfile + fi + rm -fr $backupfolder + return 0 +} + +CMDLINE=/var/cache/cloud/cmdline +PATCH_MOUNT=$1 +TYPE=$2 + +echo "Patching systemvm for cloud service with mount=$PATCH_MOUNT for type=$TYPE" >> $logfile + +if [ "$TYPE" == "consoleproxy" ] || [ "$TYPE" == "secstorage" ] && [ -f ${PATCH_MOUNT}/systemvm.zip ] +then + patch_systemvm ${PATCH_MOUNT}/systemvm.zip + if [ $? -gt 0 ] + then + echo "Failed to apply patch systemvm\n" >> $logfile + exit 1 + fi +fi diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/router.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/router.sh new file mode 100755 index 000000000000..d9fadfef4b1e --- /dev/null +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/router.sh @@ -0,0 +1,106 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +. /opt/cloud/bin/setup/common.sh + +setup_router() { + log_it "Setting up virtual router system vm" + + #To save router public interface and gw ip information + touch /var/cache/cloud/ifaceGwIp + + oldmd5= + [ -f "/etc/udev/rules.d/70-persistent-net.rules" ] && oldmd5=$(md5sum "/etc/udev/rules.d/70-persistent-net.rules" | awk '{print $1}') + + if [ -n "$ETH2_IP" ] + then + setup_common eth0 eth1 eth2 + + if [ -n "$EXTRA_PUBNICS" ] + then + for((i = 3; i < 3 + $EXTRA_PUBNICS; i++)) + do + setup_interface "$i" "0.0.0.0" "255.255.255.255" $GW "force" + done + fi + else + setup_common eth0 eth1 + if [ -n "$EXTRA_PUBNICS" ] + then + for((i = 2; i < 2 + $EXTRA_PUBNICS; i++)) + do + setup_interface "$i" "0.0.0.0" "255.255.255.255" $GW "force" + done + fi + fi + + if [ -n "$ETH2_IP" -a "$RROUTER" == "1" ] + then + setup_redundant_router + fi + + log_it "Checking udev NIC assignment order changes" + if [ "$NIC_MACS" != "" ] + then + init_interfaces_orderby_macs "$NIC_MACS" "/tmp/interfaces" "/tmp/udev-rules" + newmd5=$(md5sum "/tmp/udev-rules" | awk '{print $1}') + rm /tmp/interfaces + rm /tmp/udev-rules + + if [ "$oldmd5" != "$newmd5" ] + then + log_it "udev NIC assignment requires reboot to take effect" + sync + sleep 2 + reboot + fi + fi + + setup_aesni + setup_dnsmasq + setup_apache2 $ETH0_IP + + sed -i /$NAME/d /etc/hosts + echo "$ETH0_IP $NAME" >> /etc/hosts + + enable_irqbalance 1 + disable_rpfilter_domR + enable_fwding 1 + enable_rpsrfs 1 + cp /etc/iptables/iptables-router /etc/iptables/rules.v4 + #for old templates + cp /etc/iptables/iptables-router /etc/iptables/rules + setup_sshd $ETH1_IP "eth1" + + #Only allow DNS service for current network + sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4 + sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules + sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4 + sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules + + #setup hourly logrotate + mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1 +} + +routing_svcs +if [ $? -gt 0 ] +then + log_it "Failed to execute routing_svcs" + exit 1 +fi +setup_router diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/secstorage.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/secstorage.sh new file mode 100755 index 000000000000..327353c0ae76 --- /dev/null +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/secstorage.sh @@ -0,0 +1,90 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +. /opt/cloud/bin/setup/common.sh + +secstorage_svcs() { + echo "apache2 cloud ssh nfs-common portmap" > /var/cache/cloud/enabled_svcs + echo "cloud-passwd-srvr conntrackd keepalived haproxy dnsmasq" > /var/cache/cloud/disabled_svcs + mkdir -p /var/log/cloud +} + +setup_secstorage() { + log_it "Setting up secondary storage system vm" + sysctl vm.min_free_kbytes=8192 + + setup_common eth0 eth1 eth2 + setup_storage_network + setup_system_rfc1918_internal + + log_it "Setting up entry in hosts" + sed -i /$NAME/d /etc/hosts + public_ip=`getPublicIp` + echo "$public_ip $NAME" >> /etc/hosts + + log_it "Applying iptables rules" + cp /etc/iptables/iptables-secstorage /etc/iptables/rules.v4 + cp /etc/iptables/iptables-secstorage /etc/iptables/rules + + log_it "Configuring sshd" + local hyp=$HYPERVISOR + if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ]; then + setup_sshd $ETH1_IP "eth1" + else + setup_sshd $ETH0_IP "eth0" + fi + + log_it "Configuring apache2" + setup_apache2 $ETH2_IP + + # Deprecated, should move to Cs Python all of it + sed -e "s///" \ + -e "s///" \ + -e "s/Listen .*:80/Listen $ETH2_IP:80/g" \ + -e "s/Listen .*:443/Listen $ETH2_IP:443/g" /etc/apache2/vhost.template > /etc/apache2/sites-enabled/vhost-${ETH2_IP}.conf + + log_it "Setting up apache2 for post upload of volume/template" + a2enmod proxy + a2enmod proxy_http + a2enmod headers + + cat >/etc/apache2/cors.conf <> /etc/hosts; + fi + + cat > /etc/network/interfaces << EOF +auto lo eth0 +iface lo inet loopback +EOF + setup_interface "0" $ETH0_IP $ETH0_MASK $GW + + echo $NAME > /etc/hostname + echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon + hostnamectl set-hostname $NAME + + #Nameserver + sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries + sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries + if [ -n "$internalNS1" ] + then + echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf + echo "nameserver $internalNS1" > /etc/resolv.conf + fi + + if [ -n "$internalNS2" ] + then + echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf + echo "nameserver $internalNS2" >> /etc/resolv.conf + fi + if [ -n "$NS1" ] + then + echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf + echo "nameserver $NS1" >> /etc/resolv.conf + fi + + if [ -n "$NS2" ] + then + echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf + echo "nameserver $NS2" >> /etc/resolv.conf + fi + if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ] + then + if [ "$HYPERVISOR" == "vmware" ] || [ "$HYPERVISOR" == "hyperv" ]; + then + ip route add $MGMTNET via $LOCAL_GW dev eth0 + + # a hacking way to activate vSwitch under VMware + ping -n -c 3 $LOCAL_GW & + sleep 3 + pkill ping + fi + fi + + if [ "$RROUTER" == "1" ] + then + setup_redundant_router + fi + + ip route delete default + # create route table for static route + + sudo echo "252 static_route" >> /etc/iproute2/rt_tables 2>/dev/null + sudo echo "251 static_route_back" >> /etc/iproute2/rt_tables 2>/dev/null + sudo ip rule add from $VPCCIDR table static_route 2>/dev/null + sudo ip rule add from $VPCCIDR table static_route_back 2>/dev/null + + setup_vpc_apache2 + + enable_irqbalance 1 + enable_vpc_rpsrfs 1 + disable_rpfilter + enable_fwding 1 + cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules.v4 + cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules + setup_sshd $ETH0_IP "eth0" + cp /etc/vpcdnsmasq.conf /etc/dnsmasq.conf + cp /etc/cloud-nic.rules /etc/udev/rules.d/cloud-nic.rules + echo "" > /etc/dnsmasq.d/dhcphosts.txt + echo "dhcp-hostsfile=/etc/dhcphosts.txt" > /etc/dnsmasq.d/cloud.conf + + [ -z $DOMAIN ] && DOMAIN="cloudnine.internal" + #DNS server will append $DOMAIN to local queries + sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf + #answer all local domain queries + sed -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf + + command -v dhcp_release > /dev/null 2>&1 + no_dhcp_release=$? + if [ $no_dhcp_release -eq 0 ] + then + echo 1 > /var/cache/cloud/dnsmasq_managed_lease + sed -i -e "/^leasefile-ro/d" /etc/dnsmasq.conf + else + echo 0 > /var/cache/cloud/dnsmasq_managed_lease + fi + + #setup hourly logrotate + mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1 +} + +routing_svcs +if [ $? -gt 0 ] +then + log_it "Failed to execute routing_svcs" + exit 1 +fi +setup_vpcrouter diff --git a/systemvm/patches/debian/config/opt/cloud/templates/check_heartbeat.sh.templ b/systemvm/patches/debian/config/opt/cloud/templates/check_heartbeat.sh.templ index 6a0d8a963fc8..a9cbf308119e 100755 --- a/systemvm/patches/debian/config/opt/cloud/templates/check_heartbeat.sh.templ +++ b/systemvm/patches/debian/config/opt/cloud/templates/check_heartbeat.sh.templ @@ -47,9 +47,9 @@ then if [ $s -gt 2 ] then echo Keepalived process is dead! >> $ROUTER_LOG - service keepalived stop >> $ROUTER_LOG 2>&1 - service conntrackd stop >> $ROUTER_LOG 2>&1 - + systemctl stop keepalived >> $ROUTER_LOG 2>&1 + systemctl stop conntrackd >> $ROUTER_LOG 2>&1 + #Set fault so we have the same effect as a KeepaliveD fault. python /opt/cloud/bin/master.py --fault diff --git a/systemvm/patches/debian/config/root/.ssh/authorized_keys b/systemvm/patches/debian/config/root/.ssh/authorized_keys index 728676058648..c09f6379a34b 100644 --- a/systemvm/patches/debian/config/root/.ssh/authorized_keys +++ b/systemvm/patches/debian/config/root/.ssh/authorized_keys @@ -1 +1 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvFu3MLSPphFRBR1yM7nBukXWS9gPdAXfqq9cfC8ZqQN9ybi531aj44CybZ4BVT4kLfzbAs7+7nJeSIpPHxjv9XFqbxjIxoFeGYkj7s0RrJgtsEmvAAubZ3mYboUAYUivMgnJFLnv4VqyAbpjix6CfECUiU4ygwo24F3F6bAmhl4Vo1R5TSUdDIX876YePJTFtuVkLl4lu/+xw1QRWrgaSFosGICT37IKY7RjE79Ozb0GjNHyJPPgVAGkUVO4LawroL9dYOBlzdHpmqqA9Kc44oQBpvcU7s1+ezRTt7fZNnP7TG9ninZtrvnP4qmwAc4iUJ7N1bwh0mCblnoTfZ28hw== anthony@mobl-ant +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2RIE3hgSAD8zULuyE7KDW9EKh2oVbNGY7iSL/VI5xHLISKh4e8ksTshWjlGBtrUCnuzR7y2BUxZ65RI8XkB1fEDxcOU4/0lVPvJYDSsGveXoOgpLwOtKRoGLgjFUGzBQlj2s6YaYQxoNTqtBVkDIH6ekPNq0Q38hRrFcsVIk1sFo5ejuvFxt2wx6APcFIQtHSNezEDO0GVUScDU1N1YEMMv1PU3M/SrcezkXrGl/efF3kWtY9L5xm7sojHMCCqsI38r8ogof67F7JdWRXM6Nl3VzkdCBzWGcyAl+cYfjzgOiBGXyAyYBk8qqzJjKwUOtdjfRvCyowA/0xBwMW1T7PQ== diff --git a/systemvm/scripts/_run.sh b/systemvm/scripts/_run.sh index 6d77002b8c47..96cc88bb17c5 100755 --- a/systemvm/scripts/_run.sh +++ b/systemvm/scripts/_run.sh @@ -16,24 +16,16 @@ # specific language governing permissions and limitations # under the License. +# run.sh runs the cloud service +#set -x +# make sure we delete the old files from the original template +rm -f console-proxy.jar +rm -f console-common.jar +rm -f conf/cloud.properties - +CP="./:./conf:$(ls *.jar | tr '\n' ':' | sed s'/.$//')" -#run.sh runs the console proxy. - -# make sure we delete the old files from the original template -rm console-proxy.jar -rm console-common.jar -rm conf/cloud.properties - -set -x - -CP=./:./conf -for file in *.jar -do - CP=${CP}:$file -done keyvalues= LOGHOME=/var/log/cloud/ @@ -50,7 +42,7 @@ for i in $CMDLINE keyvalues="${keyvalues} $KEY=$VALUE" esac done - + tot_mem_k=$(cat /proc/meminfo | grep MemTotal | awk '{print $2}') let "tot_mem_m=tot_mem_k>>10" let "eightypcnt=$tot_mem_m*8/10" diff --git a/systemvm/scripts/config_ssl.sh b/systemvm/scripts/config_ssl.sh index 86358871c9c3..931c1a5120a1 100755 --- a/systemvm/scripts/config_ssl.sh +++ b/systemvm/scripts/config_ssl.sh @@ -49,7 +49,6 @@ config_apache2_conf() { sed -i -e "s///" /etc/apache2/sites-available/default-ssl sed -i -e "s/Listen .*:80/Listen $ip:80/g" /etc/apache2/ports.conf sed -i -e "s/Listen .*:443/Listen $ip:443/g" /etc/apache2/ports.conf - sed -i -e "s/NameVirtualHost .*:80/NameVirtualHost $ip:80/g" /etc/apache2/ports.conf sed -i 's/ssl-cert-snakeoil.key/cert_apache.key/' /etc/apache2/sites-available/default-ssl sed -i 's/ssl-cert-snakeoil.pem/cert_apache.crt/' /etc/apache2/sites-available/default-ssl sed -i 's/SSLProtocol.*$/SSLProtocol all -SSLv2 -SSLv3/' /etc/apache2/sites-available/default-ssl diff --git a/systemvm/scripts/run.sh b/systemvm/scripts/run.sh index 1e12f12e5f16..7923a34931f2 100755 --- a/systemvm/scripts/run.sh +++ b/systemvm/scripts/run.sh @@ -16,10 +16,6 @@ # specific language governing permissions and limitations # under the License. - - - - #_run.sh runs the agent client. # set -x diff --git a/systemvm/systemvm-descriptor.xml b/systemvm/systemvm-descriptor.xml index eec916e86fc1..ce5ae4b6d208 100644 --- a/systemvm/systemvm-descriptor.xml +++ b/systemvm/systemvm-descriptor.xml @@ -58,8 +58,8 @@ 555 log4j-cloud.xml - consoleproxy.properties - agent.properties + consoleproxy.properties + agent.properties @@ -69,7 +69,7 @@ 555 *.jpg - *.gif + *.gif *.png *.cur diff --git a/test/integration/component/test_browse_templates.py b/test/integration/component/test_browse_templates.py index 445fae8c1d71..0875d015c9b5 100644 --- a/test/integration/component/test_browse_templates.py +++ b/test/integration/component/test_browse_templates.py @@ -856,7 +856,7 @@ def ssvm_internals(self): self.apiclient.connection.user, self.apiclient.connection.passwd, ssvm.privateip, - "service cloud status", + "systemctl is-active cloud", hypervisor=self.hypervisor ) else: @@ -868,7 +868,7 @@ def ssvm_internals(self): host.user, host.passwd, ssvm.linklocalip, - "service cloud status" + "systemctl is-active cloud" ) except KeyError: self.skipTest("Marvin configuration has no host credentials to check router services") @@ -876,7 +876,7 @@ def ssvm_internals(self): self.debug("Cloud Process status: %s" % res) # Apache CloudStack service (type=secstorage) is running: process id: 2346 self.assertEqual( - res.count("is running"), + res.count("active"), 1, "Check cloud service is running or not" ) diff --git a/test/integration/component/test_browse_volumes.py b/test/integration/component/test_browse_volumes.py index 390d0ab93f88..08a41b4588a0 100644 --- a/test/integration/component/test_browse_volumes.py +++ b/test/integration/component/test_browse_volumes.py @@ -1288,7 +1288,7 @@ def ssvm_internals(self): self.apiclient.connection.user, self.apiclient.connection.passwd, ssvm.privateip, - "service cloud status", + "systemctl is-active cloud", hypervisor=self.hypervisor ) else: @@ -1300,7 +1300,7 @@ def ssvm_internals(self): host.user, host.passwd, ssvm.linklocalip, - "service cloud status" + "systemctl is-active cloud" ) except KeyError: self.skipTest("Marvin configuration has no host credentials to check router services") @@ -1308,7 +1308,7 @@ def ssvm_internals(self): self.debug("Cloud Process status: %s" % res) # Apache CloudStack service (type=secstorage) is running: process id: 2346 self.assertEqual( - res.count("is running"), + res.count("active"), 1, "Check cloud service is running or not" ) diff --git a/test/integration/component/test_security_groups.py b/test/integration/component/test_security_groups.py index b3620be239d6..f95bd74220b6 100755 --- a/test/integration/component/test_security_groups.py +++ b/test/integration/component/test_security_groups.py @@ -767,13 +767,13 @@ def test_01_dhcpOnlyRouter(self): self.testdata['configurableData']['host']["username"], self.testdata['configurableData']['host']["password"], router.linklocalip, - "service dnsmasq status" + "systemctl is-active dnsmasq" ) res = str(result) self.debug("Dnsmasq process status: %s" % res) self.assertEqual( - res.count("running"), + res.count("active"), 1, "Check dnsmasq service is running or not" ) diff --git a/test/integration/smoke/test_list_ids_parameter.py b/test/integration/smoke/test_list_ids_parameter.py index f679aedf3798..cc45ce396b3b 100755 --- a/test/integration/smoke/test_list_ids_parameter.py +++ b/test/integration/smoke/test_list_ids_parameter.py @@ -105,20 +105,20 @@ def setUpClass(cls): mode=cls.services["mode"] ) - #Take 3 VM1 Snapshots - #PLEASE UNCOMMENT ONCE VM SNAPSHOT DELAY BUG AFTER VM CREATION IS FIXED - """cls.vmsnapshot_1 = VmSnapshot.create( - cls.apiclient, - cls.virtual_machine_1.id - ) - cls.vmsnapshot_2 = VmSnapshot.create( - cls.apiclient, - cls.virtual_machine_1.id - ) - cls.vmsnapshot_3 = VmSnapshot.create( - cls.apiclient, - cls.virtual_machine_1.id - )""" +# Take 3 VM1 Snapshots +# PLEASE UNCOMMENT ONCE VM SNAPSHOT DELAY BUG AFTER VM CREATION IS FIXED +# cls.vmsnapshot_1 = VmSnapshot.create( +# cls.apiclient, +# cls.virtual_machine_1.id +# ) +# cls.vmsnapshot_2 = VmSnapshot.create( +# cls.apiclient, +# cls.virtual_machine_1.id +# ) +# cls.vmsnapshot_3 = VmSnapshot.create( +# cls.apiclient, +# cls.virtual_machine_1.id +# ) #Stop VMs cls.virtual_machine_1.stop(cls.apiclient) @@ -229,7 +229,7 @@ def test_01_list_volumes(self): 3, "ListVolumes response expected 3 Volumes, received %s" % len(list_volume_response) ) - + @attr(tags = ["advanced", "advancedns", "smoke", "basic"], required_hardware="false") def test_02_list_templates(self): """Test listing Templates using 'ids' parameter @@ -273,23 +273,23 @@ def test_03_list_snapshots(self): "ListSnapshots response expected 3 Snapshots, received %s" % len(list_snapshot_response) ) - #PLEASE UNCOMMENT ONCE VM SNAPSHOT DELAY BUG AFTER VM CREATION IS FIXED - #@attr(tags = ["advanced", "advancedns", "smoke", "basic"], required_hardware="false") - #def test_04_list_vm_snapshots(self): - """Test listing VMSnapshots using 'vmsnapshotids' parameter - """ - """list_vm_snapshot_response = VmSnapshot.list( - self.apiclient, - vmsnapshotids=[self.vmsnapshot_1.id, self.vmsnapshot_2.id, self.vmsnapshot_3.id], - listall=True - ) - self.assertEqual( - isinstance(list_vm_snapshot_response, list), - True, - "ListVMSnapshots response was not a valid list" - ) - self.assertEqual( - len(list_vm_snapshot_response), - 3, - "ListVMSnapshots response expected 3 VMSnapshots, received %s" % len(list_vm_snapshot_response) - )""" +# PLEASE UNCOMMENT ONCE VM SNAPSHOT DELAY BUG AFTER VM CREATION IS FIXED +# @attr(tags = ["advanced", "advancedns", "smoke", "basic"], required_hardware="false") +# def test_04_list_vm_snapshots(self): +# """Test listing VMSnapshots using 'vmsnapshotids' parameter +# """ +# list_vm_snapshot_response = VmSnapshot.list( +# self.apiclient, +# vmsnapshotids=[self.vmsnapshot_1.id, self.vmsnapshot_2.id, self.vmsnapshot_3.id], +# listall=True +# ) +# self.assertEqual( +# isinstance(list_vm_snapshot_response, list), +# True, +# "ListVMSnapshots response was not a valid list" +# ) +# self.assertEqual( +# len(list_vm_snapshot_response), +# 3, +# "ListVMSnapshots response expected 3 VMSnapshots, received %s" % len(list_vm_snapshot_response) +# ) diff --git a/test/integration/smoke/test_loadbalance.py b/test/integration/smoke/test_loadbalance.py index 7ca5cf870a59..8e958a9b58bd 100644 --- a/test/integration/smoke/test_loadbalance.py +++ b/test/integration/smoke/test_loadbalance.py @@ -120,29 +120,30 @@ def tearDownClass(cls): cleanup_resources(cls.apiclient, cls._cleanup) return - def try_ssh(self, ip_addr, unameCmd): + def try_ssh(self, ip_addr, unameCmd, firstAttempt=False): try: self.debug( "SSH into VM (IPaddress: %s) & NAT Rule (Public IP: %s)" % (self.vm_1.ipaddress, ip_addr) ) - # If Round Robin Algorithm is chosen, + retries = 3 + if firstAttempt: + retries = 30 + # If Round Robin Algorithm is chosen, # each ssh command should alternate between VMs - ssh_1 = SshClient( ip_addr, self.services['lbrule']["publicport"], self.vm_1.username, self.vm_1.password, - retries=10 + retries=retries ) unameCmd.append(ssh_1.execute("uname")[0]) self.debug(unameCmd) except Exception as e: self.fail("%s: SSH failed for VM with IP Address: %s" % (e, ip_addr)) - time.sleep(10) - return + time.sleep(5) @attr(tags = ["advanced", "advancedns", "smoke"], required_hardware="true") def test_01_create_lb_rule_src_nat(self): @@ -256,7 +257,7 @@ def test_01_create_lb_rule_src_nat(self): unameResults = [] - self.try_ssh(src_nat_ip_addr.ipaddress, unameResults) + self.try_ssh(src_nat_ip_addr.ipaddress, unameResults, True) self.try_ssh(src_nat_ip_addr.ipaddress, unameResults) self.try_ssh(src_nat_ip_addr.ipaddress, unameResults) self.try_ssh(src_nat_ip_addr.ipaddress, unameResults) diff --git a/test/integration/smoke/test_router_dns.py b/test/integration/smoke/test_router_dns.py index ef772243340c..9b4ca7ea7568 100644 --- a/test/integration/smoke/test_router_dns.py +++ b/test/integration/smoke/test_router_dns.py @@ -256,7 +256,7 @@ def test_router_dns_guestipquery(self): result = None try: self.logger.debug("SSH into guest VM with IP: %s" % nat_rule1.ipaddress) - ssh = self.vm.get_ssh_client(ipaddress=nat_rule1.ipaddress, port=self.services['natrule1']["publicport"], retries=8) + ssh = self.vm.get_ssh_client(ipaddress=nat_rule1.ipaddress, port=self.services['natrule1']["publicport"], retries=15) result = str(ssh.execute("nslookup google.com")) except Exception as e: self.fail("Failed to SSH into VM - %s due to exception: %s" % (nat_rule1.ipaddress, e)) diff --git a/test/integration/smoke/test_router_dnsservice.py b/test/integration/smoke/test_router_dnsservice.py index 436d9e4382e1..ffadec7b409a 100644 --- a/test/integration/smoke/test_router_dnsservice.py +++ b/test/integration/smoke/test_router_dnsservice.py @@ -92,8 +92,8 @@ def setUpClass(cls): zoneid=cls.zone.id) cls.logger.debug("Creating guest VM for Account %s using offering %s" % (cls.account.name, cls.service_offering.id)) - cls.services["virtual_machine"]["displayname"] = VM1_NAME; - cls.services["virtual_machine"]["name"] = VM1_NAME; + cls.services["virtual_machine"]["displayname"] = VM1_NAME + cls.services["virtual_machine"]["name"] = VM1_NAME cls.vm1 = VirtualMachine.create(cls.api_client, cls.services["virtual_machine"], templateid=cls.template.id, @@ -102,10 +102,10 @@ def setUpClass(cls): serviceofferingid=cls.service_offering.id, networkids=[str(cls.network.id)]) cls.vm1.password = "password" - cls.logger.debug("Created VM named %s" % VM1_NAME); - - cls.services["virtual_machine"]["displayname"] = VM2_NAME; - cls.services["virtual_machine"]["name"] = VM2_NAME; + cls.logger.debug("Created VM named %s" % VM1_NAME) + + cls.services["virtual_machine"]["displayname"] = VM2_NAME + cls.services["virtual_machine"]["name"] = VM2_NAME cls.vm2 = VirtualMachine.create(cls.api_client, cls.services["virtual_machine"], templateid=cls.template.id, @@ -114,7 +114,7 @@ def setUpClass(cls): serviceofferingid=cls.service_offering.id, networkids=[str(cls.network.id)]) cls.vm2.password = "password" - cls.logger.debug("Created VM named %s" % VM2_NAME); + cls.logger.debug("Created VM named %s" % VM2_NAME) cls.services["natrule1"] = { "privateport": 22, @@ -256,7 +256,7 @@ def test_router_dns_guestipquery(self): result1 = None try: self.logger.debug("SSH into guest VM with IP: %s" % nat_rule1.ipaddress) - ssh = self.vm1.get_ssh_client(ipaddress=nat_rule1.ipaddress, port=self.services['natrule1']["publicport"], retries=8) + ssh = self.vm1.get_ssh_client(ipaddress=nat_rule1.ipaddress, port=self.services['natrule1']["publicport"], retries=15) result1 = str(ssh.execute("nslookup %s" % VM1_NAME)) self.logger.debug("nslookup %s: %s " % (VM1_NAME, result1)) result2 = str(ssh.execute("nslookup %s" % VM2_NAME)) diff --git a/test/integration/smoke/test_routers.py b/test/integration/smoke/test_routers.py index c6aa4960db3f..070841ed8f0f 100644 --- a/test/integration/smoke/test_routers.py +++ b/test/integration/smoke/test_routers.py @@ -171,7 +171,7 @@ def test_01_router_internal_basic(self): self.apiclient.connection.user, self.apiclient.connection.passwd, router.linklocalip, - "service dnsmasq status", + "systemctl is-active dnsmasq", hypervisor=self.hypervisor ) else: @@ -184,7 +184,7 @@ def test_01_router_internal_basic(self): host.user, host.passwd, router.linklocalip, - "service dnsmasq status" + "systemctl is-active dnsmasq" ) except KeyError: @@ -195,7 +195,7 @@ def test_01_router_internal_basic(self): self.debug("Dnsmasq process status: %s" % res) self.assertEqual( - res.count("running"), + res.count("active"), 1, "Check dnsmasq service is running or not" ) @@ -251,7 +251,7 @@ def test_02_router_internal_adv(self): self.apiclient.connection.user, self.apiclient.connection.passwd, router.linklocalip, - "service dnsmasq status", + "systemctl is-active dnsmasq", hypervisor=self.hypervisor ) else: @@ -264,7 +264,7 @@ def test_02_router_internal_adv(self): host.user, host.passwd, router.linklocalip, - "service dnsmasq status" + "systemctl is-active dnsmasq" ) except KeyError: self.skipTest( @@ -273,7 +273,7 @@ def test_02_router_internal_adv(self): res = str(result) self.debug("Dnsmasq process status: %s" % res) self.assertEqual( - res.count("running"), + res.count("active"), 1, "Check dnsmasq service is running or not" ) @@ -285,7 +285,7 @@ def test_02_router_internal_adv(self): self.apiclient.connection.user, self.apiclient.connection.passwd, router.linklocalip, - "service haproxy status", + "systemctl is-active haproxy", hypervisor=self.hypervisor ) else: @@ -298,7 +298,7 @@ def test_02_router_internal_adv(self): host.user, host.passwd, router.linklocalip, - "service haproxy status" + "systemctl is-active haproxy" ) except KeyError: self.skipTest( @@ -306,7 +306,7 @@ def test_02_router_internal_adv(self): to check router services") res = str(result) self.assertEqual( - res.count("running"), + res.count("active"), 1, "Check haproxy service is running or not" ) diff --git a/test/integration/smoke/test_ssvm.py b/test/integration/smoke/test_ssvm.py index 616f8b38d24d..41db1abf31b1 100644 --- a/test/integration/smoke/test_ssvm.py +++ b/test/integration/smoke/test_ssvm.py @@ -44,7 +44,7 @@ class TestSSVMs(cloudstackTestCase): def setUp(self): - test_case = super(TestSSVMs, self) + test_case = super(TestSSVMs, self) self.apiclient = self.testClient.getApiClient() self.hypervisor = self.testClient.getHypervisorInfo() self.cleanup = [] @@ -57,40 +57,52 @@ def setUp(self): self.logger.setLevel(logging.DEBUG) self.logger.addHandler(self.stream_handler) - # Default sleep is set to 90 seconds, which is too long if the SSVM takes up to 2min to start. - # Second sleep in the loop will waste test time. - self.services["sleep"] = 30 - # Default value is 120 seconds. That's just too much. - self.services["configurableData"]["systemVmDelay"] = 60 - - return - def tearDown(self): try: - # Clean up, terminate the created templates cleanup_resources(self.apiclient, self.cleanup) - except Exception as e: raise Exception("Warning: Exception during cleanup : %s" % e) - return def waitForSystemVMAgent(self, vmname): - timeout = 120 - - while True: + def checkRunningAgent(): list_host_response = list_hosts( self.apiclient, name=vmname ) + if isinstance(list_host_response, list): + return list_host_response[0].state == 'Up', None + return False, None - if list_host_response and list_host_response[0].state == 'Up': - break + res, _ = wait_until(3, self.services["sleep"], checkRunningAgent) + if not res: + raise Exception("Failed to wait for SSVM agent to be Up") + + def checkForRunningSystemVM(self, ssvm, ssvm_type=None): + if not ssvm: + return None + + def checkRunningState(): + if not ssvm_type: + response = list_ssvms( + self.apiclient, + id=ssvm.id + ) + else: + response = list_ssvms( + self.apiclient, + zoneid=self.zone.id, + systemvmtype=ssvm_type + ) - if timeout == 0: - raise Exception("Timed out waiting for SSVM agent to be Up") + if isinstance(response, list): + ssvm_response = response[0] + return ssvm_response.state == 'Running', ssvm_response + return False, None - time.sleep(1) - timeout = timeout - 1 + res, ssvm_response = wait_until(3, self.services["sleep"], checkRunningState) + if not res: + self.fail("Failed to reach systemvm state to Running") + return ssvm_response @attr( tags=[ @@ -228,7 +240,6 @@ def test_01_list_sec_storage_vm(self): zone_response[0].dns2, "Check DNS2 with that of corresponding zone" ) - return @attr( tags=[ @@ -360,7 +371,6 @@ def test_02_list_cpvm_vm(self): zone_response[0].dns2, "Check DNS2 with that of corresponding zone" ) - return @attr( tags=[ @@ -459,7 +469,7 @@ def test_03_ssvm_internals(self): self.apiclient.connection.user, self.apiclient.connection.passwd, ssvm.privateip, - "service cloud status", + "systemctl is-active cloud", hypervisor=self.hypervisor ) else: @@ -472,7 +482,7 @@ def test_03_ssvm_internals(self): host.user, host.passwd, ssvm.linklocalip, - "service cloud status" + "systemctl is-active cloud" ) except KeyError: self.skipTest( @@ -482,11 +492,11 @@ def test_03_ssvm_internals(self): self.debug("Cloud Process status: %s" % res) # Apache CloudStack service (type=secstorage) is running: process id: 2346 self.assertEqual( - res.count("is running"), + res.count("active"), 1, "Check cloud service is running or not" ) - + linklocal_ip = None # Check status of cloud service if self.hypervisor.lower() in ('vmware', 'hyperv'): @@ -526,8 +536,6 @@ def test_03_ssvm_internals(self): res, "The cached Link Local should be the same as the current Link Local IP, but they are different! Current ==> %s; Cached ==> %s " % (linklocal_ip, res) ) - - return @attr( tags=[ @@ -595,7 +603,7 @@ def test_04_cpvm_internals(self): self.apiclient.connection.user, self.apiclient.connection.passwd, cpvm.privateip, - "service cloud status", + "systemctl is-active cloud", hypervisor=self.hypervisor ) else: @@ -608,7 +616,7 @@ def test_04_cpvm_internals(self): host.user, host.passwd, cpvm.linklocalip, - "service cloud status" + "systemctl is-active cloud" ) except KeyError: self.skipTest( @@ -617,7 +625,7 @@ def test_04_cpvm_internals(self): res = str(result) self.debug("Cloud Process status: %s" % res) self.assertEqual( - res.count("is running"), + res.count("active"), 1, "Check cloud service is running or not" ) @@ -662,8 +670,6 @@ def test_04_cpvm_internals(self): "The cached Link Local should be the same as the current Link Local IP, but they are different! Current ==> %s; Cached ==> %s " % (linklocal_ip, res) ) - return - @attr( tags=[ "advanced", @@ -711,45 +717,21 @@ def test_05_stop_ssvm(self): cmd.id = ssvm.id self.apiclient.stopSystemVm(cmd) - timeout = self.services["timeout"] - while True: - list_ssvm_response = list_ssvms( - self.apiclient, - id=ssvm.id - ) - if isinstance(list_ssvm_response, list): - if list_ssvm_response[0].state == 'Running': - break - if timeout == 0: - raise Exception("List SSVM call failed!") - - time.sleep(self.services["sleep"]) - timeout = timeout - 1 - - self.assertEqual( - isinstance(list_ssvm_response, list), - True, - "Check list response returns a valid list" - ) - ssvm_response = list_ssvm_response[0] + ssvm_response = self.checkForRunningSystemVM(ssvm) self.debug("SSVM state after debug: %s" % ssvm_response.state) self.assertEqual( ssvm_response.state, 'Running', "Check whether SSVM is running or not" ) + # Wait for the agent to be up self.waitForSystemVMAgent(ssvm_response.name) # Call above tests to ensure SSVM is properly running self.test_01_list_sec_storage_vm() - # Wait for some time before running diagnostic scripts on SSVM - # as it may take some time to start all service properly - time.sleep(int(self.services["configurableData"]["systemVmDelay"])) - self.test_03_ssvm_internals() - return @attr( tags=[ @@ -798,23 +780,7 @@ def test_06_stop_cpvm(self): cmd.id = cpvm.id self.apiclient.stopSystemVm(cmd) - timeout = 120 - while True: - list_cpvm_response = list_ssvms( - self.apiclient, - id=cpvm.id - ) - if isinstance(list_cpvm_response, list): - if list_cpvm_response[0].state == 'Running': - break - if timeout == 0: - raise Exception("List CPVM call failed!") - - time.sleep(1) - timeout = timeout - 1 - - cpvm_response = list_cpvm_response[0] - + cpvm_response = self.checkForRunningSystemVM(cpvm) self.debug("CPVM state after debug: %s" % cpvm_response.state) self.assertEqual( @@ -829,12 +795,7 @@ def test_06_stop_cpvm(self): # Call above tests to ensure CPVM is properly running self.test_02_list_cpvm_vm() - # Wait for some time before running diagnostic scripts on SSVM - # as it may take some time to start all service properly - time.sleep(int(self.services["configurableData"]["systemVmDelay"])) - self.test_04_cpvm_internals() - return @attr( tags=[ @@ -887,22 +848,7 @@ def test_07_reboot_ssvm(self): cmd.id = ssvm_response.id self.apiclient.rebootSystemVm(cmd) - timeout = self.services["timeout"] - while True: - list_ssvm_response = list_ssvms( - self.apiclient, - id=ssvm_response.id - ) - if isinstance(list_ssvm_response, list): - if list_ssvm_response[0].state == 'Running': - break - if timeout == 0: - raise Exception("List SSVM call failed!") - - time.sleep(self.services["sleep"]) - timeout = timeout - 1 - - ssvm_response = list_ssvm_response[0] + ssvm_response = self.checkForRunningSystemVM(ssvm_response) self.debug("SSVM State: %s" % ssvm_response.state) self.assertEqual( 'Running', @@ -921,13 +867,8 @@ def test_07_reboot_ssvm(self): # Wait for the agent to be up self.waitForSystemVMAgent(ssvm_response.name) - # Wait for some time before running diagnostic scripts on SSVM - # as it may take some time to start all service properly - time.sleep(int(self.services["configurableData"]["systemVmDelay"])) - # Call to verify cloud process is running self.test_03_ssvm_internals() - return @attr( tags=[ @@ -979,23 +920,7 @@ def test_08_reboot_cpvm(self): cmd.id = cpvm_response.id self.apiclient.rebootSystemVm(cmd) - timeout = self.services["timeout"] - while True: - list_cpvm_response = list_ssvms( - self.apiclient, - id=cpvm_response.id - ) - if isinstance(list_cpvm_response, list): - if list_cpvm_response[0].state == 'Running': - break - if timeout == 0: - raise Exception("List CPVM call failed!") - - time.sleep(self.services["sleep"]) - timeout = timeout - 1 - - cpvm_response = list_cpvm_response[0] - + cpvm_response = self.checkForRunningSystemVM(cpvm_response) self.debug("CPVM state: %s" % cpvm_response.state) self.assertEqual( 'Running', @@ -1010,17 +935,12 @@ def test_08_reboot_cpvm(self): ) # Private IP Address of System VMs are allowed to change after reboot - CLOUDSTACK-7745 - + # Wait for the agent to be up self.waitForSystemVMAgent(cpvm_response.name) - # Wait for some time before running diagnostic scripts on SSVM - # as it may take some time to start all service properly - time.sleep(int(self.services["configurableData"]["systemVmDelay"])) - # Call to verify cloud process is running self.test_04_cpvm_internals() - return @attr( tags=[ @@ -1061,23 +981,7 @@ def test_09_destroy_ssvm(self): cmd.id = ssvm_response.id self.apiclient.destroySystemVm(cmd) - timeout = self.services["timeout"] - while True: - list_ssvm_response = list_ssvms( - self.apiclient, - zoneid=self.zone.id, - systemvmtype='secondarystoragevm' - ) - if isinstance(list_ssvm_response, list): - if list_ssvm_response[0].state == 'Running': - break - if timeout == 0: - raise Exception("List SSVM call failed!") - - time.sleep(self.services["sleep"]) - timeout = timeout - 1 - - ssvm_response = list_ssvm_response[0] + ssvm_response = self.checkForRunningSystemVM(ssvm_response, 'secondarystoragevm') # Verify Name, Public IP, Private IP and Link local IP # for newly created SSVM @@ -1107,13 +1011,8 @@ def test_09_destroy_ssvm(self): # Wait for the agent to be up self.waitForSystemVMAgent(ssvm_response.name) - # Wait for some time before running diagnostic scripts on SSVM - # as it may take some time to start all service properly - time.sleep(int(self.services["configurableData"]["systemVmDelay"])) - # Call to verify cloud process is running self.test_03_ssvm_internals() - return @attr( tags=[ @@ -1153,23 +1052,7 @@ def test_10_destroy_cpvm(self): cmd.id = cpvm_response.id self.apiclient.destroySystemVm(cmd) - timeout = self.services["timeout"] - while True: - list_cpvm_response = list_ssvms( - self.apiclient, - systemvmtype='consoleproxy', - zoneid=self.zone.id - ) - if isinstance(list_cpvm_response, list): - if list_cpvm_response[0].state == 'Running': - break - if timeout == 0: - raise Exception("List CPVM call failed!") - - time.sleep(self.services["sleep"]) - timeout = timeout - 1 - - cpvm_response = list_cpvm_response[0] + cpvm_response = self.checkForRunningSystemVM(cpvm_response, 'consoleproxy') # Verify Name, Public IP, Private IP and Link local IP # for newly created CPVM @@ -1199,13 +1082,8 @@ def test_10_destroy_cpvm(self): # Wait for the agent to be up self.waitForSystemVMAgent(cpvm_response.name) - # Wait for some time before running diagnostic scripts on SSVM - # as it may take some time to start all service properly - time.sleep(int(self.services["configurableData"]["systemVmDelay"])) - # Call to verify cloud process is running self.test_04_cpvm_internals() - return @attr( tags=[ @@ -1300,22 +1178,7 @@ def test_11_ss_nfs_version_on_ssvm(self): cmd.id = ssvm.id self.apiclient.stopSystemVm(cmd) - def checkForRunningSSVM(): - new_list_ssvm_response = list_ssvms( - self.apiclient, - id=ssvm.id - ) - if isinstance(new_list_ssvm_response, list): - return new_list_ssvm_response[0].state == 'Running', None - - res, _ = wait_until(self.services["sleep"], self.services["timeout"], checkForRunningSSVM) - if not res: - self.fail("List SSVM call failed!") - - new_list_ssvm_response = list_ssvms( - self.apiclient, - id=ssvm.id - ) + new_list_ssvm_response = self.checkForRunningSystemVM(ssvm) self.assertNotEqual( new_list_ssvm_response, @@ -1363,5 +1226,3 @@ def checkForRunningSSVM(): int(nfs_version), "Check mounted NFS version to be the same as provided" ) - - return diff --git a/tools/appliance/definitions/systemvmtemplate/authorized_keys.sh b/tools/appliance/definitions/systemvmtemplate/authorized_keys.sh index d18572310747..721e04d882fd 100644 --- a/tools/appliance/definitions/systemvmtemplate/authorized_keys.sh +++ b/tools/appliance/definitions/systemvmtemplate/authorized_keys.sh @@ -16,15 +16,10 @@ # specific language governing permissions and limitations # under the License. -# override this file during build to inject /root/.ssh/authorized_keys - set -e set -x -# the key that we have in ../patches/debian/config/root/.ssh/authorized_keys for some reason -key='ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvFu3MLSPphFRBR1yM7nBukXWS9gPdAXfqq9cfC8ZqQN9ybi531aj44CybZ4BVT4kLfzbAs7+7nJeSIpPHxjv9XFqbxjIxoFeGYkj7s0RrJgtsEmvAAubZ3mYboUAYUivMgnJFLnv4VqyAbpjix6CfECUiU4ygwo24F3F6bAmhl4Vo1R5TSUdDIX876YePJTFtuVkLl4lu/+xw1QRWrgaSFosGICT37IKY7RjE79Ozb0GjNHyJPPgVAGkUVO4LawroL9dYOBlzdHpmqqA9Kc44oQBpvcU7s1+ezRTt7fZNnP7TG9ninZtrvnP4qmwAc4iUJ7N1bwh0mCblnoTfZ28hw== anthony@mobl-ant' mkdir -p /root/.ssh chmod 644 /root/.ssh -#touch /root/.ssh/authorized_keys -echo ${key} > /root/.ssh/authorized_keys +touch /root/.ssh/authorized_keys chmod 600 /root/.ssh/authorized_keys diff --git a/tools/appliance/definitions/systemvmtemplate/cleanup.sh b/tools/appliance/definitions/systemvmtemplate/cleanup.sh index 67d6c236ebf1..444cc948f170 100644 --- a/tools/appliance/definitions/systemvmtemplate/cleanup.sh +++ b/tools/appliance/definitions/systemvmtemplate/cleanup.sh @@ -20,7 +20,7 @@ set -e set -x function cleanup_apt() { - apt-get -y remove dictionaries-common busybox + apt-get -y remove dictionaries-common busybox isc-dhcp-client isc-dhcp-common apt-get -y autoremove apt-get autoclean apt-get clean @@ -39,10 +39,21 @@ function cleanup_dev() { rm -f /lib/udev/rules.d/75-persistent-net-generator.rules } +function cleanup_misc() { + rm -fr /home/cloud/cloud_scripts* + rm -f /root/.rnd + rm -f /var/www/html/index.html + rm -f /var/log/*.log + rm -f /var/log/apache2/* + rm -f /var/log/messages + rm -f /var/log/syslog +} + function cleanup() { cleanup_apt cleanup_dhcp cleanup_dev + cleanup_misc } return 2>/dev/null || cleanup diff --git a/tools/appliance/definitions/systemvmtemplate/configure_conntrack.sh b/tools/appliance/definitions/systemvmtemplate/configure_conntrack.sh index c898afc4778d..7202717d73b5 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_conntrack.sh +++ b/tools/appliance/definitions/systemvmtemplate/configure_conntrack.sh @@ -38,6 +38,9 @@ nf_conntrack_ipv4 nf_conntrack_ipv6 nf_conntrack nf_conntrack_ftp +nf_conntrack_pptp +nf_conntrack_proto_gre +nf_nat_tftp nf_nat_ftp EOF } diff --git a/tools/appliance/definitions/systemvmtemplate/configure_grub.sh b/tools/appliance/definitions/systemvmtemplate/configure_grub.sh index ec40b7c77bbb..eb2692ec53c1 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_grub.sh +++ b/tools/appliance/definitions/systemvmtemplate/configure_grub.sh @@ -19,19 +19,17 @@ set -e set -x -# Remove 5s grub timeout to speed up booting function configure_grub() { - grep GRUB_TIMEOUT=0 /etc/default/grub && return - cat < /etc/default/grub # If you change this file, run 'update-grub' afterwards to update # /boot/grub/grub.cfg. GRUB_DEFAULT=0 GRUB_TIMEOUT=0 -GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian` +GRUB_DISTRIBUTOR=Debian GRUB_CMDLINE_LINUX_DEFAULT="quiet" -GRUB_CMDLINE_LINUX="console=tty1 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 debian-installer=en_US" +GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8 console=hvc0 earlyprintk=xen net.ifnames=0 biosdevname=0 debian-installer=en_US" +GRUB_CMDLINE_XEN="com1=115200 console=com1" GRUB_TERMINAL="console serial" GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1" diff --git a/tools/appliance/definitions/systemvmtemplate/configure_login.sh b/tools/appliance/definitions/systemvmtemplate/configure_login.sh index 1735b810f7ed..d5f80b105fc6 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_login.sh +++ b/tools/appliance/definitions/systemvmtemplate/configure_login.sh @@ -73,6 +73,7 @@ function configure_login() { configure_sudoers configure_user rm -fv /home/cloud/configure_login.sh + sync halt -p } diff --git a/tools/appliance/definitions/systemvmtemplate/configure_networking.sh b/tools/appliance/definitions/systemvmtemplate/configure_networking.sh index 2ebd3a2e764a..ab68cdfe68e9 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_networking.sh +++ b/tools/appliance/definitions/systemvmtemplate/configure_networking.sh @@ -56,7 +56,6 @@ iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet dhcp -pre-up sleep 2 EOF } diff --git a/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh b/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh index 138646563b50..791f2ead9849 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh +++ b/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh @@ -36,14 +36,19 @@ function install_cloud_scripts() { rsync -av ./cloud_scripts/ / chmod +x /opt/cloud/bin/* \ /root/{clearUsageRules.sh,reconfigLB.sh,monitorServices.py} \ - /etc/init.d/{cloud-early-config,cloud-passwd-srvr,postinit} \ + /etc/init.d/{cloud-early-config,cloud-passwd-srvr} \ /etc/profile.d/cloud.sh cat > /etc/systemd/system/cloud-early-config.service << EOF [Unit] -Description=cloud-early-config: configure according to cmdline +Description=cloud-early-config: configures systemvm using cmdline DefaultDependencies=no -After=local-fs.target apparmor.service systemd-sysctl.service systemd-modules-load.service + +Before=network-pre.target +Wants=network-pre.target + +Requires=local-fs.target +After=local-fs.target [Install] WantedBy=multi-user.target @@ -85,30 +90,14 @@ WantedBy=multi-user.target Type=forking ExecStart=/etc/init.d/cloud-passwd-srvr start ExecStop=/etc/init.d/cloud-passwd-srvr stop -RemainAfterExit=true -TimeoutStartSec=5min -EOF - - cat > /etc/systemd/system/postinit.service << EOF -[Unit] -Description=cloud post-init service -After=cloud-early-config.service network.target local-fs.target - -[Install] -WantedBy=multi-user.target - -[Service] -Type=forking -ExecStart=/etc/init.d/postinit start -ExecStop=/etc/init.d/postinit stop -RemainAfterExit=true -TimeoutStartSec=5min +Restart=always +RestartSec=5 EOF systemctl daemon-reload systemctl enable cloud-early-config - systemctl disable cloud-passwd-srvr systemctl disable cloud + systemctl disable cloud-passwd-srvr } function do_signature() { @@ -130,6 +119,9 @@ function configure_services() { mkdir -p /usr/share/cloud mkdir -p /usr/local/cloud + # Fix dnsmasq directory issue + mkdir -p /opt/tftpboot + # Fix haproxy directory issue mkdir -p /var/lib/haproxy @@ -137,21 +129,21 @@ function configure_services() { do_signature systemctl daemon-reload - systemctl disable xl2tpd + systemctl disable apt-daily.service + systemctl disable apt-daily.timer + systemctl disable apt-daily-upgrade.timer # Disable services that slow down boot and are not used anyway - systemctl disable x11-common - systemctl disable console-setup - systemctl disable haproxy systemctl disable apache2 + systemctl disable conntrackd + systemctl disable console-setup systemctl disable dnsmasq - - # Hyperv kvp daemon - 64bit only - local arch=`dpkg --print-architecture` - if [ "${arch}" == "amd64" ]; then - systemctl disable hv_kvp_daemon - fi + systemctl disable haproxy + systemctl disable keepalived systemctl disable radvd + systemctl disable strongswan + systemctl disable x11-common + systemctl disable xl2tpd configure_apache2 configure_strongswan diff --git a/tools/appliance/definitions/systemvmtemplate/definition.rb b/tools/appliance/definitions/systemvmtemplate/definition.rb index cea7bd2082b8..33c8e8bd02ac 100644 --- a/tools/appliance/definitions/systemvmtemplate/definition.rb +++ b/tools/appliance/definitions/systemvmtemplate/definition.rb @@ -27,9 +27,9 @@ architectures = { :amd64 => { :os_type_id => 'Debian_64', - :iso_file => 'debian-9.1.0-amd64-netinst.iso', - :iso_src => 'https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.1.0-amd64-netinst.iso', - :iso_md5 => 'ddd8f6542dae8baf410e90b9ae0fe986' + :iso_file => 'debian-9.2.1-amd64-netinst.iso', + :iso_src => 'https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.2.1-amd64-netinst.iso', + :iso_sha512 => 'ebfe25dc593967e39349b205480b0ec0103ef4a0468c602f4857e13d06d407bfe876162399e0e8d4dea5675953dc37ab585316f307ccf9f4440124b4f719df04' } } diff --git a/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh b/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh index 227f533489e9..2cceb989a258 100644 --- a/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh +++ b/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh @@ -22,7 +22,7 @@ set -x function install_vhd_util() { [[ -f /bin/vhd-util ]] && return - wget --no-check-certificate http://download.cloudstack.org/tools/vhd-util -O /bin/vhd-util + wget --no-check-certificate https://github.com/rhtyd/cloudstack-nonoss/raw/master/vhd-util -O /bin/vhd-util chmod a+x /bin/vhd-util } @@ -52,12 +52,12 @@ function install_packages() { ${apt_get} install links:i386 libuuid1:i386 libc6:i386 fi - ${apt_get} install \ - rsyslog logrotate cron insserv net-tools ifupdown vim netbase iptables \ - openssh-server e2fsprogs isc-dhcp-client tcpdump socat wget \ + ${apt_get} install grub-legacy \ + rsyslog logrotate cron net-tools ifupdown vim tmux netbase iptables \ + openssh-server e2fsprogs tcpdump socat wget \ python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps \ inetutils-ping iputils-arping httping curl \ - dnsutils zip unzip ethtool uuid file iproute acpid virt-what sudo \ + dnsutils zip unzip ethtool uuid file iproute acpid sudo \ sysstat python-netaddr \ apache2 ssl-cert \ dnsmasq dnsmasq-utils \ @@ -65,7 +65,9 @@ function install_packages() { samba-common cifs-utils \ xl2tpd bcrelay ppp ipsec-tools tdb-tools \ xenstore-utils libxenstore3.0 \ - conntrackd ipvsadm libnetfilter-conntrack3 libnl-3-200 libnl-genl-3-200 \ + ipvsadm conntrackd libnetfilter-conntrack3 \ + keepalived irqbalance \ + libnl-3-200 libnl-genl-3-200 \ ipcalc \ openjdk-8-jre-headless \ ipset \ @@ -75,22 +77,19 @@ function install_packages() { haproxy \ radvd \ sharutils \ - keepalived irqbalance open-vm-tools qemu-guest-agent \ - strongswan libcharon-extra-plugins libstrongswan-extra-plugins + strongswan libcharon-extra-plugins libstrongswan-extra-plugins \ + virt-what open-vm-tools qemu-guest-agent hyperv-daemons + + # Install xenserver guest utilities as debian repos don't have it + wget https://mirrors.kernel.org/ubuntu/pool/universe/x/xe-guest-utilities/xe-guest-utilities_7.4.0-0ubuntu1_amd64.deb + dpkg -i xe-guest-utilities_7.4.0-0ubuntu1_amd64.deb + rm -f xe-guest-utilities_7.4.0-0ubuntu1_amd64.deb apt-get autoclean apt-get clean apt-get update apt-get -y upgrade - - if [ "${arch}" == "amd64" ]; then - # Hyperv kvp daemon - 64bit only - # Download the hv kvp daemon - wget http://people.apache.org/~rajeshbattala/hv-kvp-daemon_3.1_amd64.deb - dpkg -i hv-kvp-daemon_3.1_amd64.deb - rm -f hv-kvp-daemon_3.1_amd64.deb - fi } return 2>/dev/null || install_packages diff --git a/tools/appliance/definitions/systemvmtemplate/preseed.cfg b/tools/appliance/definitions/systemvmtemplate/preseed.cfg index 6d56b76df058..99bd6eb04ab8 100644 --- a/tools/appliance/definitions/systemvmtemplate/preseed.cfg +++ b/tools/appliance/definitions/systemvmtemplate/preseed.cfg @@ -57,10 +57,10 @@ d-i partman-auto/method string regular d-i partman-auto/choose_recipe select atomic d-i partman-auto/expert_recipe string \ boot-root :: \ - 80 50 100 ext4 \ + 80 50 100 ext2 \ $primary{ } $bootable{ } \ method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ + use_filesystem{ } filesystem{ ext2 } \ mountpoint{ /boot } \ . \ 1500 40 1600 ext4 \ diff --git a/tools/appliance/definitions/systemvmtemplate/zerodisk.sh b/tools/appliance/definitions/systemvmtemplate/zerodisk.sh index 7adea8a438ba..d002316d658d 100644 --- a/tools/appliance/definitions/systemvmtemplate/zerodisk.sh +++ b/tools/appliance/definitions/systemvmtemplate/zerodisk.sh @@ -39,6 +39,11 @@ function zero_disk() { sync rm -f ${path}/zero done + + for partition in $(blkid -o list | grep ext | awk '{print $1}') + do + tune2fs -m0 $partition + done } return 2>/dev/null || zero_disk diff --git a/utils/src/main/java/com/cloud/utils/ReflectUtil.java b/utils/src/main/java/com/cloud/utils/ReflectUtil.java index c8ae954b7d3b..1d31093e0c86 100644 --- a/utils/src/main/java/com/cloud/utils/ReflectUtil.java +++ b/utils/src/main/java/com/cloud/utils/ReflectUtil.java @@ -29,6 +29,8 @@ import java.lang.annotation.Annotation; import java.lang.reflect.Field; import java.lang.reflect.InvocationTargetException; +import java.net.URL; +import java.net.URLClassLoader; import java.util.ArrayList; import java.util.Collections; import java.util.HashSet; @@ -210,4 +212,23 @@ public static String getEntityName(Class clz){ } } + /** + * Finds and returns class loader based on the provided module/jar name + * @param name + * @return returns ClassLoader + */ + public static ClassLoader getClassLoaderForName(final String name) { + final URL[] urls = ((URLClassLoader) (Thread.currentThread().getContextClassLoader())).getURLs(); + final List searchUrls = new ArrayList<>(); + for (final URL url: urls) { + if (url.toString().contains(name)) { + if (s_logger.isDebugEnabled()) { + s_logger.debug("Search URL: " + url.toString()); + } + searchUrls.add(url); + } + } + return new URLClassLoader(searchUrls.toArray(new URL[searchUrls.size()])); + } + } diff --git a/utils/src/main/java/com/cloud/utils/nio/Link.java b/utils/src/main/java/com/cloud/utils/nio/Link.java index 7848d5330a3c..8f1b811d585d 100644 --- a/utils/src/main/java/com/cloud/utils/nio/Link.java +++ b/utils/src/main/java/com/cloud/utils/nio/Link.java @@ -503,7 +503,7 @@ private static boolean doHandshakeUnwrap(final SocketChannel socketChannel, fina s_logger.error(String.format("SSL error caught during unwrap data: %s, for local address=%s, remote address=%s. The client may have invalid ca-certificates.", sslException.getMessage(), socketChannel.getLocalAddress(), socketChannel.getRemoteAddress())); sslEngine.closeOutbound(); - return true; + return false; } switch (result.getStatus()) { case OK: @@ -545,7 +545,7 @@ private static boolean doHandshakeWrap(final SocketChannel socketChannel, final s_logger.error(String.format("SSL error caught during wrap data: %s, for local address=%s, remote address=%s.", sslException.getMessage(), socketChannel.getLocalAddress(), socketChannel.getRemoteAddress())); sslEngine.closeOutbound(); - return true; + return false; } switch (result.getStatus()) { case OK : From 893f2af31f6513ab9833823446815de0fd97b9ca Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Sat, 2 Dec 2017 15:50:34 +0530 Subject: [PATCH 04/22] CLOUDSTACK-7853: Fix ping timeout edge case and refactor code Refresh InaccurateClock every 10seconds, refactor code to get ping timeout and ping interval. Signed-off-by: Rohit Yadav --- .../cloud/agent/manager/AgentManagerImpl.java | 16 ++++++++-------- .../com/cloud/utils/time/InaccurateClock.java | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/engine/orchestration/src/com/cloud/agent/manager/AgentManagerImpl.java b/engine/orchestration/src/com/cloud/agent/manager/AgentManagerImpl.java index 325f3ec739f9..7815c76a54ea 100644 --- a/engine/orchestration/src/com/cloud/agent/manager/AgentManagerImpl.java +++ b/engine/orchestration/src/com/cloud/agent/manager/AgentManagerImpl.java @@ -213,7 +213,7 @@ public boolean configure(final String name, final Map params) th _nodeId = ManagementServerNode.getManagementServerId(); s_logger.info("Configuring AgentManagerImpl. management server node id(msid): " + _nodeId); - final long lastPing = (System.currentTimeMillis() >> 10) - (long) (PingTimeout.value() * PingInterval.value()); + final long lastPing = (System.currentTimeMillis() >> 10) - getTimeout(); _hostDao.markHostsAsDisconnected(_nodeId, lastPing); registerForHostEvents(new BehindOnPingListener(), true, true, false); @@ -241,8 +241,12 @@ public boolean configure(final String name, final Map params) th return true; } + protected int getPingInterval() { + return PingInterval.value(); + } + protected long getTimeout() { - return (long) (PingTimeout.value() * PingInterval.value()); + return (long) (Math.ceil(PingTimeout.value() * PingInterval.value())); } @Override @@ -358,10 +362,6 @@ public Answer sendTo(final Long dcId, final HypervisorType type, final Command c return null; } - protected int getPingInterval() { - return PingInterval.value(); - } - @Override public Answer send(final Long hostId, final Command cmd) throws AgentUnavailableException, OperationTimedoutException { final Commands cmds = new Commands(Command.OnError.Stop); @@ -623,7 +623,7 @@ public boolean start() { } } - _monitorExecutor.scheduleWithFixedDelay(new MonitorTask(), PingInterval.value(), PingInterval.value(), TimeUnit.SECONDS); + _monitorExecutor.scheduleWithFixedDelay(new MonitorTask(), getPingInterval(), getPingInterval(), TimeUnit.SECONDS); return true; } @@ -1515,7 +1515,7 @@ public boolean handleDirectConnectAgent(final Host host, final StartupCommand[] attache = createAttacheForDirectConnect(host, resource); final StartupAnswer[] answers = new StartupAnswer[cmds.length]; for (int i = 0; i < answers.length; i++) { - answers[i] = new StartupAnswer(cmds[i], attache.getId(), PingInterval.value()); + answers[i] = new StartupAnswer(cmds[i], attache.getId(), getPingInterval()); } attache.process(answers); diff --git a/utils/src/main/java/com/cloud/utils/time/InaccurateClock.java b/utils/src/main/java/com/cloud/utils/time/InaccurateClock.java index 2a228539070d..e03231de1d46 100644 --- a/utils/src/main/java/com/cloud/utils/time/InaccurateClock.java +++ b/utils/src/main/java/com/cloud/utils/time/InaccurateClock.java @@ -63,7 +63,7 @@ public long[] getCurrentTimes() { public synchronized String restart() { turnOff(); s_executor = Executors.newScheduledThreadPool(1, new NamedThreadFactory("InaccurateClock")); - s_executor.scheduleAtFixedRate(new SetTimeTask(), 0, 60, TimeUnit.SECONDS); + s_executor.scheduleAtFixedRate(new SetTimeTask(), 0, 10, TimeUnit.SECONDS); return "Restarted"; } From d0005d83536f1da3778547f81a7ee8289e5bb510 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Thu, 30 Nov 2017 16:51:48 +0530 Subject: [PATCH 05/22] CLOUDSTACK-9348: Improve Nio SSH handshake buffers Use a holder class to pass buffers, fixes potential leak. Signed-off-by: Rohit Yadav --- .../manager/ClusteredAgentManagerImpl.java | 2 +- .../main/java/com/cloud/utils/nio/Link.java | 72 ++++++++++++++----- .../java/com/cloud/utils/nio/NioClient.java | 2 +- .../com/cloud/utils/nio/NioConnection.java | 2 +- 4 files changed, 58 insertions(+), 20 deletions(-) diff --git a/engine/orchestration/src/com/cloud/agent/manager/ClusteredAgentManagerImpl.java b/engine/orchestration/src/com/cloud/agent/manager/ClusteredAgentManagerImpl.java index 2ebfeb5dd678..0b9899eb9e07 100644 --- a/engine/orchestration/src/com/cloud/agent/manager/ClusteredAgentManagerImpl.java +++ b/engine/orchestration/src/com/cloud/agent/manager/ClusteredAgentManagerImpl.java @@ -519,7 +519,7 @@ public SocketChannel connectToPeer(final String peerName, final SocketChannel pr sslEngine.setUseClientMode(true); sslEngine.setEnabledProtocols(SSLUtils.getSupportedProtocols(sslEngine.getEnabledProtocols())); sslEngine.beginHandshake(); - if (!Link.doHandshake(ch1, sslEngine, true)) { + if (!Link.doHandshake(ch1, sslEngine)) { ch1.close(); throw new IOException(String.format("SSL: Handshake failed with peer management server '%s' on %s:%d ", peerName, ip, port)); } diff --git a/utils/src/main/java/com/cloud/utils/nio/Link.java b/utils/src/main/java/com/cloud/utils/nio/Link.java index 8f1b811d585d..35211c8a458f 100644 --- a/utils/src/main/java/com/cloud/utils/nio/Link.java +++ b/utils/src/main/java/com/cloud/utils/nio/Link.java @@ -32,6 +32,8 @@ import java.security.KeyStore; import java.security.SecureRandom; import java.util.concurrent.ConcurrentLinkedQueue; +import java.util.concurrent.Executor; +import java.util.concurrent.Executors; import javax.net.ssl.KeyManagerFactory; import javax.net.ssl.SSLContext; @@ -462,7 +464,7 @@ public static ByteBuffer enlargeBuffer(ByteBuffer buffer, final int sessionPropo return buffer; } - public static ByteBuffer handleBufferUnderflow(final SSLEngine engine, ByteBuffer buffer) { + public static ByteBuffer handleBufferUnderflow(final SSLEngine engine, final ByteBuffer buffer) { if (engine == null || buffer == null) { return buffer; } @@ -475,14 +477,14 @@ public static ByteBuffer handleBufferUnderflow(final SSLEngine engine, ByteBuffe return replaceBuffer; } - private static boolean doHandshakeUnwrap(final SocketChannel socketChannel, final SSLEngine sslEngine, + private static HandshakeHolder doHandshakeUnwrap(final SocketChannel socketChannel, final SSLEngine sslEngine, ByteBuffer peerAppData, ByteBuffer peerNetData, final int appBufferSize) throws IOException { if (socketChannel == null || sslEngine == null || peerAppData == null || peerNetData == null || appBufferSize < 0) { - return false; + return new HandshakeHolder(peerAppData, peerNetData, false); } if (socketChannel.read(peerNetData) < 0) { if (sslEngine.isInboundDone() && sslEngine.isOutboundDone()) { - return false; + return new HandshakeHolder(peerAppData, peerNetData, false); } try { sslEngine.closeInbound(); @@ -492,7 +494,7 @@ private static boolean doHandshakeUnwrap(final SocketChannel socketChannel, fina sslEngine.closeOutbound(); // After closeOutbound the engine will be set to WRAP state, // in order to try to send a close message to the client. - return true; + return new HandshakeHolder(peerAppData, peerNetData, true); } peerNetData.flip(); SSLEngineResult result = null; @@ -503,7 +505,10 @@ private static boolean doHandshakeUnwrap(final SocketChannel socketChannel, fina s_logger.error(String.format("SSL error caught during unwrap data: %s, for local address=%s, remote address=%s. The client may have invalid ca-certificates.", sslException.getMessage(), socketChannel.getLocalAddress(), socketChannel.getRemoteAddress())); sslEngine.closeOutbound(); - return false; + return new HandshakeHolder(peerAppData, peerNetData, true); + } + if (result == null) { + return new HandshakeHolder(peerAppData, peerNetData, false); } switch (result.getStatus()) { case OK: @@ -519,23 +524,23 @@ private static boolean doHandshakeUnwrap(final SocketChannel socketChannel, fina break; case CLOSED: if (sslEngine.isOutboundDone()) { - return false; + return new HandshakeHolder(peerAppData, peerNetData, false); } else { sslEngine.closeOutbound(); - break; } + break; default: throw new IllegalStateException("Invalid SSL status: " + result.getStatus()); } - return true; + return new HandshakeHolder(peerAppData, peerNetData, true); } - private static boolean doHandshakeWrap(final SocketChannel socketChannel, final SSLEngine sslEngine, + private static HandshakeHolder doHandshakeWrap(final SocketChannel socketChannel, final SSLEngine sslEngine, ByteBuffer myAppData, ByteBuffer myNetData, ByteBuffer peerNetData, final int netBufferSize) throws IOException { if (socketChannel == null || sslEngine == null || myNetData == null || peerNetData == null || myAppData == null || netBufferSize < 0) { - return false; + return new HandshakeHolder(myAppData, myNetData, false); } myNetData.clear(); SSLEngineResult result = null; @@ -545,7 +550,10 @@ private static boolean doHandshakeWrap(final SocketChannel socketChannel, final s_logger.error(String.format("SSL error caught during wrap data: %s, for local address=%s, remote address=%s.", sslException.getMessage(), socketChannel.getLocalAddress(), socketChannel.getRemoteAddress())); sslEngine.closeOutbound(); - return false; + return new HandshakeHolder(myAppData, myNetData, true); + } + if (result == null) { + return new HandshakeHolder(myAppData, myNetData, false); } switch (result.getStatus()) { case OK : @@ -579,10 +587,10 @@ private static boolean doHandshakeWrap(final SocketChannel socketChannel, final default: throw new IllegalStateException("Invalid SSL status: " + result.getStatus()); } - return true; + return new HandshakeHolder(myAppData, myNetData, true); } - public static boolean doHandshake(final SocketChannel socketChannel, final SSLEngine sslEngine, final boolean isClient) throws IOException { + public static boolean doHandshake(final SocketChannel socketChannel, final SSLEngine sslEngine) throws IOException { if (socketChannel == null || sslEngine == null) { return false; } @@ -593,6 +601,7 @@ public static boolean doHandshake(final SocketChannel socketChannel, final SSLEn ByteBuffer myNetData = ByteBuffer.allocate(netBufferSize); ByteBuffer peerNetData = ByteBuffer.allocate(netBufferSize); + final Executor executor = Executors.newSingleThreadExecutor(); final long startTimeMills = System.currentTimeMillis(); HandshakeStatus handshakeStatus = sslEngine.getHandshakeStatus(); @@ -606,12 +615,17 @@ public static boolean doHandshake(final SocketChannel socketChannel, final SSLEn } switch (handshakeStatus) { case NEED_UNWRAP: - if (!doHandshakeUnwrap(socketChannel, sslEngine, peerAppData, peerNetData, appBufferSize)) { + final HandshakeHolder unwrapResult = doHandshakeUnwrap(socketChannel, sslEngine, peerAppData, peerNetData, appBufferSize); + peerAppData = unwrapResult.getAppDataBuffer(); + peerNetData = unwrapResult.getNetDataBuffer(); + if (!unwrapResult.isSuccess()) { return false; } break; case NEED_WRAP: - if (!doHandshakeWrap(socketChannel, sslEngine, myAppData, myNetData, peerNetData, netBufferSize)) { + final HandshakeHolder wrapResult = doHandshakeWrap(socketChannel, sslEngine, myAppData, myNetData, peerNetData, netBufferSize); + myNetData = wrapResult.getNetDataBuffer(); + if (!wrapResult.isSuccess()) { return false; } break; @@ -621,7 +635,7 @@ public static boolean doHandshake(final SocketChannel socketChannel, final SSLEn if (s_logger.isTraceEnabled()) { s_logger.trace("SSL: Running delegated task!"); } - task.run(); + executor.execute(task); } break; case FINISHED: @@ -636,4 +650,28 @@ public static boolean doHandshake(final SocketChannel socketChannel, final SSLEn return true; } + private static class HandshakeHolder { + private ByteBuffer appData; + private ByteBuffer netData; + private boolean success = true; + + HandshakeHolder(ByteBuffer appData, ByteBuffer netData, boolean success) { + this.appData = appData; + this.netData = netData; + this.success = success; + } + + ByteBuffer getAppDataBuffer() { + return appData; + } + + ByteBuffer getNetDataBuffer() { + return netData; + } + + boolean isSuccess() { + return success; + } + } + } diff --git a/utils/src/main/java/com/cloud/utils/nio/NioClient.java b/utils/src/main/java/com/cloud/utils/nio/NioClient.java index 1c29b0c1a2d5..d4a1e02e1f86 100644 --- a/utils/src/main/java/com/cloud/utils/nio/NioClient.java +++ b/utils/src/main/java/com/cloud/utils/nio/NioClient.java @@ -61,7 +61,7 @@ protected void init() throws IOException { sslEngine.setUseClientMode(true); sslEngine.setEnabledProtocols(SSLUtils.getSupportedProtocols(sslEngine.getEnabledProtocols())); sslEngine.beginHandshake(); - if (!Link.doHandshake(_clientConnection, sslEngine, true)) { + if (!Link.doHandshake(_clientConnection, sslEngine)) { s_logger.error("SSL Handshake failed while connecting to host: " + _host + " port: " + _port); _selector.close(); throw new IOException("SSL Handshake failed while connecting to host: " + _host + " port: " + _port); diff --git a/utils/src/main/java/com/cloud/utils/nio/NioConnection.java b/utils/src/main/java/com/cloud/utils/nio/NioConnection.java index 30000cf618b6..9a5bf7e41539 100644 --- a/utils/src/main/java/com/cloud/utils/nio/NioConnection.java +++ b/utils/src/main/java/com/cloud/utils/nio/NioConnection.java @@ -213,7 +213,7 @@ public void run() { _selector.wakeup(); try { sslEngine.beginHandshake(); - if (!Link.doHandshake(socketChannel, sslEngine, false)) { + if (!Link.doHandshake(socketChannel, sslEngine)) { throw new IOException("SSL handshake timed out with " + socketChannel.getRemoteAddress()); } if (s_logger.isTraceEnabled()) { From 0102e8593db435d5fa10d116470a37b220a0a257 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Tue, 28 Nov 2017 19:25:09 +0530 Subject: [PATCH 06/22] CLOUDSTACK-10129: UX improvements and event timeline - Fixes timezone issue where dates show up as nvalid in UI - Introduces new event timeline listing/filtering of events - Several UI improvements to add columns in list views - Bulk operations support in instance list view to shutdown and destroy multiple-selected VMs (limitation: after operation, redundant entries may show up in the list view, refreshing VM list view fixes that) - Align table thead/tbody to avoid splitting of tables Signed-off-by: Rohit Yadav --- .../apache/cloudstack/api/ApiConstants.java | 2 + .../api/command/user/event/ListEventsCmd.java | 7 + .../api/response/EventResponse.java | 2 +- .../src/com/cloud/user/UserAccountVO.java | 4 + engine/schema/src/com/cloud/user/UserVO.java | 4 + .../com/cloud/api/query/QueryManagerImpl.java | 10 +- ui/css/cloudstack3.css | 3 +- ui/l10n/en.js | 3 + ui/scripts/events.js | 20 +- ui/scripts/instances.js | 275 +++++++++++------- ui/scripts/metrics.js | 13 +- ui/scripts/network.js | 51 +++- ui/scripts/sharedFunctions.js | 2 +- ui/scripts/storage.js | 30 +- ui/scripts/system.js | 112 +++++-- ui/scripts/templates.js | 27 ++ ui/scripts/ui/widgets/dataTable.js | 13 +- 17 files changed, 412 insertions(+), 166 deletions(-) diff --git a/api/src/org/apache/cloudstack/api/ApiConstants.java b/api/src/org/apache/cloudstack/api/ApiConstants.java index 64cdb23674e8..55e8c285e6b9 100644 --- a/api/src/org/apache/cloudstack/api/ApiConstants.java +++ b/api/src/org/apache/cloudstack/api/ApiConstants.java @@ -205,6 +205,7 @@ public class ApiConstants { public static final String OUTOFBANDMANAGEMENT_POWERSTATE = "outofbandmanagementpowerstate"; public static final String OUTOFBANDMANAGEMENT_ENABLED = "outofbandmanagementenabled"; public static final String PARAMS = "params"; + public static final String PARENT_ID = "parentid"; public static final String PARENT_DOMAIN_ID = "parentdomainid"; public static final String PASSWORD = "password"; public static final String SHOULD_UPDATE_PASSWORD = "update_passwd_on_host"; @@ -274,6 +275,7 @@ public class ApiConstants { public static final String SNAPSHOT_QUIESCEVM = "quiescevm"; public static final String SOURCE_ZONE_ID = "sourcezoneid"; public static final String START_DATE = "startdate"; + public static final String START_ID = "startid"; public static final String START_IP = "startip"; public static final String START_IPV6 = "startipv6"; public static final String START_PORT = "startport"; diff --git a/api/src/org/apache/cloudstack/api/command/user/event/ListEventsCmd.java b/api/src/org/apache/cloudstack/api/command/user/event/ListEventsCmd.java index a4934fa1dd9b..b98c30897a05 100644 --- a/api/src/org/apache/cloudstack/api/command/user/event/ListEventsCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/event/ListEventsCmd.java @@ -65,6 +65,9 @@ public class ListEventsCmd extends BaseListProjectAndAccountResourcesCmd { @Parameter(name = ApiConstants.TYPE, type = CommandType.STRING, description = "the event type (see event types)") private String type; + @Parameter(name = ApiConstants.START_ID, type = CommandType.UUID, entityType = EventResponse.class, description = "the parent/start ID of the event, when provided this will list all the events with the start/parent ID including the parent event") + private Long startId; + ///////////////////////////////////////////////////// /////////////////// Accessors /////////////////////// ///////////////////////////////////////////////////// @@ -97,6 +100,10 @@ public String getType() { return type; } + public Long getStartId() { + return startId; + } + ///////////////////////////////////////////////////// /////////////// API Implementation/////////////////// ///////////////////////////////////////////////////// diff --git a/api/src/org/apache/cloudstack/api/response/EventResponse.java b/api/src/org/apache/cloudstack/api/response/EventResponse.java index 5ce66edcd28c..da15434e6d0f 100644 --- a/api/src/org/apache/cloudstack/api/response/EventResponse.java +++ b/api/src/org/apache/cloudstack/api/response/EventResponse.java @@ -78,7 +78,7 @@ public class EventResponse extends BaseResponse implements ControlledViewEntityR @Param(description = "the state of the event") private Event.State state; - @SerializedName("parentid") + @SerializedName(ApiConstants.PARENT_ID) @Param(description = "whether the event is parented") private String parentId; diff --git a/engine/schema/src/com/cloud/user/UserAccountVO.java b/engine/schema/src/com/cloud/user/UserAccountVO.java index 5ce0eb79d665..2ad2ae07f01b 100644 --- a/engine/schema/src/com/cloud/user/UserAccountVO.java +++ b/engine/schema/src/com/cloud/user/UserAccountVO.java @@ -33,6 +33,7 @@ import com.cloud.utils.db.Encrypt; import com.cloud.utils.db.GenericDao; +import com.google.common.base.Strings; @Entity @Table(name = "user") @@ -257,6 +258,9 @@ public void setAccountState(String accountState) { @Override public String getTimezone() { + if (Strings.isNullOrEmpty(timezone)) { + return "UTC"; + } return timezone; } diff --git a/engine/schema/src/com/cloud/user/UserVO.java b/engine/schema/src/com/cloud/user/UserVO.java index da7811ecc5b6..d6ddb587204d 100644 --- a/engine/schema/src/com/cloud/user/UserVO.java +++ b/engine/schema/src/com/cloud/user/UserVO.java @@ -34,6 +34,7 @@ import com.cloud.user.Account.State; import com.cloud.utils.db.Encrypt; import com.cloud.utils.db.GenericDao; +import com.google.common.base.Strings; /** * A bean representing a user @@ -233,6 +234,9 @@ public void setSecretKey(String secretKey) { @Override public String getTimezone() { + if (Strings.isNullOrEmpty(timezone)) { + return "UTC"; + } return timezone; } diff --git a/server/src/com/cloud/api/query/QueryManagerImpl.java b/server/src/com/cloud/api/query/QueryManagerImpl.java index 42bef79c61aa..2a6919bcf718 100644 --- a/server/src/com/cloud/api/query/QueryManagerImpl.java +++ b/server/src/com/cloud/api/query/QueryManagerImpl.java @@ -520,6 +520,7 @@ private Pair, Integer> searchForEventsInternal(ListEventsCmd c String keyword = cmd.getKeyword(); Integer entryTime = cmd.getEntryTime(); Integer duration = cmd.getDuration(); + Long startId = cmd.getStartId(); Ternary domainIdRecursiveListProject = new Ternary( cmd.getDomainId(), cmd.isRecursive(), null); @@ -542,7 +543,7 @@ private Pair, Integer> searchForEventsInternal(ListEventsCmd c sb.and("createDateG", sb.entity().getCreateDate(), SearchCriteria.Op.GTEQ); sb.and("createDateL", sb.entity().getCreateDate(), SearchCriteria.Op.LTEQ); sb.and("state", sb.entity().getState(), SearchCriteria.Op.NEQ); - sb.and("startId", sb.entity().getStartId(), SearchCriteria.Op.EQ); + sb.or("startId", sb.entity().getStartId(), SearchCriteria.Op.EQ); sb.and("createDate", sb.entity().getCreateDate(), SearchCriteria.Op.BETWEEN); sb.and("displayEvent", sb.entity().getDisplay(), SearchCriteria.Op.EQ); sb.and("archived", sb.entity().getArchived(), SearchCriteria.Op.EQ); @@ -561,6 +562,13 @@ private Pair, Integer> searchForEventsInternal(ListEventsCmd c sc.setParameters("id", id); } + if (startId != null) { + sc.setParameters("startId", startId); + if (id == null) { + sc.setParameters("id", startId); + } + } + if (keyword != null) { SearchCriteria ssc = _eventJoinDao.createSearchCriteria(); ssc.addOr("type", SearchCriteria.Op.LIKE, "%" + keyword + "%"); diff --git a/ui/css/cloudstack3.css b/ui/css/cloudstack3.css index 987f35d88a26..519778ba59ba 100644 --- a/ui/css/cloudstack3.css +++ b/ui/css/cloudstack3.css @@ -96,7 +96,7 @@ a:hover { /*Table*/ table { - width: 940px; + width: 955px; max-width: 977px; margin: 15px 15px 12px 12px; font-size: 13px; @@ -1307,7 +1307,6 @@ div.panel div.list-view { div.panel div.list-view div.data-table table { width: 955px; - margin-top: 44px; } .detail-view div.list-view div.data-table table { diff --git a/ui/l10n/en.js b/ui/l10n/en.js index 4476b6a6c44f..fe2e80ff0f85 100644 --- a/ui/l10n/en.js +++ b/ui/l10n/en.js @@ -558,6 +558,7 @@ var dictionary = {"ICMP.code":"ICMP Code", "label.console.proxy.vm":"Console Proxy VM", "label.continue":"Continue", "label.continue.basic.install":"Continue with basic installation", +"label.control.ip":"Control IP", "label.copying.iso":"Copying ISO", "label.corrections.saved":"Corrections saved", "label.counter":"Counter", @@ -751,6 +752,7 @@ var dictionary = {"ICMP.code":"ICMP Code", "label.event":"Event", "label.event.archived":"Event Archived", "label.event.deleted":"Event Deleted", +"label.event.timeline":"Event Timeline", "label.every":"Every", "label.example":"Example", "label.expunge":"Expunge", @@ -995,6 +997,7 @@ var dictionary = {"ICMP.code":"ICMP Code", "label.manage":"Manage", "label.manage.resources":"Manage Resources", "label.managed":"Managed", +"label.managed.state":"Managed State", "label.management":"Management", "label.management.ips":"Management IP Addresses", "label.management.server":"Management Server", diff --git a/ui/scripts/events.js b/ui/scripts/events.js index 2fd70dd018d1..82550a96bcee 100644 --- a/ui/scripts/events.js +++ b/ui/scripts/events.js @@ -46,12 +46,12 @@ label: 'label.type', truncate: true }, - domain: { - label: 'label.domain' - }, account: { label: 'label.account' }, + domain: { + label: 'label.domain' + }, created: { label: 'label.date', converter: cloudStack.converters.toLocalDate @@ -338,6 +338,14 @@ var data = {}; listViewDataProvider(args, data); + if ("events" in args.context) { + var startId = args.context.events[0].parentid; + if (!startId) { + startId = args.context.events[0].id; + } + data.startid = startId; + } + $.ajax({ url: createURL('listEvents'), data: data, @@ -357,8 +365,12 @@ }, detailView: { name: 'label.details', - actions: { + viewAll: { + path: 'events', + label: 'label.event.timeline', + }, + actions: { // Remove single event remove: { label: 'label.delete', diff --git a/ui/scripts/instances.js b/ui/scripts/instances.js index db7f53351482..ab075b01f148 100644 --- a/ui/scripts/instances.js +++ b/ui/scripts/instances.js @@ -17,6 +17,153 @@ (function($, cloudStack) { var vmMigrationHostObjs, ostypeObjs; + var vmStopAction = function(args) { + var action = { + messages: { + confirm: function(args) { + return 'message.action.stop.instance'; + }, + notification: function(args) { + return 'label.action.stop.instance'; + } + }, + label: 'label.action.stop.instance', + compactLabel: 'label.stop', + addRow: 'false', + createForm: { + title: 'notification.stop.instance', + desc: 'message.action.stop.instance', + fields: { + forced: { + label: 'force.stop', + isBoolean: true, + isChecked: false + } + } + }, + action: function(args) { + var instances = args.context.instances; + $(instances).map(function(index, instance) { + var data = { + id: instance.id, + forced: (args.data.forced == "on") + }; + $.ajax({ + url: createURL("stopVirtualMachine"), + data: data, + dataType: "json", + success: function(json) { + var jid = json.stopvirtualmachineresponse.jobid; + args.response.success({ + _custom: { + jobId: jid, + getUpdatedItem: function(json) { + return $.extend(json.queryasyncjobresultresponse.jobresult.virtualmachine, { hostid: null }); + }, + getActionFilter: function() { + return vmActionfilter; + } + } + }); + }, + error: function(json) { + args.response.error(parseXMLHttpResponse(json)); + } + }); + }); + }, + notification: { + poll: pollAsyncJobResult + } + }; + + + if (args && args.listView) { + $.extend(action, { + isHeader: true, + isMultiSelectAction: true + }); + } + + return action; + }; + + var vmDestroyAction = function(args) { + var action = { + messages: { + notification: function(args) { + return 'label.action.destroy.instance'; + } + }, + label: 'label.action.destroy.instance', + compactLabel: 'label.destroy', + addRow: 'false', + createForm: { + title: 'label.action.destroy.instance', + desc: 'label.action.destroy.instance', + isWarning: true, + preFilter: function(args) { + if (! g_allowUserExpungeRecoverVm) { + args.$form.find('.form-item[rel=expunge]').hide(); + } + }, + fields: { + expunge: { + label: 'label.expunge', + isBoolean: true, + isChecked: false + } + } + }, + action: function(args) { + var instances = args.context.instances; + $(instances).map(function(index, instance) { + var data = { + id: instance.id + }; + if (args.data.expunge == 'on') { + $.extend(data, { + expunge: true + }); + } + $.ajax({ + url: createURL('destroyVirtualMachine'), + data: data, + success: function(json) { + var jid = json.destroyvirtualmachineresponse.jobid; + args.response.success({ + _custom: { + jobId: jid, + getUpdatedItem: function(json) { + if ('virtualmachine' in json.queryasyncjobresultresponse.jobresult) //destroy without expunge + return json.queryasyncjobresultresponse.jobresult.virtualmachine; + else //destroy with expunge + return { 'toRemove': true }; + }, + getActionFilter: function() { + return vmActionfilter; + } + } + }); + } + }); + }); + }, + notification: { + poll: pollAsyncJobResult + } + }; + + if (args && args.listView) { + $.extend(action, { + isHeader: true, + isMultiSelectAction: true + }); + } + + return action; + }; + var vmSnapshotAction = function(args) { var action = { messages: { @@ -162,6 +309,7 @@ var hiddenFields = []; if (!isAdmin()) { hiddenFields.push('instancename'); + hiddenFields.push('account'); } return hiddenFields; }, @@ -180,16 +328,26 @@ ipaddress: { label: 'label.ip.address' }, + account: { + label: 'label.account' + }, zonename: { label: 'label.zone.name' }, state: { - label: 'label.state', + label: 'label.metrics.state', + converter: function (str) { + // For localization + return str; + }, indicator: { 'Running': 'on', 'Stopped': 'off', + 'Error': 'off', 'Destroyed': 'off', - 'Error': 'off' + 'Expunging': 'off', + 'Stopping': 'warning', + 'Shutdowned': 'warning' } } }, @@ -304,6 +462,8 @@ poll: pollAsyncJobResult } }, + stop: vmStopAction({ listView: true}), + destroy: vmDestroyAction({ listView: true }), snapshot: vmSnapshotAction({ listView: true }), viewMetrics: { label: 'label.metrics', @@ -683,55 +843,7 @@ poll: pollAsyncJobResult } }, - stop: { - label: 'label.action.stop.instance', - compactLabel: 'label.stop', - createForm: { - title: 'notification.stop.instance', - desc: 'message.action.stop.instance', - fields: { - forced: { - label: 'force.stop', - isBoolean: true, - isChecked: false - } - } - }, - action: function(args) { - var array1 = []; - array1.push("&forced=" + (args.data.forced == "on")); - $.ajax({ - url: createURL("stopVirtualMachine&id=" + args.context.instances[0].id + array1.join("")), - dataType: "json", - async: true, - success: function(json) { - var jid = json.stopvirtualmachineresponse.jobid; - args.response.success({ - _custom: { - jobId: jid, - getUpdatedItem: function(json) { - return $.extend(json.queryasyncjobresultresponse.jobresult.virtualmachine, { hostid: null }); - }, - getActionFilter: function() { - return vmActionfilter; - } - } - }); - } - }); - }, - messages: { - confirm: function(args) { - return 'message.action.stop.instance'; - }, - notification: function(args) { - return 'label.action.stop.instance'; - } - }, - notification: { - poll: pollAsyncJobResult - } - }, + stop: vmStopAction(), restart: { label: 'label.action.reboot.instance', compactLabel: 'label.reboot', @@ -775,66 +887,7 @@ } }, snapshot: vmSnapshotAction(), - destroy: { - label: 'label.action.destroy.instance', - compactLabel: 'label.destroy', - createForm: { - title: 'label.action.destroy.instance', - desc: 'label.action.destroy.instance', - isWarning: true, - preFilter: function(args) { - if (! g_allowUserExpungeRecoverVm) { - args.$form.find('.form-item[rel=expunge]').hide(); - } - }, - fields: { - expunge: { - label: 'label.expunge', - isBoolean: true, - isChecked: false - } - } - }, - messages: { - notification: function(args) { - return 'label.action.destroy.instance'; - } - }, - action: function(args) { - var data = { - id: args.context.instances[0].id - }; - if (args.data.expunge == 'on') { - $.extend(data, { - expunge: true - }); - } - $.ajax({ - url: createURL('destroyVirtualMachine'), - data: data, - success: function(json) { - var jid = json.destroyvirtualmachineresponse.jobid; - args.response.success({ - _custom: { - jobId: jid, - getUpdatedItem: function(json) { - if ('virtualmachine' in json.queryasyncjobresultresponse.jobresult) //destroy without expunge - return json.queryasyncjobresultresponse.jobresult.virtualmachine; - else //destroy with expunge - return { 'toRemove': true }; - }, - getActionFilter: function() { - return vmActionfilter; - } - } - }); - } - }); - }, - notification: { - poll: pollAsyncJobResult - } - }, + destroy: vmDestroyAction(), expunge: { label: 'label.action.expunge.instance', compactLabel: 'label.expunge', diff --git a/ui/scripts/metrics.js b/ui/scripts/metrics.js index bc73934c538d..19d011815ce4 100644 --- a/ui/scripts/metrics.js +++ b/ui/scripts/metrics.js @@ -293,8 +293,6 @@ 'Disconnected': 'off', 'Removed': 'off', 'Error': 'off', - 'Connecting': 'transition', - 'Rebalancing': 'transition', 'Alert': 'warning' }, compact: true @@ -448,9 +446,7 @@ 'Error': 'off', 'Destroyed': 'off', 'Expunging': 'off', - 'Stopping': 'transition', - 'Starting': 'transition', - 'Migrating': 'transition', + 'Stopping': 'warning', 'Shutdowned': 'warning' }, compact: true @@ -560,13 +556,12 @@ return str; }, indicator: { - 'Allocated': 'transition', - 'Creating': 'transition', + 'Allocated': 'on', 'Ready': 'on', 'Destroy': 'off', 'Expunging': 'off', 'Migrating': 'warning', - 'UploadOp': 'transition', + 'UploadOp': 'warning', 'Snapshotting': 'warning', }, compact: true @@ -651,7 +646,7 @@ 'Down': 'off', 'Removed': 'off', 'ErrorInMaintenance': 'off', - 'PrepareForMaintenance': 'transition', + 'PrepareForMaintenance': 'warning', 'CancelMaintenance': 'warning', 'Maintenance': 'warning', }, diff --git a/ui/scripts/network.js b/ui/scripts/network.js index 9054a8537bb5..776517829124 100644 --- a/ui/scripts/network.js +++ b/ui/scripts/network.js @@ -808,13 +808,16 @@ }, id: 'networks', + preFilter: function(args) { + if (isAdmin() || isDomainAdmin()) { + return [] + } + return ['account'] + }, fields: { name: { label: 'label.name' }, - account: { - label: 'label.account' - }, type: { label: 'label.type' }, @@ -823,6 +826,27 @@ }, ip6cidr: { label: 'label.ipv6.CIDR' + }, + account: { + label: 'label.account' + }, + zonename: { + label: 'label.zone' + }, + state: { + converter: function(str) { + // For localization + return str; + }, + label: 'label.state', + indicator: { + 'Allocated': 'on', + 'Released': 'off', + 'Destroy': 'off', + 'Shutdown': 'off', + 'Setup': 'warning', + 'Implemented': 'on' + } } }, @@ -1635,11 +1659,14 @@ networkid: args.context.networks[0].id }, dataType: 'json', - async: true, + async: false, success: function(json) { var response = json.listegressfirewallrulesresponse.firewallrule ? json.listegressfirewallrulesresponse.firewallrule : []; + if (response.length > 0) { + isConfigRulesMsgShown = true; + } args.response.success({ data: $.map(response, function(rule) { if (rule.protocol == 'all') { @@ -1899,6 +1926,12 @@ listView: { id: 'ipAddresses', label: 'label.ips', + preFilter: function(args) { + if (isAdmin()) { + return ['account'] + } + return [] + }, fields: { ipaddress: { label: 'label.ips', @@ -1910,12 +1943,18 @@ return text; } }, - zonename: { - label: 'label.zone' + associatednetworkname: { + label: 'label.network' }, virtualmachinedisplayname: { label: 'label.vm.name' }, + account: { + label: 'label.account' + }, + zonename: { + label: 'label.zone' + }, state: { converter: function(str) { // For localization diff --git a/ui/scripts/sharedFunctions.js b/ui/scripts/sharedFunctions.js index c58ce056c8ee..606fed45d272 100644 --- a/ui/scripts/sharedFunctions.js +++ b/ui/scripts/sharedFunctions.js @@ -1285,7 +1285,7 @@ cloudStack.converters = { var disconnected = new Date(); disconnected.setISO8601(UtcDate); - if (g_timezoneoffset != null) { + if (g_timezoneoffset != null && g_timezoneoffset != "null") { localDate = disconnected.getTimePlusTimezoneOffset(g_timezoneoffset); } else { var browserDate = new Date(); diff --git a/ui/scripts/storage.js b/ui/scripts/storage.js index 9c017b1025be..1cba75054918 100644 --- a/ui/scripts/storage.js +++ b/ui/scripts/storage.js @@ -36,8 +36,10 @@ label: 'label.volumes', preFilter: function(args) { var hiddenFields = []; - if (isAdmin() != true) + if (isAdmin() != true) { hiddenFields.push('hypervisor'); + hiddenFields.push('account'); + } return hiddenFields; }, fields: { @@ -47,11 +49,33 @@ type: { label: 'label.type' }, + vmdisplayname: { + label: 'label.vm.display.name' + }, hypervisor: { label: 'label.hypervisor' }, - vmdisplayname: { - label: 'label.vm.display.name' + account: { + label: 'label.account' + }, + zonename: { + label: 'label.zone' + }, + state: { + label: 'label.metrics.state', + converter: function (str) { + // For localization + return str; + }, + indicator: { + 'Allocated': 'on', + 'Ready': 'on', + 'Destroy': 'off', + 'Expunging': 'off', + 'Migrating': 'warning', + 'UploadOp': 'warning', + 'Snapshotting': 'warning', + } } }, diff --git a/ui/scripts/system.js b/ui/scripts/system.js index 256ed1cfee5a..9e80e27711e0 100755 --- a/ui/scripts/system.js +++ b/ui/scripts/system.js @@ -39,7 +39,7 @@ router.guestnetworkname = router.vpcname; } - if ("isredundantrouter" in router && router.isredundantrouter) { + if (router.isredundantrouter) { router.guestnetworkname = router.guestnetworkname + " (" + router.redundantstate + ")"; } @@ -2180,6 +2180,12 @@ }, isolationmethods: { label: 'label.isolation.method' + }, + vlan: { + label: 'label.vlan' + }, + broadcastdomainrange: { + label: 'label.broadcast.domain.range' } }, @@ -9205,6 +9211,14 @@ data: data, success: function (json) { var systemvmObjs = json.listsystemvmsresponse.systemvm; + $(systemvmObjs).each(function(idx, item) { + var controlIp = item.linklocalip; + if (item.hypervisor == "VMware") { + var controlIp = item.privateip; + } + item.controlip = controlIp; + }); + if (systemvmObjs != undefined) { $.ajax({ url: createURL('listHosts'), @@ -9585,16 +9599,19 @@ label: 'label.name' }, publicip: { - label: 'label.public.ip' + label: 'label.ip' }, - account: { - label: 'label.account' + routerType: { + label: 'label.type' }, guestnetworkname: { label: 'label.network' }, - routerType: { - label: 'label.type' + account: { + label: 'label.account' + }, + hostname: { + label: 'label.host' }, state: { converter: function (str) { @@ -10976,6 +10993,12 @@ return args; } }, + controlip: { + label: 'label.control.ip' + }, + hostname: { + label: 'label.host' + }, zonename: { label: 'label.zone' }, @@ -13293,12 +13316,19 @@ netmask: { label: 'label.netmask' }, + zonename: { + label: 'label.zone' + }, allocationstate: { converter: function (str) { // For localization return str; }, - label: 'label.allocation.state' + label: 'label.allocation.state', + indicator: { + 'Enabled': 'on', + 'Disabled': 'off' + } } }, @@ -13934,23 +13964,27 @@ name: { label: 'label.name' }, + hypervisortype: { + label: 'label.hypervisor' + }, + zonename: { + label: 'label.zone' + }, podname: { label: 'label.pod' }, - hypervisortype: { - label: 'label.hypervisor' + managedstate: { + label: 'label.managed.state' }, - //allocationstate: { label: 'label.allocation.state' }, - //managedstate: { label: 'Managed State' }, allocationstate: { converter: function (str) { // For localization return str; }, - label: 'label.state', + label: 'label.allocation.state', indicator: { 'Enabled': 'on', - 'Destroyed': 'off' + 'Disabled': 'off' } } }, @@ -15487,15 +15521,26 @@ name: { label: 'label.name' }, + ipaddress: { + label: 'label.ip.address' + }, + hypervisor: { + label: 'label.hypervisor' + }, zonename: { label: 'label.zone' }, - podname: { - label: 'label.pod' - }, clustername: { label: 'label.cluster' }, + resourcestate: { + label: 'label.resource.state', + indicator: { + 'Enabled': 'on', + 'Disabled': 'off', + 'Maintenance': 'warning' + } + }, state: { label: 'label.state', indicator: { @@ -17497,12 +17542,34 @@ label: 'label.path', truncate: true }, + type: { + label: 'label.type' + }, + scope: { + label: 'label.scope' + }, clustername: { label: 'label.cluster', truncate: true }, - scope: { - label: 'label.scope' + zonename: { + label: 'label.zone' + }, + state: { + label: 'label.state', + converter: function (str) { + // For localization + return str; + }, + indicator: { + 'Up': 'on', + 'Down': 'off', + 'Removed': 'off', + 'ErrorInMaintenance': 'off', + 'PrepareForMaintenance': 'warning', + 'CancelMaintenance': 'warning', + 'Maintenance': 'warning', + } } }, @@ -19492,8 +19559,17 @@ name: { label: 'label.name' }, + url: { + label: 'label.url' + }, protocol: { label: 'label.protocol' + }, + scope: { + label: 'label.scope' + }, + zonename: { + label: 'label.zone' } }, diff --git a/ui/scripts/templates.js b/ui/scripts/templates.js index 1ab1b9b09dd9..b2df73eada9e 100755 --- a/ui/scripts/templates.js +++ b/ui/scripts/templates.js @@ -55,12 +55,24 @@ label: 'label.community' } }, + preFilter: function() { + if (isAdmin()||isDomainAdmin()) { + return [] + } + return ['account'] + }, fields: { name: { label: 'label.name' }, hypervisor: { label: 'label.hypervisor' + }, + ostypename: { + label: 'label.os.type' + }, + account: { + label: 'label.account' } }, @@ -2038,9 +2050,21 @@ label: 'label.community' } }, + preFilter: function() { + if (isAdmin()||isDomainAdmin()) { + return [] + } + return ['account'] + }, fields: { name: { label: 'label.name' + }, + ostypename: { + label: 'label.os.type' + }, + account: { + label: 'label.account' } }, @@ -2347,7 +2371,10 @@ id: item.id, name: item.name, description: item.description, + ostypename: item.ostypename, ostypeid: item.ostypeid, + account: item.account, + domain: item.domain, zones: item.zonename, zoneids: [item.zoneid] }; diff --git a/ui/scripts/ui/widgets/dataTable.js b/ui/scripts/ui/widgets/dataTable.js index 45740527f71e..216487fd3f26 100644 --- a/ui/scripts/ui/widgets/dataTable.js +++ b/ui/scripts/ui/widgets/dataTable.js @@ -78,19 +78,12 @@ return true; }; - var splitTable = function() { + var reattachTable = function() { var $mainContainer = $('
') .addClass('data-table') .appendTo($table.parent()) - .append( - $table.detach() + .append($table.detach() ); - $table = $mainContainer; - var $theadContainer = $('
').addClass('fixed-header').prependTo($table); - var $theadTable = $('').appendTo($theadContainer).attr('nowrap', 'nowrap'); - var $thead = $table.find('thead').detach().appendTo($theadTable); - - return $thead; }; /** @@ -289,7 +282,7 @@ var init = function() { var noSelect = options && options.noSelect == true ? true : false; if (!$table.closest('div.data-table').size() && !$table.hasClass('no-split')) { - splitTable(); + reattachTable(); $table.find('tbody').closest('table').addClass('body'); } From 9aa7d4e81847875930eb98e39c56b4957fa9c632 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Sun, 26 Nov 2017 13:32:33 +0530 Subject: [PATCH 07/22] CLOUDSTACK-10013: SystemVM.iso refactoring and cleanups - Removes old/dead files - Refactors file path/location, backward compatible to filepaths in systemvm.isoa - Fixes failures around apache2 --- .../commands-simulator.properties.in | 21 - client/pom.xml | 1 - developer/developer-prefill.sql | 2 +- pom.xml | 35 +- setup/dev/advanced.cfg | 2 +- systemvm/{ => agent}/certs/localhost.crt | 0 systemvm/{ => agent}/certs/localhost.key | 0 systemvm/{ => agent}/certs/realhostip.crt | 0 systemvm/{ => agent}/certs/realhostip.csr | 0 systemvm/{ => agent}/certs/realhostip.key | 0 .../{ => agent}/certs/realhostip.keystore | Bin systemvm/{ => agent}/conf/agent.properties | 4 +- .../{ => agent}/conf/consoleproxy.properties | 4 +- .../{ => agent}/conf/environment.properties | 0 systemvm/{ => agent}/conf/log4j-cloud.xml | 0 systemvm/{ => agent}/css/ajaxviewer.css | 74 ++-- systemvm/{ => agent}/css/logger.css | 21 +- systemvm/{ => agent}/images/back.gif | Bin systemvm/{ => agent}/images/bright-green.png | Bin systemvm/{ => agent}/images/cad.gif | Bin systemvm/{ => agent}/images/cannotconnect.jpg | Bin systemvm/{ => agent}/images/clr_button.gif | Bin .../{ => agent}/images/clr_button_hover.gif | Bin systemvm/{ => agent}/images/dot.cur | Bin systemvm/{ => agent}/images/gray-green.png | Bin systemvm/{ => agent}/images/grid_headerbg.gif | Bin systemvm/{ => agent}/images/left.png | Bin .../{ => agent}/images/minimize_button.gif | Bin .../images/minimize_button_hover.gif | Bin systemvm/{ => agent}/images/notready.jpg | Bin systemvm/{ => agent}/images/play_button.gif | Bin .../{ => agent}/images/play_button_hover.gif | Bin systemvm/{ => agent}/images/right.png | Bin systemvm/{ => agent}/images/right2.png | Bin systemvm/{ => agent}/images/shrink_button.gif | Bin .../images/shrink_button_hover.gif | Bin systemvm/{ => agent}/images/stop_button.gif | Bin .../{ => agent}/images/stop_button_hover.gif | Bin systemvm/{ => agent}/images/winlog.png | Bin systemvm/{ => agent}/js/ajaxkeys.js | 0 systemvm/{ => agent}/js/ajaxviewer.js | 395 +++++++++-------- systemvm/{ => agent}/js/cloud.logger.js | 135 +++--- systemvm/{ => agent}/js/handler.js | 4 +- .../{ => agent}/js/jquery.flot.navigate.js | 58 +-- systemvm/{ => agent}/js/jquery.js | 0 systemvm/{ => agent}/scripts/_run.sh | 4 +- systemvm/{ => agent}/scripts/config_auth.sh | 10 +- systemvm/{ => agent}/scripts/config_ssl.sh | 17 +- systemvm/{ => agent}/scripts/consoleproxy.sh | 4 +- systemvm/{ => agent}/scripts/ipfirewall.sh | 5 +- systemvm/{ => agent}/scripts/run-proxy.sh | 10 +- systemvm/{ => agent}/scripts/run.sh | 4 +- systemvm/{ => agent}/scripts/secstorage.sh | 4 +- systemvm/{ => agent}/scripts/ssvm-check.sh | 10 +- systemvm/{ => agent}/scripts/utils.sh | 0 systemvm/{ => agent}/ui/viewer-bad-sid.ftl | 4 +- .../{ => agent}/ui/viewer-connect-failed.ftl | 4 +- systemvm/{ => agent}/ui/viewer-update.ftl | 3 +- systemvm/{ => agent}/ui/viewer.ftl | 28 +- systemvm/bindir/cloud-setup-console-proxy.in | 220 ---------- systemvm/conf.dom0/agent.properties.in | 46 -- systemvm/conf.dom0/consoleproxy.properties.in | 23 - systemvm/conf.dom0/log4j-cloud.xml.in | 111 ----- systemvm/conf/agent.properties.ssvm | 21 - .../rc.d/init.d/cloud-console-proxy.in | 96 ----- .../rc.d/init.d/cloud-console-proxy.in | 96 ----- .../rc.d/init.d/cloud-console-proxy.in | 96 ----- .../SYSCONFDIR/init.d/cloud-console-proxy.in | 110 ----- systemvm/libexec/console-proxy-runner.in | 90 ---- systemvm/patches/debian/README | 34 -- systemvm/patches/debian/config.dat | 398 ----------------- .../patches/debian/config/etc/chef/node.json | 5 - .../patches/debian/config/etc/chef/solo.rb | 21 - .../debian/config/opt/cloud/templates/README | 2 - .../config/opt/cloud/testdata/acl0001.json | 54 --- .../redundant_router/arping_gateways.sh.templ | 29 -- .../root/redundant_router/backup.sh.templ | 39 -- .../root/redundant_router/check_bumpup.sh | 19 - .../redundant_router/check_heartbeat.sh.templ | 60 --- .../redundant_router/checkrouter.sh.templ | 56 --- .../redundant_router/conntrackd.conf.templ | 401 ------------------ .../root/redundant_router/disable_pubip.sh | 23 - .../redundant_router/enable_pubip.sh.templ | 50 --- .../root/redundant_router/fault.sh.templ | 37 -- .../root/redundant_router/heartbeat.sh.templ | 20 - .../redundant_router/keepalived.conf.templ | 57 --- .../root/redundant_router/master.sh.templ | 60 --- .../redundant_router/primary-backup.sh.templ | 126 ------ .../config/root/redundant_router/services.sh | 68 --- systemvm/patches/debian/convert.sh | 64 --- .../{config => }/etc/apache2/httpd.conf | 0 .../{config => }/etc/apache2/vhost.template | 1 - .../debian/{config => }/etc/cloud-nic.rules | 1 - .../debian/{config => }/etc/dnsmasq.conf.tmpl | 16 +- .../{config => }/etc/haproxy/haproxy.cfg | 6 +- .../etc/init.d/cloud-early-config | 0 .../{config => }/etc/init.d/cloud-passwd-srvr | 6 +- .../etc/iptables/iptables-consoleproxy | 12 +- .../etc/iptables/iptables-dhcpsrvr | 2 +- .../{config => }/etc/iptables/iptables-elbvm | 3 +- .../{config => }/etc/iptables/iptables-ilbvm | 3 +- .../{config => }/etc/iptables/iptables-router | 2 +- .../etc/iptables/iptables-secstorage | 12 +- .../etc/iptables/iptables-vpcrouter | 2 +- .../{config => }/etc/iptables/rt_tables_init | 2 +- .../debian/{config => }/etc/iptables/rules | 3 +- .../debian/{config => }/etc/logrotate.conf | 1 - .../{config => }/etc/logrotate.d/apache2 | 0 .../debian/{config => }/etc/logrotate.d/cloud | 0 .../{config => }/etc/logrotate.d/conntrackd | 0 .../{config => }/etc/logrotate.d/dnsmasq | 1 - .../{config => }/etc/logrotate.d/haproxy | 0 .../debian/{config => }/etc/logrotate.d/ppp | 1 - .../{config => }/etc/logrotate.d/rsyslog | 0 .../etc/modprobe.d/aesni_intel.conf | 0 .../{config => }/etc/modprobe.d/pcspkr.conf | 0 .../{config => }/etc/profile.d/cloud.sh | 2 +- .../patches/debian/{config => }/etc/rc.local | 0 .../debian/{config => }/etc/rsyslog.conf | 0 .../debian/{config => }/etc/ssh/sshd_config | 14 +- .../debian/{config => }/etc/sysctl.conf | 2 +- .../debian/{config => }/etc/vpcdnsmasq.conf | 22 +- .../opt/cloud/bin/baremetal-vr.py | 322 +++++++------- .../opt/cloud/bin/baremetal_snat.sh | 3 +- .../opt/cloud/bin/bumpup_priority.sh | 0 .../opt/cloud/bin/checkbatchs2svpn.sh | 0 .../{config => }/opt/cloud/bin/checkrouter.sh | 0 .../{config => }/opt/cloud/bin/checks2svpn.sh | 0 .../{config => }/opt/cloud/bin/cloud-nic.sh | 2 +- .../{config => }/opt/cloud/bin/configure.py | 0 .../opt/cloud/bin/cs/CsAddress.py | 1 - .../{config => }/opt/cloud/bin/cs/CsApp.py | 0 .../{config => }/opt/cloud/bin/cs/CsConfig.py | 0 .../opt/cloud/bin/cs/CsDatabag.py | 0 .../{config => }/opt/cloud/bin/cs/CsDhcp.py | 1 - .../{config => }/opt/cloud/bin/cs/CsFile.py | 0 .../opt/cloud/bin/cs/CsGuestNetwork.py | 0 .../{config => }/opt/cloud/bin/cs/CsHelper.py | 0 .../opt/cloud/bin/cs/CsLoadBalancer.py | 0 .../opt/cloud/bin/cs/CsMonitor.py | 0 .../opt/cloud/bin/cs/CsNetfilter.py | 0 .../opt/cloud/bin/cs/CsProcess.py | 0 .../opt/cloud/bin/cs/CsRedundant.py | 14 +- .../{config => }/opt/cloud/bin/cs/CsRoute.py | 0 .../{config => }/opt/cloud/bin/cs/CsRule.py | 0 .../opt/cloud/bin/cs/CsStaticRoutes.py | 5 +- .../{config => }/opt/cloud/bin/cs/__init__.py | 0 .../{config => }/opt/cloud/bin/cs_cmdline.py | 0 .../{config => }/opt/cloud/bin/cs_dhcp.py | 3 +- .../opt/cloud/bin/cs_firewallrules.py | 0 .../opt/cloud/bin/cs_forwardingrules.py | 0 .../opt/cloud/bin/cs_guestnetwork.py | 0 .../{config => }/opt/cloud/bin/cs_ip.py | 0 .../opt/cloud/bin/cs_loadbalancer.py | 0 .../opt/cloud/bin/cs_monitorservice.py | 0 .../opt/cloud/bin/cs_network_acl.py | 0 .../opt/cloud/bin/cs_remoteaccessvpn.py | 0 .../opt/cloud/bin/cs_site2sitevpn.py | 0 .../opt/cloud/bin/cs_staticroutes.py | 0 .../{config => }/opt/cloud/bin/cs_vmdata.py | 0 .../{config => }/opt/cloud/bin/cs_vmp.py | 0 .../{config => }/opt/cloud/bin/cs_vpnusers.py | 0 .../{config => }/opt/cloud/bin/dnsmasq.sh | 0 .../{config => }/opt/cloud/bin/edithosts.sh | 2 +- .../opt/cloud/bin/getRouterAlerts.sh | 0 .../opt/cloud/bin/get_template_version.sh | 0 .../debian/{config => }/opt/cloud/bin/ilb.sh | 34 +- .../{config => }/opt/cloud/bin/ipassoc.sh | 43 +- .../{config => }/opt/cloud/bin/ipsectunnel.sh | 0 .../{config => }/opt/cloud/bin/line_edit.py | 0 .../opt/cloud/bin/loadbalancer.sh | 80 ++-- .../{config => }/opt/cloud/bin/master.py | 0 .../{config => }/opt/cloud/bin/merge.py | 0 .../opt/cloud/bin/monitor_service.sh | 1 - .../{config => }/opt/cloud/bin/netusage.sh | 23 +- .../{config => }/opt/cloud/bin/passwd_server | 0 .../opt/cloud/bin/passwd_server_ip | 0 .../opt/cloud/bin/passwd_server_ip.py | 0 .../{config => }/opt/cloud/bin/prepare_pxe.sh | 6 +- .../opt/cloud/bin/savepassword.sh | 0 .../opt/cloud/bin/set_redundant.py | 0 .../opt/cloud/bin/setup/common.sh | 59 ++- .../opt/cloud/bin/setup/consoleproxy.sh | 0 .../opt/cloud/bin/setup/default.sh | 0 .../opt/cloud/bin/setup/dhcpsrvr.sh | 0 .../{config => }/opt/cloud/bin/setup/elbvm.sh | 0 .../{config => }/opt/cloud/bin/setup/ilbvm.sh | 0 .../opt/cloud/bin/setup/patchsystemvm.sh | 4 +- .../opt/cloud/bin/setup/router.sh | 0 .../opt/cloud/bin/setup/secstorage.sh | 0 .../opt/cloud/bin/setup/vpcrouter.sh | 0 .../opt/cloud/bin/update_config.py | 0 .../{config => }/opt/cloud/bin/vmdata.py | 0 .../{config => }/opt/cloud/bin/vpc_func.sh | 2 +- .../opt/cloud/bin/vpc_netusage.sh | 26 +- .../opt/cloud/bin/vpc_passwd_server | 0 .../{config => }/opt/cloud/bin/vpc_snat.sh | 0 .../opt/cloud/bin/vpc_staticroute.sh | 5 +- .../{config => }/opt/cloud/bin/vr_cfg.sh | 0 .../patches/debian/opt/cloud/templates/README | 2 + .../cloud/templates/arping_gateways.sh.templ | 0 .../opt/cloud/templates/check_bumpup.sh | 0 .../cloud/templates/check_heartbeat.sh.templ | 2 +- .../opt/cloud/templates/checkrouter.sh.templ | 2 +- .../opt/cloud/templates/conntrackd.conf.templ | 34 +- .../opt/cloud/templates/heartbeat.sh.templ | 0 .../opt/cloud/templates/keepalived.conf.templ | 2 +- .../{config => }/opt/cloud/testdata/README | 0 .../debian/opt/cloud/testdata/acl0001.json | 54 +++ .../opt/cloud/testdata/dhcp0001.json | 0 .../opt/cloud/testdata/gn0001.json | 0 .../opt/cloud/testdata/ips0001.json | 0 .../opt/cloud/testdata/ips0002.json | 0 .../opt/cloud/testdata/ips0003.json | 0 .../opt/cloud/testdata/s2s0001.json | 0 .../cloud/bin => opt/cloud/testdata}/test.sh | 1 - .../opt/cloud/testdata/vmp0001.json | 0 systemvm/patches/debian/qemuconvert.sh | 32 -- .../{config => }/root/.ssh/authorized_keys | 0 .../{config => }/root/clearUsageRules.sh | 2 +- .../patches/debian/{config => }/root/func.sh | 0 .../{config => }/root/monitorServices.py | 7 - .../debian/{config => }/root/reconfigLB.sh | 1 - systemvm/patches/debian/systemvm.vmx | 37 -- systemvm/patches/debian/systemvm.xml | 53 --- .../var/www/html/latest/.htaccess | 1 - .../var/www/html/userdata/.htaccess | 0 systemvm/patches/debian/vhdconvert.sh | 40 -- systemvm/patches/debian/xe/xe-daemon | 65 --- .../patches/debian/xe/xe-linux-distribution | 267 ------------ .../patches/debian/xe/xe-update-guest-attrs | 226 ---------- .../python => patches/test}/TestCsAddress.py | 0 .../python => patches/test}/TestCsApp.py | 0 .../python => patches/test}/TestCsCmdLine.py | 0 .../python => patches/test}/TestCsConfig.py | 0 .../python => patches/test}/TestCsDatabag.py | 0 .../python => patches/test}/TestCsDhcp.py | 0 .../python => patches/test}/TestCsFile.py | 0 .../test}/TestCsGuestNetwork.py | 0 .../python => patches/test}/TestCsHelper.py | 0 .../test}/TestCsInterface.py | 0 .../test}/TestCsNetfilter.py | 0 .../python => patches/test}/TestCsProcess.py | 0 .../test}/TestCsRedundant.py | 0 .../python => patches/test}/TestCsRoute.py | 0 .../python => patches/test}/TestCsRule.py | 0 .../{test/python => patches/test}/runtests.sh | 2 +- .../patches/{debian => }/vpn/etc/ipsec.conf | 0 .../{debian => }/vpn/etc/ipsec.d/l2tp.conf | 0 .../{debian => }/vpn/etc/ipsec.secrets | 0 .../{debian => }/vpn/etc/ppp/options.xl2tpd | 0 .../{debian => }/vpn/etc/xl2tpd/xl2tpd.conf | 0 .../vpn/opt/cloud/bin/vpn_l2tp.sh | 8 +- systemvm/pom.xml | 26 +- systemvm/scripts/run.bat | 18 - ...ptor.xml => systemvm-agent-descriptor.xml} | 16 +- systemvm/vm-script/vmops | 119 ------ 257 files changed, 862 insertions(+), 4300 deletions(-) delete mode 100644 agent-simulator/tomcatconf/commands-simulator.properties.in rename systemvm/{ => agent}/certs/localhost.crt (100%) rename systemvm/{ => agent}/certs/localhost.key (100%) rename systemvm/{ => agent}/certs/realhostip.crt (100%) rename systemvm/{ => agent}/certs/realhostip.csr (100%) rename systemvm/{ => agent}/certs/realhostip.key (100%) rename systemvm/{ => agent}/certs/realhostip.keystore (100%) rename systemvm/{ => agent}/conf/agent.properties (99%) rename systemvm/{ => agent}/conf/consoleproxy.properties (99%) rename systemvm/{ => agent}/conf/environment.properties (100%) rename systemvm/{ => agent}/conf/log4j-cloud.xml (100%) rename systemvm/{ => agent}/css/ajaxviewer.css (80%) rename systemvm/{ => agent}/css/logger.css (93%) rename systemvm/{ => agent}/images/back.gif (100%) rename systemvm/{ => agent}/images/bright-green.png (100%) rename systemvm/{ => agent}/images/cad.gif (100%) rename systemvm/{ => agent}/images/cannotconnect.jpg (100%) rename systemvm/{ => agent}/images/clr_button.gif (100%) rename systemvm/{ => agent}/images/clr_button_hover.gif (100%) rename systemvm/{ => agent}/images/dot.cur (100%) rename systemvm/{ => agent}/images/gray-green.png (100%) rename systemvm/{ => agent}/images/grid_headerbg.gif (100%) rename systemvm/{ => agent}/images/left.png (100%) rename systemvm/{ => agent}/images/minimize_button.gif (100%) rename systemvm/{ => agent}/images/minimize_button_hover.gif (100%) rename systemvm/{ => agent}/images/notready.jpg (100%) rename systemvm/{ => agent}/images/play_button.gif (100%) rename systemvm/{ => agent}/images/play_button_hover.gif (100%) rename systemvm/{ => agent}/images/right.png (100%) rename systemvm/{ => agent}/images/right2.png (100%) rename systemvm/{ => agent}/images/shrink_button.gif (100%) rename systemvm/{ => agent}/images/shrink_button_hover.gif (100%) rename systemvm/{ => agent}/images/stop_button.gif (100%) rename systemvm/{ => agent}/images/stop_button_hover.gif (100%) rename systemvm/{ => agent}/images/winlog.png (100%) rename systemvm/{ => agent}/js/ajaxkeys.js (100%) rename systemvm/{ => agent}/js/ajaxviewer.js (94%) rename systemvm/{ => agent}/js/cloud.logger.js (91%) rename systemvm/{ => agent}/js/handler.js (99%) rename systemvm/{ => agent}/js/jquery.flot.navigate.js (96%) rename systemvm/{ => agent}/js/jquery.js (100%) rename systemvm/{ => agent}/scripts/_run.sh (99%) rename systemvm/{ => agent}/scripts/config_auth.sh (97%) rename systemvm/{ => agent}/scripts/config_ssl.sh (95%) rename systemvm/{ => agent}/scripts/consoleproxy.sh (99%) rename systemvm/{ => agent}/scripts/ipfirewall.sh (99%) rename systemvm/{ => agent}/scripts/run-proxy.sh (94%) rename systemvm/{ => agent}/scripts/run.sh (99%) rename systemvm/{ => agent}/scripts/secstorage.sh (99%) rename systemvm/{ => agent}/scripts/ssvm-check.sh (97%) rename systemvm/{ => agent}/scripts/utils.sh (100%) rename systemvm/{ => agent}/ui/viewer-bad-sid.ftl (99%) rename systemvm/{ => agent}/ui/viewer-connect-failed.ftl (99%) rename systemvm/{ => agent}/ui/viewer-update.ftl (97%) rename systemvm/{ => agent}/ui/viewer.ftl (84%) delete mode 100755 systemvm/bindir/cloud-setup-console-proxy.in delete mode 100644 systemvm/conf.dom0/agent.properties.in delete mode 100644 systemvm/conf.dom0/consoleproxy.properties.in delete mode 100644 systemvm/conf.dom0/log4j-cloud.xml.in delete mode 100644 systemvm/conf/agent.properties.ssvm delete mode 100644 systemvm/distro/centos/SYSCONFDIR/rc.d/init.d/cloud-console-proxy.in delete mode 100644 systemvm/distro/fedora/SYSCONFDIR/rc.d/init.d/cloud-console-proxy.in delete mode 100644 systemvm/distro/rhel/SYSCONFDIR/rc.d/init.d/cloud-console-proxy.in delete mode 100755 systemvm/distro/ubuntu/SYSCONFDIR/init.d/cloud-console-proxy.in delete mode 100755 systemvm/libexec/console-proxy-runner.in delete mode 100644 systemvm/patches/debian/README delete mode 100644 systemvm/patches/debian/config.dat delete mode 100644 systemvm/patches/debian/config/etc/chef/node.json delete mode 100644 systemvm/patches/debian/config/etc/chef/solo.rb delete mode 100644 systemvm/patches/debian/config/opt/cloud/templates/README delete mode 100644 systemvm/patches/debian/config/opt/cloud/testdata/acl0001.json delete mode 100644 systemvm/patches/debian/config/root/redundant_router/arping_gateways.sh.templ delete mode 100644 systemvm/patches/debian/config/root/redundant_router/backup.sh.templ delete mode 100644 systemvm/patches/debian/config/root/redundant_router/check_bumpup.sh delete mode 100755 systemvm/patches/debian/config/root/redundant_router/check_heartbeat.sh.templ delete mode 100755 systemvm/patches/debian/config/root/redundant_router/checkrouter.sh.templ delete mode 100644 systemvm/patches/debian/config/root/redundant_router/conntrackd.conf.templ delete mode 100644 systemvm/patches/debian/config/root/redundant_router/disable_pubip.sh delete mode 100644 systemvm/patches/debian/config/root/redundant_router/enable_pubip.sh.templ delete mode 100644 systemvm/patches/debian/config/root/redundant_router/fault.sh.templ delete mode 100755 systemvm/patches/debian/config/root/redundant_router/heartbeat.sh.templ delete mode 100644 systemvm/patches/debian/config/root/redundant_router/keepalived.conf.templ delete mode 100644 systemvm/patches/debian/config/root/redundant_router/master.sh.templ delete mode 100644 systemvm/patches/debian/config/root/redundant_router/primary-backup.sh.templ delete mode 100644 systemvm/patches/debian/config/root/redundant_router/services.sh delete mode 100755 systemvm/patches/debian/convert.sh rename systemvm/patches/debian/{config => }/etc/apache2/httpd.conf (100%) rename systemvm/patches/debian/{config => }/etc/apache2/vhost.template (99%) rename systemvm/patches/debian/{config => }/etc/cloud-nic.rules (98%) rename systemvm/patches/debian/{config => }/etc/dnsmasq.conf.tmpl (99%) rename systemvm/patches/debian/{config => }/etc/haproxy/haproxy.cfg (98%) rename systemvm/patches/debian/{config => }/etc/init.d/cloud-early-config (100%) rename systemvm/patches/debian/{config => }/etc/init.d/cloud-passwd-srvr (99%) rename systemvm/patches/debian/{config => }/etc/iptables/iptables-consoleproxy (84%) rename systemvm/patches/debian/{config => }/etc/iptables/iptables-dhcpsrvr (99%) rename systemvm/patches/debian/{config => }/etc/iptables/iptables-elbvm (99%) rename systemvm/patches/debian/{config => }/etc/iptables/iptables-ilbvm (99%) rename systemvm/patches/debian/{config => }/etc/iptables/iptables-router (99%) rename systemvm/patches/debian/{config => }/etc/iptables/iptables-secstorage (81%) rename systemvm/patches/debian/{config => }/etc/iptables/iptables-vpcrouter (99%) rename systemvm/patches/debian/{config => }/etc/iptables/rt_tables_init (99%) rename systemvm/patches/debian/{config => }/etc/iptables/rules (99%) rename systemvm/patches/debian/{config => }/etc/logrotate.conf (99%) rename systemvm/patches/debian/{config => }/etc/logrotate.d/apache2 (100%) rename systemvm/patches/debian/{config => }/etc/logrotate.d/cloud (100%) rename systemvm/patches/debian/{config => }/etc/logrotate.d/conntrackd (100%) rename systemvm/patches/debian/{config => }/etc/logrotate.d/dnsmasq (99%) rename systemvm/patches/debian/{config => }/etc/logrotate.d/haproxy (100%) rename systemvm/patches/debian/{config => }/etc/logrotate.d/ppp (98%) rename systemvm/patches/debian/{config => }/etc/logrotate.d/rsyslog (100%) rename systemvm/patches/debian/{config => }/etc/modprobe.d/aesni_intel.conf (100%) rename systemvm/patches/debian/{config => }/etc/modprobe.d/pcspkr.conf (100%) rename systemvm/patches/debian/{config => }/etc/profile.d/cloud.sh (99%) rename systemvm/patches/debian/{config => }/etc/rc.local (100%) rename systemvm/patches/debian/{config => }/etc/rsyslog.conf (100%) rename systemvm/patches/debian/{config => }/etc/ssh/sshd_config (96%) rename systemvm/patches/debian/{config => }/etc/sysctl.conf (97%) rename systemvm/patches/debian/{config => }/etc/vpcdnsmasq.conf (97%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/baremetal-vr.py (97%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/baremetal_snat.sh (98%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/bumpup_priority.sh (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/checkbatchs2svpn.sh (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/checkrouter.sh (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/checks2svpn.sh (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cloud-nic.sh (97%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/configure.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs/CsAddress.py (99%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs/CsApp.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs/CsConfig.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs/CsDatabag.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs/CsDhcp.py (99%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs/CsFile.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs/CsGuestNetwork.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs/CsHelper.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs/CsLoadBalancer.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs/CsMonitor.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs/CsNetfilter.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs/CsProcess.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs/CsRedundant.py (98%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs/CsRoute.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs/CsRule.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs/CsStaticRoutes.py (95%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs/__init__.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs_cmdline.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs_dhcp.py (91%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs_firewallrules.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs_forwardingrules.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs_guestnetwork.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs_ip.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs_loadbalancer.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs_monitorservice.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs_network_acl.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs_remoteaccessvpn.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs_site2sitevpn.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs_staticroutes.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs_vmdata.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs_vmp.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/cs_vpnusers.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/dnsmasq.sh (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/edithosts.sh (99%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/getRouterAlerts.sh (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/get_template_version.sh (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/ilb.sh (93%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/ipassoc.sh (97%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/ipsectunnel.sh (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/line_edit.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/loadbalancer.sh (92%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/master.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/merge.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/monitor_service.sh (99%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/netusage.sh (92%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/passwd_server (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/passwd_server_ip (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/passwd_server_ip.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/prepare_pxe.sh (99%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/savepassword.sh (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/set_redundant.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/setup/common.sh (92%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/setup/consoleproxy.sh (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/setup/default.sh (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/setup/dhcpsrvr.sh (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/setup/elbvm.sh (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/setup/ilbvm.sh (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/setup/patchsystemvm.sh (95%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/setup/router.sh (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/setup/secstorage.sh (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/setup/vpcrouter.sh (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/update_config.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/vmdata.py (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/vpc_func.sh (99%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/vpc_netusage.sh (93%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/vpc_passwd_server (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/vpc_snat.sh (100%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/vpc_staticroute.sh (97%) rename systemvm/patches/debian/{config => }/opt/cloud/bin/vr_cfg.sh (100%) create mode 100644 systemvm/patches/debian/opt/cloud/templates/README rename systemvm/patches/debian/{config => }/opt/cloud/templates/arping_gateways.sh.templ (100%) rename systemvm/patches/debian/{config => }/opt/cloud/templates/check_bumpup.sh (100%) rename systemvm/patches/debian/{config => }/opt/cloud/templates/check_heartbeat.sh.templ (99%) rename systemvm/patches/debian/{config => }/opt/cloud/templates/checkrouter.sh.templ (98%) rename systemvm/patches/debian/{config => }/opt/cloud/templates/conntrackd.conf.templ (96%) rename systemvm/patches/debian/{config => }/opt/cloud/templates/heartbeat.sh.templ (100%) rename systemvm/patches/debian/{config => }/opt/cloud/templates/keepalived.conf.templ (99%) rename systemvm/patches/debian/{config => }/opt/cloud/testdata/README (100%) create mode 100644 systemvm/patches/debian/opt/cloud/testdata/acl0001.json rename systemvm/patches/debian/{config => }/opt/cloud/testdata/dhcp0001.json (100%) rename systemvm/patches/debian/{config => }/opt/cloud/testdata/gn0001.json (100%) rename systemvm/patches/debian/{config => }/opt/cloud/testdata/ips0001.json (100%) rename systemvm/patches/debian/{config => }/opt/cloud/testdata/ips0002.json (100%) rename systemvm/patches/debian/{config => }/opt/cloud/testdata/ips0003.json (100%) rename systemvm/patches/debian/{config => }/opt/cloud/testdata/s2s0001.json (100%) rename systemvm/patches/debian/{config/opt/cloud/bin => opt/cloud/testdata}/test.sh (99%) rename systemvm/patches/debian/{config => }/opt/cloud/testdata/vmp0001.json (100%) delete mode 100755 systemvm/patches/debian/qemuconvert.sh rename systemvm/patches/debian/{config => }/root/.ssh/authorized_keys (100%) rename systemvm/patches/debian/{config => }/root/clearUsageRules.sh (99%) rename systemvm/patches/debian/{config => }/root/func.sh (100%) rename systemvm/patches/debian/{config => }/root/monitorServices.py (99%) rename systemvm/patches/debian/{config => }/root/reconfigLB.sh (99%) delete mode 100644 systemvm/patches/debian/systemvm.vmx delete mode 100644 systemvm/patches/debian/systemvm.xml rename systemvm/patches/debian/{config => }/var/www/html/latest/.htaccess (99%) rename systemvm/patches/debian/{config => }/var/www/html/userdata/.htaccess (100%) delete mode 100755 systemvm/patches/debian/vhdconvert.sh delete mode 100644 systemvm/patches/debian/xe/xe-daemon delete mode 100644 systemvm/patches/debian/xe/xe-linux-distribution delete mode 100644 systemvm/patches/debian/xe/xe-update-guest-attrs rename systemvm/{test/python => patches/test}/TestCsAddress.py (100%) rename systemvm/{test/python => patches/test}/TestCsApp.py (100%) rename systemvm/{test/python => patches/test}/TestCsCmdLine.py (100%) rename systemvm/{test/python => patches/test}/TestCsConfig.py (100%) rename systemvm/{test/python => patches/test}/TestCsDatabag.py (100%) rename systemvm/{test/python => patches/test}/TestCsDhcp.py (100%) rename systemvm/{test/python => patches/test}/TestCsFile.py (100%) rename systemvm/{test/python => patches/test}/TestCsGuestNetwork.py (100%) rename systemvm/{test/python => patches/test}/TestCsHelper.py (100%) rename systemvm/{test/python => patches/test}/TestCsInterface.py (100%) rename systemvm/{test/python => patches/test}/TestCsNetfilter.py (100%) rename systemvm/{test/python => patches/test}/TestCsProcess.py (100%) rename systemvm/{test/python => patches/test}/TestCsRedundant.py (100%) rename systemvm/{test/python => patches/test}/TestCsRoute.py (100%) rename systemvm/{test/python => patches/test}/TestCsRule.py (100%) rename systemvm/{test/python => patches/test}/runtests.sh (94%) rename systemvm/patches/{debian => }/vpn/etc/ipsec.conf (100%) rename systemvm/patches/{debian => }/vpn/etc/ipsec.d/l2tp.conf (100%) rename systemvm/patches/{debian => }/vpn/etc/ipsec.secrets (100%) rename systemvm/patches/{debian => }/vpn/etc/ppp/options.xl2tpd (100%) rename systemvm/patches/{debian => }/vpn/etc/xl2tpd/xl2tpd.conf (100%) rename systemvm/patches/{debian => }/vpn/opt/cloud/bin/vpn_l2tp.sh (98%) delete mode 100644 systemvm/scripts/run.bat rename systemvm/{systemvm-descriptor.xml => systemvm-agent-descriptor.xml} (92%) delete mode 100644 systemvm/vm-script/vmops diff --git a/agent-simulator/tomcatconf/commands-simulator.properties.in b/agent-simulator/tomcatconf/commands-simulator.properties.in deleted file mode 100644 index 4350bb788b43..000000000000 --- a/agent-simulator/tomcatconf/commands-simulator.properties.in +++ /dev/null @@ -1,21 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - - -configureSimulator=com.cloud.api.commands.ConfigureSimulatorCmd;1 -querySimulatorMock=com.cloud.api.commands.QuerySimulatorMockCmd;1 -cleanupSimulatorMock=com.cloud.api.commands.CleanupSimulatorMockCmd;1 diff --git a/client/pom.xml b/client/pom.xml index a6e0383b48b7..96cbae420aa1 100644 --- a/client/pom.xml +++ b/client/pom.xml @@ -798,7 +798,6 @@ - diff --git a/developer/developer-prefill.sql b/developer/developer-prefill.sql index cc67748b8dd9..c9ab468e5b35 100644 --- a/developer/developer-prefill.sql +++ b/developer/developer-prefill.sql @@ -112,7 +112,7 @@ INSERT INTO `cloud`.`configuration` (category, instance, component, name, value) INSERT INTO `cloud`.`configuration` (category, instance, component, name, value) VALUES ('Advanced', 'DEFAULT', 'management-server', - 'ping.timeout', '1.5'); + 'ping.timeout', '2.0'); -- Enable dynamic RBAC by default for fresh deployments INSERT INTO `cloud`.`configuration` (category, instance, component, name, value) diff --git a/pom.xml b/pom.xml index 283b32171df7..c30247aaf3e7 100644 --- a/pom.xml +++ b/pom.xml @@ -920,35 +920,12 @@ ui/lib/reset.css ui/lib/require.js utils/testsmallfileinactive - systemvm/conf/agent.properties - systemvm/conf/environment.properties - systemvm/js/jquery.js - systemvm/js/jquery.flot.navigate.js - systemvm/patches/debian/systemvm.vmx - systemvm/patches/debian/config/root/.ssh/authorized_keys - systemvm/patches/debian/config/etc/apache2/httpd.conf - systemvm/patches/debian/config/etc/apache2/vhost.template - systemvm/patches/debian/config/etc/dnsmasq.conf.tmpl - systemvm/patches/debian/config/etc/vpcdnsmasq.conf - systemvm/patches/debian/config/etc/ssh/sshd_config - systemvm/patches/debian/config/etc/rsyslog.conf - systemvm/patches/debian/config/etc/logrotate.conf - systemvm/patches/debian/config/etc/logrotate.d/* - systemvm/patches/debian/config/etc/sysctl.conf - systemvm/patches/debian/config/root/redundant_router/keepalived.conf.templ - systemvm/patches/debian/config/root/redundant_router/arping_gateways.sh.templ - systemvm/patches/debian/config/root/redundant_router/conntrackd.conf.templ - systemvm/patches/debian/vpn/etc/ipsec.conf - systemvm/patches/debian/vpn/etc/ppp/options.xl2tpd - systemvm/patches/debian/vpn/etc/xl2tpd/xl2tpd.conf - systemvm/patches/debian/vpn/etc/ipsec.secrets - systemvm/patches/debian/config/etc/haproxy/haproxy.cfg - systemvm/patches/debian/config/etc/cloud-nic.rules - systemvm/patches/debian/config/etc/modprobe.d/aesni_intel - systemvm/patches/debian/config/etc/rc.local - systemvm/patches/debian/config/var/www/html/userdata/.htaccess - systemvm/patches/debian/config/var/www/html/latest/.htaccess - systemvm/patches/debian/vpn/etc/ipsec.d/l2tp.conf + systemvm/agent/conf/agent.properties + systemvm/agent/conf/environment.properties + systemvm/agent/js/jquery.js + systemvm/agent/js/jquery.flot.navigate.js + systemvm/patches/debian/** + systemvm/patches/vpn/** tools/transifex/.tx/config tools/logo/apache_cloudstack.png tools/marvin/marvin/sandbox/advanced/sandbox.cfg diff --git a/setup/dev/advanced.cfg b/setup/dev/advanced.cfg index bdb25e56456a..d5762c39bcef 100644 --- a/setup/dev/advanced.cfg +++ b/setup/dev/advanced.cfg @@ -231,7 +231,7 @@ }, { "name": "ping.timeout", - "value": "1.5" + "value": "2.0" } ], "mgtSvr": [ diff --git a/systemvm/certs/localhost.crt b/systemvm/agent/certs/localhost.crt similarity index 100% rename from systemvm/certs/localhost.crt rename to systemvm/agent/certs/localhost.crt diff --git a/systemvm/certs/localhost.key b/systemvm/agent/certs/localhost.key similarity index 100% rename from systemvm/certs/localhost.key rename to systemvm/agent/certs/localhost.key diff --git a/systemvm/certs/realhostip.crt b/systemvm/agent/certs/realhostip.crt similarity index 100% rename from systemvm/certs/realhostip.crt rename to systemvm/agent/certs/realhostip.crt diff --git a/systemvm/certs/realhostip.csr b/systemvm/agent/certs/realhostip.csr similarity index 100% rename from systemvm/certs/realhostip.csr rename to systemvm/agent/certs/realhostip.csr diff --git a/systemvm/certs/realhostip.key b/systemvm/agent/certs/realhostip.key similarity index 100% rename from systemvm/certs/realhostip.key rename to systemvm/agent/certs/realhostip.key diff --git a/systemvm/certs/realhostip.keystore b/systemvm/agent/certs/realhostip.keystore similarity index 100% rename from systemvm/certs/realhostip.keystore rename to systemvm/agent/certs/realhostip.keystore diff --git a/systemvm/conf/agent.properties b/systemvm/agent/conf/agent.properties similarity index 99% rename from systemvm/conf/agent.properties rename to systemvm/agent/conf/agent.properties index 051cf6107108..9bc4dcaf965b 100644 --- a/systemvm/conf/agent.properties +++ b/systemvm/agent/conf/agent.properties @@ -5,9 +5,9 @@ # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY diff --git a/systemvm/conf/consoleproxy.properties b/systemvm/agent/conf/consoleproxy.properties similarity index 99% rename from systemvm/conf/consoleproxy.properties rename to systemvm/agent/conf/consoleproxy.properties index a3cddbcab967..96a345b31f71 100644 --- a/systemvm/conf/consoleproxy.properties +++ b/systemvm/agent/conf/consoleproxy.properties @@ -5,9 +5,9 @@ # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY diff --git a/systemvm/conf/environment.properties b/systemvm/agent/conf/environment.properties similarity index 100% rename from systemvm/conf/environment.properties rename to systemvm/agent/conf/environment.properties diff --git a/systemvm/conf/log4j-cloud.xml b/systemvm/agent/conf/log4j-cloud.xml similarity index 100% rename from systemvm/conf/log4j-cloud.xml rename to systemvm/agent/conf/log4j-cloud.xml diff --git a/systemvm/css/ajaxviewer.css b/systemvm/agent/css/ajaxviewer.css similarity index 80% rename from systemvm/css/ajaxviewer.css rename to systemvm/agent/css/ajaxviewer.css index 3e0681401bf1..73dee4af5ed8 100644 --- a/systemvm/css/ajaxviewer.css +++ b/systemvm/agent/css/ajaxviewer.css @@ -6,9 +6,9 @@ regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - + http://www.apache.org/licenses/LICENSE-2.0 - + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -21,7 +21,7 @@ body { margin:0 0; text-align: center; } - + #main_panel { clear:both; margin: 0 auto; @@ -33,57 +33,57 @@ body { } #toolbar { - font:normal 12px 'Trebuchet MS','Arial'; - margin:0 auto; + font:normal 12px 'Trebuchet MS','Arial'; + margin:0 auto; text-align: left; - padding:0 0; + padding:0 0; height:32px; - background-image:url(/resource/images/back.gif); - background-repeat:repeat-x; + background-image:url(/resource/images/back.gif); + background-repeat:repeat-x; } -#toolbar ul { - margin:0 0; - padding:0 10px 0 10px; +#toolbar ul { + margin:0 0; + padding:0 10px 0 10px; float:left; display:block; line-height:32px; - list-style:none; + list-style:none; } #toolbar li { - float:left; - display:inline; + float:left; + display:inline; padding:0; height:32px; } -#toolbar a { - color:white; +#toolbar a { + color:white; float:left; display:block; - padding:0 3px 0 3px; + padding:0 3px 0 3px; text-decoration:none; line-height:32px; } -#toolbar a span { - display:block; - float:none; - padding:0 10px 0 7px; -} +#toolbar a span { + display:block; + float:none; + padding:0 10px 0 7px; +} -#toolbar a span img { - border:none; - margin:8px 4px 0 0; -} +#toolbar a span img { + border:none; + margin:8px 4px 0 0; +} -#toolbar a:hover { - background: url(/resource/images/left.png) no-repeat left center; -} +#toolbar a:hover { + background: url(/resource/images/left.png) no-repeat left center; +} -#toolbar a:hover span { - background:url(/resource/images/right.png) no-repeat right center; +#toolbar a:hover span { + background:url(/resource/images/right.png) no-repeat right center; } @@ -106,23 +106,23 @@ body { } #toolbar ul li ul li.current { - background: url(/resource/images/cad.gif) no-repeat left center; + background: url(/resource/images/cad.gif) no-repeat left center; } #toolbar ul li ul li a { display:block; - padding:0 3px 0 3px; + padding:0 3px 0 3px; text-decoration:none; line-height:32px; vertical-align: bottom; /* this is to fix the list gap in IE */ } #toolbar ul li ul li a:hover { - background: url(/resource/images/left.png) no-repeat left center; + background: url(/resource/images/left.png) no-repeat left center; } #toolbar ul li ul li a:hover span { - background: url(/resource/images/right2.png) no-repeat right center; + background: url(/resource/images/right2.png) no-repeat right center; } span.dark { @@ -131,7 +131,7 @@ span.dark { display:block; width:32px; height:30px; - background:url(/resource/images/gray-green.png) no-repeat center center; + background:url(/resource/images/gray-green.png) no-repeat center center; } span.bright { @@ -140,5 +140,5 @@ span.bright { display:block; width:32px; height:30px; - background:url(/resource/images/bright-green.png) no-repeat center center; + background:url(/resource/images/bright-green.png) no-repeat center center; } diff --git a/systemvm/css/logger.css b/systemvm/agent/css/logger.css similarity index 93% rename from systemvm/css/logger.css rename to systemvm/agent/css/logger.css index 42ac8071ed58..40629d3f6e5b 100644 --- a/systemvm/css/logger.css +++ b/systemvm/agent/css/logger.css @@ -6,9 +6,9 @@ regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - + http://www.apache.org/licenses/LICENSE-2.0 - + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -45,14 +45,14 @@ under the License. .logwin_title_actionbox .select { - background: #424242; - font: normal 10px Arial, Helvetica, sans-serif; - float:left; - border: 1px solid #6e6e6e; - height: 16px; - width: 100px; - margin-left:3px; - padding:0 0 0 3px; + background: #424242; + font: normal 10px Arial, Helvetica, sans-serif; + float:left; + border: 1px solid #6e6e6e; + height: 16px; + width: 100px; + margin-left:3px; + padding:0 0 0 3px; color:#CCC; } @@ -136,4 +136,3 @@ a:hover.logwin_minimizebutton { height: 477px; background: white; } - diff --git a/systemvm/images/back.gif b/systemvm/agent/images/back.gif similarity index 100% rename from systemvm/images/back.gif rename to systemvm/agent/images/back.gif diff --git a/systemvm/images/bright-green.png b/systemvm/agent/images/bright-green.png similarity index 100% rename from systemvm/images/bright-green.png rename to systemvm/agent/images/bright-green.png diff --git a/systemvm/images/cad.gif b/systemvm/agent/images/cad.gif similarity index 100% rename from systemvm/images/cad.gif rename to systemvm/agent/images/cad.gif diff --git a/systemvm/images/cannotconnect.jpg b/systemvm/agent/images/cannotconnect.jpg similarity index 100% rename from systemvm/images/cannotconnect.jpg rename to systemvm/agent/images/cannotconnect.jpg diff --git a/systemvm/images/clr_button.gif b/systemvm/agent/images/clr_button.gif similarity index 100% rename from systemvm/images/clr_button.gif rename to systemvm/agent/images/clr_button.gif diff --git a/systemvm/images/clr_button_hover.gif b/systemvm/agent/images/clr_button_hover.gif similarity index 100% rename from systemvm/images/clr_button_hover.gif rename to systemvm/agent/images/clr_button_hover.gif diff --git a/systemvm/images/dot.cur b/systemvm/agent/images/dot.cur similarity index 100% rename from systemvm/images/dot.cur rename to systemvm/agent/images/dot.cur diff --git a/systemvm/images/gray-green.png b/systemvm/agent/images/gray-green.png similarity index 100% rename from systemvm/images/gray-green.png rename to systemvm/agent/images/gray-green.png diff --git a/systemvm/images/grid_headerbg.gif b/systemvm/agent/images/grid_headerbg.gif similarity index 100% rename from systemvm/images/grid_headerbg.gif rename to systemvm/agent/images/grid_headerbg.gif diff --git a/systemvm/images/left.png b/systemvm/agent/images/left.png similarity index 100% rename from systemvm/images/left.png rename to systemvm/agent/images/left.png diff --git a/systemvm/images/minimize_button.gif b/systemvm/agent/images/minimize_button.gif similarity index 100% rename from systemvm/images/minimize_button.gif rename to systemvm/agent/images/minimize_button.gif diff --git a/systemvm/images/minimize_button_hover.gif b/systemvm/agent/images/minimize_button_hover.gif similarity index 100% rename from systemvm/images/minimize_button_hover.gif rename to systemvm/agent/images/minimize_button_hover.gif diff --git a/systemvm/images/notready.jpg b/systemvm/agent/images/notready.jpg similarity index 100% rename from systemvm/images/notready.jpg rename to systemvm/agent/images/notready.jpg diff --git a/systemvm/images/play_button.gif b/systemvm/agent/images/play_button.gif similarity index 100% rename from systemvm/images/play_button.gif rename to systemvm/agent/images/play_button.gif diff --git a/systemvm/images/play_button_hover.gif b/systemvm/agent/images/play_button_hover.gif similarity index 100% rename from systemvm/images/play_button_hover.gif rename to systemvm/agent/images/play_button_hover.gif diff --git a/systemvm/images/right.png b/systemvm/agent/images/right.png similarity index 100% rename from systemvm/images/right.png rename to systemvm/agent/images/right.png diff --git a/systemvm/images/right2.png b/systemvm/agent/images/right2.png similarity index 100% rename from systemvm/images/right2.png rename to systemvm/agent/images/right2.png diff --git a/systemvm/images/shrink_button.gif b/systemvm/agent/images/shrink_button.gif similarity index 100% rename from systemvm/images/shrink_button.gif rename to systemvm/agent/images/shrink_button.gif diff --git a/systemvm/images/shrink_button_hover.gif b/systemvm/agent/images/shrink_button_hover.gif similarity index 100% rename from systemvm/images/shrink_button_hover.gif rename to systemvm/agent/images/shrink_button_hover.gif diff --git a/systemvm/images/stop_button.gif b/systemvm/agent/images/stop_button.gif similarity index 100% rename from systemvm/images/stop_button.gif rename to systemvm/agent/images/stop_button.gif diff --git a/systemvm/images/stop_button_hover.gif b/systemvm/agent/images/stop_button_hover.gif similarity index 100% rename from systemvm/images/stop_button_hover.gif rename to systemvm/agent/images/stop_button_hover.gif diff --git a/systemvm/images/winlog.png b/systemvm/agent/images/winlog.png similarity index 100% rename from systemvm/images/winlog.png rename to systemvm/agent/images/winlog.png diff --git a/systemvm/js/ajaxkeys.js b/systemvm/agent/js/ajaxkeys.js similarity index 100% rename from systemvm/js/ajaxkeys.js rename to systemvm/agent/js/ajaxkeys.js diff --git a/systemvm/js/ajaxviewer.js b/systemvm/agent/js/ajaxviewer.js similarity index 94% rename from systemvm/js/ajaxviewer.js rename to systemvm/agent/js/ajaxviewer.js index b085f9925c3d..f160abc9b58f 100644 --- a/systemvm/js/ajaxviewer.js +++ b/systemvm/agent/js/ajaxviewer.js @@ -6,9 +6,9 @@ regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - + http://www.apache.org/licenses/LICENSE-2.0 - + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -34,12 +34,12 @@ StringBuilder.prototype = { } return this; }, - + clear : function() { this.strings.length = 1; return this; }, - + toString: function() { return this.strings.join(""); } @@ -51,7 +51,7 @@ function getCurrentLanguage() { var tokens = acceptLanguages.split(','); if(tokens.length > 0) return tokens[0]; - + return "en-us"; } else { return "en-us"; @@ -74,11 +74,11 @@ function KeyboardMapper() { // // For KeyPress event, it translates it only if there exist a mapping entry // in jsX11KeysymMap map and the entry meets the condition -// +// // COOKED keyboard // Primarily translates KeyPress event, either as is or through mapped result // It translates KeyDown/KeyUp only there exists a mapping entry, or if there -// is no mapping entry, translate when certain modifier key is pressed (i.e., +// is no mapping entry, translate when certain modifier key is pressed (i.e., // CTRL or ALT key // // Mapping entry types @@ -86,10 +86,10 @@ function KeyboardMapper() { // boolean : only valid for jsX11KeysymMap, existence of this type, no matter true or false // in value, corresponding KeyDown/KeyUp event will be masked // array : contains a set of conditional mapping entry -// +// // Conditional mapping entry // -// { +// { // type: , code: , modifiers: , // shift : , -- match on shift state // guestos : , -- match on guestos type @@ -152,7 +152,7 @@ KeyboardMapper.prototype = { }, RawkeyboardInputHandler : function(eventType, code, modifiers, guestos, browser, browserVersion) { if(eventType == AjaxViewer.KEY_DOWN || eventType == AjaxViewer.KEY_UP) { - + // special handling for Alt + Ctrl + Ins, convert it into Alt-Ctrl-Del if(code == AjaxViewer.JS_KEY_INSERT) { if((modifiers & AjaxViewer.ALT_KEY_MASK) != 0 && (modifiers & AjaxViewer.CTRL_KEY_MASK) != 0) { @@ -160,7 +160,7 @@ KeyboardMapper.prototype = { return; } } - + var X11Keysym = code; if(this.jsX11KeysymMap[code] != undefined && (guestos == 'windows' || modifiers != AjaxViewer.SHIFT_KEY_MASK || code == AjaxViewer.JS_KEY_CAPSLOCK)) { X11Keysym = this.jsX11KeysymMap[code]; @@ -183,7 +183,7 @@ KeyboardMapper.prototype = { // special handling for ALT/CTRL key if(eventType == AjaxViewer.KEY_UP && (code == AjaxViewer.JS_KEY_ALT || code == AjaxViewer.JS_KEY_CTRL)) this.mappedInput.push({type : eventType, code: this.jsX11KeysymMap[code], modifiers: modifiers}); - + } else if(eventType == AjaxViewer.KEY_PRESS && guestos == 'null') { // ENTER/BACKSPACE key should already have been sent through KEY DOWN/KEY UP event if(code == AjaxViewer.JS_KEY_ENTER || code == AjaxViewer.JS_KEY_BACKSPACE) @@ -207,10 +207,10 @@ KeyboardMapper.prototype = { } } }, - + CookedKeyboardInputHandler : function(eventType, code, modifiers, guestos, browser, browserVersion) { if(eventType == AjaxViewer.KEY_DOWN || eventType == AjaxViewer.KEY_UP) { - + // special handling for Alt + Ctrl + Ins, convert it into Alt-Ctrl-Del if(code == AjaxViewer.JS_KEY_INSERT) { if((modifiers & AjaxViewer.ALT_KEY_MASK) != 0 && (modifiers & AjaxViewer.CTRL_KEY_MASK) != 0) { @@ -218,7 +218,7 @@ KeyboardMapper.prototype = { return; } } - + var X11Keysym = code; if(this.jsX11KeysymMap[code] != undefined) { X11Keysym = this.jsX11KeysymMap[code]; @@ -252,7 +252,7 @@ KeyboardMapper.prototype = { this.mappedInput.push({type : AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_SHIFT, modifiers: modifiers}); return; } - + if(code == AjaxViewer.JS_NUMPAD_PLUS) { this.mappedInput.push({type : AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_SHIFT, modifiers: modifiers}); this.mappedInput.push({type : AjaxViewer.KEY_DOWN, code: 43, modifiers: modifiers}); @@ -260,7 +260,7 @@ KeyboardMapper.prototype = { this.mappedInput.push({type : AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_SHIFT, modifiers: modifiers}); return; } - + // ENTER/BACKSPACE key should already have been sent through KEY DOWN/KEY UP event if(code == AjaxViewer.JS_KEY_ENTER || code == AjaxViewer.JS_KEY_BACKSPACE) return; @@ -285,20 +285,20 @@ KeyboardMapper.prototype = { } } }, - + inputFeed : function(eventType, code, modifiers, guestos, browser, browserVersion) { if(this.keyboardType == KeyboardMapper.KEYBOARD_TYPE_RAW) this.RawkeyboardInputHandler(eventType, code, modifiers, guestos, browser, browserVersion); else this.CookedKeyboardInputHandler(eventType, code, modifiers, guestos, browser, browserVersion); }, - + getMappedInput : function() { var mappedInput = this.mappedInput; this.mappedInput = []; return mappedInput; }, - + isConditionalEntryMatched : function(eventType, code, modifiers, entry, guestos, browser, browserVersion) { if(eventType == AjaxViewer.KEY_DOWN || eventType == AjaxViewer.KEY_UP) { // for KeyDown/KeyUp events, we require that the type in entry should match with @@ -306,10 +306,10 @@ KeyboardMapper.prototype = { if(entry.type != eventType) return false; } - + // check conditional match if(entry.shift != undefined) { - var shift = ((modifiers & AjaxViewer.SHIFT_KEY_MASK) != 0 ? true : false); + var shift = ((modifiers & AjaxViewer.SHIFT_KEY_MASK) != 0 ? true : false); if(entry.shift ^ shift) return false; } @@ -325,20 +325,20 @@ KeyboardMapper.prototype = { if(entry.guestos != guestos) return false; } - + if(entry.browser != undefined) { if(entry.browser != browser) return false; } - + if(entry.browserVersion != undefined) { if(entry.browserVersion != browserVersion) return false; } - + return true; }, - + isModifierInput : function(code) { return $.inArray(code, [AjaxViewer.ALT_KEY_MASK, AjaxViewer.SHIFT_KEY_MASK, AjaxViewer.CTRL_KEY_MASK, AjaxViewer.META_KEY_MASK]) >= 0; } @@ -352,10 +352,10 @@ function AjaxViewer(panelId, imageUrl, updateUrl, locale, guestos, tileMap, widt // however, a back door key-sequence can trigger to open the logger window, it is designed to help // trouble-shooting g_logger = new Logger(); - + // g_logger.enable(true); // g_logger.open(); - + var ajaxViewer = this; this.imageLoaded = false; this.fullImage = true; @@ -364,7 +364,7 @@ function AjaxViewer(panelId, imageUrl, updateUrl, locale, guestos, tileMap, widt $(this.img).attr('src', imageUrl).load(function() { ajaxViewer.imageLoaded = true; }); - + this.updateUrl = updateUrl; this.tileMap = tileMap; this.guestos = guestos; @@ -381,16 +381,16 @@ function AjaxViewer(panelId, imageUrl, updateUrl, locale, guestos, tileMap, widt this.currentKeyboard = AjaxViewer.KEYBOARD_TYPE_ENGLISH; this.keyboardMappers = []; - + this.timer = 0; this.eventQueue = []; this.sendingEventInProgress = false; - + this.lastClickEvent = { x: 0, y: 0, button: 0, modifiers: 0, time: new Date().getTime() }; - + if(window.onStatusNotify == undefined) window.onStatusNotify = function(status) {}; - + this.panel = this.generateCanvas(panelId, width, height, tileWidth, tileHeight); // this.setupKeyboardTranslationle(); this.setupKeyboardTranslationTable(this.keyboardMappers); @@ -408,7 +408,7 @@ AjaxViewer.EVENT_BAG = 7; AjaxViewer.MOUSE_DBLCLK = 8; AjaxViewer.MOUSE_SCROLL = 9; -// use java AWT key modifier masks +// use java AWT key modifier masks AjaxViewer.SHIFT_KEY_MASK = 64; AjaxViewer.CTRL_KEY_MASK = 128; AjaxViewer.META_KEY_MASK = 256; @@ -487,7 +487,7 @@ AjaxViewer.JS_KEY_COMMA = 188; // , AjaxViewer.JS_KEY_DASH = 189; // - AjaxViewer.JS_KEY_PERIOD = 190; // . AjaxViewer.JS_KEY_FORWARD_SLASH = 191; // / -AjaxViewer.JS_KEY_GRAVE_ACCENT = 192; // ` +AjaxViewer.JS_KEY_GRAVE_ACCENT = 192; // ` AjaxViewer.JS_KEY_OPEN_BRACKET = 219; // [ AjaxViewer.JS_KEY_BACK_SLASH = 220; // \ AjaxViewer.JS_KEY_CLOSE_BRACKET = 221; // ] @@ -574,29 +574,29 @@ AjaxViewer.getEventName = function(type) { switch(type) { case AjaxViewer.MOUSE_MOVE : return "MOUSE_MOVE"; - + case AjaxViewer.MOUSE_DOWN : return "MOUSE_DOWN"; - + case AjaxViewer.MOUSE_UP : return "MOUSE_UP"; - + case AjaxViewer.KEY_PRESS : return "KEY_PRESS"; - + case AjaxViewer.KEY_DOWN : return "KEY_DOWN"; - + case AjaxViewer.KEY_UP : return "KEY_UP"; - + case AjaxViewer.EVENT_BAG : return "EVENT_BAG"; - + case AjaxViewer.MOUSE_DBLCLK : return "MOUSE_DBLCLK"; } - + return "N/A"; }; @@ -604,18 +604,18 @@ AjaxViewer.prototype = { setDirty: function(value) { this.dirty = value; }, - + isDirty: function() { return this.dirty; }, - + isImageLoaded: function() { return this.imageLoaded; }, - + refresh: function(imageUrl, tileMap, fullImage) { var ajaxViewer = this; - var img = $(this.img); + var img = $(this.img); this.fullImage = fullImage; this.imgUrl=imageUrl; @@ -624,28 +624,28 @@ AjaxViewer.prototype = { }); this.tileMap = tileMap; }, - + resize: function(panelId, width, height, tileWidth, tileHeight) { $(".canvas_tile", document.body).each(function() { $(this).remove(); }); $("table", $("#" + panelId)).remove(); - + this.width = width; this.height = height; this.tileWidth = tileWidth; this.tileHeight = tileHeight; this.panel = this.generateCanvas(panelId, width, height, tileWidth, tileHeight); }, - + start: function() { var ajaxViewer = this; this.timer = setInterval(function() { ajaxViewer.heartbeat(); }, 50); - + $(document).bind("ajaxError", function(event, XMLHttpRequest, ajaxOptions, thrownError) { ajaxViewer.onAjaxError(event, XMLHttpRequest, ajaxOptions, thrownError); }); - + this.eventQueue = []; // reset event queue this.sendingEventInProgress = false; ajaxViewer.installMouseHook(); @@ -656,20 +656,20 @@ AjaxViewer.prototype = { ajaxViewer.onWindowResize(); }); }, - + stop: function() { clearInterval(this.timer); this.deleteCanvas(); this.uninstallMouseHook(); - this.uninstallKeyboardHook(); + this.uninstallKeyboardHook(); this.eventQueue = []; this.sendingEventInProgress = false; $(document).unbind("ajaxError"); $(window).unbind("resize"); }, - + sendMouseEvent: function(event, x, y, whichButton, modifiers) { this.eventQueue.push({ type: AjaxViewer.EVENT_QUEUE_MOUSE_EVENT, @@ -686,7 +686,7 @@ AjaxViewer.prototype = { setupKeyboardTranslationTable : function() { this.keyboardMappers = []; - + var mapper = new KeyboardMapper(); this.keyboardMappers[AjaxViewer.KEYBOARD_TYPE_ENGLISH] = mapper; mapper.setKeyboardType(KeyboardMapper.KEYBOARD_TYPE_COOKED); @@ -704,7 +704,7 @@ AjaxViewer.prototype = { mapper.setKeyboardType(KeyboardMapper.KEYBOARD_TYPE_FR); // JP keyboard plugged in a English host OS -/* +/* mapper.jsX11KeysymMap[AjaxViewer.JS_KEY_JP_COLON] = AjaxViewer.X11_KEY_COLON; mapper.jsX11KeysymMap[AjaxViewer.JS_KEY_JP_CLOSE_BRACKET] = AjaxViewer.X11_KEY_CLOSE_BRACKET; mapper.jsX11KeysymMap[AjaxViewer.JS_KEY_JP_AT_SIGN] = AjaxViewer.X11_KEY_GRAVE_ACCENT; @@ -712,17 +712,17 @@ AjaxViewer.prototype = { mapper.jsX11KeysymMap[AjaxViewer.JS_KEY_JP_BACK_SLASH] = AjaxViewer.X11_KEY_REVERSE_SOLIUS; // X11 REVERSE SOLIDUS mapper.jsX11KeysymMap[AjaxViewer.JS_KEY_JP_YEN_MARK] = AjaxViewer.X11_KEY_YEN_MARK; // X11 YEN SIGN mapper.jsKeyPressX11KeysymMap[61] = [ - {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_CIRCUMFLEX_ACCENT, modifiers: 0 }, - {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_CIRCUMFLEX_ACCENT, modifiers: 0 }, - ]; - + {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_CIRCUMFLEX_ACCENT, modifiers: 0 }, + {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_CIRCUMFLEX_ACCENT, modifiers: 0 }, + ]; + mapper.jsKeyPressX11KeysymMap[43] = [ - {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_SHIFT, modifiers: 0, shift: false }, - {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_ADD, modifiers: 0, shift: false }, - {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_ADD, modifiers: 0, shift: false }, - {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_SHIFT, modifiers: 0, shift: false }, - {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_TILDE, modifiers: 0, shift: true }, - {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_TILDE, modifiers: 0, shift: true } + {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_SHIFT, modifiers: 0, shift: false }, + {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_ADD, modifiers: 0, shift: false }, + {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_ADD, modifiers: 0, shift: false }, + {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_SHIFT, modifiers: 0, shift: false }, + {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_TILDE, modifiers: 0, shift: true }, + {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_TILDE, modifiers: 0, shift: true } ]; */ @@ -736,24 +736,24 @@ AjaxViewer.prototype = { mapper.jsX11KeysymMap[186] = AjaxViewer.X11_KEY_COLON; // Chrome mapper.jsX11KeysymMap[226] = AjaxViewer.X11_KEY_REVERSE_SOLIUS; // \| key left to right SHIFT on JP keyboard mapper.jsX11KeysymMap[240] = [ - {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_CAPSLOCK, modifiers: 0 }, - {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_CAPSLOCK, modifiers: 0 }, - ]; - + {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_CAPSLOCK, modifiers: 0 }, + {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_CAPSLOCK, modifiers: 0 }, + ]; + // for keycode 107, keypress 59 mapper.jsKeyPressX11KeysymMap[59] = [ - {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_SEMI_COLON, modifiers: 0 }, - {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_SEMI_COLON, modifiers: 0 }, - ]; - + {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_SEMI_COLON, modifiers: 0 }, + {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_SEMI_COLON, modifiers: 0 }, + ]; + // for keycode 107, keypress 43 mapper.jsKeyPressX11KeysymMap[43] = [ - {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_SHIFT, modifiers: 0, shift: false }, - {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_ADD, modifiers: 0, shift: false }, - {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_ADD, modifiers: 0, shift: false }, - {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_SHIFT, modifiers: 0, shift: false }, - {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_ADD, modifiers: 0, shift: true }, - {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_ADD, modifiers: 0, shift: true }, + {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_SHIFT, modifiers: 0, shift: false }, + {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_ADD, modifiers: 0, shift: false }, + {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_ADD, modifiers: 0, shift: false }, + {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_SHIFT, modifiers: 0, shift: false }, + {type: AjaxViewer.KEY_DOWN, code: AjaxViewer.X11_KEY_ADD, modifiers: 0, shift: true }, + {type: AjaxViewer.KEY_UP, code: AjaxViewer.X11_KEY_ADD, modifiers: 0, shift: true }, ]; */ @@ -784,11 +784,11 @@ AjaxViewer.prototype = { } }, // end of the setupKeyboardTranslationTable function - + getCurrentKeyboardMapper : function() { return this.keyboardMappers[this.currentKeyboard]; }, - + setupUIController : function() { var ajaxViewer = this; var pullDownElement = $("#toolbar").find(".pulldown"); @@ -797,13 +797,13 @@ AjaxViewer.prototype = { var subMenu = pullDownElement.find("ul"); var offset = subMenu.parent().offset(); subMenu.css("left", offset.left); - + $("li.current").removeClass("current"); $("li:has(a[cmd$=" + ajaxViewer.currentKeyboard + "])", subMenu).addClass("current"); subMenu.css("z-index", "" + ajaxViewer.maxTileZIndex + 1).show(); return false; }, - + function(e) { pullDownElement.find("ul").hide(); return false; @@ -814,10 +814,10 @@ AjaxViewer.prototype = { $(val).click(function(e) { var cmd = $(e.target).attr("cmd"); if(cmd) - ajaxViewer.onCommand(cmd); + ajaxViewer.onCommand(cmd); else { var cmdLink = $(e.target).closest("a"); - + if(cmdLink.attr("cmd")) { var cmd = cmdLink.attr("cmd"); ajaxViewer.onCommand(cmd); @@ -826,7 +826,7 @@ AjaxViewer.prototype = { }); }); }, - + onCommand : function(cmd) { if(cmd == "keyboard_jp") { $("#toolbar").find(".pulldown").find("ul").hide(); @@ -862,12 +862,12 @@ AjaxViewer.prototype = { } } }, - + sendKeyboardEvent: function(event, code, modifiers) { // back door to open logger window - CTRL-ATL-SHIFT+SPACE - if(code == 32 && + if(code == 32 && (modifiers & AjaxViewer.SHIFT_KEY_MASK | AjaxViewer.CTRL_KEY_MASK | AjaxViewer.ALT_KEY_MASK) == (AjaxViewer.SHIFT_KEY_MASK | AjaxViewer.CTRL_KEY_MASK | AjaxViewer.ALT_KEY_MASK)) { - + if(!g_logger.isOpen()) { g_logger.enable(true); g_logger.open(); @@ -876,7 +876,7 @@ AjaxViewer.prototype = { g_logger.close(); } } - + var len; g_logger.log(Logger.LEVEL_INFO, "Keyboard event: " + AjaxViewer.getEventName(event) + ", code: " + code + ", modifiers: " + modifiers + ', char: ' + String.fromCharCode(code)); this.eventQueue.push({ @@ -889,11 +889,11 @@ AjaxViewer.prototype = { if(event != AjaxViewer.KEY_DOWN) this.checkEventQueue(); }, - + aggregateEvents: function() { var ajaxViewer = this; var aggratedQueue = []; - + var aggregating = false; var mouseX; var mouseY; @@ -924,13 +924,13 @@ AjaxViewer.prototype = { modifiers: 0 }); aggregating = false; - + aggratedQueue.push(item); } } } }); - + if(aggregating) { aggratedQueue.push({ type: AjaxViewer.EVENT_QUEUE_MOUSE_EVENT, @@ -941,13 +941,13 @@ AjaxViewer.prototype = { modifiers: 0 }); } - - this.eventQueue = aggratedQueue; + + this.eventQueue = aggratedQueue; }, - + checkEventQueue: function() { var ajaxViewer = this; - + if(!this.sendingEventInProgress && this.eventQueue.length > 0) { var sb = new StringBuilder(); sb.append(""+this.eventQueue.length).append("|"); @@ -968,41 +968,41 @@ AjaxViewer.prototype = { } }); this.eventQueue.length = 0; - + var url = ajaxViewer.updateUrl + "&event=" + AjaxViewer.EVENT_BAG; - + g_logger.log(Logger.LEVEL_TRACE, "Posting client event " + sb.toString() + "..."); - + ajaxViewer.sendingEventInProgress = true; window.onStatusNotify(AjaxViewer.STATUS_SENDING); $.post(url, {data: sb.toString()}, function(data, textStatus) { g_logger.log(Logger.LEVEL_TRACE, "Client event " + sb.toString() + " is posted"); - + ajaxViewer.sendingEventInProgress = false; window.onStatusNotify(AjaxViewer.STATUS_SENT); - + ajaxViewer.checkUpdate(); }, 'html'); } }, - + onAjaxError: function(event, XMLHttpRequest, ajaxOptions, thrownError) { if(window.onClientError != undefined && jQuery.isFunction(window.onClientError)) { window.onClientError(); } }, - + onWindowResize: function() { var offset = this.panel.offset(); - + var row = $('tr:first', this.panel); var cell = $('td:first', row); var tile = this.getTile(cell, 'tile'); - + var tileOffset = tile.offset(); var deltaX = offset.left - tileOffset.left; var deltaY = offset.top - tileOffset.top; - + if(deltaX != 0 || deltaY != 0) { $(".canvas_tile").each(function() { var offsetFrom = $(this).offset(); @@ -1010,28 +1010,28 @@ AjaxViewer.prototype = { }); } }, - + deleteCanvas: function() { $('.canvas_tile', $(document.body)).each(function() { $(this).remove(); }); }, - + generateCanvas: function(wrapperDivId, width, height, tileWidth, tileHeight) { var canvasParent = $('#' + wrapperDivId); canvasParent.width(width); canvasParent.height(height); - + if(window.onCanvasSizeChange != undefined && jQuery.isFunction(window.onCanvasSizeChange)) window.onCanvasSizeChange(width, height); - + var tableDef = '
\r\n'; var i = 0; var j = 0; for(i = 0; i < Math.ceil((height + tileHeight - 1) / tileHeight); i++) { var rowHeight = Math.min(height - i*tileHeight, tileHeight); tableDef += '\r\n'; - + for(j = 0; j < Math.ceil((width + tileWidth - 1) / tileWidth); j++) { var colWidth = Math.min(width - j*tileWidth, tileWidth); tableDef += '\r\n'; @@ -1039,40 +1039,40 @@ AjaxViewer.prototype = { tableDef += '\r\n'; } tableDef += '
\r\n'; - + return $(tableDef).appendTo(canvasParent); }, - + getTile: function(cell, name) { var clonedDiv = cell.data(name); if(!clonedDiv) { var offset = cell.offset(); - var divDef = "
"; - + clonedDiv = $(divDef).appendTo($(document.body)); cell.data(name, clonedDiv); } - + return clonedDiv; }, - + initCell: function(cell) { if(!cell.data("init")) { cell.data("init", true); - + cell.data("current", 0); this.getTile(cell, "tile2"); this.getTile(cell, "tile"); } }, - + displayCell: function(cell, bg) { var div; var divPrev; if(!cell.data("current")) { cell.data("current", 1); - + divPrev = this.getTile(cell, "tile"); div = this.getTile(cell, "tile2"); } else { @@ -1080,13 +1080,13 @@ AjaxViewer.prototype = { divPrev = this.getTile(cell, "tile2"); div = this.getTile(cell, "tile"); } - + var zIndex = parseInt(divPrev.css("z-index")) + 1; this.maxTileZIndex = Math.max(this.maxTileZIndex, zIndex); div.css("z-index", zIndex); div.css("background", bg); }, - + updateTile: function() { if(this.dirty) { var ajaxViewer = this; @@ -1094,7 +1094,7 @@ AjaxViewer.prototype = { var tileHeight = this.tileHeight; var imgUrl = this.imgUrl; var panel = this.panel; - + if(this.fullImage) { $.each(this.tileMap, function() { var i = $(this)[0]; @@ -1102,7 +1102,7 @@ AjaxViewer.prototype = { var row = $("TR:eq("+i+")", panel); var cell = $("TD:eq("+j+")", row); var attr = "url(" + imgUrl + ") -"+j*tileWidth+"px -"+i*tileHeight + "px"; - + ajaxViewer.initCell(cell); ajaxViewer.displayCell(cell, attr); }); @@ -1114,25 +1114,25 @@ AjaxViewer.prototype = { var attr = "url(" + imgUrl + ") no-repeat -"+offset+"px 0px"; var row = $("TR:eq("+i+")", panel); var cell = $("TD:eq("+j+")", row); - + ajaxViewer.initCell(cell); ajaxViewer.displayCell(cell, attr); }); } - + this.dirty = false; } }, - + heartbeat: function() { this.checkEventQueue(); this.checkUpdate(); }, - + checkUpdate: function() { if(!this.isDirty()) return; - + if(this.isImageLoaded()) { this.updateTile(); var url = this.updateUrl; @@ -1147,84 +1147,84 @@ AjaxViewer.prototype = { eval(data); ajaxViewer.setDirty(true); window.onStatusNotify(AjaxViewer.STATUS_RECEIVED); - + ajaxViewer.checkUpdate(); } }); - } + } }, - + ptInPanel: function(pageX, pageY) { var mainPanel = this.panel; - + var offset = mainPanel.offset(); var x = pageX - offset.left; var y = pageY - offset.top; - + if(x < 0 || y < 0 || x > mainPanel.width() - 1 || y > mainPanel.height() - 1) return false; return true; }, - + pageToPanel: function(pageX, pageY) { var mainPanel = this.panel; - + var offset = mainPanel.offset(); var x = pageX - offset.left; var y = pageY - offset.top; - + if(x < 0) x = 0; if(x > mainPanel.width() - 1) x = mainPanel.width() - 1; - + if(y < 0) y = 0; if(y > mainPanel.height() - 1) y = mainPanel.height() - 1; - + return { x: Math.ceil(x), y: Math.ceil(y) }; }, - + installMouseHook: function() { var ajaxViewer = this; var target = $(document.body); - + target.mousemove(function(e) { if(!ajaxViewer.ptInPanel(e.pageX, e.pageY)) return true; - - var pt = ajaxViewer.pageToPanel(e.pageX, e.pageY); + + var pt = ajaxViewer.pageToPanel(e.pageX, e.pageY); ajaxViewer.onMouseMove(pt.x, pt.y); - + e.stopPropagation(); return false; }); - + target.mousedown(function(e) { ajaxViewer.panel.parent().focus(); - + if(!ajaxViewer.ptInPanel(e.pageX, e.pageY)) return true; - + var modifiers = ajaxViewer.getKeyModifiers(e); var whichButton = e.button; - - var pt = ajaxViewer.pageToPanel(e.pageX, e.pageY); + + var pt = ajaxViewer.pageToPanel(e.pageX, e.pageY); ajaxViewer.onMouseDown(pt.x, pt.y, whichButton, modifiers); - + e.stopPropagation(); return false; }); - + target.mouseup(function(e) { if(!ajaxViewer.ptInPanel(e.pageX, e.pageY)) return true; - + var modifiers = ajaxViewer.getKeyModifiers(e); var whichButton = e.button; - - var pt = ajaxViewer.pageToPanel(e.pageX, e.pageY); + + var pt = ajaxViewer.pageToPanel(e.pageX, e.pageY); ajaxViewer.onMouseUp(pt.x, pt.y, whichButton, modifiers); e.stopPropagation(); @@ -1247,11 +1247,11 @@ AjaxViewer.prototype = { e.stopPropagation(); return false; }); - + // disable browser right-click context menu target.bind("contextmenu", function() { return false; }); }, - + uninstallMouseHook : function() { var target = $(document); target.unbind("mousemove"); @@ -1259,7 +1259,7 @@ AjaxViewer.prototype = { target.unbind("mouseup"); target.unbind("contextmenu"); }, - + requiresDefaultKeyProcess : function(e) { switch(e.which) { case 8 : // backspace @@ -1281,16 +1281,16 @@ AjaxViewer.prototype = { case 47 : // FORWARD SLASH // Added to stop Firefox's quick search from opening return false; } - + if(this.getKeyModifiers(e) == AjaxViewer.SHIFT_KEY_MASK) return true; - + if(this.getKeyModifiers(e) != 0) return false; - + return true; }, - + installKeyboardHook: function() { var ajaxViewer = this; var target = $(document); @@ -1301,65 +1301,65 @@ AjaxViewer.prototype = { e.stopPropagation(); if(ajaxViewer.requiresDefaultKeyProcess(e)) return true; - + e.preventDefault(); return false; }); - + target.keydown(function(e) { ajaxViewer.onKeyDown(e.which, ajaxViewer.getKeyModifiers(e)); - + e.stopPropagation(); if(ajaxViewer.requiresDefaultKeyProcess(e)) return true; - + e.preventDefault(); return false; }); - + target.keyup(function(e) { ajaxViewer.onKeyUp(e.which, ajaxViewer.getKeyModifiers(e)); e.stopPropagation(); if(ajaxViewer.requiresDefaultKeyProcess(e)) return true; - + e.preventDefault(); return false; }); }, - + uninstallKeyboardHook : function() { var target = $(document); target.unbind("keypress"); target.unbind("keydown"); target.unbind("keyup"); }, - + onMouseMove: function(x, y) { this.sendMouseEvent(AjaxViewer.MOUSE_MOVE, x, y, 0, 0); }, - + onMouseDown: function(x, y, whichButton, modifiers) { this.sendMouseEvent(AjaxViewer.MOUSE_DOWN, x, y, whichButton, modifiers); }, - + onMouseUp: function(x, y, whichButton, modifiers) { this.sendMouseEvent(AjaxViewer.MOUSE_UP, x, y, whichButton, modifiers); - + var curTick = new Date().getTime(); if(this.lastClickEvent.time && (curTick - this.lastClickEvent.time < 300)) { - this.onMouseDblClick(this.lastClickEvent.x, this.lastClickEvent.y, + this.onMouseDblClick(this.lastClickEvent.x, this.lastClickEvent.y, this.lastClickEvent.button, this.lastClickEvent.modifiers); } - + this.lastClickEvent.x = x; this.lastClickEvent.y = y; this.lastClickEvent.button = whichButton; this.lastClickEvent.modifiers = modifiers; this.lastClickEvent.time = curTick; }, - + onMouseDblClick: function(x, y, whichButton, modifiers) { this.sendMouseEvent(AjaxViewer.MOUSE_DBLCLK, x, y, whichButton, modifiers); }, @@ -1368,73 +1368,72 @@ AjaxViewer.prototype = { this.sendMouseEvent(AjaxViewer.MOUSE_SCROLL, x, y, whichButton, modifiers); }, - + onKeyPress: function(code, modifiers) { g_logger.log(Logger.LEVEL_WARN, "RAW KEYBOARD EVENT. KEY-PRESS: " + code + ", modifers: " + modifiers); - + this.dispatchKeyboardInput(AjaxViewer.KEY_PRESS, code, modifiers); }, - + onKeyDown: function(code, modifiers) { g_logger.log(Logger.LEVEL_WARN, "RAW KEYBOARD EVENT. KEY-DOWN: " + code + ", modifers: " + modifiers); - + this.dispatchKeyboardInput(AjaxViewer.KEY_DOWN, code, modifiers); }, - + onKeyUp: function(code, modifiers) { g_logger.log(Logger.LEVEL_WARN, "RAW KEYBOARD EVENT. KEY-UP: " + code + ", modifers: " + modifiers); - + this.dispatchKeyboardInput(AjaxViewer.KEY_UP, code, modifiers); }, - + dispatchKeyboardInput : function(event, code, modifiers) { var keyboardMapper = ajaxViewer.getCurrentKeyboardMapper(); keyboardMapper.inputFeed(event, code, modifiers, this.guestos, $.browser, $.browser.version); this.dispatchMappedKeyboardInput(keyboardMapper.getMappedInput()); }, - + dispatchMappedKeyboardInput : function(mappedInput) { for(var i = 0; i < mappedInput.length; i++) { switch(mappedInput[i].type) { case AjaxViewer.KEY_DOWN : this.sendKeyboardEvent(AjaxViewer.KEY_DOWN, mappedInput[i].code, mappedInput[i].modifiers); break; - + case AjaxViewer.KEY_UP : this.sendKeyboardEvent(AjaxViewer.KEY_UP, mappedInput[i].code, mappedInput[i].modifiers); break; - + case AjaxViewer.KEY_PRESS : this.sendKeyboardEvent(AjaxViewer.KEY_PRESS, mappedInput[i].code, mappedInput[i].modifiers); break; } } }, - + getKeyModifiers: function(e) { var modifiers = 0; if(e.altKey) modifiers |= AjaxViewer.ALT_KEY_MASK; - + if(e.altLeft) modifiers |= AjaxViewer.LEFT_ALT_MASK; - + if(e.ctrlKey) modifiers |= AjaxViewer.CTRL_KEY_MASK; - + if(e.ctrlLeft) modifiers |= AjaxViewer.LEFT_CTRL_MASK; - + if(e.shiftKey) modifiers |= AjaxViewer.SHIFT_KEY_MASK; - + if(e.shiftLeft) modifiers |= AjaxViewer.LEFT_SHIFT_MASK; - + if(e.metaKey) modifiers |= AjaxViewer.META_KEY_MASK; - + return modifiers; } }; - diff --git a/systemvm/js/cloud.logger.js b/systemvm/agent/js/cloud.logger.js similarity index 91% rename from systemvm/js/cloud.logger.js rename to systemvm/agent/js/cloud.logger.js index 5e61accd16d4..d2f20792f8ba 100644 --- a/systemvm/js/cloud.logger.js +++ b/systemvm/agent/js/cloud.logger.js @@ -6,9 +6,9 @@ regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - + http://www.apache.org/licenses/LICENSE-2.0 - + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -28,14 +28,14 @@ under the License. function Logger() { this.bDockEnabled = true; - + this.logWin = null; this.logger = null; this.header = null; - + this.bEnabled = true; this.level = 0; - + this.bMoving = false; this.offsetStart = {left: 0, top: 0}; this.ptStart = {x: 0, y: 0}; @@ -51,24 +51,24 @@ Logger.LEVEL_FATAL = 5; Logger.LEVEL_SYS = 100; Logger.prototype = { - + open: function() { if(this.logWin) { this.logWin.show(); - + this.log(Logger.LEVEL_SYS, "Logger is open in browser: " + this.objectToString($.browser)); return; } - + var logger = this; - var logWinMarkup = [ + var logWinMarkup = [ '
', '
', '
', - '', - '', - '', - '
', + '', + '', + '', + '', '', - '
', + '', + '', '
', '
', - '', + '', '', '
', '
', '
', '
' ].join(''); - + this.logWin = $(logWinMarkup).appendTo(document.body); this.header = $('.logwin_title:first', this.logWin); this.logger = $('.logwin_content:first', this.logWin); @@ -95,22 +95,22 @@ Logger.prototype = { $(".logwin_title", this.logWin).mousedown(function(e) { if($(e.target).attr('cmd')) return true; - + if(!logger.bMoving) { logger.bMoving = true; logger.offsetStart = logger.logWin.offset(); logger.ptStart = {x: e.pageX, y: e.pageY}; - + $(document).bind("mousemove", function(e) { if(logger.bMoving) { logger.enableDocking(false); - + var logWinNewLeft = logger.offsetStart.left + e.pageX - logger.ptStart.x; var logWinNewTop = logger.offsetStart.top + e.pageY - logger.ptStart.y; - + logger.logWin.css("left", logWinNewLeft + "px").css("top", logWinNewTop + "px"); } - return false; + return false; }); $(document).bind("mouseup", function(e) { @@ -118,98 +118,98 @@ Logger.prototype = { logger.bMoving = false; $(document).unbind("mousemove", arguments.callee.name); $(document).unbind("mouseup", arguments.callee.name); - + return false; } return true; }); } - + // prevent default handling return false; }).dblclick(function(e) { logger.expand(!logger.isExpanded()); }); - + this.logWin.click(function(e) { if($(e.target).attr('cmd')) { switch($(e.target).attr('cmd')) { case '1' : logger.enable(true); break; - + case '2' : logger.enable(false); break; - + case '3' : logger.clear(); break; - + case '4' : logger.enableDocking(true); logger.dockIn(); break; - + case '5' : logger.expand(!logger.isExpanded()); break; - + default : break; } } }); - + $("#template_type", this.logWin).change(function(e) { logger.setLevel(parseInt($(this).val())); }); - + this.logWin.css("left", (($(document.body).width() - this.logWin.width()) / 2) + "px"); this.dockIn(); - + this.log(Logger.LEVEL_SYS, "Logger is open in browser: " + this.objectToString($.browser)); }, - + close: function() { if(this.logWin) this.logWin.hide(); }, - + isOpen: function() { if(this.logWin) return this.logWin.is(":visible"); return false; }, - + dockIn: function() { var logger = this; var offset = this.logWin.offset(); var bottom = offset.top + this.logWin.height(); var delta = bottom - 2; - - this.logWin.animate({top: (offset.top - delta) + "px"}, 200, + + this.logWin.animate({top: (offset.top - delta) + "px"}, 200, function() { logger.logWin.unbind("mouseleave"); logger.logWin.bind("mouseenter", function(e) { if(logger.bDockEnabled) logger.dockOut(); }); - } + } ); }, - + dockOut: function() { var logger = this; - this.logWin.animate({top: "0px"}, 200, + this.logWin.animate({top: "0px"}, 200, function() { logger.logWin.unbind("mouseenter"); logger.logWin.bind("mouseleave", function(e) { if(logger.bDockEnabled) { var xPosInLogWin = e.pageX - logger.logWin.offset().left; var yPosInLogWin = e.pageY - logger.logWin.offset().top; - - if(xPosInLogWin < 0 || yPosInLogWin < 0 || + + if(xPosInLogWin < 0 || yPosInLogWin < 0 || xPosInLogWin > logger.logWin.width() || yPosInLogWin > logger.logWin.height()) { logger.dockIn(); } @@ -218,11 +218,11 @@ Logger.prototype = { } ); }, - + enableDocking: function(bEnable) { this.bDockEnabled = bEnable; }, - + log: function(level, message) { // Note : LEVEL_SYS message will always be logged if(this.logger && (level == Logger.LEVEL_SYS || this.bEnabled && level >= this.level)) { @@ -236,33 +236,33 @@ Logger.prototype = { ':', curTime.getMinutes(), ":", curTime.getSeconds(), ".", curTime.getMilliseconds()].join(''); - + this.logger.append(this.getLevelDisplayString(level) + " - " + curTimeString + " - " + message + '
'); } }, - + clear: function() { if(this.logger) { this.logger.empty(); this.log(Logger.LEVEL_SYS, "Logger is cleared"); } }, - + setLevel: function(level) { this.level = level; - + this.log(Logger.LEVEL_SYS, "Set logger trace level to " + this.getLevelDisplayString(level)); }, - + enable: function(bEnabled) { this.bEnabled = bEnabled; - + if(bEnabled) this.log(Logger.LEVEL_SYS, "Logger is enabled"); else this.log(Logger.LEVEL_SYS, "Logger is disabled"); }, - + expand: function(bExpand) { if(bExpand) { this.logWin.height(Logger.DEFAULT_WIN_HEIGHT); @@ -272,59 +272,59 @@ Logger.prototype = { this.logger.height(0); } }, - + isExpanded: function() { return this.logWin.height() > this.header.height(); }, - + getLevelDisplayString: function(level) { switch(level) { case Logger.LEVEL_TRACE : return "TRACE"; - + case Logger.LEVEL_DEBUG : return "DEBUG"; - + case Logger.LEVEL_INFO : return "INFO"; - + case Logger.LEVEL_WARN : return "WARN"; - + case Logger.LEVEL_ERROR : return "ERROR"; - + case Logger.LEVEL_FATAL : return "FATAL"; - + case Logger.LEVEL_SYS : return "SYSINFO"; } - + return "LEVEL " + level; }, - + // this is a util function which actually can be put elsewhere instead of in this class objectToString : function(object) { if(object) { if(object instanceof Object) { var sb = ['{' ]; - + $.each(object, function(name, val) { sb.push('' + name + ': '); - + if(val instanceof Object) { sb.push(this.objectToString(val)); } else { sb.push('' + val); } - + sb.push(','); }); - + if(sb[sb.length - 1] == ',' ) sb.length = sb.length - 1; - + sb.push('}'); return sb.join(""); } else { @@ -335,4 +335,3 @@ Logger.prototype = { } } }; - diff --git a/systemvm/js/handler.js b/systemvm/agent/js/handler.js similarity index 99% rename from systemvm/js/handler.js rename to systemvm/agent/js/handler.js index d22ff079ee67..b820f1e2e233 100644 --- a/systemvm/js/handler.js +++ b/systemvm/agent/js/handler.js @@ -6,9 +6,9 @@ regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - + http://www.apache.org/licenses/LICENSE-2.0 - + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY diff --git a/systemvm/js/jquery.flot.navigate.js b/systemvm/agent/js/jquery.flot.navigate.js similarity index 96% rename from systemvm/js/jquery.flot.navigate.js rename to systemvm/agent/js/jquery.flot.navigate.js index 02d189f61902..a7bb023d9b5e 100644 --- a/systemvm/js/jquery.flot.navigate.js +++ b/systemvm/agent/js/jquery.flot.navigate.js @@ -17,7 +17,7 @@ Options: trigger: "dblclick" // or "click" for single click amount: 1.5 // 2 = 200% (zoom in), 0.5 = 50% (zoom out) } - + pan: { interactive: false cursor: "move" // CSS mouse cursor value used when dragging, e.g. "pointer" @@ -28,7 +28,7 @@ Options: zoomRange: null // or [number, number] (min range, max range) or false panRange: null // or [number, number] (min, max) or false } - + "interactive" enables the built-in drag/click behaviour. If you enable interactive for pan, then you'll have a basic plot that supports moving around; the same for zoom. @@ -58,16 +58,16 @@ panRange to false, panning on that axis will be disabled. Example API usage: plot = $.plot(...); - - // zoom default amount in on the pixel (10, 20) + + // zoom default amount in on the pixel (10, 20) plot.zoom({ center: { left: 10, top: 20 } }); // zoom out again plot.zoomOut({ center: { left: 10, top: 20 } }); - // zoom 200% in on the pixel (10, 20) + // zoom 200% in on the pixel (10, 20) plot.zoom({ amount: 2, center: { left: 10, top: 20 } }); - + // pan 100 pixels to the left and 20 down plot.pan({ left: -100, top: 20 }) @@ -79,7 +79,7 @@ you convert between these). "amount" is the amount to zoom the viewport relative to the current range, so 1 is 100% (i.e. no change), 1.5 is 150% (zoom in), 0.7 is 70% (zoom out). You can set the default in the options. - + */ @@ -88,7 +88,7 @@ range, so 1 is 100% (i.e. no change), 1.5 is 150% (zoom in), 0.7 is // effort of downloading them. /* -jquery.event.drag.js ~ v1.5 ~ Copyright (c) 2008, Three Dub Media (http://threedubmedia.com) +jquery.event.drag.js ~ v1.5 ~ Copyright (c) 2008, Three Dub Media (http://threedubmedia.com) Licensed under the MIT License ~ http://threedubmedia.googlecode.com/files/MIT-LICENSE.txt */ (function(E){E.fn.drag=function(L,K,J){if(K){this.bind("dragstart",L)}if(J){this.bind("dragend",J)}return !L?this.trigger("drag"):this.bind("drag",K?K:L)};var A=E.event,B=A.special,F=B.drag={not:":input",distance:0,which:1,dragging:false,setup:function(J){J=E.extend({distance:F.distance,which:F.which,not:F.not},J||{});J.distance=I(J.distance);A.add(this,"mousedown",H,J);if(this.attachEvent){this.attachEvent("ondragstart",D)}},teardown:function(){A.remove(this,"mousedown",H);if(this===F.dragging){F.dragging=F.proxy=false}G(this,true);if(this.detachEvent){this.detachEvent("ondragstart",D)}}};B.dragstart=B.dragend={setup:function(){},teardown:function(){}};function H(L){var K=this,J,M=L.data||{};if(M.elem){K=L.dragTarget=M.elem;L.dragProxy=F.proxy||K;L.cursorOffsetX=M.pageX-M.left;L.cursorOffsetY=M.pageY-M.top;L.offsetX=L.pageX-L.cursorOffsetX;L.offsetY=L.pageY-L.cursorOffsetY}else{if(F.dragging||(M.which>0&&L.which!=M.which)||E(L.target).is(M.not)){return }}switch(L.type){case"mousedown":E.extend(M,E(K).offset(),{elem:K,target:L.target,pageX:L.pageX,pageY:L.pageY});A.add(document,"mousemove mouseup",H,M);G(K,false);F.dragging=null;return false;case !F.dragging&&"mousemove":if(I(L.pageX-M.pageX)+I(L.pageY-M.pageY) max) { @@ -256,14 +256,14 @@ Licensed under the MIT License ~ http://threedubmedia.googlecode.com/files/MIT-L ((zr[0] != null && range < zr[0]) || (zr[1] != null && range > zr[1]))) return; - + opts.min = min; opts.max = max; }); - + plot.setupGrid(); plot.draw(); - + if (!args.preventEvent) plot.getPlaceholder().trigger("plotzoom", [ plot ]); } @@ -289,7 +289,7 @@ Licensed under the MIT License ~ http://threedubmedia.googlecode.com/files/MIT-L var pr = opts.panRange; if (pr === false) // no panning on this axis return; - + if (pr) { // check whether we hit the wall if (pr[0] != null && pr[0] > min) { @@ -297,21 +297,21 @@ Licensed under the MIT License ~ http://threedubmedia.googlecode.com/files/MIT-L min += d; max += d; } - + if (pr[1] != null && pr[1] < max) { d = pr[1] - max; min += d; max += d; } } - + opts.min = min; opts.max = max; }); - + plot.setupGrid(); plot.draw(); - + if (!args.preventEvent) plot.getPlaceholder().trigger("plotpan", [ plot ]); } @@ -325,11 +325,11 @@ Licensed under the MIT License ~ http://threedubmedia.googlecode.com/files/MIT-L if (panTimeout) clearTimeout(panTimeout); } - + plot.hooks.bindEvents.push(bindEvents); plot.hooks.shutdown.push(shutdown); } - + $.plot.plugins.push({ init: init, options: options, diff --git a/systemvm/js/jquery.js b/systemvm/agent/js/jquery.js similarity index 100% rename from systemvm/js/jquery.js rename to systemvm/agent/js/jquery.js diff --git a/systemvm/scripts/_run.sh b/systemvm/agent/scripts/_run.sh similarity index 99% rename from systemvm/scripts/_run.sh rename to systemvm/agent/scripts/_run.sh index 96cc88bb17c5..1b473f64ebf9 100755 --- a/systemvm/scripts/_run.sh +++ b/systemvm/agent/scripts/_run.sh @@ -6,9 +6,9 @@ # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY diff --git a/systemvm/scripts/config_auth.sh b/systemvm/agent/scripts/config_auth.sh similarity index 97% rename from systemvm/scripts/config_auth.sh rename to systemvm/agent/scripts/config_auth.sh index 4b74f8eb9954..b5781feb6c77 100755 --- a/systemvm/scripts/config_auth.sh +++ b/systemvm/agent/scripts/config_auth.sh @@ -6,9 +6,9 @@ # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -18,7 +18,7 @@ - + BASE_DIR="/var/www/html/copy/template/" @@ -43,7 +43,7 @@ config_htaccess() { let "result=$result+$?" echo "Require valid-user" >> $HTACCESS let "result=$result+$?" - return $result + return $result } write_passwd() { @@ -65,5 +65,5 @@ then exit 2 fi -config_htaccess +config_htaccess exit $? diff --git a/systemvm/scripts/config_ssl.sh b/systemvm/agent/scripts/config_ssl.sh similarity index 95% rename from systemvm/scripts/config_ssl.sh rename to systemvm/agent/scripts/config_ssl.sh index 931c1a5120a1..b8cf47c23e3d 100755 --- a/systemvm/scripts/config_ssl.sh +++ b/systemvm/agent/scripts/config_ssl.sh @@ -6,9 +6,9 @@ # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -47,8 +47,6 @@ config_apache2_conf() { cp -f /etc/apache2/sites-available/default-ssl.orig /etc/apache2/sites-available/default-ssl sed -i -e "s///" /etc/apache2/sites-available/default sed -i -e "s///" /etc/apache2/sites-available/default-ssl - sed -i -e "s/Listen .*:80/Listen $ip:80/g" /etc/apache2/ports.conf - sed -i -e "s/Listen .*:443/Listen $ip:443/g" /etc/apache2/ports.conf sed -i 's/ssl-cert-snakeoil.key/cert_apache.key/' /etc/apache2/sites-available/default-ssl sed -i 's/ssl-cert-snakeoil.pem/cert_apache.crt/' /etc/apache2/sites-available/default-ssl sed -i 's/SSLProtocol.*$/SSLProtocol all -SSLv2 -SSLv3/' /etc/apache2/sites-available/default-ssl @@ -90,7 +88,7 @@ copy_certs() { return $? fi if [ ! -z customCertChain ] && [ -f $customCertChain ] ; then - cp $customCertChain /etc/httpd/ssl/certs + cp $customCertChain /etc/httpd/ssl/certs fi return 1 } @@ -158,7 +156,7 @@ fi if [ "$cflag" == "1" ] then - if [ "$cpkflag$cpcflag" != "11" ] + if [ "$cpkflag$cpcflag" != "11" ] then help exit 1 @@ -175,7 +173,7 @@ then exit 3 fi - if [ "$cccflag" == "1" ] + if [ "$cccflag" == "1" ] then if [ ! -f "$customCertChain" ] then @@ -208,10 +206,7 @@ fi if [ -d /etc/apache2 ] then config_apache2_conf $publicIp $hostName - /etc/init.d/apache2 stop - /etc/init.d/apache2 start + systemctl restart apache2 else config_httpd_conf $publicIp $hostName fi - - diff --git a/systemvm/scripts/consoleproxy.sh b/systemvm/agent/scripts/consoleproxy.sh similarity index 99% rename from systemvm/scripts/consoleproxy.sh rename to systemvm/agent/scripts/consoleproxy.sh index 294d5974bb51..1adbcc1a97ec 100755 --- a/systemvm/scripts/consoleproxy.sh +++ b/systemvm/agent/scripts/consoleproxy.sh @@ -6,9 +6,9 @@ # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY diff --git a/systemvm/scripts/ipfirewall.sh b/systemvm/agent/scripts/ipfirewall.sh similarity index 99% rename from systemvm/scripts/ipfirewall.sh rename to systemvm/agent/scripts/ipfirewall.sh index 4711b8ac6db6..7450f7fca8af 100755 --- a/systemvm/scripts/ipfirewall.sh +++ b/systemvm/agent/scripts/ipfirewall.sh @@ -6,9 +6,9 @@ # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -47,4 +47,3 @@ do ips "$i" done exit $? - diff --git a/systemvm/scripts/run-proxy.sh b/systemvm/agent/scripts/run-proxy.sh similarity index 94% rename from systemvm/scripts/run-proxy.sh rename to systemvm/agent/scripts/run-proxy.sh index d6ccf7c0091e..f26f54b12b53 100644 --- a/systemvm/scripts/run-proxy.sh +++ b/systemvm/agent/scripts/run-proxy.sh @@ -6,9 +6,9 @@ # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -18,11 +18,11 @@ - + #run.sh runs the console proxy. -# make sure we delete the old files from the original template +# make sure we delete the old files from the original template rm console-proxy.jar rm console-common.jar rm conf/cloud.properties @@ -44,5 +44,5 @@ done # ;; # esac # done - + java -mx700m -cp $CP:./conf com.cloud.consoleproxy.ConsoleProxy $@ diff --git a/systemvm/scripts/run.sh b/systemvm/agent/scripts/run.sh similarity index 99% rename from systemvm/scripts/run.sh rename to systemvm/agent/scripts/run.sh index 7923a34931f2..3ef001be31b8 100755 --- a/systemvm/scripts/run.sh +++ b/systemvm/agent/scripts/run.sh @@ -6,9 +6,9 @@ # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY diff --git a/systemvm/scripts/secstorage.sh b/systemvm/agent/scripts/secstorage.sh similarity index 99% rename from systemvm/scripts/secstorage.sh rename to systemvm/agent/scripts/secstorage.sh index b45afc2e8ca8..f210bb796156 100755 --- a/systemvm/scripts/secstorage.sh +++ b/systemvm/agent/scripts/secstorage.sh @@ -6,9 +6,9 @@ # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY diff --git a/systemvm/scripts/ssvm-check.sh b/systemvm/agent/scripts/ssvm-check.sh similarity index 97% rename from systemvm/scripts/ssvm-check.sh rename to systemvm/agent/scripts/ssvm-check.sh index ffd3d954305a..2abab81da725 100644 --- a/systemvm/scripts/ssvm-check.sh +++ b/systemvm/agent/scripts/ssvm-check.sh @@ -6,16 +6,16 @@ # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. - + # Health check script for the Secondary Storage VM @@ -29,7 +29,7 @@ do value=`echo $i | cut -d= -f2` case $key in host) - MGMTSERVER=$value + MGMTSERVER=$value ;; esac done @@ -141,6 +141,6 @@ else fi echo ================================================ -echo Tests Complete. Look for ERROR or WARNING above. +echo Tests Complete. Look for ERROR or WARNING above. exit 0 diff --git a/systemvm/scripts/utils.sh b/systemvm/agent/scripts/utils.sh similarity index 100% rename from systemvm/scripts/utils.sh rename to systemvm/agent/scripts/utils.sh diff --git a/systemvm/ui/viewer-bad-sid.ftl b/systemvm/agent/ui/viewer-bad-sid.ftl similarity index 99% rename from systemvm/ui/viewer-bad-sid.ftl rename to systemvm/agent/ui/viewer-bad-sid.ftl index 2f30ec36015b..fa1625a94d82 100644 --- a/systemvm/ui/viewer-bad-sid.ftl +++ b/systemvm/agent/ui/viewer-bad-sid.ftl @@ -6,9 +6,9 @@ regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - + http://www.apache.org/licenses/LICENSE-2.0 - + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY diff --git a/systemvm/ui/viewer-connect-failed.ftl b/systemvm/agent/ui/viewer-connect-failed.ftl similarity index 99% rename from systemvm/ui/viewer-connect-failed.ftl rename to systemvm/agent/ui/viewer-connect-failed.ftl index 9d907cacb43c..eb715ad7bef3 100644 --- a/systemvm/ui/viewer-connect-failed.ftl +++ b/systemvm/agent/ui/viewer-connect-failed.ftl @@ -6,9 +6,9 @@ regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - + http://www.apache.org/licenses/LICENSE-2.0 - + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY diff --git a/systemvm/ui/viewer-update.ftl b/systemvm/agent/ui/viewer-update.ftl similarity index 97% rename from systemvm/ui/viewer-update.ftl rename to systemvm/agent/ui/viewer-update.ftl index 6bf9ab35ce78..6de70338b692 100644 --- a/systemvm/ui/viewer-update.ftl +++ b/systemvm/agent/ui/viewer-update.ftl @@ -18,7 +18,6 @@ under the License. --> tileMap = [ ${tileSequence} ]; <#if resized == true> - ajaxViewer.resize('main_panel', ${width}, ${height}, ${tileWidth}, ${tileHeight}); + ajaxViewer.resize('main_panel', ${width}, ${height}, ${tileWidth}, ${tileHeight}); ajaxViewer.refresh('${imgUrl}', tileMap, false); - diff --git a/systemvm/ui/viewer.ftl b/systemvm/agent/ui/viewer.ftl similarity index 84% rename from systemvm/ui/viewer.ftl rename to systemvm/agent/ui/viewer.ftl index 62de193cf7b8..e6b12071111e 100644 --- a/systemvm/ui/viewer.ftl +++ b/systemvm/agent/ui/viewer.ftl @@ -6,9 +6,9 @@ regarding copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at - + http://www.apache.org/licenses/LICENSE-2.0 - + Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -28,26 +28,26 @@ under the License.
- + - + diff --git a/systemvm/bindir/cloud-setup-console-proxy.in b/systemvm/bindir/cloud-setup-console-proxy.in deleted file mode 100755 index 6439c0fc3294..000000000000 --- a/systemvm/bindir/cloud-setup-console-proxy.in +++ /dev/null @@ -1,220 +0,0 @@ -#!/usr/bin/env python - -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - - -import sys, os, subprocess, errno, re, getopt - -# ---- This snippet of code adds the sources path and the waf configured PYTHONDIR to the Python path ---- -# ---- We do this so cloud_utils can be looked up in the following order: -# ---- 1) Sources directory -# ---- 2) waf configured PYTHONDIR -# ---- 3) System Python path -for pythonpath in ( - "@PYTHONDIR@", - os.path.join(os.path.dirname(__file__),os.path.pardir,os.path.pardir,"python","lib"), - ): - if os.path.isdir(pythonpath): sys.path.insert(0,pythonpath) -# ---- End snippet of code ---- -import cloud_utils -from cloud_utils import stderr - -E_GENERIC= 1 -E_NOKVM = 2 -E_NODEFROUTE = 3 -E_DHCP = 4 -E_NOPERSISTENTNET = 5 -E_NETRECONFIGFAILED = 6 -E_VIRTRECONFIGFAILED = 7 -E_FWRECONFIGFAILED = 8 -E_CPRECONFIGFAILED = 9 -E_CPFAILEDTOSTART = 10 -E_NOFQDN = 11 - -def bail(errno=E_GENERIC,message=None,*args): - if message: stderr(message,*args) - stderr("Cloud Console Proxy setup aborted") - sys.exit(errno) - - -#---------------- boilerplate for python 2.4 support - - -# CENTOS does not have this -- we have to put this here -try: - from subprocess import check_call - from subprocess import CalledProcessError -except ImportError: - def check_call(*popenargs, **kwargs): - import subprocess - retcode = subprocess.call(*popenargs, **kwargs) - cmd = kwargs.get("args") - if cmd is None: cmd = popenargs[0] - if retcode: raise CalledProcessError(retcode, cmd) - return retcode - - class CalledProcessError(Exception): - def __init__(self, returncode, cmd): - self.returncode = returncode ; self.cmd = cmd - def __str__(self): return "Command '%s' returned non-zero exit status %d" % (self.cmd, self.returncode) - -# ------------ end boilerplate ------------------------- - -def check_hostname(): return check_call(["hostname",'--fqdn']) - -class Command: - def __init__(self,name,parent=None): - self.__name = name - self.__parent = parent - def __getattr__(self,name): - if name == "_print": name = "print" - return Command(name,self) - def __call__(self,*args): - cmd = self.__get_recursive_name() + list(args) - #print " ",cmd - popen = subprocess.Popen(cmd,stdout=subprocess.PIPE,stderr=subprocess.PIPE) - m = popen.communicate() - ret = popen.wait() - if ret: - e = CalledProcessError(ret,cmd) - e.stdout,e.stderr = m - raise e - class CommandOutput: - def __init__(self,stdout,stderr): - self.stdout = stdout - self.stderr = stderr - return CommandOutput(*m) - def __lt__(self,other): - cmd = self.__get_recursive_name() - #print " ",cmd,"<",other - popen = subprocess.Popen(cmd,stdin=subprocess.PIPE,stdout=subprocess.PIPE,stderr=subprocess.PIPE) - m = popen.communicate(other) - ret = popen.wait() - if ret: - e = CalledProcessError(ret,cmd) - e.stdout,e.stderr = m - raise e - class CommandOutput: - def __init__(self,stdout,stderr): - self.stdout = stdout - self.stderr = stderr - return CommandOutput(*m) - - def __get_recursive_name(self,sep=None): - m = self - l = [] - while m is not None: - l.append(m.__name) - m = m.__parent - l.reverse() - if sep: return sep.join(l) - else: return l - def __str__(self): - return ''%self.__get_recursive_name(sep=" ") - - def __repr__(self): return self.__str__() - -ip = Command("ip") -service = Command("service") -chkconfig = Command("chkconfig") -ufw = Command("ufw") -iptables = Command("iptables") -augtool = Command("augtool") -ifconfig = Command("ifconfig") -uuidgen = Command("uuidgen") - -Fedora = os.path.exists("/etc/fedora-release") -CentOS = os.path.exists("/etc/centos-release") or ( os.path.exists("/etc/redhat-release") and not os.path.exists("/etc/fedora-release") ) - -#--------------- procedure starts here ------------ - -def main(): - # parse cmd line - opts, args = getopt.getopt(sys.argv[1:], "a", ["host=", "zone=", "pod="]) - host=None - zone=None - pod=None - autoMode=False - do_check_kvm = True - for opt, arg in opts: - if opt == "--host": - if arg != "": - host = arg - elif opt == "--zone": - if arg != "": - zone = arg - elif opt == "--pod": - if arg != "": - pod = arg - elif opt == "-a": - autoMode=True - servicename = "@PACKAGE@-console-proxy" - - if autoMode: - cloud_utils.setLogFile("/var/log/cloud/setupConsoleProxy.log") - - stderr("Welcome to the Cloud Console Proxy setup") - stderr("") - - try: - check_hostname() - stderr("The hostname of this machine is properly set up") - except CalledProcessError,e: - bail(E_NOFQDN,"This machine does not have an FQDN (fully-qualified domain name) for a hostname") - - stderr("Stopping the Cloud Console Proxy") - cloud_utils.stop_service(servicename) - stderr("Cloud Console Proxy stopped") - - ports = "8002".split() - if Fedora or CentOS: - try: - o = chkconfig("--list","iptables") - if ":on" in o.stdout and os.path.exists("/etc/sysconfig/iptables"): - stderr("Setting up firewall rules to permit traffic to Cloud services") - service.iptables.start() ; print o.stdout + o.stderr - for p in ports: iptables("-I","INPUT","1","-p","tcp","--dport",p,'-j','ACCEPT') - o = service.iptables.save() ; print o.stdout + o.stderr - except CalledProcessError,e: - print e.stdout+e.stderr - bail(E_FWRECONFIGFAILED,"Firewall rules could not be set") - else: - stderr("Setting up firewall rules to permit traffic to Cloud services") - try: - for p in ports: ufw.allow(p) - stderr("Rules set") - except CalledProcessError,e: - print e.stdout+e.stderr - bail(E_FWRECONFIGFAILED,"Firewall rules could not be set") - - stderr("We are going to enable ufw now. This may disrupt network connectivity and service availability. See the ufw documentation for information on how to manage ufw firewall policies.") - try: - o = ufw.enable < "y\n" ; print o.stdout + o.stderr - except CalledProcessError,e: - print e.stdout+e.stderr - bail(E_FWRECONFIGFAILED,"Firewall could not be enabled") - - cloud_utils.setup_consoleproxy_config("@CPSYSCONFDIR@/agent.properties", host, zone, pod) - stderr("Enabling and starting the Cloud Console Proxy") - cloud_utils.enable_service(servicename) - stderr("Cloud Console Proxy restarted") - -if __name__ == "__main__": - main() - -# FIXMES: 1) nullify networkmanager on ubuntu (asking the user first) and enable the networking service permanently diff --git a/systemvm/conf.dom0/agent.properties.in b/systemvm/conf.dom0/agent.properties.in deleted file mode 100644 index 1920481c03f2..000000000000 --- a/systemvm/conf.dom0/agent.properties.in +++ /dev/null @@ -1,46 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -# Sample configuration file for VMOPS console proxy - -instance=ConsoleProxy -consoleproxy.httpListenPort=8002 - -#resource= the java class, which agent load to execute -resource=com.cloud.agent.resource.consoleproxy.ConsoleProxyResource - -#host= The IP address of management server -host=localhost - -#port = The port management server listening on, default is 8250 -port=8250 - -#pod= The pod, which agent belonged to -pod=default - -#zone= The zone, which agent belonged to -zone=default - -#private.network.device= the private nic device -# if this is commented, it is autodetected on service startup -# private.network.device=cloudbr0 - -#public.network.device= the public nic device -# if this is commented, it is autodetected on service startup -# public.network.device=cloudbr0 - -#guid= a GUID to identify the agent diff --git a/systemvm/conf.dom0/consoleproxy.properties.in b/systemvm/conf.dom0/consoleproxy.properties.in deleted file mode 100644 index a3cddbcab967..000000000000 --- a/systemvm/conf.dom0/consoleproxy.properties.in +++ /dev/null @@ -1,23 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -consoleproxy.tcpListenPort=0 -consoleproxy.httpListenPort=80 -consoleproxy.httpCmdListenPort=8001 -consoleproxy.jarDir=./applet/ -consoleproxy.viewerLinger=180 -consoleproxy.reconnectMaxRetry=5 diff --git a/systemvm/conf.dom0/log4j-cloud.xml.in b/systemvm/conf.dom0/log4j-cloud.xml.in deleted file mode 100644 index 0d78a950df93..000000000000 --- a/systemvm/conf.dom0/log4j-cloud.xml.in +++ /dev/null @@ -1,111 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - diff --git a/systemvm/conf/agent.properties.ssvm b/systemvm/conf/agent.properties.ssvm deleted file mode 100644 index 2f87b88dba16..000000000000 --- a/systemvm/conf/agent.properties.ssvm +++ /dev/null @@ -1,21 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -#mount.path=~/secondary-storage/ -resource=org.apache.cloudstack.storage.resource.NfsSecondaryStorageResource -testCifsMount=cifs://192.168.1.1/CSHV3?user=administrator&password=1pass%40word1 -#testLocalRoot=test diff --git a/systemvm/distro/centos/SYSCONFDIR/rc.d/init.d/cloud-console-proxy.in b/systemvm/distro/centos/SYSCONFDIR/rc.d/init.d/cloud-console-proxy.in deleted file mode 100644 index 3ec4d0655cdf..000000000000 --- a/systemvm/distro/centos/SYSCONFDIR/rc.d/init.d/cloud-console-proxy.in +++ /dev/null @@ -1,96 +0,0 @@ -#!/bin/bash - -# chkconfig: 35 99 10 -# description: Cloud Console Proxy - -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -# WARNING: if this script is changed, then all other initscripts MUST BE changed to match it as well - -. /etc/rc.d/init.d/functions - -# set environment variables - -SHORTNAME=`basename $0` -PIDFILE=@PIDDIR@/"$SHORTNAME".pid -LOCKFILE=@LOCKDIR@/"$SHORTNAME" -LOGFILE=@CPLOG@ -PROGNAME="Cloud Console Proxy" - -unset OPTIONS -[ -r @SYSCONFDIR@/sysconfig/"$SHORTNAME" ] && source @SYSCONFDIR@/sysconfig/"$SHORTNAME" -DAEMONIZE=@BINDIR@/@PACKAGE@-daemonize -PROG=@LIBEXECDIR@/console-proxy-runner - -start() { - echo -n $"Starting $PROGNAME: " - if hostname --fqdn >/dev/null 2>&1 ; then - daemon --check=$SHORTNAME --pidfile=${PIDFILE} "$DAEMONIZE" \ - -n "$SHORTNAME" -p "$PIDFILE" -l "$LOGFILE" "$PROG" $OPTIONS - RETVAL=$? - echo - else - failure - echo - echo The host name does not resolve properly to an IP address. Cannot start "$PROGNAME". > /dev/stderr - RETVAL=9 - fi - [ $RETVAL = 0 ] && touch ${LOCKFILE} - return $RETVAL -} - -stop() { - echo -n $"Stopping $PROGNAME: " - killproc -p ${PIDFILE} $SHORTNAME # -d 10 $SHORTNAME - RETVAL=$? - echo - [ $RETVAL = 0 ] && rm -f ${LOCKFILE} ${PIDFILE} -} - - -# See how we were called. -case "$1" in - start) - start - ;; - stop) - stop - ;; - status) - status -p ${PIDFILE} $SHORTNAME - RETVAL=$? - ;; - restart) - stop - sleep 3 - start - ;; - condrestart) - if status -p ${PIDFILE} $SHORTNAME >&/dev/null; then - stop - sleep 3 - start - fi - ;; - *) - echo $"Usage: $SHORTNAME {start|stop|restart|condrestart|status|help}" - RETVAL=3 -esac - -exit $RETVAL - diff --git a/systemvm/distro/fedora/SYSCONFDIR/rc.d/init.d/cloud-console-proxy.in b/systemvm/distro/fedora/SYSCONFDIR/rc.d/init.d/cloud-console-proxy.in deleted file mode 100644 index 3ec4d0655cdf..000000000000 --- a/systemvm/distro/fedora/SYSCONFDIR/rc.d/init.d/cloud-console-proxy.in +++ /dev/null @@ -1,96 +0,0 @@ -#!/bin/bash - -# chkconfig: 35 99 10 -# description: Cloud Console Proxy - -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -# WARNING: if this script is changed, then all other initscripts MUST BE changed to match it as well - -. /etc/rc.d/init.d/functions - -# set environment variables - -SHORTNAME=`basename $0` -PIDFILE=@PIDDIR@/"$SHORTNAME".pid -LOCKFILE=@LOCKDIR@/"$SHORTNAME" -LOGFILE=@CPLOG@ -PROGNAME="Cloud Console Proxy" - -unset OPTIONS -[ -r @SYSCONFDIR@/sysconfig/"$SHORTNAME" ] && source @SYSCONFDIR@/sysconfig/"$SHORTNAME" -DAEMONIZE=@BINDIR@/@PACKAGE@-daemonize -PROG=@LIBEXECDIR@/console-proxy-runner - -start() { - echo -n $"Starting $PROGNAME: " - if hostname --fqdn >/dev/null 2>&1 ; then - daemon --check=$SHORTNAME --pidfile=${PIDFILE} "$DAEMONIZE" \ - -n "$SHORTNAME" -p "$PIDFILE" -l "$LOGFILE" "$PROG" $OPTIONS - RETVAL=$? - echo - else - failure - echo - echo The host name does not resolve properly to an IP address. Cannot start "$PROGNAME". > /dev/stderr - RETVAL=9 - fi - [ $RETVAL = 0 ] && touch ${LOCKFILE} - return $RETVAL -} - -stop() { - echo -n $"Stopping $PROGNAME: " - killproc -p ${PIDFILE} $SHORTNAME # -d 10 $SHORTNAME - RETVAL=$? - echo - [ $RETVAL = 0 ] && rm -f ${LOCKFILE} ${PIDFILE} -} - - -# See how we were called. -case "$1" in - start) - start - ;; - stop) - stop - ;; - status) - status -p ${PIDFILE} $SHORTNAME - RETVAL=$? - ;; - restart) - stop - sleep 3 - start - ;; - condrestart) - if status -p ${PIDFILE} $SHORTNAME >&/dev/null; then - stop - sleep 3 - start - fi - ;; - *) - echo $"Usage: $SHORTNAME {start|stop|restart|condrestart|status|help}" - RETVAL=3 -esac - -exit $RETVAL - diff --git a/systemvm/distro/rhel/SYSCONFDIR/rc.d/init.d/cloud-console-proxy.in b/systemvm/distro/rhel/SYSCONFDIR/rc.d/init.d/cloud-console-proxy.in deleted file mode 100644 index 3ec4d0655cdf..000000000000 --- a/systemvm/distro/rhel/SYSCONFDIR/rc.d/init.d/cloud-console-proxy.in +++ /dev/null @@ -1,96 +0,0 @@ -#!/bin/bash - -# chkconfig: 35 99 10 -# description: Cloud Console Proxy - -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -# WARNING: if this script is changed, then all other initscripts MUST BE changed to match it as well - -. /etc/rc.d/init.d/functions - -# set environment variables - -SHORTNAME=`basename $0` -PIDFILE=@PIDDIR@/"$SHORTNAME".pid -LOCKFILE=@LOCKDIR@/"$SHORTNAME" -LOGFILE=@CPLOG@ -PROGNAME="Cloud Console Proxy" - -unset OPTIONS -[ -r @SYSCONFDIR@/sysconfig/"$SHORTNAME" ] && source @SYSCONFDIR@/sysconfig/"$SHORTNAME" -DAEMONIZE=@BINDIR@/@PACKAGE@-daemonize -PROG=@LIBEXECDIR@/console-proxy-runner - -start() { - echo -n $"Starting $PROGNAME: " - if hostname --fqdn >/dev/null 2>&1 ; then - daemon --check=$SHORTNAME --pidfile=${PIDFILE} "$DAEMONIZE" \ - -n "$SHORTNAME" -p "$PIDFILE" -l "$LOGFILE" "$PROG" $OPTIONS - RETVAL=$? - echo - else - failure - echo - echo The host name does not resolve properly to an IP address. Cannot start "$PROGNAME". > /dev/stderr - RETVAL=9 - fi - [ $RETVAL = 0 ] && touch ${LOCKFILE} - return $RETVAL -} - -stop() { - echo -n $"Stopping $PROGNAME: " - killproc -p ${PIDFILE} $SHORTNAME # -d 10 $SHORTNAME - RETVAL=$? - echo - [ $RETVAL = 0 ] && rm -f ${LOCKFILE} ${PIDFILE} -} - - -# See how we were called. -case "$1" in - start) - start - ;; - stop) - stop - ;; - status) - status -p ${PIDFILE} $SHORTNAME - RETVAL=$? - ;; - restart) - stop - sleep 3 - start - ;; - condrestart) - if status -p ${PIDFILE} $SHORTNAME >&/dev/null; then - stop - sleep 3 - start - fi - ;; - *) - echo $"Usage: $SHORTNAME {start|stop|restart|condrestart|status|help}" - RETVAL=3 -esac - -exit $RETVAL - diff --git a/systemvm/distro/ubuntu/SYSCONFDIR/init.d/cloud-console-proxy.in b/systemvm/distro/ubuntu/SYSCONFDIR/init.d/cloud-console-proxy.in deleted file mode 100755 index 0c7be737353c..000000000000 --- a/systemvm/distro/ubuntu/SYSCONFDIR/init.d/cloud-console-proxy.in +++ /dev/null @@ -1,110 +0,0 @@ -#!/bin/bash - -# chkconfig: 35 99 10 -# description: Cloud Console Proxy - -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -# WARNING: if this script is changed, then all other initscripts MUST BE changed to match it as well - -. /lib/lsb/init-functions -. /etc/default/rcS - -# set environment variables - -SHORTNAME=`basename $0` -PIDFILE=@PIDDIR@/"$SHORTNAME".pid -LOCKFILE=@LOCKDIR@/"$SHORTNAME" -LOGFILE=@CPLOG@ -PROGNAME="Cloud Console Proxy" - -unset OPTIONS -[ -r @SYSCONFDIR@/default/"$SHORTNAME" ] && source @SYSCONFDIR@/default/"$SHORTNAME" -DAEMONIZE=@BINDIR@/@PACKAGE@-daemonize -PROG=@LIBEXECDIR@/console-proxy-runner - -start() { - log_daemon_msg $"Starting $PROGNAME" "$SHORTNAME" - if [ -s "$PIDFILE" ] && kill -0 $(cat "$PIDFILE") >/dev/null 2>&1; then - log_progress_msg "apparently already running" - log_end_msg 0 - exit 0 - fi - if hostname --fqdn >/dev/null 2>&1 ; then - true - else - log_failure_msg "The host name does not resolve properly to an IP address. Cannot start $PROGNAME" - log_end_msg 1 - exit 1 - fi - - if start-stop-daemon --start --quiet \ - --pidfile "$PIDFILE" \ - --exec "$DAEMONIZE" -- -n "$SHORTNAME" -p "$PIDFILE" -l "$LOGFILE" "$PROG" $OPTIONS - RETVAL=$? - then - rc=0 - sleep 1 - if ! kill -0 $(cat "$PIDFILE") >/dev/null 2>&1; then - log_failure_msg "$PROG failed to start" - rc=1 - fi - else - rc=1 - fi - - if [ $rc -eq 0 ]; then - log_end_msg 0 - else - log_end_msg 1 - rm -f "$PIDFILE" - fi -} - -stop() { - echo -n $"Stopping $PROGNAME" "$SHORTNAME" - start-stop-daemon --stop --quiet --oknodo --pidfile "$PIDFILE" - log_end_msg $? - rm -f "$PIDFILE" -} - - -# See how we were called. -case "$1" in - start) - start - ;; - stop) - stop - ;; - status) - status_of_proc -p "$PIDFILE" "$PROG" "$SHORTNAME" - RETVAL=$? - ;; - restart) - stop - sleep 3 - start - ;; - *) - echo $"Usage: $SHORTNAME {start|stop|restart|status|help}" - RETVAL=3 -esac - -exit $RETVAL - diff --git a/systemvm/libexec/console-proxy-runner.in b/systemvm/libexec/console-proxy-runner.in deleted file mode 100755 index 4f18aab36e5c..000000000000 --- a/systemvm/libexec/console-proxy-runner.in +++ /dev/null @@ -1,90 +0,0 @@ -#!/usr/bin/env bash - -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - - -#run.sh runs the agent client. - -cd `dirname "$0"` - -SYSTEMJARS="@SYSTEMJARS@" -SCP=$(build-classpath $SYSTEMJARS) ; if [ $? != 0 ] ; then SCP="@SYSTEMCLASSPATH@" ; fi -DCP="@DEPSCLASSPATH@" -ACP="@AGENTCLASSPATH@" -export CLASSPATH=$SCP:$DCP:$ACP:@CPSYSCONFDIR@ -for jarfile in "@PREMIUMJAVADIR@"/* ; do - if [ ! -e "$jarfile" ] ; then continue ; fi - CLASSPATH=$jarfile:$CLASSPATH -done -for plugin in "@PLUGINJAVADIR@"/* ; do - if [ ! -e "$plugin" ] ; then continue ; fi - CLASSPATH=$plugin:$CLASSPATH -done -export CLASSPATH - -set -e -cd "@CPLIBDIR@" -echo Current directory is "$PWD" -echo CLASSPATH to run the console proxy: "$CLASSPATH" - -export PATH=/sbin:/usr/sbin:"$PATH" -SERVICEARGS= -for x in private public ; do - configuration=`grep -q "^$x.network.device" "@CPSYSCONFDIR@"/agent.properties || true` - if [ -n "$CONFIGURATION" ] ; then - echo "Using manually-configured network device $CONFIGURATION" - else - defaultroute=`ip route | grep ^default | cut -d ' ' -f 5` - test -n "$defaultroute" - echo "Using auto-discovered network device $defaultroute which is the default route" - SERVICEARGS="$SERVICEARGS $x.network.device="$defaultroute - fi -done - -function termagent() { - if [ "$agentpid" != "" ] ; then - echo Killing VMOps Console Proxy "(PID $agentpid)" with SIGTERM >&2 - kill -TERM $agentpid - echo Waiting for agent to exit >&2 - wait $agentpid - ex=$? - echo Agent exited with return code $ex >&2 - else - echo Agent PID is unknown >&2 - fi -} - -trap termagent TERM -while true ; do - java -Xms128M -Xmx384M -cp "$CLASSPATH" "$@" com.cloud.agent.AgentShell $SERVICEARGS & - agentpid=$! - echo "Console Proxy started. PID: $!" >&2 - wait $agentpid - ex=$? - if [ $ex -gt 128 ]; then - echo "wait on console proxy process interrupted by SIGTERM" >&2 - exit $ex - fi - echo "Console proxy exited with return code $ex" >&2 - if [ $ex -eq 0 ] || [ $ex -eq 1 ] || [ $ex -eq 66 ] || [ $ex -gt 128 ]; then - echo "Exiting..." > /dev/stderr - exit $ex - fi - echo "Restarting console proxy..." > /dev/stderr - sleep 1 -done diff --git a/systemvm/patches/debian/README b/systemvm/patches/debian/README deleted file mode 100644 index 5d79c3538a19..000000000000 --- a/systemvm/patches/debian/README +++ /dev/null @@ -1,34 +0,0 @@ -#################################################### - Note there is a new systemvm build script based on - Veewee(Vagrant) under tools/appliance. -#################################################### - -1. The buildsystemvm.sh script builds a 32-bit system vm disk based on the Debian Squeeze distro. This system vm can boot on any hypervisor thanks to the pvops support in the kernel. It is fully automated -2. The files under config/ are the specific tweaks to the default Debian configuration that are required for CloudStack operation. -3. The variables at the top of the buildsystemvm.sh script can be customized: - IMAGENAME=systemvm # dont touch this - LOCATION=/var/lib/images/systemvm # - MOUNTPOINT=/mnt/$IMAGENAME/ # this is where the image is mounted on your host while the vm image is built - IMAGELOC=$LOCATION/$IMAGENAME.img - PASSWORD=password # password for the vm - APT_PROXY= #you can put in an APT cacher such as apt-cacher-ng - HOSTNAME=systemvm # dont touch this - SIZE=2000 # dont touch this for now - DEBIAN_MIRROR=ftp.us.debian.org/debian - MINIMIZE=true # if this is true, a lot of docs, fonts, locales and apt cache is wiped out - -4. The systemvm includes the (non-free) Sun JRE. You can put in the standard debian jre-headless package instead but it pulls in X and bloats the image. -5. You need to be 'root' to run the buildsystemvm.sh script -6. The image is a raw image. You can run the convert.sh tool to produce images suitable for Citrix Xenserver, VMWare and KVM. - * Conversion to Citrix Xenserver VHD format requires the vhd-util tool. You can use the - -- checked in config/bin/vhd-util) OR - -- build the vhd-util tool yourself as follows: - a. The xen repository has a tool called vhd-util that compiles and runs on any linux system (http://xenbits.xensource.com/xen-4.0-testing.hg?file/8e8dd38374e9/tools/blktap2/vhd/ or full Xen source at http://www.xen.org/products/xen_source.html). - b. Apply this patch: http://lists.xensource.com/archives/cgi-bin/mesg.cgi?a=xen-devel&i=006101cb22f6%242004dd40%24600e97c0%24%40zhuo%40cloudex.cn. - c. Build the vhd-util tool - cd tools/blktap2 - make - sudo make install - * Conversion to ova (VMWare) requires the ovf tool, available from - http://communities.vmware.com/community/vmtn/server/vsphere/automationtools/ovf - * Conversion to QCOW2 requires qemu-img diff --git a/systemvm/patches/debian/config.dat b/systemvm/patches/debian/config.dat deleted file mode 100644 index b16638f742e4..000000000000 --- a/systemvm/patches/debian/config.dat +++ /dev/null @@ -1,398 +0,0 @@ -Name: adduser/homedir-permission -Template: adduser/homedir-permission -Value: true -Owners: adduser - -Name: ca-certificates/enable_crts -Template: ca-certificates/enable_crts -Value: brasil.gov.br/brasil.gov.br.crt, cacert.org/cacert.org.crt, cacert.org/class3.crt, cacert.org/root.crt, debconf.org/ca.crt, gouv.fr/cert_igca_dsa.crt, gouv.fr/cert_igca_rsa.crt, mozilla/ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt, mozilla/AddTrust_External_Root.crt, mozilla/AddTrust_Low-Value_Services_Root.crt, mozilla/AddTrust_Public_Services_Root.crt, mozilla/AddTrust_Qualified_Certificates_Root.crt, mozilla/America_Online_Root_Certification_Authority_1.crt, mozilla/America_Online_Root_Certification_Authority_2.crt, mozilla/AOL_Time_Warner_Root_Certification_Authority_1.crt, mozilla/AOL_Time_Warner_Root_Certification_Authority_2.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/beTRUSTed_Root_CA-Baltimore_Implementation.crt, mozilla/beTRUSTed_Root_CA.crt, mozilla/beTRUSTed_Root_CA_-_Entrust_Implementation.crt, mozilla/beTRUSTed_Root_CA_-_RSA_Implementation.crt, mozilla/Camerfirma_Chambers_of_Commerce_Root.crt, mozilla/Camerfirma_Global_Chambersign_Root.crt, mozilla/Certplus_Class_2_Primary_CA.crt, mozilla/Certum_Root_CA.crt, mozilla/Comodo_AAA_Services_root.crt, mozilla/COMODO_Certification_Authority.crt, mozilla/Comodo_Secure_Services_root.crt, mozilla/Comodo_Trusted_Services_root.crt, mozilla/DigiCert_Assured_ID_Root_CA.crt, mozilla/DigiCert_Global_Root_CA.crt, mozilla/DigiCert_High_Assurance_EV_Root_CA.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_2.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_4.crt, mozilla/DST_ACES_CA_X6.crt, mozilla/DST_Root_CA_X3.crt, mozilla/Entrust.net_Global_Secure_Personal_CA.crt, mozilla/Entrust.net_Global_Secure_Server_CA.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/Entrust.net_Secure_Personal_CA.crt, mozilla/Entrust.net_Secure_Server_CA.crt, mozilla/Entrust_Root_Certification_Authority.crt, mozilla/Equifax_Secure_CA.crt, mozilla/Equifax_Secure_eBusiness_CA_1.crt, mozilla/Equifax_Secure_eBusiness_CA_2.crt, mozilla/Equifax_Secure_Global_eBusiness_CA.crt, mozilla/Firmaprofesional_Root_CA.crt, mozilla/GeoTrust_Global_CA_2.crt, mozilla/GeoTrust_Global_CA.crt, mozilla/GeoTrust_Primary_Certification_Authority.crt, mozilla/GeoTrust_Universal_CA_2.crt, mozilla/GeoTrust_Universal_CA.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/GlobalSign_Root_CA_-_R2.crt, mozilla/Go_Daddy_Class_2_CA.crt, mozilla/GTE_CyberTrust_Global_Root.crt, mozilla/GTE_CyberTrust_Root_CA.crt, mozilla/IPS_Chained_CAs_root.crt, mozilla/IPS_CLASE1_root.crt, mozilla/IPS_CLASE3_root.crt, mozilla/IPS_CLASEA1_root.crt, mozilla/IPS_CLASEA3_root.crt, mozilla/IPS_Servidores_root.crt, mozilla/IPS_Timestamping_root.crt, mozilla/NetLock_Business_=Class_B=_Root.crt, mozilla/NetLock_Express_=Class_C=_Root.crt, mozilla/NetLock_Notary_=Class_A=_Root.crt, mozilla/NetLock_Qualified_=Class_QA=_Root.crt, mozilla/QuoVadis_Root_CA_2.crt, mozilla/QuoVadis_Root_CA_3.crt, mozilla/QuoVadis_Root_CA.crt, mozilla/RSA_Root_Certificate_1.crt, mozilla/RSA_Security_1024_v3.crt, mozilla/RSA_Security_2048_v3.crt, mozilla/Secure_Global_CA.crt, mozilla/SecureTrust_CA.crt, mozilla/Security_Communication_Root_CA.crt, mozilla/Sonera_Class_1_Root_CA.crt, mozilla/Sonera_Class_2_Root_CA.crt, mozilla/Staat_der_Nederlanden_Root_CA.crt, mozilla/Starfield_Class_2_CA.crt, mozilla/StartCom_Certification_Authority.crt, mozilla/StartCom_Ltd..crt, mozilla/Swisscom_Root_CA_1.crt, mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/SwissSign_Platinum_CA_-_G2.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, mozilla/Taiwan_GRCA.crt, mozilla/TC_TrustCenter__Germany__Class_2_CA.crt, mozilla/TC_TrustCenter__Germany__Class_3_CA.crt, mozilla/TDC_Internet_Root_CA.crt, mozilla/TDC_OCES_Root_CA.crt, mozilla/Thawte_Personal_Basic_CA.crt, mozilla/Thawte_Personal_Freemail_CA.crt, mozilla/Thawte_Personal_Premium_CA.crt, mozilla/Thawte_Premium_Server_CA.crt, mozilla/thawte_Primary_Root_CA.crt, mozilla/Thawte_Server_CA.crt, mozilla/Thawte_Time_Stamping_CA.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_1.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_2.crt, mozilla/UTN_DATACorp_SGC_Root_CA.crt, mozilla/UTN_USERFirst_Email_Root_CA.crt, mozilla/UTN_USERFirst_Hardware_Root_CA.crt, mozilla/UTN-USER_First-Network_Applications.crt, mozilla/UTN_USERFirst_Object_Root_CA.crt, mozilla/ValiCert_Class_1_VA.crt, mozilla/ValiCert_Class_2_VA.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_RSA_Secure_Server_CA.crt, mozilla/Verisign_Time_Stamping_Authority_CA.crt, mozilla/Visa_eCommerce_Root.crt, mozilla/Visa_International_Global_Root_2.crt, mozilla/Wells_Fargo_Root_CA.crt, mozilla/XRamp_Global_CA_Root.crt, quovadis.bm/QuoVadis_Root_Certification_Authority.crt, signet.pl/signet_ca1_pem.crt, signet.pl/signet_ca2_pem.crt, signet.pl/signet_ca3_pem.crt, signet.pl/signet_ocspklasa2_pem.crt, signet.pl/signet_ocspklasa3_pem.crt, signet.pl/signet_pca2_pem.crt, signet.pl/signet_pca3_pem.crt, signet.pl/signet_rootca_pem.crt, signet.pl/signet_tsa1_pem.crt, spi-inc.org/spi-ca-2003.crt, spi-inc.org/spi-cacert-2008.crt, telesec.de/deutsche-telekom-root-ca-2.crt -Owners: ca-certificates -Variables: - enable_crts = brasil.gov.br/brasil.gov.br.crt, cacert.org/cacert.org.crt, cacert.org/class3.crt, cacert.org/root.crt, debconf.org/ca.crt, gouv.fr/cert_igca_dsa.crt, gouv.fr/cert_igca_rsa.crt, mozilla/ABAecom_=sub.__Am._Bankers_Assn.=_Root_CA.crt, mozilla/AddTrust_External_Root.crt, mozilla/AddTrust_Low-Value_Services_Root.crt, mozilla/AddTrust_Public_Services_Root.crt, mozilla/AddTrust_Qualified_Certificates_Root.crt, mozilla/America_Online_Root_Certification_Authority_1.crt, mozilla/America_Online_Root_Certification_Authority_2.crt, mozilla/AOL_Time_Warner_Root_Certification_Authority_1.crt, mozilla/AOL_Time_Warner_Root_Certification_Authority_2.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/beTRUSTed_Root_CA-Baltimore_Implementation.crt, mozilla/beTRUSTed_Root_CA.crt, mozilla/beTRUSTed_Root_CA_-_Entrust_Implementation.crt, mozilla/beTRUSTed_Root_CA_-_RSA_Implementation.crt, mozilla/Camerfirma_Chambers_of_Commerce_Root.crt, mozilla/Camerfirma_Global_Chambersign_Root.crt, mozilla/Certplus_Class_2_Primary_CA.crt, mozilla/Certum_Root_CA.crt, mozilla/Comodo_AAA_Services_root.crt, mozilla/COMODO_Certification_Authority.crt, mozilla/Comodo_Secure_Services_root.crt, mozilla/Comodo_Trusted_Services_root.crt, mozilla/DigiCert_Assured_ID_Root_CA.crt, mozilla/DigiCert_Global_Root_CA.crt, mozilla/DigiCert_High_Assurance_EV_Root_CA.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_2.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_4.crt, mozilla/DST_ACES_CA_X6.crt, mozilla/DST_Root_CA_X3.crt, mozilla/Entrust.net_Global_Secure_Personal_CA.crt, mozilla/Entrust.net_Global_Secure_Server_CA.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/Entrust.net_Secure_Personal_CA.crt, mozilla/Entrust.net_Secure_Server_CA.crt, mozilla/Entrust_Root_Certification_Authority.crt, mozilla/Equifax_Secure_CA.crt, mozilla/Equifax_Secure_eBusiness_CA_1.crt, mozilla/Equifax_Secure_eBusiness_CA_2.crt, mozilla/Equifax_Secure_Global_eBusiness_CA.crt, mozilla/Firmaprofesional_Root_CA.crt, mozilla/GeoTrust_Global_CA_2.crt, mozilla/GeoTrust_Global_CA.crt, mozilla/GeoTrust_Primary_Certification_Authority.crt, mozilla/GeoTrust_Universal_CA_2.crt, mozilla/GeoTrust_Universal_CA.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/GlobalSign_Root_CA_-_R2.crt, mozilla/Go_Daddy_Class_2_CA.crt, mozilla/GTE_CyberTrust_Global_Root.crt, mozilla/GTE_CyberTrust_Root_CA.crt, mozilla/IPS_Chained_CAs_root.crt, mozilla/IPS_CLASE1_root.crt, mozilla/IPS_CLASE3_root.crt, mozilla/IPS_CLASEA1_root.crt, mozilla/IPS_CLASEA3_root.crt, mozilla/IPS_Servidores_root.crt, mozilla/IPS_Timestamping_root.crt, mozilla/NetLock_Business_=Class_B=_Root.crt, mozilla/NetLock_Express_=Class_C=_Root.crt, mozilla/NetLock_Notary_=Class_A=_Root.crt, mozilla/NetLock_Qualified_=Class_QA=_Root.crt, mozilla/QuoVadis_Root_CA_2.crt, mozilla/QuoVadis_Root_CA_3.crt, mozilla/QuoVadis_Root_CA.crt, mozilla/RSA_Root_Certificate_1.crt, mozilla/RSA_Security_1024_v3.crt, mozilla/RSA_Security_2048_v3.crt, mozilla/Secure_Global_CA.crt, mozilla/SecureTrust_CA.crt, mozilla/Security_Communication_Root_CA.crt, mozilla/Sonera_Class_1_Root_CA.crt, mozilla/Sonera_Class_2_Root_CA.crt, mozilla/Staat_der_Nederlanden_Root_CA.crt, mozilla/Starfield_Class_2_CA.crt, mozilla/StartCom_Certification_Authority.crt, mozilla/StartCom_Ltd..crt, mozilla/Swisscom_Root_CA_1.crt, mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/SwissSign_Platinum_CA_-_G2.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, mozilla/Taiwan_GRCA.crt, mozilla/TC_TrustCenter__Germany__Class_2_CA.crt, mozilla/TC_TrustCenter__Germany__Class_3_CA.crt, mozilla/TDC_Internet_Root_CA.crt, mozilla/TDC_OCES_Root_CA.crt, mozilla/Thawte_Personal_Basic_CA.crt, mozilla/Thawte_Personal_Freemail_CA.crt, mozilla/Thawte_Personal_Premium_CA.crt, mozilla/Thawte_Premium_Server_CA.crt, mozilla/thawte_Primary_Root_CA.crt, mozilla/Thawte_Server_CA.crt, mozilla/Thawte_Time_Stamping_CA.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_1.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_2.crt, mozilla/UTN_DATACorp_SGC_Root_CA.crt, mozilla/UTN_USERFirst_Email_Root_CA.crt, mozilla/UTN_USERFirst_Hardware_Root_CA.crt, mozilla/UTN-USER_First-Network_Applications.crt, mozilla/UTN_USERFirst_Object_Root_CA.crt, mozilla/ValiCert_Class_1_VA.crt, mozilla/ValiCert_Class_2_VA.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_RSA_Secure_Server_CA.crt, mozilla/Verisign_Time_Stamping_Authority_CA.crt, mozilla/Visa_eCommerce_Root.crt, mozilla/Visa_International_Global_Root_2.crt, mozilla/Wells_Fargo_Root_CA.crt, mozilla/XRamp_Global_CA_Root.crt, quovadis.bm/QuoVadis_Root_Certification_Authority.crt, signet.pl/signet_ca1_pem.crt, signet.pl/signet_ca2_pem.crt, signet.pl/signet_ca3_pem.crt, signet.pl/signet_ocspklasa2_pem.crt, signet.pl/signet_ocspklasa3_pem.crt, signet.pl/signet_pca2_pem.crt, signet.pl/signet_pca3_pem.crt, signet.pl/signet_rootca_pem.crt, signet.pl/signet_tsa1_pem.crt, spi-inc.org/spi-ca-2003.crt, spi-inc.org/spi-cacert-2008.crt, telesec.de/deutsche-telekom-root-ca-2.crt - -Name: ca-certificates/new_crts -Template: ca-certificates/new_crts -Owners: ca-certificates -Variables: - new_crts = - -Name: ca-certificates/trust_new_crts -Template: ca-certificates/trust_new_crts -Value: yes -Owners: ca-certificates - -Name: debconf-apt-progress/info -Template: debconf-apt-progress/info -Owners: debconf - -Name: debconf-apt-progress/media-change -Template: debconf-apt-progress/media-change -Owners: debconf - -Name: debconf-apt-progress/preparing -Template: debconf-apt-progress/preparing -Owners: debconf - -Name: debconf-apt-progress/title -Template: debconf-apt-progress/title -Owners: debconf - -Name: debconf/frontend -Template: debconf/frontend -Value: noninteractive -Owners: debconf - -Name: debconf/priority -Template: debconf/priority -Value: high -Owners: debconf - -Name: dhcp3-client/dhclient-needs-restarting -Template: dhcp3-client/dhclient-needs-restarting -Owners: dhcp3-client - -Name: dhcp3-client/dhclient-script_moved -Template: dhcp3-client/dhclient-script_moved -Owners: dhcp3-client - -Name: glibc/restart-failed -Template: glibc/restart-failed -Owners: libc6 - -Name: glibc/restart-services -Template: glibc/restart-services -Owners: libc6 - -Name: glibc/upgrade -Template: glibc/upgrade -Owners: libc6 - -Name: libpam-modules/disable-screensaver -Template: libpam-modules/disable-screensaver -Owners: libpam-modules - -Name: libpam0g/restart-failed -Template: libpam0g/restart-failed -Owners: libpam0g - -Name: libpam0g/restart-services -Template: libpam0g/restart-services -Owners: libpam0g - -Name: libpam0g/xdm-needs-restart -Template: libpam0g/xdm-needs-restart -Owners: libpam0g - -Name: libssl0.9.8/restart-failed -Template: libssl0.9.8/restart-failed -Owners: libssl0.9.8 - -Name: libssl0.9.8/restart-services -Template: libssl0.9.8/restart-services -Owners: libssl0.9.8 - -Name: linux-base/disk-id-convert-auto -Template: linux-base/disk-id-convert-auto -Owners: linux-base - -Name: linux-base/disk-id-convert-plan -Template: linux-base/disk-id-convert-plan -Owners: linux-base - -Name: linux-base/disk-id-convert-plan-no-relabel -Template: linux-base/disk-id-convert-plan-no-relabel -Owners: linux-base - -Name: linux-base/disk-id-manual -Template: linux-base/disk-id-manual -Owners: linux-base - -Name: linux-base/disk-id-manual-boot-loader -Template: linux-base/disk-id-manual-boot-loader -Owners: linux-base - -Name: linux-image-2.6.32-bpo.5-686/postinst/bootloader-error-2.6.32-bpo.5-686 -Template: linux-image-2.6.32-bpo.5-686/postinst/bootloader-error-2.6.32-bpo.5-686 -Owners: linux-image-2.6.32-bpo.5-686 - -Name: linux-image-2.6.32-bpo.5-686/postinst/bootloader-test-error-2.6.32-bpo.5-686 -Template: linux-image-2.6.32-bpo.5-686/postinst/bootloader-test-error-2.6.32-bpo.5-686 -Owners: linux-image-2.6.32-bpo.5-686 - -Name: linux-image-2.6.32-bpo.5-686/postinst/depmod-error-initrd-2.6.32-bpo.5-686 -Template: linux-image-2.6.32-bpo.5-686/postinst/depmod-error-initrd-2.6.32-bpo.5-686 -Owners: linux-image-2.6.32-bpo.5-686 - -Name: linux-image-2.6.32-bpo.5-686/postinst/missing-firmware-2.6.32-bpo.5-686 -Template: linux-image-2.6.32-bpo.5-686/postinst/missing-firmware-2.6.32-bpo.5-686 -Owners: linux-image-2.6.32-bpo.5-686 - -Name: linux-image-2.6.32-bpo.5-686/prerm/removing-running-kernel-2.6.32-bpo.5-686 -Template: linux-image-2.6.32-bpo.5-686/prerm/removing-running-kernel-2.6.32-bpo.5-686 -Owners: linux-image-2.6.32-bpo.5-686 - -Name: linux-image-2.6.32-bpo.5-686/prerm/would-invalidate-boot-loader-2.6.32-bpo.5-686 -Template: linux-image-2.6.32-bpo.5-686/prerm/would-invalidate-boot-loader-2.6.32-bpo.5-686 -Owners: linux-image-2.6.32-bpo.5-686 - -Name: linux-image-2.6.32-bpo.5-xen-686/postinst/bootloader-error-2.6.32-bpo.5-xen-686 -Template: linux-image-2.6.32-bpo.5-xen-686/postinst/bootloader-error-2.6.32-bpo.5-xen-686 -Owners: linux-image-2.6.32-bpo.5-xen-686 - -Name: linux-image-2.6.32-bpo.5-xen-686/postinst/bootloader-test-error-2.6.32-bpo.5-xen-686 -Template: linux-image-2.6.32-bpo.5-xen-686/postinst/bootloader-test-error-2.6.32-bpo.5-xen-686 -Owners: linux-image-2.6.32-bpo.5-xen-686 - -Name: linux-image-2.6.32-bpo.5-xen-686/postinst/depmod-error-initrd-2.6.32-bpo.5-xen-686 -Template: linux-image-2.6.32-bpo.5-xen-686/postinst/depmod-error-initrd-2.6.32-bpo.5-xen-686 -Owners: linux-image-2.6.32-bpo.5-xen-686 - -Name: linux-image-2.6.32-bpo.5-xen-686/postinst/missing-firmware-2.6.32-bpo.5-xen-686 -Template: linux-image-2.6.32-bpo.5-xen-686/postinst/missing-firmware-2.6.32-bpo.5-xen-686 -Owners: linux-image-2.6.32-bpo.5-xen-686 - -Name: linux-image-2.6.32-bpo.5-xen-686/prerm/removing-running-kernel-2.6.32-bpo.5-xen-686 -Template: linux-image-2.6.32-bpo.5-xen-686/prerm/removing-running-kernel-2.6.32-bpo.5-xen-686 -Owners: linux-image-2.6.32-bpo.5-xen-686 - -Name: linux-image-2.6.32-bpo.5-xen-686/prerm/would-invalidate-boot-loader-2.6.32-bpo.5-xen-686 -Template: linux-image-2.6.32-bpo.5-xen-686/prerm/would-invalidate-boot-loader-2.6.32-bpo.5-xen-686 -Owners: linux-image-2.6.32-bpo.5-xen-686 - -Name: locales/default_environment_locale -Template: locales/default_environment_locale -Value: en_US.UTF-8 -Owners: locales -Variables: - locales = en_US.UTF-8 - -Name: locales/locales_to_be_generated -Template: locales/locales_to_be_generated -Value: en_US.UTF-8 UTF-8 -Owners: locales -Variables: - locales = aa_DJ ISO-8859-1, aa_DJ.UTF-8 UTF-8, aa_ER UTF-8, aa_ER@saaho UTF-8, aa_ET UTF-8, af_ZA ISO-8859-1, af_ZA.UTF-8 UTF-8, am_ET UTF-8, an_ES ISO-8859-15, an_ES.UTF-8 UTF-8, ar_AE ISO-8859-6, ar_AE.UTF-8 UTF-8, ar_BH ISO-8859-6, ar_BH.UTF-8 UTF-8, ar_DZ ISO-8859-6, ar_DZ.UTF-8 UTF-8, ar_EG ISO-8859-6, ar_EG.UTF-8 UTF-8, ar_IN UTF-8, ar_IQ ISO-8859-6, ar_IQ.UTF-8 UTF-8, ar_JO ISO-8859-6, ar_JO.UTF-8 UTF-8, ar_KW ISO-8859-6, ar_KW.UTF-8 UTF-8, ar_LB ISO-8859-6, ar_LB.UTF-8 UTF-8, ar_LY ISO-8859-6, ar_LY.UTF-8 UTF-8, ar_MA ISO-8859-6, ar_MA.UTF-8 UTF-8, ar_OM ISO-8859-6, ar_OM.UTF-8 UTF-8, ar_QA ISO-8859-6, ar_QA.UTF-8 UTF-8, ar_SA ISO-8859-6, ar_SA.UTF-8 UTF-8, ar_SD ISO-8859-6, ar_SD.UTF-8 UTF-8, ar_SY ISO-8859-6, ar_SY.UTF-8 UTF-8, ar_TN ISO-8859-6, ar_TN.UTF-8 UTF-8, ar_YE ISO-8859-6, ar_YE.UTF-8 UTF-8, as_IN.UTF-8 UTF-8, ast_ES ISO-8859-15, ast_ES.UTF-8 UTF-8, az_AZ.UTF-8 UTF-8, be_BY CP1251, be_BY.UTF-8 UTF-8, be_BY@latin UTF-8, ber_DZ UTF-8, ber_MA UTF-8, bg_BG CP1251, bg_BG.UTF-8 UTF-8, bn_BD UTF-8, bn_IN UTF-8, br_FR ISO-8859-1, br_FR.UTF-8 UTF-8, br_FR@euro ISO-8859-15, bs_BA ISO-8859-2, bs_BA.UTF-8 UTF-8, byn_ER UTF-8, ca_AD ISO-8859-15, ca_AD.UTF-8 UTF-8, ca_ES ISO-8859-1, ca_ES.UTF-8 UTF-8, ca_ES.UTF-8@valencia UTF-8, ca_ES@euro ISO-8859-15, ca_ES@valencia ISO-8859-15, ca_FR ISO-8859-15, ca_FR.UTF-8 UTF-8, ca_IT ISO-8859-15, ca_IT.UTF-8 UTF-8, crh_UA UTF-8, cs_CZ ISO-8859-2, cs_CZ.UTF-8 UTF-8, csb_PL UTF-8, cy_GB ISO-8859-14, cy_GB.UTF-8 UTF-8, da_DK ISO-8859-1, da_DK.ISO-8859-15 ISO-8859-15, da_DK.UTF-8 UTF-8, de_AT ISO-8859-1, de_AT.UTF-8 UTF-8, de_AT@euro ISO-8859-15, de_BE ISO-8859-1, de_BE.UTF-8 UTF-8, de_BE@euro ISO-8859-15, de_CH ISO-8859-1, de_CH.UTF-8 UTF-8, de_DE ISO-8859-1, de_DE.UTF-8 UTF-8, de_DE@euro ISO-8859-15, de_LI.UTF-8 UTF-8, de_LU ISO-8859-1, de_LU.UTF-8 UTF-8, de_LU@euro ISO-8859-15, dz_BT UTF-8, el_CY ISO-8859-7, el_CY.UTF-8 UTF-8, el_GR ISO-8859-7, el_GR.UTF-8 UTF-8, en_AU ISO-8859-1, en_AU.UTF-8 UTF-8, en_BW ISO-8859-1, en_BW.UTF-8 UTF-8, en_CA ISO-8859-1, en_CA.UTF-8 UTF-8, en_DK ISO-8859-1, en_DK.ISO-8859-15 ISO-8859-15, en_DK.UTF-8 UTF-8, en_GB ISO-8859-1, en_GB.ISO-8859-15 ISO-8859-15, en_GB.UTF-8 UTF-8, en_HK ISO-8859-1, en_HK.UTF-8 UTF-8, en_IE ISO-8859-1, en_IE.UTF-8 UTF-8, en_IE@euro ISO-8859-15, en_IN UTF-8, en_NG UTF-8, en_NZ ISO-8859-1, en_NZ.UTF-8 UTF-8, en_PH ISO-8859-1, en_PH.UTF-8 UTF-8, en_SG ISO-8859-1, en_SG.UTF-8 UTF-8, en_US ISO-8859-1, en_US.ISO-8859-15 ISO-8859-15, en_US.UTF-8 UTF-8, en_ZA ISO-8859-1, en_ZA.UTF-8 UTF-8, en_ZW ISO-8859-1, en_ZW.UTF-8 UTF-8, eo ISO-8859-3, eo.UTF-8 UTF-8, es_AR ISO-8859-1, es_AR.UTF-8 UTF-8, es_BO ISO-8859-1, es_BO.UTF-8 UTF-8, es_CL ISO-8859-1, es_CL.UTF-8 UTF-8, es_CO ISO-8859-1, es_CO.UTF-8 UTF-8, es_CR ISO-8859-1, es_CR.UTF-8 UTF-8, es_DO ISO-8859-1, es_DO.UTF-8 UTF-8, es_EC ISO-8859-1, es_EC.UTF-8 UTF-8, es_ES ISO-8859-1, es_ES.UTF-8 UTF-8, es_ES@euro ISO-8859-15, es_GT ISO-8859-1, es_GT.UTF-8 UTF-8, es_HN ISO-8859-1, es_HN.UTF-8 UTF-8, es_MX ISO-8859-1, es_MX.UTF-8 UTF-8, es_NI ISO-8859-1, es_NI.UTF-8 UTF-8, es_PA ISO-8859-1, es_PA.UTF-8 UTF-8, es_PE ISO-8859-1, es_PE.UTF-8 UTF-8, es_PR ISO-8859-1, es_PR.UTF-8 UTF-8, es_PY ISO-8859-1, es_PY.UTF-8 UTF-8, es_SV ISO-8859-1, es_SV.UTF-8 UTF-8, es_US ISO-8859-1, es_US.UTF-8 UTF-8, es_UY ISO-8859-1, es_UY.UTF-8 UTF-8, es_VE ISO-8859-1, es_VE.UTF-8 UTF-8, et_EE ISO-8859-1, et_EE.ISO-8859-15 ISO-8859-15, et_EE.UTF-8 UTF-8, eu_ES ISO-8859-1, eu_ES.UTF-8 UTF-8, eu_ES@euro ISO-8859-15, eu_FR ISO-8859-1, eu_FR.UTF-8 UTF-8, eu_FR@euro ISO-8859-15, fa_IR UTF-8, fi_FI ISO-8859-1, fi_FI.UTF-8 UTF-8, fi_FI@euro ISO-8859-15, fil_PH UTF-8, fo_FO ISO-8859-1, fo_FO.UTF-8 UTF-8, fr_BE ISO-8859-1, fr_BE.UTF-8 UTF-8, fr_BE@euro ISO-8859-15, fr_CA ISO-8859-1, fr_CA.UTF-8 UTF-8, fr_CH ISO-8859-1, fr_CH.UTF-8 UTF-8, fr_FR ISO-8859-1, fr_FR.UTF-8 UTF-8, fr_FR@euro ISO-8859-15, fr_LU ISO-8859-1, fr_LU.UTF-8 UTF-8, fr_LU@euro ISO-8859-15, fur_IT UTF-8, fy_DE UTF-8, fy_NL UTF-8, ga_IE ISO-8859-1, ga_IE.UTF-8 UTF-8, ga_IE@euro ISO-8859-15, gd_GB ISO-8859-15, gd_GB.UTF-8 UTF-8, gez_ER UTF-8, gez_ER@abegede UTF-8, gez_ET UTF-8, gez_ET@abegede UTF-8, gl_ES ISO-8859-1, gl_ES.UTF-8 UTF-8, gl_ES@euro ISO-8859-15, gu_IN UTF-8, gv_GB ISO-8859-1, gv_GB.UTF-8 UTF-8, ha_NG UTF-8, he_IL ISO-8859-8, he_IL.UTF-8 UTF-8, hi_IN UTF-8, hr_HR ISO-8859-2, hr_HR.UTF-8 UTF-8, hsb_DE ISO-8859-2, hsb_DE.UTF-8 UTF-8, hu_HU ISO-8859-2, hu_HU.UTF-8 UTF-8, hy_AM UTF-8, hy_AM.ARMSCII-8 ARMSCII-8, ia UTF-8, id_ID ISO-8859-1, id_ID.UTF-8 UTF-8, ig_NG UTF-8, ik_CA UTF-8, is_IS ISO-8859-1, is_IS.UTF-8 UTF-8, it_CH ISO-8859-1, it_CH.UTF-8 UTF-8, it_IT ISO-8859-1, it_IT.UTF-8 UTF-8, it_IT@euro ISO-8859-15, iu_CA UTF-8, iw_IL ISO-8859-8, iw_IL.UTF-8 UTF-8, ja_JP.EUC-JP EUC-JP, ja_JP.UTF-8 UTF-8, ka_GE GEORGIAN-PS, ka_GE.UTF-8 UTF-8, kk_KZ PT154, kk_KZ.UTF-8 UTF-8, kl_GL ISO-8859-1, kl_GL.UTF-8 UTF-8, km_KH UTF-8, kn_IN UTF-8, ko_KR.EUC-KR EUC-KR, ko_KR.UTF-8 UTF-8, ks_IN UTF-8, ku_TR ISO-8859-9, ku_TR.UTF-8 UTF-8, kw_GB ISO-8859-1, kw_GB.UTF-8 UTF-8, ky_KG UTF-8, lg_UG ISO-8859-10, lg_UG.UTF-8 UTF-8, li_BE UTF-8, li_NL UTF-8, lo_LA UTF-8, lt_LT ISO-8859-13, lt_LT.UTF-8 UTF-8, lv_LV ISO-8859-13, lv_LV.UTF-8 UTF-8, mai_IN UTF-8, mg_MG ISO-8859-15, mg_MG.UTF-8 UTF-8, mi_NZ ISO-8859-13, mi_NZ.UTF-8 UTF-8, mk_MK ISO-8859-5, mk_MK.UTF-8 UTF-8, ml_IN UTF-8, mn_MN UTF-8, mr_IN UTF-8, ms_MY ISO-8859-1, ms_MY.UTF-8 UTF-8, mt_MT ISO-8859-3, mt_MT.UTF-8 UTF-8, nb_NO ISO-8859-1, nb_NO.UTF-8 UTF-8, nds_DE UTF-8, nds_NL UTF-8, ne_NP UTF-8, nl_BE ISO-8859-1, nl_BE.UTF-8 UTF-8, nl_BE@euro ISO-8859-15, nl_NL ISO-8859-1, nl_NL.UTF-8 UTF-8, nl_NL@euro ISO-8859-15, nn_NO ISO-8859-1, nn_NO.UTF-8 UTF-8, nr_ZA UTF-8, nso_ZA UTF-8, oc_FR ISO-8859-1, oc_FR.UTF-8 UTF-8, om_ET UTF-8, om_KE ISO-8859-1, om_KE.UTF-8 UTF-8, or_IN UTF-8, pa_IN UTF-8, pa_PK UTF-8, pap_AN UTF-8, pl_PL ISO-8859-2, pl_PL.UTF-8 UTF-8, pt_BR ISO-8859-1, pt_BR.UTF-8 UTF-8, pt_PT ISO-8859-1, pt_PT.UTF-8 UTF-8, pt_PT@euro ISO-8859-15, ro_RO ISO-8859-2, ro_RO.UTF-8 UTF-8, ru_RU ISO-8859-5, ru_RU.CP1251 CP1251, ru_RU.KOI8-R KOI8-R, ru_RU.UTF-8 UTF-8, ru_UA KOI8-U, ru_UA.UTF-8 UTF-8, rw_RW UTF-8, sa_IN UTF-8, sc_IT UTF-8, se_NO UTF-8, si_LK UTF-8, sid_ET UTF-8, sk_SK ISO-8859-2, sk_SK.UTF-8 UTF-8, sl_SI ISO-8859-2, sl_SI.UTF-8 UTF-8, so_DJ ISO-8859-1, so_DJ.UTF-8 UTF-8, so_ET UTF-8, so_KE ISO-8859-1, so_KE.UTF-8 UTF-8, so_SO ISO-8859-1, so_SO.UTF-8 UTF-8, sq_AL ISO-8859-1, sq_AL.UTF-8 UTF-8, sr_ME UTF-8, sr_RS UTF-8, sr_RS@latin UTF-8, ss_ZA UTF-8, st_ZA ISO-8859-1, st_ZA.UTF-8 UTF-8, sv_FI ISO-8859-1, sv_FI.UTF-8 UTF-8, sv_FI@euro ISO-8859-15, sv_SE ISO-8859-1, sv_SE.ISO-8859-15 ISO-8859-15, sv_SE.UTF-8 UTF-8, ta_IN UTF-8, te_IN UTF-8, tg_TJ KOI8-T, tg_TJ.UTF-8 UTF-8, th_TH TIS-620, th_TH.UTF-8 UTF-8, ti_ER UTF-8, ti_ET UTF-8, tig_ER UTF-8, tk_TM UTF-8, tl_PH ISO-8859-1, tl_PH.UTF-8 UTF-8, tn_ZA UTF-8, tr_CY ISO-8859-9, tr_CY.UTF-8 UTF-8, tr_TR ISO-8859-9, tr_TR.UTF-8 UTF-8, ts_ZA UTF-8, tt_RU.UTF-8 UTF-8, tt_RU@iqtelif.UTF-8 UTF-8, ug_CN UTF-8, uk_UA KOI8-U, uk_UA.UTF-8 UTF-8, ur_PK UTF-8, uz_UZ ISO-8859-1, uz_UZ.UTF-8 UTF-8, uz_UZ@cyrillic UTF-8, ve_ZA UTF-8, vi_VN UTF-8, vi_VN.TCVN TCVN5712-1, wa_BE ISO-8859-1, wa_BE.UTF-8 UTF-8, wa_BE@euro ISO-8859-15, wo_SN UTF-8, xh_ZA ISO-8859-1, xh_ZA.UTF-8 UTF-8, yi_US CP1255, yi_US.UTF-8 UTF-8, yo_NG UTF-8, zh_CN GB2312, zh_CN.GB18030 GB18030, zh_CN.GBK GBK, zh_CN.UTF-8 UTF-8, zh_HK BIG5-HKSCS, zh_HK.UTF-8 UTF-8, zh_SG GB2312, zh_SG.GBK GBK, zh_SG.UTF-8 UTF-8, zh_TW BIG5, zh_TW.EUC-TW EUC-TW, zh_TW.UTF-8 UTF-8, zu_ZA ISO-8859-1, zu_ZA.UTF-8 UTF-8 - -Name: openswan/create_rsa_key -Template: openswan/create_rsa_key -Value: true -Owners: openswan -Flags: seen - -Name: openswan/enable-oe -Template: openswan/enable-oe -Value: false -Owners: openswan -Flags: seen - -Name: openswan/existing_x509_certificate -Template: openswan/existing_x509_certificate -Value: false -Owners: openswan -Flags: seen - -Name: openswan/existing_x509_certificate_filename -Template: openswan/existing_x509_certificate_filename -Owners: openswan - -Name: openswan/existing_x509_key_filename -Template: openswan/existing_x509_key_filename -Owners: openswan - -Name: openswan/restart -Template: openswan/restart -Value: true -Owners: openswan - -Name: openswan/rsa_key_length -Template: openswan/rsa_key_length -Value: 2048 -Owners: openswan - -Name: openswan/rsa_key_type -Template: openswan/rsa_key_type -Value: x509 -Owners: openswan -Flags: seen - -Name: openswan/start_level -Template: openswan/start_level -Value: earliest -Owners: openswan - -Name: openswan/x509_common_name -Template: openswan/x509_common_name -Value: -Owners: openswan - -Name: openswan/x509_country_code -Template: openswan/x509_country_code -Value: AT -Owners: openswan - -Name: openswan/x509_email_address -Template: openswan/x509_email_address -Value: -Owners: openswan - -Name: openswan/x509_locality_name -Template: openswan/x509_locality_name -Value: -Owners: openswan - -Name: openswan/x509_organization_name -Template: openswan/x509_organization_name -Value: -Owners: openswan - -Name: openswan/x509_organizational_unit -Template: openswan/x509_organizational_unit -Value: -Owners: openswan - -Name: openswan/x509_self_signed -Template: openswan/x509_self_signed -Value: true -Owners: openswan -Flags: seen - -Name: openswan/x509_state_name -Template: openswan/x509_state_name -Value: -Owners: openswan - -Name: portmap/loopback -Template: portmap/loopback -Value: false -Owners: portmap - -Name: shared/accepted-sun-dlj-v1-1 -Template: shared/accepted-sun-dlj-v1-1 -Value: true -Owners: sun-java6-bin, sun-java6-jre -Flags: seen - -Name: shared/error-sun-dlj-v1-1 -Template: shared/error-sun-dlj-v1-1 -Owners: sun-java6-bin, sun-java6-jre - -Name: shared/kernel-image/really-run-bootloader -Template: shared/kernel-image/really-run-bootloader -Owners: linux-image-2.6.32-bpo.5-686, linux-image-2.6.32-bpo.5-xen-686 - -Name: shared/present-sun-dlj-v1-1 -Template: shared/present-sun-dlj-v1-1 -Value: true -Owners: sun-java6-bin, sun-java6-jre -Flags: seen - -Name: ssh/disable_cr_auth -Template: ssh/disable_cr_auth -Owners: openssh-server - -Name: ssh/encrypted_host_key_but_no_keygen -Template: ssh/encrypted_host_key_but_no_keygen -Owners: openssh-server - -Name: ssh/new_config -Template: ssh/new_config -Owners: openssh-server - -Name: ssh/use_old_init_script -Template: ssh/use_old_init_script -Value: true -Owners: openssh-server -Flags: seen - -Name: ssh/vulnerable_host_keys -Template: ssh/vulnerable_host_keys -Owners: openssh-server - -Name: sun-java6-jre/jcepolicy -Template: sun-java6-jre/jcepolicy -Owners: sun-java6-jre - -Name: sun-java6-jre/stopthread -Template: sun-java6-jre/stopthread -Owners: sun-java6-jre - -Name: tzdata/Areas -Template: tzdata/Areas -Value: Etc -Owners: tzdata -Flags: seen - -Name: tzdata/Zones/Africa -Template: tzdata/Zones/Africa -Owners: tzdata - -Name: tzdata/Zones/America -Template: tzdata/Zones/America -Owners: tzdata - -Name: tzdata/Zones/Antarctica -Template: tzdata/Zones/Antarctica -Owners: tzdata - -Name: tzdata/Zones/Arctic -Template: tzdata/Zones/Arctic -Owners: tzdata - -Name: tzdata/Zones/Asia -Template: tzdata/Zones/Asia -Owners: tzdata - -Name: tzdata/Zones/Atlantic -Template: tzdata/Zones/Atlantic -Owners: tzdata - -Name: tzdata/Zones/Australia -Template: tzdata/Zones/Australia -Owners: tzdata - -Name: tzdata/Zones/Etc -Template: tzdata/Zones/Etc -Value: UTC -Owners: tzdata -Flags: seen - -Name: tzdata/Zones/Europe -Template: tzdata/Zones/Europe -Owners: tzdata - -Name: tzdata/Zones/Indian -Template: tzdata/Zones/Indian -Owners: tzdata - -Name: tzdata/Zones/Pacific -Template: tzdata/Zones/Pacific -Owners: tzdata - -Name: tzdata/Zones/SystemV -Template: tzdata/Zones/SystemV -Owners: tzdata - -Name: ucf/changeprompt -Template: ucf/changeprompt -Owners: ucf - -Name: ucf/changeprompt_threeway -Template: ucf/changeprompt_threeway -Owners: ucf - -Name: ucf/show_diff -Template: ucf/show_diff -Owners: ucf - -Name: ucf/title -Template: ucf/title -Owners: ucf - -Name: udev/new_kernel_needed -Template: udev/new_kernel_needed -Owners: udev - -Name: udev/reboot_needed -Template: udev/reboot_needed -Owners: udev - diff --git a/systemvm/patches/debian/config/etc/chef/node.json b/systemvm/patches/debian/config/etc/chef/node.json deleted file mode 100644 index 1b23e334d411..000000000000 --- a/systemvm/patches/debian/config/etc/chef/node.json +++ /dev/null @@ -1,5 +0,0 @@ -{ - "run_list": [ - "recipe[csip::default]" - ] -} diff --git a/systemvm/patches/debian/config/etc/chef/solo.rb b/systemvm/patches/debian/config/etc/chef/solo.rb deleted file mode 100644 index 3207dd17f8e1..000000000000 --- a/systemvm/patches/debian/config/etc/chef/solo.rb +++ /dev/null @@ -1,21 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -data_bags_path "/var/chef/data_bags" -cookbook_path "/var/chef/cookbooks" -log_level :debug -log_location STDOUT diff --git a/systemvm/patches/debian/config/opt/cloud/templates/README b/systemvm/patches/debian/config/opt/cloud/templates/README deleted file mode 100644 index ffd68a9ae6de..000000000000 --- a/systemvm/patches/debian/config/opt/cloud/templates/README +++ /dev/null @@ -1,2 +0,0 @@ -These are the templates for the redundant router -and redundant vpc_router diff --git a/systemvm/patches/debian/config/opt/cloud/testdata/acl0001.json b/systemvm/patches/debian/config/opt/cloud/testdata/acl0001.json deleted file mode 100644 index 4a07b405a54e..000000000000 --- a/systemvm/patches/debian/config/opt/cloud/testdata/acl0001.json +++ /dev/null @@ -1,54 +0,0 @@ -{ - "eth2": { - "device": "eth2", - "egress_rules": [ - { - "allowed": false, - "cidr": "10.0.6.0/8", - "first_port": 60, - "last_port": 60, - "type": "tcp" - } - ], - "ingress_rules": [ - { - "allowed": true, - "cidr": "10.0.1.0/8", - "protocol": 41, - "type": "protocol" - }, - { - "allowed": true, - "cidr": "10.0.4.0/8", - "type": "all" - }, - { - "allowed": true, - "cidr": "10.0.3.0/8", - "icmp_code": -1, - "icmp_type": -1, - "type": "icmp" - }, - { - "allowed": true, - "cidr": "10.0.2.0/8", - "first_port": 40, - "last_port": 40, - "type": "udp" - }, - { - "allowed": true, - "cidr": "10.0.1.0/8", - "first_port": 30, - "last_port": 30, - "type": "tcp" - } - ], - "mac_address": "02:00:0d:7b:00:04", - "nic_ip": "172.16.1.1", - "nic_netmask": "24", - "private_gateway_acl": false, - "type": "networkacl" - }, - "id": "networkacl" -} diff --git a/systemvm/patches/debian/config/root/redundant_router/arping_gateways.sh.templ b/systemvm/patches/debian/config/root/redundant_router/arping_gateways.sh.templ deleted file mode 100644 index 931c95901c84..000000000000 --- a/systemvm/patches/debian/config/root/redundant_router/arping_gateways.sh.templ +++ /dev/null @@ -1,29 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -ip link|grep BROADCAST|grep -v eth0|grep -v eth1|cut -d ":" -f 2 > /tmp/iflist -while read i -do - ip addr show $i|grep "inet " > /tmp/iplist_$i - while read line - do - ip=`echo $line|cut -d " " -f 2|cut -d "/" -f 1` - arping -I $i -A $ip -c 1 >> [RROUTER_LOG] 2>&1 - arping -I $i -A $ip -c 1 >> [RROUTER_LOG] 2>&1 - done < /tmp/iplist_$i -done < /tmp/iflist -sleep 1 diff --git a/systemvm/patches/debian/config/root/redundant_router/backup.sh.templ b/systemvm/patches/debian/config/root/redundant_router/backup.sh.templ deleted file mode 100644 index 32c811b26d44..000000000000 --- a/systemvm/patches/debian/config/root/redundant_router/backup.sh.templ +++ /dev/null @@ -1,39 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -sleep 1 - -source /root/func.sh - -lock="biglock" -locked=$(getLockFile $lock) -if [ "$locked" != "1" ] -then - exit 1 -fi - -echo To backup called >> [RROUTER_LOG] -[RROUTER_BIN_PATH]/disable_pubip.sh >> [RROUTER_LOG] 2>&1 -echo Disable public ip $? >> [RROUTER_LOG] -[RROUTER_BIN_PATH]/services.sh stop >> [RROUTER_LOG] 2>&1 -[RROUTER_BIN_PATH]/primary-backup.sh backup >> [RROUTER_LOG] 2>&1 -echo Switch conntrackd mode backup $? >> [RROUTER_LOG] -echo Status: BACKUP >> [RROUTER_LOG] - -releaseLockFile $lock $locked -exit 0 diff --git a/systemvm/patches/debian/config/root/redundant_router/check_bumpup.sh b/systemvm/patches/debian/config/root/redundant_router/check_bumpup.sh deleted file mode 100644 index 7682bad5f630..000000000000 --- a/systemvm/patches/debian/config/root/redundant_router/check_bumpup.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -cat /tmp/rrouter_bumped diff --git a/systemvm/patches/debian/config/root/redundant_router/check_heartbeat.sh.templ b/systemvm/patches/debian/config/root/redundant_router/check_heartbeat.sh.templ deleted file mode 100755 index 4253b2912963..000000000000 --- a/systemvm/patches/debian/config/root/redundant_router/check_heartbeat.sh.templ +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -ROUTER_BIN_PATH=/ramdisk/rrouter -STRIKE_FILE="$ROUTER_BIN_PATH/keepalived.strikes" - -if [ -e [RROUTER_BIN_PATH]/keepalived.ts2 ] -then - lasttime=$(cat [RROUTER_BIN_PATH]/keepalived.ts2) - thistime=$(cat [RROUTER_BIN_PATH]/keepalived.ts) - diff=$(($thistime - $lasttime)) - s=0 - if [ $diff -lt 30 ] - then - if [ -e $STRIKE_FILE ] - then - s=`cat $STRIKE_FILE 2>/dev/null` - fi - s=$(($s+1)) - echo $s > $STRIKE_FILE - else - if [ -e $STRIKE_FILE ] - then - rm $STRIKE_FILE - else - echo keepalived.strikes file does not exist! >> $ROUTER_LOG - fi - fi - #3 strikes rule - if [ $s -gt 2 ] - then - echo Keepalived process is dead! >> [RROUTER_LOG] - [RROUTER_BIN_PATH]/services.sh stop >> [RROUTER_LOG] 2>&1 - [RROUTER_BIN_PATH]/disable_pubip.sh >> [RROUTER_LOG] 2>&1 - [RROUTER_BIN_PATH]/primary-backup.sh fault >> [RROUTER_LOG] 2>&1 - service keepalived stop >> [RROUTER_LOG] 2>&1 - service conntrackd stop >> [RROUTER_LOG] 2>&1 - pkill -9 keepalived >> [RROUTER_LOG] 2>&1 - pkill -9 conntrackd >> [RROUTER_LOG] 2>&1 - echo Status: FAULT \(keepalived process is dead\) >> [RROUTER_LOG] - exit - fi -fi - -cp [RROUTER_BIN_PATH]/keepalived.ts [RROUTER_BIN_PATH]/keepalived.ts2 diff --git a/systemvm/patches/debian/config/root/redundant_router/checkrouter.sh.templ b/systemvm/patches/debian/config/root/redundant_router/checkrouter.sh.templ deleted file mode 100755 index fbf4f0f54d0a..000000000000 --- a/systemvm/patches/debian/config/root/redundant_router/checkrouter.sh.templ +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - - -source /root/func.sh - -nolock=0 -if [ $# -eq 1 ] -then - if [ $1 == "--no-lock" ] - then - nolock=1 - fi -fi - -if [ $nolock -eq 0 ] -then - lock="biglock" - locked=$(getLockFile $lock) - if [ "$locked" != "1" ] - then - exit 1 - fi -fi - -bumped="Bumped: NO" -if [ -e /tmp/rrouter_bumped ] -then - bumped="Bumped: YES" -fi - -stat=`tail -n 1 [RROUTER_LOG] | grep "Status"` -if [ $? -eq 0 ] -then - echo "$stat&$bumped" -fi - -if [ $nolock -eq 0 ] -then - unlock_exit $? $lock $locked -fi diff --git a/systemvm/patches/debian/config/root/redundant_router/conntrackd.conf.templ b/systemvm/patches/debian/config/root/redundant_router/conntrackd.conf.templ deleted file mode 100644 index 091de105625a..000000000000 --- a/systemvm/patches/debian/config/root/redundant_router/conntrackd.conf.templ +++ /dev/null @@ -1,401 +0,0 @@ -# -# Synchronizer settings -# -Sync { - Mode FTFW { - # - # Size of the resend queue (in objects). This is the maximum - # number of objects that can be stored waiting to be confirmed - # via acknoledgment. If you keep this value low, the daemon - # will have less chances to recover state-changes under message - # omission. On the other hand, if you keep this value high, - # the daemon will consume more memory to store dead objects. - # Default is 131072 objects. - # - # ResendQueueSize 131072 - - # - # This parameter allows you to set an initial fixed timeout - # for the committed entries when this node goes from backup - # to primary. This mechanism provides a way to purge entries - # that were not recovered appropriately after the specified - # fixed timeout. If you set a low value, TCP entries in - # Established states with no traffic may hang. For example, - # an SSH connection without KeepAlive enabled. If not set, - # the daemon uses an approximate timeout value calculation - # mechanism. By default, this option is not set. - # - # CommitTimeout 180 - - # - # If the firewall replica goes from primary to backup, - # the conntrackd -t command is invoked in the script. - # This command schedules a flush of the table in N seconds. - # This is useful to purge the connection tracking table of - # zombie entries and avoid clashes with old entries if you - # trigger several consecutive hand-overs. Default is 60 seconds. - # - # PurgeTimeout 60 - - # Set the acknowledgement window size. If you decrease this - # value, the number of acknowlegdments increases. More - # acknowledgments means more overhead as conntrackd has to - # handle more control messages. On the other hand, if you - # increase this value, the resend queue gets more populated. - # This results in more overhead in the queue releasing. - # The following value is based on some practical experiments - # measuring the cycles spent by the acknowledgment handling - # with oprofile. If not set, default window size is 300. - # - # ACKWindowSize 300 - - # - # This clause allows you to disable the external cache. Thus, - # the state entries are directly injected into the kernel - # conntrack table. As a result, you save memory in user-space - # but you consume slots in the kernel conntrack table for - # backup state entries. Moreover, disabling the external cache - # means more CPU consumption. You need a Linux kernel - # >= 2.6.29 to use this feature. By default, this clause is - # set off. If you are installing conntrackd for first time, - # please read the user manual and I encourage you to consider - # using the fail-over scripts instead of enabling this option! - # - # DisableExternalCache Off - } - - # - # Multicast IP and interface where messages are - # broadcasted (dedicated link). IMPORTANT: Make sure - # that iptables accepts traffic for destination - # 225.0.0.50, eg: - # - # iptables -I INPUT -d 225.0.0.50 -j ACCEPT - # iptables -I OUTPUT -d 225.0.0.50 -j ACCEPT - # - Multicast { - # - # Multicast address: The address that you use as destination - # in the synchronization messages. You do not have to add - # this IP to any of your existing interfaces. If any doubt, - # do not modify this value. - # - IPv4_address 225.0.0.50 - - # - # The multicast group that identifies the cluster. If any - # doubt, do not modify this value. - # - Group 3780 - - # - # IP address of the interface that you are going to use to - # send the synchronization messages. Remember that you must - # use a dedicated link for the synchronization messages. - # - IPv4_interface [LINK_IP] - - # - # The name of the interface that you are going to use to - # send the synchronization messages. - # - Interface [LINK_IF] - - # The multicast sender uses a buffer to enqueue the packets - # that are going to be transmitted. The default size of this - # socket buffer is available at /proc/sys/net/core/wmem_default. - # This value determines the chances to have an overrun in the - # sender queue. The overrun results packet loss, thus, losing - # state information that would have to be retransmitted. If you - # notice some packet loss, you may want to increase the size - # of the sender buffer. The default size is usually around - # ~100 KBytes which is fairly small for busy firewalls. - # - SndSocketBuffer 1249280 - - # The multicast receiver uses a buffer to enqueue the packets - # that the socket is pending to handle. The default size of this - # socket buffer is available at /proc/sys/net/core/rmem_default. - # This value determines the chances to have an overrun in the - # receiver queue. The overrun results packet loss, thus, losing - # state information that would have to be retransmitted. If you - # notice some packet loss, you may want to increase the size of - # the receiver buffer. The default size is usually around - # ~100 KBytes which is fairly small for busy firewalls. - # - RcvSocketBuffer 1249280 - - # - # Enable/Disable message checksumming. This is a good - # property to achieve fault-tolerance. In case of doubt, do - # not modify this value. - # - Checksum on - } - # - # You can specify more than one dedicated link. Thus, if one dedicated - # link fails, conntrackd can fail-over to another. Note that adding - # more than one dedicated link does not mean that state-updates will - # be sent to all of them. There is only one active dedicated link at - # a given moment. The `Default' keyword indicates that this interface - # will be selected as the initial dedicated link. You can have - # up to 4 redundant dedicated links. Note: Use different multicast - # groups for every redundant link. - # - # Multicast Default { - # IPv4_address 225.0.0.51 - # Group 3781 - # IPv4_interface 192.168.100.101 - # Interface eth3 - # # SndSocketBuffer 1249280 - # # RcvSocketBuffer 1249280 - # Checksum on - # } - - # - # You can use Unicast UDP instead of Multicast to propagate events. - # Note that you cannot use unicast UDP and Multicast at the same - # time, you can only select one. - # - # UDP { - # - # UDP address that this firewall uses to listen to events. - # - # IPv4_address 192.168.2.100 - # - # or you may want to use an IPv6 address: - # - # IPv6_address fe80::215:58ff:fe28:5a27 - - # - # Destination UDP address that receives events, ie. the other - # firewall's dedicated link address. - # - # IPv4_Destination_Address 192.168.2.101 - # - # or you may want to use an IPv6 address: - # - # IPv6_Destination_Address fe80::2d0:59ff:fe2a:775c - - # - # UDP port used - # - # Port 3780 - - # - # The name of the interface that you are going to use to - # send the synchronization messages. - # - # Interface eth2 - - # - # The sender socket buffer size - # - # SndSocketBuffer 1249280 - - # - # The receiver socket buffer size - # - # RcvSocketBuffer 1249280 - - # - # Enable/Disable message checksumming. - # - # Checksum on - # } - -} - -# -# General settings -# -General { - # - # Set the nice value of the daemon, this value goes from -20 - # (most favorable scheduling) to 19 (least favorable). Using a - # very low value reduces the chances to lose state-change events. - # Default is 0 but this example file sets it to most favourable - # scheduling as this is generally a good idea. See man nice(1) for - # more information. - # - Nice -20 - - # - # Select a different scheduler for the daemon, you can select between - # RR and FIFO and the process priority (minimum is 0, maximum is 99). - # See man sched_setscheduler(2) for more information. Using a RT - # scheduler reduces the chances to overrun the Netlink buffer. - # - # Scheduler { - # Type FIFO - # Priority 99 - # } - - # - # Number of buckets in the cache hashtable. The bigger it is, - # the closer it gets to O(1) at the cost of consuming more memory. - # Read some documents about tuning hashtables for further reference. - # - HashSize 32768 - - # - # Maximum number of conntracks, it should be double of: - # $ cat /proc/sys/net/netfilter/nf_conntrack_max - # since the daemon may keep some dead entries cached for possible - # retransmission during state synchronization. - # - HashLimit 131072 - - # - # Logfile: on (/var/log/conntrackd.log), off, or a filename - # Default: off - # - LogFile on - - # - # Syslog: on, off or a facility name (daemon (default) or local0..7) - # Default: off - # - #Syslog on - - # - # Lockfile - # - LockFile /var/lock/conntrack.lock - - # - # Unix socket configuration - # - UNIX { - Path /var/run/conntrackd.ctl - Backlog 20 - } - - # - # Netlink event socket buffer size. If you do not specify this clause, - # the default buffer size value in /proc/net/core/rmem_default is - # used. This default value is usually around 100 Kbytes which is - # fairly small for busy firewalls. This leads to event message dropping - # and high CPU consumption. This example configuration file sets the - # size to 2 MBytes to avoid this sort of problems. - # - NetlinkBufferSize 2097152 - - # - # The daemon doubles the size of the netlink event socket buffer size - # if it detects netlink event message dropping. This clause sets the - # maximum buffer size growth that can be reached. This example file - # sets the size to 8 MBytes. - # - NetlinkBufferSizeMaxGrowth 8388608 - - # - # If the daemon detects that Netlink is dropping state-change events, - # it automatically schedules a resynchronization against the Kernel - # after 30 seconds (default value). Resynchronizations are expensive - # in terms of CPU consumption since the daemon has to get the full - # kernel state-table and purge state-entries that do not exist anymore. - # Be careful of setting a very small value here. You have the following - # choices: On (enabled, use default 30 seconds value), Off (disabled) - # or Value (in seconds, to set a specific amount of time). If not - # specified, the daemon assumes that this option is enabled. - # - # NetlinkOverrunResync On - - # - # If you want reliable event reporting over Netlink, set on this - # option. If you set on this clause, it is a good idea to set off - # NetlinkOverrunResync. This option is off by default and you need - # a Linux kernel >= 2.6.31. - # - # NetlinkEventsReliable Off - - # - # By default, the daemon receives state updates following an - # event-driven model. You can modify this behaviour by switching to - # polling mode with the PollSecs clause. This clause tells conntrackd - # to dump the states in the kernel every N seconds. With regards to - # synchronization mode, the polling mode can only guarantee that - # long-lifetime states are recovered. The main advantage of this method - # is the reduction in the state replication at the cost of reducing the - # chances of recovering connections. - # - # PollSecs 15 - - # - # The daemon prioritizes the handling of state-change events coming - # from the core. With this clause, you can set the maximum number of - # state-change events (those coming from kernel-space) that the daemon - # will handle after which it will handle other events coming from the - # network or userspace. A low value improves interactivity (in terms of - # real-time behaviour) at the cost of extra CPU consumption. - # Default (if not set) is 100. - # - # EventIterationLimit 100 - - # - # Event filtering: This clause allows you to filter certain traffic, - # There are currently three filter-sets: Protocol, Address and - # State. The filter is attached to an action that can be: Accept or - # Ignore. Thus, you can define the event filtering policy of the - # filter-sets in positive or negative logic depending on your needs. - # You can select if conntrackd filters the event messages from - # user-space or kernel-space. The kernel-space event filtering - # saves some CPU cycles by avoiding the copy of the event message - # from kernel-space to user-space. The kernel-space event filtering - # is prefered, however, you require a Linux kernel >= 2.6.29 to - # filter from kernel-space. If you want to select kernel-space - # event filtering, use the keyword 'Kernelspace' instead of - # 'Userspace'. - # - Filter From Userspace { - # - # Accept only certain protocols: You may want to replicate - # the state of flows depending on their layer 4 protocol. - # - Protocol Accept { - TCP - SCTP - DCCP - # UDP - # ICMP # This requires a Linux kernel >= 2.6.31 - } - - # - # Ignore traffic for a certain set of IP's: Usually all the - # IP assigned to the firewall since local traffic must be - # ignored, only forwarded connections are worth to replicate. - # Note that these values depends on the local IPs that are - # assigned to the firewall. - # - Address Ignore { - IPv4_address 127.0.0.1 # loopback - IPv4_address [IGNORE_IP1] - IPv4_address [IGNORE_IP2] - IPv4_address [IGNORE_IP3] - #IPv4_address 192.168.0.100 # virtual IP 1 - #IPv4_address 192.168.1.100 # virtual IP 2 - #IPv4_address 192.168.0.1 - #IPv4_address 192.168.1.1 - #IPv4_address 192.168.100.100 # dedicated link ip - # - # You can also specify networks in format IP/cidr. - # IPv4_address 192.168.0.0/24 - # - # You can also specify an IPv6 address - # IPv6_address ::1 - } - - # - # Uncomment this line below if you want to filter by flow state. - # This option introduces a trade-off in the replication: it - # reduces CPU consumption at the cost of having lazy backup - # firewall replicas. The existing TCP states are: SYN_SENT, - # SYN_RECV, ESTABLISHED, FIN_WAIT, CLOSE_WAIT, LAST_ACK, - # TIME_WAIT, CLOSED, LISTEN. - # - # State Accept { - # ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP - # } - } -} diff --git a/systemvm/patches/debian/config/root/redundant_router/disable_pubip.sh b/systemvm/patches/debian/config/root/redundant_router/disable_pubip.sh deleted file mode 100644 index ee4e894ba69c..000000000000 --- a/systemvm/patches/debian/config/root/redundant_router/disable_pubip.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -ip link|grep BROADCAST|grep -v eth0|grep -v eth1|cut -d ":" -f 2 > /tmp/iflist -while read i -do - ifconfig $i down -done < /tmp/iflist diff --git a/systemvm/patches/debian/config/root/redundant_router/enable_pubip.sh.templ b/systemvm/patches/debian/config/root/redundant_router/enable_pubip.sh.templ deleted file mode 100644 index a59cd66220ee..000000000000 --- a/systemvm/patches/debian/config/root/redundant_router/enable_pubip.sh.templ +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -ip link|grep BROADCAST|grep -v eth0|grep -v eth1|cut -d ":" -f 2 > /tmp/iflist -ip addr show eth2 | grep "inet" 2>&1 > /dev/null -is_init=$? - -set -e - -while read i -do - # if eth2'ip has already been configured, we would use ifconfig rather than ifdown/ifup - if [ "$i" == "eth2" -a "$is_init" != "0" ] - then - ifdown $i - ifup $i - else - ifconfig $i down - ifconfig $i up - fi -done < /tmp/iflist -ip route add default via [GATEWAY] dev eth2 - -while read line -do -dev=$(echo $line | awk '{print $1'}) -gw=$(echo $line | awk '{print $2'}) - -if [ "$dev" == "eth2" ] -then - continue; -fi -ip route add default via $gw table Table_$dev proto static - -done < /var/cache/cloud/ifaceGwIp diff --git a/systemvm/patches/debian/config/root/redundant_router/fault.sh.templ b/systemvm/patches/debian/config/root/redundant_router/fault.sh.templ deleted file mode 100644 index c008a9cb4495..000000000000 --- a/systemvm/patches/debian/config/root/redundant_router/fault.sh.templ +++ /dev/null @@ -1,37 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -source /root/func.sh - -lock="biglock" -locked=$(getLockFile $lock) -if [ "$locked" != "1" ] -then - exit 1 -fi - -echo To fault called >> [RROUTER_LOG] -[RROUTER_BIN_PATH]/disable_pubip.sh >> [RROUTER_LOG] 2>&1 -echo Disable public ip >> [RROUTER_LOG] -[RROUTER_BIN_PATH]/services.sh stop >> [RROUTER_LOG] 2>&1 -echo Stop services $? >> [RROUTER_LOG] -[RROUTER_BIN_PATH]/primary-backup.sh fault >> [RROUTER_LOG] 2>&1 -echo Switch conntrackd mode fault $? >> [RROUTER_LOG] -echo Status: FAULT >> [RROUTER_LOG] - -releaseLockFile $lock $locked diff --git a/systemvm/patches/debian/config/root/redundant_router/heartbeat.sh.templ b/systemvm/patches/debian/config/root/redundant_router/heartbeat.sh.templ deleted file mode 100755 index e064c1a2cf39..000000000000 --- a/systemvm/patches/debian/config/root/redundant_router/heartbeat.sh.templ +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -t=$(date +%s) -echo $t > [RROUTER_BIN_PATH]/keepalived.ts diff --git a/systemvm/patches/debian/config/root/redundant_router/keepalived.conf.templ b/systemvm/patches/debian/config/root/redundant_router/keepalived.conf.templ deleted file mode 100644 index a4969a5b6983..000000000000 --- a/systemvm/patches/debian/config/root/redundant_router/keepalived.conf.templ +++ /dev/null @@ -1,57 +0,0 @@ -! Licensed to the Apache Software Foundation (ASF) under one -! or more contributor license agreements. See the NOTICE file -! distributed with this work for additional information -! regarding copyright ownership. The ASF licenses this file -! to you under the Apache License, Version 2.0 (the -! "License"); you may not use this file except in compliance -! with the License. You may obtain a copy of the License at -! -! http://www.apache.org/licenses/LICENSE-2.0 -! -! Unless required by applicable law or agreed to in writing, -! software distributed under the License is distributed on an -! "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -! KIND, either express or implied. See the License for the -! specific language governing permissions and limitations -! under the License. - -global_defs { - router_id [ROUTER_ID] -} - -vrrp_script check_bumpup { - script "[RROUTER_BIN_PATH]/check_bumpup.sh" - interval 5 - weight [DELTA] -} - -vrrp_script heartbeat { - script "[RROUTER_BIN_PATH]/heartbeat.sh" - interval 10 -} - -vrrp_instance inside_network { - state BACKUP - interface eth0 - virtual_router_id 51 - priority [PRIORITY] - - advert_int 1 - authentication { - auth_type PASS - auth_pass WORD - } - - virtual_ipaddress { - [ROUTER_IP] brd [BOARDCAST] dev eth0 - } - - track_script { - check_bumpup - heartbeat - } - - notify_master "[RROUTER_BIN_PATH]/master.sh" - notify_backup "[RROUTER_BIN_PATH]/backup.sh" - notify_fault "[RROUTER_BIN_PATH]/fault.sh" -} diff --git a/systemvm/patches/debian/config/root/redundant_router/master.sh.templ b/systemvm/patches/debian/config/root/redundant_router/master.sh.templ deleted file mode 100644 index 11ca6284f65b..000000000000 --- a/systemvm/patches/debian/config/root/redundant_router/master.sh.templ +++ /dev/null @@ -1,60 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -source /root/func.sh - -lock="biglock" -locked=$(getLockFile $lock) -if [ "$locked" != "1" ] -then - exit 1 -fi - -echo To master called >> [RROUTER_LOG] -[RROUTER_BIN_PATH]/enable_pubip.sh >> [RROUTER_LOG] 2>&1 -ret=$? -if [ $ret -eq 0 ] -then - [RROUTER_BIN_PATH]/services.sh restart >> [RROUTER_LOG] 2>&1 - ret=$? -fi -last_msg=`tail -n 1 [RROUTER_LOG]` -echo Enable public ip returned $ret >> [RROUTER_LOG] -if [ $ret -ne 0 ] -then - echo Fail to enable public ip! >> [RROUTER_LOG] - [RROUTER_BIN_PATH]/disable_pubip.sh >> [RROUTER_LOG] 2>&1 - [RROUTER_BIN_PATH]/services.sh stop >> [RROUTER_LOG] 2>&1 - service keepalived stop >> [RROUTER_LOG] 2>&1 - service conntrackd stop >> [RROUTER_LOG] 2>&1 - echo Status: FAULT \($last_msg\) >> [RROUTER_LOG] - releaseLockFile $lock $locked - exit -fi -[RROUTER_BIN_PATH]/primary-backup.sh primary >> [RROUTER_LOG] 2>&1 -ret=$? -echo Switch conntrackd mode primary returned $ret >> [RROUTER_LOG] -if [ $ret -ne 0 ] -then - echo Fail to switch conntrackd mode, but try to continue working >> [RROUTER_LOG] -fi -[RROUTER_BIN_PATH]/arping_gateways.sh -echo Status: MASTER >> [RROUTER_LOG] - -releaseLockFile $lock $locked -exit 0 diff --git a/systemvm/patches/debian/config/root/redundant_router/primary-backup.sh.templ b/systemvm/patches/debian/config/root/redundant_router/primary-backup.sh.templ deleted file mode 100644 index 4eb9eafe4fd2..000000000000 --- a/systemvm/patches/debian/config/root/redundant_router/primary-backup.sh.templ +++ /dev/null @@ -1,126 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -CONNTRACKD_BIN=/usr/sbin/conntrackd -CONNTRACKD_LOCK=/var/lock/conntrack.lock -CONNTRACKD_CONFIG=/etc/conntrackd/conntrackd.conf -CONNTRACKD_LOG=[RROUTER_LOG] - -case "$1" in - primary) - # - # commit the external cache into the kernel table - # - $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -c - if [ $? -eq 1 ] - then - logger "ERROR: failed to invoke conntrackd -c" - fi - - # - # flush the internal and the external caches - # - $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -f - if [ $? -eq 1 ] - then - logger "ERROR: failed to invoke conntrackd -f" - fi - - # - # resynchronize my internal cache to the kernel table - # - $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -R - if [ $? -eq 1 ] - then - logger "ERROR: failed to invoke conntrackd -R" - fi - - # - # send a bulk update to backups - # - $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -B - if [ $? -eq 1 ] - then - logger "ERROR: failed to invoke conntrackd -B" - fi - echo Conntrackd switch to primary done >> $CONNTRACKD_LOG - ;; - backup) - # - # is conntrackd running? request some statistics to check it - # - $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -s - if [ $? -eq 1 ] - then - # - # something's wrong, do we have a lock file? - # - if [ -f $CONNTRACKD_LOCK ] - then - logger "WARNING: conntrackd was not cleanly stopped." - logger "If you suspect that it has crashed:" - logger "1) Enable coredumps" - logger "2) Try to reproduce the problem" - logger "3) Post the coredump to netfilter-devel@vger.kernel.org" - rm -f $CONNTRACKD_LOCK - fi - $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -d - if [ $? -eq 1 ] - then - logger "ERROR: cannot launch conntrackd" - exit 1 - fi - fi - # - # shorten kernel conntrack timers to remove the zombie entries. - # - $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t - if [ $? -eq 1 ] - then - logger "ERROR: failed to invoke conntrackd -t" - fi - - # - # request resynchronization with master firewall replica (if any) - # Note: this does nothing in the alarm approach. - # - $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -n - if [ $? -eq 1 ] - then - logger "ERROR: failed to invoke conntrackd -n" - fi - echo Conntrackd switch to backup done >> $CONNTRACKD_LOG - ;; - fault) - # - # shorten kernel conntrack timers to remove the zombie entries. - # - $CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t - if [ $? -eq 1 ] - then - logger "ERROR: failed to invoke conntrackd -t" - fi - echo Conntrackd switch to fault done >> $CONNTRACKD_LOG - ;; - *) - logger "conntrackd: ERROR: unknown state transition: " $1 - echo "Usage: primary-backup.sh {primary|backup|fault}" - exit 1 - ;; -esac - -exit 0 diff --git a/systemvm/patches/debian/config/root/redundant_router/services.sh b/systemvm/patches/debian/config/root/redundant_router/services.sh deleted file mode 100644 index b7ebeed264cb..000000000000 --- a/systemvm/patches/debian/config/root/redundant_router/services.sh +++ /dev/null @@ -1,68 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -vpn_service() { - ps aux|grep ipsec | grep -v grep > /dev/null - no_vpn=$? - if [ $no_vpn -eq 1 ] - then - return 0 - fi - r=0 - case "$1" in - stop) - service ipsec stop && \ - service xl2tpd stop - r=$? - ;; - restart) - service ipsec restart && \ - service xl2tpd restart - r=$? - ;; - esac - return $r -} - -ret=0 -case "$1" in - start) - vpn_service restart && \ - service cloud-passwd-srvr start && \ - service dnsmasq start - ret=$? - ;; - stop) - vpn_service stop && \ - service cloud-passwd-srvr stop && \ - service dnsmasq stop - ret=$? - ;; - restart) - vpn_service restart && \ - service cloud-passwd-srvr restart && \ - service dnsmasq restart - ret=$? - ;; - *) - echo "Usage: services {start|stop|restart}" - exit 1 - ;; -esac - -exit $ret diff --git a/systemvm/patches/debian/convert.sh b/systemvm/patches/debian/convert.sh deleted file mode 100755 index 27098a134456..000000000000 --- a/systemvm/patches/debian/convert.sh +++ /dev/null @@ -1,64 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - - - - - - -begin=$(date +%s) -echo "Backing up systemvm.img" -cp systemvm.img systemvm.img.tmp -echo "Converting raw image to fixed vhd" -vhd-util convert -s 0 -t 1 -i systemvm.img.tmp -o systemvm.vhd &> /dev/null -echo "Converting fixed vhd to dynamic vhd" -vhd-util convert -s 1 -t 2 -i systemvm.vhd -o systemvm.vhd &> /dev/null -echo "Compressing vhd..." -bzip2 -c systemvm.vhd > systemvm.vhd.bz2 -echo "Done VHD" - -echo "Converting raw image to qcow2" -qemu-img convert -f raw -O qcow2 systemvm.img systemvm.qcow2 -echo "Compressing qcow2..." -bzip2 -c systemvm.qcow2 > systemvm.qcow2.bz2 -echo "Done qcow2" -echo "Converting raw image to vmdk" -qemu-img convert -f raw -O vmdk systemvm.img systemvm.vmdk -echo "Done creating vmdk" -echo "Creating ova appliance " -ovftool systemvm.vmx systemvm.ova -echo "Done creating OVA" -echo "Cleaning up..." -rm -vf systemvm.vmdk -rm -vf systemvm.vhd.bak - -echo "Compressing raw image..." -bzip2 -c systemvm.img > systemvm.img.bz2 -echo "Done compressing raw image" - -echo "Generating md5sums" -md5sum systemvm.img > md5sum -md5sum systemvm.img.bz2 >> md5sum -md5sum systemvm.vhd >> md5sum -md5sum systemvm.vhd.bz2 >> md5sum -md5sum systemvm.qcow2 >> md5sum -md5sum systemvm.qcow2.bz2 >> md5sum -md5sum systemvm.ova >> md5sum -fin=$(date +%s) -t=$((fin-begin)) -echo "Finished compressing/converting image in $t seconds" diff --git a/systemvm/patches/debian/config/etc/apache2/httpd.conf b/systemvm/patches/debian/etc/apache2/httpd.conf similarity index 100% rename from systemvm/patches/debian/config/etc/apache2/httpd.conf rename to systemvm/patches/debian/etc/apache2/httpd.conf diff --git a/systemvm/patches/debian/config/etc/apache2/vhost.template b/systemvm/patches/debian/etc/apache2/vhost.template similarity index 99% rename from systemvm/patches/debian/config/etc/apache2/vhost.template rename to systemvm/patches/debian/etc/apache2/vhost.template index 7b89c3b5b469..f393db55df3d 100644 --- a/systemvm/patches/debian/config/etc/apache2/vhost.template +++ b/systemvm/patches/debian/etc/apache2/vhost.template @@ -235,4 +235,3 @@ Listen 10.1.1.1:80 Listen 10.1.1.1:443 - diff --git a/systemvm/patches/debian/config/etc/cloud-nic.rules b/systemvm/patches/debian/etc/cloud-nic.rules similarity index 98% rename from systemvm/patches/debian/config/etc/cloud-nic.rules rename to systemvm/patches/debian/etc/cloud-nic.rules index 56e74ec4e9dc..e34e0c242c0a 100644 --- a/systemvm/patches/debian/config/etc/cloud-nic.rules +++ b/systemvm/patches/debian/etc/cloud-nic.rules @@ -1,2 +1 @@ SUBSYSTEM=="net" KERNEL=="eth*" RUN+="/opt/cloud/bin/cloud-nic.sh $env{ACTION} %k" - diff --git a/systemvm/patches/debian/config/etc/dnsmasq.conf.tmpl b/systemvm/patches/debian/etc/dnsmasq.conf.tmpl similarity index 99% rename from systemvm/patches/debian/config/etc/dnsmasq.conf.tmpl rename to systemvm/patches/debian/etc/dnsmasq.conf.tmpl index 403e20419758..4e9d24962934 100644 --- a/systemvm/patches/debian/config/etc/dnsmasq.conf.tmpl +++ b/systemvm/patches/debian/etc/dnsmasq.conf.tmpl @@ -172,11 +172,11 @@ dhcp-hostsfile=/etc/dhcphosts.txt #dhcp-range=1234::2, 1234::500, 64, 12h # Do Router Advertisements, BUT NOT DHCP for this subnet. -#dhcp-range=1234::, ra-only +#dhcp-range=1234::, ra-only # Do Router Advertisements, BUT NOT DHCP for this subnet, also try and -# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack -# hosts. Use the DHCPv4 lease to derive the name, network segment and +# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack +# hosts. Use the DHCPv4 lease to derive the name, network segment and # MAC address and assume that the host will also have an # IPv6 address calculated using the SLAAC alogrithm. #dhcp-range=1234::, ra-names @@ -199,9 +199,9 @@ dhcp-hostsfile=/etc/dhcphosts.txt #dhcp-range=1234::, ra-stateless, ra-names # Do router advertisements for all subnets where we're doing DHCPv6 -# Unless overriden by ra-stateless, ra-names, et al, the router +# Unless overriden by ra-stateless, ra-names, et al, the router # advertisements will have the M and O bits set, so that the clients -# get addresses and configuration from DHCPv6, and the A bit reset, so the +# get addresses and configuration from DHCPv6, and the A bit reset, so the # clients don't use SLAAC addresses. #enable-ra @@ -267,11 +267,11 @@ dhcp-hostsfile=/etc/dhcphosts.txt # any machine with Ethernet address starting 11:22:33: #dhcp-host=11:22:33:*:*:*,set:red -# Give a fixed IPv6 address and name to client with +# Give a fixed IPv6 address and name to client with # DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2 # Note the MAC addresses CANNOT be used to identify DHCPv6 clients. # Note also the they [] around the IPv6 address are obilgatory. -#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5] +#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5] # Ignore any clients which are not specified in dhcp-host lines # or /etc/ethers. Equivalent to ISC "deny unknown-clients". @@ -329,7 +329,7 @@ dhcp-ignore=tag:!known # Send DHCPv6 option. Note [] around IPv6 addresses. #dhcp-option=option6:dns-server,[1234::77],[1234::88] -# Send DHCPv6 option for namservers as the machine running +# Send DHCPv6 option for namservers as the machine running # dnsmasq and another. #dhcp-option=option6:dns-server,[::],[1234::88] diff --git a/systemvm/patches/debian/config/etc/haproxy/haproxy.cfg b/systemvm/patches/debian/etc/haproxy/haproxy.cfg similarity index 98% rename from systemvm/patches/debian/config/etc/haproxy/haproxy.cfg rename to systemvm/patches/debian/etc/haproxy/haproxy.cfg index 0adbfc6f3bb3..63da1ea694dd 100644 --- a/systemvm/patches/debian/config/etc/haproxy/haproxy.cfg +++ b/systemvm/patches/debian/etc/haproxy/haproxy.cfg @@ -4,7 +4,7 @@ global user haproxy group haproxy daemon - + defaults log global mode tcp @@ -20,8 +20,8 @@ defaults timeout connect 5000 timeout client 50000 timeout server 50000 - - + + listen cloud-default bind 0.0.0.0:35999 option transparent diff --git a/systemvm/patches/debian/config/etc/init.d/cloud-early-config b/systemvm/patches/debian/etc/init.d/cloud-early-config similarity index 100% rename from systemvm/patches/debian/config/etc/init.d/cloud-early-config rename to systemvm/patches/debian/etc/init.d/cloud-early-config diff --git a/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr b/systemvm/patches/debian/etc/init.d/cloud-passwd-srvr similarity index 99% rename from systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr rename to systemvm/patches/debian/etc/init.d/cloud-passwd-srvr index 05e2f37a336f..ffd0ec8d2066 100755 --- a/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr +++ b/systemvm/patches/debian/etc/init.d/cloud-passwd-srvr @@ -104,12 +104,12 @@ case "$1" in start) start ;; stop) stop - ;; + ;; status) status - ;; + ;; restart) stop start - ;; + ;; *) echo "Usage: $0 {start|stop|status|restart}" exit 1 ;; diff --git a/systemvm/patches/debian/config/etc/iptables/iptables-consoleproxy b/systemvm/patches/debian/etc/iptables/iptables-consoleproxy similarity index 84% rename from systemvm/patches/debian/config/etc/iptables/iptables-consoleproxy rename to systemvm/patches/debian/etc/iptables/iptables-consoleproxy index ae5d14d84615..9a1c9855eedc 100644 --- a/systemvm/patches/debian/config/etc/iptables/iptables-consoleproxy +++ b/systemvm/patches/debian/etc/iptables/iptables-consoleproxy @@ -7,7 +7,7 @@ # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -24,12 +24,12 @@ COMMIT :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] --A INPUT -i lo -j ACCEPT --A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT --A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT --A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT +-A INPUT -i lo -j ACCEPT +-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT +-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT +-A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp --icmp-type 13 -j DROP --A INPUT -p icmp -j ACCEPT +-A INPUT -p icmp -j ACCEPT -A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 3922 -j ACCEPT -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 8001 -j ACCEPT -A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 8001 -j ACCEPT diff --git a/systemvm/patches/debian/config/etc/iptables/iptables-dhcpsrvr b/systemvm/patches/debian/etc/iptables/iptables-dhcpsrvr similarity index 99% rename from systemvm/patches/debian/config/etc/iptables/iptables-dhcpsrvr rename to systemvm/patches/debian/etc/iptables/iptables-dhcpsrvr index b49b6b2f244e..9851ee7dbd96 100644 --- a/systemvm/patches/debian/config/etc/iptables/iptables-dhcpsrvr +++ b/systemvm/patches/debian/etc/iptables/iptables-dhcpsrvr @@ -7,7 +7,7 @@ # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY diff --git a/systemvm/patches/debian/config/etc/iptables/iptables-elbvm b/systemvm/patches/debian/etc/iptables/iptables-elbvm similarity index 99% rename from systemvm/patches/debian/config/etc/iptables/iptables-elbvm rename to systemvm/patches/debian/etc/iptables/iptables-elbvm index 17baef574819..21c5d4be36c4 100755 --- a/systemvm/patches/debian/config/etc/iptables/iptables-elbvm +++ b/systemvm/patches/debian/etc/iptables/iptables-elbvm @@ -7,7 +7,7 @@ # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -31,4 +31,3 @@ COMMIT -A INPUT -i lo -j ACCEPT -A INPUT -i eth1 -p tcp -m state --state NEW --dport 3922 -j ACCEPT COMMIT - diff --git a/systemvm/patches/debian/config/etc/iptables/iptables-ilbvm b/systemvm/patches/debian/etc/iptables/iptables-ilbvm similarity index 99% rename from systemvm/patches/debian/config/etc/iptables/iptables-ilbvm rename to systemvm/patches/debian/etc/iptables/iptables-ilbvm index 8d5ca651c754..05e7f5bdab04 100755 --- a/systemvm/patches/debian/config/etc/iptables/iptables-ilbvm +++ b/systemvm/patches/debian/etc/iptables/iptables-ilbvm @@ -7,7 +7,7 @@ # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -30,4 +30,3 @@ COMMIT -A INPUT -i lo -j ACCEPT -A INPUT -i eth1 -p tcp -m state --state NEW --dport 3922 -j ACCEPT COMMIT - diff --git a/systemvm/patches/debian/config/etc/iptables/iptables-router b/systemvm/patches/debian/etc/iptables/iptables-router similarity index 99% rename from systemvm/patches/debian/config/etc/iptables/iptables-router rename to systemvm/patches/debian/etc/iptables/iptables-router index b49b6b2f244e..9851ee7dbd96 100644 --- a/systemvm/patches/debian/config/etc/iptables/iptables-router +++ b/systemvm/patches/debian/etc/iptables/iptables-router @@ -7,7 +7,7 @@ # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY diff --git a/systemvm/patches/debian/config/etc/iptables/iptables-secstorage b/systemvm/patches/debian/etc/iptables/iptables-secstorage similarity index 81% rename from systemvm/patches/debian/config/etc/iptables/iptables-secstorage rename to systemvm/patches/debian/etc/iptables/iptables-secstorage index 313992411263..019aaa0bfb40 100755 --- a/systemvm/patches/debian/config/etc/iptables/iptables-secstorage +++ b/systemvm/patches/debian/etc/iptables/iptables-secstorage @@ -7,7 +7,7 @@ # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -25,12 +25,12 @@ COMMIT :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] :HTTP - [0:0] --A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT --A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT +-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT +-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT --A INPUT -i eth3 -m state --state RELATED,ESTABLISHED -j ACCEPT --A INPUT -i lo -j ACCEPT +-A INPUT -i eth3 -m state --state RELATED,ESTABLISHED -j ACCEPT +-A INPUT -i lo -j ACCEPT -A INPUT -p icmp --icmp-type 13 -j DROP --A INPUT -p icmp -j ACCEPT +-A INPUT -p icmp -j ACCEPT -A INPUT -i eth0 -p tcp -m state --state NEW --dport 3922 -j ACCEPT COMMIT diff --git a/systemvm/patches/debian/config/etc/iptables/iptables-vpcrouter b/systemvm/patches/debian/etc/iptables/iptables-vpcrouter similarity index 99% rename from systemvm/patches/debian/config/etc/iptables/iptables-vpcrouter rename to systemvm/patches/debian/etc/iptables/iptables-vpcrouter index 1c40493917b1..e6237c5a1cd8 100644 --- a/systemvm/patches/debian/config/etc/iptables/iptables-vpcrouter +++ b/systemvm/patches/debian/etc/iptables/iptables-vpcrouter @@ -7,7 +7,7 @@ # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY diff --git a/systemvm/patches/debian/config/etc/iptables/rt_tables_init b/systemvm/patches/debian/etc/iptables/rt_tables_init similarity index 99% rename from systemvm/patches/debian/config/etc/iptables/rt_tables_init rename to systemvm/patches/debian/etc/iptables/rt_tables_init index c7f086bdaed4..9a265c1d62d5 100644 --- a/systemvm/patches/debian/config/etc/iptables/rt_tables_init +++ b/systemvm/patches/debian/etc/iptables/rt_tables_init @@ -7,7 +7,7 @@ # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY diff --git a/systemvm/patches/debian/config/etc/iptables/rules b/systemvm/patches/debian/etc/iptables/rules similarity index 99% rename from systemvm/patches/debian/config/etc/iptables/rules rename to systemvm/patches/debian/etc/iptables/rules index 7c577615167b..ecd905dbc87f 100644 --- a/systemvm/patches/debian/config/etc/iptables/rules +++ b/systemvm/patches/debian/etc/iptables/rules @@ -7,7 +7,7 @@ # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -39,4 +39,3 @@ COMMIT -A FORWARD -i eth0 -o eth2 -j ACCEPT -A FORWARD -i eth2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT COMMIT - diff --git a/systemvm/patches/debian/config/etc/logrotate.conf b/systemvm/patches/debian/etc/logrotate.conf similarity index 99% rename from systemvm/patches/debian/config/etc/logrotate.conf rename to systemvm/patches/debian/etc/logrotate.conf index a44abf9a39b6..d213d4e9ce87 100644 --- a/systemvm/patches/debian/config/etc/logrotate.conf +++ b/systemvm/patches/debian/etc/logrotate.conf @@ -23,4 +23,3 @@ include /etc/logrotate.d create 0600 root utmp rotate 1 } - diff --git a/systemvm/patches/debian/config/etc/logrotate.d/apache2 b/systemvm/patches/debian/etc/logrotate.d/apache2 similarity index 100% rename from systemvm/patches/debian/config/etc/logrotate.d/apache2 rename to systemvm/patches/debian/etc/logrotate.d/apache2 diff --git a/systemvm/patches/debian/config/etc/logrotate.d/cloud b/systemvm/patches/debian/etc/logrotate.d/cloud similarity index 100% rename from systemvm/patches/debian/config/etc/logrotate.d/cloud rename to systemvm/patches/debian/etc/logrotate.d/cloud diff --git a/systemvm/patches/debian/config/etc/logrotate.d/conntrackd b/systemvm/patches/debian/etc/logrotate.d/conntrackd similarity index 100% rename from systemvm/patches/debian/config/etc/logrotate.d/conntrackd rename to systemvm/patches/debian/etc/logrotate.d/conntrackd diff --git a/systemvm/patches/debian/config/etc/logrotate.d/dnsmasq b/systemvm/patches/debian/etc/logrotate.d/dnsmasq similarity index 99% rename from systemvm/patches/debian/config/etc/logrotate.d/dnsmasq rename to systemvm/patches/debian/etc/logrotate.d/dnsmasq index 8a797e98d2fa..27b6ebc94472 100644 --- a/systemvm/patches/debian/config/etc/logrotate.d/dnsmasq +++ b/systemvm/patches/debian/etc/logrotate.d/dnsmasq @@ -10,4 +10,3 @@ endscript create 0640 dnsmasq root } - diff --git a/systemvm/patches/debian/config/etc/logrotate.d/haproxy b/systemvm/patches/debian/etc/logrotate.d/haproxy similarity index 100% rename from systemvm/patches/debian/config/etc/logrotate.d/haproxy rename to systemvm/patches/debian/etc/logrotate.d/haproxy diff --git a/systemvm/patches/debian/config/etc/logrotate.d/ppp b/systemvm/patches/debian/etc/logrotate.d/ppp similarity index 98% rename from systemvm/patches/debian/config/etc/logrotate.d/ppp rename to systemvm/patches/debian/etc/logrotate.d/ppp index ce02c174e56c..37af2f2b1f75 100644 --- a/systemvm/patches/debian/config/etc/logrotate.d/ppp +++ b/systemvm/patches/debian/etc/logrotate.d/ppp @@ -6,4 +6,3 @@ compress nocreate } - diff --git a/systemvm/patches/debian/config/etc/logrotate.d/rsyslog b/systemvm/patches/debian/etc/logrotate.d/rsyslog similarity index 100% rename from systemvm/patches/debian/config/etc/logrotate.d/rsyslog rename to systemvm/patches/debian/etc/logrotate.d/rsyslog diff --git a/systemvm/patches/debian/config/etc/modprobe.d/aesni_intel.conf b/systemvm/patches/debian/etc/modprobe.d/aesni_intel.conf similarity index 100% rename from systemvm/patches/debian/config/etc/modprobe.d/aesni_intel.conf rename to systemvm/patches/debian/etc/modprobe.d/aesni_intel.conf diff --git a/systemvm/patches/debian/config/etc/modprobe.d/pcspkr.conf b/systemvm/patches/debian/etc/modprobe.d/pcspkr.conf similarity index 100% rename from systemvm/patches/debian/config/etc/modprobe.d/pcspkr.conf rename to systemvm/patches/debian/etc/modprobe.d/pcspkr.conf diff --git a/systemvm/patches/debian/config/etc/profile.d/cloud.sh b/systemvm/patches/debian/etc/profile.d/cloud.sh similarity index 99% rename from systemvm/patches/debian/config/etc/profile.d/cloud.sh rename to systemvm/patches/debian/etc/profile.d/cloud.sh index 844527fb23ba..fdc160037c42 100755 --- a/systemvm/patches/debian/config/etc/profile.d/cloud.sh +++ b/systemvm/patches/debian/etc/profile.d/cloud.sh @@ -14,7 +14,7 @@ # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. - + if [ "`id -u`" -eq 0 ]; then PATH=${PATH}:/opt/cloud/bin diff --git a/systemvm/patches/debian/config/etc/rc.local b/systemvm/patches/debian/etc/rc.local similarity index 100% rename from systemvm/patches/debian/config/etc/rc.local rename to systemvm/patches/debian/etc/rc.local diff --git a/systemvm/patches/debian/config/etc/rsyslog.conf b/systemvm/patches/debian/etc/rsyslog.conf similarity index 100% rename from systemvm/patches/debian/config/etc/rsyslog.conf rename to systemvm/patches/debian/etc/rsyslog.conf diff --git a/systemvm/patches/debian/config/etc/ssh/sshd_config b/systemvm/patches/debian/etc/ssh/sshd_config similarity index 96% rename from systemvm/patches/debian/config/etc/ssh/sshd_config rename to systemvm/patches/debian/etc/ssh/sshd_config index 75f30cc1f363..4931cdb028a1 100644 --- a/systemvm/patches/debian/config/etc/ssh/sshd_config +++ b/systemvm/patches/debian/etc/ssh/sshd_config @@ -43,8 +43,8 @@ PermitRootLogin yes #MaxAuthTries 6 #RSAAuthentication yes -#PubkeyAuthentication yes -#AuthorizedKeysFile .ssh/authorized_keys +PubkeyAuthentication yes +AuthorizedKeysFile .ssh/authorized_keys # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts #RhostsRSAAuthentication no @@ -77,8 +77,8 @@ GSSAPIAuthentication no #GSSAPICleanupCredentials yes GSSAPICleanupCredentials yes -# Set this to 'yes' to enable PAM authentication, account processing, -# and session processing. If this is enabled, PAM authentication will +# Set this to 'yes' to enable PAM authentication, account processing, +# and session processing. If this is enabled, PAM authentication will # be allowed through the ChallengeResponseAuthentication and # PasswordAuthentication. Depending on your PAM configuration, # PAM authentication via ChallengeResponseAuthentication may bypass @@ -90,8 +90,8 @@ GSSAPICleanupCredentials yes UsePAM yes # Accept locale-related environment variables -AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES -AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES +AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT AcceptEnv LC_IDENTIFICATION LC_ALL #AllowTcpForwarding yes #GatewayPorts no @@ -101,7 +101,7 @@ AcceptEnv LC_IDENTIFICATION LC_ALL #X11UseLocalhost yes #PrintMotd yes #PrintLastLog yes -#TCPKeepAlive yes +TCPKeepAlive yes #UseLogin no #UsePrivilegeSeparation yes #PermitUserEnvironment no diff --git a/systemvm/patches/debian/config/etc/sysctl.conf b/systemvm/patches/debian/etc/sysctl.conf similarity index 97% rename from systemvm/patches/debian/config/etc/sysctl.conf rename to systemvm/patches/debian/etc/sysctl.conf index 91baa5d31ed3..8e6d7520006f 100644 --- a/systemvm/patches/debian/config/etc/sysctl.conf +++ b/systemvm/patches/debian/etc/sysctl.conf @@ -1,4 +1,4 @@ -# Kernel sysctl configuration file +# Kernel sysctl configuration file # # For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and # sysctl.conf(5) for more details. diff --git a/systemvm/patches/debian/config/etc/vpcdnsmasq.conf b/systemvm/patches/debian/etc/vpcdnsmasq.conf similarity index 97% rename from systemvm/patches/debian/config/etc/vpcdnsmasq.conf rename to systemvm/patches/debian/etc/vpcdnsmasq.conf index 7c29e65d269d..1a4b0c29552a 100644 --- a/systemvm/patches/debian/config/etc/vpcdnsmasq.conf +++ b/systemvm/patches/debian/etc/vpcdnsmasq.conf @@ -48,7 +48,7 @@ resolv-file=/etc/dnsmasq-resolv.conf # non-public domains. #server=/localnet/192.168.0.1 -# Example of routing PTR queries to nameservers: this will send all +# Example of routing PTR queries to nameservers: this will send all # address->name queries for 192.168.3/24 to nameserver 10.1.2.3 #server=/3.168.192.in-addr.arpa/10.1.2.3 @@ -186,7 +186,7 @@ expand-hosts # Ignore any clients which are specified in dhcp-host lines # or /etc/ethers. Equivalent to ISC "deny unkown-clients". -# This relies on the special "known" tag which is set when +# This relies on the special "known" tag which is set when # a host is matched. #dhcp-ignore=#known @@ -210,11 +210,11 @@ expand-hosts # Send options to hosts which ask for a DHCP lease. # See RFC 2132 for details of available options. -# Common options can be given to dnsmasq by name: +# Common options can be given to dnsmasq by name: # run "dnsmasq --help dhcp" to get a list. # Note that all the common settings, such as netmask and # broadcast address, DNS server and default route, are given -# sane defaults by dnsmasq. You very likely will not need +# sane defaults by dnsmasq. You very likely will not need # any dhcp-options. If you use Windows clients and Samba, there # are some options which are recommended, they are detailed at the # end of this section. @@ -228,7 +228,7 @@ expand-hosts # Override the default route supplied by dnsmasq and send no default # route at all. Note that this only works for the options sent by -# default (1, 3, 6, 12, 28) the same line will send a zero-length option +# default (1, 3, 6, 12, 28) the same line will send a zero-length option # for all other option numbers. #dhcp-option=3 @@ -279,10 +279,10 @@ dhcp-option=15,"2.vmops-test.vmops.com" # Send RFC-3442 classless static routes (note the netmask encoding) #dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8 -# Send vendor-class specific options encapsulated in DHCP option 43. +# Send vendor-class specific options encapsulated in DHCP option 43. # The meaning of the options is defined by the vendor-class so # options are sent only when the client supplied vendor class -# matches the class given here. (A substring match is OK, so "MSFT" +# matches the class given here. (A substring match is OK, so "MSFT" # matches "MSFT" and "MSFT 5.0"). This example sets the # mtftp address to 0.0.0.0 for PXEClients. #dhcp-option=vendor:PXEClient,1,0.0.0.0 @@ -299,7 +299,7 @@ dhcp-option=vendor:MSFT,2,1i # Send options to PXELinux. Note that we need to send the options even # though they don't appear in the parameter request list, so we need -# to use dhcp-option-force here. +# to use dhcp-option-force here. # See http://syslinux.zytor.com/pxe.php#special for details. # Magic number - needed before anything else is recognised #dhcp-option-force=208,f1:00:74:7e @@ -310,7 +310,7 @@ dhcp-option=vendor:MSFT,2,1i # Reboot time. (Note 'i' to send 32-bit value) #dhcp-option-force=211,30i -# Set the boot filename for BOOTP. You will only need +# Set the boot filename for BOOTP. You will only need # this is you want to boot machines over the network and you will need # a TFTP server; either dnsmasq's built in TFTP server or an # external one. (See below for how to enable the TFTP server.) @@ -353,9 +353,9 @@ leasefile-ro #dhcp-authoritative # Run an executable when a DHCP lease is created or destroyed. -# The arguments sent to the script are "add" or "del", +# The arguments sent to the script are "add" or "del", # then the MAC address, the IP address and finally the hostname -# if there is one. +# if there is one. #dhcp-script=/bin/echo # Set the cachesize here. diff --git a/systemvm/patches/debian/config/opt/cloud/bin/baremetal-vr.py b/systemvm/patches/debian/opt/cloud/bin/baremetal-vr.py similarity index 97% rename from systemvm/patches/debian/config/opt/cloud/bin/baremetal-vr.py rename to systemvm/patches/debian/opt/cloud/bin/baremetal-vr.py index 51ab58223534..e5b6aca51d66 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/baremetal-vr.py +++ b/systemvm/patches/debian/opt/cloud/bin/baremetal-vr.py @@ -1,161 +1,161 @@ -#Licensed to the Apache Software Foundation (ASF) under one -#or more contributor license agreements. See the NOTICE file -#distributed with this work for additional information -#regarding copyright ownership. The ASF licenses this file -#to you under the Apache License, Version 2.0 (the -#"License"); you may not use this file except in compliance -#with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -#Unless required by applicable law or agreed to in writing, -#software distributed under the License is distributed on an -#"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -#KIND, either express or implied. See the License for the -#specific language governing permissions and limitations -#under the License. - -__author__ = 'frank' - -import subprocess -import urllib -import hmac -import hashlib -import base64 -import traceback -import logging - -from flask import Flask - -app = Flask(__name__) - -logger = logging.getLogger('baremetal-vr') -hdlr = logging.FileHandler('/var/log/baremetal-vr.log') -formatter = logging.Formatter('%(asctime)s %(levelname)s %(message)s') -hdlr.setFormatter(formatter) -logger.addHandler(hdlr) -logger.setLevel(logging.WARNING) - -class ShellCmd(object): - ''' - classdocs - ''' - def __init__(self, cmd, workdir=None, pipe=True): - ''' - Constructor - ''' - self.cmd = cmd - if pipe: - self.process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.PIPE, executable='/bin/sh', cwd=workdir) - else: - self.process = subprocess.Popen(cmd, shell=True, executable='/bin/sh', cwd=workdir) - - self.stdout = None - self.stderr = None - self.return_code = None - - def __call__(self, is_exception=True): - (self.stdout, self.stderr) = self.process.communicate() - if is_exception and self.process.returncode != 0: - err = [] - err.append('failed to execute shell command: %s' % self.cmd) - err.append('return code: %s' % self.process.returncode) - err.append('stdout: %s' % self.stdout) - err.append('stderr: %s' % self.stderr) - raise Exception('\n'.join(err)) - - self.return_code = self.process.returncode - return self.stdout - -def shell(cmd): - return ShellCmd(cmd)() - - -class Server(object): - CMDLINE = '/var/cache/cloud/cmdline' - def __init__(self): - self.apikey = None - self.secretkey = None - self.mgmtIp = None - self.mgmtPort = None - - def _get_credentials(self): - if not self.apikey or not self.secretkey: - with open(self.CMDLINE, 'r') as fd: - cmdline = fd.read() - for p in cmdline.split(): - if 'baremetalnotificationsecuritykey' in p: - self.secretkey = p.split("=")[1] - if 'baremetalnotificationapikey' in p: - self.apikey = p.split("=")[1] - - if not self.apikey: - raise Exception('cannot find baremetalnotificationapikey in %s' % Server.CMDLINE) - if not self.secretkey: - raise Exception('cannot find baremetalnotificationsecuritykey in %s' % Server.CMDLINE) - - return self.apikey, self.secretkey - - def _get_mgmt_ip(self): - if not self.mgmtIp: - with open(self.CMDLINE, 'r') as fd: - cmdline = fd.read() - for p in cmdline.split(): - if 'host' in p: - self.mgmtIp = p.split("=")[1] - break - - if not self.mgmtIp: - raise Exception('cannot find host in %s' % Server.CMDLINE) - - return self.mgmtIp - - def _get_mgmt_port(self): - if not self.mgmtPort: - with open(self.CMDLINE, 'r') as fd: - cmdline = fd.read() - for p in cmdline.split(): - if 'port' in p: - self.mgmtPort = p.split("=")[1] - break - - if not self.mgmtIp: - raise Exception('cannot find port in %s' % Server.CMDLINE) - - return self.mgmtPort - - def _make_sign(self, mac): - apikey, secretkey = self._get_credentials() - reqs = { - "apiKey": apikey, - "command": 'notifyBaremetalProvisionDone', - "mac": mac - } - - request = zip(reqs.keys(), reqs.values()) - request.sort(key=lambda x: str.lower(x[0])) - hashStr = "&".join(["=".join([str.lower(r[0]), str.lower(urllib.quote_plus(str(r[1]))).replace("+", "%20").replace('=', '%3d')]) for r in request]) - sig = urllib.quote_plus(base64.encodestring(hmac.new(secretkey, hashStr, hashlib.sha1).digest()).strip()) - return sig - - def notify_provisioning_done(self, mac): - sig = self._make_sign(mac) - cmd = 'http://%s:%s/client/api?command=notifyBaremetalProvisionDone&mac=%s&apiKey=%s&signature=%s' % (self._get_mgmt_ip(), self._get_mgmt_port(), mac, self.apikey, sig) - shell("curl -X GET '%s'" % cmd) - return '' - -server = None - -@app.route('/baremetal/provisiondone/', methods=['GET']) -def notify_provisioning_done(mac): - try: - return server.notify_provisioning_done(mac) - except: - logger.warn(traceback.format_exc()) - return '' - - -if __name__ == '__main__': - server = Server() - shell("iptables-save | grep -- '-A INPUT -i eth0 -p tcp -m tcp --dport 10086 -j ACCEPT' > /dev/null || iptables -I INPUT -i eth0 -p tcp -m tcp --dport 10086 -j ACCEPT") - app.run(host='0.0.0.0', port=10086, debug=True) +#Licensed to the Apache Software Foundation (ASF) under one +#or more contributor license agreements. See the NOTICE file +#distributed with this work for additional information +#regarding copyright ownership. The ASF licenses this file +#to you under the Apache License, Version 2.0 (the +#"License"); you may not use this file except in compliance +#with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +#Unless required by applicable law or agreed to in writing, +#software distributed under the License is distributed on an +#"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +#KIND, either express or implied. See the License for the +#specific language governing permissions and limitations +#under the License. + +__author__ = 'frank' + +import subprocess +import urllib +import hmac +import hashlib +import base64 +import traceback +import logging + +from flask import Flask + +app = Flask(__name__) + +logger = logging.getLogger('baremetal-vr') +hdlr = logging.FileHandler('/var/log/baremetal-vr.log') +formatter = logging.Formatter('%(asctime)s %(levelname)s %(message)s') +hdlr.setFormatter(formatter) +logger.addHandler(hdlr) +logger.setLevel(logging.WARNING) + +class ShellCmd(object): + ''' + classdocs + ''' + def __init__(self, cmd, workdir=None, pipe=True): + ''' + Constructor + ''' + self.cmd = cmd + if pipe: + self.process = subprocess.Popen(cmd, shell=True, stdout=subprocess.PIPE, stdin=subprocess.PIPE, stderr=subprocess.PIPE, executable='/bin/sh', cwd=workdir) + else: + self.process = subprocess.Popen(cmd, shell=True, executable='/bin/sh', cwd=workdir) + + self.stdout = None + self.stderr = None + self.return_code = None + + def __call__(self, is_exception=True): + (self.stdout, self.stderr) = self.process.communicate() + if is_exception and self.process.returncode != 0: + err = [] + err.append('failed to execute shell command: %s' % self.cmd) + err.append('return code: %s' % self.process.returncode) + err.append('stdout: %s' % self.stdout) + err.append('stderr: %s' % self.stderr) + raise Exception('\n'.join(err)) + + self.return_code = self.process.returncode + return self.stdout + +def shell(cmd): + return ShellCmd(cmd)() + + +class Server(object): + CMDLINE = '/var/cache/cloud/cmdline' + def __init__(self): + self.apikey = None + self.secretkey = None + self.mgmtIp = None + self.mgmtPort = None + + def _get_credentials(self): + if not self.apikey or not self.secretkey: + with open(self.CMDLINE, 'r') as fd: + cmdline = fd.read() + for p in cmdline.split(): + if 'baremetalnotificationsecuritykey' in p: + self.secretkey = p.split("=")[1] + if 'baremetalnotificationapikey' in p: + self.apikey = p.split("=")[1] + + if not self.apikey: + raise Exception('cannot find baremetalnotificationapikey in %s' % Server.CMDLINE) + if not self.secretkey: + raise Exception('cannot find baremetalnotificationsecuritykey in %s' % Server.CMDLINE) + + return self.apikey, self.secretkey + + def _get_mgmt_ip(self): + if not self.mgmtIp: + with open(self.CMDLINE, 'r') as fd: + cmdline = fd.read() + for p in cmdline.split(): + if 'host' in p: + self.mgmtIp = p.split("=")[1] + break + + if not self.mgmtIp: + raise Exception('cannot find host in %s' % Server.CMDLINE) + + return self.mgmtIp + + def _get_mgmt_port(self): + if not self.mgmtPort: + with open(self.CMDLINE, 'r') as fd: + cmdline = fd.read() + for p in cmdline.split(): + if 'port' in p: + self.mgmtPort = p.split("=")[1] + break + + if not self.mgmtIp: + raise Exception('cannot find port in %s' % Server.CMDLINE) + + return self.mgmtPort + + def _make_sign(self, mac): + apikey, secretkey = self._get_credentials() + reqs = { + "apiKey": apikey, + "command": 'notifyBaremetalProvisionDone', + "mac": mac + } + + request = zip(reqs.keys(), reqs.values()) + request.sort(key=lambda x: str.lower(x[0])) + hashStr = "&".join(["=".join([str.lower(r[0]), str.lower(urllib.quote_plus(str(r[1]))).replace("+", "%20").replace('=', '%3d')]) for r in request]) + sig = urllib.quote_plus(base64.encodestring(hmac.new(secretkey, hashStr, hashlib.sha1).digest()).strip()) + return sig + + def notify_provisioning_done(self, mac): + sig = self._make_sign(mac) + cmd = 'http://%s:%s/client/api?command=notifyBaremetalProvisionDone&mac=%s&apiKey=%s&signature=%s' % (self._get_mgmt_ip(), self._get_mgmt_port(), mac, self.apikey, sig) + shell("curl -X GET '%s'" % cmd) + return '' + +server = None + +@app.route('/baremetal/provisiondone/', methods=['GET']) +def notify_provisioning_done(mac): + try: + return server.notify_provisioning_done(mac) + except: + logger.warn(traceback.format_exc()) + return '' + + +if __name__ == '__main__': + server = Server() + shell("iptables-save | grep -- '-A INPUT -i eth0 -p tcp -m tcp --dport 10086 -j ACCEPT' > /dev/null || iptables -I INPUT -i eth0 -p tcp -m tcp --dport 10086 -j ACCEPT") + app.run(host='0.0.0.0', port=10086, debug=True) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/baremetal_snat.sh b/systemvm/patches/debian/opt/cloud/bin/baremetal_snat.sh similarity index 98% rename from systemvm/patches/debian/config/opt/cloud/bin/baremetal_snat.sh rename to systemvm/patches/debian/opt/cloud/bin/baremetal_snat.sh index 22e56692d7d3..2092ded4e4e3 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/baremetal_snat.sh +++ b/systemvm/patches/debian/opt/cloud/bin/baremetal_snat.sh @@ -48,7 +48,6 @@ fi rule="-A FORWARD -d $internal_server_ip/32 -i eth0 -o eth1 -j ACCEPT" iptables-save | grep -- "$rule" > /dev/null -if [ $? -ne 0 ]; then +if [ $? -ne 0 ]; then iptables -I FORWARD -d $internal_server_ip/32 -i eth0 -o eth1 -j ACCEPT fi - diff --git a/systemvm/patches/debian/config/opt/cloud/bin/bumpup_priority.sh b/systemvm/patches/debian/opt/cloud/bin/bumpup_priority.sh similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/bumpup_priority.sh rename to systemvm/patches/debian/opt/cloud/bin/bumpup_priority.sh diff --git a/systemvm/patches/debian/config/opt/cloud/bin/checkbatchs2svpn.sh b/systemvm/patches/debian/opt/cloud/bin/checkbatchs2svpn.sh similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/checkbatchs2svpn.sh rename to systemvm/patches/debian/opt/cloud/bin/checkbatchs2svpn.sh diff --git a/systemvm/patches/debian/config/opt/cloud/bin/checkrouter.sh b/systemvm/patches/debian/opt/cloud/bin/checkrouter.sh similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/checkrouter.sh rename to systemvm/patches/debian/opt/cloud/bin/checkrouter.sh diff --git a/systemvm/patches/debian/config/opt/cloud/bin/checks2svpn.sh b/systemvm/patches/debian/opt/cloud/bin/checks2svpn.sh similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/checks2svpn.sh rename to systemvm/patches/debian/opt/cloud/bin/checks2svpn.sh diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cloud-nic.sh b/systemvm/patches/debian/opt/cloud/bin/cloud-nic.sh similarity index 97% rename from systemvm/patches/debian/config/opt/cloud/bin/cloud-nic.sh rename to systemvm/patches/debian/opt/cloud/bin/cloud-nic.sh index 871b789e7e56..ad7e6e5f9f74 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cloud-nic.sh +++ b/systemvm/patches/debian/opt/cloud/bin/cloud-nic.sh @@ -46,7 +46,7 @@ unplug_nic() { rule=$(echo $rule | sed 's/\-A/\-D/') sudo iptables -t mangle $rule done - sudo iptables -t mangle -X VPN_STATS_$dev 2>/dev/null + sudo iptables -t mangle -X VPN_STATS_$dev 2>/dev/null # remove rules on this dev iptables-save -t mangle | grep $dev | grep "\-A" | while read rule do diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/opt/cloud/bin/configure.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/configure.py rename to systemvm/patches/debian/opt/cloud/bin/configure.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py b/systemvm/patches/debian/opt/cloud/bin/cs/CsAddress.py similarity index 99% rename from systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py rename to systemvm/patches/debian/opt/cloud/bin/cs/CsAddress.py index 071a7b2ec488..d190a723f0c1 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsAddress.py +++ b/systemvm/patches/debian/opt/cloud/bin/cs/CsAddress.py @@ -717,4 +717,3 @@ def cpus(self): if count < 2: logging.debug("Single CPU machine") return count - diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py b/systemvm/patches/debian/opt/cloud/bin/cs/CsApp.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py rename to systemvm/patches/debian/opt/cloud/bin/cs/CsApp.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsConfig.py b/systemvm/patches/debian/opt/cloud/bin/cs/CsConfig.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs/CsConfig.py rename to systemvm/patches/debian/opt/cloud/bin/cs/CsConfig.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py b/systemvm/patches/debian/opt/cloud/bin/cs/CsDatabag.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs/CsDatabag.py rename to systemvm/patches/debian/opt/cloud/bin/cs/CsDatabag.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py b/systemvm/patches/debian/opt/cloud/bin/cs/CsDhcp.py similarity index 99% rename from systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py rename to systemvm/patches/debian/opt/cloud/bin/cs/CsDhcp.py index 3c267a0aca1b..fbd1e053ce60 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py +++ b/systemvm/patches/debian/opt/cloud/bin/cs/CsDhcp.py @@ -161,4 +161,3 @@ def add(self, entry): def add_host(self, ip, hosts): self.hosts[ip] = hosts - diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsFile.py b/systemvm/patches/debian/opt/cloud/bin/cs/CsFile.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs/CsFile.py rename to systemvm/patches/debian/opt/cloud/bin/cs/CsFile.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsGuestNetwork.py b/systemvm/patches/debian/opt/cloud/bin/cs/CsGuestNetwork.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs/CsGuestNetwork.py rename to systemvm/patches/debian/opt/cloud/bin/cs/CsGuestNetwork.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py b/systemvm/patches/debian/opt/cloud/bin/cs/CsHelper.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py rename to systemvm/patches/debian/opt/cloud/bin/cs/CsHelper.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsLoadBalancer.py b/systemvm/patches/debian/opt/cloud/bin/cs/CsLoadBalancer.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs/CsLoadBalancer.py rename to systemvm/patches/debian/opt/cloud/bin/cs/CsLoadBalancer.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsMonitor.py b/systemvm/patches/debian/opt/cloud/bin/cs/CsMonitor.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs/CsMonitor.py rename to systemvm/patches/debian/opt/cloud/bin/cs/CsMonitor.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsNetfilter.py b/systemvm/patches/debian/opt/cloud/bin/cs/CsNetfilter.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs/CsNetfilter.py rename to systemvm/patches/debian/opt/cloud/bin/cs/CsNetfilter.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsProcess.py b/systemvm/patches/debian/opt/cloud/bin/cs/CsProcess.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs/CsProcess.py rename to systemvm/patches/debian/opt/cloud/bin/cs/CsProcess.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py b/systemvm/patches/debian/opt/cloud/bin/cs/CsRedundant.py similarity index 98% rename from systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py rename to systemvm/patches/debian/opt/cloud/bin/cs/CsRedundant.py index f8d2bc256651..99c7458d32e3 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRedundant.py +++ b/systemvm/patches/debian/opt/cloud/bin/cs/CsRedundant.py @@ -74,8 +74,8 @@ def set(self): def _redundant_off(self): CsHelper.service("conntrackd", "stop") CsHelper.service("keepalived", "stop") - CsHelper.umount_tmpfs(self.CS_RAMDISK_DIR) - CsHelper.rmdir(self.CS_RAMDISK_DIR) + #CsHelper.umount_tmpfs(self.CS_RAMDISK_DIR) + #CsHelper.rmdir(self.CS_RAMDISK_DIR) CsHelper.rm(self.CONNTRACKD_CONF) CsHelper.rm(self.KEEPALIVED_CONF) @@ -103,16 +103,16 @@ def _redundant_on(self): if devUp: logging.info("Device %s is present, let's start keepalive now." % dev) isDeviceReady = True - + if not isDeviceReady: logging.info("Guest network not configured yet, let's stop router redundancy for now.") CsHelper.service("conntrackd", "stop") CsHelper.service("keepalived", "stop") return - CsHelper.mkdir(self.CS_RAMDISK_DIR, 0755, False) - CsHelper.mount_tmpfs(self.CS_RAMDISK_DIR) - CsHelper.mkdir(self.CS_ROUTER_DIR, 0755, False) + #CsHelper.mkdir(self.CS_RAMDISK_DIR, 0755, False) + #CsHelper.mount_tmpfs(self.CS_RAMDISK_DIR) + #CsHelper.mkdir(self.CS_ROUTER_DIR, 0755, False) for s in self.CS_TEMPLATES: d = s if s.endswith(".templ"): @@ -150,7 +150,7 @@ def _redundant_on(self): # conntrackd configuration conntrackd_template_conf = "%s/%s" % (self.CS_TEMPLATES_DIR, "conntrackd.conf.templ") conntrackd_temp_bkp = "%s/%s" % (self.CS_TEMPLATES_DIR, "conntrackd.conf.templ.bkp") - + CsHelper.copy(conntrackd_template_conf, conntrackd_temp_bkp) conntrackd_tmpl = CsFile(conntrackd_template_conf) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRoute.py b/systemvm/patches/debian/opt/cloud/bin/cs/CsRoute.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs/CsRoute.py rename to systemvm/patches/debian/opt/cloud/bin/cs/CsRoute.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsRule.py b/systemvm/patches/debian/opt/cloud/bin/cs/CsRule.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs/CsRule.py rename to systemvm/patches/debian/opt/cloud/bin/cs/CsRule.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsStaticRoutes.py b/systemvm/patches/debian/opt/cloud/bin/cs/CsStaticRoutes.py similarity index 95% rename from systemvm/patches/debian/config/opt/cloud/bin/cs/CsStaticRoutes.py rename to systemvm/patches/debian/opt/cloud/bin/cs/CsStaticRoutes.py index 57b259aabc4e..df98b2e03ce3 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsStaticRoutes.py +++ b/systemvm/patches/debian/opt/cloud/bin/cs/CsStaticRoutes.py @@ -17,8 +17,9 @@ # specific language governing permissions and limitations # under the License. +import logging +import CsHelper from CsDatabag import CsDataBag -from CsRedundant import * class CsStaticRoutes(CsDataBag): @@ -39,4 +40,4 @@ def __update(self, route): result = CsHelper.execute(command) if not result: route_command = "ip route add %s via %s" % (route['network'], route['gateway']) - CsHelper.execute(route_command) \ No newline at end of file + CsHelper.execute(route_command) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/__init__.py b/systemvm/patches/debian/opt/cloud/bin/cs/__init__.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs/__init__.py rename to systemvm/patches/debian/opt/cloud/bin/cs/__init__.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_cmdline.py b/systemvm/patches/debian/opt/cloud/bin/cs_cmdline.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs_cmdline.py rename to systemvm/patches/debian/opt/cloud/bin/cs_cmdline.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_dhcp.py b/systemvm/patches/debian/opt/cloud/bin/cs_dhcp.py similarity index 91% rename from systemvm/patches/debian/config/opt/cloud/bin/cs_dhcp.py rename to systemvm/patches/debian/opt/cloud/bin/cs_dhcp.py index b1fb59340701..04e9b1c8ef8a 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs_dhcp.py +++ b/systemvm/patches/debian/opt/cloud/bin/cs_dhcp.py @@ -32,8 +32,7 @@ def merge(dbag, data): break if remove_key is not None: del(dbag[remove_key]) - + dbag[data['ipv4_address']] = data return dbag - diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_firewallrules.py b/systemvm/patches/debian/opt/cloud/bin/cs_firewallrules.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs_firewallrules.py rename to systemvm/patches/debian/opt/cloud/bin/cs_firewallrules.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_forwardingrules.py b/systemvm/patches/debian/opt/cloud/bin/cs_forwardingrules.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs_forwardingrules.py rename to systemvm/patches/debian/opt/cloud/bin/cs_forwardingrules.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_guestnetwork.py b/systemvm/patches/debian/opt/cloud/bin/cs_guestnetwork.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs_guestnetwork.py rename to systemvm/patches/debian/opt/cloud/bin/cs_guestnetwork.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_ip.py b/systemvm/patches/debian/opt/cloud/bin/cs_ip.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs_ip.py rename to systemvm/patches/debian/opt/cloud/bin/cs_ip.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_loadbalancer.py b/systemvm/patches/debian/opt/cloud/bin/cs_loadbalancer.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs_loadbalancer.py rename to systemvm/patches/debian/opt/cloud/bin/cs_loadbalancer.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_monitorservice.py b/systemvm/patches/debian/opt/cloud/bin/cs_monitorservice.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs_monitorservice.py rename to systemvm/patches/debian/opt/cloud/bin/cs_monitorservice.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_network_acl.py b/systemvm/patches/debian/opt/cloud/bin/cs_network_acl.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs_network_acl.py rename to systemvm/patches/debian/opt/cloud/bin/cs_network_acl.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_remoteaccessvpn.py b/systemvm/patches/debian/opt/cloud/bin/cs_remoteaccessvpn.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs_remoteaccessvpn.py rename to systemvm/patches/debian/opt/cloud/bin/cs_remoteaccessvpn.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_site2sitevpn.py b/systemvm/patches/debian/opt/cloud/bin/cs_site2sitevpn.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs_site2sitevpn.py rename to systemvm/patches/debian/opt/cloud/bin/cs_site2sitevpn.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_staticroutes.py b/systemvm/patches/debian/opt/cloud/bin/cs_staticroutes.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs_staticroutes.py rename to systemvm/patches/debian/opt/cloud/bin/cs_staticroutes.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_vmdata.py b/systemvm/patches/debian/opt/cloud/bin/cs_vmdata.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs_vmdata.py rename to systemvm/patches/debian/opt/cloud/bin/cs_vmdata.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_vmp.py b/systemvm/patches/debian/opt/cloud/bin/cs_vmp.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs_vmp.py rename to systemvm/patches/debian/opt/cloud/bin/cs_vmp.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs_vpnusers.py b/systemvm/patches/debian/opt/cloud/bin/cs_vpnusers.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/cs_vpnusers.py rename to systemvm/patches/debian/opt/cloud/bin/cs_vpnusers.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/dnsmasq.sh b/systemvm/patches/debian/opt/cloud/bin/dnsmasq.sh similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/dnsmasq.sh rename to systemvm/patches/debian/opt/cloud/bin/dnsmasq.sh diff --git a/systemvm/patches/debian/config/opt/cloud/bin/edithosts.sh b/systemvm/patches/debian/opt/cloud/bin/edithosts.sh similarity index 99% rename from systemvm/patches/debian/config/opt/cloud/bin/edithosts.sh rename to systemvm/patches/debian/opt/cloud/bin/edithosts.sh index ab3f539848da..6f66331c88e3 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/edithosts.sh +++ b/systemvm/patches/debian/opt/cloud/bin/edithosts.sh @@ -17,7 +17,7 @@ # under the License. - + # edithosts.sh -- edit the dhcphosts file on the routing domain usage() { diff --git a/systemvm/patches/debian/config/opt/cloud/bin/getRouterAlerts.sh b/systemvm/patches/debian/opt/cloud/bin/getRouterAlerts.sh similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/getRouterAlerts.sh rename to systemvm/patches/debian/opt/cloud/bin/getRouterAlerts.sh diff --git a/systemvm/patches/debian/config/opt/cloud/bin/get_template_version.sh b/systemvm/patches/debian/opt/cloud/bin/get_template_version.sh similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/get_template_version.sh rename to systemvm/patches/debian/opt/cloud/bin/get_template_version.sh diff --git a/systemvm/patches/debian/config/opt/cloud/bin/ilb.sh b/systemvm/patches/debian/opt/cloud/bin/ilb.sh similarity index 93% rename from systemvm/patches/debian/config/opt/cloud/bin/ilb.sh rename to systemvm/patches/debian/opt/cloud/bin/ilb.sh index 86c261e89d1c..9c762778392a 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/ilb.sh +++ b/systemvm/patches/debian/opt/cloud/bin/ilb.sh @@ -34,7 +34,7 @@ usage() { fw_remove_backup() { logger -t cloud "$(basename $0): Entering fw_remove_backup" local lb_vif_list=eth0 - for vif in $lb_vif_list; do + for vif in $lb_vif_list; do sudo iptables -F back_load_balancer_$vif 2> /dev/null sudo iptables -D INPUT -i $vif -p tcp -j back_load_balancer_$vif 2> /dev/null sudo iptables -X back_load_balancer_$vif 2> /dev/null @@ -47,7 +47,7 @@ fw_remove_backup() { fw_restore() { logger -t cloud "$(basename $0): Entering fw_restore" local lb_vif_list="eth0" - for vif in $lb_vif_list; do + for vif in $lb_vif_list; do sudo iptables -F load_balancer_$vif 2> /dev/null sudo iptables -D INPUT -i $vif -p tcp -j load_balancer_$vif 2> /dev/null sudo iptables -X load_balancer_$vif 2> /dev/null @@ -65,23 +65,23 @@ fw_entry() { local added=$1 local removed=$2 local stats=$3 - + if [ "$added" == "none" ] then - added="" + added="" fi - + if [ "$removed" == "none" ] then - removed="" + removed="" fi - + local a=$(echo $added | cut -d, -f1- --output-delimiter=" ") local r=$(echo $removed | cut -d, -f1- --output-delimiter=" ") -# back up the iptable rules by renaming before creating new. +# back up the iptable rules by renaming before creating new. local lb_vif_list=eth0 - for vif in $lb_vif_list; do + for vif in $lb_vif_list; do sudo iptables -E load_balancer_$vif back_load_balancer_$vif 2> /dev/null sudo iptables -N load_balancer_$vif 2> /dev/null sudo iptables -A INPUT -i $vif -p tcp -j load_balancer_$vif @@ -93,21 +93,21 @@ fw_entry() { for i in $a do local pubIp=$(echo $i | cut -d: -f1) - local dport=$(echo $i | cut -d: -f2) + local dport=$(echo $i | cut -d: -f2) local lb_vif_list="eth0" - for vif in $lb_vif_list; do + for vif in $lb_vif_list; do sudo iptables -A load_balancer_$vif -p tcp -d $pubIp --dport $dport -j ACCEPT if [ $? -gt 0 ] then return 1 fi - done + done done local pubIp=$(echo $stats | cut -d: -f1) - local dport=$(echo $stats | cut -d: -f2) + local dport=$(echo $stats | cut -d: -f2) local cidrs=$(echo $stats | cut -d: -f3 | sed 's/-/,/') sudo iptables -A lb_stats -s $cidrs -p tcp -m state --state NEW -d $pubIp --dport $dport -j ACCEPT - + return 0 } @@ -123,7 +123,7 @@ restore_lb() { logger -t cloud "Restoring HA Proxy to previous state" # Copy the old version of haproxy.cfg into the file that reconfigLB.sh uses cp /etc/haproxy/haproxy.cfg.old /etc/haproxy/haproxy.cfg.new - + if [ $? -eq 0 ] then # Run reconfigLB.sh again @@ -195,7 +195,7 @@ logger -t cloud "HAProxy reconfigured successfully, configuring firewall" # iptables entry to ensure that haproxy receives traffic fw_entry $addedIps $removedIps $statsIp - + if [ $? -gt 0 ] then logger -t cloud "Failed to apply firewall rules for internal load balancing, reverting HA Proxy config" @@ -211,5 +211,5 @@ else logger -t cloud "Firewall configured successfully, deleting backup firewall config" fw_remove_backup fi - + unlock_exit 0 $lock $locked diff --git a/systemvm/patches/debian/config/opt/cloud/bin/ipassoc.sh b/systemvm/patches/debian/opt/cloud/bin/ipassoc.sh similarity index 97% rename from systemvm/patches/debian/config/opt/cloud/bin/ipassoc.sh rename to systemvm/patches/debian/opt/cloud/bin/ipassoc.sh index ad50d4e32e97..e2f95a3af117 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/ipassoc.sh +++ b/systemvm/patches/debian/opt/cloud/bin/ipassoc.sh @@ -16,7 +16,7 @@ # specific language governing permissions and limitations # under the License. - + # $Id: ipassoc.sh 9804 2010-06-22 18:36:49Z alex $ $HeadURL: svn://svn.lab.vmops.com/repos/vmdev/java/scripts/network/domr/ipassoc.sh $ # ipassoc.sh -- associate/disassociate a public ip with an instance @@ -73,7 +73,7 @@ del_fw_chain_for_ip () { logger -t cloud "$(basename $0): destroying firewall chain for $pubIp" sudo iptables -t mangle -D PREROUTING -d $pubIp -j FIREWALL_$pubIp sudo iptables -t mangle -F FIREWALL_$pubIp - sudo iptables -t mangle -X FIREWALL_$pubIp + sudo iptables -t mangle -X FIREWALL_$pubIp return $? fi # firewall chain got created as a result of testing for the chain, cleanup @@ -89,7 +89,7 @@ del_vpn_chain_for_ip () { logger -t cloud "$(basename $0): destroying vpn chain for $pubIp" sudo iptables -t mangle -D PREROUTING -d $pubIp -j VPN_$pubIp sudo iptables -t mangle -F VPN_$pubIp - sudo iptables -t mangle -X VPN_$pubIp + sudo iptables -t mangle -X VPN_$pubIp return $? fi # vpn chain got created as a result of testing for the chain, cleanup @@ -112,7 +112,7 @@ remove_routing() { # rules and routes will be deleted for the last ip of the interface. sudo ip rule delete fwmark $tableNo table $tableName sudo ip rule delete table $tableName - sudo ip route flush table $tableName + sudo ip route flush table $tableName sudo ip route flush cache logger -t cloud "$(basename $0):Remove routing $pubIp - routes and rules deleted" fi @@ -127,10 +127,10 @@ copy_routes_from_main() { local eth1Mask=$(ip route list scope link dev eth1 | awk '{print $1}') local ethMask=$(getcidr $ethDev) -# eth0,eth1 and other know routes will be skipped, so as main routing table will decide the route. This will be useful if the interface is down and up. - sudo ip route add throw $eth0Mask table $tableName proto static - sudo ip route add throw $eth1Mask table $tableName proto static - sudo ip route add throw $ethMask table $tableName proto static +# eth0,eth1 and other know routes will be skipped, so as main routing table will decide the route. This will be useful if the interface is down and up. + sudo ip route add throw $eth0Mask table $tableName proto static + sudo ip route add throw $eth1Mask table $tableName proto static + sudo ip route add throw $ethMask table $tableName proto static return 0; } @@ -168,7 +168,7 @@ add_routing() { local rulePresent=$(ip rule show | grep $ethMask) if [ "$rulePresent" == "" ] then -# rules will be added while adding the first ip of the interface +# rules will be added while adding the first ip of the interface sudo ip rule add from $ethMask table $tableName sudo ip rule add fwmark $tableNo table $tableName logger -t cloud "$(basename $0):Add routing $pubIp rules added" @@ -209,7 +209,7 @@ add_first_ip() { local mask=$(echo $1 | awk -F'/' '{print $2}') sudo ip link show $ethDev | grep "state DOWN" > /dev/null local old_state=$? - + ip_addr_add $ethDev $pubIp sudo iptables -D FORWARD -i $ethDev -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT @@ -255,7 +255,7 @@ remove_first_ip() { sudo iptables -D FORWARD -i $ethDev -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT sudo iptables -D FORWARD -i eth0 -o $ethDev -j FW_OUTBOUND remove_snat $1 - + sudo ip addr del dev $ethDev "$ipNoMask/$mask" if [ $? -gt 0 -a $? -ne 2 ] then @@ -297,7 +297,7 @@ add_an_ip () { fi add_routing $1 return $? - + } remove_an_ip () { @@ -394,11 +394,11 @@ do publicIp="$OPTARG" ;; c) cflag=1 - ethDev="$OPTARG" - ;; + ethDev="$OPTARG" + ;; g) gflag=1 - defaultGwIP="$OPTARG" - ;; + defaultGwIP="$OPTARG" + ;; n) nflag=1 ;; ?) usage @@ -414,7 +414,7 @@ then unlock_exit 2 $lock $locked fi -if [ "$lflag$cflag" != "11" ] +if [ "$lflag$cflag" != "11" ] then usage unlock_exit 2 $lock $locked @@ -432,14 +432,14 @@ if [ "$fflag" == "1" ] && [ "$Aflag" == "1" ] then add_first_ip $publicIp && add_vpn_chain_for_ip $publicIp && - add_fw_chain_for_ip $publicIp + add_fw_chain_for_ip $publicIp unlock_exit $? $lock $locked fi if [ "$Aflag" == "1" ] -then +then add_an_ip $publicIp && - add_fw_chain_for_ip $publicIp + add_fw_chain_for_ip $publicIp unlock_exit $? $lock $locked fi @@ -454,9 +454,8 @@ fi if [ "$Dflag" == "1" ] then remove_an_ip $publicIp && - del_fw_chain_for_ip $publicIp + del_fw_chain_for_ip $publicIp unlock_exit $? $lock $locked fi unlock_exit 0 $lock $locked - diff --git a/systemvm/patches/debian/config/opt/cloud/bin/ipsectunnel.sh b/systemvm/patches/debian/opt/cloud/bin/ipsectunnel.sh similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/ipsectunnel.sh rename to systemvm/patches/debian/opt/cloud/bin/ipsectunnel.sh diff --git a/systemvm/patches/debian/config/opt/cloud/bin/line_edit.py b/systemvm/patches/debian/opt/cloud/bin/line_edit.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/line_edit.py rename to systemvm/patches/debian/opt/cloud/bin/line_edit.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/loadbalancer.sh b/systemvm/patches/debian/opt/cloud/bin/loadbalancer.sh similarity index 92% rename from systemvm/patches/debian/config/opt/cloud/bin/loadbalancer.sh rename to systemvm/patches/debian/opt/cloud/bin/loadbalancer.sh index e22bf94f0c7d..34b3bf72543e 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/loadbalancer.sh +++ b/systemvm/patches/debian/opt/cloud/bin/loadbalancer.sh @@ -16,7 +16,7 @@ # specific language governing permissions and limitations # under the License. - + # $Id: loadbalancer.sh 9947 2010-06-25 19:34:24Z manuel $ $HeadURL: svn://svn.lab.vmops.com/repos/vmdev/java/patches/xenserver/root/loadbalancer.sh $ # loadbalancer.sh -- reconfigure loadbalancer rules @@ -41,40 +41,40 @@ usage() { ip_entry() { local added=$1 local removed=$2 - + if [ "$added" == "none" ] then - added="" + added="" fi - + if [ "$removed" == "none" ] then - removed="" + removed="" fi - + local a=$(echo $added | cut -d, -f1- --output-delimiter=" ") local r=$(echo $removed | cut -d, -f1- --output-delimiter=" ") - + for i in $a do local pubIp=$(echo $i | cut -d: -f1) - logger -t cloud "Adding public ip $pubIp for load balancing" - for vif in $VIF_LIST; do + logger -t cloud "Adding public ip $pubIp for load balancing" + for vif in $VIF_LIST; do sudo ip addr add dev $vif $pubIp/32 #ignore error since it is because the ip is already there - done + done done for i in $r do - logger -t cloud "Removing public ips for deleted loadbalancers" + logger -t cloud "Removing public ips for deleted loadbalancers" local pubIp=$(echo $i | cut -d: -f1) - logger -t cloud "Removing public ip $pubIp for deleted loadbalancers" - for vif in $VIF_LIST; do - sudo ip addr del $pubIp/32 dev $vif + logger -t cloud "Removing public ip $pubIp for deleted loadbalancers" + for vif in $VIF_LIST; do + sudo ip addr del $pubIp/32 dev $vif done done - + return 0 } get_lb_vif_list() { @@ -85,7 +85,7 @@ get_lb_vif_list() { } fw_remove_backup() { local lb_vif_list=$(get_lb_vif_list) - for vif in $lb_vif_list; do + for vif in $lb_vif_list; do sudo iptables -F back_load_balancer_$vif 2> /dev/null sudo iptables -D INPUT -i $vif -p tcp -j back_load_balancer_$vif 2> /dev/null sudo iptables -X back_load_balancer_$vif 2> /dev/null @@ -96,7 +96,7 @@ fw_remove_backup() { } fw_restore() { local lb_vif_list=$(get_lb_vif_list) - for vif in $lb_vif_list; do + for vif in $lb_vif_list; do sudo iptables -F load_balancer_$vif 2> /dev/null sudo iptables -D INPUT -i $vif -p tcp -j load_balancer_$vif 2> /dev/null sudo iptables -X load_balancer_$vif 2> /dev/null @@ -112,23 +112,23 @@ fw_entry() { local added=$1 local removed=$2 local stats=$3 - + if [ "$added" == "none" ] then - added="" + added="" fi - + if [ "$removed" == "none" ] then - removed="" + removed="" fi - + local a=$(echo $added | cut -d, -f1- --output-delimiter=" ") local r=$(echo $removed | cut -d, -f1- --output-delimiter=" ") -# back up the iptable rules by renaming before creating new. +# back up the iptable rules by renaming before creating new. local lb_vif_list=$(get_lb_vif_list) - for vif in $lb_vif_list; do + for vif in $lb_vif_list; do sudo iptables -E load_balancer_$vif back_load_balancer_$vif 2> /dev/null sudo iptables -N load_balancer_$vif 2> /dev/null sudo iptables -A INPUT -i $vif -p tcp -j load_balancer_$vif @@ -140,38 +140,38 @@ fw_entry() { for i in $a do local pubIp=$(echo $i | cut -d: -f1) - local dport=$(echo $i | cut -d: -f2) + local dport=$(echo $i | cut -d: -f2) local lb_vif_list=$(get_lb_vif_list) - for vif in $lb_vif_list; do + for vif in $lb_vif_list; do #TODO : The below delete will be used only when we upgrade the from older verion to the newer one , the below delete become obsolute in the future. sudo iptables -D INPUT -i $vif -p tcp -d $pubIp --dport $dport -j ACCEPT 2> /dev/null sudo iptables -A load_balancer_$vif -p tcp -d $pubIp --dport $dport -j ACCEPT - + if [ $? -gt 0 ] then return 1 fi - done + done done local pubIp=$(echo $stats | cut -d: -f1) - local dport=$(echo $stats | cut -d: -f2) + local dport=$(echo $stats | cut -d: -f2) local cidrs=$(echo $stats | cut -d: -f3 | sed 's/-/,/') sudo iptables -A lb_stats -s $cidrs -p tcp -m state --state NEW -d $pubIp --dport $dport -j ACCEPT - + #TODO : The below delete in the for-loop will be used only when we upgrade the from older verion to the newer one , the below delete become obsolute in the future. for i in $r do local pubIp=$(echo $i | cut -d: -f1) - local dport=$(echo $i | cut -d: -f2) - - for vif in $VIF_LIST; do + local dport=$(echo $i | cut -d: -f2) + + for vif in $VIF_LIST; do sudo iptables -D INPUT -i $vif -p tcp -d $pubIp --dport $dport -j ACCEPT 2> /dev/null done done - + return 0 } @@ -187,7 +187,7 @@ restore_lb() { logger -t cloud "Restoring HA Proxy to previous state" # Copy the old version of haproxy.cfg into the file that reconfigLB.sh uses cp /etc/haproxy/haproxy.cfg.old /etc/haproxy/haproxy.cfg.new - + if [ $? -eq 0 ] then # Run reconfigLB.sh again @@ -197,7 +197,7 @@ restore_lb() { get_vif_list() { local vif_list="" - for i in /sys/class/net/eth*; do + for i in /sys/class/net/eth*; do vif=$(basename $i); if [ "$vif" != "eth0" ] && [ "$vif" != "eth1" ] then @@ -208,7 +208,7 @@ get_vif_list() { then vif_list="eth0" fi - + logger -t cloud "Loadbalancer public interfaces = $vif_list" echo $vif_list } @@ -290,7 +290,7 @@ fi # iptables entry to ensure that haproxy receives traffic fw_entry $addedIps $removedIps $statsIp - + if [ $? -gt 0 ] then logger -t cloud "Failed to apply firewall rules for load balancing, reverting HA Proxy config" @@ -313,7 +313,5 @@ else # Remove backedup iptable rules fw_remove_backup fi - -unlock_exit 0 $lock $locked - +unlock_exit 0 $lock $locked diff --git a/systemvm/patches/debian/config/opt/cloud/bin/master.py b/systemvm/patches/debian/opt/cloud/bin/master.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/master.py rename to systemvm/patches/debian/opt/cloud/bin/master.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/merge.py b/systemvm/patches/debian/opt/cloud/bin/merge.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/merge.py rename to systemvm/patches/debian/opt/cloud/bin/merge.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/monitor_service.sh b/systemvm/patches/debian/opt/cloud/bin/monitor_service.sh similarity index 99% rename from systemvm/patches/debian/config/opt/cloud/bin/monitor_service.sh rename to systemvm/patches/debian/opt/cloud/bin/monitor_service.sh index dfc6463bab14..d9d8ec843aed 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/monitor_service.sh +++ b/systemvm/patches/debian/opt/cloud/bin/monitor_service.sh @@ -91,4 +91,3 @@ fi unlock_exit 0 $lock $locked - diff --git a/systemvm/patches/debian/config/opt/cloud/bin/netusage.sh b/systemvm/patches/debian/opt/cloud/bin/netusage.sh similarity index 92% rename from systemvm/patches/debian/config/opt/cloud/bin/netusage.sh rename to systemvm/patches/debian/opt/cloud/bin/netusage.sh index 3cf808e5fcb1..5e20b0c4d9e1 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/netusage.sh +++ b/systemvm/patches/debian/opt/cloud/bin/netusage.sh @@ -16,7 +16,7 @@ # specific language governing permissions and limitations # under the License. - + # netusage.sh -- create iptable rules to gather network stats, running within DomR @@ -121,35 +121,34 @@ do esac done -if [ "$cflag" == "1" ] +if [ "$cflag" == "1" ] then - #create_usage_rules + #create_usage_rules unlock_exit $? $lock $locked fi -if [ "$gflag" == "1" ] +if [ "$gflag" == "1" ] then - get_usage + get_usage unlock_exit $? $lock $locked fi -if [ "$rflag" == "1" ] +if [ "$rflag" == "1" ] then - reset_usage + reset_usage unlock_exit $? $lock $locked fi -if [ "$aflag" == "1" ] +if [ "$aflag" == "1" ] then - #add_public_interface $publicIf + #add_public_interface $publicIf unlock_exit $? $lock $locked fi -if [ "$dflag" == "1" ] +if [ "$dflag" == "1" ] then - #delete_public_interface $publicIf + #delete_public_interface $publicIf unlock_exit $? $lock $locked fi unlock_exit 0 $lock $locked - diff --git a/systemvm/patches/debian/config/opt/cloud/bin/passwd_server b/systemvm/patches/debian/opt/cloud/bin/passwd_server similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/passwd_server rename to systemvm/patches/debian/opt/cloud/bin/passwd_server diff --git a/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip b/systemvm/patches/debian/opt/cloud/bin/passwd_server_ip similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip rename to systemvm/patches/debian/opt/cloud/bin/passwd_server_ip diff --git a/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip.py b/systemvm/patches/debian/opt/cloud/bin/passwd_server_ip.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip.py rename to systemvm/patches/debian/opt/cloud/bin/passwd_server_ip.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/prepare_pxe.sh b/systemvm/patches/debian/opt/cloud/bin/prepare_pxe.sh similarity index 99% rename from systemvm/patches/debian/config/opt/cloud/bin/prepare_pxe.sh rename to systemvm/patches/debian/opt/cloud/bin/prepare_pxe.sh index 5bc1a9380dce..9c4c18eda7bd 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/prepare_pxe.sh +++ b/systemvm/patches/debian/opt/cloud/bin/prepare_pxe.sh @@ -7,9 +7,9 @@ # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -73,5 +73,3 @@ cp -f $mnt_path/$initrd_file_name $tmpt_dir/$initrd_file_name umount $mnt_path success - - diff --git a/systemvm/patches/debian/config/opt/cloud/bin/savepassword.sh b/systemvm/patches/debian/opt/cloud/bin/savepassword.sh similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/savepassword.sh rename to systemvm/patches/debian/opt/cloud/bin/savepassword.sh diff --git a/systemvm/patches/debian/config/opt/cloud/bin/set_redundant.py b/systemvm/patches/debian/opt/cloud/bin/set_redundant.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/set_redundant.py rename to systemvm/patches/debian/opt/cloud/bin/set_redundant.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/common.sh b/systemvm/patches/debian/opt/cloud/bin/setup/common.sh similarity index 92% rename from systemvm/patches/debian/config/opt/cloud/bin/setup/common.sh rename to systemvm/patches/debian/opt/cloud/bin/setup/common.sh index 3b766efc3892..e476745a4e1d 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/setup/common.sh +++ b/systemvm/patches/debian/opt/cloud/bin/setup/common.sh @@ -621,57 +621,48 @@ setup_redundant_router() { mount tmpfs /ramdisk -t tmpfs mkdir -p /ramdisk/rrouter ip route delete default - cp /root/redundant_router/keepalived.conf.templ /etc/keepalived/keepalived.conf - cp /root/redundant_router/conntrackd.conf.templ /etc/conntrackd/conntrackd.conf - cp /root/redundant_router/enable_pubip.sh.templ $rrouter_bin_path/enable_pubip.sh - cp /root/redundant_router/master.sh.templ $rrouter_bin_path/master.sh - cp /root/redundant_router/backup.sh.templ $rrouter_bin_path/backup.sh - cp /root/redundant_router/fault.sh.templ $rrouter_bin_path/fault.sh - cp /root/redundant_router/primary-backup.sh.templ $rrouter_bin_path/primary-backup.sh - cp /root/redundant_router/heartbeat.sh.templ $rrouter_bin_path/heartbeat.sh - cp /root/redundant_router/check_heartbeat.sh.templ $rrouter_bin_path/check_heartbeat.sh - cp /root/redundant_router/arping_gateways.sh.templ $rrouter_bin_path/arping_gateways.sh - cp /root/redundant_router/check_bumpup.sh $rrouter_bin_path/ - cp /root/redundant_router/disable_pubip.sh $rrouter_bin_path/ - cp /root/redundant_router/checkrouter.sh.templ /opt/cloud/bin/checkrouter.sh - cp /root/redundant_router/services.sh $rrouter_bin_path/ + + # Seed keepalived + cp /opt/cloud/templates/keepalived.conf.templ /etc/keepalived/keepalived.conf # changes! sed -i "s/\[ROUTER_ID\]/$NAME/g" /etc/keepalived/keepalived.conf - sed -i "s/\[ROUTER_IP\]/$GUEST_GW\/$GUEST_CIDR_SIZE/g" /etc/keepalived/keepalived.conf + sed -i "s/\[ROUTER_IP\]/$GUEST_GW\/$GUEST_CIDR_SIZE/g" /etc/keepalived/keepalived.conf #fixme, multiple ips? sed -i "s/\[BOARDCAST\]/$GUEST_BRD/g" /etc/keepalived/keepalived.conf sed -i "s/\[PRIORITY\]/$ROUTER_PR/g" /etc/keepalived/keepalived.conf + sed -i "s/\[PASS\]/$VM_PASSWORD/g" /etc/keepalived/keepalived.conf #FIXME, router password? sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" /etc/keepalived/keepalived.conf sed -i "s/\[DELTA\]/2/g" /etc/keepalived/keepalived.conf + sed -i "s/--exec\ \$DAEMON;/--exec\ \$DAEMON\ --\ --vrrp;/g" /etc/init.d/keepalived + if [ $ADVERT_INT ] + then + sed -i "s/advert_int 1/advert_int $ADVERT_INT/g" /etc/keepalived/keepalived.conf + fi + + # Seed conntrackd + cp /opt/cloud/templates/conntrackd.conf.templ /etc/conntrackd/conntrackd.conf sed -i "s/\[LINK_IF\]/eth0/g" /etc/conntrackd/conntrackd.conf sed -i "s/\[LINK_IP\]/$ETH0_IP/g" /etc/conntrackd/conntrackd.conf - sed -i "s/\[IGNORE_IP1\]/$GUEST_GW/g" /etc/conntrackd/conntrackd.conf + sed -i "s/\[IGNORE_IP1\]/$GUEST_GW/g" /etc/conntrackd/conntrackd.conf # checkme? sed -i "s/\[IGNORE_IP2\]/$ETH0_IP/g" /etc/conntrackd/conntrackd.conf sed -i "s/\[IGNORE_IP3\]/$ETH1_IP/g" /etc/conntrackd/conntrackd.conf - sed -i "s/\[ETH2IP\]/$ETH2_IP/g" $rrouter_bin_path/enable_pubip.sh - sed -i "s/\[ETH2MASK\]/$ETH2_MASK/g" $rrouter_bin_path/enable_pubip.sh - sed -i "s/\[GATEWAY\]/$GW/g" $rrouter_bin_path/enable_pubip.sh - sed -i "s/\[GATEWAY\]/$GW/g" $rrouter_bin_path/master.sh - sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/master.sh - sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/backup.sh - sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/fault.sh + + # ramdisk scripts + cp /opt/cloud/templates/heartbeat.sh.templ $rrouter_bin_path/heartbeat.sh + cp /opt/cloud/templates/check_heartbeat.sh.templ $rrouter_bin_path/check_heartbeat.sh + cp /opt/cloud/templates/arping_gateways.sh.templ $rrouter_bin_path/arping_gateways.sh + cp /opt/cloud/templates/check_bumpup.sh $rrouter_bin_path/ + cp /opt/cloud/templates/checkrouter.sh.templ /opt/cloud/bin/checkrouter.sh # changes! + #sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" /opt/cloud/bin/checkrouter.sh + sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/heartbeat.sh sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/check_heartbeat.sh - sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/master.sh - sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/backup.sh - sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/fault.sh - sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/primary-backup.sh sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/check_heartbeat.sh sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/arping_gateways.sh - sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" /opt/cloud/bin/checkrouter.sh - if [ $ADVERT_INT ] - then - sed -i "s/advert_int 1/advert_int $ADVERT_INT/g" /etc/keepalived/keepalived.conf - fi chmod a+x $rrouter_bin_path/*.sh - sed -i "s/--exec\ \$DAEMON;/--exec\ \$DAEMON\ --\ --vrrp;/g" /etc/init.d/keepalived + crontab -l|grep "check_heartbeat.sh" if [ $? -ne 0 ] then - (crontab -l; echo -e "SHELL=/bin/bash\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n*/1 * * * * $rrouter_bin_path/check_heartbeat.sh 2>&1 > /dev/null") | crontab + (crontab -l; echo -e "SHELL=/bin/bash\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n* * * * * $rrouter_bin_path/check_heartbeat.sh 2>&1 > /dev/null") | crontab fi } diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/consoleproxy.sh b/systemvm/patches/debian/opt/cloud/bin/setup/consoleproxy.sh similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/setup/consoleproxy.sh rename to systemvm/patches/debian/opt/cloud/bin/setup/consoleproxy.sh diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/default.sh b/systemvm/patches/debian/opt/cloud/bin/setup/default.sh similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/setup/default.sh rename to systemvm/patches/debian/opt/cloud/bin/setup/default.sh diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/dhcpsrvr.sh b/systemvm/patches/debian/opt/cloud/bin/setup/dhcpsrvr.sh similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/setup/dhcpsrvr.sh rename to systemvm/patches/debian/opt/cloud/bin/setup/dhcpsrvr.sh diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/elbvm.sh b/systemvm/patches/debian/opt/cloud/bin/setup/elbvm.sh similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/setup/elbvm.sh rename to systemvm/patches/debian/opt/cloud/bin/setup/elbvm.sh diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/ilbvm.sh b/systemvm/patches/debian/opt/cloud/bin/setup/ilbvm.sh similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/setup/ilbvm.sh rename to systemvm/patches/debian/opt/cloud/bin/setup/ilbvm.sh diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/patchsystemvm.sh b/systemvm/patches/debian/opt/cloud/bin/setup/patchsystemvm.sh similarity index 95% rename from systemvm/patches/debian/config/opt/cloud/bin/setup/patchsystemvm.sh rename to systemvm/patches/debian/opt/cloud/bin/setup/patchsystemvm.sh index 43c3c927e4f6..d09cc03c949a 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/setup/patchsystemvm.sh +++ b/systemvm/patches/debian/opt/cloud/bin/setup/patchsystemvm.sh @@ -46,9 +46,9 @@ TYPE=$2 echo "Patching systemvm for cloud service with mount=$PATCH_MOUNT for type=$TYPE" >> $logfile -if [ "$TYPE" == "consoleproxy" ] || [ "$TYPE" == "secstorage" ] && [ -f ${PATCH_MOUNT}/systemvm.zip ] +if [ "$TYPE" == "consoleproxy" ] || [ "$TYPE" == "secstorage" ] && [ -f ${PATCH_MOUNT}/agent.zip ] then - patch_systemvm ${PATCH_MOUNT}/systemvm.zip + patch_systemvm ${PATCH_MOUNT}/agent.zip if [ $? -gt 0 ] then echo "Failed to apply patch systemvm\n" >> $logfile diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/router.sh b/systemvm/patches/debian/opt/cloud/bin/setup/router.sh similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/setup/router.sh rename to systemvm/patches/debian/opt/cloud/bin/setup/router.sh diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/secstorage.sh b/systemvm/patches/debian/opt/cloud/bin/setup/secstorage.sh similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/setup/secstorage.sh rename to systemvm/patches/debian/opt/cloud/bin/setup/secstorage.sh diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/vpcrouter.sh b/systemvm/patches/debian/opt/cloud/bin/setup/vpcrouter.sh similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/setup/vpcrouter.sh rename to systemvm/patches/debian/opt/cloud/bin/setup/vpcrouter.sh diff --git a/systemvm/patches/debian/config/opt/cloud/bin/update_config.py b/systemvm/patches/debian/opt/cloud/bin/update_config.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/update_config.py rename to systemvm/patches/debian/opt/cloud/bin/update_config.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/vmdata.py b/systemvm/patches/debian/opt/cloud/bin/vmdata.py similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/vmdata.py rename to systemvm/patches/debian/opt/cloud/bin/vmdata.py diff --git a/systemvm/patches/debian/config/opt/cloud/bin/vpc_func.sh b/systemvm/patches/debian/opt/cloud/bin/vpc_func.sh similarity index 99% rename from systemvm/patches/debian/config/opt/cloud/bin/vpc_func.sh rename to systemvm/patches/debian/opt/cloud/bin/vpc_func.sh index 2f8835120e46..8edcba6fd120 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/vpc_func.sh +++ b/systemvm/patches/debian/opt/cloud/bin/vpc_func.sh @@ -30,7 +30,7 @@ getEthByIp (){ fi done return 1 -} +} getVPCcidr () { CMDLINE=$(cat /var/cache/cloud/cmdline) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/vpc_netusage.sh b/systemvm/patches/debian/opt/cloud/bin/vpc_netusage.sh similarity index 93% rename from systemvm/patches/debian/config/opt/cloud/bin/vpc_netusage.sh rename to systemvm/patches/debian/opt/cloud/bin/vpc_netusage.sh index 7aa75cbdfbf4..5f5dc3ed0802 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/vpc_netusage.sh +++ b/systemvm/patches/debian/opt/cloud/bin/vpc_netusage.sh @@ -35,19 +35,19 @@ usage() { create_usage_rules () { iptables-save|grep "NETWORK_STATS_$ethDev" > /dev/null if [ $? -gt 0 ] - then + then iptables -N NETWORK_STATS_$ethDev > /dev/null; iptables -I FORWARD -j NETWORK_STATS_$ethDev > /dev/null; iptables -A NETWORK_STATS_$ethDev -o $ethDev -s $vcidr > /dev/null; iptables -A NETWORK_STATS_$ethDev -i $ethDev -d $vcidr > /dev/null; - fi + fi return $? } create_vpn_usage_rules () { iptables-save|grep "VPN_STATS_$ethDev" > /dev/null if [ $? -gt 0 ] - then + then iptables -t mangle -N VPN_STATS_$ethDev > /dev/null; iptables -t mangle -I FORWARD -j VPN_STATS_$ethDev > /dev/null; iptables -t mangle -A VPN_STATS_$ethDev -o $ethDev -m mark --mark $vpnoutmark > /dev/null; @@ -110,7 +110,7 @@ do n) nflag=1 ;; d) dflag=1 - ;; + ;; i) #Do nothing, since it's parameter for host script ;; ?) usage @@ -120,37 +120,37 @@ do done ethDev=$(getEthByIp $publicIp) -if [ "$cflag" == "1" ] +if [ "$cflag" == "1" ] then if [ "$ethDev" != "" ] then create_usage_rules create_vpn_usage_rules unlock_exit 0 $lock $locked - fi + fi fi -if [ "$gflag" == "1" ] +if [ "$gflag" == "1" ] then - get_usage + get_usage unlock_exit $? $lock $locked fi -if [ "$nflag" == "1" ] +if [ "$nflag" == "1" ] then - #get_vpn_usage + #get_vpn_usage unlock_exit $? $lock $locked fi -if [ "$dflag" == "1" ] +if [ "$dflag" == "1" ] then #remove_usage_rules unlock_exit 0 $lock $locked fi -if [ "$rflag" == "1" ] +if [ "$rflag" == "1" ] then - reset_usage + reset_usage unlock_exit $? $lock $locked fi diff --git a/systemvm/patches/debian/config/opt/cloud/bin/vpc_passwd_server b/systemvm/patches/debian/opt/cloud/bin/vpc_passwd_server similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/vpc_passwd_server rename to systemvm/patches/debian/opt/cloud/bin/vpc_passwd_server diff --git a/systemvm/patches/debian/config/opt/cloud/bin/vpc_snat.sh b/systemvm/patches/debian/opt/cloud/bin/vpc_snat.sh similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/vpc_snat.sh rename to systemvm/patches/debian/opt/cloud/bin/vpc_snat.sh diff --git a/systemvm/patches/debian/config/opt/cloud/bin/vpc_staticroute.sh b/systemvm/patches/debian/opt/cloud/bin/vpc_staticroute.sh similarity index 97% rename from systemvm/patches/debian/config/opt/cloud/bin/vpc_staticroute.sh rename to systemvm/patches/debian/opt/cloud/bin/vpc_staticroute.sh index 2a9f50a27cd4..4721f5d882ec 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/vpc_staticroute.sh +++ b/systemvm/patches/debian/opt/cloud/bin/vpc_staticroute.sh @@ -72,7 +72,7 @@ static_route() { local gateway=$(echo $rule | cut -d: -f2) local cidr=$(echo $rule | cut -d: -f3) logger -t cloud "$(basename $0): static route: public ip=$ip \ - gateway=$gateway cidr=$cidr" + gateway=$gateway cidr=$cidr" local dev=$(getEthByIp $ip) if [ $? -gt 0 ] then @@ -81,7 +81,7 @@ static_route() { sudo ip route add $cidr dev $dev via $gateway table static_route &>/dev/null result=$? logger -t cloud "$(basename $0): done static route: public ip=$ip \ - gateway=$gateway cidr=$cidr" + gateway=$gateway cidr=$cidr" return $result } @@ -131,4 +131,3 @@ else flush_table_backup fi unlock_exit $success $lock $locked - diff --git a/systemvm/patches/debian/config/opt/cloud/bin/vr_cfg.sh b/systemvm/patches/debian/opt/cloud/bin/vr_cfg.sh similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/bin/vr_cfg.sh rename to systemvm/patches/debian/opt/cloud/bin/vr_cfg.sh diff --git a/systemvm/patches/debian/opt/cloud/templates/README b/systemvm/patches/debian/opt/cloud/templates/README new file mode 100644 index 000000000000..8d7df47cbad6 --- /dev/null +++ b/systemvm/patches/debian/opt/cloud/templates/README @@ -0,0 +1,2 @@ +These are the templates for the redundant router +and redundant vpc_router diff --git a/systemvm/patches/debian/config/opt/cloud/templates/arping_gateways.sh.templ b/systemvm/patches/debian/opt/cloud/templates/arping_gateways.sh.templ similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/templates/arping_gateways.sh.templ rename to systemvm/patches/debian/opt/cloud/templates/arping_gateways.sh.templ diff --git a/systemvm/patches/debian/config/opt/cloud/templates/check_bumpup.sh b/systemvm/patches/debian/opt/cloud/templates/check_bumpup.sh similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/templates/check_bumpup.sh rename to systemvm/patches/debian/opt/cloud/templates/check_bumpup.sh diff --git a/systemvm/patches/debian/config/opt/cloud/templates/check_heartbeat.sh.templ b/systemvm/patches/debian/opt/cloud/templates/check_heartbeat.sh.templ similarity index 99% rename from systemvm/patches/debian/config/opt/cloud/templates/check_heartbeat.sh.templ rename to systemvm/patches/debian/opt/cloud/templates/check_heartbeat.sh.templ index a9cbf308119e..2ab9abaa8a42 100755 --- a/systemvm/patches/debian/config/opt/cloud/templates/check_heartbeat.sh.templ +++ b/systemvm/patches/debian/opt/cloud/templates/check_heartbeat.sh.templ @@ -52,7 +52,7 @@ then #Set fault so we have the same effect as a KeepaliveD fault. python /opt/cloud/bin/master.py --fault - + pkill -9 keepalived >> $ROUTER_LOG 2>&1 pkill -9 conntrackd >> $ROUTER_LOG 2>&1 echo Status: FAULT \(keepalived process is dead\) >> $ROUTER_LOG diff --git a/systemvm/patches/debian/config/opt/cloud/templates/checkrouter.sh.templ b/systemvm/patches/debian/opt/cloud/templates/checkrouter.sh.templ similarity index 98% rename from systemvm/patches/debian/config/opt/cloud/templates/checkrouter.sh.templ rename to systemvm/patches/debian/opt/cloud/templates/checkrouter.sh.templ index 0ba0ee5013b4..fcfc58d5b95f 100755 --- a/systemvm/patches/debian/config/opt/cloud/templates/checkrouter.sh.templ +++ b/systemvm/patches/debian/opt/cloud/templates/checkrouter.sh.templ @@ -34,4 +34,4 @@ else fi fi -echo "Status: ${STATUS}" \ No newline at end of file +echo "Status: ${STATUS}" diff --git a/systemvm/patches/debian/config/opt/cloud/templates/conntrackd.conf.templ b/systemvm/patches/debian/opt/cloud/templates/conntrackd.conf.templ similarity index 96% rename from systemvm/patches/debian/config/opt/cloud/templates/conntrackd.conf.templ rename to systemvm/patches/debian/opt/cloud/templates/conntrackd.conf.templ index 40f92a0d1c3a..3e38af1b7d5e 100644 --- a/systemvm/patches/debian/config/opt/cloud/templates/conntrackd.conf.templ +++ b/systemvm/patches/debian/opt/cloud/templates/conntrackd.conf.templ @@ -45,7 +45,7 @@ Sync { # # If the firewall replica goes from primary to backup, - # the conntrackd -t command is invoked in the script. + # the conntrackd -t command is invoked in the script. # This command schedules a flush of the table in N seconds. # This is useful to purge the connection tracking table of # zombie entries and avoid clashes with old entries if you @@ -90,7 +90,7 @@ Sync { # iptables -I OUTPUT -d 225.0.0.50 -j ACCEPT # Multicast { - # + # # Multicast address: The address that you use as destination # in the synchronization messages. You do not have to add # this IP to any of your existing interfaces. If any doubt, @@ -141,7 +141,7 @@ Sync { # RcvSocketBuffer 1249280 - # + # # Enable/Disable message checksumming. This is a good # property to achieve fault-tolerance. In case of doubt, do # not modify this value. @@ -154,8 +154,8 @@ Sync { # more than one dedicated link does not mean that state-updates will # be sent to all of them. There is only one active dedicated link at # a given moment. The `Default' keyword indicates that this interface - # will be selected as the initial dedicated link. You can have - # up to 4 redundant dedicated links. Note: Use different multicast + # will be selected as the initial dedicated link. You can have + # up to 4 redundant dedicated links. Note: Use different multicast # groups for every redundant link. # # Multicast Default { @@ -172,9 +172,9 @@ Sync { # You can use Unicast UDP instead of Multicast to propagate events. # Note that you cannot use unicast UDP and Multicast at the same # time, you can only select one. - # + # # UDP { - # + # # UDP address that this firewall uses to listen to events. # # IPv4_address 192.168.2.100 @@ -204,7 +204,7 @@ Sync { # # Interface eth2 - # + # # The sender socket buffer size # # SndSocketBuffer 1249280 @@ -214,8 +214,8 @@ Sync { # # RcvSocketBuffer 1249280 - # - # Enable/Disable message checksumming. + # + # Enable/Disable message checksumming. # # Checksum on # } @@ -255,7 +255,7 @@ General { HashSize 32768 # - # Maximum number of conntracks, it should be double of: + # Maximum number of conntracks, it should be double of: # $ cat /proc/sys/net/netfilter/nf_conntrack_max # since the daemon may keep some dead entries cached for possible # retransmission during state synchronization. @@ -276,7 +276,7 @@ General { # # Lockfile - # + # LockFile /var/lock/conntrack.lock # @@ -326,7 +326,7 @@ General { # # NetlinkEventsReliable Off - # + # # By default, the daemon receives state updates following an # event-driven model. You can modify this behaviour by switching to # polling mode with the PollSecs clause. This clause tells conntrackd @@ -355,13 +355,13 @@ General { # State. The filter is attached to an action that can be: Accept or # Ignore. Thus, you can define the event filtering policy of the # filter-sets in positive or negative logic depending on your needs. - # You can select if conntrackd filters the event messages from + # You can select if conntrackd filters the event messages from # user-space or kernel-space. The kernel-space event filtering # saves some CPU cycles by avoiding the copy of the event message # from kernel-space to user-space. The kernel-space event filtering # is prefered, however, you require a Linux kernel >= 2.6.29 to - # filter from kernel-space. If you want to select kernel-space - # event filtering, use the keyword 'Kernelspace' instead of + # filter from kernel-space. If you want to select kernel-space + # event filtering, use the keyword 'Kernelspace' instead of # 'Userspace'. # Filter From Userspace { @@ -405,7 +405,7 @@ General { # # Uncomment this line below if you want to filter by flow state. # This option introduces a trade-off in the replication: it - # reduces CPU consumption at the cost of having lazy backup + # reduces CPU consumption at the cost of having lazy backup # firewall replicas. The existing TCP states are: SYN_SENT, # SYN_RECV, ESTABLISHED, FIN_WAIT, CLOSE_WAIT, LAST_ACK, # TIME_WAIT, CLOSED, LISTEN. diff --git a/systemvm/patches/debian/config/opt/cloud/templates/heartbeat.sh.templ b/systemvm/patches/debian/opt/cloud/templates/heartbeat.sh.templ similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/templates/heartbeat.sh.templ rename to systemvm/patches/debian/opt/cloud/templates/heartbeat.sh.templ diff --git a/systemvm/patches/debian/config/opt/cloud/templates/keepalived.conf.templ b/systemvm/patches/debian/opt/cloud/templates/keepalived.conf.templ similarity index 99% rename from systemvm/patches/debian/config/opt/cloud/templates/keepalived.conf.templ rename to systemvm/patches/debian/opt/cloud/templates/keepalived.conf.templ index c84393914235..d14611d895a5 100644 --- a/systemvm/patches/debian/config/opt/cloud/templates/keepalived.conf.templ +++ b/systemvm/patches/debian/opt/cloud/templates/keepalived.conf.templ @@ -48,4 +48,4 @@ vrrp_instance inside_network { notify_backup "/opt/cloud/bin/master.py --backup" notify_master "/opt/cloud/bin/master.py --master" notify_fault "/opt/cloud/bin/master.py --fault" -} \ No newline at end of file +} diff --git a/systemvm/patches/debian/config/opt/cloud/testdata/README b/systemvm/patches/debian/opt/cloud/testdata/README similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/testdata/README rename to systemvm/patches/debian/opt/cloud/testdata/README diff --git a/systemvm/patches/debian/opt/cloud/testdata/acl0001.json b/systemvm/patches/debian/opt/cloud/testdata/acl0001.json new file mode 100644 index 000000000000..ee068dc949f2 --- /dev/null +++ b/systemvm/patches/debian/opt/cloud/testdata/acl0001.json @@ -0,0 +1,54 @@ +{ + "eth2": { + "device": "eth2", + "egress_rules": [ + { + "allowed": false, + "cidr": "10.0.6.0/8", + "first_port": 60, + "last_port": 60, + "type": "tcp" + } + ], + "ingress_rules": [ + { + "allowed": true, + "cidr": "10.0.1.0/8", + "protocol": 41, + "type": "protocol" + }, + { + "allowed": true, + "cidr": "10.0.4.0/8", + "type": "all" + }, + { + "allowed": true, + "cidr": "10.0.3.0/8", + "icmp_code": -1, + "icmp_type": -1, + "type": "icmp" + }, + { + "allowed": true, + "cidr": "10.0.2.0/8", + "first_port": 40, + "last_port": 40, + "type": "udp" + }, + { + "allowed": true, + "cidr": "10.0.1.0/8", + "first_port": 30, + "last_port": 30, + "type": "tcp" + } + ], + "mac_address": "02:00:0d:7b:00:04", + "nic_ip": "172.16.1.1", + "nic_netmask": "24", + "private_gateway_acl": false, + "type": "networkacl" + }, + "id": "networkacl" +} diff --git a/systemvm/patches/debian/config/opt/cloud/testdata/dhcp0001.json b/systemvm/patches/debian/opt/cloud/testdata/dhcp0001.json similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/testdata/dhcp0001.json rename to systemvm/patches/debian/opt/cloud/testdata/dhcp0001.json diff --git a/systemvm/patches/debian/config/opt/cloud/testdata/gn0001.json b/systemvm/patches/debian/opt/cloud/testdata/gn0001.json similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/testdata/gn0001.json rename to systemvm/patches/debian/opt/cloud/testdata/gn0001.json diff --git a/systemvm/patches/debian/config/opt/cloud/testdata/ips0001.json b/systemvm/patches/debian/opt/cloud/testdata/ips0001.json similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/testdata/ips0001.json rename to systemvm/patches/debian/opt/cloud/testdata/ips0001.json diff --git a/systemvm/patches/debian/config/opt/cloud/testdata/ips0002.json b/systemvm/patches/debian/opt/cloud/testdata/ips0002.json similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/testdata/ips0002.json rename to systemvm/patches/debian/opt/cloud/testdata/ips0002.json diff --git a/systemvm/patches/debian/config/opt/cloud/testdata/ips0003.json b/systemvm/patches/debian/opt/cloud/testdata/ips0003.json similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/testdata/ips0003.json rename to systemvm/patches/debian/opt/cloud/testdata/ips0003.json diff --git a/systemvm/patches/debian/config/opt/cloud/testdata/s2s0001.json b/systemvm/patches/debian/opt/cloud/testdata/s2s0001.json similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/testdata/s2s0001.json rename to systemvm/patches/debian/opt/cloud/testdata/s2s0001.json diff --git a/systemvm/patches/debian/config/opt/cloud/bin/test.sh b/systemvm/patches/debian/opt/cloud/testdata/test.sh similarity index 99% rename from systemvm/patches/debian/config/opt/cloud/bin/test.sh rename to systemvm/patches/debian/opt/cloud/testdata/test.sh index 0ffd4e56d071..8410e241b598 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/test.sh +++ b/systemvm/patches/debian/opt/cloud/testdata/test.sh @@ -22,4 +22,3 @@ cp /opt/cloud/testdata/* /etc/cloudstack /opt/cloud/bin/update_config.py ips0001.json /opt/cloud/bin/update_config.py ips0002.json /opt/cloud/bin/update_config.py ips0003.json - diff --git a/systemvm/patches/debian/config/opt/cloud/testdata/vmp0001.json b/systemvm/patches/debian/opt/cloud/testdata/vmp0001.json similarity index 100% rename from systemvm/patches/debian/config/opt/cloud/testdata/vmp0001.json rename to systemvm/patches/debian/opt/cloud/testdata/vmp0001.json diff --git a/systemvm/patches/debian/qemuconvert.sh b/systemvm/patches/debian/qemuconvert.sh deleted file mode 100755 index dc8eb15b3ab5..000000000000 --- a/systemvm/patches/debian/qemuconvert.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - - - - - -echo "Converting raw image to qcow2" -qemu-img convert -f raw -O qcow2 systemvm.img systemvm.qcow2 -echo "Compressing qcow2..." -bzip2 -c systemvm.qcow2 > systemvm.qcow2.bz2 -echo "Done qcow2" -echo "Converting raw image to vmdk" -qemu-img convert -f raw -O vmdk systemvm.img systemvm.vmdk -echo "Compressing vmdk..." -bzip2 -c systemvm.vmdk > systemvm.vmdk.bz2 -echo "Done vmdk" diff --git a/systemvm/patches/debian/config/root/.ssh/authorized_keys b/systemvm/patches/debian/root/.ssh/authorized_keys similarity index 100% rename from systemvm/patches/debian/config/root/.ssh/authorized_keys rename to systemvm/patches/debian/root/.ssh/authorized_keys diff --git a/systemvm/patches/debian/config/root/clearUsageRules.sh b/systemvm/patches/debian/root/clearUsageRules.sh similarity index 99% rename from systemvm/patches/debian/config/root/clearUsageRules.sh rename to systemvm/patches/debian/root/clearUsageRules.sh index 061688b74386..393bc6460907 100755 --- a/systemvm/patches/debian/config/root/clearUsageRules.sh +++ b/systemvm/patches/debian/root/clearUsageRules.sh @@ -15,7 +15,7 @@ # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. - + # clearUsageRules.sh - remove iptable rules for removed public interfaces # @VERSION@ diff --git a/systemvm/patches/debian/config/root/func.sh b/systemvm/patches/debian/root/func.sh similarity index 100% rename from systemvm/patches/debian/config/root/func.sh rename to systemvm/patches/debian/root/func.sh diff --git a/systemvm/patches/debian/config/root/monitorServices.py b/systemvm/patches/debian/root/monitorServices.py similarity index 99% rename from systemvm/patches/debian/config/root/monitorServices.py rename to systemvm/patches/debian/root/monitorServices.py index c1dfba21a463..75d10043816d 100755 --- a/systemvm/patches/debian/config/root/monitorServices.py +++ b/systemvm/patches/debian/root/monitorServices.py @@ -378,10 +378,3 @@ def main(): if __name__ == "__main__": main() - - - - - - - diff --git a/systemvm/patches/debian/config/root/reconfigLB.sh b/systemvm/patches/debian/root/reconfigLB.sh similarity index 99% rename from systemvm/patches/debian/config/root/reconfigLB.sh rename to systemvm/patches/debian/root/reconfigLB.sh index e68cc3df4925..a6419390a636 100755 --- a/systemvm/patches/debian/config/root/reconfigLB.sh +++ b/systemvm/patches/debian/root/reconfigLB.sh @@ -37,4 +37,3 @@ new_config=$1 fi exit $ret - diff --git a/systemvm/patches/debian/systemvm.vmx b/systemvm/patches/debian/systemvm.vmx deleted file mode 100644 index 9b93449d94a1..000000000000 --- a/systemvm/patches/debian/systemvm.vmx +++ /dev/null @@ -1,37 +0,0 @@ -config.version = "8" -displayname = "systemvm" -ethernet0.addressType = "generated" -ethernet0.connectionType = "bridged" -ethernet0.present = "true" -ethernet0.startConnected = "true" -ethernet0.virtualDev = "e1000" -floppy0.autodetect = "false" -floppy0.fileType = "device" -floppy0.present = "true" -floppy0.startConnected = "false" -guestos = "debian5" -ide0:0.deviceType = "disk" -ide0:0.fileName = "systemvm.vmdk" -ide0:0.present = "true" -ide1:0.autodetect = "true" -ide1:0.deviceType = "atapi-cdrom" -ide1:0.present = "true" -ide1:0.startConnected = "false" -memsize = "256" -numvcpus = "1" -pciBridge0.present = "TRUE" -pciBridge4.functions = "8" -pciBridge4.present = "TRUE" -pciBridge4.virtualDev = "pcieRootPort" -pciBridge5.functions = "8" -pciBridge5.present = "TRUE" -pciBridge5.virtualDev = "pcieRootPort" -pciBridge6.functions = "8" -pciBridge6.present = "TRUE" -pciBridge6.virtualDev = "pcieRootPort" -pciBridge7.functions = "8" -pciBridge7.present = "TRUE" -pciBridge7.virtualDev = "pcieRootPort" -svga.autodetect = "true" -virtualhw.version = "7" -vmci0.present = "TRUE" diff --git a/systemvm/patches/debian/systemvm.xml b/systemvm/patches/debian/systemvm.xml deleted file mode 100644 index fffc077a27cc..000000000000 --- a/systemvm/patches/debian/systemvm.xml +++ /dev/null @@ -1,53 +0,0 @@ - - - systemvm2 - 1572864 - 1572864 - 1 - - hvm - - - - - - - - destroy - restart - restart - - - /usr/bin/qemu-kvm - - - - - - - - - - - - - - - - - diff --git a/systemvm/patches/debian/config/var/www/html/latest/.htaccess b/systemvm/patches/debian/var/www/html/latest/.htaccess similarity index 99% rename from systemvm/patches/debian/config/var/www/html/latest/.htaccess rename to systemvm/patches/debian/var/www/html/latest/.htaccess index 5c9da02887ad..725e7e112a6b 100644 --- a/systemvm/patches/debian/config/var/www/html/latest/.htaccess +++ b/systemvm/patches/debian/var/www/html/latest/.htaccess @@ -21,4 +21,3 @@ RewriteRule ^public-ipv4/?$ ../metadata/%{REMOTE_ADDR}/public-ipv4 [L,NC,QSA] RewriteRule ^public-keys/?$ ../metadata/%{REMOTE_ADDR}/public-keys [L,NC,QSA] RewriteRule ^service-offering/?$ ../metadata/%{REMOTE_ADDR}/service-offering [L,NC,QSA] RewriteRule ^vm-id/?$ ../metadata/%{REMOTE_ADDR}/vm-id [L,NC,QSA] - diff --git a/systemvm/patches/debian/config/var/www/html/userdata/.htaccess b/systemvm/patches/debian/var/www/html/userdata/.htaccess similarity index 100% rename from systemvm/patches/debian/config/var/www/html/userdata/.htaccess rename to systemvm/patches/debian/var/www/html/userdata/.htaccess diff --git a/systemvm/patches/debian/vhdconvert.sh b/systemvm/patches/debian/vhdconvert.sh deleted file mode 100755 index 0b0dbfb17246..000000000000 --- a/systemvm/patches/debian/vhdconvert.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - - - - - -# BUILDING vhd-util on Linux -# The xen repository has a tool called vhd-util that compiles and runs on any linux system -# (http://xenbits.xensource.com/xen-4.0-testing.hg?file/8e8dd38374e9/tools/blktap2/vhd/ or full Xen source at http://www.xen.org/products/xen_source.html). -# Apply this patch: http://lists.xensource.com/archives/cgi-bin/mesg.cgi?a=xen-devel&i=006101cb22f6%242004dd40%24600e97c0%24%40zhuo%40cloudex.cn. -# Build the vhd-util tool: -# cd tools/blktap2 -# make -# sudo make install - -echo "Backing up systemvm.img" -cp systemvm.img systemvm.img.tmp -echo "Converting raw image to fixed vhd" -vhd-util convert -s 0 -t 1 -i systemvm.img.tmp -o systemvm.vhd -echo "Converting fixed vhd to dynamic vhd" -vhd-util convert -s 1 -t 2 -i systemvm.vhd -o systemvm.vhd -echo "Compressing..." -bzip2 -c systemvm.vhd > systemvm.vhd.bz2 -echo "Done" diff --git a/systemvm/patches/debian/xe/xe-daemon b/systemvm/patches/debian/xe/xe-daemon deleted file mode 100644 index bc514d780b84..000000000000 --- a/systemvm/patches/debian/xe/xe-daemon +++ /dev/null @@ -1,65 +0,0 @@ -#!/bin/bash - -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -LANG="C" -export LANG - -usage() { - echo "$0 [ -p ]" >&2 - exit 1 -} - -# Parse command line opts -while [ $# -ne 0 ] ; do - arg="$1" - shift - case "$arg" in - "-p") - [ $# -eq 0 ] && usage - pidfile="$1" - shift - mkdir -p "$(dirname "$pidfile")" - echo $$ > "$pidfile" - ;; - *) - usage - ;; - esac -done - -XE_UPDATE_GUEST_ATTRS=${XE_UPDATE_GUEST_ATTRS:-/usr/sbin/xe-update-guest-attrs} -XE_DAEMON_RATE=${XE_DAEMON_RATE:-60} # run once a minute by default -XE_MEMORY_UPDATE_DIVISOR=${XE_MEMORY_UPDATE_DIVISOR:-2} # update mem stats 1/2 as often by dflt - -# Delete xenstore cache following each reboot -rm -rf /var/cache/xenstore - -MEMORY_UPDATE_COUNTER=0 -while true ; do - if [ ${MEMORY_UPDATE_COUNTER} -eq 0 ] ; then - MEMORY=--memory - MEMORY_UPDATE_COUNTER=${XE_MEMORY_UPDATE_DIVISOR} - else - MEMORY= - fi - MEMORY_UPDATE_COUNTER=$((${MEMORY_UPDATE_COUNTER} - 1)) - ${XE_UPDATE_GUEST_ATTRS} ${MEMORY} - - sleep ${XE_DAEMON_RATE} -done diff --git a/systemvm/patches/debian/xe/xe-linux-distribution b/systemvm/patches/debian/xe/xe-linux-distribution deleted file mode 100644 index 774f1c75859c..000000000000 --- a/systemvm/patches/debian/xe/xe-linux-distribution +++ /dev/null @@ -1,267 +0,0 @@ -#! /bin/sh - -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -# Script to write information about the current distribution to stdout or a file. -# Information collected: -# - Distribution name -# - Distribution version (major and minor) -# - Kernel version (uname) - -LANG="C" -export LANG - - -write_to_output() -{ - local distro="$1" - local major="$2" - local minor="$3" - local name="$4" - local uname=$(uname -r) - - if [ -n "${TEST_RESULT}" ] ; then - MAJOR=$major - MINOR=$minor - DISTRO=$distro - UNAME=$uname - return 0 - fi - - echo "os_distro=\"${distro}\"" - echo "os_majorver=\"${major}\"" - echo "os_minorver=\"${minor}\"" - echo "os_uname=\"${uname}\"" - echo "os_name=\"${name}\"" - - return 0 -} - -identify_debian() -{ - local debian_version="$1" - local major - local minor - - # 3.1 - # 4.0 - # Ignores testing and unstable which contain ".*/sid". - - if [ ! -f "${debian_version}" ] ; then - return 1 - fi - - eval $(awk -F. '/^[0-9]*\.[0-9]*/ \ - { print "major="$1 ; print "minor="$2 ; exit 0 }' \ - "${debian_version}") - - if [ -z "${major}" ] && [ -z "${minor}" ] && ! grep -q /sid "${debian_version}" ; then - return 1 - fi - - write_to_output "debian" "${major}" "${minor}" "Debian $(head -n 1 $debian_version)" - - return 0 -} - -identify_redhat() -{ - redhat_release="$1" - local distro - local major - local minor - local beta - - # distro=rhel - # Red Hat Enterprise Linux AS release 3 (Taroon Update 6) - # Red Hat Enterprise Linux AS release 3 (Taroon Update 8) - # Red Hat Enterprise Linux AS release 4 (Nahant) - # Red Hat Enterprise Linux AS release 4 (Nahant Update 1) - # Red Hat Enterprise Linux AS release 4 (Nahant Update 2) - # Red Hat Enterprise Linux AS release 4 (Nahant Update 3) - # Red Hat Enterprise Linux AS release 4 (Nahant Update 4) - # Red Hat Enterprise Linux Server release 4.92 (Tikanga) - # Red Hat Enterprise Linux Server release 5 (Tikanga) - # Red Hat Enterprise Linux Server release 5.1 Beta (Tikanga) - - # distro=xe-ddk - # \@PRODUCT_BRAND\@ DDK release \@PRODUCT_VERSION\@-\@BUILD_NUMBER\@ (\@PRODUCT_NAME\@) - # Rio DDK release 0.5.6-2991c (xenenterprise) - - # distro=xe-sdk - # \@PRODUCT_BRAND\@ SDK release \@PRODUCT_VERSION\@-\@BUILD_NUMBER\@ (\@PRODUCT_NAME\@) - # Rio SDK release 0.5.6-2991c (xenenterprise) - - # distro=fedora - # Fedora Core release 3 (Heidelberg) - - # distro=centos - # CentOS release 4.0 (Final) - # CentOS release 5 (Final) - - # distro=oracle - # Enterprise Linux Enterprise Linux Server release 5 (Carthage) - - if [ ! -f "${redhat_release}" ] ; then - return 1 - fi - - eval $(sed -n \ - -e 's/^\(.*\) DDK release \(.*\)-\(.*\) (.*)$/distro=xe-ddk;major=\2;minor=\3/gp;' \ - -e 's/^\(.*\) SDK release \(.*\)-\(.*\) (.*)$/distro=xe-sdk;major=\2;minor=\3/gp;' \ - -e 's/^Red Hat Enterprise Linux .* release \([0-9]*\) (.* Update \(.*\))$/distro=rhel;major=\1;minor=\2/gp;'\ - -e 's/^Red Hat Enterprise Linux .* release \([0-9]*\) (.*)$/distro=rhel;major=\1/gp;' \ - -e 's/^Red Hat Enterprise Linux .* release \([0-9]*\)\.\([0-9]*\) \([Bb]eta \)\?(.*)$/distro=rhel;major=\1;minor=\2;beta=\3;/gp;' \ - -e 's/^Fedora.*release \([0-9]*\) (.*)$/distro=fedora;major=\1/gp;' \ - -e 's/^CentOS release \([0-9]*\)\.\([0-9]*\) (.*)/distro=centos;major=\1;minor=\2/gp;' \ - -e 's/^CentOS release \([0-9]*\) (.*)/distro=centos;major=\1/gp;' \ - -e 's/^Enterprise Linux Enterprise Linux .* release \([0-9]*\)\.\([0-9]*\) (.*)$/distro=oracle;major=\1;minor=\2;/gp;' \ - -e 's/^Enterprise Linux Enterprise Linux .* release \([0-9]*\) (.*)$/distro=oracle;major=\1/gp;' \ - "${redhat_release}") - - if [ -z "${major}" -o -z "${distro}" ] ; then - return 1 - fi - - if [ -z "${minor}" ] ; then - minor=0 - fi - - # HACK to handle RHEL betas - if [ "${distro}" == "rhel" ] && [ ${minor} -gt 90 ] ; then - major=$(expr ${major} + 1 ) - minor=0 - beta=Beta - fi - - if [ -n "${beta}" ] ; then - minor="${minor}beta" - fi - - write_to_output "${distro}" "${major}" "${minor}" "$(head -n 1 ${redhat_release})" - -} - -identify_sles() -{ - suse_release="$1" - local major - local minor - local _major - - # SUSE LINUX Enterprise Server 9 (i586) - # VERSION = 9 - # - # SUSE LINUX Enterprise Server 9 (i586) - # VERSION = 9 - # PATCHLEVEL = 2 - # - # SUSE LINUX Enterprise Server 9 (i586) - # VERSION = 9 - # PATCHLEVEL = 3 - # - # SUSE Linux Enterprise Server 10 (i586) - # VERSION = 10 - # - # SUSE Linux Enterprise Server 10 (i586) - # VERSION = 10 - # PATCHLEVEL = 1 - # - # SUSE Linux Enterprise Server 11 (i586) - # VERSION = 11 - # PATCHLEVEL = 0 - - if [ ! -f "${suse_release}" ] ; then - return 1 - fi - - eval $(sed -n \ - -e 's/^SUSE L\(inux\|INUX\) Enterprise Server \([0-9]*\) (.*)/_major=\2;/gp;' \ - -e 's/^VERSION = \([0-9]*\)$/major=\1;/gp;' \ - -e 's/^PATCHLEVEL = \([0-9]*\)$/minor=\1;/gp;' \ - "${suse_release}") - - if [ -z "${major}" -o -z "${_major}" ] ; then - return 1 - fi - - if [ "${major}" != "${_major}" ] ; then - return 1 - fi - - if [ -z "${minor}" ] ; then - minor=0 - fi - - write_to_output "sles" "${major}" "${minor}" "$(head -n 1 ${suse_release})" - -} - -identify_lsb() -{ - lsb_release="$1" - - if [ ! -x "${lsb_release}" ] ; then - saved_IFS=$IFS - IFS=: - for i in $PATH ; do - if [ -x "${i}/${lsb_release}" ] ; then - lsb_release="${i}/${lsb_release}" - break - fi - done - IFS=$saved_IFS - fi - - if [ ! -x "${lsb_release}" ] ; then - return 1 - fi - - distro=$(${lsb_release} --short --id | tr 'A-Z' 'a-z') - description=$(${lsb_release} --short --description | sed -e 's/^"\(.*\)"$/\1/g') - release=$(${lsb_release} --short --release) - - if [ -z "${distro}" -o -z "${release}" ] ; then - return 1 - fi - - eval $(echo $release | awk -F. -- '{ print "major=" $1 ; print "minor=" $2 }') - - if [ -z "${major}" -o -z "${distro}" ] ; then - return 1 - fi - - write_to_output "${distro}" "${major}" "${minor}" "${description}" -} - -if [ $# -eq 1 ] ; then - exec 1>"$1" -fi - -if [ -z "${TEST}" ] ; then - identify_redhat /etc/redhat-release && exit 0 - identify_sles /etc/SuSE-release && exit 0 - identify_lsb lsb_release && exit 0 - identify_debian /etc/debian_version && exit 0 - - if [ $# -eq 1 ] ; then - rm -f "$1" - fi - - exit 1 -fi diff --git a/systemvm/patches/debian/xe/xe-update-guest-attrs b/systemvm/patches/debian/xe/xe-update-guest-attrs deleted file mode 100644 index 6c605be420b0..000000000000 --- a/systemvm/patches/debian/xe/xe-update-guest-attrs +++ /dev/null @@ -1,226 +0,0 @@ -#!/bin/sh - -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -# Script to write information about the guest to XenStore. -# -# Information collected (if --memory NOT passed in): -# - Distribution name -# - Distribution version (major and minor) -# - Kernel version (uname) -# - IP address for each Ethernet interface -# -# Information collected (if --memory IS passed in): -# - memtotal -# - memfree -# -# Memory stats are separated out because they change all the time -# and so we may not want to update them as frequently - -LANG="C" -export LANG - - -XE_LINUX_DISTRIBUTION_CACHE=/var/cache/xe-linux-distribution - -IPADDR_RE="\([[:digit:]]\{1,3\}\.\)\{3\}[[:digit:]]\{1,3\}" - -export PATH=/usr/sbin:/usr/bin:/sbin:/bin -XENSTORE=${XENSTORE:-xenstore} - -XENSTORE_UPDATED=0 - -# parse command line opts - -MEMORY_MODE=0 # do not update memory stats -while [ $# -ge 1 ] ; do - if [ "$1" = "--memory" ] ; then - MEMORY_MODE=1 # update only memory stats - fi - shift -done - -xenstore_write_cached() { - key="$1" newval="$2" - cache=/var/cache/xenstore/$key - if [ -f $cache ] ; then - # cache exists - oldval=$(cat "$cache") - if [ "$oldval" = "$newval" ] ; then - # value unchanged - return 0 - fi - else - # cache does not exist - if [ -e $cache ] ; then - # something (directory?) in its way - rm -rf $cache - fi - fi - - # try to write and update cache if successfull - if $XENSTORE-write "$key" "$newval" ; then - mkdir -p $(dirname "$cache") - echo -n "$newval" > "$cache" - XENSTORE_UPDATED=1 - return 0 - fi - return 1 -} - -# If we detect a domain change then delete our cache and force a refresh -domid=$(xenstore-read "domid") -cache=/var/cache/xenstore/unique-domain-id -newval=$(xenstore-read "/local/domain/${domid}/unique-domain-id") -if [ -e $cache ]; then - oldval=$(cat "$cache") - if [ "$oldval" != "$newval" ]; then - # domain changed - rm -rf /var/cache/xenstore - fi -fi -mkdir -p $(dirname "$cache") -echo -n "$newval" > "$cache" - -xenstore_rm_cached() { - key="$1" - cache=/var/cache/xenstore/$key - if [ ! -e $cache ] ; then - return 1 - fi - # try to write and update cache if successfull - if $XENSTORE-rm "$key" ; then - rm -rf "$cache" - XENSTORE_UPDATED=1 - return 0 - fi - return 1 -} - -xenstore_list_interfaces_cached() { - topdir=/var/cache/xenstore/attr - if [ -d $topdir ] ; then - cd $topdir - for dir in * ; do - [ -f $dir/ip ] && echo $dir - done - fi -} - -if [ $MEMORY_MODE -eq 1 ] ; then - # Update the memory information - eval $(cat /proc/meminfo | \ - sed -n -e 's/MemTotal\: *\([0-9]*\)[^$]*/memtotal=\1/gp;' \ - -e 's/MemFree\: *\([0-9]*\)[^$]*/memfree=\1/gp;') - - xenstore_write_cached "data/meminfo_total" "${memtotal}" - xenstore_write_cached "data/meminfo_free" "${memfree}" -fi - - - -# e.g. -# $ ip addr show -# 1: lo: mtu 16436 qdisc noqueue -# link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 -# inet 127.0.0.1/8 scope host lo -# inet6 ::1/128 scope host -# valid_lft forever preferred_lft forever -# 2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000 -# link/ether 00:13:20:95:e8:74 brd ff:ff:ff:ff:ff:ff -# inet 172.31.0.57/20 brd 172.31.15.255 scope global eth0 -# inet6 fe80::213:20ff:fe95:e874/64 scope link -# valid_lft forever preferred_lft forever -# 3: sit0: mtu 1480 qdisc noop -# link/sit 0.0.0.0 brd 0.0.0.0 - -#eval $(ip addr show | \ -# sed -n -e 's/^[[:digit:]]*: \([a-z0-9]*\): .*/ifs="\$ifs \1"; current="\1"; /gp;' \ -# -e 's/^[[:space:]]\{4\}inet \('${IPADDR_RE}'\)\/.*/eval inet_\${current}="\1"; /gp;') - -# e.g. -# eth0 Link encap:Ethernet HWaddr 00:13:20:95:E8:74 -# inet addr:172.31.0.57 Bcast:172.31.15.255 Mask:255.255.240.0 -# inet6 addr: fe80::213:20ff:fe95:e874/64 Scope:Link -# UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 -# RX packets:98001128 errors:0 dropped:0 overruns:0 frame:0 -# TX packets:87728920 errors:0 dropped:0 overruns:0 carrier:0 -# collisions:0 txqueuelen:1000 -# RX bytes:35864034092 (33.4 GiB) TX bytes:27544025180 (25.6 GiB) -# Interrupt:177 -# -# lo Link encap:Local Loopback -# inet addr:127.0.0.1 Mask:255.0.0.0 -# inet6 addr: ::1/128 Scope:Host -# UP LOOPBACK RUNNING MTU:16436 Metric:1 -# RX packets:32928 errors:0 dropped:0 overruns:0 frame:0 -# TX packets:32928 errors:0 dropped:0 overruns:0 carrier:0 -# collisions:0 txqueuelen:0 -# RX bytes:3604609 (3.4 MiB) TX bytes:3604609 (3.4 MiB) - -eval $(/sbin/ifconfig | \ - sed -n -e '/^[0-9a-z][0-9a-z]*\:/,/^$/d' \ - -e 's/^\([0-9a-z][0-9a-z]*\) .*/ifs="\$ifs \1"; current="\1"; /gp;' \ - -e 's/ *inet addr:\('$IPADDR_RE'\) .*/eval inet_\${current}="\1"; /gp;') - -# network -for if in $ifs ; do - - [ "${if}" = "lo" ] && continue - inet=$(eval echo \${inet_${if}}) - [ -z "${inet}" ] && continue - - xenstore_write_cached "attr/${if}/ip" "${inet}" -done - -# remove any interfaces that have been unplugged or downed -for at in $(xenstore_list_interfaces_cached) ; do - for if in $ifs ; do - [ "${if}" = "${at}" ] && continue 2 - done - xenstore_rm_cached "attr/${at}" -done - -# distro -if [ -f ${XE_LINUX_DISTRIBUTION_CACHE} ] ; then - . ${XE_LINUX_DISTRIBUTION_CACHE} - for key in os_name os_majorver os_minorver os_uname os_distro ; do - new=$(eval echo \${${key}}) - [ -n "${new}" ] || continue - xenstore_write_cached "data/${key}" "${new}" - done -fi - -# whether I support ballooning or not -xenstore_write_cached "control/feature-balloon" "1" - -# whether I support ballooning or not -xenstore_write_cached "control/feature-balloon" "1" - -# build time addons -xenstore_write_cached "attr/PVAddons/MajorVersion" "5" -xenstore_write_cached "attr/PVAddons/MinorVersion" "6" -xenstore_write_cached "attr/PVAddons/MicroVersion" "0" -xenstore_write_cached "attr/PVAddons/BuildVersion" "31188" -xenstore_write_cached "attr/PVAddons/Installed" "1" - -# update xenstore if necc -if [ $XENSTORE_UPDATED -eq 1 ] ; then - xenstore_write_cached "data/updated" "$(date)" -fi - diff --git a/systemvm/test/python/TestCsAddress.py b/systemvm/patches/test/TestCsAddress.py similarity index 100% rename from systemvm/test/python/TestCsAddress.py rename to systemvm/patches/test/TestCsAddress.py diff --git a/systemvm/test/python/TestCsApp.py b/systemvm/patches/test/TestCsApp.py similarity index 100% rename from systemvm/test/python/TestCsApp.py rename to systemvm/patches/test/TestCsApp.py diff --git a/systemvm/test/python/TestCsCmdLine.py b/systemvm/patches/test/TestCsCmdLine.py similarity index 100% rename from systemvm/test/python/TestCsCmdLine.py rename to systemvm/patches/test/TestCsCmdLine.py diff --git a/systemvm/test/python/TestCsConfig.py b/systemvm/patches/test/TestCsConfig.py similarity index 100% rename from systemvm/test/python/TestCsConfig.py rename to systemvm/patches/test/TestCsConfig.py diff --git a/systemvm/test/python/TestCsDatabag.py b/systemvm/patches/test/TestCsDatabag.py similarity index 100% rename from systemvm/test/python/TestCsDatabag.py rename to systemvm/patches/test/TestCsDatabag.py diff --git a/systemvm/test/python/TestCsDhcp.py b/systemvm/patches/test/TestCsDhcp.py similarity index 100% rename from systemvm/test/python/TestCsDhcp.py rename to systemvm/patches/test/TestCsDhcp.py diff --git a/systemvm/test/python/TestCsFile.py b/systemvm/patches/test/TestCsFile.py similarity index 100% rename from systemvm/test/python/TestCsFile.py rename to systemvm/patches/test/TestCsFile.py diff --git a/systemvm/test/python/TestCsGuestNetwork.py b/systemvm/patches/test/TestCsGuestNetwork.py similarity index 100% rename from systemvm/test/python/TestCsGuestNetwork.py rename to systemvm/patches/test/TestCsGuestNetwork.py diff --git a/systemvm/test/python/TestCsHelper.py b/systemvm/patches/test/TestCsHelper.py similarity index 100% rename from systemvm/test/python/TestCsHelper.py rename to systemvm/patches/test/TestCsHelper.py diff --git a/systemvm/test/python/TestCsInterface.py b/systemvm/patches/test/TestCsInterface.py similarity index 100% rename from systemvm/test/python/TestCsInterface.py rename to systemvm/patches/test/TestCsInterface.py diff --git a/systemvm/test/python/TestCsNetfilter.py b/systemvm/patches/test/TestCsNetfilter.py similarity index 100% rename from systemvm/test/python/TestCsNetfilter.py rename to systemvm/patches/test/TestCsNetfilter.py diff --git a/systemvm/test/python/TestCsProcess.py b/systemvm/patches/test/TestCsProcess.py similarity index 100% rename from systemvm/test/python/TestCsProcess.py rename to systemvm/patches/test/TestCsProcess.py diff --git a/systemvm/test/python/TestCsRedundant.py b/systemvm/patches/test/TestCsRedundant.py similarity index 100% rename from systemvm/test/python/TestCsRedundant.py rename to systemvm/patches/test/TestCsRedundant.py diff --git a/systemvm/test/python/TestCsRoute.py b/systemvm/patches/test/TestCsRoute.py similarity index 100% rename from systemvm/test/python/TestCsRoute.py rename to systemvm/patches/test/TestCsRoute.py diff --git a/systemvm/test/python/TestCsRule.py b/systemvm/patches/test/TestCsRule.py similarity index 100% rename from systemvm/test/python/TestCsRule.py rename to systemvm/patches/test/TestCsRule.py diff --git a/systemvm/test/python/runtests.sh b/systemvm/patches/test/runtests.sh similarity index 94% rename from systemvm/test/python/runtests.sh rename to systemvm/patches/test/runtests.sh index 6d6a196f2514..e64f8674a08f 100644 --- a/systemvm/test/python/runtests.sh +++ b/systemvm/patches/test/runtests.sh @@ -18,7 +18,7 @@ # requires netaddr -export PYTHONPATH="../../patches/debian/config/opt/cloud/bin/" +export PYTHONPATH="../debian/opt/cloud/bin/" export PYTHONDONTWRITEBYTECODE=False pep8 --max-line-length=179 --exclude=monitorServices.py,baremetal-vr.py,passwd_server_ip.py `find ../../patches -name \*.py` diff --git a/systemvm/patches/debian/vpn/etc/ipsec.conf b/systemvm/patches/vpn/etc/ipsec.conf similarity index 100% rename from systemvm/patches/debian/vpn/etc/ipsec.conf rename to systemvm/patches/vpn/etc/ipsec.conf diff --git a/systemvm/patches/debian/vpn/etc/ipsec.d/l2tp.conf b/systemvm/patches/vpn/etc/ipsec.d/l2tp.conf similarity index 100% rename from systemvm/patches/debian/vpn/etc/ipsec.d/l2tp.conf rename to systemvm/patches/vpn/etc/ipsec.d/l2tp.conf diff --git a/systemvm/patches/debian/vpn/etc/ipsec.secrets b/systemvm/patches/vpn/etc/ipsec.secrets similarity index 100% rename from systemvm/patches/debian/vpn/etc/ipsec.secrets rename to systemvm/patches/vpn/etc/ipsec.secrets diff --git a/systemvm/patches/debian/vpn/etc/ppp/options.xl2tpd b/systemvm/patches/vpn/etc/ppp/options.xl2tpd similarity index 100% rename from systemvm/patches/debian/vpn/etc/ppp/options.xl2tpd rename to systemvm/patches/vpn/etc/ppp/options.xl2tpd diff --git a/systemvm/patches/debian/vpn/etc/xl2tpd/xl2tpd.conf b/systemvm/patches/vpn/etc/xl2tpd/xl2tpd.conf similarity index 100% rename from systemvm/patches/debian/vpn/etc/xl2tpd/xl2tpd.conf rename to systemvm/patches/vpn/etc/xl2tpd/xl2tpd.conf diff --git a/systemvm/patches/debian/vpn/opt/cloud/bin/vpn_l2tp.sh b/systemvm/patches/vpn/opt/cloud/bin/vpn_l2tp.sh similarity index 98% rename from systemvm/patches/debian/vpn/opt/cloud/bin/vpn_l2tp.sh rename to systemvm/patches/vpn/opt/cloud/bin/vpn_l2tp.sh index 83cf4de93f24..60ee8a6dafd0 100755 --- a/systemvm/patches/debian/vpn/opt/cloud/bin/vpn_l2tp.sh +++ b/systemvm/patches/vpn/opt/cloud/bin/vpn_l2tp.sh @@ -16,7 +16,7 @@ # specific language governing permissions and limitations # under the License. - + #set -x @@ -142,7 +142,7 @@ create_l2tp_ipsec_vpn_server() { ipsec_server "restart" - ipsec auto --rereadsecrets + ipsec auto --rereadsecrets ipsec auto --replace L2TP-PSK } @@ -152,7 +152,7 @@ destroy_l2tp_ipsec_vpn_server() { ipsec auto --down L2TP-PSK iptables_ "-D" $public_ip - + ipsec_server "stop" } @@ -254,6 +254,6 @@ if [ "$useradd" == "1" ]; then exit $? fi if [ "$userdel" == "1" ]; then - remove_l2tp_ipsec_user $user + remove_l2tp_ipsec_user $user exit $? fi diff --git a/systemvm/pom.xml b/systemvm/pom.xml index 4d657b722741..0ae3e029ae99 100644 --- a/systemvm/pom.xml +++ b/systemvm/pom.xml @@ -52,10 +52,10 @@ maven-assembly-plugin - systemvm + agent false - systemvm-descriptor.xml + systemvm-agent-descriptor.xml @@ -84,11 +84,11 @@ target - systemvm.zip + agent.zip - patches/debian/config/root/.ssh + patches/debian/root/.ssh authorized_keys @@ -111,31 +111,19 @@ - - + - + - - - - - - - - - - - @@ -180,7 +168,7 @@ -r -o systemvm.iso - systemvm.zip + agent.zip cloud-scripts.tgz authorized_keys diff --git a/systemvm/scripts/run.bat b/systemvm/scripts/run.bat deleted file mode 100644 index ce6dc404574e..000000000000 --- a/systemvm/scripts/run.bat +++ /dev/null @@ -1,18 +0,0 @@ -rem Licensed to the Apache Software Foundation (ASF) under one -rem or more contributor license agreements. See the NOTICE file -rem distributed with this work for additional information -rem regarding copyright ownership. The ASF licenses this file -rem to you under the Apache License, Version 2.0 (the -rem "License"); you may not use this file except in compliance -rem with the License. You may obtain a copy of the License at -rem -rem http://www.apache.org/licenses/LICENSE-2.0 -rem -rem Unless required by applicable law or agreed to in writing, -rem software distributed under the License is distributed on an -rem "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -rem KIND, either express or implied. See the License for the -rem specific language governing permissions and limitations -rem under the License. - -java -mx700m -cp cloud-console-proxy.jar;;cloud-console-common.jar;log4j-1.2.15.jar;apache-log4j-extras-1.0.jar;gson-1.3.jar;commons-logging-1.1.1.jar;.;.\conf; com.cloud.consoleproxy.ConsoleProxy %* diff --git a/systemvm/systemvm-descriptor.xml b/systemvm/systemvm-agent-descriptor.xml similarity index 92% rename from systemvm/systemvm-descriptor.xml rename to systemvm/systemvm-agent-descriptor.xml index ce5ae4b6d208..a3f0453cffdb 100644 --- a/systemvm/systemvm-descriptor.xml +++ b/systemvm/systemvm-agent-descriptor.xml @@ -19,7 +19,7 @@ - systemvm + agent zip @@ -46,13 +46,13 @@ 555 - scripts + agent/scripts 555 555 - conf + agent/conf conf 555 555 @@ -63,7 +63,7 @@ - images + agent/images images 555 555 @@ -75,7 +75,7 @@ - js + agent/js js 555 555 @@ -84,7 +84,7 @@ - ui + agent/ui ui 555 555 @@ -93,7 +93,7 @@ - css + agent/css css 555 555 @@ -102,7 +102,7 @@ - certs + agent/certs certs 555 555 diff --git a/systemvm/vm-script/vmops b/systemvm/vm-script/vmops deleted file mode 100644 index a9f70c83925e..000000000000 --- a/systemvm/vm-script/vmops +++ /dev/null @@ -1,119 +0,0 @@ -#!/bin/bash -# -# vmops Script to start and stop the VMOps Agent. -# -# Author: Chiradeep Vittal -# chkconfig: 2345 99 01 -# description: Start up the VMOps agent - -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - - -# Source function library. -if [ -f /etc/init.d/functions ] -then - . /etc/init.d/functions -fi - -_success() { - if [ -f /etc/init.d/functions ] - then - success - else - echo "Success" - fi -} - -_failure() { - if [ -f /etc/init.d/functions ] - then - failure - else - echo "Failed" - fi -} -RETVAL=$? -VMOPS_HOME="/usr/local/vmops" - -mkdir -p /var/log/vmops - -get_pids() { - local i - for i in $(ps -ef| grep java | grep -v grep | awk '{print $2}'); - do - echo $(pwdx $i) | grep "$VMOPS_HOME" | grep -i console | awk -F: '{print $1}'; - done -} - -start() { - local pid=$(get_pids) - echo -n "Starting VMOps Console Proxy: " - if [ -f $VMOPS_HOME/consoleproxy/run.sh ]; - then - if [ "$pid" == "" ] - then - (cd $VMOPS_HOME/consoleproxy; nohup ./run.sh > /var/log/vmops/vmops.out 2>&1 & ) - pid=$(get_pids) - echo $pid > /var/run/vmops.pid - fi - _success - else - _failure - fi - echo -} - -stop() { - local pid - echo -n "Stopping VMOps agent: " - for pid in $(get_pids) - do - kill $pid - done - _success - echo -} - -status() { - local pids=$(get_pids) - if [ "$pids" == "" ] - then - echo "VMOps agent is not running" - return 1 - fi - echo "VMOps agent is running: process id: $pids" - return 0 -} - - -case "$1" in - start) start - ;; - stop) stop - ;; - status) status - ;; - restart) stop - start - ;; - *) echo $"Usage: $0 {start|stop|status|restart}" - exit 1 - ;; -esac - -exit $RETVAL From 8c53574c911e46798c191409186ef67261511728 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Fri, 1 Dec 2017 20:58:18 +0530 Subject: [PATCH 08/22] CLOUDSTACK-10013: Fix ipsec VPN configuration - Fixes strongswan/ipsec, l2tpd and pppd configs - Uses auto=route in ipsec configs - Fixes road-warrior setup - Fixes site-to-site VPN with automatic connection configuration - Fixes vpc_vpn tests Signed-off-by: Rohit Yadav --- .../patches/debian/opt/cloud/bin/configure.py | 38 +++++++++++-------- .../debian/opt/cloud/bin/ipsectunnel.sh | 10 +---- .../debian/opt/cloud/bin/monitor_service.sh | 2 - systemvm/patches/vpn/etc/ipsec.d/l2tp.conf | 12 ++---- systemvm/patches/vpn/etc/ppp/options.xl2tpd | 2 - .../patches/vpn/opt/cloud/bin/vpn_l2tp.sh | 18 ++++----- test/integration/smoke/test_vpc_vpn.py | 26 +++++++++---- 7 files changed, 55 insertions(+), 53 deletions(-) diff --git a/systemvm/patches/debian/opt/cloud/bin/configure.py b/systemvm/patches/debian/opt/cloud/bin/configure.py index afbf2dd11743..2e809145e521 100755 --- a/systemvm/patches/debian/opt/cloud/bin/configure.py +++ b/systemvm/patches/debian/opt/cloud/bin/configure.py @@ -546,10 +546,6 @@ def configure_ipsec(self, obj): ikepolicy=obj['ike_policy'].replace(';','-') esppolicy=obj['esp_policy'].replace(';','-') - pfs='no' - if 'modp' in esppolicy: - pfs='yes' - if rightpeer in self.confips: self.confips.remove(rightpeer) file = CsFile(vpnconffile) @@ -557,7 +553,6 @@ def configure_ipsec(self, obj): file.search("conn ", "conn vpn-%s" % rightpeer) file.addeq(" left=%s" % leftpeer) file.addeq(" leftsubnet=%s" % obj['local_guest_cidr']) - file.addeq(" leftnexthop=%s" % obj['local_public_gateway']) file.addeq(" right=%s" % rightpeer) file.addeq(" rightsubnet=%s" % peerlist) file.addeq(" type=tunnel") @@ -567,9 +562,8 @@ def configure_ipsec(self, obj): file.addeq(" ikelifetime=%s" % self.convert_sec_to_h(obj['ike_lifetime'])) file.addeq(" esp=%s" % esppolicy) file.addeq(" lifetime=%s" % self.convert_sec_to_h(obj['esp_lifetime'])) - file.addeq(" pfs=%s" % pfs) file.addeq(" keyingtries=2") - file.addeq(" auto=start") + file.addeq(" auto=route") if 'encap' not in obj: obj['encap']=False file.addeq(" forceencaps=%s" % CsHelper.bool_to_yn(obj['encap'])) @@ -585,10 +579,20 @@ def configure_ipsec(self, obj): logging.info("Configured vpn %s %s", leftpeer, rightpeer) CsHelper.execute("ipsec rereadsecrets") - # This will load the new config and start the connection when needed since auto=start in the config + # This will load the new config CsHelper.execute("ipsec reload") os.chmod(vpnsecretsfile, 0400) + for i in xrange(3): + result = CsHelper.execute('ipsec status vpn-%s | grep "%s"' % (rightpeer, peerlist.split(",", 1)[0])) + if len(result) > 0: + break + time.sleep(1) + + # With 'auto=route', connections are established on an attempt to + # communicate over the S2S VPN. This uses ping to initialize the connection. + CsHelper.execute("timeout 5 ping -c 3 %s" % (peerlist.split("/", 1)[0].replace(".0", ".1"))) + def convert_sec_to_h(self, val): hrs = int(val) / 3600 return "%sh" % hrs @@ -658,6 +662,7 @@ def process(self): self.confips = [] logging.debug(self.dbag) + for public_ip in self.dbag: if public_ip == "id": continue @@ -665,12 +670,13 @@ def process(self): #Enable remote access vpn if vpnconfig['create']: + shutdownIpsec = False logging.debug("Enabling remote access vpn on "+ public_ip) dev = CsHelper.get_device(public_ip) if dev == "": - logging.error("Request for ipsec to %s not possible because ip is not configured", public_ip) - continue + logging.error("Request for ipsec to %s not possible because ip is not configured", public_ip) + continue CsHelper.start_if_stopped("ipsec") self.configure_l2tpIpsec(public_ip, self.dbag[public_ip]) @@ -682,7 +688,6 @@ def process(self): CsHelper.execute("ipsec rereadsecrets") else: logging.debug("Disabling remote access vpn .....") - #disable remote access vpn CsHelper.execute("ipsec down L2TP-PSK") CsHelper.execute("systemctl stop xl2tpd") @@ -693,7 +698,6 @@ def configure_l2tpIpsec(self, left, obj): xl2tpdconffile="/etc/xl2tpd/xl2tpd.conf" xl2tpoptionsfile='/etc/ppp/options.xl2tpd' - file = CsFile(l2tpconffile) localip=obj['local_ip'] localcidr=obj['local_cidr'] publicIface=obj['public_interface'] @@ -701,13 +705,13 @@ def configure_l2tpIpsec(self, left, obj): psk=obj['preshared_key'] #left - file.addeq(" left=%s" % left) - file.commit() - + l2tpfile = CsFile(l2tpconffile) + l2tpfile.addeq(" left=%s" % left) + l2tpfile.commit() secret = CsFile(vpnsecretfilte) secret.empty() - secret.addeq(": PSK \"%s\"" %psk) + secret.addeq("%s %%any : PSK \"%s\"" % (left, psk)) secret.commit() xl2tpdconf = CsFile(xl2tpdconffile) @@ -730,6 +734,8 @@ def remoteaccessvpn_iptables(self, publicip, obj): self.fw.append(["", "", "-A INPUT -i %s --dst %s -p udp -m udp --dport 1701 -j ACCEPT" % (publicdev, publicip)]) self.fw.append(["", "", "-A INPUT -i %s -p ah -j ACCEPT" % publicdev]) self.fw.append(["", "", "-A INPUT -i %s -p esp -j ACCEPT" % publicdev]) + self.fw.append(["", "", "-A OUTPUT -p ah -j ACCEPT"]) + self.fw.append(["", "", "-A OUTPUT -p esp -j ACCEPT"]) if self.config.is_vpc(): self.fw.append(["", ""," -N VPN_FORWARD"]) diff --git a/systemvm/patches/debian/opt/cloud/bin/ipsectunnel.sh b/systemvm/patches/debian/opt/cloud/bin/ipsectunnel.sh index 20caec5e79cf..c42650f8d1de 100755 --- a/systemvm/patches/debian/opt/cloud/bin/ipsectunnel.sh +++ b/systemvm/patches/debian/opt/cloud/bin/ipsectunnel.sh @@ -142,7 +142,6 @@ ipsec_tunnel_add() { sudo echo "conn vpn-$rightpeer" > $vpnconffile && sudo echo " left=$leftpeer" >> $vpnconffile && sudo echo " leftsubnet=$leftnet" >> $vpnconffile && - sudo echo " leftnexthop=$leftnexthop" >> $vpnconffile && sudo echo " right=$rightpeer" >> $vpnconffile && sudo echo " rightsubnets={$rightnets}" >> $vpnconffile && sudo echo " type=tunnel" >> $vpnconffile && @@ -152,9 +151,8 @@ ipsec_tunnel_add() { sudo echo " ikelifetime=${ikelifetime}s" >> $vpnconffile && sudo echo " esp=$esppolicy" >> $vpnconffile && sudo echo " salifetime=${esplifetime}s" >> $vpnconffile && - sudo echo " pfs=$pfs" >> $vpnconffile && sudo echo " keyingtries=2" >> $vpnconffile && - sudo echo " auto=start" >> $vpnconffile && + sudo echo " auto=route" >> $vpnconffile && sudo echo "$leftpeer $rightpeer: PSK \"$secret\"" > $vpnsecretsfile && sudo chmod 0400 $vpnsecretsfile @@ -291,12 +289,6 @@ do done < /tmp/iflist rightnets=${rightnets//,/ } -pfs="no" -echo "$esppolicy" | grep "modp" > /dev/null -if [ $? -eq 0 ] -then - pfs="yes" -fi ret=0 #Firewall ports for one-to-one/static NAT diff --git a/systemvm/patches/debian/opt/cloud/bin/monitor_service.sh b/systemvm/patches/debian/opt/cloud/bin/monitor_service.sh index d9d8ec843aed..e1c7914abccb 100755 --- a/systemvm/patches/debian/opt/cloud/bin/monitor_service.sh +++ b/systemvm/patches/debian/opt/cloud/bin/monitor_service.sh @@ -50,8 +50,6 @@ echo $processname >> $configFile echo $service_name >> $configFile echo $pidfile >> $configFile - - done } diff --git a/systemvm/patches/vpn/etc/ipsec.d/l2tp.conf b/systemvm/patches/vpn/etc/ipsec.d/l2tp.conf index 1cbfe78ff851..2e211e15ba74 100644 --- a/systemvm/patches/vpn/etc/ipsec.d/l2tp.conf +++ b/systemvm/patches/vpn/etc/ipsec.d/l2tp.conf @@ -1,13 +1,9 @@ #ipsec remote access vpn configuration conn L2TP-PSK - authby=psk - pfs=no + authby=secret rekey=no keyingtries=3 - keyexchange=ikev1 - forceencaps=yes leftfirewall=yes - leftnexthop=%defaultroute type=transport # # ---------------------------------------------------------- @@ -19,7 +15,7 @@ conn L2TP-PSK # left=172.26.0.151 # - leftprotoport=17/1701 + leftprotoport=udp/l2tp # If you insist on supporting non-updated Windows clients, # you can use: leftprotoport=17/%any # @@ -31,10 +27,10 @@ conn L2TP-PSK # If you want to allow multiple connections from any IP address, # you can use: right=%any # - rightprotoport=17/%any + rightprotoport=udp/%any # # ---------------------------------------------------------- # Change 'ignore' to 'add' to enable this configuration. # rightsubnetwithin=0.0.0.0/0 - auto=add + auto=route diff --git a/systemvm/patches/vpn/etc/ppp/options.xl2tpd b/systemvm/patches/vpn/etc/ppp/options.xl2tpd index 08c301b098fd..a01687f2b076 100644 --- a/systemvm/patches/vpn/etc/ppp/options.xl2tpd +++ b/systemvm/patches/vpn/etc/ppp/options.xl2tpd @@ -4,11 +4,9 @@ ipcp-accept-remote noccp idle 1800 auth -crtscts mtu 1410 mru 1410 nodefaultroute debug -lock connect-delay 5000 ms-dns 10.1.1.1 diff --git a/systemvm/patches/vpn/opt/cloud/bin/vpn_l2tp.sh b/systemvm/patches/vpn/opt/cloud/bin/vpn_l2tp.sh index 60ee8a6dafd0..5928548e99fe 100755 --- a/systemvm/patches/vpn/opt/cloud/bin/vpn_l2tp.sh +++ b/systemvm/patches/vpn/opt/cloud/bin/vpn_l2tp.sh @@ -87,15 +87,15 @@ iptables_() { } start_ipsec() { - service ipsec status > /dev/null + systemctl is-active ipsec > /dev/null if [ $? -ne 0 ] then - service ipsec start > /dev/null + systemctl start ipsec > /dev/null #Wait until ipsec started, 5 seconds at most for i in {1..5} do logger -t cloud "$(basename $0): waiting ipsec start..." - service ipsec status > /dev/null + systemctl is-active ipsec > /dev/null result=$? if [ $result -eq 0 ] then @@ -104,7 +104,7 @@ start_ipsec() { sleep 1 done fi - service ipsec status > /dev/null + systemctl is-active ipsec > /dev/null return $? } @@ -112,14 +112,14 @@ ipsec_server() { local op=$1 case $op in "start") start_ipsec - sudo service xl2tpd start + sudo systemctl start xl2tpd ;; - "stop") sudo service xl2tpd stop + "stop") sudo systemctl stop xl2tpd ;; "restart") start_ipsec sudo ipsec auto --rereadall - service xl2tpd stop - service xl2tpd start + systemctl stop xl2tpd + systemctl start xl2tpd ;; esac } @@ -131,7 +131,7 @@ create_l2tp_ipsec_vpn_server() { local local_ip=$4 sed -i -e "s/left=.*$/left=$public_ip/" /etc/ipsec.d/l2tp.conf - echo ": PSK \"$ipsec_psk\"" > /etc/ipsec.d/ipsec.any.secrets + echo "$public_ip %any : PSK \"$ipsec_psk\"" > /etc/ipsec.d/ipsec.any.secrets sed -i -e "s/^ip range = .*$/ip range = $client_range/" /etc/xl2tpd/xl2tpd.conf sed -i -e "s/^local ip = .*$/local ip = $local_ip/" /etc/xl2tpd/xl2tpd.conf diff --git a/test/integration/smoke/test_vpc_vpn.py b/test/integration/smoke/test_vpc_vpn.py index df60686f229d..d8964d26e8d6 100644 --- a/test/integration/smoke/test_vpc_vpn.py +++ b/test/integration/smoke/test_vpc_vpn.py @@ -21,7 +21,8 @@ from marvin.cloudstackTestCase import cloudstackTestCase from marvin.lib.utils import (validateList, cleanup_resources, - get_process_status) + get_process_status, + wait_until) from marvin.lib.base import (Domain, Account, @@ -184,7 +185,7 @@ def __init__(self): }, "vpn": { "vpn_user": "root", - "vpn_pass": "Md1s#dc", + "vpn_pass": "Md1sdc", "vpn_pass_fail": "abc!123", # too short "iprange": "10.3.2.1-10.3.2.10", "fordisplay": "true" @@ -757,8 +758,19 @@ def test_01_vpc_site2site_vpn(self): self.apiclient, customer2_response.id, vpn1_response['id']) self.debug("VPN connection created for VPC %s" % vpc1.id) - self.assertEqual( - vpnconn2_response['state'], "Connected", "Failed to connect between VPCs!") + def checkVpnConnected(): + connections = Vpn.listVpnConnection( + self.apiclient, + listall='true', + vpcid=vpc2.id) + if isinstance(connections, list): + return connections[0].state == 'Connected', None + return False, None + + # Wait up to 60 seconds for passive connection to show up as Connected + res, _ = wait_until(2, 30, checkVpnConnected) + if not res: + self.fail("Failed to connect between VPCs, see VPN state as Connected") # acquire an extra ip address to use to ssh into vm2 try: @@ -793,9 +805,9 @@ def test_01_vpc_site2site_vpn(self): if ssh_client: # run ping test - packet_loss = ssh_client.execute( - "/bin/ping -c 3 -t 10 " + vm1.nic[0].ipaddress + " |grep packet|cut -d ' ' -f 7| cut -f1 -d'%'")[0] - self.assert_(int(packet_loss) == 0, "Ping did not succeed") + packet_loss = ssh_client.execute("/bin/ping -c 3 -t 10 " + vm1.nic[0].ipaddress + " | grep packet | sed 's/.*received, //g' | sed 's/[% ]*packet.*//g'")[0] + # during startup, some packets may not reply due to link/ipsec-route setup + self.assert_(int(packet_loss) < 50, "Ping did not succeed") else: self.fail("Failed to setup ssh connection to %s" % vm2.public_ip) From d943eb916b683ab4e777e1d4956b3cb65dc3d9a5 Mon Sep 17 00:00:00 2001 From: Will Stevens Date: Sat, 2 Dec 2017 21:11:40 +0530 Subject: [PATCH 09/22] CLOUDSTACK-10010: Port marvin test from #2190 by @swill This ports the S2S config test by @swill from #2190 with additional changes to make robust and environment agnostic. Signed-off-by: Rohit Yadav --- test/integration/smoke/test_vpc_vpn.py | 468 ++++++++++++++++++++++++- 1 file changed, 463 insertions(+), 5 deletions(-) diff --git a/test/integration/smoke/test_vpc_vpn.py b/test/integration/smoke/test_vpc_vpn.py index d8964d26e8d6..849f139028ff 100644 --- a/test/integration/smoke/test_vpc_vpn.py +++ b/test/integration/smoke/test_vpc_vpn.py @@ -1139,8 +1139,19 @@ def test_01_redundant_vpc_site2site_vpn(self): self.apiclient, customer2_response.id, vpn1_response['id']) self.debug("VPN connection created for VPC %s" % vpc1.id) - self.assertEqual( - vpnconn2_response['state'], "Connected", "Failed to connect between VPCs!") + def checkVpnConnected(): + connections = Vpn.listVpnConnection( + self.apiclient, + listall='true', + vpcid=vpc2.id) + if isinstance(connections, list): + return connections[0].state == 'Connected', None + return False, None + + # Wait up to 60 seconds for passive connection to show up as Connected + res, _ = wait_until(2, 30, checkVpnConnected) + if not res: + self.fail("Failed to connect between VPCs, see VPN state as Connected") # acquire an extra ip address to use to ssh into vm2 try: @@ -1175,9 +1186,8 @@ def test_01_redundant_vpc_site2site_vpn(self): if ssh_client: # run ping test - packet_loss = ssh_client.execute( - "/bin/ping -c 3 -t 10 " + vm1.nic[0].ipaddress + " |grep packet|cut -d ' ' -f 7| cut -f1 -d'%'")[0] - self.assert_(int(packet_loss) == 0, "Ping did not succeed") + packet_loss = ssh_client.execute("/bin/ping -c 3 -t 10 " + vm1.nic[0].ipaddress + " | grep packet | sed 's/.*received, //g' | sed 's/[% ]*packet.*//g'")[0] + self.assert_(int(packet_loss) < 50, "Ping did not succeed") else: self.fail("Failed to setup ssh connection to %s" % vm2.public_ip) @@ -1190,3 +1200,451 @@ def tearDownClass(cls): cleanup_resources(cls.apiclient, cls.cleanup) except Exception, e: raise Exception("Cleanup failed with %s" % e) + + +class TestVPCSite2SiteVPNMultipleOptions(cloudstackTestCase): + + @classmethod + def setUpClass(cls): + cls.logger = logging.getLogger('TestVPCSite2SiteVPNMultipleOptions') + cls.stream_handler = logging.StreamHandler() + cls.logger.setLevel(logging.DEBUG) + cls.logger.addHandler(cls.stream_handler) + + testClient = super(TestVPCSite2SiteVPNMultipleOptions, cls).getClsTestClient() + cls.apiclient = testClient.getApiClient() + cls.services = Services().services + + cls.zone = get_zone(cls.apiclient, testClient.getZoneForTests()) + cls.domain = get_domain(cls.apiclient) + + cls.compute_offering = ServiceOffering.create( + cls.apiclient, + cls.services["compute_offering"] + ) + + cls.account = Account.create( + cls.apiclient, services=cls.services["account"]) + + cls.hypervisor = testClient.getHypervisorInfo() + + cls.logger.debug("Downloading Template: %s from: %s" % (cls.services["template"][ + cls.hypervisor.lower()], cls.services["template"][cls.hypervisor.lower()]["url"])) + cls.template = Template.register(cls.apiclient, cls.services["template"][cls.hypervisor.lower( + )], cls.zone.id, hypervisor=cls.hypervisor.lower(), account=cls.account.name, domainid=cls.domain.id) + cls.template.download(cls.apiclient) + + if cls.template == FAILED: + assert False, "get_template() failed to return template" + + cls.logger.debug("Successfully created account: %s, id: \ + %s" % (cls.account.name, + cls.account.id)) + + cls.cleanup = [cls.account, cls.compute_offering] + return + + def _get_ssh_client(self, virtual_machine, services, retries): + """ Setup ssh client connection and return connection + vm requires attributes public_ip, public_port, username, password """ + + try: + ssh_client = SshClient( + virtual_machine.public_ip, + services["virtual_machine"]["ssh_port"], + services["virtual_machine"]["username"], + services["virtual_machine"]["password"], + retries) + + except Exception as e: + self.fail("Unable to create ssh connection: " % e) + + self.assertIsNotNone( + ssh_client, "Failed to setup ssh connection to vm=%s on public_ip=%s" % (virtual_machine.name, virtual_machine.public_ip)) + + return ssh_client + + def _create_natrule(self, vpc, vm, public_port, private_port, public_ip, network, services=None): + self.logger.debug("Creating NAT rule in network for vm with public IP") + if not services: + self.services["natrule"]["privateport"] = private_port + self.services["natrule"]["publicport"] = public_port + self.services["natrule"]["startport"] = public_port + self.services["natrule"]["endport"] = public_port + services = self.services["natrule"] + + nat_rule = NATRule.create( + apiclient=self.apiclient, + services=services, + ipaddressid=public_ip.ipaddress.id, + virtual_machine=vm, + networkid=network.id + ) + self.assertIsNotNone( + nat_rule, "Failed to create NAT Rule for %s" % public_ip.ipaddress.ipaddress) + self.logger.debug( + "Adding NetworkACL rules to make NAT rule accessible") + + vm.ssh_ip = nat_rule.ipaddress + vm.public_ip = nat_rule.ipaddress + vm.public_port = int(public_port) + return nat_rule + + def _validate_vpc_offering(self, vpc_offering): + + self.logger.debug("Check if the VPC offering is created successfully?") + vpc_offs = VpcOffering.list( + self.apiclient, + id=vpc_offering.id + ) + offering_list = validateList(vpc_offs) + self.assertEqual(offering_list[0], + PASS, + "List VPC offerings should return a valid list" + ) + self.assertEqual( + vpc_offering.name, + vpc_offs[0].name, + "Name of the VPC offering should match with listVPCOff data" + ) + self.logger.debug( + "VPC offering is created successfully - %s" % + vpc_offering.name) + return + + def _create_vpc_offering(self, offering_name): + + vpc_off = None + if offering_name is not None: + + self.logger.debug("Creating VPC offering: %s", offering_name) + vpc_off = VpcOffering.create( + self.apiclient, + self.services[offering_name] + ) + + self._validate_vpc_offering(vpc_off) + self.cleanup.append(vpc_off) + + return vpc_off + + @attr(tags=["advanced"], required_hardware="true") + def test_01_vpc_site2site_vpn_multiple_options(self): + """Test Site 2 Site VPN Across VPCs""" + self.logger.debug("Starting test: test_01_vpc_site2site_vpn_multiple_options") + # 0) Get the default network offering for VPC + networkOffering = NetworkOffering.list( + self.apiclient, name="DefaultIsolatedNetworkOfferingForVpcNetworks") + self.assert_(networkOffering is not None and len( + networkOffering) > 0, "No VPC based network offering") + + # Create and Enable VPC offering + vpc_offering = self._create_vpc_offering('vpc_offering') + self.assert_(vpc_offering is not None, "Failed to create VPC Offering") + vpc_offering.update(self.apiclient, state='Enabled') + + vpc1 = None + # Create VPC 1 + try: + vpc1 = VPC.create( + apiclient=self.apiclient, + services=self.services["vpc"], + networkDomain="vpc1.vpn", + vpcofferingid=vpc_offering.id, + zoneid=self.zone.id, + account=self.account.name, + domainid=self.domain.id + ) + except Exception as e: + self.fail(e) + finally: + self.assert_(vpc1 is not None, "VPC1 creation failed") + + self.logger.debug("VPC1 %s created" % vpc1.id) + + vpc2 = None + # Create VPC 2 + try: + vpc2 = VPC.create( + apiclient=self.apiclient, + services=self.services["vpc2"], + networkDomain="vpc2.vpn", + vpcofferingid=vpc_offering.id, + zoneid=self.zone.id, + account=self.account.name, + domainid=self.domain.id + ) + except Exception as e: + self.fail(e) + finally: + self.assert_(vpc2 is not None, "VPC2 creation failed") + + self.logger.debug("VPC2 %s created" % vpc2.id) + + default_acl = NetworkACLList.list( + self.apiclient, name="default_allow")[0] + + ntwk1 = None + # Create network in VPC 1 + try: + ntwk1 = Network.create( + apiclient=self.apiclient, + services=self.services["network_1"], + accountid=self.account.name, + domainid=self.account.domainid, + networkofferingid=networkOffering[0].id, + zoneid=self.zone.id, + vpcid=vpc1.id, + aclid=default_acl.id + ) + except Exception as e: + self.fail(e) + finally: + self.assertIsNotNone(ntwk1, "Network failed to create") + + self.logger.debug("Network %s created in VPC %s" % (ntwk1.id, vpc1.id)) + + ntwk2 = None + # Create network in VPC 2 + try: + ntwk2 = Network.create( + apiclient=self.apiclient, + services=self.services["network_2"], + accountid=self.account.name, + domainid=self.account.domainid, + networkofferingid=networkOffering[0].id, + zoneid=self.zone.id, + vpcid=vpc2.id, + aclid=default_acl.id + ) + except Exception as e: + self.fail(e) + finally: + self.assertIsNotNone(ntwk2, "Network failed to create") + + self.logger.debug("Network %s created in VPC %s" % (ntwk2.id, vpc2.id)) + + vm1 = None + # Deploy a vm in network 2 + try: + vm1 = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"], + templateid=self.template.id, + zoneid=self.zone.id, + accountid=self.account.name, + domainid=self.account.domainid, + serviceofferingid=self.compute_offering.id, + networkids=ntwk1.id, + hypervisor=self.hypervisor + ) + except Exception as e: + self.fail(e) + finally: + self.assert_(vm1 is not None, "VM failed to deploy") + self.assert_(vm1.state == 'Running', "VM is not running") + + self.logger.debug("VM %s deployed in VPC %s" % (vm1.id, vpc1.id)) + + vm2 = None + # Deploy a vm in network 2 + try: + vm2 = VirtualMachine.create(self.apiclient, services=self.services["virtual_machine"], + templateid=self.template.id, + zoneid=self.zone.id, + accountid=self.account.name, + domainid=self.account.domainid, + serviceofferingid=self.compute_offering.id, + networkids=ntwk2.id, + hypervisor=self.hypervisor + ) + except Exception as e: + self.fail(e) + finally: + self.assert_(vm2 is not None, "VM failed to deploy") + self.assert_(vm2.state == 'Running', "VM is not running") + + self.debug("VM %s deployed in VPC %s" % (vm2.id, vpc2.id)) + + # default config + config = { + 'ike_enc' :'aes128', + 'ike_hash' :'sha1', + 'ike_dh' :'modp1536', + 'esp_enc' :'aes128', + 'esp_hash' :'sha1', + 'esp_pfs' :'modp1536', + 'psk' :'secreatKey', + 'ike_life' :86400, + 'esp_life' :3600, + 'dpd' :True, + 'force_encap' :False, + 'passive_1' :False, + 'passive_2' :False + } + test_confs = [ + {}, # default + {'force_encap': True}, + {'ike_life': ''}, + {'esp_life': ''}, + {'ike_life': '', 'esp_life': ''}, + {'passive_1': True, 'passive_2': True}, + {'passive_1': False, 'passive_2': True}, + {'passive_1': True, 'passive_2': False}, + {'passive_1': False, 'passive_2': False, 'dpd': False}, + {'passive_1': True, 'passive_2': True, 'dpd': False}, + {'passive_1': True, 'passive_2': False, 'dpd': False}, + {'passive_1': False, 'passive_2': True, 'dpd': False}, + {'passive_1': True, 'passive_2': False, 'esp_pfs': ''}, + {'ike_dh': 'modp3072', 'ike_hash': 'sha256', 'esp_pfs': 'modp2048', 'esp_hash':'sha384'}, + {'ike_dh': 'modp4096', 'ike_hash': 'sha384', 'esp_pfs': 'modp6144', 'esp_hash':'sha512'}, + {'ike_dh': 'modp8192', 'ike_hash': 'sha512', 'esp_pfs': 'modp8192', 'esp_hash':'sha384'} + ] + + # 4) Enable Site-to-Site VPN for VPC + vpn1_response = Vpn.createVpnGateway(self.apiclient, vpc1.id) + self.assert_( + vpn1_response is not None, "Failed to enable VPN Gateway 1") + self.logger.debug("VPN gateway for VPC %s enabled" % vpc1.id) + + vpn2_response = Vpn.createVpnGateway(self.apiclient, vpc2.id) + self.assert_( + vpn2_response is not None, "Failed to enable VPN Gateway 2") + self.logger.debug("VPN gateway for VPC %s enabled" % vpc2.id) + + # 5) Add VPN Customer gateway info + src_nat_list = PublicIPAddress.list( + self.apiclient, + account=self.account.name, + domainid=self.account.domainid, + listall=True, + issourcenat=True, + vpcid=vpc1.id + ) + ip1 = src_nat_list[0] + src_nat_list = PublicIPAddress.list( + self.apiclient, + account=self.account.name, + domainid=self.account.domainid, + listall=True, + issourcenat=True, + vpcid=vpc2.id + ) + ip2 = src_nat_list[0] + + # acquire an extra ip address to use to ssh into vm2 + try: + vm2.public_ip = PublicIPAddress.create( + apiclient=self.apiclient, + accountid=self.account.name, + zoneid=self.zone.id, + domainid=self.account.domainid, + services=self.services, + networkid=ntwk2.id, + vpcid=vpc2.id) + except Exception as e: + self.fail(e) + finally: + self.assert_( + vm2.public_ip is not None, "Failed to aqcuire public ip for vm2") + + natrule = None + # Create port forward to be able to ssh into vm2 + try: + natrule = self._create_natrule( + vpc2, vm2, 22, 22, vm2.public_ip, ntwk2) + except Exception as e: + self.fail(e) + finally: + self.assert_( + natrule is not None, "Failed to create portforward for vm2") + time.sleep(20) + + # setup ssh connection to vm2 + ssh_client = self._get_ssh_client(vm2, self.services, 10) + if not ssh_client: + self.fail("Failed to setup ssh connection to %s" % vm2.public_ip) + + for test_c in test_confs: + c = config.copy() + c.update(test_c) + services = self._get_vpn_config(c) + self.logger.debug(services) + customer1_response = VpnCustomerGateway.create( + self.apiclient, + services, + "Peer VPC1", + ip1.ipaddress, + vpc1.cidr, + account=self.account.name, + domainid=self.account.domainid) + self.logger.debug("VPN customer gateway added for VPC %s enabled" % vpc1.id) + + customer2_response = VpnCustomerGateway.create( + self.apiclient, + services, + "Peer VPC2", + ip2.ipaddress, + vpc2.cidr, + account=self.account.name, + domainid=self.account.domainid) + self.logger.debug("VPN customer gateway added for VPC %s enabled" % vpc2.id) + + # 6) Connect two VPCs + vpnconn1_response = Vpn.createVpnConnection( + self.apiclient, customer1_response.id, vpn2_response['id'], c['passive_1']) + self.logger.debug("VPN connection created for VPC %s" % vpc2.id) + time.sleep(5) + vpnconn2_response = Vpn.createVpnConnection( + self.apiclient, customer2_response.id, vpn1_response['id'], c['passive_2']) + self.logger.debug("VPN connection created for VPC %s" % vpc1.id) + + def checkVpnConnected(): + connections = Vpn.listVpnConnection( + self.apiclient, + listall='true', + vpcid=vpc2.id) + if isinstance(connections, list): + return connections[0].state == 'Connected', None + return False, None + + # Wait up to 60 seconds for passive connection to show up as Connected + res, _ = wait_until(2, 30, checkVpnConnected) + if not res: + self.logger.debug("Failed to see VPN state as Connected, we'll attempt ssh+pinging") + + # run ping test + packet_loss = ssh_client.execute("/bin/ping -c 3 -t 10 " + vm1.nic[0].ipaddress + " | grep packet | sed 's/.*received, //g' | sed 's/[% ]*packet.*//g'")[0] + self.logger.debug("Packet loss %s" % packet_loss) + self.assert_(int(packet_loss) < 50, "Ping did not succeed") + + # Cleanup + Vpn.deleteVpnConnection(self.apiclient, vpnconn1_response['id']) + Vpn.deleteVpnConnection(self.apiclient, vpnconn2_response['id']) + customer1_response.delete(self.apiclient) + customer2_response.delete(self.apiclient) + + def _get_vpn_config(self, c): + ike_policy = '%s-%s;%s' % (c['ike_enc'], c['ike_hash'], c['ike_dh']) if c['ike_dh'] else '%s-%s' % (c['ike_enc'], c['ike_hash']) + esp_policy = '%s-%s;%s' % (c['esp_enc'], c['esp_hash'], c['esp_pfs']) if c['esp_pfs'] else '%s-%s' % (c['esp_enc'], c['esp_hash']) + out = { + 'ipsecpsk': c['psk'], + 'ikepolicy':ike_policy, + 'esppolicy':esp_policy, + 'dpd':c['dpd'], + 'forceencap':c['force_encap'] + } + if c['ike_life']: + out['ikelifetime'] = c['ike_life'] + if c['esp_life']: + out['esplifetime'] = c['esp_life'] + return out + + + @classmethod + def tearDownClass(cls): + try: + try: + cls.template.delete(cls.apiclient) + except Exception: pass + cleanup_resources(cls.apiclient, cls.cleanup) + except Exception, e: + raise Exception("Cleanup failed with %s" % e) From 551e11cf3ef6e386deaac075ff9afdff93d1cd40 Mon Sep 17 00:00:00 2001 From: Remi Bergsma Date: Sat, 2 Dec 2017 23:19:14 +0530 Subject: [PATCH 10/22] CLOUDSTACK-10013: Make the generated VR/json files unique (ports #1470) This ports PR #1470 by @remibergsma. Make the generated json files unique to prevent concurrency issues: The json files now have UUIDs to prevent them from getting overwritten before they've been executed. Prevents config to be pushed to the wrong router. 2016-02-25 18:32:23,797 DEBUG [c.c.a.t.Request] (AgentManager-Handler-1:null) (logid:) Seq 2-4684025087442026584: Processing: { Ans: , MgmtId: 90520732674657, via: 2, Ver: v1, Flags: 10, [{"com.cloud.agent.api.routing.GroupA nswer":{"results":["null - success: null","null - success: [INFO] update_config.py :: Processing incoming file => vm_dhcp_entry.json.4ea45061-2efb-4467-8eaa-db3d77fb0a7b\n[INFO] Processing JSON file vm_dhcp_entry.json.4ea4506 1-2efb-4467-8eaa-db3d77fb0a7b\n"],"result":true,"wait":0}}] } On the router: 2016-02-25 18:32:23,416 merge.py __moveFile:298 Processed file written to /var/cache/cloud/processed/vm_dhcp_entry.json.4ea45061-2efb-4467-8eaa-db3d77fb0a7b.gz Signed-off-by: Rohit Yadav --- .../facade/AbstractConfigItemFacade.java | 21 +- .../resource/LibvirtComputingResource.java | 5 + systemvm/patches/debian/etc/rc.local | 9 - .../patches/debian/opt/cloud/bin/configure.py | 221 ++++++++---------- .../patches/debian/opt/cloud/bin/merge.py | 37 +-- .../debian/opt/cloud/bin/update_config.py | 22 +- 6 files changed, 160 insertions(+), 155 deletions(-) diff --git a/core/src/com/cloud/agent/resource/virtualnetwork/facade/AbstractConfigItemFacade.java b/core/src/com/cloud/agent/resource/virtualnetwork/facade/AbstractConfigItemFacade.java index f017384b63c3..a083012021ff 100644 --- a/core/src/com/cloud/agent/resource/virtualnetwork/facade/AbstractConfigItemFacade.java +++ b/core/src/com/cloud/agent/resource/virtualnetwork/facade/AbstractConfigItemFacade.java @@ -22,6 +22,8 @@ import java.util.Hashtable; import java.util.LinkedList; import java.util.List; +import java.util.UUID; +import org.apache.log4j.Logger; import com.cloud.agent.api.BumpUpPriorityCommand; import com.cloud.agent.api.SetupGuestNetworkCommand; @@ -58,6 +60,8 @@ public abstract class AbstractConfigItemFacade { + private static final Logger s_logger = Logger.getLogger(AbstractConfigItemFacade.class); + private final static Gson gson; private static Hashtable, AbstractConfigItemFacade> flyweight = new Hashtable, AbstractConfigItemFacade>(); @@ -104,13 +108,26 @@ public static AbstractConfigItemFacade getInstance(final Class generateConfigItems(final ConfigBase configuration) { final List cfg = new LinkedList<>(); - final ConfigItem configFile = new FileConfigItem(VRScripts.CONFIG_PERSIST_LOCATION, destinationFile, gson.toJson(configuration)); + final String remoteFilename = appendUuidToJsonFiles(destinationFile); + if (s_logger.isDebugEnabled()) { + s_logger.debug("Transformed filename: " + destinationFile + " to: " + remoteFilename); + } + + final ConfigItem configFile = new FileConfigItem(VRScripts.CONFIG_PERSIST_LOCATION, remoteFilename, gson.toJson(configuration)); cfg.add(configFile); - final ConfigItem updateCommand = new ScriptConfigItem(VRScripts.UPDATE_CONFIG, destinationFile); + final ConfigItem updateCommand = new ScriptConfigItem(VRScripts.UPDATE_CONFIG, remoteFilename); cfg.add(updateCommand); return cfg; diff --git a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java index d2cbcba409e8..7e68ed3bce0c 100644 --- a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java +++ b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java @@ -332,6 +332,9 @@ public ExecutionResult executeInVR(final String routerIp, final String script, f if (details == null) { details = parser.getLines(); } + + s_logger.debug("Executing script in VR: " + script); + return new ExecutionResult(command.getExitValue() == 0, details); } @@ -340,6 +343,8 @@ public ExecutionResult createFileInVR(final String routerIp, final String path, final File permKey = new File("/root/.ssh/id_rsa.cloud"); String error = null; + s_logger.debug("Creating file in VR, with ip: " + routerIp + ", file: " + filename); + try { SshHelper.scpTo(routerIp, 3922, "root", permKey, null, path, content.getBytes(), filename, null); } catch (final Exception e) { diff --git a/systemvm/patches/debian/etc/rc.local b/systemvm/patches/debian/etc/rc.local index bb4e251d4378..895c120bddfe 100755 --- a/systemvm/patches/debian/etc/rc.local +++ b/systemvm/patches/debian/etc/rc.local @@ -67,12 +67,3 @@ then python /opt/cloud/bin/baremetal-vr.py & logger -t cloud "Started baremetal-vr service" fi - -if [ "$TYPE" == "router" ] || [ "$TYPE" == "vpcrouter" ] || [ "$TYPE" == "dhcpsrvr" ] -then - if [ -x /opt/cloud/bin/update_config.py ] - then - /opt/cloud/bin/update_config.py cmd_line.json - logger -t cloud "Updated config: cmd_line.json" - fi -fi diff --git a/systemvm/patches/debian/opt/cloud/bin/configure.py b/systemvm/patches/debian/opt/cloud/bin/configure.py index 2e809145e521..e84e0171d307 100755 --- a/systemvm/patches/debian/opt/cloud/bin/configure.py +++ b/systemvm/patches/debian/opt/cloud/bin/configure.py @@ -17,33 +17,29 @@ # specific language governing permissions and limitations # under the License. import sys -import os import base64 -from merge import DataBag -from pprint import pprint -import subprocess +from collections import OrderedDict + import logging import re -import time -import shutil + import os.path import os from fcntl import flock, LOCK_EX, LOCK_UN -from cs.CsDatabag import CsDataBag, CsCmdLine -import cs.CsHelper +from cs.CsDatabag import CsDataBag from cs.CsNetfilter import CsNetfilters from cs.CsDhcp import CsDhcp from cs.CsRedundant import * from cs.CsFile import CsFile -from cs.CsApp import CsApache, CsDnsmasq from cs.CsMonitor import CsMonitor from cs.CsLoadBalancer import CsLoadBalancer from cs.CsConfig import CsConfig from cs.CsProcess import CsProcess from cs.CsStaticRoutes import CsStaticRoutes +OCCURRENCES = 1 class CsPassword(CsDataBag): @@ -668,16 +664,11 @@ def process(self): continue vpnconfig=self.dbag[public_ip] - #Enable remote access vpn + # Enable remote access vpn if vpnconfig['create']: shutdownIpsec = False logging.debug("Enabling remote access vpn on "+ public_ip) - dev = CsHelper.get_device(public_ip) - if dev == "": - logging.error("Request for ipsec to %s not possible because ip is not configured", public_ip) - continue - CsHelper.start_if_stopped("ipsec") self.configure_l2tpIpsec(public_ip, self.dbag[public_ip]) logging.debug("Remote accessvpn data bag %s", self.dbag) @@ -960,16 +951,49 @@ def processStaticNatRule(self, rule): self.fw.append(["nat", "front", "-A POSTROUTING -s %s -d %s -j SNAT -o eth0 --to-source %s" % (self.getNetworkByIp(rule['internal_ip']),rule["internal_ip"], self.getGuestIp())]) +class IpTablesExecutor: + + config = None + + def __init__(self, config): + self.config = config + + def process(self): + acls = CsAcl('networkacl', self.config) + acls.process() + + acls = CsAcl('firewallrules', self.config) + acls.process() + + fwd = CsForwardingRules("forwardingrules", self.config) + fwd.process() + + vpns = CsSite2SiteVpn("site2sitevpn", self.config) + vpns.process() + + rvpn = CsRemoteAccessVpn("remoteaccessvpn", self.config) + rvpn.process() + + lb = CsLoadBalancer("loadbalancer", self.config) + lb.process() + + logging.debug("Configuring iptables rules") + nf = CsNetfilters() + nf.compare(self.config.get_fw()) + + logging.debug("Configuring iptables rules done ...saving rules") + + # Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local + CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4") + CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6") + def main(argv): # The file we are currently processing, if it is "cmd_line.json" everything will be processed. process_file = argv[1] - # process_file can be None, if so assume cmd_line.json if process_file is None: - process_file = "cmd_line.json" - - # Track if changes need to be committed to NetFilter - iptables_change = False + logging.debug("No file was received, do not go on processing the other actions. Just leave for now.") + return # The "GLOBAL" Configuration object config = CsConfig() @@ -977,108 +1001,61 @@ def main(argv): logging.basicConfig(filename=config.get_logger(), level=config.get_level(), format=config.get_format()) - try: - # Load stored ip addresses from disk to CsConfig() - config.set_address() - - logging.debug("Configuring ip addresses") - config.address().compare() - config.address().process() - - if process_file in ["cmd_line.json", "guest_network.json"]: - logging.debug("Configuring Guest Network") - iptables_change = True - - if process_file in ["cmd_line.json", "vm_password.json"]: - logging.debug("Configuring vmpassword") - password = CsPassword("vmpassword", config) - password.process() - - if process_file in ["cmd_line.json", "vm_metadata.json"]: - logging.debug("Configuring vmdata") - metadata = CsVmMetadata('vmdata', config) - metadata.process() - - if process_file in ["cmd_line.json", "network_acl.json"]: - logging.debug("Configuring networkacl") - iptables_change = True - - if process_file in ["cmd_line.json", "firewall_rules.json"]: - logging.debug("Configuring firewall rules") - iptables_change = True - - if process_file in ["cmd_line.json", "forwarding_rules.json", "staticnat_rules.json"]: - logging.debug("Configuring PF rules") - iptables_change = True - - if process_file in ["cmd_line.json", "site_2_site_vpn.json"]: - logging.debug("Configuring s2s vpn") - iptables_change = True - - if process_file in ["cmd_line.json", "remote_access_vpn.json"]: - logging.debug("Configuring remote access vpn") - iptables_change = True - - if process_file in ["cmd_line.json", "vpn_user_list.json"]: - logging.debug("Configuring vpn users list") - vpnuser = CsVpnUser("vpnuserlist", config) - vpnuser.process() - - if process_file in ["cmd_line.json", "vm_dhcp_entry.json", "dhcp.json"]: - logging.debug("Configuring dhcp entry") - dhcp = CsDhcp("dhcpentry", config) - dhcp.process() - - if process_file in ["cmd_line.json", "load_balancer.json"]: - logging.debug("Configuring load balancer") - iptables_change = True - - if process_file in ["cmd_line.json", "monitor_service.json"]: - logging.debug("Configuring monitor service") - mon = CsMonitor("monitorservice", config) - mon.process() - - # If iptable rules have changed, apply them. - if iptables_change: - acls = CsAcl('networkacl', config) - acls.process() - - acls = CsAcl('firewallrules', config) - acls.flushAllowAllEgressRules() - acls.process() - - fwd = CsForwardingRules("forwardingrules", config) - fwd.process() - - vpns = CsSite2SiteVpn("site2sitevpn", config) - vpns.process() - - rvpn = CsRemoteAccessVpn("remoteaccessvpn", config) - rvpn.process() - - lb = CsLoadBalancer("loadbalancer", config) - lb.process() - - logging.debug("Configuring iptables rules") - nf = CsNetfilters() - nf.compare(config.get_fw()) - - logging.debug("Configuring iptables rules done ...saving rules") - - # Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local - CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4") - CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6") - - red = CsRedundant(config) - red.set() - - if process_file in ["cmd_line.json", "static_routes.json"]: - logging.debug("Configuring static routes") - static_routes = CsStaticRoutes("staticroutes", config) - static_routes.process() - except Exception: - logging.exception("Exception while configuring router") - return 1 + + # Load stored ip addresses from disk to CsConfig() + config.set_address() + + logging.debug("Configuring ip addresses") + config.address().compare() + config.address().process() + + databag_map = OrderedDict([("guest_network.json", {"process_iptables" : True, "executor" : IpTablesExecutor(config)}), + ("vm_password.json", {"process_iptables" : False, "executor" : CsPassword("vmpassword", config)}), + ("vm_metadata.json", {"process_iptables" : False, "executor" : CsVmMetadata('vmdata', config)}), + ("network_acl.json", {"process_iptables" : True, "executor" : IpTablesExecutor(config)}), + ("firewall_rules.json", {"process_iptables" : True, "executor" : IpTablesExecutor(config)}), + ("forwarding_rules.json", {"process_iptables" : True, "executor" : IpTablesExecutor(config)}), + ("staticnat_rules.json", {"process_iptables" : True, "executor" : IpTablesExecutor(config)}), + ("site_2_site_vpn.json", {"process_iptables" : True, "executor" : IpTablesExecutor(config)}), + ("remote_access_vpn.json", {"process_iptables" : True, "executor" : IpTablesExecutor(config)}), + ("vpn_user_list.json", {"process_iptables" : False, "executor" : CsVpnUser("vpnuserlist", config)}), + ("vm_dhcp_entry.json", {"process_iptables" : False, "executor" : CsDhcp("dhcpentry", config)}), + ("dhcp.json", {"process_iptables" : False, "executor" : CsDhcp("dhcpentry", config)}), + ("load_balancer.json", {"process_iptables" : True, "executor" : IpTablesExecutor(config)}), + ("monitor_service.json", {"process_iptables" : False, "executor" : CsMonitor("monitorservice", config)}), + ("static_routes.json", {"process_iptables" : False, "executor" : CsStaticRoutes("staticroutes", config)}) + ]) + + if process_file.count("cmd_line.json") == OCCURRENCES: + logging.debug("cmd_line.json changed. All other files will be processed as well.") + + while databag_map: + item = databag_map.popitem(last = False) + item_name = item[0] + item_dict = item[1] + if not item_dict["process_iptables"]: + executor = item_dict["executor"] + executor.process() + + iptables_executor = IpTablesExecutor(config) + iptables_executor.process() + else: + while databag_map: + item = databag_map.popitem(last = False) + item_name = item[0] + item_dict = item[1] + if process_file.count(item_name) == OCCURRENCES: + executor = item_dict["executor"] + executor.process() + + if item_dict["process_iptables"]: + iptables_executor = IpTablesExecutor(config) + iptables_executor.process() + + break + + red = CsRedundant(config) + red.set() if __name__ == "__main__": main(sys.argv) diff --git a/systemvm/patches/debian/opt/cloud/bin/merge.py b/systemvm/patches/debian/opt/cloud/bin/merge.py index 1c9adf26f5ea..ef20d0b32cb0 100755 --- a/systemvm/patches/debian/opt/cloud/bin/merge.py +++ b/systemvm/patches/debian/opt/cloud/bin/merge.py @@ -18,8 +18,10 @@ import json import os -import time +import uuid import logging +import gzip +import shutil import cs_ip import cs_guestnetwork import cs_cmdline @@ -36,8 +38,6 @@ import cs_vpnusers import cs_staticroutes -from pprint import pprint - class DataBag: @@ -282,22 +282,26 @@ def load(self, data): if data is not None: self.data = data self.type = self.data["type"] - proc = updateDataBag(self) + updateDataBag(self) return - fn = self.configCache + '/' + self.fileName + filename = '{cache_location}/{json_file}'.format(cache_location = self.configCache, json_file = self.fileName) try: - handle = open(fn) - except IOError: - logging.error("Could not open %s", fn) + handle = open(filename) + except IOError as exception: + error_message = ("Exception occurred with the following exception error '{error}'. Could not open '{file}'. " + "It seems that the file has already been moved.".format(error = exception, file = filename)) + logging.error(error_message) else: + logging.info("Continuing with the processing of file '{file}'".format(file = filename)) + self.data = json.load(handle) self.type = self.data["type"] handle.close() if self.keep: - self.__moveFile(fn, self.configCache + "/processed") + self.__moveFile(filename, self.configCache + "/processed") else: - os.remove(fn) - proc = updateDataBag(self) + os.remove(filename) + updateDataBag(self) def setFile(self, name): self.fileName = name @@ -314,8 +318,15 @@ def setPath(self, path): def __moveFile(self, origPath, path): if not os.path.exists(path): os.makedirs(path) - timestamp = str(int(round(time.time()))) - os.rename(origPath, path + "/" + self.fileName + "." + timestamp) + originalName = os.path.basename(origPath) + if originalName.count(".") == 1: + originalName += "." + str(uuid.uuid4()) + zipped_file_name = path + "/" + originalName + ".gz" + with open(origPath, 'rb') as f_in, gzip.open(zipped_file_name, 'wb') as f_out: + shutil.copyfileobj(f_in, f_out) + os.remove(origPath) + + logging.debug("Processed file written to %s", zipped_file_name) class PrivateGatewayHack: diff --git a/systemvm/patches/debian/opt/cloud/bin/update_config.py b/systemvm/patches/debian/opt/cloud/bin/update_config.py index ab08e039821a..e36980a43652 100755 --- a/systemvm/patches/debian/opt/cloud/bin/update_config.py +++ b/systemvm/patches/debian/opt/cloud/bin/update_config.py @@ -26,6 +26,8 @@ import configure import json +OCCURRENCES = 1 + logging.basicConfig(filename='/var/log/cloud.log', level=logging.INFO, format='%(asctime)s %(filename)s %(funcName)s:%(lineno)d %(message)s') # first commandline argument should be the file to process @@ -39,6 +41,14 @@ currentGuestNetConfig = "/etc/cloudstack/guestnetwork.json" +# If the command line json file is unprocessed process it +# This is important or, the control interfaces will get deleted! +if os.path.isfile(jsonPath % "cmd_line.json"): + qf = QueueFile() + qf.setFile("cmd_line.json") + qf.load(None) + + def finish_config(): # Converge returncode = configure.main(sys.argv) @@ -111,19 +121,13 @@ def is_guestnet_configured(guestnet_dict, keys): return exists -if not (os.path.isfile(jsonCmdConfigPath) and os.access(jsonCmdConfigPath, os.R_OK)): +filename = jsonCmdConfigPath +if not (os.path.isfile(filename) and os.access(filename, os.R_OK)): print "[ERROR] update_config.py :: You are telling me to process %s, but i can't access it" % jsonCmdConfigPath sys.exit(1) -# If the command line json file is unprocessed process it -# This is important or, the control interfaces will get deleted! -if os.path.isfile(jsonPath % "cmd_line.json"): - qf = QueueFile() - qf.setFile("cmd_line.json") - qf.load(None) - # If the guest network is already configured and have the same IP, do not try to configure it again otherwise it will break -if sys.argv[1] == "guest_network.json": +if sys.argv[1] and sys.argv[1].count("guest_network.json") == OCCURRENCES: if os.path.isfile(currentGuestNetConfig): file = open(currentGuestNetConfig) guestnet_dict = json.load(file) From 85aee8d18dc9e248b76cb2a899a427d6d1420957 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Sun, 3 Dec 2017 22:32:13 +0530 Subject: [PATCH 11/22] CLOUDSTACK-10013: SystemVM codebase refactorings and improvements - Refactors and simplifies systemvm codebase file structures keeping the same resultant systemvm.iso packaging - Password server systemd script and new postinit script that runs before sshd starts - Fixes to keepalived and conntrackd config to make rVRs work again - New /etc/issue featuring ascii based cloudmonkey logo/message and systemvmtemplate version - SystemVM python codebase linted and tested. Added pylint/pep to Travis. - iptables re-application fixes for non-VR systemvms. - SystemVM template build fixes. - Default secondary storage vm service offering boosted to have 2vCPUs and RAM equal to console proxy. - Fixes to several marvin based smoke tests, especially rVR related tests. rVR tests to consider 3*advert_int+skew timeout before status is checked. Signed-off-by: Rohit Yadav --- .travis.yml | 1 - LICENSE | 8 +- .../consoleproxy/ConsoleProxyResource.java | 5 - .../META-INF/db/schema-41000to41100.sql | 3 + .../resource/LibvirtComputingResource.java | 11 +- pom.xml | 3 +- .../debian/etc/apache2/httpd.conf | 0 .../debian/etc/apache2/vhost.template | 0 .../{patches => }/debian/etc/cloud-nic.rules | 0 .../debian/etc/dnsmasq.conf.tmpl | 0 .../debian/etc/haproxy/haproxy.cfg | 0 .../{patches/vpn => debian}/etc/ipsec.conf | 0 .../vpn => debian}/etc/ipsec.d/l2tp.conf | 0 .../{patches/vpn => debian}/etc/ipsec.secrets | 0 .../debian/etc/iptables/iptables-consoleproxy | 0 .../debian/etc/iptables/iptables-dhcpsrvr | 0 .../debian/etc/iptables/iptables-elbvm | 0 .../debian/etc/iptables/iptables-ilbvm | 0 .../debian/etc/iptables/iptables-router | 0 .../debian/etc/iptables/iptables-secstorage | 0 .../debian/etc/iptables/iptables-vpcrouter | 0 .../debian/etc/iptables/rt_tables_init | 0 .../{patches => }/debian/etc/iptables/rules | 0 systemvm/debian/etc/issue | 3 + .../{patches => }/debian/etc/logrotate.conf | 0 .../debian/etc/logrotate.d/apache2 | 0 .../debian/etc/logrotate.d/cloud | 0 .../debian/etc/logrotate.d/conntrackd | 0 .../debian/etc/logrotate.d/dnsmasq | 0 .../debian/etc/logrotate.d/haproxy | 0 .../{patches => }/debian/etc/logrotate.d/ppp | 0 .../debian/etc/logrotate.d/rsyslog | 0 .../debian/etc/modprobe.d/aesni_intel.conf | 0 .../debian/etc/modprobe.d/pcspkr.conf | 0 .../vpn => debian}/etc/ppp/options.xl2tpd | 0 .../debian/etc/profile.d/cloud.sh | 0 systemvm/debian/etc/rc.local | 47 ++ .../{patches => }/debian/etc/rsyslog.conf | 0 .../{patches => }/debian/etc/ssh/sshd_config | 1 - systemvm/{patches => }/debian/etc/sysctl.conf | 0 .../systemd/system/cloud-early-config.service | 18 + .../system/cloud-password-server@.service | 12 + .../etc/systemd/system/cloud-postinit.service | 14 + .../debian/etc/systemd/system/cloud.service | 13 + .../{patches => }/debian/etc/vpcdnsmasq.conf | 0 .../vpn => debian}/etc/xl2tpd/xl2tpd.conf | 0 .../debian/opt/cloud/bin/baremetal-vr.py | 2 - .../debian/opt/cloud/bin/baremetal_snat.sh | 0 .../debian/opt/cloud/bin/bumpup_priority.sh | 0 .../debian/opt/cloud/bin/checkbatchs2svpn.sh | 0 .../debian/opt/cloud/bin/checkrouter.sh | 0 .../debian/opt/cloud/bin/checks2svpn.sh | 0 .../debian/opt/cloud/bin/cloud-nic.sh | 0 .../debian/opt/cloud/bin/configure.py | 235 +++++----- .../debian/opt/cloud/bin/cs/CsAddress.py | 4 +- .../debian/opt/cloud/bin/cs/CsApp.py | 14 +- .../debian/opt/cloud/bin/cs/CsConfig.py | 0 .../debian/opt/cloud/bin/cs/CsDatabag.py | 4 +- .../debian/opt/cloud/bin/cs/CsDhcp.py | 4 +- .../debian/opt/cloud/bin/cs/CsFile.py | 6 +- .../debian/opt/cloud/bin/cs/CsGuestNetwork.py | 2 +- .../debian/opt/cloud/bin/cs/CsHelper.py | 12 +- .../debian/opt/cloud/bin/cs/CsLoadBalancer.py | 0 .../debian/opt/cloud/bin/cs/CsMonitor.py | 0 .../debian/opt/cloud/bin/cs/CsNetfilter.py | 12 +- .../debian/opt/cloud/bin/cs/CsProcess.py | 0 .../debian/opt/cloud/bin/cs/CsRedundant.py | 19 +- .../debian/opt/cloud/bin/cs/CsRoute.py | 9 +- .../debian/opt/cloud/bin/cs/CsRule.py | 2 +- .../debian/opt/cloud/bin/cs/CsStaticRoutes.py | 0 .../debian/opt/cloud/bin/cs/__init__.py | 0 .../debian/opt/cloud/bin/cs_cmdline.py | 0 .../debian/opt/cloud/bin/cs_dhcp.py | 0 .../debian/opt/cloud/bin/cs_firewallrules.py | 0 .../opt/cloud/bin/cs_forwardingrules.py | 0 .../debian/opt/cloud/bin/cs_guestnetwork.py | 0 .../debian/opt/cloud/bin/cs_ip.py | 5 +- .../debian/opt/cloud/bin/cs_loadbalancer.py | 0 .../debian/opt/cloud/bin/cs_monitorservice.py | 0 .../debian/opt/cloud/bin/cs_network_acl.py | 0 .../opt/cloud/bin/cs_remoteaccessvpn.py | 0 .../debian/opt/cloud/bin/cs_site2sitevpn.py | 0 .../debian/opt/cloud/bin/cs_staticroutes.py | 0 .../debian/opt/cloud/bin/cs_vmdata.py | 0 .../debian/opt/cloud/bin/cs_vmp.py | 1 + .../debian/opt/cloud/bin/cs_vpnusers.py | 4 +- .../debian/opt/cloud/bin/dnsmasq.sh | 0 .../debian/opt/cloud/bin/edithosts.sh | 0 .../debian/opt/cloud/bin/getRouterAlerts.sh | 0 .../opt/cloud/bin/get_template_version.sh | 0 .../{patches => }/debian/opt/cloud/bin/ilb.sh | 0 .../debian/opt/cloud/bin/ipassoc.sh | 0 .../debian/opt/cloud/bin/ipsectunnel.sh | 0 .../debian/opt/cloud/bin/line_edit.py | 0 .../debian/opt/cloud/bin/loadbalancer.sh | 0 .../debian/opt/cloud/bin/master.py | 2 +- .../debian/opt/cloud/bin/merge.py | 13 +- .../debian/opt/cloud/bin/monitor_service.sh | 0 .../debian/opt/cloud/bin/netusage.sh | 0 .../debian/opt/cloud/bin/passwd_server | 0 .../debian/opt/cloud/bin/passwd_server_ip | 0 .../debian/opt/cloud/bin/passwd_server_ip.py | 0 .../debian/opt/cloud/bin/prepare_pxe.sh | 0 .../debian/opt/cloud/bin/savepassword.sh | 0 .../debian/opt/cloud/bin/set_redundant.py | 7 +- .../opt/cloud/bin/setup}/cloud-early-config | 61 +-- .../debian/opt/cloud/bin/setup/common.sh | 8 +- .../opt/cloud/bin/setup/consoleproxy.sh | 3 +- .../debian/opt/cloud/bin/setup/default.sh | 0 .../debian/opt/cloud/bin/setup/dhcpsrvr.sh | 5 +- .../debian/opt/cloud/bin/setup/elbvm.sh | 3 +- .../debian/opt/cloud/bin/setup/ilbvm.sh | 3 +- .../opt/cloud/bin/setup/patchsystemvm.sh | 2 +- .../debian/opt/cloud/bin/setup/postinit.sh | 51 +++ .../debian/opt/cloud/bin/setup/router.sh | 4 - .../debian/opt/cloud/bin/setup/secstorage.sh | 3 +- .../debian/opt/cloud/bin/setup/vpcrouter.sh | 1 - .../debian/opt/cloud/bin/update_config.py | 16 +- .../debian/opt/cloud/bin/vmdata.py | 2 +- .../debian/opt/cloud/bin/vpc_func.sh | 0 .../debian/opt/cloud/bin/vpc_netusage.sh | 0 .../debian/opt/cloud/bin/vpc_passwd_server | 0 .../debian/opt/cloud/bin/vpc_snat.sh | 0 .../debian/opt/cloud/bin/vpc_staticroute.sh | 0 .../vpn => debian}/opt/cloud/bin/vpn_l2tp.sh | 0 .../debian/opt/cloud/bin/vr_cfg.sh | 0 .../debian/opt/cloud/templates/README | 0 .../cloud/templates/arping_gateways.sh.templ | 0 .../opt/cloud/templates/check_bumpup.sh | 0 .../cloud/templates/check_heartbeat.sh.templ | 0 .../opt/cloud/templates/checkrouter.sh.templ | 0 .../opt/cloud/templates/conntrackd.conf.templ | 419 ++++++++++++++++++ .../opt/cloud/templates/heartbeat.sh.templ | 0 .../opt/cloud/templates/keepalived.conf.templ | 5 +- .../debian/opt/cloud/testdata/README | 0 .../debian/opt/cloud/testdata/acl0001.json | 0 .../debian/opt/cloud/testdata/dhcp0001.json | 0 .../debian/opt/cloud/testdata/gn0001.json | 0 .../debian/opt/cloud/testdata/ips0001.json | 0 .../debian/opt/cloud/testdata/ips0002.json | 0 .../debian/opt/cloud/testdata/ips0003.json | 0 .../debian/opt/cloud/testdata/s2s0001.json | 0 .../debian/opt/cloud/testdata/test.sh | 0 .../debian/opt/cloud/testdata/vmp0001.json | 0 .../debian/root/.ssh/authorized_keys | 0 .../debian/root/clearUsageRules.sh | 0 systemvm/{patches => }/debian/root/func.sh | 0 .../debian/root/monitorServices.py | 0 .../{patches => }/debian/root/reconfigLB.sh | 0 .../debian/var/www/html/latest/.htaccess | 0 .../debian/var/www/html/userdata/.htaccess | 0 .../debian/etc/init.d/cloud-passwd-srvr | 118 ----- systemvm/patches/debian/etc/rc.local | 69 --- .../opt/cloud/templates/conntrackd.conf.templ | 417 ----------------- systemvm/pom.xml | 7 +- systemvm/{patches => }/test/TestCsAddress.py | 0 systemvm/{patches => }/test/TestCsApp.py | 0 systemvm/{patches => }/test/TestCsCmdLine.py | 0 systemvm/{patches => }/test/TestCsConfig.py | 0 systemvm/{patches => }/test/TestCsDatabag.py | 0 systemvm/{patches => }/test/TestCsDhcp.py | 0 systemvm/{patches => }/test/TestCsFile.py | 0 .../{patches => }/test/TestCsGuestNetwork.py | 3 +- systemvm/{patches => }/test/TestCsHelper.py | 0 .../{patches => }/test/TestCsInterface.py | 0 .../{patches => }/test/TestCsNetfilter.py | 0 systemvm/{patches => }/test/TestCsProcess.py | 0 .../{patches => }/test/TestCsRedundant.py | 0 systemvm/{patches => }/test/TestCsRoute.py | 5 +- systemvm/{patches => }/test/TestCsRule.py | 0 systemvm/{patches => }/test/runtests.sh | 19 +- .../smoke/test_deploy_virtio_scsi_vm.py | 1 - test/integration/smoke/test_deploy_vm_iso.py | 2 +- test/integration/smoke/test_hosts.py | 170 ------- test/integration/smoke/test_privategw_acl.py | 55 ++- test/integration/smoke/test_vpc_redundant.py | 33 +- .../systemvmtemplate/apt_upgrade.sh | 12 +- .../definitions/systemvmtemplate/cleanup.sh | 22 +- .../systemvmtemplate/configure_login.sh | 34 +- .../configure_systemvm_services.sh | 61 +-- .../systemvmtemplate/definition.rb | 6 +- .../{zerodisk.sh => finalize.sh} | 37 +- .../install_systemvm_packages.sh | 13 +- .../definitions/systemvmtemplate/preseed.cfg | 11 +- tools/appliance/shar_cloud_scripts.sh | 7 +- tools/marvin/marvin/config/test_data.py | 14 +- tools/travis/before_install.sh | 2 +- tools/travis/install.sh | 4 + tools/whisker/LICENSE | 8 +- tools/whisker/descriptor-for-packaging.xml | 8 +- tools/whisker/descriptor.xml | 8 +- .../main/java/com/cloud/utils/nio/Link.java | 2 +- 192 files changed, 975 insertions(+), 1255 deletions(-) rename systemvm/{patches => }/debian/etc/apache2/httpd.conf (100%) rename systemvm/{patches => }/debian/etc/apache2/vhost.template (100%) rename systemvm/{patches => }/debian/etc/cloud-nic.rules (100%) rename systemvm/{patches => }/debian/etc/dnsmasq.conf.tmpl (100%) rename systemvm/{patches => }/debian/etc/haproxy/haproxy.cfg (100%) rename systemvm/{patches/vpn => debian}/etc/ipsec.conf (100%) rename systemvm/{patches/vpn => debian}/etc/ipsec.d/l2tp.conf (100%) rename systemvm/{patches/vpn => debian}/etc/ipsec.secrets (100%) rename systemvm/{patches => }/debian/etc/iptables/iptables-consoleproxy (100%) rename systemvm/{patches => }/debian/etc/iptables/iptables-dhcpsrvr (100%) rename systemvm/{patches => }/debian/etc/iptables/iptables-elbvm (100%) rename systemvm/{patches => }/debian/etc/iptables/iptables-ilbvm (100%) rename systemvm/{patches => }/debian/etc/iptables/iptables-router (100%) rename systemvm/{patches => }/debian/etc/iptables/iptables-secstorage (100%) rename systemvm/{patches => }/debian/etc/iptables/iptables-vpcrouter (100%) rename systemvm/{patches => }/debian/etc/iptables/rt_tables_init (100%) rename systemvm/{patches => }/debian/etc/iptables/rules (100%) create mode 100644 systemvm/debian/etc/issue rename systemvm/{patches => }/debian/etc/logrotate.conf (100%) rename systemvm/{patches => }/debian/etc/logrotate.d/apache2 (100%) rename systemvm/{patches => }/debian/etc/logrotate.d/cloud (100%) rename systemvm/{patches => }/debian/etc/logrotate.d/conntrackd (100%) rename systemvm/{patches => }/debian/etc/logrotate.d/dnsmasq (100%) rename systemvm/{patches => }/debian/etc/logrotate.d/haproxy (100%) rename systemvm/{patches => }/debian/etc/logrotate.d/ppp (100%) rename systemvm/{patches => }/debian/etc/logrotate.d/rsyslog (100%) rename systemvm/{patches => }/debian/etc/modprobe.d/aesni_intel.conf (100%) rename systemvm/{patches => }/debian/etc/modprobe.d/pcspkr.conf (100%) rename systemvm/{patches/vpn => debian}/etc/ppp/options.xl2tpd (100%) rename systemvm/{patches => }/debian/etc/profile.d/cloud.sh (100%) create mode 100755 systemvm/debian/etc/rc.local rename systemvm/{patches => }/debian/etc/rsyslog.conf (100%) rename systemvm/{patches => }/debian/etc/ssh/sshd_config (99%) rename systemvm/{patches => }/debian/etc/sysctl.conf (100%) create mode 100644 systemvm/debian/etc/systemd/system/cloud-early-config.service create mode 100644 systemvm/debian/etc/systemd/system/cloud-password-server@.service create mode 100644 systemvm/debian/etc/systemd/system/cloud-postinit.service create mode 100644 systemvm/debian/etc/systemd/system/cloud.service rename systemvm/{patches => }/debian/etc/vpcdnsmasq.conf (100%) rename systemvm/{patches/vpn => debian}/etc/xl2tpd/xl2tpd.conf (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/baremetal-vr.py (99%) rename systemvm/{patches => }/debian/opt/cloud/bin/baremetal_snat.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/bumpup_priority.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/checkbatchs2svpn.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/checkrouter.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/checks2svpn.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/cloud-nic.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/configure.py (85%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs/CsAddress.py (99%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs/CsApp.py (87%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs/CsConfig.py (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs/CsDatabag.py (97%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs/CsDhcp.py (98%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs/CsFile.py (99%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs/CsGuestNetwork.py (96%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs/CsHelper.py (93%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs/CsLoadBalancer.py (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs/CsMonitor.py (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs/CsNetfilter.py (96%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs/CsProcess.py (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs/CsRedundant.py (96%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs/CsRoute.py (93%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs/CsRule.py (98%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs/CsStaticRoutes.py (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs/__init__.py (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs_cmdline.py (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs_dhcp.py (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs_firewallrules.py (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs_forwardingrules.py (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs_guestnetwork.py (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs_ip.py (92%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs_loadbalancer.py (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs_monitorservice.py (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs_network_acl.py (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs_remoteaccessvpn.py (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs_site2sitevpn.py (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs_staticroutes.py (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs_vmdata.py (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs_vmp.py (99%) rename systemvm/{patches => }/debian/opt/cloud/bin/cs_vpnusers.py (96%) rename systemvm/{patches => }/debian/opt/cloud/bin/dnsmasq.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/edithosts.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/getRouterAlerts.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/get_template_version.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/ilb.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/ipassoc.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/ipsectunnel.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/line_edit.py (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/loadbalancer.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/master.py (95%) rename systemvm/{patches => }/debian/opt/cloud/bin/merge.py (98%) rename systemvm/{patches => }/debian/opt/cloud/bin/monitor_service.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/netusage.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/passwd_server (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/passwd_server_ip (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/passwd_server_ip.py (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/prepare_pxe.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/savepassword.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/set_redundant.py (91%) rename systemvm/{patches/debian/etc/init.d => debian/opt/cloud/bin/setup}/cloud-early-config (80%) rename systemvm/{patches => }/debian/opt/cloud/bin/setup/common.sh (98%) rename systemvm/{patches => }/debian/opt/cloud/bin/setup/consoleproxy.sh (91%) rename systemvm/{patches => }/debian/opt/cloud/bin/setup/default.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/setup/dhcpsrvr.sh (80%) rename systemvm/{patches => }/debian/opt/cloud/bin/setup/elbvm.sh (89%) rename systemvm/{patches => }/debian/opt/cloud/bin/setup/ilbvm.sh (88%) rename systemvm/{patches => }/debian/opt/cloud/bin/setup/patchsystemvm.sh (99%) create mode 100755 systemvm/debian/opt/cloud/bin/setup/postinit.sh rename systemvm/{patches => }/debian/opt/cloud/bin/setup/router.sh (88%) rename systemvm/{patches => }/debian/opt/cloud/bin/setup/secstorage.sh (94%) rename systemvm/{patches => }/debian/opt/cloud/bin/setup/vpcrouter.sh (98%) rename systemvm/{patches => }/debian/opt/cloud/bin/update_config.py (92%) rename systemvm/{patches => }/debian/opt/cloud/bin/vmdata.py (99%) rename systemvm/{patches => }/debian/opt/cloud/bin/vpc_func.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/vpc_netusage.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/vpc_passwd_server (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/vpc_snat.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/vpc_staticroute.sh (100%) rename systemvm/{patches/vpn => debian}/opt/cloud/bin/vpn_l2tp.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/bin/vr_cfg.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/templates/README (100%) rename systemvm/{patches => }/debian/opt/cloud/templates/arping_gateways.sh.templ (100%) rename systemvm/{patches => }/debian/opt/cloud/templates/check_bumpup.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/templates/check_heartbeat.sh.templ (100%) rename systemvm/{patches => }/debian/opt/cloud/templates/checkrouter.sh.templ (100%) create mode 100644 systemvm/debian/opt/cloud/templates/conntrackd.conf.templ rename systemvm/{patches => }/debian/opt/cloud/templates/heartbeat.sh.templ (100%) rename systemvm/{patches => }/debian/opt/cloud/templates/keepalived.conf.templ (94%) rename systemvm/{patches => }/debian/opt/cloud/testdata/README (100%) rename systemvm/{patches => }/debian/opt/cloud/testdata/acl0001.json (100%) rename systemvm/{patches => }/debian/opt/cloud/testdata/dhcp0001.json (100%) rename systemvm/{patches => }/debian/opt/cloud/testdata/gn0001.json (100%) rename systemvm/{patches => }/debian/opt/cloud/testdata/ips0001.json (100%) rename systemvm/{patches => }/debian/opt/cloud/testdata/ips0002.json (100%) rename systemvm/{patches => }/debian/opt/cloud/testdata/ips0003.json (100%) rename systemvm/{patches => }/debian/opt/cloud/testdata/s2s0001.json (100%) rename systemvm/{patches => }/debian/opt/cloud/testdata/test.sh (100%) rename systemvm/{patches => }/debian/opt/cloud/testdata/vmp0001.json (100%) rename systemvm/{patches => }/debian/root/.ssh/authorized_keys (100%) rename systemvm/{patches => }/debian/root/clearUsageRules.sh (100%) rename systemvm/{patches => }/debian/root/func.sh (100%) rename systemvm/{patches => }/debian/root/monitorServices.py (100%) rename systemvm/{patches => }/debian/root/reconfigLB.sh (100%) rename systemvm/{patches => }/debian/var/www/html/latest/.htaccess (100%) rename systemvm/{patches => }/debian/var/www/html/userdata/.htaccess (100%) delete mode 100755 systemvm/patches/debian/etc/init.d/cloud-passwd-srvr delete mode 100755 systemvm/patches/debian/etc/rc.local delete mode 100644 systemvm/patches/debian/opt/cloud/templates/conntrackd.conf.templ rename systemvm/{patches => }/test/TestCsAddress.py (100%) rename systemvm/{patches => }/test/TestCsApp.py (100%) rename systemvm/{patches => }/test/TestCsCmdLine.py (100%) rename systemvm/{patches => }/test/TestCsConfig.py (100%) rename systemvm/{patches => }/test/TestCsDatabag.py (100%) rename systemvm/{patches => }/test/TestCsDhcp.py (100%) rename systemvm/{patches => }/test/TestCsFile.py (100%) rename systemvm/{patches => }/test/TestCsGuestNetwork.py (94%) rename systemvm/{patches => }/test/TestCsHelper.py (100%) rename systemvm/{patches => }/test/TestCsInterface.py (100%) rename systemvm/{patches => }/test/TestCsNetfilter.py (100%) rename systemvm/{patches => }/test/TestCsProcess.py (100%) rename systemvm/{patches => }/test/TestCsRedundant.py (100%) rename systemvm/{patches => }/test/TestCsRoute.py (87%) rename systemvm/{patches => }/test/TestCsRule.py (100%) rename systemvm/{patches => }/test/runtests.sh (67%) delete mode 100644 test/integration/smoke/test_hosts.py rename tools/appliance/definitions/systemvmtemplate/{zerodisk.sh => finalize.sh} (68%) diff --git a/.travis.yml b/.travis.yml index 30549d272f1b..a206cbeedf10 100644 --- a/.travis.yml +++ b/.travis.yml @@ -50,7 +50,6 @@ env: smoke/test_hostha_simulator smoke/test_host_annotations smoke/test_host_maintenance - smoke/test_hosts smoke/test_internal_lb smoke/test_iso smoke/test_list_ids_parameter diff --git a/LICENSE b/LICENSE index 982b15844f4a..c30d8593c8ee 100644 --- a/LICENSE +++ b/LICENSE @@ -208,7 +208,7 @@ Within the console-proxy/js directory jquery.js -Within the patches/systemvm/debian/config/etc directory +Within the systemvm/debian/etc directory placed in the public domain by Adiscon GmbH http://www.adiscon.com/ rsyslog.conf @@ -216,14 +216,14 @@ Within the patches/systemvm/debian/config/etc directory dnsmasq.conf vpcdnsmasq.conf -Within the patches/systemvm/debian/config/etc/apache2 directory +Within the systemvm/debian/etc/apache2 directory licensed under the Apache License, Version 2 http://www.apache.org/licenses/LICENSE-2.0.txt (as above) Copyright (c) 2012 The Apache Software Foundation from The Apache Software Foundation http://www.apache.org/ httpd.conf vhost.template -Within the patches/systemvm/debian/config/etc/ssh/ directory +Within the systemvm/debian/etc/ssh/ directory licensed under the BSD (2-clause) http://www.opensource.org/licenses/BSD-2-Clause (as follows) @@ -254,7 +254,7 @@ Within the patches/systemvm/debian/config/etc/ssh/ directory from OpenSSH Project http://www.openssh.org/ sshd_config -Within the patches/systemvm/debian/config/root/redundant_router directory +Within the systemvm/debian/root/redundant_router directory placed in the public domain by The netfilter.org project http://www.netfilter.org/ conntrackd.conf.templ diff --git a/agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java b/agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java index 24e825721095..86d3bebb38be 100644 --- a/agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java +++ b/agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java @@ -440,11 +440,6 @@ public void ensureRoute(String address) { } } - @Override - public boolean stop() { - return true; - } - @Override public void setName(String name) { } diff --git a/engine/schema/resources/META-INF/db/schema-41000to41100.sql b/engine/schema/resources/META-INF/db/schema-41000to41100.sql index 5f7eff2dd9ec..2a2fe2ddede5 100644 --- a/engine/schema/resources/META-INF/db/schema-41000to41100.sql +++ b/engine/schema/resources/META-INF/db/schema-41000to41100.sql @@ -492,3 +492,6 @@ INSERT IGNORE INTO `cloud`.`guest_os_hypervisor` (uuid,hypervisor_type, hypervis -- Change monitor patch for apache2 in systemvm UPDATE `cloud`.`monitoring_services` SET pidfile="/var/run/apache2/apache2.pid" WHERE process_name="apache2" AND service_name="apache2"; + +-- Boost secondary storage systemvm +UPDATE `cloud`.`service_offering` SET ram_size=1024, cpu=2 WHERE vm_type="secondarystoragevm" and cpu=1 and ram_size=512; diff --git a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java index 7e68ed3bce0c..0ead08574927 100644 --- a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java +++ b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java @@ -341,17 +341,18 @@ public ExecutionResult executeInVR(final String routerIp, final String script, f @Override public ExecutionResult createFileInVR(final String routerIp, final String path, final String filename, final String content) { final File permKey = new File("/root/.ssh/id_rsa.cloud"); - String error = null; - - s_logger.debug("Creating file in VR, with ip: " + routerIp + ", file: " + filename); + boolean success = true; + String details = "Creating file in VR, with ip: " + routerIp + ", file: " + filename; + s_logger.debug(details); try { SshHelper.scpTo(routerIp, 3922, "root", permKey, null, path, content.getBytes(), filename, null); } catch (final Exception e) { s_logger.warn("Fail to create file " + path + filename + " in VR " + routerIp, e); - error = e.getMessage(); + details = e.getMessage(); + success = false; } - return new ExecutionResult(error == null, error); + return new ExecutionResult(success, details); } @Override diff --git a/pom.xml b/pom.xml index c30247aaf3e7..39a611d5e9d7 100644 --- a/pom.xml +++ b/pom.xml @@ -924,8 +924,7 @@ systemvm/agent/conf/environment.properties systemvm/agent/js/jquery.js systemvm/agent/js/jquery.flot.navigate.js - systemvm/patches/debian/** - systemvm/patches/vpn/** + systemvm/debian/** tools/transifex/.tx/config tools/logo/apache_cloudstack.png tools/marvin/marvin/sandbox/advanced/sandbox.cfg diff --git a/systemvm/patches/debian/etc/apache2/httpd.conf b/systemvm/debian/etc/apache2/httpd.conf similarity index 100% rename from systemvm/patches/debian/etc/apache2/httpd.conf rename to systemvm/debian/etc/apache2/httpd.conf diff --git a/systemvm/patches/debian/etc/apache2/vhost.template b/systemvm/debian/etc/apache2/vhost.template similarity index 100% rename from systemvm/patches/debian/etc/apache2/vhost.template rename to systemvm/debian/etc/apache2/vhost.template diff --git a/systemvm/patches/debian/etc/cloud-nic.rules b/systemvm/debian/etc/cloud-nic.rules similarity index 100% rename from systemvm/patches/debian/etc/cloud-nic.rules rename to systemvm/debian/etc/cloud-nic.rules diff --git a/systemvm/patches/debian/etc/dnsmasq.conf.tmpl b/systemvm/debian/etc/dnsmasq.conf.tmpl similarity index 100% rename from systemvm/patches/debian/etc/dnsmasq.conf.tmpl rename to systemvm/debian/etc/dnsmasq.conf.tmpl diff --git a/systemvm/patches/debian/etc/haproxy/haproxy.cfg b/systemvm/debian/etc/haproxy/haproxy.cfg similarity index 100% rename from systemvm/patches/debian/etc/haproxy/haproxy.cfg rename to systemvm/debian/etc/haproxy/haproxy.cfg diff --git a/systemvm/patches/vpn/etc/ipsec.conf b/systemvm/debian/etc/ipsec.conf similarity index 100% rename from systemvm/patches/vpn/etc/ipsec.conf rename to systemvm/debian/etc/ipsec.conf diff --git a/systemvm/patches/vpn/etc/ipsec.d/l2tp.conf b/systemvm/debian/etc/ipsec.d/l2tp.conf similarity index 100% rename from systemvm/patches/vpn/etc/ipsec.d/l2tp.conf rename to systemvm/debian/etc/ipsec.d/l2tp.conf diff --git a/systemvm/patches/vpn/etc/ipsec.secrets b/systemvm/debian/etc/ipsec.secrets similarity index 100% rename from systemvm/patches/vpn/etc/ipsec.secrets rename to systemvm/debian/etc/ipsec.secrets diff --git a/systemvm/patches/debian/etc/iptables/iptables-consoleproxy b/systemvm/debian/etc/iptables/iptables-consoleproxy similarity index 100% rename from systemvm/patches/debian/etc/iptables/iptables-consoleproxy rename to systemvm/debian/etc/iptables/iptables-consoleproxy diff --git a/systemvm/patches/debian/etc/iptables/iptables-dhcpsrvr b/systemvm/debian/etc/iptables/iptables-dhcpsrvr similarity index 100% rename from systemvm/patches/debian/etc/iptables/iptables-dhcpsrvr rename to systemvm/debian/etc/iptables/iptables-dhcpsrvr diff --git a/systemvm/patches/debian/etc/iptables/iptables-elbvm b/systemvm/debian/etc/iptables/iptables-elbvm similarity index 100% rename from systemvm/patches/debian/etc/iptables/iptables-elbvm rename to systemvm/debian/etc/iptables/iptables-elbvm diff --git a/systemvm/patches/debian/etc/iptables/iptables-ilbvm b/systemvm/debian/etc/iptables/iptables-ilbvm similarity index 100% rename from systemvm/patches/debian/etc/iptables/iptables-ilbvm rename to systemvm/debian/etc/iptables/iptables-ilbvm diff --git a/systemvm/patches/debian/etc/iptables/iptables-router b/systemvm/debian/etc/iptables/iptables-router similarity index 100% rename from systemvm/patches/debian/etc/iptables/iptables-router rename to systemvm/debian/etc/iptables/iptables-router diff --git a/systemvm/patches/debian/etc/iptables/iptables-secstorage b/systemvm/debian/etc/iptables/iptables-secstorage similarity index 100% rename from systemvm/patches/debian/etc/iptables/iptables-secstorage rename to systemvm/debian/etc/iptables/iptables-secstorage diff --git a/systemvm/patches/debian/etc/iptables/iptables-vpcrouter b/systemvm/debian/etc/iptables/iptables-vpcrouter similarity index 100% rename from systemvm/patches/debian/etc/iptables/iptables-vpcrouter rename to systemvm/debian/etc/iptables/iptables-vpcrouter diff --git a/systemvm/patches/debian/etc/iptables/rt_tables_init b/systemvm/debian/etc/iptables/rt_tables_init similarity index 100% rename from systemvm/patches/debian/etc/iptables/rt_tables_init rename to systemvm/debian/etc/iptables/rt_tables_init diff --git a/systemvm/patches/debian/etc/iptables/rules b/systemvm/debian/etc/iptables/rules similarity index 100% rename from systemvm/patches/debian/etc/iptables/rules rename to systemvm/debian/etc/iptables/rules diff --git a/systemvm/debian/etc/issue b/systemvm/debian/etc/issue new file mode 100644 index 000000000000..2d2b7c0f2f19 --- /dev/null +++ b/systemvm/debian/etc/issue @@ -0,0 +1,3 @@ + __?.o/ Apache CloudStack SystemVM 4.11 + ( )# https://cloudstack.apache.org + (___(_) \s \r \n \l diff --git a/systemvm/patches/debian/etc/logrotate.conf b/systemvm/debian/etc/logrotate.conf similarity index 100% rename from systemvm/patches/debian/etc/logrotate.conf rename to systemvm/debian/etc/logrotate.conf diff --git a/systemvm/patches/debian/etc/logrotate.d/apache2 b/systemvm/debian/etc/logrotate.d/apache2 similarity index 100% rename from systemvm/patches/debian/etc/logrotate.d/apache2 rename to systemvm/debian/etc/logrotate.d/apache2 diff --git a/systemvm/patches/debian/etc/logrotate.d/cloud b/systemvm/debian/etc/logrotate.d/cloud similarity index 100% rename from systemvm/patches/debian/etc/logrotate.d/cloud rename to systemvm/debian/etc/logrotate.d/cloud diff --git a/systemvm/patches/debian/etc/logrotate.d/conntrackd b/systemvm/debian/etc/logrotate.d/conntrackd similarity index 100% rename from systemvm/patches/debian/etc/logrotate.d/conntrackd rename to systemvm/debian/etc/logrotate.d/conntrackd diff --git a/systemvm/patches/debian/etc/logrotate.d/dnsmasq b/systemvm/debian/etc/logrotate.d/dnsmasq similarity index 100% rename from systemvm/patches/debian/etc/logrotate.d/dnsmasq rename to systemvm/debian/etc/logrotate.d/dnsmasq diff --git a/systemvm/patches/debian/etc/logrotate.d/haproxy b/systemvm/debian/etc/logrotate.d/haproxy similarity index 100% rename from systemvm/patches/debian/etc/logrotate.d/haproxy rename to systemvm/debian/etc/logrotate.d/haproxy diff --git a/systemvm/patches/debian/etc/logrotate.d/ppp b/systemvm/debian/etc/logrotate.d/ppp similarity index 100% rename from systemvm/patches/debian/etc/logrotate.d/ppp rename to systemvm/debian/etc/logrotate.d/ppp diff --git a/systemvm/patches/debian/etc/logrotate.d/rsyslog b/systemvm/debian/etc/logrotate.d/rsyslog similarity index 100% rename from systemvm/patches/debian/etc/logrotate.d/rsyslog rename to systemvm/debian/etc/logrotate.d/rsyslog diff --git a/systemvm/patches/debian/etc/modprobe.d/aesni_intel.conf b/systemvm/debian/etc/modprobe.d/aesni_intel.conf similarity index 100% rename from systemvm/patches/debian/etc/modprobe.d/aesni_intel.conf rename to systemvm/debian/etc/modprobe.d/aesni_intel.conf diff --git a/systemvm/patches/debian/etc/modprobe.d/pcspkr.conf b/systemvm/debian/etc/modprobe.d/pcspkr.conf similarity index 100% rename from systemvm/patches/debian/etc/modprobe.d/pcspkr.conf rename to systemvm/debian/etc/modprobe.d/pcspkr.conf diff --git a/systemvm/patches/vpn/etc/ppp/options.xl2tpd b/systemvm/debian/etc/ppp/options.xl2tpd similarity index 100% rename from systemvm/patches/vpn/etc/ppp/options.xl2tpd rename to systemvm/debian/etc/ppp/options.xl2tpd diff --git a/systemvm/patches/debian/etc/profile.d/cloud.sh b/systemvm/debian/etc/profile.d/cloud.sh similarity index 100% rename from systemvm/patches/debian/etc/profile.d/cloud.sh rename to systemvm/debian/etc/profile.d/cloud.sh diff --git a/systemvm/debian/etc/rc.local b/systemvm/debian/etc/rc.local new file mode 100755 index 000000000000..94c6466387c4 --- /dev/null +++ b/systemvm/debian/etc/rc.local @@ -0,0 +1,47 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +[ ! -f /var/cache/cloud/enabled_svcs ] && touch /var/cache/cloud/enabled_svcs +for svc in $(cat /var/cache/cloud/enabled_svcs) +do + logger -t cloud "Starting $svc" + systemctl enable --no-block --now $svc +done + +[ ! -f /var/cache/cloud/disabled_svcs ] && touch /var/cache/cloud/disabled_svcs +for svc in $(cat /var/cache/cloud/disabled_svcs) +do + logger -t cloud "Stopping $svc" + systemctl disable --no-block --now $svc +done + +# Restore the persistent iptables nat, rules and filters for IPv4 and IPv6 if they exist +ipv4="/etc/iptables/rules.v4" +if [ -e $ipv4 ] +then + iptables-restore < $ipv4 +fi + +ipv6="/etc/iptables/rules.v6" +if [ -e $ipv6 ] +then + iptables-restore < $ipv6 +fi + +date > /var/cache/cloud/boot_up_done +logger -t cloud "Boot up process done" diff --git a/systemvm/patches/debian/etc/rsyslog.conf b/systemvm/debian/etc/rsyslog.conf similarity index 100% rename from systemvm/patches/debian/etc/rsyslog.conf rename to systemvm/debian/etc/rsyslog.conf diff --git a/systemvm/patches/debian/etc/ssh/sshd_config b/systemvm/debian/etc/ssh/sshd_config similarity index 99% rename from systemvm/patches/debian/etc/ssh/sshd_config rename to systemvm/debian/etc/ssh/sshd_config index 4931cdb028a1..f2775747305b 100644 --- a/systemvm/patches/debian/etc/ssh/sshd_config +++ b/systemvm/debian/etc/ssh/sshd_config @@ -57,7 +57,6 @@ AuthorizedKeysFile .ssh/authorized_keys #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! -#PasswordAuthentication yes #PermitEmptyPasswords no PasswordAuthentication no diff --git a/systemvm/patches/debian/etc/sysctl.conf b/systemvm/debian/etc/sysctl.conf similarity index 100% rename from systemvm/patches/debian/etc/sysctl.conf rename to systemvm/debian/etc/sysctl.conf diff --git a/systemvm/debian/etc/systemd/system/cloud-early-config.service b/systemvm/debian/etc/systemd/system/cloud-early-config.service new file mode 100644 index 000000000000..2af52767cc39 --- /dev/null +++ b/systemvm/debian/etc/systemd/system/cloud-early-config.service @@ -0,0 +1,18 @@ +[Unit] +Description=CloudStack post-boot patching service using cmdline +DefaultDependencies=no + +Before=network-pre.target +Wants=network-pre.target + +Requires=local-fs.target +After=local-fs.target + +[Install] +WantedBy=multi-user.target + +[Service] +Type=oneshot +ExecStart=/opt/cloud/bin/setup/cloud-early-config +RemainAfterExit=true +TimeoutStartSec=5min diff --git a/systemvm/debian/etc/systemd/system/cloud-password-server@.service b/systemvm/debian/etc/systemd/system/cloud-password-server@.service new file mode 100644 index 000000000000..2fe8bec11ddb --- /dev/null +++ b/systemvm/debian/etc/systemd/system/cloud-password-server@.service @@ -0,0 +1,12 @@ +[Unit] +Description=Cloud password server on %I +After=network.target local-fs.target + +[Install] +WantedBy=multi-user.target + +[Service] +Type=simple +WorkingDirectory=/opt/cloud/bin +ExecStart=/opt/cloud/bin/passwd_server_ip.py %I +Restart=on-failure diff --git a/systemvm/debian/etc/systemd/system/cloud-postinit.service b/systemvm/debian/etc/systemd/system/cloud-postinit.service new file mode 100644 index 000000000000..83f0636a72de --- /dev/null +++ b/systemvm/debian/etc/systemd/system/cloud-postinit.service @@ -0,0 +1,14 @@ +[Unit] +Description=CloudStack post-patching init script +After=cloud-early-config.service network.target local-fs.target +Before=ssh.service +Requires=network.service + +[Install] +WantedBy=multi-user.target + +[Service] +Type=oneshot +ExecStart=/opt/cloud/bin/setup/postinit.sh +RemainAfterExit=true +TimeoutStartSec=1min diff --git a/systemvm/debian/etc/systemd/system/cloud.service b/systemvm/debian/etc/systemd/system/cloud.service new file mode 100644 index 000000000000..9c61be46eba3 --- /dev/null +++ b/systemvm/debian/etc/systemd/system/cloud.service @@ -0,0 +1,13 @@ +[Unit] +Description=CloudStack Agent service +After=cloud-early-config.service network.target local-fs.target + +[Install] +WantedBy=multi-user.target + +[Service] +Type=simple +WorkingDirectory=/usr/local/cloud/systemvm +ExecStart=/usr/local/cloud/systemvm/_run.sh +Restart=always +RestartSec=5 diff --git a/systemvm/patches/debian/etc/vpcdnsmasq.conf b/systemvm/debian/etc/vpcdnsmasq.conf similarity index 100% rename from systemvm/patches/debian/etc/vpcdnsmasq.conf rename to systemvm/debian/etc/vpcdnsmasq.conf diff --git a/systemvm/patches/vpn/etc/xl2tpd/xl2tpd.conf b/systemvm/debian/etc/xl2tpd/xl2tpd.conf similarity index 100% rename from systemvm/patches/vpn/etc/xl2tpd/xl2tpd.conf rename to systemvm/debian/etc/xl2tpd/xl2tpd.conf diff --git a/systemvm/patches/debian/opt/cloud/bin/baremetal-vr.py b/systemvm/debian/opt/cloud/bin/baremetal-vr.py similarity index 99% rename from systemvm/patches/debian/opt/cloud/bin/baremetal-vr.py rename to systemvm/debian/opt/cloud/bin/baremetal-vr.py index e5b6aca51d66..20352ddeeab4 100755 --- a/systemvm/patches/debian/opt/cloud/bin/baremetal-vr.py +++ b/systemvm/debian/opt/cloud/bin/baremetal-vr.py @@ -15,8 +15,6 @@ #specific language governing permissions and limitations #under the License. -__author__ = 'frank' - import subprocess import urllib import hmac diff --git a/systemvm/patches/debian/opt/cloud/bin/baremetal_snat.sh b/systemvm/debian/opt/cloud/bin/baremetal_snat.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/baremetal_snat.sh rename to systemvm/debian/opt/cloud/bin/baremetal_snat.sh diff --git a/systemvm/patches/debian/opt/cloud/bin/bumpup_priority.sh b/systemvm/debian/opt/cloud/bin/bumpup_priority.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/bumpup_priority.sh rename to systemvm/debian/opt/cloud/bin/bumpup_priority.sh diff --git a/systemvm/patches/debian/opt/cloud/bin/checkbatchs2svpn.sh b/systemvm/debian/opt/cloud/bin/checkbatchs2svpn.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/checkbatchs2svpn.sh rename to systemvm/debian/opt/cloud/bin/checkbatchs2svpn.sh diff --git a/systemvm/patches/debian/opt/cloud/bin/checkrouter.sh b/systemvm/debian/opt/cloud/bin/checkrouter.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/checkrouter.sh rename to systemvm/debian/opt/cloud/bin/checkrouter.sh diff --git a/systemvm/patches/debian/opt/cloud/bin/checks2svpn.sh b/systemvm/debian/opt/cloud/bin/checks2svpn.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/checks2svpn.sh rename to systemvm/debian/opt/cloud/bin/checks2svpn.sh diff --git a/systemvm/patches/debian/opt/cloud/bin/cloud-nic.sh b/systemvm/debian/opt/cloud/bin/cloud-nic.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/cloud-nic.sh rename to systemvm/debian/opt/cloud/bin/cloud-nic.sh diff --git a/systemvm/patches/debian/opt/cloud/bin/configure.py b/systemvm/debian/opt/cloud/bin/configure.py similarity index 85% rename from systemvm/patches/debian/opt/cloud/bin/configure.py rename to systemvm/debian/opt/cloud/bin/configure.py index e84e0171d307..a3b7674926c4 100755 --- a/systemvm/patches/debian/opt/cloud/bin/configure.py +++ b/systemvm/debian/opt/cloud/bin/configure.py @@ -16,16 +16,14 @@ # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. -import sys import base64 - -from collections import OrderedDict - import logging +import os import re +import sys +import time -import os.path -import os +from collections import OrderedDict from fcntl import flock, LOCK_EX, LOCK_UN from cs.CsDatabag import CsDataBag @@ -39,11 +37,10 @@ from cs.CsProcess import CsProcess from cs.CsStaticRoutes import CsStaticRoutes -OCCURRENCES = 1 class CsPassword(CsDataBag): - TOKEN_FILE="/tmp/passwdsrvrtoken" + TOKEN_FILE = "/tmp/passwdsrvrtoken" def process(self): for item in self.dbag: @@ -66,7 +63,7 @@ def __update(self, vm_ip, password): proc = CsProcess(['/opt/cloud/bin/passwd_server_ip.py', server_ip]) if proc.find(): update_command = 'curl --header "DomU_Request: save_password" "http://{SERVER_IP}:8080/" -F "ip={VM_IP}" -F "password={PASSWORD}" ' \ - '-F "token={TOKEN}" >/dev/null 2>/dev/null &'.format(SERVER_IP=server_ip, VM_IP=vm_ip, PASSWORD=password, TOKEN=token) + '-F "token={TOKEN}" >/dev/null 2>/dev/null &'.format(SERVER_IP=server_ip, VM_IP=vm_ip, PASSWORD=password, TOKEN=token) result = CsHelper.execute(update_command) logging.debug("Update password server result ==> %s" % result) @@ -96,7 +93,7 @@ def __init__(self, obj, fw): self.rule['allowed'] = True self.rule['action'] = "ACCEPT" - if self.rule['type'] == 'all' and obj['source_cidr_list']: + if self.rule['type'] == 'all' and obj['source_cidr_list']: self.rule['cidr'] = [] else: self.rule['cidr'] = obj['source_cidr_list'] @@ -127,7 +124,7 @@ def add_rule(self): rnge = '' if "first_port" in self.rule.keys() and \ self.rule['first_port'] == self.rule['last_port']: - rnge = " --dport %s " %self.rule['first_port'] + rnge = " --dport %s " % self.rule['first_port'] if "first_port" in self.rule.keys() and \ self.rule['first_port'] != self.rule['last_port']: rnge = " --dport %s:%s" % (rule['first_port'], rule['last_port']) @@ -149,21 +146,21 @@ def add_rule(self): " -p %s " % rule['protocol'] + " %s -j %s" % (rnge, self.rule['action'])]) - sflag=False - dflag=False + sflag = False + dflag = False if self.direction == 'egress': ruleId = self.rule['id'] - sourceIpsetName = 'sourceCidrIpset-%d' %ruleId - destIpsetName = 'destCidrIpset-%d' %ruleId + sourceIpsetName = 'sourceCidrIpset-%d' % ruleId + destIpsetName = 'destCidrIpset-%d' % ruleId - #create source cidr ipset + # Create source cidr ipset srcIpset = 'ipset create '+sourceIpsetName + ' hash:net ' dstIpset = 'ipset create '+destIpsetName + ' hash:net ' CsHelper.execute(srcIpset) CsHelper.execute(dstIpset) for cidr in self.rule['cidr']: - ipsetAddCmd = 'ipset add '+ sourceIpsetName + ' '+cidr + ipsetAddCmd = 'ipset add ' + sourceIpsetName + ' ' + cidr CsHelper.execute(ipsetAddCmd) sflag = True @@ -171,7 +168,7 @@ def add_rule(self): for cidr in self.rule['dcidr']: if cidr == CIDR_ALL: continue - ipsetAddCmd = 'ipset add '+ destIpsetName + ' '+cidr + ipsetAddCmd = 'ipset add ' + destIpsetName + ' ' + cidr CsHelper.execute(ipsetAddCmd) dflag = True @@ -196,13 +193,13 @@ def add_rule(self): else: self.rule['action'] = "ACCEPT" - egressIpsetStr='' - if sflag == True and dflag == True: + egressIpsetStr = '' + if sflag and dflag: egressIpsetStr = " -m set --match-set %s src " % sourceIpsetName + \ " -m set --match-set %s dst " % destIpsetName - elif sflag == True: + elif sflag: egressIpsetStr = " -m set --match-set %s src " % sourceIpsetName - elif dflag == True: + elif dflag: egressIpsetStr = " -m set --match-set %s dst " % destIpsetName if rule['protocol'] == "icmp": @@ -359,7 +356,7 @@ def __createfile(self, ip, folder, file, data): if data is not None: # need to pad data if it is not valid base 64 if len(data) % 4 != 0: - data += (4-(len(data) % 4)) * "=" + data += (4 - (len(data) % 4)) * "=" data = base64.b64decode(data) fh = open(dest, "w") @@ -466,7 +463,7 @@ def __exflock(self, file): def __unflock(self, file): try: flock(file, LOCK_UN) - except IOError: + except IOError as e: print "failed to unlock file" + file.name + " due to : " + e.strerror sys.exit(1) # FIXME return True @@ -539,8 +536,8 @@ def configure_ipsec(self, obj): peerlist = obj['peer_guest_cidr_list'].replace(' ', '') vpnconffile = "%s/ipsec.vpn-%s.conf" % (self.VPNCONFDIR, rightpeer) vpnsecretsfile = "%s/ipsec.vpn-%s.secrets" % (self.VPNCONFDIR, rightpeer) - ikepolicy=obj['ike_policy'].replace(';','-') - esppolicy=obj['esp_policy'].replace(';','-') + ikepolicy = obj['ike_policy'].replace(';', '-') + esppolicy = obj['esp_policy'].replace(';', '-') if rightpeer in self.confips: self.confips.remove(rightpeer) @@ -561,7 +558,7 @@ def configure_ipsec(self, obj): file.addeq(" keyingtries=2") file.addeq(" auto=route") if 'encap' not in obj: - obj['encap']=False + obj['encap'] = False file.addeq(" forceencaps=%s" % CsHelper.bool_to_yn(obj['encap'])) if obj['dpd']: file.addeq(" dpddelay=30") @@ -595,14 +592,14 @@ def convert_sec_to_h(self, val): class CsVpnUser(CsDataBag): - PPP_CHAP='/etc/ppp/chap-secrets' + PPP_CHAP = '/etc/ppp/chap-secrets' def process(self): for user in self.dbag: if user == 'id': continue - userconfig=self.dbag[user] + userconfig = self.dbag[user] if userconfig['add']: self.add_l2tp_ipsec_user(user, userconfig) else: @@ -612,7 +609,7 @@ def add_l2tp_ipsec_user(self, user, obj): userfound = False password = obj['password'] - userAddEntry = "%s * %s *" %(user,password) + userAddEntry = "%s * %s *" % (user, password) logging.debug("Adding vpn user '%s'" % user) file = CsFile(self.PPP_CHAP) @@ -626,7 +623,7 @@ def add_l2tp_ipsec_user(self, user, obj): def del_l2tp_ipsec_user(self, user, obj): userfound = False password = obj['password'] - userentry = "%s * %s *" % (user,password) + userentry = "%s * %s *" % (user, password) logging.debug("Deleting the user '%s'" % user) file = CsFile(self.PPP_CHAP) @@ -647,7 +644,7 @@ def del_l2tp_ipsec_user(self, user, obj): if pppd == 'PPPD_PID': pid = str.split('=')[1] if pid: - logging.debug("killing process %s" %pid) + logging.debug("killing process %s" % pid) CsHelper.execute('kill -9 %s' % pid) @@ -662,12 +659,11 @@ def process(self): for public_ip in self.dbag: if public_ip == "id": continue - vpnconfig=self.dbag[public_ip] + vpnconfig = self.dbag[public_ip] # Enable remote access vpn if vpnconfig['create']: - shutdownIpsec = False - logging.debug("Enabling remote access vpn on "+ public_ip) + logging.debug("Enabling remote access vpn on " + public_ip) CsHelper.start_if_stopped("ipsec") self.configure_l2tpIpsec(public_ip, self.dbag[public_ip]) @@ -682,20 +678,19 @@ def process(self): CsHelper.execute("ipsec down L2TP-PSK") CsHelper.execute("systemctl stop xl2tpd") + def configure_l2tpIpsec(self, left, obj): + l2tpconffile = "%s/l2tp.conf" % (self.VPNCONFDIR) + vpnsecretfilte = "%s/ipsec.any.secrets" % (self.VPNCONFDIR) + xl2tpdconffile = "/etc/xl2tpd/xl2tpd.conf" + xl2tpoptionsfile = "/etc/ppp/options.xl2tpd" - def configure_l2tpIpsec(self, left, obj): - l2tpconffile="%s/l2tp.conf" % (self.VPNCONFDIR) - vpnsecretfilte="%s/ipsec.any.secrets" % (self.VPNCONFDIR) - xl2tpdconffile="/etc/xl2tpd/xl2tpd.conf" - xl2tpoptionsfile='/etc/ppp/options.xl2tpd' - - localip=obj['local_ip'] - localcidr=obj['local_cidr'] - publicIface=obj['public_interface'] - iprange=obj['ip_range'] - psk=obj['preshared_key'] + localip = obj['local_ip'] + localcidr = obj['local_cidr'] + publicIface = obj['public_interface'] + iprange = obj['ip_range'] + psk = obj['preshared_key'] - #left + # Left l2tpfile = CsFile(l2tpconffile) l2tpfile.addeq(" left=%s" % left) l2tpfile.commit() @@ -706,19 +701,18 @@ def configure_l2tpIpsec(self, left, obj): secret.commit() xl2tpdconf = CsFile(xl2tpdconffile) - xl2tpdconf.addeq("ip range = %s" %iprange) - xl2tpdconf.addeq("local ip = %s" %localip) + xl2tpdconf.addeq("ip range = %s" % iprange) + xl2tpdconf.addeq("local ip = %s" % localip) xl2tpdconf.commit() - xl2tpoptions=CsFile(xl2tpoptionsfile) - xl2tpoptions.search("ms-dns ", "ms-dns %s" %localip) + xl2tpoptions = CsFile(xl2tpoptionsfile) + xl2tpoptions.search("ms-dns ", "ms-dns %s" % localip) xl2tpoptions.commit() def remoteaccessvpn_iptables(self, publicip, obj): - publicdev=obj['public_interface'] - localcidr=obj['local_cidr'] - local_ip=obj['local_ip'] - + publicdev = obj['public_interface'] + localcidr = obj['local_cidr'] + local_ip = obj['local_ip'] self.fw.append(["", "", "-A INPUT -i %s --dst %s -p udp -m udp --dport 500 -j ACCEPT" % (publicdev, publicip)]) self.fw.append(["", "", "-A INPUT -i %s --dst %s -p udp -m udp --dport 4500 -j ACCEPT" % (publicdev, publicip)]) @@ -729,31 +723,30 @@ def remoteaccessvpn_iptables(self, publicip, obj): self.fw.append(["", "", "-A OUTPUT -p esp -j ACCEPT"]) if self.config.is_vpc(): - self.fw.append(["", ""," -N VPN_FORWARD"]) - self.fw.append(["", "","-I FORWARD -i ppp+ -j VPN_FORWARD"]) - self.fw.append(["", "","-I FORWARD -o ppp+ -j VPN_FORWARD"]) - self.fw.append(["", "","-I FORWARD -o ppp+ -j VPN_FORWARD"]) - self.fw.append(["", "","-A VPN_FORWARD -s %s -j RETURN" %localcidr]) - self.fw.append(["", "","-A VPN_FORWARD -i ppp+ -d %s -j RETURN" %localcidr]) - self.fw.append(["", "","-A VPN_FORWARD -i ppp+ -o ppp+ -j RETURN"]) + self.fw.append(["", "", " -N VPN_FORWARD"]) + self.fw.append(["", "", "-I FORWARD -i ppp+ -j VPN_FORWARD"]) + self.fw.append(["", "", "-I FORWARD -o ppp+ -j VPN_FORWARD"]) + self.fw.append(["", "", "-I FORWARD -o ppp+ -j VPN_FORWARD"]) + self.fw.append(["", "", "-A VPN_FORWARD -s %s -j RETURN" % localcidr]) + self.fw.append(["", "", "-A VPN_FORWARD -i ppp+ -d %s -j RETURN" % localcidr]) + self.fw.append(["", "", "-A VPN_FORWARD -i ppp+ -o ppp+ -j RETURN"]) else: - self.fw.append(["", "","-A FORWARD -i ppp+ -o ppp+ -j ACCEPT"]) - self.fw.append(["", "","-A FORWARD -s %s -o ppp+ -j ACCEPT" % localcidr]) - self.fw.append(["", "","-A FORWARD -i ppp+ -d %s -j ACCEPT" % localcidr]) - + self.fw.append(["", "", "-A FORWARD -i ppp+ -o ppp+ -j ACCEPT"]) + self.fw.append(["", "", "-A FORWARD -s %s -o ppp+ -j ACCEPT" % localcidr]) + self.fw.append(["", "", "-A FORWARD -i ppp+ -d %s -j ACCEPT" % localcidr]) - self.fw.append(["", "","-A INPUT -i ppp+ -m udp -p udp --dport 53 -j ACCEPT"]) - self.fw.append(["", "","-A INPUT -i ppp+ -m tcp -p tcp --dport 53 -j ACCEPT"]) - self.fw.append(["nat", "","-I PREROUTING -i ppp+ -m tcp --dport 53 -j DNAT --to-destination %s" % local_ip]) + self.fw.append(["", "", "-A INPUT -i ppp+ -m udp -p udp --dport 53 -j ACCEPT"]) + self.fw.append(["", "", "-A INPUT -i ppp+ -m tcp -p tcp --dport 53 -j ACCEPT"]) + self.fw.append(["nat", "", "-I PREROUTING -i ppp+ -m tcp --dport 53 -j DNAT --to-destination %s" % local_ip]) if self.config.is_vpc(): return - self.fw.append(["mangle", "","-N VPN_%s " %publicip]) - self.fw.append(["mangle", "","-A VPN_%s -j RETURN " % publicip]) - self.fw.append(["mangle", "","-I VPN_%s -p ah -j ACCEPT " % publicip]) - self.fw.append(["mangle", "","-I VPN_%s -p esp -j ACCEPT " % publicip]) - self.fw.append(["mangle", "","-I PREROUTING -d %s -j VPN_%s " % (publicip, publicip)]) + self.fw.append(["mangle", "", "-N VPN_%s " % publicip]) + self.fw.append(["mangle", "", "-A VPN_%s -j RETURN " % publicip]) + self.fw.append(["mangle", "", "-I VPN_%s -p ah -j ACCEPT " % publicip]) + self.fw.append(["mangle", "", "-I VPN_%s -p esp -j ACCEPT " % publicip]) + self.fw.append(["mangle", "", "-I PREROUTING -d %s -j VPN_%s " % (publicip, publicip)]) class CsForwardingRules(CsDataBag): @@ -768,7 +761,7 @@ def process(self): elif rule["type"] == "staticnat": self.processStaticNatRule(rule) - #return the VR guest interface ip + # Return the VR guest interface ip def getGuestIp(self): interfaces = [] ipAddr = None @@ -814,7 +807,7 @@ def processForwardRule(self, rule): self.forward_vr(rule) def forward_vr(self, rule): - #prefetch iptables variables + # Prefetch iptables variables public_fwinterface = self.getDeviceByIp(rule['public_ip']) internal_fwinterface = self.getDeviceByIp(rule['internal_ip']) public_fwports = self.portsToString(rule['public_ports'], ':') @@ -930,10 +923,10 @@ def processStaticNatRule(self, rule): raise Exception("Ip address %s has no device in the ips databag" % rule["public_ip"]) self.fw.append(["mangle", "", - "-I PREROUTING -s %s/32 -m state --state NEW -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" % \ + "-I PREROUTING -s %s/32 -m state --state NEW -j CONNMARK --save-mark --nfmask 0xffffffff --ctmask 0xffffffff" % rule["internal_ip"]]) self.fw.append(["mangle", "", - "-I PREROUTING -s %s/32 -m state --state NEW -j MARK --set-xmark 0x%s/0xffffffff" % \ + "-I PREROUTING -s %s/32 -m state --state NEW -j MARK --set-xmark 0x%s/0xffffffff" % (rule["internal_ip"], device[len("eth"):])]) self.fw.append(["nat", "front", "-A PREROUTING -d %s/32 -j DNAT --to-destination %s" % (rule["public_ip"], rule["internal_ip"])]) @@ -944,11 +937,12 @@ def processStaticNatRule(self, rule): self.fw.append(["filter", "", "-A FORWARD -i %s -o eth0 -d %s -m state --state NEW -j ACCEPT " % (device, rule["internal_ip"])]) - #configure the hairpin nat + # Configure the hairpin nat self.fw.append(["nat", "front", "-A PREROUTING -d %s -i eth0 -j DNAT --to-destination %s" % (rule["public_ip"], rule["internal_ip"])]) - self.fw.append(["nat", "front", "-A POSTROUTING -s %s -d %s -j SNAT -o eth0 --to-source %s" % (self.getNetworkByIp(rule['internal_ip']),rule["internal_ip"], self.getGuestIp())]) + self.fw.append(["nat", "front", "-A POSTROUTING -s %s -d %s -j SNAT -o eth0 --to-source %s" % + (self.getNetworkByIp(rule['internal_ip']), rule["internal_ip"], self.getGuestIp())]) class IpTablesExecutor: @@ -984,8 +978,9 @@ def process(self): logging.debug("Configuring iptables rules done ...saving rules") # Save iptables configuration - will be loaded on reboot by the iptables-restore that is configured on /etc/rc.local - CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4") - CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6") + CsHelper.save_iptables("iptables-save", "/etc/iptables/rules.v4") + CsHelper.save_iptables("ip6tables-save", "/etc/iptables/rules.v6") + def main(argv): # The file we are currently processing, if it is "cmd_line.json" everything will be processed. @@ -995,6 +990,8 @@ def main(argv): logging.debug("No file was received, do not go on processing the other actions. Just leave for now.") return + json_type = os.path.basename(process_file).split('.json')[0] + # The "GLOBAL" Configuration object config = CsConfig() @@ -1009,53 +1006,51 @@ def main(argv): config.address().compare() config.address().process() - databag_map = OrderedDict([("guest_network.json", {"process_iptables" : True, "executor" : IpTablesExecutor(config)}), - ("vm_password.json", {"process_iptables" : False, "executor" : CsPassword("vmpassword", config)}), - ("vm_metadata.json", {"process_iptables" : False, "executor" : CsVmMetadata('vmdata', config)}), - ("network_acl.json", {"process_iptables" : True, "executor" : IpTablesExecutor(config)}), - ("firewall_rules.json", {"process_iptables" : True, "executor" : IpTablesExecutor(config)}), - ("forwarding_rules.json", {"process_iptables" : True, "executor" : IpTablesExecutor(config)}), - ("staticnat_rules.json", {"process_iptables" : True, "executor" : IpTablesExecutor(config)}), - ("site_2_site_vpn.json", {"process_iptables" : True, "executor" : IpTablesExecutor(config)}), - ("remote_access_vpn.json", {"process_iptables" : True, "executor" : IpTablesExecutor(config)}), - ("vpn_user_list.json", {"process_iptables" : False, "executor" : CsVpnUser("vpnuserlist", config)}), - ("vm_dhcp_entry.json", {"process_iptables" : False, "executor" : CsDhcp("dhcpentry", config)}), - ("dhcp.json", {"process_iptables" : False, "executor" : CsDhcp("dhcpentry", config)}), - ("load_balancer.json", {"process_iptables" : True, "executor" : IpTablesExecutor(config)}), - ("monitor_service.json", {"process_iptables" : False, "executor" : CsMonitor("monitorservice", config)}), - ("static_routes.json", {"process_iptables" : False, "executor" : CsStaticRoutes("staticroutes", config)}) + databag_map = OrderedDict([("guest_network", {"process_iptables": True, "executor": []}), + ("vm_password", {"process_iptables": False, "executor": [CsPassword("vmpassword", config)]}), + ("vm_metadata", {"process_iptables": False, "executor": [CsVmMetadata('vmdata', config)]}), + ("network_acl", {"process_iptables": True, "executor": []}), + ("firewall_rules", {"process_iptables": True, "executor": []}), + ("forwarding_rules", {"process_iptables": True, "executor": []}), + ("staticnat_rules", {"process_iptables": True, "executor": []}), + ("site_2_site_vpn", {"process_iptables": True, "executor": []}), + ("remote_access_vpn", {"process_iptables": True, "executor": []}), + ("vpn_user_list", {"process_iptables": False, "executor": [CsVpnUser("vpnuserlist", config)]}), + ("vm_dhcp_entry", {"process_iptables": False, "executor": [CsDhcp("dhcpentry", config)]}), + ("dhcp", {"process_iptables": False, "executor": [CsDhcp("dhcpentry", config)]}), + ("load_balancer", {"process_iptables": True, "executor": []}), + ("monitor_service", {"process_iptables": False, "executor": [CsMonitor("monitorservice", config)]}), + ("static_routes", {"process_iptables": False, "executor": [CsStaticRoutes("staticroutes", config)]}) ]) - if process_file.count("cmd_line.json") == OCCURRENCES: - logging.debug("cmd_line.json changed. All other files will be processed as well.") - - while databag_map: - item = databag_map.popitem(last = False) - item_name = item[0] - item_dict = item[1] - if not item_dict["process_iptables"]: - executor = item_dict["executor"] - executor.process() + def execDatabag(key, db): + if key not in db.keys() or 'executor' not in db[key]: + logging.warn("Unable to find config or executor(s) for the databag type %s" % key) + return + for executor in db[key]['executor']: + logging.debug("Processing for databag type: %s" % key) + executor.process() + def execIptables(config): + logging.debug("Processing iptables rules") iptables_executor = IpTablesExecutor(config) iptables_executor.process() - else: - while databag_map: - item = databag_map.popitem(last = False) - item_name = item[0] - item_dict = item[1] - if process_file.count(item_name) == OCCURRENCES: - executor = item_dict["executor"] - executor.process() - - if item_dict["process_iptables"]: - iptables_executor = IpTablesExecutor(config) - iptables_executor.process() - break + if json_type == "cmd_line": + logging.debug("cmd_line.json changed. All other files will be processed as well.") + for key in databag_map.keys(): + execDatabag(key, databag_map) + execIptables(config) + elif json_type in databag_map.keys(): + execDatabag(json_type, databag_map) + if databag_map[json_type]['process_iptables']: + execIptables(config) + else: + logging.warn("Unable to find and process databag for file: %s, for json type=%s" % (process_file, json_type)) red = CsRedundant(config) red.set() + return 0 if __name__ == "__main__": main(sys.argv) diff --git a/systemvm/patches/debian/opt/cloud/bin/cs/CsAddress.py b/systemvm/debian/opt/cloud/bin/cs/CsAddress.py similarity index 99% rename from systemvm/patches/debian/opt/cloud/bin/cs/CsAddress.py rename to systemvm/debian/opt/cloud/bin/cs/CsAddress.py index d190a723f0c1..6ad50459b570 100755 --- a/systemvm/patches/debian/opt/cloud/bin/cs/CsAddress.py +++ b/systemvm/debian/opt/cloud/bin/cs/CsAddress.py @@ -27,6 +27,7 @@ VRRP_TYPES = ['guest'] + class CsAddress(CsDataBag): def compare(self): @@ -359,7 +360,6 @@ def setup_router_control(self): self.fw.append(["filter", "", "-P INPUT DROP"]) self.fw.append(["filter", "", "-P FORWARD DROP"]) - def fw_router(self): if self.config.is_vpc(): return @@ -439,7 +439,7 @@ def fw_vpcrouter(self): if self.get_type() in ["guest"]: self.fw.append(["mangle", "front", "-A PREROUTING " + - " -i %s -m state --state RELATED,ESTABLISHED " % self.dev + + " -i %s -m state --state RELATED,ESTABLISHED " % self.dev + "-j CONNMARK --restore-mark --nfmask 0xffffffff --ctmask 0xffffffff"]) guestNetworkCidr = self.address['network'] self.fw.append(["filter", "", "-A FORWARD -d %s -o %s -j ACL_INBOUND_%s" % diff --git a/systemvm/patches/debian/opt/cloud/bin/cs/CsApp.py b/systemvm/debian/opt/cloud/bin/cs/CsApp.py similarity index 87% rename from systemvm/patches/debian/opt/cloud/bin/cs/CsApp.py rename to systemvm/debian/opt/cloud/bin/cs/CsApp.py index 496a0e7876a8..2085088db8e4 100755 --- a/systemvm/patches/debian/opt/cloud/bin/cs/CsApp.py +++ b/systemvm/debian/opt/cloud/bin/cs/CsApp.py @@ -16,7 +16,6 @@ # specific language governing permissions and limitations # under the License. import os -import CsHelper from CsFile import CsFile from CsProcess import CsProcess import CsHelper @@ -74,20 +73,13 @@ def __init__(self, ip): self.ip = ip def start(self): - proc = CsProcess(["dummy"]) - if proc.grep("passwd_server_ip %s" % self.ip) == -1: - proc.start("/opt/cloud/bin/passwd_server_ip %s >> /var/log/cloud.log 2>&1" % self.ip, "&") + CsHelper.service("cloud-password-server@%s" % self.ip, "start") def stop(self): - proc = CsProcess(["Password Service"]) - pid = proc.grep("passwd_server_ip %s" % self.ip) - proc.kill(pid) - pid = proc.grep("8080,reuseaddr,fork,crnl,bind=%s" % self.ip) - proc.kill(pid) + CsHelper.service("cloud-password-server@%s" % self.ip, "stop") def restart(self): - self.stop() - self.start() + CsHelper.service("cloud-password-server@%s" % self.ip, "restart") class CsDnsmasq(CsApp): diff --git a/systemvm/patches/debian/opt/cloud/bin/cs/CsConfig.py b/systemvm/debian/opt/cloud/bin/cs/CsConfig.py similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/cs/CsConfig.py rename to systemvm/debian/opt/cloud/bin/cs/CsConfig.py diff --git a/systemvm/patches/debian/opt/cloud/bin/cs/CsDatabag.py b/systemvm/debian/opt/cloud/bin/cs/CsDatabag.py similarity index 97% rename from systemvm/patches/debian/opt/cloud/bin/cs/CsDatabag.py rename to systemvm/debian/opt/cloud/bin/cs/CsDatabag.py index 9ccb768d14ce..adb9a1aae744 100755 --- a/systemvm/patches/debian/opt/cloud/bin/cs/CsDatabag.py +++ b/systemvm/debian/opt/cloud/bin/cs/CsDatabag.py @@ -136,8 +136,8 @@ def get_router_password(self): This is slightly difficult to happen, but if it does, destroy the router with the password generated with the code below and restart the VPC with out the clean up option. ''' - if(self.get_type()=='router'): - passwd="%s-%s" % (self.get_eth2_ip(), self.get_router_id()) + if self.get_type() == 'router': + passwd = "%s-%s" % (self.get_eth2_ip(), self.get_router_id()) else: passwd = "%s-%s" % (self.get_vpccidr(), self.get_router_id()) md5 = hashlib.md5() diff --git a/systemvm/patches/debian/opt/cloud/bin/cs/CsDhcp.py b/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py similarity index 98% rename from systemvm/patches/debian/opt/cloud/bin/cs/CsDhcp.py rename to systemvm/debian/opt/cloud/bin/cs/CsDhcp.py index fbd1e053ce60..f61350107440 100755 --- a/systemvm/patches/debian/opt/cloud/bin/cs/CsDhcp.py +++ b/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py @@ -135,13 +135,13 @@ def add(self, entry): # with a splay of 60 hours to prevent storms lease = randint(700, 760) - if entry['default_entry'] == True: + if entry['default_entry']: self.cloud.add("%s,%s,%s,%sh" % (entry['mac_address'], entry['ipv4_address'], entry['host_name'], lease)) else: - tag = entry['ipv4_address'].replace(".","_") + tag = entry['ipv4_address'].replace(".", "_") self.cloud.add("%s,set:%s,%s,%s,%sh" % (entry['mac_address'], tag, entry['ipv4_address'], diff --git a/systemvm/patches/debian/opt/cloud/bin/cs/CsFile.py b/systemvm/debian/opt/cloud/bin/cs/CsFile.py similarity index 99% rename from systemvm/patches/debian/opt/cloud/bin/cs/CsFile.py rename to systemvm/debian/opt/cloud/bin/cs/CsFile.py index 334e6314bbee..b0a25916da90 100755 --- a/systemvm/patches/debian/opt/cloud/bin/cs/CsFile.py +++ b/systemvm/debian/opt/cloud/bin/cs/CsFile.py @@ -67,7 +67,6 @@ def commit(self): self.config = list(self.new_config) logging.info("Updated file in-cache configuration") - def dump(self): for line in self.new_config: print line @@ -134,13 +133,12 @@ def search(self, search, replace): return True return False - def searchString(self, search, ignoreLinesStartWith): found = False logging.debug("Searching for %s string " % search) for index, line in enumerate(self.new_config): - print ' line = ' +line + print ' line = ' + line if line.lstrip().startswith(ignoreLinesStartWith): continue if search in line: @@ -149,7 +147,6 @@ def searchString(self, search, ignoreLinesStartWith): return found - def deleteLine(self, search): found = False logging.debug("Searching for %s to remove the line " % search) @@ -162,7 +159,6 @@ def deleteLine(self, search): self.new_config = list(temp_config) - def compare(self, o): result = (isinstance(o, self.__class__) and set(self.config) == set(o.config)) logging.debug("Comparison of CsFiles content is ==> %s" % result) diff --git a/systemvm/patches/debian/opt/cloud/bin/cs/CsGuestNetwork.py b/systemvm/debian/opt/cloud/bin/cs/CsGuestNetwork.py similarity index 96% rename from systemvm/patches/debian/opt/cloud/bin/cs/CsGuestNetwork.py rename to systemvm/debian/opt/cloud/bin/cs/CsGuestNetwork.py index d23a870af69c..9a94dc66360d 100755 --- a/systemvm/patches/debian/opt/cloud/bin/cs/CsGuestNetwork.py +++ b/systemvm/debian/opt/cloud/bin/cs/CsGuestNetwork.py @@ -40,7 +40,7 @@ def get_dns(self): return self.config.get_dns() dns = [] - if not self.config.use_extdns() and 'router_guest_gateway' in self.data: + if 'router_guest_gateway' in self.data and not self.config.use_extdns(): dns.append(self.data['router_guest_gateway']) if 'dns' in self.data: diff --git a/systemvm/patches/debian/opt/cloud/bin/cs/CsHelper.py b/systemvm/debian/opt/cloud/bin/cs/CsHelper.py similarity index 93% rename from systemvm/patches/debian/opt/cloud/bin/cs/CsHelper.py rename to systemvm/debian/opt/cloud/bin/cs/CsHelper.py index 7ff32ee6ad42..ad8480d0ed0e 100755 --- a/systemvm/patches/debian/opt/cloud/bin/cs/CsHelper.py +++ b/systemvm/debian/opt/cloud/bin/cs/CsHelper.py @@ -21,16 +21,18 @@ """ import subprocess import logging +import sys import os.path import re import shutil from netaddr import * from pprint import pprint -PUBLIC_INTERFACES = {"router" : "eth2", "vpcrouter" : "eth1"} +PUBLIC_INTERFACES = {"router": "eth2", "vpcrouter": "eth1"} + +STATE_COMMANDS = {"router": "ip addr | grep eth0 | grep inet | wc -l | xargs bash -c 'if [ $0 == 2 ]; then echo \"MASTER\"; else echo \"BACKUP\"; fi'", + "vpcrouter": "ip addr | grep eth1 | grep state | awk '{print $9;}' | xargs bash -c 'if [ $0 == \"UP\" ]; then echo \"MASTER\"; else echo \"BACKUP\"; fi'"} -STATE_COMMANDS = {"router" : "ip addr | grep eth0 | grep inet | wc -l | xargs bash -c 'if [ $0 == 2 ]; then echo \"MASTER\"; else echo \"BACKUP\"; fi'", - "vpcrouter" : "ip addr | grep eth1 | grep state | awk '{print $9;}' | xargs bash -c 'if [ $0 == \"UP\" ]; then echo \"MASTER\"; else echo \"BACKUP\"; fi'"} def reconfigure_interfaces(router_config, interfaces): for interface in interfaces: @@ -52,6 +54,7 @@ def reconfigure_interfaces(router_config, interfaces): else: execute(cmd) + def is_mounted(name): for i in execute("mount"): vals = i.lstrip().split() @@ -242,6 +245,7 @@ def copy_if_needed(src, dest): return copy(src, dest) + def copy(src, dest): """ copy source to destination. @@ -249,6 +253,6 @@ def copy(src, dest): try: shutil.copy2(src, dest) except IOError: - logging.Error("Could not copy %s to %s" % (src, dest)) + logging.error("Could not copy %s to %s" % (src, dest)) else: logging.info("Copied %s to %s" % (src, dest)) diff --git a/systemvm/patches/debian/opt/cloud/bin/cs/CsLoadBalancer.py b/systemvm/debian/opt/cloud/bin/cs/CsLoadBalancer.py similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/cs/CsLoadBalancer.py rename to systemvm/debian/opt/cloud/bin/cs/CsLoadBalancer.py diff --git a/systemvm/patches/debian/opt/cloud/bin/cs/CsMonitor.py b/systemvm/debian/opt/cloud/bin/cs/CsMonitor.py similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/cs/CsMonitor.py rename to systemvm/debian/opt/cloud/bin/cs/CsMonitor.py diff --git a/systemvm/patches/debian/opt/cloud/bin/cs/CsNetfilter.py b/systemvm/debian/opt/cloud/bin/cs/CsNetfilter.py similarity index 96% rename from systemvm/patches/debian/opt/cloud/bin/cs/CsNetfilter.py rename to systemvm/debian/opt/cloud/bin/cs/CsNetfilter.py index 06c59ff65bb3..a9ac0ad52623 100755 --- a/systemvm/patches/debian/opt/cloud/bin/cs/CsNetfilter.py +++ b/systemvm/debian/opt/cloud/bin/cs/CsNetfilter.py @@ -143,7 +143,7 @@ def compare(self, list): # PASS 2: Create rules for fw in list: tupledFw = tuple(fw) - if tupledFw in ruleSet : + if tupledFw in ruleSet: logging.debug("Already processed : %s", tupledFw) continue @@ -173,12 +173,12 @@ def compare(self, list): else: cpy = cpy.replace("-A %s" % new_rule.get_chain(), '-I %s %s' % (new_rule.get_chain(), fw[1])) ret = CsHelper.execute2("iptables -t %s %s" % (new_rule.get_table(), cpy)) - #There are some issues in this framework causing failures .. like adding a chain without checking it is present causing + # There are some issues in this framework causing failures .. like adding a chain without checking it is present causing # the failures. Also some of the rule like removeFromLoadBalancerRule is deleting rule and deleteLoadBalancerRule - #trying to delete which causes the failure. - #For now raising the log. - #TODO: Need to fix in the framework. - if ret.returncode != 0 : + # trying to delete which causes the failure. + # For now raising the log. + # TODO: Need to fix in the framework. + if ret.returncode != 0: error = ret.communicate()[0] logging.debug("iptables command got failed ... continuing") ruleSet.add(tupledFw) diff --git a/systemvm/patches/debian/opt/cloud/bin/cs/CsProcess.py b/systemvm/debian/opt/cloud/bin/cs/CsProcess.py similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/cs/CsProcess.py rename to systemvm/debian/opt/cloud/bin/cs/CsProcess.py diff --git a/systemvm/patches/debian/opt/cloud/bin/cs/CsRedundant.py b/systemvm/debian/opt/cloud/bin/cs/CsRedundant.py similarity index 96% rename from systemvm/patches/debian/opt/cloud/bin/cs/CsRedundant.py rename to systemvm/debian/opt/cloud/bin/cs/CsRedundant.py index 99c7458d32e3..108f3377fdd8 100755 --- a/systemvm/patches/debian/opt/cloud/bin/cs/CsRedundant.py +++ b/systemvm/debian/opt/cloud/bin/cs/CsRedundant.py @@ -42,6 +42,7 @@ import socket from time import sleep + class CsRedundant(object): CS_RAMDISK_DIR = "/ramdisk" @@ -74,10 +75,6 @@ def set(self): def _redundant_off(self): CsHelper.service("conntrackd", "stop") CsHelper.service("keepalived", "stop") - #CsHelper.umount_tmpfs(self.CS_RAMDISK_DIR) - #CsHelper.rmdir(self.CS_RAMDISK_DIR) - CsHelper.rm(self.CONNTRACKD_CONF) - CsHelper.rm(self.KEEPALIVED_CONF) def _redundant_on(self): guest = self.address.get_guest_if() @@ -110,9 +107,10 @@ def _redundant_on(self): CsHelper.service("keepalived", "stop") return - #CsHelper.mkdir(self.CS_RAMDISK_DIR, 0755, False) - #CsHelper.mount_tmpfs(self.CS_RAMDISK_DIR) - #CsHelper.mkdir(self.CS_ROUTER_DIR, 0755, False) + # setup_router should execute this already: + # CsHelper.mkdir(self.CS_RAMDISK_DIR, 0755, False) + # CsHelper.mount_tmpfs(self.CS_RAMDISK_DIR) + # CsHelper.mkdir(self.CS_ROUTER_DIR, 0755, False) for s in self.CS_TEMPLATES: d = s if s.endswith(".templ"): @@ -143,7 +141,7 @@ def _redundant_on(self): keepalived_conf.greplace("[RROUTER_BIN_PATH]", self.CS_ROUTER_DIR) keepalived_conf.section("authentication {", "}", [ - " auth_type AH \n", " auth_pass %s\n" % self.cl.get_router_password()]) + " auth_type AH \n", " auth_pass %s\n" % self.cl.get_router_password()[:8]]) keepalived_conf.section( "virtual_ipaddress {", "}", self._collect_ips()) @@ -195,6 +193,7 @@ def _redundant_on(self): proc = CsProcess(['/usr/sbin/keepalived']) if not proc.find() or keepalived_conf.is_changed() or force_keepalived_restart: keepalived_conf.commit() + os.chmod(self.KEEPALIVED_CONF, 0o644) CsHelper.service("keepalived", "restart") def release_lock(self): @@ -371,10 +370,10 @@ def _collect_ips(self): lines = [] for interface in self.address.get_interfaces(): if interface.needs_vrrp(): - cmdline=self.config.get_cmdline_instance() + cmdline = self.config.get_cmdline_instance() if not interface.is_added(): continue - if(cmdline.get_type()=='router'): + if cmdline.get_type() == 'router': str = " %s brd %s dev %s\n" % (cmdline.get_guest_gw(), interface.get_broadcast(), interface.get_device()) else: str = " %s brd %s dev %s\n" % (interface.get_gateway_cidr(), interface.get_broadcast(), interface.get_device()) diff --git a/systemvm/patches/debian/opt/cloud/bin/cs/CsRoute.py b/systemvm/debian/opt/cloud/bin/cs/CsRoute.py similarity index 93% rename from systemvm/patches/debian/opt/cloud/bin/cs/CsRoute.py rename to systemvm/debian/opt/cloud/bin/cs/CsRoute.py index 56096c86466d..02cc88117d86 100755 --- a/systemvm/patches/debian/opt/cloud/bin/cs/CsRoute.py +++ b/systemvm/debian/opt/cloud/bin/cs/CsRoute.py @@ -34,14 +34,13 @@ def add_table(self, devicename): tablename = self.get_tablename(devicename) str = "%s %s" % (tablenumber, tablename) filename = "/etc/iproute2/rt_tables" - logging.info( - "Adding route table: " + str + " to " + filename + " if not present ") + logging.info("Adding route table: " + str + " to " + filename + " if not present ") if not CsHelper.definedinfile(filename, str): - CsHelper.execute("sudo echo " + str + " >> /etc/iproute2/rt_tables") + CsHelper.execute("sudo echo " + str + " >> /etc/iproute2/rt_tables") # remove "from all table tablename" if exists, else it will interfer with # routing of unintended traffic if self.findRule("from all lookup " + tablename): - CsHelper.execute("sudo ip rule delete from all table " + tablename) + CsHelper.execute("sudo ip rule delete from all table " + tablename) def flush_table(self, tablename): CsHelper.execute("ip route flush table %s" % (tablename)) @@ -115,4 +114,4 @@ def findRule(self, rule): for i in CsHelper.execute("ip rule show"): if rule in i.strip(): return True - return False \ No newline at end of file + return False diff --git a/systemvm/patches/debian/opt/cloud/bin/cs/CsRule.py b/systemvm/debian/opt/cloud/bin/cs/CsRule.py similarity index 98% rename from systemvm/patches/debian/opt/cloud/bin/cs/CsRule.py rename to systemvm/debian/opt/cloud/bin/cs/CsRule.py index 9c48768b35ac..85953fe65613 100755 --- a/systemvm/patches/debian/opt/cloud/bin/cs/CsRule.py +++ b/systemvm/debian/opt/cloud/bin/cs/CsRule.py @@ -49,7 +49,7 @@ def addMark(self): logging.info("Added fwmark rule for %s" % (self.table)) def delMark(self): - if self.findMark(): + if self.findMark(): cmd = "ip rule delete fwmark %s table %s" % (self.tableNo, self.table) CsHelper.execute(cmd) logging.info("Deleting fwmark rule for %s" % (self.table)) diff --git a/systemvm/patches/debian/opt/cloud/bin/cs/CsStaticRoutes.py b/systemvm/debian/opt/cloud/bin/cs/CsStaticRoutes.py similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/cs/CsStaticRoutes.py rename to systemvm/debian/opt/cloud/bin/cs/CsStaticRoutes.py diff --git a/systemvm/patches/debian/opt/cloud/bin/cs/__init__.py b/systemvm/debian/opt/cloud/bin/cs/__init__.py similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/cs/__init__.py rename to systemvm/debian/opt/cloud/bin/cs/__init__.py diff --git a/systemvm/patches/debian/opt/cloud/bin/cs_cmdline.py b/systemvm/debian/opt/cloud/bin/cs_cmdline.py similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/cs_cmdline.py rename to systemvm/debian/opt/cloud/bin/cs_cmdline.py diff --git a/systemvm/patches/debian/opt/cloud/bin/cs_dhcp.py b/systemvm/debian/opt/cloud/bin/cs_dhcp.py similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/cs_dhcp.py rename to systemvm/debian/opt/cloud/bin/cs_dhcp.py diff --git a/systemvm/patches/debian/opt/cloud/bin/cs_firewallrules.py b/systemvm/debian/opt/cloud/bin/cs_firewallrules.py similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/cs_firewallrules.py rename to systemvm/debian/opt/cloud/bin/cs_firewallrules.py diff --git a/systemvm/patches/debian/opt/cloud/bin/cs_forwardingrules.py b/systemvm/debian/opt/cloud/bin/cs_forwardingrules.py similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/cs_forwardingrules.py rename to systemvm/debian/opt/cloud/bin/cs_forwardingrules.py diff --git a/systemvm/patches/debian/opt/cloud/bin/cs_guestnetwork.py b/systemvm/debian/opt/cloud/bin/cs_guestnetwork.py similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/cs_guestnetwork.py rename to systemvm/debian/opt/cloud/bin/cs_guestnetwork.py diff --git a/systemvm/patches/debian/opt/cloud/bin/cs_ip.py b/systemvm/debian/opt/cloud/bin/cs_ip.py similarity index 92% rename from systemvm/patches/debian/opt/cloud/bin/cs_ip.py rename to systemvm/debian/opt/cloud/bin/cs_ip.py index f83bf298c4d1..1e7b326a1ece 100755 --- a/systemvm/patches/debian/opt/cloud/bin/cs_ip.py +++ b/systemvm/debian/opt/cloud/bin/cs_ip.py @@ -18,6 +18,7 @@ from netaddr import * + def merge(dbag, ip): nic_dev_id = None for dev in dbag: @@ -31,7 +32,7 @@ def merge(dbag, ip): ipo = IPNetwork(ip['public_ip'] + '/' + ip['netmask']) if 'nic_dev_id' in ip: - nic_dev_id = ip['nic_dev_id'] + nic_dev_id = ip['nic_dev_id'] ip['device'] = 'eth' + str(nic_dev_id) ip['broadcast'] = str(ipo.broadcast) ip['cidr'] = str(ipo.ip) + '/' + str(ipo.prefixlen) @@ -45,7 +46,7 @@ def merge(dbag, ip): dbag[ip['device']] = [ip] else: if 'source_nat' in ip and ip['source_nat'] and ip['device'] in dbag and len(dbag[ip['device']]) > 0: - dbag[ip['device']].insert(0, ip) # make sure the source_nat ip is first (primary) on the device + dbag[ip['device']].insert(0, ip) # Make sure the source_nat ip is first (primary) on the device else: dbag.setdefault(ip['device'], []).append(ip) diff --git a/systemvm/patches/debian/opt/cloud/bin/cs_loadbalancer.py b/systemvm/debian/opt/cloud/bin/cs_loadbalancer.py similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/cs_loadbalancer.py rename to systemvm/debian/opt/cloud/bin/cs_loadbalancer.py diff --git a/systemvm/patches/debian/opt/cloud/bin/cs_monitorservice.py b/systemvm/debian/opt/cloud/bin/cs_monitorservice.py similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/cs_monitorservice.py rename to systemvm/debian/opt/cloud/bin/cs_monitorservice.py diff --git a/systemvm/patches/debian/opt/cloud/bin/cs_network_acl.py b/systemvm/debian/opt/cloud/bin/cs_network_acl.py similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/cs_network_acl.py rename to systemvm/debian/opt/cloud/bin/cs_network_acl.py diff --git a/systemvm/patches/debian/opt/cloud/bin/cs_remoteaccessvpn.py b/systemvm/debian/opt/cloud/bin/cs_remoteaccessvpn.py similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/cs_remoteaccessvpn.py rename to systemvm/debian/opt/cloud/bin/cs_remoteaccessvpn.py diff --git a/systemvm/patches/debian/opt/cloud/bin/cs_site2sitevpn.py b/systemvm/debian/opt/cloud/bin/cs_site2sitevpn.py similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/cs_site2sitevpn.py rename to systemvm/debian/opt/cloud/bin/cs_site2sitevpn.py diff --git a/systemvm/patches/debian/opt/cloud/bin/cs_staticroutes.py b/systemvm/debian/opt/cloud/bin/cs_staticroutes.py similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/cs_staticroutes.py rename to systemvm/debian/opt/cloud/bin/cs_staticroutes.py diff --git a/systemvm/patches/debian/opt/cloud/bin/cs_vmdata.py b/systemvm/debian/opt/cloud/bin/cs_vmdata.py similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/cs_vmdata.py rename to systemvm/debian/opt/cloud/bin/cs_vmdata.py diff --git a/systemvm/patches/debian/opt/cloud/bin/cs_vmp.py b/systemvm/debian/opt/cloud/bin/cs_vmp.py similarity index 99% rename from systemvm/patches/debian/opt/cloud/bin/cs_vmp.py rename to systemvm/debian/opt/cloud/bin/cs_vmp.py index 7873fe897f52..d0169f733cf2 100755 --- a/systemvm/patches/debian/opt/cloud/bin/cs_vmp.py +++ b/systemvm/debian/opt/cloud/bin/cs_vmp.py @@ -18,6 +18,7 @@ from pprint import pprint from netaddr import * + def merge(dbag, data): """ create a dictionary of values new in data ignoring those in dbag and return it diff --git a/systemvm/patches/debian/opt/cloud/bin/cs_vpnusers.py b/systemvm/debian/opt/cloud/bin/cs_vpnusers.py similarity index 96% rename from systemvm/patches/debian/opt/cloud/bin/cs_vpnusers.py rename to systemvm/debian/opt/cloud/bin/cs_vpnusers.py index 316fabc07d32..8dc454822f88 100755 --- a/systemvm/patches/debian/opt/cloud/bin/cs_vpnusers.py +++ b/systemvm/debian/opt/cloud/bin/cs_vpnusers.py @@ -38,8 +38,8 @@ def merge(dbag, data): del(dbagc[user]) for user in data['vpn_users']: - username=user['user'] - add=user['add'] + username = user['user'] + add = user['add'] if username not in dbagc.keys(): dbagc[username] = user elif username in dbagc.keys() and not add: diff --git a/systemvm/patches/debian/opt/cloud/bin/dnsmasq.sh b/systemvm/debian/opt/cloud/bin/dnsmasq.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/dnsmasq.sh rename to systemvm/debian/opt/cloud/bin/dnsmasq.sh diff --git a/systemvm/patches/debian/opt/cloud/bin/edithosts.sh b/systemvm/debian/opt/cloud/bin/edithosts.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/edithosts.sh rename to systemvm/debian/opt/cloud/bin/edithosts.sh diff --git a/systemvm/patches/debian/opt/cloud/bin/getRouterAlerts.sh b/systemvm/debian/opt/cloud/bin/getRouterAlerts.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/getRouterAlerts.sh rename to systemvm/debian/opt/cloud/bin/getRouterAlerts.sh diff --git a/systemvm/patches/debian/opt/cloud/bin/get_template_version.sh b/systemvm/debian/opt/cloud/bin/get_template_version.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/get_template_version.sh rename to systemvm/debian/opt/cloud/bin/get_template_version.sh diff --git a/systemvm/patches/debian/opt/cloud/bin/ilb.sh b/systemvm/debian/opt/cloud/bin/ilb.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/ilb.sh rename to systemvm/debian/opt/cloud/bin/ilb.sh diff --git a/systemvm/patches/debian/opt/cloud/bin/ipassoc.sh b/systemvm/debian/opt/cloud/bin/ipassoc.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/ipassoc.sh rename to systemvm/debian/opt/cloud/bin/ipassoc.sh diff --git a/systemvm/patches/debian/opt/cloud/bin/ipsectunnel.sh b/systemvm/debian/opt/cloud/bin/ipsectunnel.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/ipsectunnel.sh rename to systemvm/debian/opt/cloud/bin/ipsectunnel.sh diff --git a/systemvm/patches/debian/opt/cloud/bin/line_edit.py b/systemvm/debian/opt/cloud/bin/line_edit.py similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/line_edit.py rename to systemvm/debian/opt/cloud/bin/line_edit.py diff --git a/systemvm/patches/debian/opt/cloud/bin/loadbalancer.sh b/systemvm/debian/opt/cloud/bin/loadbalancer.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/loadbalancer.sh rename to systemvm/debian/opt/cloud/bin/loadbalancer.sh diff --git a/systemvm/patches/debian/opt/cloud/bin/master.py b/systemvm/debian/opt/cloud/bin/master.py similarity index 95% rename from systemvm/patches/debian/opt/cloud/bin/master.py rename to systemvm/debian/opt/cloud/bin/master.py index 3d1dcd7ef9a5..26de8b93bb39 100755 --- a/systemvm/patches/debian/opt/cloud/bin/master.py +++ b/systemvm/debian/opt/cloud/bin/master.py @@ -42,7 +42,7 @@ format=config.get_format()) config.cmdline() cl = CsCmdLine("cmdline", config) -#Update the configuration to set state as backup and let keepalived decide who the real Master is! +# Update the configuration to set state as backup and let keepalived decide who the real Master is! cl.set_master_state(False) cl.save() diff --git a/systemvm/patches/debian/opt/cloud/bin/merge.py b/systemvm/debian/opt/cloud/bin/merge.py similarity index 98% rename from systemvm/patches/debian/opt/cloud/bin/merge.py rename to systemvm/debian/opt/cloud/bin/merge.py index ef20d0b32cb0..0aaa3401f793 100755 --- a/systemvm/patches/debian/opt/cloud/bin/merge.py +++ b/systemvm/debian/opt/cloud/bin/merge.py @@ -271,6 +271,7 @@ def process_ipaliases(self, dbag): dbag = cs_ip.merge(dbag, ip) return dbag + class QueueFile: fileName = '' @@ -284,15 +285,15 @@ def load(self, data): self.type = self.data["type"] updateDataBag(self) return - filename = '{cache_location}/{json_file}'.format(cache_location = self.configCache, json_file = self.fileName) + filename = '{cache_location}/{json_file}'.format(cache_location=self.configCache, json_file=self.fileName) try: handle = open(filename) except IOError as exception: - error_message = ("Exception occurred with the following exception error '{error}'. Could not open '{file}'. " - "It seems that the file has already been moved.".format(error = exception, file = filename)) + error_message = ("Exception occurred with the following exception error '{error}'. Could not open '{filename}'. " + "It seems that the file has already been moved.".format(error=exception, filename=filename)) logging.error(error_message) else: - logging.info("Continuing with the processing of file '{file}'".format(file = filename)) + logging.info("Continuing with the processing of file '{filename}'".format(filename=filename)) self.data = json.load(handle) self.type = self.data["type"] @@ -331,7 +332,6 @@ def __moveFile(self, origPath, path): class PrivateGatewayHack: - @classmethod def update_network_type_for_privategateway(cls, dbag, data): ip = data['router_guest_ip'] if 'router_guest_ip' in data.keys() else data['public_ip'] @@ -347,12 +347,10 @@ def update_network_type_for_privategateway(cls, dbag, data): logging.debug("Not updating nw_type for ip %s because has_private_gw_ip = %s and private_gw_matches = %s " % (ip, has_private_gw_ip, private_gw_matches)) return data - @classmethod def if_config_has_privategateway(cls, dbag): return 'privategateway' in dbag['config'].keys() and dbag['config']['privategateway'] != "None" - @classmethod def ip_matches_private_gateway_ip(cls, ip, private_gateway_ip): new_ip_matches_private_gateway_ip = False @@ -360,7 +358,6 @@ def ip_matches_private_gateway_ip(cls, ip, private_gateway_ip): new_ip_matches_private_gateway_ip = True return new_ip_matches_private_gateway_ip - @classmethod def load_inital_data(cls): initial_data_bag = DataBag() diff --git a/systemvm/patches/debian/opt/cloud/bin/monitor_service.sh b/systemvm/debian/opt/cloud/bin/monitor_service.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/monitor_service.sh rename to systemvm/debian/opt/cloud/bin/monitor_service.sh diff --git a/systemvm/patches/debian/opt/cloud/bin/netusage.sh b/systemvm/debian/opt/cloud/bin/netusage.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/netusage.sh rename to systemvm/debian/opt/cloud/bin/netusage.sh diff --git a/systemvm/patches/debian/opt/cloud/bin/passwd_server b/systemvm/debian/opt/cloud/bin/passwd_server similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/passwd_server rename to systemvm/debian/opt/cloud/bin/passwd_server diff --git a/systemvm/patches/debian/opt/cloud/bin/passwd_server_ip b/systemvm/debian/opt/cloud/bin/passwd_server_ip similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/passwd_server_ip rename to systemvm/debian/opt/cloud/bin/passwd_server_ip diff --git a/systemvm/patches/debian/opt/cloud/bin/passwd_server_ip.py b/systemvm/debian/opt/cloud/bin/passwd_server_ip.py similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/passwd_server_ip.py rename to systemvm/debian/opt/cloud/bin/passwd_server_ip.py diff --git a/systemvm/patches/debian/opt/cloud/bin/prepare_pxe.sh b/systemvm/debian/opt/cloud/bin/prepare_pxe.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/prepare_pxe.sh rename to systemvm/debian/opt/cloud/bin/prepare_pxe.sh diff --git a/systemvm/patches/debian/opt/cloud/bin/savepassword.sh b/systemvm/debian/opt/cloud/bin/savepassword.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/savepassword.sh rename to systemvm/debian/opt/cloud/bin/savepassword.sh diff --git a/systemvm/patches/debian/opt/cloud/bin/set_redundant.py b/systemvm/debian/opt/cloud/bin/set_redundant.py similarity index 91% rename from systemvm/patches/debian/opt/cloud/bin/set_redundant.py rename to systemvm/debian/opt/cloud/bin/set_redundant.py index 7a8dad026d2c..4d3ca242d41c 100755 --- a/systemvm/patches/debian/opt/cloud/bin/set_redundant.py +++ b/systemvm/debian/opt/cloud/bin/set_redundant.py @@ -37,11 +37,10 @@ logging.basicConfig(filename=config.get_logger(), level=config.get_level(), format=config.get_format()) -config.set_cl() if options.enable: - config.get_cmdline().set_redundant("true") + config.cmdline().set_redundant("true") if options.disable: - config.get_cmdline().set_redundant("false") + config.cmdline().set_redundant("false") -config.get_cmdline().save() +config.cmdline().save() diff --git a/systemvm/patches/debian/etc/init.d/cloud-early-config b/systemvm/debian/opt/cloud/bin/setup/cloud-early-config similarity index 80% rename from systemvm/patches/debian/etc/init.d/cloud-early-config rename to systemvm/debian/opt/cloud/bin/setup/cloud-early-config index 9964f9037542..cec2d3cd2b5d 100755 --- a/systemvm/patches/debian/etc/init.d/cloud-early-config +++ b/systemvm/debian/opt/cloud/bin/setup/cloud-early-config @@ -1,12 +1,4 @@ #!/bin/bash -### BEGIN INIT INFO -# Provides: cloud-early-config -# Required-Start: $local_fs -# Required-Stop: $local_fs -# Default-Start: S -# Default-Stop: 0 6 -# Short-Description: configures systemvm using cmdline -### END INIT INFO # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information @@ -30,6 +22,7 @@ PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" CMDLINE=/var/cache/cloud/cmdline # Clear boot up flag, it would be created by rc.local after boot up done +mkdir -p /var/cache/cloud rm -f /var/cache/cloud/boot_up_done [ -x /sbin/ifup ] || exit 0 @@ -62,12 +55,6 @@ config_guest() { # Configure hot-plug modprobe acpiphp || true modprobe pci_hotplug || true - # Configure serial console FIXME: remove during build we enable it? - #sed -i -e "/^serial.*/d" /boot/grub/grub.conf - #sed -i -e "/^terminal.*/d" /boot/grub/grub.conf - #sed -i -e "/^default.*/a\serial --unit=0 --speed=115200 --parity=no --stop=1" /boot/grub/grub.conf - #sed -i -e "/^serial.*/a\terminal --timeout=0 serial console" /boot/grub/grub.conf - #sed -i -e "s/\(^kernel.* ro\) \(console.*\)/\1 console=tty0 console=ttyS0,115200n8/" /boot/grub/grub.conf sed -i -e "/^s0:2345:respawn.*/d" /etc/inittab sed -i -e "/6:23:respawn/a\s0:2345:respawn:/sbin/getty -L 115200 ttyS0 vt102" /etc/inittab fi @@ -192,10 +179,10 @@ patch() { tar xzf $patchfile -C / echo ${newmd5} > ${md5file} log_it "Patched scripts using $patchfile" - fi - log_it "Patching cloud service" - /opt/cloud/bin/setup/patchsystemvm.sh $PATCH_MOUNT $TYPE + log_it "Patching cloud service" + /opt/cloud/bin/setup/patchsystemvm.sh $PATCH_MOUNT $TYPE + fi [ -f $privkey ] && cp -f $privkey /root/.ssh/ && chmod go-rwx /root/.ssh/authorized_keys umount $PATCH_MOUNT @@ -209,6 +196,8 @@ patch() { } start() { + log_it "Executing cloud-early-config" + # Clear /tmp for file lock rm -f /tmp/*.lock rm -f /tmp/rrouter_bumped @@ -236,41 +225,7 @@ start() { log_it "Finished setting up systemvm" - return 0 + exit 0 } -case "$1" in - start) - log_action_begin_msg "Executing cloud-early-config" - log_it "Executing cloud-early-config" - if start; then - log_action_end_msg $? - else - log_action_end_msg $? - fi - ;; - - stop) - log_action_begin_msg "Stopping cloud-early-config" - #Override old system's interface setting - setup_default; - log_action_end_msg 0 - ;; - - force-reload|restart) - log_warning_msg "Running $0 is deprecated because it may not enable again some interfaces" - log_action_begin_msg "Executing cloud-early-config" - if start; then - log_action_end_msg $? - else - log_action_end_msg $? - fi - ;; - - *) - echo "Usage: /etc/init.d/cloud-early-config {start|stop}" - exit 1 - ;; -esac - -exit 0 +start diff --git a/systemvm/patches/debian/opt/cloud/bin/setup/common.sh b/systemvm/debian/opt/cloud/bin/setup/common.sh similarity index 98% rename from systemvm/patches/debian/opt/cloud/bin/setup/common.sh rename to systemvm/debian/opt/cloud/bin/setup/common.sh index e476745a4e1d..e6a4417f55f9 100755 --- a/systemvm/patches/debian/opt/cloud/bin/setup/common.sh +++ b/systemvm/debian/opt/cloud/bin/setup/common.sh @@ -471,7 +471,6 @@ setup_sshd(){ local eth=$2 [ -f /etc/ssh/sshd_config ] && sed -i -e "s/^[#]*ListenAddress.*$/ListenAddress $ip/" /etc/ssh/sshd_config sed -i "/3922/s/eth./$eth/" /etc/iptables/rules.v4 - sed -i "/3922/s/eth./$eth/" /etc/iptables/rules } setup_vpc_apache2() { @@ -596,18 +595,16 @@ routing_svcs() { echo "cloud nfs-common portmap" > /var/cache/cloud/disabled_svcs if [ $RROUTER -eq 1 ] then - systemctl disable --now cloud-passwd-srvr systemctl disable --now dnsmasq systemctl enable conntrackd systemctl enable keepalived echo "keepalived conntrackd" >> /var/cache/cloud/enabled_svcs - echo "dnsmasq cloud-passwd-srvr" >> /var/cache/cloud/disabled_svcs + echo "dnsmasq" >> /var/cache/cloud/disabled_svcs else systemctl disable --now conntrackd systemctl disable --now keepalived - systemctl enable cloud-passwd-srvr systemctl enable dnsmasq - echo "dnsmasq cloud-passwd-srvr " >> /var/cache/cloud/enabled_svcs + echo "dnsmasq" >> /var/cache/cloud/enabled_svcs echo "keepalived conntrackd " >> /var/cache/cloud/disabled_svcs fi } @@ -636,6 +633,7 @@ setup_redundant_router() { then sed -i "s/advert_int 1/advert_int $ADVERT_INT/g" /etc/keepalived/keepalived.conf fi + chmod -x /etc/keepalived/keepalived.conf # Seed conntrackd cp /opt/cloud/templates/conntrackd.conf.templ /etc/conntrackd/conntrackd.conf diff --git a/systemvm/patches/debian/opt/cloud/bin/setup/consoleproxy.sh b/systemvm/debian/opt/cloud/bin/setup/consoleproxy.sh similarity index 91% rename from systemvm/patches/debian/opt/cloud/bin/setup/consoleproxy.sh rename to systemvm/debian/opt/cloud/bin/setup/consoleproxy.sh index 36c1fa41115a..a3b2797f8501 100755 --- a/systemvm/patches/debian/opt/cloud/bin/setup/consoleproxy.sh +++ b/systemvm/debian/opt/cloud/bin/setup/consoleproxy.sh @@ -20,7 +20,7 @@ consoleproxy_svcs() { echo "cloud ssh" > /var/cache/cloud/enabled_svcs - echo "cloud-passwd-srvr haproxy dnsmasq apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs + echo "haproxy dnsmasq apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs mkdir -p /var/log/cloud } @@ -36,7 +36,6 @@ setup_console_proxy() { log_it "Applying iptables rules" cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules.v4 - cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules log_it "Configuring sshd" local hyp=$HYPERVISOR diff --git a/systemvm/patches/debian/opt/cloud/bin/setup/default.sh b/systemvm/debian/opt/cloud/bin/setup/default.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/setup/default.sh rename to systemvm/debian/opt/cloud/bin/setup/default.sh diff --git a/systemvm/patches/debian/opt/cloud/bin/setup/dhcpsrvr.sh b/systemvm/debian/opt/cloud/bin/setup/dhcpsrvr.sh similarity index 80% rename from systemvm/patches/debian/opt/cloud/bin/setup/dhcpsrvr.sh rename to systemvm/debian/opt/cloud/bin/setup/dhcpsrvr.sh index 1e28ab458571..467bb56171a5 100755 --- a/systemvm/patches/debian/opt/cloud/bin/setup/dhcpsrvr.sh +++ b/systemvm/debian/opt/cloud/bin/setup/dhcpsrvr.sh @@ -19,7 +19,7 @@ . /opt/cloud/bin/setup/common.sh dhcpsrvr_svcs() { - echo "ssh dnsmasq cloud-passwd-srvr apache2" > /var/cache/cloud/enabled_svcs + echo "ssh dnsmasq apache2" > /var/cache/cloud/enabled_svcs echo "cloud nfs-common conntrackd keepalived haproxy portmap" > /var/cache/cloud/disabled_svcs } @@ -37,13 +37,10 @@ setup_dhcpsrvr() { enable_fwding 0 cp /etc/iptables/iptables-router /etc/iptables/rules.v4 - cp /etc/iptables/iptables-router /etc/iptables/rules #Only allow DNS service for current network sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4 - sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4 - sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules if [ "$SSHONGUEST" == "true" ] then diff --git a/systemvm/patches/debian/opt/cloud/bin/setup/elbvm.sh b/systemvm/debian/opt/cloud/bin/setup/elbvm.sh similarity index 89% rename from systemvm/patches/debian/opt/cloud/bin/setup/elbvm.sh rename to systemvm/debian/opt/cloud/bin/setup/elbvm.sh index 23a2607ff997..600fb0d0aaea 100755 --- a/systemvm/patches/debian/opt/cloud/bin/setup/elbvm.sh +++ b/systemvm/debian/opt/cloud/bin/setup/elbvm.sh @@ -20,7 +20,7 @@ elbvm_svcs() { echo "ssh haproxy" > /var/cache/cloud/enabled_svcs - echo "cloud dnsmasq conntrackd keepalived cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs + echo "cloud dnsmasq conntrackd keepalived apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs } setup_elbvm() { @@ -32,7 +32,6 @@ setup_elbvm() { echo "$public_ip $NAME" >> /etc/hosts cp /etc/iptables/iptables-elbvm /etc/iptables/rules.v4 - cp /etc/iptables/iptables-elbvm /etc/iptables/rules if [ "$SSHONGUEST" == "true" ] then setup_sshd $ETH0_IP "eth0" diff --git a/systemvm/patches/debian/opt/cloud/bin/setup/ilbvm.sh b/systemvm/debian/opt/cloud/bin/setup/ilbvm.sh similarity index 88% rename from systemvm/patches/debian/opt/cloud/bin/setup/ilbvm.sh rename to systemvm/debian/opt/cloud/bin/setup/ilbvm.sh index 4cd599f59d7b..58a711c8df55 100755 --- a/systemvm/patches/debian/opt/cloud/bin/setup/ilbvm.sh +++ b/systemvm/debian/opt/cloud/bin/setup/ilbvm.sh @@ -20,7 +20,7 @@ ilbvm_svcs() { echo "ssh haproxy" > /var/cache/cloud/enabled_svcs - echo "cloud dnsmasq conntrackd keepalived cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs + echo "cloud dnsmasq conntrackd keepalived apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs } setup_ilbvm() { @@ -32,7 +32,6 @@ setup_ilbvm() { echo "$ETH0_IP $NAME" >> /etc/hosts cp /etc/iptables/iptables-ilbvm /etc/iptables/rules.v4 - cp /etc/iptables/iptables-ilbvm /etc/iptables/rules setup_sshd $ETH1_IP "eth1" enable_fwding 0 diff --git a/systemvm/patches/debian/opt/cloud/bin/setup/patchsystemvm.sh b/systemvm/debian/opt/cloud/bin/setup/patchsystemvm.sh similarity index 99% rename from systemvm/patches/debian/opt/cloud/bin/setup/patchsystemvm.sh rename to systemvm/debian/opt/cloud/bin/setup/patchsystemvm.sh index d09cc03c949a..8642945bece4 100755 --- a/systemvm/patches/debian/opt/cloud/bin/setup/patchsystemvm.sh +++ b/systemvm/debian/opt/cloud/bin/setup/patchsystemvm.sh @@ -1,4 +1,4 @@ -#/bin/bash +#!/bin/bash # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information diff --git a/systemvm/debian/opt/cloud/bin/setup/postinit.sh b/systemvm/debian/opt/cloud/bin/setup/postinit.sh new file mode 100755 index 000000000000..efd1b4ba2061 --- /dev/null +++ b/systemvm/debian/opt/cloud/bin/setup/postinit.sh @@ -0,0 +1,51 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# This scripts before ssh.service but after cloud-early-config + +CMDLINE=/var/cache/cloud/cmdline +for str in $(cat $CMDLINE) + do + KEY=$(echo $str | cut -d= -f1) + VALUE=$(echo $str | cut -d= -f2) + case $KEY in + type) + export TYPE=$VALUE + ;; + *) + ;; + esac +done + +chmod -x /etc/systemd/system/cloud*.service +systemctl daemon-reload + +if [ "$TYPE" == "router" ] || [ "$TYPE" == "vpcrouter" ] || [ "$TYPE" == "dhcpsrvr" ] +then + if [ -x /opt/cloud/bin/update_config.py ] + then + /opt/cloud/bin/update_config.py cmd_line.json + logger -t cloud "Updated config: cmd_line.json" + fi +fi + +if [ "$TYPE" == "router" ] +then + python /opt/cloud/bin/baremetal-vr.py & + logger -t cloud "Started baremetal-vr service" +fi diff --git a/systemvm/patches/debian/opt/cloud/bin/setup/router.sh b/systemvm/debian/opt/cloud/bin/setup/router.sh similarity index 88% rename from systemvm/patches/debian/opt/cloud/bin/setup/router.sh rename to systemvm/debian/opt/cloud/bin/setup/router.sh index d9fadfef4b1e..3bd42240ec74 100755 --- a/systemvm/patches/debian/opt/cloud/bin/setup/router.sh +++ b/systemvm/debian/opt/cloud/bin/setup/router.sh @@ -83,15 +83,11 @@ setup_router() { enable_fwding 1 enable_rpsrfs 1 cp /etc/iptables/iptables-router /etc/iptables/rules.v4 - #for old templates - cp /etc/iptables/iptables-router /etc/iptables/rules setup_sshd $ETH1_IP "eth1" #Only allow DNS service for current network sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4 - sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4 - sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules #setup hourly logrotate mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1 diff --git a/systemvm/patches/debian/opt/cloud/bin/setup/secstorage.sh b/systemvm/debian/opt/cloud/bin/setup/secstorage.sh similarity index 94% rename from systemvm/patches/debian/opt/cloud/bin/setup/secstorage.sh rename to systemvm/debian/opt/cloud/bin/setup/secstorage.sh index 327353c0ae76..b890d77d7528 100755 --- a/systemvm/patches/debian/opt/cloud/bin/setup/secstorage.sh +++ b/systemvm/debian/opt/cloud/bin/setup/secstorage.sh @@ -20,7 +20,7 @@ secstorage_svcs() { echo "apache2 cloud ssh nfs-common portmap" > /var/cache/cloud/enabled_svcs - echo "cloud-passwd-srvr conntrackd keepalived haproxy dnsmasq" > /var/cache/cloud/disabled_svcs + echo "conntrackd keepalived haproxy dnsmasq" > /var/cache/cloud/disabled_svcs mkdir -p /var/log/cloud } @@ -39,7 +39,6 @@ setup_secstorage() { log_it "Applying iptables rules" cp /etc/iptables/iptables-secstorage /etc/iptables/rules.v4 - cp /etc/iptables/iptables-secstorage /etc/iptables/rules log_it "Configuring sshd" local hyp=$HYPERVISOR diff --git a/systemvm/patches/debian/opt/cloud/bin/setup/vpcrouter.sh b/systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh similarity index 98% rename from systemvm/patches/debian/opt/cloud/bin/setup/vpcrouter.sh rename to systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh index bd1181fa805b..5ed09c7031c6 100755 --- a/systemvm/patches/debian/opt/cloud/bin/setup/vpcrouter.sh +++ b/systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh @@ -93,7 +93,6 @@ EOF disable_rpfilter enable_fwding 1 cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules.v4 - cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules setup_sshd $ETH0_IP "eth0" cp /etc/vpcdnsmasq.conf /etc/dnsmasq.conf cp /etc/cloud-nic.rules /etc/udev/rules.d/cloud-nic.rules diff --git a/systemvm/patches/debian/opt/cloud/bin/update_config.py b/systemvm/debian/opt/cloud/bin/update_config.py similarity index 92% rename from systemvm/patches/debian/opt/cloud/bin/update_config.py rename to systemvm/debian/opt/cloud/bin/update_config.py index e36980a43652..a603f47e3ae4 100755 --- a/systemvm/patches/debian/opt/cloud/bin/update_config.py +++ b/systemvm/debian/opt/cloud/bin/update_config.py @@ -26,8 +26,6 @@ import configure import json -OCCURRENCES = 1 - logging.basicConfig(filename='/var/log/cloud.log', level=logging.INFO, format='%(asctime)s %(filename)s %(funcName)s:%(lineno)d %(message)s') # first commandline argument should be the file to process @@ -37,10 +35,10 @@ # FIXME we should get this location from a configuration class jsonPath = "/var/cache/cloud/%s" -jsonCmdConfigPath = jsonPath % sys.argv[1] +jsonFilename = sys.argv[1] +jsonConfigFile = jsonPath % jsonFilename currentGuestNetConfig = "/etc/cloudstack/guestnetwork.json" - # If the command line json file is unprocessed process it # This is important or, the control interfaces will get deleted! if os.path.isfile(jsonPath % "cmd_line.json"): @@ -82,7 +80,7 @@ def is_guestnet_configured(guestnet_dict, keys): print "[WARN] update_config.py :: Reconfiguring guest network..." return False - file = open(jsonCmdConfigPath) + file = open(jsonConfigFile) new_guestnet_dict = json.load(file) if not new_guestnet_dict['add']: @@ -121,13 +119,13 @@ def is_guestnet_configured(guestnet_dict, keys): return exists -filename = jsonCmdConfigPath -if not (os.path.isfile(filename) and os.access(filename, os.R_OK)): - print "[ERROR] update_config.py :: You are telling me to process %s, but i can't access it" % jsonCmdConfigPath + +if not (os.path.isfile(jsonConfigFile) and os.access(jsonConfigFile, os.R_OK)): + print "[ERROR] update_config.py :: Unable to read and access %s to process it" % jsonConfigFile sys.exit(1) # If the guest network is already configured and have the same IP, do not try to configure it again otherwise it will break -if sys.argv[1] and sys.argv[1].count("guest_network.json") == OCCURRENCES: +if jsonFilename.startswith("guest_network.json"): if os.path.isfile(currentGuestNetConfig): file = open(currentGuestNetConfig) guestnet_dict = json.load(file) diff --git a/systemvm/patches/debian/opt/cloud/bin/vmdata.py b/systemvm/debian/opt/cloud/bin/vmdata.py similarity index 99% rename from systemvm/patches/debian/opt/cloud/bin/vmdata.py rename to systemvm/debian/opt/cloud/bin/vmdata.py index b9127a1b9982..65f527897718 100755 --- a/systemvm/patches/debian/opt/cloud/bin/vmdata.py +++ b/systemvm/debian/opt/cloud/bin/vmdata.py @@ -159,7 +159,7 @@ def exflock(file): def unflock(file): try: flock(file, LOCK_UN) - except IOError: + except IOError as e: print "failed to unlock file" + file.name + " due to : " + e.strerror sys.exit(1) return True diff --git a/systemvm/patches/debian/opt/cloud/bin/vpc_func.sh b/systemvm/debian/opt/cloud/bin/vpc_func.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/vpc_func.sh rename to systemvm/debian/opt/cloud/bin/vpc_func.sh diff --git a/systemvm/patches/debian/opt/cloud/bin/vpc_netusage.sh b/systemvm/debian/opt/cloud/bin/vpc_netusage.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/vpc_netusage.sh rename to systemvm/debian/opt/cloud/bin/vpc_netusage.sh diff --git a/systemvm/patches/debian/opt/cloud/bin/vpc_passwd_server b/systemvm/debian/opt/cloud/bin/vpc_passwd_server similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/vpc_passwd_server rename to systemvm/debian/opt/cloud/bin/vpc_passwd_server diff --git a/systemvm/patches/debian/opt/cloud/bin/vpc_snat.sh b/systemvm/debian/opt/cloud/bin/vpc_snat.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/vpc_snat.sh rename to systemvm/debian/opt/cloud/bin/vpc_snat.sh diff --git a/systemvm/patches/debian/opt/cloud/bin/vpc_staticroute.sh b/systemvm/debian/opt/cloud/bin/vpc_staticroute.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/vpc_staticroute.sh rename to systemvm/debian/opt/cloud/bin/vpc_staticroute.sh diff --git a/systemvm/patches/vpn/opt/cloud/bin/vpn_l2tp.sh b/systemvm/debian/opt/cloud/bin/vpn_l2tp.sh similarity index 100% rename from systemvm/patches/vpn/opt/cloud/bin/vpn_l2tp.sh rename to systemvm/debian/opt/cloud/bin/vpn_l2tp.sh diff --git a/systemvm/patches/debian/opt/cloud/bin/vr_cfg.sh b/systemvm/debian/opt/cloud/bin/vr_cfg.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/bin/vr_cfg.sh rename to systemvm/debian/opt/cloud/bin/vr_cfg.sh diff --git a/systemvm/patches/debian/opt/cloud/templates/README b/systemvm/debian/opt/cloud/templates/README similarity index 100% rename from systemvm/patches/debian/opt/cloud/templates/README rename to systemvm/debian/opt/cloud/templates/README diff --git a/systemvm/patches/debian/opt/cloud/templates/arping_gateways.sh.templ b/systemvm/debian/opt/cloud/templates/arping_gateways.sh.templ similarity index 100% rename from systemvm/patches/debian/opt/cloud/templates/arping_gateways.sh.templ rename to systemvm/debian/opt/cloud/templates/arping_gateways.sh.templ diff --git a/systemvm/patches/debian/opt/cloud/templates/check_bumpup.sh b/systemvm/debian/opt/cloud/templates/check_bumpup.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/templates/check_bumpup.sh rename to systemvm/debian/opt/cloud/templates/check_bumpup.sh diff --git a/systemvm/patches/debian/opt/cloud/templates/check_heartbeat.sh.templ b/systemvm/debian/opt/cloud/templates/check_heartbeat.sh.templ similarity index 100% rename from systemvm/patches/debian/opt/cloud/templates/check_heartbeat.sh.templ rename to systemvm/debian/opt/cloud/templates/check_heartbeat.sh.templ diff --git a/systemvm/patches/debian/opt/cloud/templates/checkrouter.sh.templ b/systemvm/debian/opt/cloud/templates/checkrouter.sh.templ similarity index 100% rename from systemvm/patches/debian/opt/cloud/templates/checkrouter.sh.templ rename to systemvm/debian/opt/cloud/templates/checkrouter.sh.templ diff --git a/systemvm/debian/opt/cloud/templates/conntrackd.conf.templ b/systemvm/debian/opt/cloud/templates/conntrackd.conf.templ new file mode 100644 index 000000000000..9443db247431 --- /dev/null +++ b/systemvm/debian/opt/cloud/templates/conntrackd.conf.templ @@ -0,0 +1,419 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# +# Synchronizer settings +# +Sync { + Mode FTFW { + # + # Size of the resend queue (in objects). This is the maximum + # number of objects that can be stored waiting to be confirmed + # via acknoledgment. If you keep this value low, the daemon + # will have less chances to recover state-changes under message + # omission. On the other hand, if you keep this value high, + # the daemon will consume more memory to store dead objects. + # Default is 131072 objects. + # + # ResendQueueSize 131072 + + # + # This parameter allows you to set an initial fixed timeout + # for the committed entries when this node goes from backup + # to primary. This mechanism provides a way to purge entries + # that were not recovered appropriately after the specified + # fixed timeout. If you set a low value, TCP entries in + # Established states with no traffic may hang. For example, + # an SSH connection without KeepAlive enabled. If not set, + # the daemon uses an approximate timeout value calculation + # mechanism. By default, this option is not set. + # + # CommitTimeout 180 + + # + # If the firewall replica goes from primary to backup, + # the conntrackd -t command is invoked in the script. + # This command schedules a flush of the table in N seconds. + # This is useful to purge the connection tracking table of + # zombie entries and avoid clashes with old entries if you + # trigger several consecutive hand-overs. Default is 60 seconds. + # + # PurgeTimeout 60 + + # Set the acknowledgement window size. If you decrease this + # value, the number of acknowlegdments increases. More + # acknowledgments means more overhead as conntrackd has to + # handle more control messages. On the other hand, if you + # increase this value, the resend queue gets more populated. + # This results in more overhead in the queue releasing. + # The following value is based on some practical experiments + # measuring the cycles spent by the acknowledgment handling + # with oprofile. If not set, default window size is 300. + # + # ACKWindowSize 300 + + # + # This clause allows you to disable the external cache. Thus, + # the state entries are directly injected into the kernel + # conntrack table. As a result, you save memory in user-space + # but you consume slots in the kernel conntrack table for + # backup state entries. Moreover, disabling the external cache + # means more CPU consumption. You need a Linux kernel + # >= 2.6.29 to use this feature. By default, this clause is + # set off. If you are installing conntrackd for first time, + # please read the user manual and I encourage you to consider + # using the fail-over scripts instead of enabling this option! + # + # DisableExternalCache Off + } + + # + # Multicast IP and interface where messages are + # broadcasted (dedicated link). IMPORTANT: Make sure + # that iptables accepts traffic for destination + # 225.0.0.50, eg: + # + # iptables -I INPUT -d 225.0.0.50 -j ACCEPT + # iptables -I OUTPUT -d 225.0.0.50 -j ACCEPT + # + Multicast { + # + # Multicast address: The address that you use as destination + # in the synchronization messages. You do not have to add + # this IP to any of your existing interfaces. If any doubt, + # do not modify this value. + # + IPv4_address 225.0.0.50 + + # + # The multicast group that identifies the cluster. If any + # doubt, do not modify this value. + # + Group 3780 + + # + # IP address of the interface that you are going to use to + # send the synchronization messages. Remember that you must + # use a dedicated link for the synchronization messages. + # + IPv4_interface [LINK_IP] + + # + # The name of the interface that you are going to use to + # send the synchronization messages. + # + Interface [LINK_IF] + + # The multicast sender uses a buffer to enqueue the packets + # that are going to be transmitted. The default size of this + # socket buffer is available at /proc/sys/net/core/wmem_default. + # This value determines the chances to have an overrun in the + # sender queue. The overrun results packet loss, thus, losing + # state information that would have to be retransmitted. If you + # notice some packet loss, you may want to increase the size + # of the sender buffer. The default size is usually around + # ~100 KBytes which is fairly small for busy firewalls. + # + SndSocketBuffer 1249280 + + # The multicast receiver uses a buffer to enqueue the packets + # that the socket is pending to handle. The default size of this + # socket buffer is available at /proc/sys/net/core/rmem_default. + # This value determines the chances to have an overrun in the + # receiver queue. The overrun results packet loss, thus, losing + # state information that would have to be retransmitted. If you + # notice some packet loss, you may want to increase the size of + # the receiver buffer. The default size is usually around + # ~100 KBytes which is fairly small for busy firewalls. + # + RcvSocketBuffer 1249280 + + # + # Enable/Disable message checksumming. This is a good + # property to achieve fault-tolerance. In case of doubt, do + # not modify this value. + # + Checksum on + } + # + # You can specify more than one dedicated link. Thus, if one dedicated + # link fails, conntrackd can fail-over to another. Note that adding + # more than one dedicated link does not mean that state-updates will + # be sent to all of them. There is only one active dedicated link at + # a given moment. The `Default' keyword indicates that this interface + # will be selected as the initial dedicated link. You can have + # up to 4 redundant dedicated links. Note: Use different multicast + # groups for every redundant link. + # + # Multicast Default { + # IPv4_address 225.0.0.51 + # Group 3781 + # IPv4_interface 192.168.100.101 + # Interface eth3 + # # SndSocketBuffer 1249280 + # # RcvSocketBuffer 1249280 + # Checksum on + # } + + # + # You can use Unicast UDP instead of Multicast to propagate events. + # Note that you cannot use unicast UDP and Multicast at the same + # time, you can only select one. + # + # UDP { + # + # UDP address that this firewall uses to listen to events. + # + # IPv4_address 192.168.2.100 + # + # or you may want to use an IPv6 address: + # + # IPv6_address fe80::215:58ff:fe28:5a27 + + # + # Destination UDP address that receives events, ie. the other + # firewall's dedicated link address. + # + # IPv4_Destination_Address 192.168.2.101 + # + # or you may want to use an IPv6 address: + # + # IPv6_Destination_Address fe80::2d0:59ff:fe2a:775c + + # + # UDP port used + # + # Port 3780 + + # + # The name of the interface that you are going to use to + # send the synchronization messages. + # + # Interface eth2 + + # + # The sender socket buffer size + # + # SndSocketBuffer 1249280 + + # + # The receiver socket buffer size + # + # RcvSocketBuffer 1249280 + + # + # Enable/Disable message checksumming. + # + # Checksum on + # } + +} + +# +# General settings +# +General { + # + # Set the nice value of the daemon, this value goes from -20 + # (most favorable scheduling) to 19 (least favorable). Using a + # very low value reduces the chances to lose state-change events. + # Default is 0 but this example file sets it to most favourable + # scheduling as this is generally a good idea. See man nice(1) for + # more information. + # + Nice -20 + + # + # Select a different scheduler for the daemon, you can select between + # RR and FIFO and the process priority (minimum is 0, maximum is 99). + # See man sched_setscheduler(2) for more information. Using a RT + # scheduler reduces the chances to overrun the Netlink buffer. + # + # Scheduler { + # Type FIFO + # Priority 99 + # } + + # + # Number of buckets in the cache hashtable. The bigger it is, + # the closer it gets to O(1) at the cost of consuming more memory. + # Read some documents about tuning hashtables for further reference. + # + HashSize 32768 + + # + # Maximum number of conntracks, it should be double of: + # $ cat /proc/sys/net/netfilter/nf_conntrack_max + # since the daemon may keep some dead entries cached for possible + # retransmission during state synchronization. + # + HashLimit 131072 + + LogFile on + + # + # Syslog: on, off or a facility name (daemon (default) or local0..7) + # Default: off + # + Syslog on + + # + # Lockfile + # + LockFile /var/lock/conntrackd.lock + + # + # Unix socket configuration + # + UNIX { + Path /var/run/conntrackd.sock + Backlog 20 + } + + SocketBufferSize 2097152 + SocketBufferSizeMaxGrown 8388608 + + # + # Netlink event socket buffer size. If you do not specify this clause, + # the default buffer size value in /proc/net/core/rmem_default is + # used. This default value is usually around 100 Kbytes which is + # fairly small for busy firewalls. This leads to event message dropping + # and high CPU consumption. This example configuration file sets the + # size to 2 MBytes to avoid this sort of problems. + # + NetlinkBufferSize 2097152 + + # + # The daemon doubles the size of the netlink event socket buffer size + # if it detects netlink event message dropping. This clause sets the + # maximum buffer size growth that can be reached. This example file + # sets the size to 8 MBytes. + # + NetlinkBufferSizeMaxGrowth 8388608 + + # + # If the daemon detects that Netlink is dropping state-change events, + # it automatically schedules a resynchronization against the Kernel + # after 30 seconds (default value). Resynchronizations are expensive + # in terms of CPU consumption since the daemon has to get the full + # kernel state-table and purge state-entries that do not exist anymore. + # Be careful of setting a very small value here. You have the following + # choices: On (enabled, use default 30 seconds value), Off (disabled) + # or Value (in seconds, to set a specific amount of time). If not + # specified, the daemon assumes that this option is enabled. + # + # NetlinkOverrunResync On + + # + # If you want reliable event reporting over Netlink, set on this + # option. If you set on this clause, it is a good idea to set off + # NetlinkOverrunResync. This option is off by default and you need + # a Linux kernel >= 2.6.31. + # + # NetlinkEventsReliable Off + + # + # By default, the daemon receives state updates following an + # event-driven model. You can modify this behaviour by switching to + # polling mode with the PollSecs clause. This clause tells conntrackd + # to dump the states in the kernel every N seconds. With regards to + # synchronization mode, the polling mode can only guarantee that + # long-lifetime states are recovered. The main advantage of this method + # is the reduction in the state replication at the cost of reducing the + # chances of recovering connections. + # + # PollSecs 15 + + # + # The daemon prioritizes the handling of state-change events coming + # from the core. With this clause, you can set the maximum number of + # state-change events (those coming from kernel-space) that the daemon + # will handle after which it will handle other events coming from the + # network or userspace. A low value improves interactivity (in terms of + # real-time behaviour) at the cost of extra CPU consumption. + # Default (if not set) is 100. + # + # EventIterationLimit 100 + + # + # Event filtering: This clause allows you to filter certain traffic, + # There are currently three filter-sets: Protocol, Address and + # State. The filter is attached to an action that can be: Accept or + # Ignore. Thus, you can define the event filtering policy of the + # filter-sets in positive or negative logic depending on your needs. + # You can select if conntrackd filters the event messages from + # user-space or kernel-space. The kernel-space event filtering + # saves some CPU cycles by avoiding the copy of the event message + # from kernel-space to user-space. The kernel-space event filtering + # is prefered, however, you require a Linux kernel >= 2.6.29 to + # filter from kernel-space. If you want to select kernel-space + # event filtering, use the keyword 'Kernelspace' instead of + # 'Userspace'. + # + Filter From Userspace { + # + # Accept only certain protocols: You may want to replicate + # the state of flows depending on their layer 4 protocol. + # + Protocol Accept { + TCP + SCTP + DCCP + UDP + ICMP # This requires a Linux kernel >= 2.6.31 + } + + # + # Ignore traffic for a certain set of IP's: Usually all the + # IP assigned to the firewall since local traffic must be + # ignored, only forwarded connections are worth to replicate. + # Note that these values depends on the local IPs that are + # assigned to the firewall. + # + Address Ignore { + IPv4_address 127.0.0.1 # loopback + IPv4_address [IGNORE_IP1] + IPv4_address [IGNORE_IP2] + IPv4_address [IGNORE_IP3] + #IPv4_address 192.168.0.100 # virtual IP 1 + #IPv4_address 192.168.1.100 # virtual IP 2 + #IPv4_address 192.168.0.1 + #IPv4_address 192.168.1.1 + #IPv4_address 192.168.100.100 # dedicated link ip + # + # You can also specify networks in format IP/cidr. + # IPv4_address 192.168.0.0/24 + # + # You can also specify an IPv6 address + # IPv6_address ::1 + } + + # + # Uncomment this line below if you want to filter by flow state. + # This option introduces a trade-off in the replication: it + # reduces CPU consumption at the cost of having lazy backup + # firewall replicas. The existing TCP states are: SYN_SENT, + # SYN_RECV, ESTABLISHED, FIN_WAIT, CLOSE_WAIT, LAST_ACK, + # TIME_WAIT, CLOSED, LISTEN. + # + # State Accept { + # ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP + # } + } + + # default debian service unit file is of Type=notify + Systemd on +} diff --git a/systemvm/patches/debian/opt/cloud/templates/heartbeat.sh.templ b/systemvm/debian/opt/cloud/templates/heartbeat.sh.templ similarity index 100% rename from systemvm/patches/debian/opt/cloud/templates/heartbeat.sh.templ rename to systemvm/debian/opt/cloud/templates/heartbeat.sh.templ diff --git a/systemvm/patches/debian/opt/cloud/templates/keepalived.conf.templ b/systemvm/debian/opt/cloud/templates/keepalived.conf.templ similarity index 94% rename from systemvm/patches/debian/opt/cloud/templates/keepalived.conf.templ rename to systemvm/debian/opt/cloud/templates/keepalived.conf.templ index d14611d895a5..5434ec5302f3 100644 --- a/systemvm/patches/debian/opt/cloud/templates/keepalived.conf.templ +++ b/systemvm/debian/opt/cloud/templates/keepalived.conf.templ @@ -21,11 +21,11 @@ global_defs { vrrp_script heartbeat { script "[RROUTER_BIN_PATH]/heartbeat.sh" - interval 5 + interval 4 } vrrp_instance inside_network { - state EQUAL + state BACKUP interface eth2 virtual_router_id 51 nopreempt @@ -44,7 +44,6 @@ vrrp_instance inside_network { heartbeat } - !That's the correct path of the master.py file. notify_backup "/opt/cloud/bin/master.py --backup" notify_master "/opt/cloud/bin/master.py --master" notify_fault "/opt/cloud/bin/master.py --fault" diff --git a/systemvm/patches/debian/opt/cloud/testdata/README b/systemvm/debian/opt/cloud/testdata/README similarity index 100% rename from systemvm/patches/debian/opt/cloud/testdata/README rename to systemvm/debian/opt/cloud/testdata/README diff --git a/systemvm/patches/debian/opt/cloud/testdata/acl0001.json b/systemvm/debian/opt/cloud/testdata/acl0001.json similarity index 100% rename from systemvm/patches/debian/opt/cloud/testdata/acl0001.json rename to systemvm/debian/opt/cloud/testdata/acl0001.json diff --git a/systemvm/patches/debian/opt/cloud/testdata/dhcp0001.json b/systemvm/debian/opt/cloud/testdata/dhcp0001.json similarity index 100% rename from systemvm/patches/debian/opt/cloud/testdata/dhcp0001.json rename to systemvm/debian/opt/cloud/testdata/dhcp0001.json diff --git a/systemvm/patches/debian/opt/cloud/testdata/gn0001.json b/systemvm/debian/opt/cloud/testdata/gn0001.json similarity index 100% rename from systemvm/patches/debian/opt/cloud/testdata/gn0001.json rename to systemvm/debian/opt/cloud/testdata/gn0001.json diff --git a/systemvm/patches/debian/opt/cloud/testdata/ips0001.json b/systemvm/debian/opt/cloud/testdata/ips0001.json similarity index 100% rename from systemvm/patches/debian/opt/cloud/testdata/ips0001.json rename to systemvm/debian/opt/cloud/testdata/ips0001.json diff --git a/systemvm/patches/debian/opt/cloud/testdata/ips0002.json b/systemvm/debian/opt/cloud/testdata/ips0002.json similarity index 100% rename from systemvm/patches/debian/opt/cloud/testdata/ips0002.json rename to systemvm/debian/opt/cloud/testdata/ips0002.json diff --git a/systemvm/patches/debian/opt/cloud/testdata/ips0003.json b/systemvm/debian/opt/cloud/testdata/ips0003.json similarity index 100% rename from systemvm/patches/debian/opt/cloud/testdata/ips0003.json rename to systemvm/debian/opt/cloud/testdata/ips0003.json diff --git a/systemvm/patches/debian/opt/cloud/testdata/s2s0001.json b/systemvm/debian/opt/cloud/testdata/s2s0001.json similarity index 100% rename from systemvm/patches/debian/opt/cloud/testdata/s2s0001.json rename to systemvm/debian/opt/cloud/testdata/s2s0001.json diff --git a/systemvm/patches/debian/opt/cloud/testdata/test.sh b/systemvm/debian/opt/cloud/testdata/test.sh similarity index 100% rename from systemvm/patches/debian/opt/cloud/testdata/test.sh rename to systemvm/debian/opt/cloud/testdata/test.sh diff --git a/systemvm/patches/debian/opt/cloud/testdata/vmp0001.json b/systemvm/debian/opt/cloud/testdata/vmp0001.json similarity index 100% rename from systemvm/patches/debian/opt/cloud/testdata/vmp0001.json rename to systemvm/debian/opt/cloud/testdata/vmp0001.json diff --git a/systemvm/patches/debian/root/.ssh/authorized_keys b/systemvm/debian/root/.ssh/authorized_keys similarity index 100% rename from systemvm/patches/debian/root/.ssh/authorized_keys rename to systemvm/debian/root/.ssh/authorized_keys diff --git a/systemvm/patches/debian/root/clearUsageRules.sh b/systemvm/debian/root/clearUsageRules.sh similarity index 100% rename from systemvm/patches/debian/root/clearUsageRules.sh rename to systemvm/debian/root/clearUsageRules.sh diff --git a/systemvm/patches/debian/root/func.sh b/systemvm/debian/root/func.sh similarity index 100% rename from systemvm/patches/debian/root/func.sh rename to systemvm/debian/root/func.sh diff --git a/systemvm/patches/debian/root/monitorServices.py b/systemvm/debian/root/monitorServices.py similarity index 100% rename from systemvm/patches/debian/root/monitorServices.py rename to systemvm/debian/root/monitorServices.py diff --git a/systemvm/patches/debian/root/reconfigLB.sh b/systemvm/debian/root/reconfigLB.sh similarity index 100% rename from systemvm/patches/debian/root/reconfigLB.sh rename to systemvm/debian/root/reconfigLB.sh diff --git a/systemvm/patches/debian/var/www/html/latest/.htaccess b/systemvm/debian/var/www/html/latest/.htaccess similarity index 100% rename from systemvm/patches/debian/var/www/html/latest/.htaccess rename to systemvm/debian/var/www/html/latest/.htaccess diff --git a/systemvm/patches/debian/var/www/html/userdata/.htaccess b/systemvm/debian/var/www/html/userdata/.htaccess similarity index 100% rename from systemvm/patches/debian/var/www/html/userdata/.htaccess rename to systemvm/debian/var/www/html/userdata/.htaccess diff --git a/systemvm/patches/debian/etc/init.d/cloud-passwd-srvr b/systemvm/patches/debian/etc/init.d/cloud-passwd-srvr deleted file mode 100755 index ffd0ec8d2066..000000000000 --- a/systemvm/patches/debian/etc/init.d/cloud-passwd-srvr +++ /dev/null @@ -1,118 +0,0 @@ -#!/bin/bash -### BEGIN INIT INFO -# Provides: cloud-passwd-srvr -# Required-Start: $local_fs cloud-early-config -# Required-Stop: $local_fs -# Default-Start: 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Web server that sends passwords to User VMs -### END INIT INFO -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -add_iptables_rules() -{ - #Delete any old iptables rule for port 8080 on eth0 - remove_iptables_rules - - #For all cidrs on eth0 for port 8080 accept only if source is withing that cidr - for cidr in $(ip addr | grep eth0 | grep inet | awk '{print $2}'); - do - count=1 - #Try for 10 times, if it still fails then bail - while [ $count -le 10 ]; - do - (( count++ )) - iptables -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp -s $cidr --dport 8080 -j ACCEPT - if [ `iptables -L INPUT -n -v | grep eth0 | grep 8080 | grep ACCEPT | wc -l` -gt 0 ] - then - break - else - sleep 2 - fi - done - done - echo "Added cloud-passwd-srvr iptables rules" && return 0 -} - -remove_iptables_rules() -{ - #Change the Internal Field Separator so the for loop, loops on lines and not spaces - OIFS="${IFS}" - NIFS=$'\n' - IFS="${NIFS}" - - #Removed all iptable rules for port 8080 on eth0, they were added in start() - for srcdest in `iptables -L -n -v | grep eth0 | grep 8080 | grep ACCEPT | awk '{print "--source "$8" --destination "$9}'`; - do - eval "iptables -D INPUT -i eth0 -p tcp -m state --state NEW -m tcp $srcdest --dport 8080 -j ACCEPT"; - done - - #Restore IFS - IFS="${OIFS}" - - echo "Removed cloud-passwd-srvr iptables rules" && return 0 -} - -start() { - pid=$(getpid) - [ "$pid" != "" ] && echo "Password server is already running (pid=$pid)" && return 0 - add_iptables_rules - nohup bash /opt/cloud/bin/passwd_server & -} - -getpid() { - pid=$(ps -ef | grep passwd_server_ip | grep -v grep | awk '{print $2}') - echo $pid -} - -stop_password_server() { - spid=$(pidof -s python passwd_server_ip.py) - [ "$spid" != "" ] && kill -9 $spid && echo "Killed password server (pid=$spid)" - return 0 -} - -stop () { - stop_password_server - pid=$(getpid) - [ "$pid" != "" ] && kill -9 $pid && remove_iptables_rules && echo "Stopped password server (pid=$pid)" && stop_password_server && return 0 - - echo "Password server is not running" && return 0 -} - -status () { - pid=$(getpid) - [ "$pid" != "" ] && echo "Password server is running (pid=$pid)" && return 0 - echo "Password server is not running" && return 0 -} - -case "$1" in - start) start - ;; - stop) stop - ;; - status) status - ;; - restart) stop - start - ;; - *) echo "Usage: $0 {start|stop|status|restart}" - exit 1 - ;; -esac - -exit 0 diff --git a/systemvm/patches/debian/etc/rc.local b/systemvm/patches/debian/etc/rc.local deleted file mode 100755 index 895c120bddfe..000000000000 --- a/systemvm/patches/debian/etc/rc.local +++ /dev/null @@ -1,69 +0,0 @@ -#!/bin/bash - -#Licensed to the Apache Software Foundation (ASF) under one -#or more contributor license agreements. See the NOTICE file -#distributed with this work for additional information -#regarding copyright ownership. The ASF licenses this file -#to you under the Apache License, Version 2.0 (the -#"License"); you may not use this file except in compliance -#with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -#Unless required by applicable law or agreed to in writing, -#software distributed under the License is distributed on an -#"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -#KIND, either express or implied. See the License for the -#specific language governing permissions and limitations -#under the License. - -[ ! -f /var/cache/cloud/enabled_svcs ] && touch /var/cache/cloud/enabled_svcs -for svc in $(cat /var/cache/cloud/enabled_svcs) -do - logger -t cloud "Starting $svc" - systemctl enable --now $svc -done - -[ ! -f /var/cache/cloud/disabled_svcs ] && touch /var/cache/cloud/disabled_svcs -for svc in $(cat /var/cache/cloud/disabled_svcs) -do - logger -t cloud "Stopping $svc" - systemctl disable --now $svc -done - - -#Restore the persistent iptables nat, rules and filters for IPv4 and IPv6 if they exist -ipv4="/etc/iptables/router_rules.v4" -if [ -e $ipv4 ] -then - iptables-restore < $ipv4 -fi - -ipv6="/etc/iptables/router_rules.v6" -if [ -e $ipv6 ] -then - iptables-restore < $ipv6 -fi - -date > /var/cache/cloud/boot_up_done -logger -t cloud "Boot up process done" - -CMDLINE=/var/cache/cloud/cmdline -for str in $(cat $CMDLINE) - do - KEY=$(echo $str | cut -d= -f1) - VALUE=$(echo $str | cut -d= -f2) - case $KEY in - type) - export TYPE=$VALUE - ;; - *) - ;; - esac -done - -if [ "$TYPE" == "router" ] -then - python /opt/cloud/bin/baremetal-vr.py & - logger -t cloud "Started baremetal-vr service" -fi diff --git a/systemvm/patches/debian/opt/cloud/templates/conntrackd.conf.templ b/systemvm/patches/debian/opt/cloud/templates/conntrackd.conf.templ deleted file mode 100644 index 3e38af1b7d5e..000000000000 --- a/systemvm/patches/debian/opt/cloud/templates/conntrackd.conf.templ +++ /dev/null @@ -1,417 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# -# Synchronizer settings -# -Sync { - Mode FTFW { - # - # Size of the resend queue (in objects). This is the maximum - # number of objects that can be stored waiting to be confirmed - # via acknoledgment. If you keep this value low, the daemon - # will have less chances to recover state-changes under message - # omission. On the other hand, if you keep this value high, - # the daemon will consume more memory to store dead objects. - # Default is 131072 objects. - # - # ResendQueueSize 131072 - - # - # This parameter allows you to set an initial fixed timeout - # for the committed entries when this node goes from backup - # to primary. This mechanism provides a way to purge entries - # that were not recovered appropriately after the specified - # fixed timeout. If you set a low value, TCP entries in - # Established states with no traffic may hang. For example, - # an SSH connection without KeepAlive enabled. If not set, - # the daemon uses an approximate timeout value calculation - # mechanism. By default, this option is not set. - # - # CommitTimeout 180 - - # - # If the firewall replica goes from primary to backup, - # the conntrackd -t command is invoked in the script. - # This command schedules a flush of the table in N seconds. - # This is useful to purge the connection tracking table of - # zombie entries and avoid clashes with old entries if you - # trigger several consecutive hand-overs. Default is 60 seconds. - # - # PurgeTimeout 60 - - # Set the acknowledgement window size. If you decrease this - # value, the number of acknowlegdments increases. More - # acknowledgments means more overhead as conntrackd has to - # handle more control messages. On the other hand, if you - # increase this value, the resend queue gets more populated. - # This results in more overhead in the queue releasing. - # The following value is based on some practical experiments - # measuring the cycles spent by the acknowledgment handling - # with oprofile. If not set, default window size is 300. - # - # ACKWindowSize 300 - - # - # This clause allows you to disable the external cache. Thus, - # the state entries are directly injected into the kernel - # conntrack table. As a result, you save memory in user-space - # but you consume slots in the kernel conntrack table for - # backup state entries. Moreover, disabling the external cache - # means more CPU consumption. You need a Linux kernel - # >= 2.6.29 to use this feature. By default, this clause is - # set off. If you are installing conntrackd for first time, - # please read the user manual and I encourage you to consider - # using the fail-over scripts instead of enabling this option! - # - # DisableExternalCache Off - } - - # - # Multicast IP and interface where messages are - # broadcasted (dedicated link). IMPORTANT: Make sure - # that iptables accepts traffic for destination - # 225.0.0.50, eg: - # - # iptables -I INPUT -d 225.0.0.50 -j ACCEPT - # iptables -I OUTPUT -d 225.0.0.50 -j ACCEPT - # - Multicast { - # - # Multicast address: The address that you use as destination - # in the synchronization messages. You do not have to add - # this IP to any of your existing interfaces. If any doubt, - # do not modify this value. - # - IPv4_address 225.0.0.50 - - # - # The multicast group that identifies the cluster. If any - # doubt, do not modify this value. - # - Group 3780 - - # - # IP address of the interface that you are going to use to - # send the synchronization messages. Remember that you must - # use a dedicated link for the synchronization messages. - # - IPv4_interface [LINK_IP] - - # - # The name of the interface that you are going to use to - # send the synchronization messages. - # - Interface [LINK_IF] - - # The multicast sender uses a buffer to enqueue the packets - # that are going to be transmitted. The default size of this - # socket buffer is available at /proc/sys/net/core/wmem_default. - # This value determines the chances to have an overrun in the - # sender queue. The overrun results packet loss, thus, losing - # state information that would have to be retransmitted. If you - # notice some packet loss, you may want to increase the size - # of the sender buffer. The default size is usually around - # ~100 KBytes which is fairly small for busy firewalls. - # - SndSocketBuffer 1249280 - - # The multicast receiver uses a buffer to enqueue the packets - # that the socket is pending to handle. The default size of this - # socket buffer is available at /proc/sys/net/core/rmem_default. - # This value determines the chances to have an overrun in the - # receiver queue. The overrun results packet loss, thus, losing - # state information that would have to be retransmitted. If you - # notice some packet loss, you may want to increase the size of - # the receiver buffer. The default size is usually around - # ~100 KBytes which is fairly small for busy firewalls. - # - RcvSocketBuffer 1249280 - - # - # Enable/Disable message checksumming. This is a good - # property to achieve fault-tolerance. In case of doubt, do - # not modify this value. - # - Checksum on - } - # - # You can specify more than one dedicated link. Thus, if one dedicated - # link fails, conntrackd can fail-over to another. Note that adding - # more than one dedicated link does not mean that state-updates will - # be sent to all of them. There is only one active dedicated link at - # a given moment. The `Default' keyword indicates that this interface - # will be selected as the initial dedicated link. You can have - # up to 4 redundant dedicated links. Note: Use different multicast - # groups for every redundant link. - # - # Multicast Default { - # IPv4_address 225.0.0.51 - # Group 3781 - # IPv4_interface 192.168.100.101 - # Interface eth3 - # # SndSocketBuffer 1249280 - # # RcvSocketBuffer 1249280 - # Checksum on - # } - - # - # You can use Unicast UDP instead of Multicast to propagate events. - # Note that you cannot use unicast UDP and Multicast at the same - # time, you can only select one. - # - # UDP { - # - # UDP address that this firewall uses to listen to events. - # - # IPv4_address 192.168.2.100 - # - # or you may want to use an IPv6 address: - # - # IPv6_address fe80::215:58ff:fe28:5a27 - - # - # Destination UDP address that receives events, ie. the other - # firewall's dedicated link address. - # - # IPv4_Destination_Address 192.168.2.101 - # - # or you may want to use an IPv6 address: - # - # IPv6_Destination_Address fe80::2d0:59ff:fe2a:775c - - # - # UDP port used - # - # Port 3780 - - # - # The name of the interface that you are going to use to - # send the synchronization messages. - # - # Interface eth2 - - # - # The sender socket buffer size - # - # SndSocketBuffer 1249280 - - # - # The receiver socket buffer size - # - # RcvSocketBuffer 1249280 - - # - # Enable/Disable message checksumming. - # - # Checksum on - # } - -} - -# -# General settings -# -General { - # - # Set the nice value of the daemon, this value goes from -20 - # (most favorable scheduling) to 19 (least favorable). Using a - # very low value reduces the chances to lose state-change events. - # Default is 0 but this example file sets it to most favourable - # scheduling as this is generally a good idea. See man nice(1) for - # more information. - # - Nice -20 - - # - # Select a different scheduler for the daemon, you can select between - # RR and FIFO and the process priority (minimum is 0, maximum is 99). - # See man sched_setscheduler(2) for more information. Using a RT - # scheduler reduces the chances to overrun the Netlink buffer. - # - # Scheduler { - # Type FIFO - # Priority 99 - # } - - # - # Number of buckets in the cache hashtable. The bigger it is, - # the closer it gets to O(1) at the cost of consuming more memory. - # Read some documents about tuning hashtables for further reference. - # - HashSize 32768 - - # - # Maximum number of conntracks, it should be double of: - # $ cat /proc/sys/net/netfilter/nf_conntrack_max - # since the daemon may keep some dead entries cached for possible - # retransmission during state synchronization. - # - HashLimit 131072 - - # - # Logfile: on (/var/log/conntrackd.log), off, or a filename - # Default: off - # - LogFile on - - # - # Syslog: on, off or a facility name (daemon (default) or local0..7) - # Default: off - # - #Syslog on - - # - # Lockfile - # - LockFile /var/lock/conntrack.lock - - # - # Unix socket configuration - # - UNIX { - Path /var/run/conntrackd.ctl - Backlog 20 - } - - # - # Netlink event socket buffer size. If you do not specify this clause, - # the default buffer size value in /proc/net/core/rmem_default is - # used. This default value is usually around 100 Kbytes which is - # fairly small for busy firewalls. This leads to event message dropping - # and high CPU consumption. This example configuration file sets the - # size to 2 MBytes to avoid this sort of problems. - # - NetlinkBufferSize 2097152 - - # - # The daemon doubles the size of the netlink event socket buffer size - # if it detects netlink event message dropping. This clause sets the - # maximum buffer size growth that can be reached. This example file - # sets the size to 8 MBytes. - # - NetlinkBufferSizeMaxGrowth 8388608 - - # - # If the daemon detects that Netlink is dropping state-change events, - # it automatically schedules a resynchronization against the Kernel - # after 30 seconds (default value). Resynchronizations are expensive - # in terms of CPU consumption since the daemon has to get the full - # kernel state-table and purge state-entries that do not exist anymore. - # Be careful of setting a very small value here. You have the following - # choices: On (enabled, use default 30 seconds value), Off (disabled) - # or Value (in seconds, to set a specific amount of time). If not - # specified, the daemon assumes that this option is enabled. - # - # NetlinkOverrunResync On - - # - # If you want reliable event reporting over Netlink, set on this - # option. If you set on this clause, it is a good idea to set off - # NetlinkOverrunResync. This option is off by default and you need - # a Linux kernel >= 2.6.31. - # - # NetlinkEventsReliable Off - - # - # By default, the daemon receives state updates following an - # event-driven model. You can modify this behaviour by switching to - # polling mode with the PollSecs clause. This clause tells conntrackd - # to dump the states in the kernel every N seconds. With regards to - # synchronization mode, the polling mode can only guarantee that - # long-lifetime states are recovered. The main advantage of this method - # is the reduction in the state replication at the cost of reducing the - # chances of recovering connections. - # - # PollSecs 15 - - # - # The daemon prioritizes the handling of state-change events coming - # from the core. With this clause, you can set the maximum number of - # state-change events (those coming from kernel-space) that the daemon - # will handle after which it will handle other events coming from the - # network or userspace. A low value improves interactivity (in terms of - # real-time behaviour) at the cost of extra CPU consumption. - # Default (if not set) is 100. - # - # EventIterationLimit 100 - - # - # Event filtering: This clause allows you to filter certain traffic, - # There are currently three filter-sets: Protocol, Address and - # State. The filter is attached to an action that can be: Accept or - # Ignore. Thus, you can define the event filtering policy of the - # filter-sets in positive or negative logic depending on your needs. - # You can select if conntrackd filters the event messages from - # user-space or kernel-space. The kernel-space event filtering - # saves some CPU cycles by avoiding the copy of the event message - # from kernel-space to user-space. The kernel-space event filtering - # is prefered, however, you require a Linux kernel >= 2.6.29 to - # filter from kernel-space. If you want to select kernel-space - # event filtering, use the keyword 'Kernelspace' instead of - # 'Userspace'. - # - Filter From Userspace { - # - # Accept only certain protocols: You may want to replicate - # the state of flows depending on their layer 4 protocol. - # - Protocol Accept { - TCP - SCTP - DCCP - # UDP - # ICMP # This requires a Linux kernel >= 2.6.31 - } - - # - # Ignore traffic for a certain set of IP's: Usually all the - # IP assigned to the firewall since local traffic must be - # ignored, only forwarded connections are worth to replicate. - # Note that these values depends on the local IPs that are - # assigned to the firewall. - # - Address Ignore { - IPv4_address 127.0.0.1 # loopback - IPv4_address [IGNORE_IP1] - IPv4_address [IGNORE_IP2] - IPv4_address [IGNORE_IP3] - #IPv4_address 192.168.0.100 # virtual IP 1 - #IPv4_address 192.168.1.100 # virtual IP 2 - #IPv4_address 192.168.0.1 - #IPv4_address 192.168.1.1 - #IPv4_address 192.168.100.100 # dedicated link ip - # - # You can also specify networks in format IP/cidr. - # IPv4_address 192.168.0.0/24 - # - # You can also specify an IPv6 address - # IPv6_address ::1 - } - - # - # Uncomment this line below if you want to filter by flow state. - # This option introduces a trade-off in the replication: it - # reduces CPU consumption at the cost of having lazy backup - # firewall replicas. The existing TCP states are: SYN_SENT, - # SYN_RECV, ESTABLISHED, FIN_WAIT, CLOSE_WAIT, LAST_ACK, - # TIME_WAIT, CLOSED, LISTEN. - # - # State Accept { - # ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP - # } - } -} diff --git a/systemvm/pom.xml b/systemvm/pom.xml index 0ae3e029ae99..e5d252313d92 100644 --- a/systemvm/pom.xml +++ b/systemvm/pom.xml @@ -88,7 +88,7 @@ - patches/debian/root/.ssh + debian/root/.ssh authorized_keys @@ -112,10 +112,7 @@ - - - - + diff --git a/systemvm/patches/test/TestCsAddress.py b/systemvm/test/TestCsAddress.py similarity index 100% rename from systemvm/patches/test/TestCsAddress.py rename to systemvm/test/TestCsAddress.py diff --git a/systemvm/patches/test/TestCsApp.py b/systemvm/test/TestCsApp.py similarity index 100% rename from systemvm/patches/test/TestCsApp.py rename to systemvm/test/TestCsApp.py diff --git a/systemvm/patches/test/TestCsCmdLine.py b/systemvm/test/TestCsCmdLine.py similarity index 100% rename from systemvm/patches/test/TestCsCmdLine.py rename to systemvm/test/TestCsCmdLine.py diff --git a/systemvm/patches/test/TestCsConfig.py b/systemvm/test/TestCsConfig.py similarity index 100% rename from systemvm/patches/test/TestCsConfig.py rename to systemvm/test/TestCsConfig.py diff --git a/systemvm/patches/test/TestCsDatabag.py b/systemvm/test/TestCsDatabag.py similarity index 100% rename from systemvm/patches/test/TestCsDatabag.py rename to systemvm/test/TestCsDatabag.py diff --git a/systemvm/patches/test/TestCsDhcp.py b/systemvm/test/TestCsDhcp.py similarity index 100% rename from systemvm/patches/test/TestCsDhcp.py rename to systemvm/test/TestCsDhcp.py diff --git a/systemvm/patches/test/TestCsFile.py b/systemvm/test/TestCsFile.py similarity index 100% rename from systemvm/patches/test/TestCsFile.py rename to systemvm/test/TestCsFile.py diff --git a/systemvm/patches/test/TestCsGuestNetwork.py b/systemvm/test/TestCsGuestNetwork.py similarity index 94% rename from systemvm/patches/test/TestCsGuestNetwork.py rename to systemvm/test/TestCsGuestNetwork.py index 08a6b3723332..06e2d16cc4a5 100644 --- a/systemvm/patches/test/TestCsGuestNetwork.py +++ b/systemvm/test/TestCsGuestNetwork.py @@ -17,6 +17,7 @@ import unittest from cs.CsGuestNetwork import CsGuestNetwork +from cs.CsConfig import CsConfig import merge @@ -30,7 +31,7 @@ def test_init(self): self.assertTrue(csguestnetwork is not None) def test_get_dns(self): - csguestnetwork = CsGuestNetwork({}, {}) + csguestnetwork = CsGuestNetwork({}, CsConfig()) csguestnetwork.guest = True csguestnetwork.set_dns("1.1.1.1,2.2.2.2") csguestnetwork.set_router("3.3.3.3") diff --git a/systemvm/patches/test/TestCsHelper.py b/systemvm/test/TestCsHelper.py similarity index 100% rename from systemvm/patches/test/TestCsHelper.py rename to systemvm/test/TestCsHelper.py diff --git a/systemvm/patches/test/TestCsInterface.py b/systemvm/test/TestCsInterface.py similarity index 100% rename from systemvm/patches/test/TestCsInterface.py rename to systemvm/test/TestCsInterface.py diff --git a/systemvm/patches/test/TestCsNetfilter.py b/systemvm/test/TestCsNetfilter.py similarity index 100% rename from systemvm/patches/test/TestCsNetfilter.py rename to systemvm/test/TestCsNetfilter.py diff --git a/systemvm/patches/test/TestCsProcess.py b/systemvm/test/TestCsProcess.py similarity index 100% rename from systemvm/patches/test/TestCsProcess.py rename to systemvm/test/TestCsProcess.py diff --git a/systemvm/patches/test/TestCsRedundant.py b/systemvm/test/TestCsRedundant.py similarity index 100% rename from systemvm/patches/test/TestCsRedundant.py rename to systemvm/test/TestCsRedundant.py diff --git a/systemvm/patches/test/TestCsRoute.py b/systemvm/test/TestCsRoute.py similarity index 87% rename from systemvm/patches/test/TestCsRoute.py rename to systemvm/test/TestCsRoute.py index 6035258aa730..f9982fe1f8f0 100644 --- a/systemvm/patches/test/TestCsRoute.py +++ b/systemvm/test/TestCsRoute.py @@ -31,11 +31,12 @@ def test_init(self): def test_defaultroute_exists(self): csroute = CsRoute() - self.assertFalse(csroute.defaultroute_exists()) + self.assertTrue(csroute.defaultroute_exists()) def test_add_defaultroute(self): csroute = CsRoute() - self.assertTrue(csroute.add_defaultroute("192.168.1.1")) + # Default route would exist on any test environment with network + self.assertFalse(csroute.add_defaultroute("192.168.1.1")) def test_get_tablename(self): csroute = CsRoute() diff --git a/systemvm/patches/test/TestCsRule.py b/systemvm/test/TestCsRule.py similarity index 100% rename from systemvm/patches/test/TestCsRule.py rename to systemvm/test/TestCsRule.py diff --git a/systemvm/patches/test/runtests.sh b/systemvm/test/runtests.sh similarity index 67% rename from systemvm/patches/test/runtests.sh rename to systemvm/test/runtests.sh index e64f8674a08f..04290e77608b 100644 --- a/systemvm/patches/test/runtests.sh +++ b/systemvm/test/runtests.sh @@ -21,7 +21,24 @@ export PYTHONPATH="../debian/opt/cloud/bin/" export PYTHONDONTWRITEBYTECODE=False -pep8 --max-line-length=179 --exclude=monitorServices.py,baremetal-vr.py,passwd_server_ip.py `find ../../patches -name \*.py` +echo "Running pep8 to check systemvm/python code for errors" pep8 --max-line-length=179 *py +pep8 --max-line-length=179 --exclude=monitorServices.py,baremetal-vr.py,passwd_server_ip.py `find ../debian -name \*.py` +if [ $? -gt 0 ] +then + echo "Pylint failed, please check your code" + exit 1 +fi +echo "Running pylint to check systemvm/python code for errors" +pylint --disable=R,C,W *.py +pylint --disable=R,C,W `find ../debian -name \*.py` +if [ $? -gt 0 ] +then + echo "Pylint failed, please check your code" + exit 1 +fi + +echo "Running systemvm/python unit tests" nosetests . +exit $? diff --git a/test/integration/smoke/test_deploy_virtio_scsi_vm.py b/test/integration/smoke/test_deploy_virtio_scsi_vm.py index fbff31c3a9a0..52ef25470fdd 100644 --- a/test/integration/smoke/test_deploy_virtio_scsi_vm.py +++ b/test/integration/smoke/test_deploy_virtio_scsi_vm.py @@ -130,7 +130,6 @@ def setUpClass(cls): cls.services["service_offerings"]["small"] ) - cls.sparse_disk_offering = DiskOffering.create( cls.apiclient, cls.services["sparse_disk_offering"] diff --git a/test/integration/smoke/test_deploy_vm_iso.py b/test/integration/smoke/test_deploy_vm_iso.py index 76ba2b7ec5f6..5298c48ee197 100644 --- a/test/integration/smoke/test_deploy_vm_iso.py +++ b/test/integration/smoke/test_deploy_vm_iso.py @@ -130,7 +130,7 @@ def test_deploy_vm_from_iso(self): ) try: # Download the ISO - self.iso.download(self.apiclient) + self.iso.download(self.apiclient, retries=150) except Exception as e: raise Exception("Exception while downloading ISO %s: %s" diff --git a/test/integration/smoke/test_hosts.py b/test/integration/smoke/test_hosts.py deleted file mode 100644 index 952f16009491..000000000000 --- a/test/integration/smoke/test_hosts.py +++ /dev/null @@ -1,170 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -""" BVT tests for Hosts and Clusters -""" -#Import Local Modules -import marvin -from marvin.cloudstackTestCase import * -from marvin.cloudstackAPI import * -from marvin.lib.utils import * -from marvin.lib.base import * -from marvin.lib.common import * -from marvin.lib.utils import (random_gen) -from nose.plugins.attrib import attr - -#Import System modules -import time - -_multiprocess_shared_ = True - -class TestHosts(cloudstackTestCase): - - def setUp(self): - self.apiclient = self.testClient.getApiClient() - self.hypervisor = self.testClient.getHypervisorInfo() - self.dbclient = self.testClient.getDbConnection() - self.services = self.testClient.getParsedTestDataConfig() - self.zone = get_zone(self.apiclient, self.testClient.getZoneForTests()) - self.pod = get_pod(self.apiclient, self.zone.id) - self.cleanup = [] - - return - - def tearDown(self): - try: - #Clean up, terminate the created templates - cleanup_resources(self.apiclient, self.cleanup) - - except Exception as e: - raise Exception("Warning: Exception during cleanup : %s" % e) - return - - #@attr(tags=["selfservice"]) - def test_01_clusters(self): - """Test Add clusters & hosts - simulator - - - # Validate the following: - # 1. Verify hypervisortype returned by API is Simulator/Xen/KVM/VWare - # 2. Verify that the cluster is in 'Enabled' allocation state - # 3. Verify that the host is added successfully and in Up state - # with listHosts API response - - #Create clusters with Hypervisor type Simulator/XEN/KVM/VWare - """ - for k, v in self.services["clusters"].items(): - v["clustername"] = v["clustername"] + "-" + random_gen() - cluster = Cluster.create( - self.apiclient, - v, - zoneid=self.zone.id, - podid=self.pod.id, - hypervisor=v["hypervisor"].lower() - ) - self.debug( - "Created Cluster for hypervisor type %s & ID: %s" %( - v["hypervisor"], - cluster.id - )) - self.assertEqual( - cluster.hypervisortype.lower(), - v["hypervisor"].lower(), - "Check hypervisor type is " + v["hypervisor"] + " or not" - ) - self.assertEqual( - cluster.allocationstate, - 'Enabled', - "Check whether allocation state of cluster is enabled" - ) - - #If host is externally managed host is already added with cluster - response = list_hosts( - self.apiclient, - clusterid=cluster.id - ) - - if not response: - hypervisor_type = str(cluster.hypervisortype.lower()) - host = Host.create( - self.apiclient, - cluster, - self.services["hosts"][hypervisor_type], - zoneid=self.zone.id, - podid=self.pod.id, - hypervisor=v["hypervisor"].lower() - ) - if host == FAILED: - self.fail("Host Creation Failed") - self.debug( - "Created host (ID: %s) in cluster ID %s" %( - host.id, - cluster.id - )) - #Cleanup Host & Cluster - self.cleanup.append(host) - self.cleanup.append(cluster) - - list_hosts_response = list_hosts( - self.apiclient, - clusterid=cluster.id - ) - self.assertEqual( - isinstance(list_hosts_response, list), - True, - "Check list response returns a valid list" - ) - self.assertNotEqual( - len(list_hosts_response), - 0, - "Check list Hosts response" - ) - - host_response = list_hosts_response[0] - #Check if host is Up and running - self.assertEqual( - host_response.state, - 'Up', - "Check if state of host is Up or not" - ) - #Verify List Cluster Response has newly added cluster - list_cluster_response = list_clusters( - self.apiclient, - id=cluster.id - ) - self.assertEqual( - isinstance(list_cluster_response, list), - True, - "Check list response returns a valid list" - ) - self.assertNotEqual( - len(list_cluster_response), - 0, - "Check list Hosts response" - ) - - cluster_response = list_cluster_response[0] - self.assertEqual( - cluster_response.id, - cluster.id, - "Check cluster ID with list clusters response" - ) - self.assertEqual( - cluster_response.hypervisortype.lower(), - cluster.hypervisortype.lower(), - "Check hypervisor type with is " + v["hypervisor"] + " or not" - ) - return diff --git a/test/integration/smoke/test_privategw_acl.py b/test/integration/smoke/test_privategw_acl.py index bba33eb947bc..b86b96ea0313 100644 --- a/test/integration/smoke/test_privategw_acl.py +++ b/test/integration/smoke/test_privategw_acl.py @@ -28,6 +28,8 @@ import time import logging +import random + class Services: """Test VPC network services - Port Forwarding Rules Test Data Class. @@ -243,14 +245,19 @@ def test_01_vpc_privategw_acl(self): qresultset = self.dbclient.execute( "select vnet from op_dc_vnet_alloc where physical_network_id=\ - (select id from physical_network where uuid='%s' ) and taken is NULL and reservation_id is NULL and account_id is NULL ORDER BY id DESC;" % physical_network.id - ) + (select id from physical_network where uuid='%s');" % physical_network.id) self.assertEqual(validateList(qresultset)[0], PASS, "Invalid sql query response" ) - vlans = qresultset - vlan_1 = int(vlans[0][0]) + + # Find all the vlans that are for dynamic vlan allocation + dc_vlans = sorted(map(lambda x: x[0], qresultset)) + + # Use VLAN id that is not in physical network vlan range for dynamic vlan allocation + vlan_1 = int(physical_network.vlan.split('-')[-1]) + 1 + if vlan_1 in dc_vlans: + vlan_1 = dc_vlans[-1] + random.randint(1, 5) acl = self.createACL(vpc) self.createACLItem(acl.id) @@ -328,14 +335,19 @@ def performVPCTests(self, vpc_off, restart_with_cleanup = False): qresultset = self.dbclient.execute( "select vnet from op_dc_vnet_alloc where physical_network_id=\ - (select id from physical_network where uuid='%s' ) and taken is NULL and reservation_id is NULL and account_id is NULL ORDER BY id DESC;" % physical_network.id - ) + (select id from physical_network where uuid='%s');" % physical_network.id) self.assertEqual(validateList(qresultset)[0], PASS, "Invalid sql query response" - ) - vlans = qresultset - vlan_1 = int(vlans[0][0]) + ) + + # Find all the vlans that are for dynamic vlan allocation + dc_vlans = sorted(map(lambda x: x[0], qresultset)) + + # Use VLAN id that is not in physical network vlan range for dynamic vlan allocation + vlan_1 = int(physical_network.vlan.split('-')[-1]) + 1 + if vlan_1 in dc_vlans: + vlan_1 = dc_vlans[-1] + random.randint(1, 5) acl1 = self.createACL(vpc_1) self.createACLItem(acl1.id, cidr = "0.0.0.0/0") @@ -376,13 +388,25 @@ def performPrivateGWInterfaceTests(self, vpc_off): physical_network = self.get_guest_traffic_physical_network(self.apiclient, self.zone.id) if not physical_network: self.fail("No Physical Networks found!") + qresultset = self.dbclient.execute( "select vnet from op_dc_vnet_alloc where physical_network_id=\ - (select id from physical_network where uuid='%s' ) and taken is NULL and reservation_id is NULL and account_id is NULL ORDER BY id DESC;" % physical_network.id - ) - vlans = qresultset - vlan_1 = int(vlans[0][0]) + (select id from physical_network where uuid='%s');" % physical_network.id) + self.assertEqual(validateList(qresultset)[0], + PASS, + "Invalid sql query response" + ) + # Find all the vlans that are for dynamic vlan allocation + dc_vlans = sorted(map(lambda x: x[0], qresultset)) + + # Use VLAN id that is not in physical network vlan range for dynamic vlan allocation + vlan_1 = int(physical_network.vlan.split('-')[-1]) + 1 + if vlan_1 in dc_vlans: + vlan_1 = dc_vlans[-1] + random.randint(1, 5) + + acl1 = self.createACL(vpc_1) + self.createACLItem(acl1.id, cidr = "0.0.0.0/0") net_offering_no_lb = "network_offering_no_lb" network_1 = self.createNetwork(vpc_1, gateway = '10.0.0.1') @@ -706,18 +730,17 @@ def check_pvt_gw_connectivity(self, virtual_machine, public_ip, vms_ips): self.logger.debug("Sleeping for %s seconds in order to get the firewall applied..." % sleep_time) time.sleep(sleep_time) - sleep_time += sleep_time self.logger.debug("Ping to VM inside another Network Tier") result = str(ssh.execute(ssh_command)) - self.logger.debug("SSH result: %s; COUNT is ==> %s" % (result, result.count("3 received"))) + self.logger.debug("SSH result: %s; COUNT is ==> %s" % (result, result.count("0% packet loss"))) except Exception as e: self.fail("SSH Access failed for %s: %s" % \ (virtual_machine, e) ) - succeeded_pings += result.count("3 received") + succeeded_pings += result.count("0% packet loss") self.assertTrue(succeeded_pings >= minimum_vms_to_pass, diff --git a/test/integration/smoke/test_vpc_redundant.py b/test/integration/smoke/test_vpc_redundant.py index 2c7f4aeac613..372d8476710a 100644 --- a/test/integration/smoke/test_vpc_redundant.py +++ b/test/integration/smoke/test_vpc_redundant.py @@ -275,7 +275,7 @@ def setUpClass(cls): cls.logger.setLevel(logging.DEBUG) cls.logger.addHandler(cls.stream_handler) - return + cls.advert_int = int(Configurations.list(cls.api_client, name="router.redundant.vrrp.interval")[0].value) @classmethod def tearDownClass(cls): @@ -283,7 +283,6 @@ def tearDownClass(cls): cleanup_resources(cls.api_client, cls._cleanup) except Exception as e: raise Exception("Warning: Exception during cleanup : %s" % e) - return def setUp(self): self.routers = [] @@ -344,10 +343,16 @@ def query_routers(self, count=2, showall=False): len(self.routers), count, "Check that %s routers were indeed created" % count) + def wait_for_vrrp(self): + # Wait until 3*advert_int+skew time to get one of the routers as MASTER + time.sleep(3 * self.advert_int + 5) + def check_routers_state(self,count=2, status_to_check="MASTER", expected_count=1, showall=False): vals = ["MASTER", "BACKUP", "UNKNOWN"] cnts = [0, 0, 0] + self.wait_for_vrrp() + result = "UNKNOWN" self.query_routers(count, showall) for router in self.routers: @@ -404,6 +409,7 @@ def stop_router(self, router): self.logger.debug('Stopping router %s' % router.id) cmd = stopRouter.stopRouterCmd() cmd.id = router.id + cmd.forced = True self.apiclient.stopRouter(cmd) def reboot_router(self, router): @@ -657,7 +663,7 @@ def test_04_rvpc_network_garbage_collector_nics(self): @attr(tags=["advanced", "intervlan"], required_hardware="true") def test_05_rvpc_multi_tiers(self): """ Create a redundant VPC with 1 Tier, 1 VM, 1 ACL, 1 PF and test Network GC Nics""" - self.logger.debug("Starting test_04_rvpc_network_garbage_collector_nics") + self.logger.debug("Starting test_05_rvpc_multi_tiers") self.query_routers() network = self.create_network(self.services["network_offering"], "10.1.1.1", nr_vms=1, mark_net_cleanup=False) @@ -732,7 +738,7 @@ def do_default_routes_test(self): ssh_command = "ping -c 3 8.8.8.8" # Should be able to SSH VM - result = 'failed' + packet_loss = 100 try: vm = vmObj.get_vm() public_ip = vmObj.get_ip() @@ -741,19 +747,22 @@ def do_default_routes_test(self): ssh = vm.get_ssh_client(ipaddress=public_ip.ipaddress.ipaddress) self.logger.debug("Ping to google.com from VM") - result = str(ssh.execute(ssh_command)) + result = ssh.execute(ssh_command) - self.logger.debug("SSH result: %s; COUNT is ==> %s" % (result, result.count(" 0% packet loss"))) + for line in result: + if "packet loss" in line: + packet_loss = int(line.split("% packet loss")[0].split(" ")[-1]) + break + + self.logger.debug("SSH result: %s; packet loss is ==> %s" % (result, packet_loss)) except Exception as e: self.fail("SSH Access failed for %s: %s" % \ (vmObj.get_ip(), e) ) - - self.assertEqual( - result.count(" 0% packet loss"), - 1, - "Ping to outside world from VM should be successful" - ) + + # Most pings should be successful + self.assertTrue(packet_loss < 50, + "Ping to outside world from VM should be successful") class networkO(object): diff --git a/tools/appliance/definitions/systemvmtemplate/apt_upgrade.sh b/tools/appliance/definitions/systemvmtemplate/apt_upgrade.sh index eb9b7901d6dc..6f37e343fefd 100644 --- a/tools/appliance/definitions/systemvmtemplate/apt_upgrade.sh +++ b/tools/appliance/definitions/systemvmtemplate/apt_upgrade.sh @@ -19,6 +19,15 @@ set -e set -x +function remove_reserved_blocks() { + for partition in $(blkid -o list | grep ext | awk '{print $1}') + do + tune2fs -m0 $partition + done + fdisk -l + df -h +} + function add_backports() { sed -i '/cdrom/d' /etc/apt/sources.list sed -i '/deb-src/d' /etc/apt/sources.list @@ -33,6 +42,7 @@ function apt_upgrade() { # Setup sudo echo 'cloud ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/cloud + remove_reserved_blocks add_backports rm -fv /root/*.iso @@ -40,8 +50,6 @@ function apt_upgrade() { apt-get autoclean apt-get -q -y update apt-get -q -y upgrade - - df -h } return 2>/dev/null || apt_upgrade diff --git a/tools/appliance/definitions/systemvmtemplate/cleanup.sh b/tools/appliance/definitions/systemvmtemplate/cleanup.sh index 444cc948f170..00f068d2fa71 100644 --- a/tools/appliance/definitions/systemvmtemplate/cleanup.sh +++ b/tools/appliance/definitions/systemvmtemplate/cleanup.sh @@ -20,8 +20,11 @@ set -e set -x function cleanup_apt() { - apt-get -y remove dictionaries-common busybox isc-dhcp-client isc-dhcp-common - apt-get -y autoremove + apt-get -y remove --purge dictionaries-common busybox isc-dhcp-client isc-dhcp-common \ + task-english task-ssh-server tasksel tasksel-data laptop-detect nano wamerican \ + debconf-i18n sharutils gnupg gnupg-agent keyboard-configuration + + apt-get -y autoremove --purge apt-get autoclean apt-get clean } @@ -40,13 +43,28 @@ function cleanup_dev() { } function cleanup_misc() { + # Scripts rm -fr /home/cloud/cloud_scripts* + rm -f /usr/share/cloud/cloud-scripts.tar rm -f /root/.rnd rm -f /var/www/html/index.html + # Logs rm -f /var/log/*.log rm -f /var/log/apache2/* rm -f /var/log/messages rm -f /var/log/syslog + rm -f /var/log/messages + rm -fr /var/log/apt + rm -fr /var/log/installer + # Docs and data files + rm -fr /var/lib/apt/* + rm -fr /var/cache/apt/* + rm -fr /usr/lib/gnupg* + rm -fr /usr/share/doc + rm -fr /usr/share/man + rm -fr /usr/share/info + rm -fr /usr/share/lintian + find /usr/share/locale -type f | grep -v en | xargs rm -fr } function cleanup() { diff --git a/tools/appliance/definitions/systemvmtemplate/configure_login.sh b/tools/appliance/definitions/systemvmtemplate/configure_login.sh index d5f80b105fc6..1d9de06d45bc 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_login.sh +++ b/tools/appliance/definitions/systemvmtemplate/configure_login.sh @@ -27,54 +27,22 @@ function configure_user() { usermod -a -G admin cloud mkdir -p /home/cloud/.ssh chmod 700 /home/cloud/.ssh - echo "cloud:`openssl rand -base64 32`" | chpasswd echo "root:password" | chpasswd } -function configure_sudoers() { - cat >/etc/sudoers < /etc/sudoers.d/cloud -} - -# sshd_config is overwritten from cloud_scripts -#function configure_sshd() { -# grep "UseDNS no" /etc/ssh/sshd_config && \ -# grep "PasswordAuthentication no" /etc/ssh/sshd_config && \ -# return -# # Tweak sshd to prevent DNS resolution (speed up logins) -# echo 'UseDNS no' >> /etc/ssh/sshd_config -# -# # Require ssh keys for login -# sed -i -e 's/^.*PasswordAuthentication .*$/PasswordAuthentication no/g' /etc/ssh/sshd_config -#} - function configure_inittab() { # Fix inittab cat >> /etc/inittab << EOF +0:2345:respawn:/sbin/getty -L 115200 ttyS0 vt102 vc:2345:respawn:/sbin/getty 38400 hvc0 EOF } function configure_login() { - # configure_sshd configure_inittab add_admin_group - configure_sudoers configure_user - rm -fv /home/cloud/configure_login.sh - sync - halt -p } return 2>/dev/null || configure_login diff --git a/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh b/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh index 791f2ead9849..84cb5909c3e9 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh +++ b/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh @@ -34,70 +34,15 @@ function configure_apache2() { function install_cloud_scripts() { # ./cloud_scripts/ has been put there by ../../cloud_scripts_shar_archive.sh rsync -av ./cloud_scripts/ / - chmod +x /opt/cloud/bin/* \ + chmod +x /opt/cloud/bin/* /opt/cloud/bin/setup/* \ /root/{clearUsageRules.sh,reconfigLB.sh,monitorServices.py} \ - /etc/init.d/{cloud-early-config,cloud-passwd-srvr} \ /etc/profile.d/cloud.sh - cat > /etc/systemd/system/cloud-early-config.service << EOF -[Unit] -Description=cloud-early-config: configures systemvm using cmdline -DefaultDependencies=no - -Before=network-pre.target -Wants=network-pre.target - -Requires=local-fs.target -After=local-fs.target - -[Install] -WantedBy=multi-user.target - -[Service] -Type=oneshot -ExecStart=/etc/init.d/cloud-early-config start -ExecStop=/etc/init.d/cloud-early-config stop -RemainAfterExit=true -TimeoutStartSec=5min - -EOF - - cat > /etc/systemd/system/cloud.service << EOF -[Unit] -Description=cloud: startup cloud service -After=cloud-early-config.service network.target local-fs.target - -[Install] -WantedBy=multi-user.target - -[Service] -Type=simple -WorkingDirectory=/usr/local/cloud/systemvm -ExecStart=/usr/local/cloud/systemvm/_run.sh -Restart=always -RestartSec=5 -EOF - - cat > /etc/systemd/system/cloud-passwd-srvr.service << EOF -[Unit] -Description=cloud-passwd-srvr: cloud password server -After=network.target local-fs.target - -[Install] -WantedBy=multi-user.target - -[Service] -Type=forking -ExecStart=/etc/init.d/cloud-passwd-srvr start -ExecStop=/etc/init.d/cloud-passwd-srvr stop -Restart=always -RestartSec=5 -EOF + chmod -x /etc/systemd/system/* systemctl daemon-reload systemctl enable cloud-early-config - systemctl disable cloud - systemctl disable cloud-passwd-srvr + systemctl enable cloud-postinit } function do_signature() { diff --git a/tools/appliance/definitions/systemvmtemplate/definition.rb b/tools/appliance/definitions/systemvmtemplate/definition.rb index 33c8e8bd02ac..03be56845b66 100644 --- a/tools/appliance/definitions/systemvmtemplate/definition.rb +++ b/tools/appliance/definitions/systemvmtemplate/definition.rb @@ -81,11 +81,11 @@ 'configure_systemvm_services.sh', 'authorized_keys.sh', 'configure_persistent_config.sh', + # setup login stuff + 'configure_login.sh', # cleanup & space-saving 'cleanup.sh', - 'zerodisk.sh', - # setup login stuff - 'configure_login.sh' + 'finalize.sh' ], :postinstall_timeout => '10000' } diff --git a/tools/appliance/definitions/systemvmtemplate/zerodisk.sh b/tools/appliance/definitions/systemvmtemplate/finalize.sh similarity index 68% rename from tools/appliance/definitions/systemvmtemplate/zerodisk.sh rename to tools/appliance/definitions/systemvmtemplate/finalize.sh index d002316d658d..1a25e399e77a 100644 --- a/tools/appliance/definitions/systemvmtemplate/zerodisk.sh +++ b/tools/appliance/definitions/systemvmtemplate/finalize.sh @@ -19,6 +19,26 @@ set -e set -x +function configure_misc() { + rm -fv /home/cloud/*.sh + echo "cloud:`openssl rand -base64 32`" | chpasswd +} + +function configure_sudoers() { + cat >/etc/sudoers < /etc/sudoers.d/cloud +} + # clean up stuff copied in by veewee function cleanup_veewee() { # this has to be here since it is the last file to run (and we remove ourselves) @@ -31,19 +51,22 @@ function cleanup_veewee() { # Zero out the free space to save space in the final image: function zero_disk() { - cleanup_veewee - for path in / /boot /var/log /tmp do dd if=/dev/zero of=${path}/zero bs=1M || true sync rm -f ${path}/zero done + df -h +} - for partition in $(blkid -o list | grep ext | awk '{print $1}') - do - tune2fs -m0 $partition - done +function finalize() { + configure_misc + configure_sudoers + cleanup_veewee + sync + zero_disk + halt -p } -return 2>/dev/null || zero_disk +return 2>/dev/null || finalize diff --git a/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh b/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh index 2cceb989a258..40ff6df4d68c 100644 --- a/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh +++ b/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh @@ -53,7 +53,7 @@ function install_packages() { fi ${apt_get} install grub-legacy \ - rsyslog logrotate cron net-tools ifupdown vim tmux netbase iptables \ + rsyslog logrotate cron net-tools ifupdown vim netbase iptables \ openssh-server e2fsprogs tcpdump socat wget \ python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps \ inetutils-ping iputils-arping httping curl \ @@ -67,7 +67,6 @@ function install_packages() { xenstore-utils libxenstore3.0 \ ipvsadm conntrackd libnetfilter-conntrack3 \ keepalived irqbalance \ - libnl-3-200 libnl-genl-3-200 \ ipcalc \ openjdk-8-jre-headless \ ipset \ @@ -80,16 +79,14 @@ function install_packages() { strongswan libcharon-extra-plugins libstrongswan-extra-plugins \ virt-what open-vm-tools qemu-guest-agent hyperv-daemons + apt-get -y autoremove --purge + apt-get autoclean + apt-get clean + # Install xenserver guest utilities as debian repos don't have it wget https://mirrors.kernel.org/ubuntu/pool/universe/x/xe-guest-utilities/xe-guest-utilities_7.4.0-0ubuntu1_amd64.deb dpkg -i xe-guest-utilities_7.4.0-0ubuntu1_amd64.deb rm -f xe-guest-utilities_7.4.0-0ubuntu1_amd64.deb - - apt-get autoclean - apt-get clean - - apt-get update - apt-get -y upgrade } return 2>/dev/null || install_packages diff --git a/tools/appliance/definitions/systemvmtemplate/preseed.cfg b/tools/appliance/definitions/systemvmtemplate/preseed.cfg index 99bd6eb04ab8..5a8e2d9fba99 100644 --- a/tools/appliance/definitions/systemvmtemplate/preseed.cfg +++ b/tools/appliance/definitions/systemvmtemplate/preseed.cfg @@ -57,7 +57,7 @@ d-i partman-auto/method string regular d-i partman-auto/choose_recipe select atomic d-i partman-auto/expert_recipe string \ boot-root :: \ - 80 50 100 ext2 \ + 50 50 50 ext2 \ $primary{ } $bootable{ } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext2 } \ @@ -68,17 +68,12 @@ d-i partman-auto/expert_recipe string \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ / } \ . \ - 300 50 300 ext4 \ + 350 50 400 ext4 \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /var/log } \ . \ - 100 90 100 ext4 \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /tmp } \ - . \ - 100 100 200 linux-swap \ + 100 100 100 linux-swap \ method{ swap } format{ } \ . diff --git a/tools/appliance/shar_cloud_scripts.sh b/tools/appliance/shar_cloud_scripts.sh index 5504d16e3ae8..30ae2cb6f407 100755 --- a/tools/appliance/shar_cloud_scripts.sh +++ b/tools/appliance/shar_cloud_scripts.sh @@ -37,14 +37,11 @@ TEMP_DIR=`mktemp -d ${TMPDIR}/shar_cloud.XXXXXXXX` cd ${TEMP_DIR} mkdir cloud_scripts mkdir -p cloud_scripts/opt/cloudstack -cp -r ${CLOUDSTACK_DIR}/systemvm/patches/debian/config/* cloud_scripts/ -cp -r ${CLOUDSTACK_DIR}/systemvm/patches/debian/vpn/* cloud_scripts/ +cp -r ${CLOUDSTACK_DIR}/systemvm/debian/* cloud_scripts/ mkdir -p cloud_scripts/usr/share/cloud -cd ${CLOUDSTACK_DIR}/systemvm/patches/debian/config +cd ${CLOUDSTACK_DIR}/systemvm/debian tar -cf ${TEMP_DIR}/cloud_scripts/usr/share/cloud/cloud-scripts.tar * -cd ${CLOUDSTACK_DIR}/systemvm/patches/debian/vpn -tar -rf ${TEMP_DIR}/cloud_scripts/usr/share/cloud/cloud-scripts.tar * cd ${TEMP_DIR} shar `find . -print` > ${CURR_DIR}/cloud_scripts_shar_archive.sh diff --git a/tools/marvin/marvin/config/test_data.py b/tools/marvin/marvin/config/test_data.py index e99c8ba0f381..bca541f62377 100644 --- a/tools/marvin/marvin/config/test_data.py +++ b/tools/marvin/marvin/config/test_data.py @@ -1780,24 +1780,24 @@ "VHD": { "templatename": "XenUploadtemplate", "displaytext": "XenUploadtemplate", - "url": "http://people.apache.org/~sanjeev/centos56-x86_64.vhd.bz2", + "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-xen.vhd.bz2", "hypervisor":"XenServer", - "checksum": "09b08b6abb1b903fca7711d3ac8d6598", + "checksum": "54ebc933e6e07ae58c0dc97dfd37c824", "ostypeid":"74affaea-c658-11e4-ad38-a6d1374244b4" }, "OVA": { "templatename": "VMwareUploadtemplate", "displaytext": "VMwareUploadtemplate", - "url": "http://people.apache.org/~sanjeev/CentOS5.3-x86_64.ova", - "checksum": "02de0576dd3a61ab59c03fd795fc86ac", + "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-vmware.ova", + "checksum": "d6d97389b129c7d898710195510bf4fb", "hypervisor":"VMware", "ostypeid":"74affaea-c658-11e4-ad38-a6d1374244b4" }, "QCOW2": { "templatename": "KVMUploadtemplate", "displaytext": "VMwareUploadtemplate", - "url": "http://people.apache.org/~sanjeev/eec2209b-9875-3c8d-92be-c001bd8a0faf.qcow2.bz2", - "checksum": "da997b697feaa2f1f6e0d4785b0cece2", + "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-kvm.qcow2.bz2", + "checksum": "ada77653dcf1e59495a9e1ac670ad95f", "hypervisor":"KVM", "ostypeid":"2e02e376-cdf3-11e4-beb3-8aa6272b57ef" }, @@ -1883,7 +1883,7 @@ "name": "testISO", "bootable": True, "ispublic": False, - "url": "http://people.apache.org/~sanjeev/CentOS-6.3-x86_64-bin-DVD1.iso", + "url": "http://dl.openvm.eu/cloudstack/iso/TinyCore-8.0.iso", "ostype": 'CentOS 6.3 (64-bit)', "mode": 'HTTP_DOWNLOAD' }, diff --git a/tools/travis/before_install.sh b/tools/travis/before_install.sh index 409bf8a7ffd4..c31213ee052f 100755 --- a/tools/travis/before_install.sh +++ b/tools/travis/before_install.sh @@ -100,7 +100,7 @@ pip install --user --upgrade pip for ((i=0;i<$RETRY_COUNT;i++)) do - pip install --user --upgrade lxml paramiko nose texttable ipmisim pyopenssl > /tmp/piplog + pip install --user --upgrade lxml paramiko nose texttable ipmisim pyopenssl mock flask netaddr pylint pep8 > /tmp/piplog if [[ $? -eq 0 ]]; then echo -e "\npython packages installed successfully" break; diff --git a/tools/travis/install.sh b/tools/travis/install.sh index d759528208f3..6744979b3992 100755 --- a/tools/travis/install.sh +++ b/tools/travis/install.sh @@ -25,9 +25,13 @@ export MAVEN_OPTS="-Xmx4096m -XX:MaxPermSize=800m -Djava.security.egd=file:/dev/ set -e if [ $TEST_SEQUENCE_NUMBER -eq 1 ]; then + # Pylint/pep8 systemvm python codebase + cd systemvm/test && bash -x runtests.sh && cd ../.. + # Build noredist git clone https://github.com/rhtyd/cloudstack-nonoss.git nonoss cd nonoss && bash -x install-non-oss.sh && cd .. git clean -fdx . + # Perform rat checks mvn -P developer,systemvm -Dsimulator -Dnoredist --projects='org.apache.cloudstack:cloudstack' org.apache.rat:apache-rat-plugin:0.12:check mvn -q -B -P developer,systemvm -Dsimulator -Dnoredist clean install else diff --git a/tools/whisker/LICENSE b/tools/whisker/LICENSE index d14a974e2c10..e107c4fc8d51 100644 --- a/tools/whisker/LICENSE +++ b/tools/whisker/LICENSE @@ -2758,7 +2758,7 @@ Within the deps/awsapi-lib directory from VMware, Inc http://www.vmware.com/ rabbitmq-client.jar from http://www.rabbitmq.com/java-client.html -Within the patches/systemvm/debian/config/etc directory +Within the systemvm/debian/etc directory placed in the public domain by Adiscon GmbH http://www.adiscon.com/ rsyslog.conf @@ -2766,14 +2766,14 @@ Within the patches/systemvm/debian/config/etc directory dnsmasq.conf vpcdnsmasq.conf -Within the patches/systemvm/debian/config/etc/apache2 directory +Within the systemvm/debian/config/etc/apache2 directory licensed under the Apache License, Version 2 http://www.apache.org/licenses/LICENSE-2.0.txt (as above) Copyright (c) 2012 The Apache Software Foundation from The Apache Software Foundation http://www.apache.org/ httpd.conf vhost.template -Within the patches/systemvm/debian/config/etc/ssh/ directory +Within the systemvm/debian/etc/ssh/ directory licensed under the BSD (2-clause) http://www.opensource.org/licenses/BSD-2-Clause (as follows) @@ -2804,7 +2804,7 @@ Within the patches/systemvm/debian/config/etc/ssh/ directory from OpenSSH Project http://www.openssh.org/ sshd_config -Within the patches/systemvm/debian/config/root/redundant_router directory +Within the systemvm/debian/root/redundant_router directory placed in the public domain by The netfilter.org project http://www.netfilter.org/ conntrackd.conf.templ diff --git a/tools/whisker/descriptor-for-packaging.xml b/tools/whisker/descriptor-for-packaging.xml index bc78b56e8761..3a7624d28f54 100644 --- a/tools/whisker/descriptor-for-packaging.xml +++ b/tools/whisker/descriptor-for-packaging.xml @@ -2452,7 +2452,7 @@ This product includes software developed at The Apache Software Foundation (http://www.apache.org/). - + Copyright (c) 2012 The Apache Software Foundation @@ -2463,7 +2463,7 @@ Copyright (c) 2012 The Apache Software Foundation - + @@ -2474,14 +2474,14 @@ Copyright (c) 2012 The Apache Software Foundation - + - + diff --git a/tools/whisker/descriptor.xml b/tools/whisker/descriptor.xml index 2bc2abaf9acb..3fe1047686e8 100644 --- a/tools/whisker/descriptor.xml +++ b/tools/whisker/descriptor.xml @@ -2436,7 +2436,7 @@ This product includes software developed at The Apache Software Foundation (http://www.apache.org/). - + Copyright (c) 2012 The Apache Software Foundation @@ -2447,7 +2447,7 @@ Copyright (c) 2012 The Apache Software Foundation - + @@ -2458,14 +2458,14 @@ Copyright (c) 2012 The Apache Software Foundation - + - + diff --git a/utils/src/main/java/com/cloud/utils/nio/Link.java b/utils/src/main/java/com/cloud/utils/nio/Link.java index 35211c8a458f..25f6662c5225 100644 --- a/utils/src/main/java/com/cloud/utils/nio/Link.java +++ b/utils/src/main/java/com/cloud/utils/nio/Link.java @@ -505,7 +505,7 @@ private static HandshakeHolder doHandshakeUnwrap(final SocketChannel socketChann s_logger.error(String.format("SSL error caught during unwrap data: %s, for local address=%s, remote address=%s. The client may have invalid ca-certificates.", sslException.getMessage(), socketChannel.getLocalAddress(), socketChannel.getRemoteAddress())); sslEngine.closeOutbound(); - return new HandshakeHolder(peerAppData, peerNetData, true); + return new HandshakeHolder(peerAppData, peerNetData, false); } if (result == null) { return new HandshakeHolder(peerAppData, peerNetData, false); From facc5945f0e5081c166dd5a979c9ebb50dfa5562 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Sat, 9 Dec 2017 16:37:31 +0530 Subject: [PATCH 12/22] CLOUDSTACK-10193: Fix smoke tests failures with new systemvmtemplate - Several systemvmtemplate optimizations - Uses new macchinina template for running smoke tests - Switch to latest Debian 9.3.0 release for systemvmtemplate - Introduce a new `get_test_template` that uses tiny test template such as macchinina as defined test_data.py - rVR related fixes and improvements Signed-off-by: Rohit Yadav --- .travis.yml | 11 ++- .../jobs/impl/AsyncJobManagerImpl.java | 4 + .../cloud/resource/ResourceManagerImpl.java | 2 +- .../src/com/cloud/server/StatsCollector.java | 12 ++- .../secondary/SecondaryStorageVmManager.java | 6 +- .../SecondaryStorageManagerImpl.java | 2 +- systemvm/debian/etc/issue | 2 +- systemvm/debian/etc/rc.local | 28 ------ .../etc/systemd/system/cloud-postinit.service | 2 +- systemvm/debian/opt/cloud/bin/cs/CsApp.py | 2 +- .../debian/opt/cloud/bin/cs/CsRedundant.py | 11 ++- systemvm/debian/opt/cloud/bin/passwd_server | 26 ------ .../debian/opt/cloud/bin/passwd_server_ip | 29 ------ systemvm/debian/opt/cloud/bin/setup/common.sh | 61 +----------- .../opt/cloud/bin/setup/consoleproxy.sh | 2 +- .../debian/opt/cloud/bin/setup/dhcpsrvr.sh | 2 +- systemvm/debian/opt/cloud/bin/setup/elbvm.sh | 2 +- systemvm/debian/opt/cloud/bin/setup/ilbvm.sh | 2 +- .../opt/cloud/bin/setup/patchsystemvm.sh | 4 + .../debian/opt/cloud/bin/setup/postinit.sh | 46 ++++++++-- systemvm/debian/opt/cloud/bin/setup/router.sh | 5 - .../debian/opt/cloud/bin/setup/secstorage.sh | 2 +- .../debian/opt/cloud/bin/setup/vpcrouter.sh | 5 - .../debian/opt/cloud/bin/update_config.py | 7 -- .../debian/opt/cloud/bin/vpc_passwd_server | 32 ------- .../opt/cloud/templates/keepalived.conf.templ | 11 ++- test/integration/smoke/test_accounts.py | 22 +++-- .../integration/smoke/test_affinity_groups.py | 10 +- .../smoke/test_affinity_groups_projects.py | 11 ++- test/integration/smoke/test_deploy_vm_iso.py | 7 +- .../smoke/test_deploy_vm_with_userdata.py | 11 ++- ...ploy_vms_with_varied_deploymentplanners.py | 9 +- .../smoke/test_host_maintenance.py | 6 +- test/integration/smoke/test_hostha_kvm.py | 4 +- test/integration/smoke/test_internal_lb.py | 53 ++--------- .../smoke/test_list_ids_parameter.py | 10 +- test/integration/smoke/test_loadbalance.py | 10 +- test/integration/smoke/test_metrics_api.py | 4 +- .../smoke/test_multipleips_per_nic.py | 7 +- .../smoke/test_nested_virtualization.py | 15 ++- test/integration/smoke/test_network.py | 36 ++++---- test/integration/smoke/test_network_acl.py | 9 +- .../smoke/test_nic_adapter_type.py | 6 +- .../integration/smoke/test_password_server.py | 7 +- .../smoke/test_portforwardingrules.py | 6 +- test/integration/smoke/test_privategw_acl.py | 5 +- test/integration/smoke/test_projects.py | 7 +- .../smoke/test_reset_vm_on_reboot.py | 7 +- .../smoke/test_router_dhcphosts.py | 12 ++- test/integration/smoke/test_router_dns.py | 11 ++- .../smoke/test_router_dnsservice.py | 11 ++- test/integration/smoke/test_routers.py | 12 +-- .../test_routers_iptables_default_policy.py | 15 +-- .../smoke/test_routers_network_ops.py | 70 ++------------ .../smoke/test_service_offerings.py | 11 +-- test/integration/smoke/test_snapshots.py | 65 +------------ test/integration/smoke/test_templates.py | 22 ++--- test/integration/smoke/test_usage.py | 22 +---- test/integration/smoke/test_vpc_redundant.py | 54 +---------- .../integration/smoke/test_vpc_router_nics.py | 30 +++--- test/integration/smoke/test_vpc_vpn.py | 92 ++----------------- tools/appliance/build.sh | 4 +- .../systemvmtemplate/apt_upgrade.sh | 9 +- .../definitions/systemvmtemplate/cleanup.sh | 5 +- .../systemvmtemplate/configure_grub.sh | 4 +- .../systemvmtemplate/definition.rb | 8 +- .../definitions/systemvmtemplate/finalize.sh | 3 +- .../install_systemvm_packages.sh | 2 +- .../definitions/systemvmtemplate/preseed.cfg | 13 ++- tools/marvin/marvin/config/test_data.py | 46 ++++++++++ tools/marvin/marvin/lib/base.py | 7 +- tools/marvin/marvin/lib/common.py | 47 ++++++++++ ui/l10n/en.js | 1 - ui/scripts/system.js | 4 +- ui/scripts/ui/dialog.js | 2 +- ui/scripts/ui/widgets/multiEdit.js | 2 +- 76 files changed, 441 insertions(+), 723 deletions(-) delete mode 100755 systemvm/debian/opt/cloud/bin/passwd_server delete mode 100755 systemvm/debian/opt/cloud/bin/passwd_server_ip delete mode 100755 systemvm/debian/opt/cloud/bin/vpc_passwd_server diff --git a/.travis.yml b/.travis.yml index a206cbeedf10..b4749c05e312 100644 --- a/.travis.yml +++ b/.travis.yml @@ -115,8 +115,7 @@ env: component/test_acl_sharednetwork_deployVM-impersonation component/test_affinity_groups_projects component/test_cpu_domain_limits - component/test_cpu_limits - component/test_volumes" + component/test_cpu_limits" - TESTS="component/test_cpu_max_limits component/test_acl_isolatednetwork @@ -144,10 +143,12 @@ env: component/test_snapshots component/test_stopped_vm" - - TESTS="component/test_resource_limits - component/test_tags + - TESTS="component/test_resource_limits" + + - TESTS="component/test_tags component/test_templates - component/test_update_vm" + component/test_update_vm + component/test_volumes" - TESTS="component/test_vpc component/test_vpc_network diff --git a/framework/jobs/src/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java b/framework/jobs/src/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java index 7f2e1567d7ac..3ce96a677fb4 100644 --- a/framework/jobs/src/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java +++ b/framework/jobs/src/org/apache/cloudstack/framework/jobs/impl/AsyncJobManagerImpl.java @@ -216,6 +216,10 @@ public long submitAsyncJob(final AsyncJob job, final String syncObjType, final l @SuppressWarnings("rawtypes") final GenericDao dao = GenericDaoBase.getDao(job.getClass()); + if (dao == null) { + throw new CloudRuntimeException(String.format("Failed to get dao from job's class=%s, for job id=%d, cmd=%s", job.getClass(), job.getId(), job.getCmd())); + } + publishOnEventBus(job, "submit"); if (!_vmInstanceDao.lockInLockTable(String.valueOf(syncObjId), VmJobLockTimeout.value())){ diff --git a/server/src/com/cloud/resource/ResourceManagerImpl.java b/server/src/com/cloud/resource/ResourceManagerImpl.java index 33c36de2f8e1..c9916e90130b 100755 --- a/server/src/com/cloud/resource/ResourceManagerImpl.java +++ b/server/src/com/cloud/resource/ResourceManagerImpl.java @@ -2274,7 +2274,7 @@ private boolean doCancelMaintenance(final long hostId) { } try { - SSHCmdHelper.SSHCmdResult result = SSHCmdHelper.sshExecuteCmdOneShot(connection, "service cloudstack-agent restart || systemctl restart cloudstack-agent"); + SSHCmdHelper.SSHCmdResult result = SSHCmdHelper.sshExecuteCmdOneShot(connection, "service cloudstack-agent restart"); s_logger.debug("cloudstack-agent restart result: " + result.toString()); } catch (final SshException e) { return false; diff --git a/server/src/com/cloud/server/StatsCollector.java b/server/src/com/cloud/server/StatsCollector.java index 305711ec27b5..d32ed98b1e81 100644 --- a/server/src/com/cloud/server/StatsCollector.java +++ b/server/src/com/cloud/server/StatsCollector.java @@ -918,7 +918,12 @@ else if (volume.getFormat() == ImageFormat.OVA){ try { HashMap volumeStatsByUuid = _userVmMgr.getVolumeStatistics(pool.getClusterId(), pool.getUuid(), pool.getPoolType(), volumeLocators, StatsTimeout.value()); if (volumeStatsByUuid != null){ - _volumeStats.putAll(volumeStatsByUuid); + for (final Map.Entry entry : volumeStatsByUuid.entrySet()) { + if (entry == null || entry.getKey() == null || entry.getValue() == null) { + continue; + } + _volumeStats.put(entry.getKey(), entry.getValue()); + } } } catch (Exception e) { s_logger.warn("Failed to get volume stats for cluster with ID: " + pool.getClusterId(), e); @@ -932,7 +937,10 @@ else if (volume.getFormat() == ImageFormat.OVA){ } public VolumeStats getVolumeStats(String volumeLocator) { - return _volumeStats.get(volumeLocator); + if (volumeLocator != null && _volumeStats.containsKey(volumeLocator)) { + return _volumeStats.get(volumeLocator); + } + return null; } class StorageCollector extends ManagedContextRunnable { diff --git a/server/src/com/cloud/storage/secondary/SecondaryStorageVmManager.java b/server/src/com/cloud/storage/secondary/SecondaryStorageVmManager.java index 3b32c851f0a1..99073f758e29 100644 --- a/server/src/com/cloud/storage/secondary/SecondaryStorageVmManager.java +++ b/server/src/com/cloud/storage/secondary/SecondaryStorageVmManager.java @@ -27,11 +27,11 @@ public interface SecondaryStorageVmManager extends Manager { - public static final int DEFAULT_SS_VM_RAMSIZE = 512; // 512M - public static final int DEFAULT_SS_VM_CPUMHZ = 500; // 500 MHz + public static final int DEFAULT_SS_VM_RAMSIZE = 1024; // 1024M + public static final int DEFAULT_SS_VM_CPUMHZ = 500; // 500 MHz public static final int DEFAULT_SS_VM_MTUSIZE = 1500; public static final int DEFAULT_SS_VM_CAPACITY = 50; // max command execution session per SSVM - public static final int DEFAULT_STANDBY_CAPACITY = 10; // standy capacity to reserve per zone + public static final int DEFAULT_STANDBY_CAPACITY = 10; // standy capacity to reserve per zone public static final String ALERT_SUBJECT = "secondarystoragevm-alert"; diff --git a/services/secondary-storage/controller/src/org/apache/cloudstack/secondarystorage/SecondaryStorageManagerImpl.java b/services/secondary-storage/controller/src/org/apache/cloudstack/secondarystorage/SecondaryStorageManagerImpl.java index 273fdd0d1167..bed031353424 100644 --- a/services/secondary-storage/controller/src/org/apache/cloudstack/secondarystorage/SecondaryStorageManagerImpl.java +++ b/services/secondary-storage/controller/src/org/apache/cloudstack/secondarystorage/SecondaryStorageManagerImpl.java @@ -951,7 +951,7 @@ public boolean configure(String name, Map params) throws Configu int ramSize = NumbersUtil.parseInt(_configDao.getValue("ssvm.ram.size"), DEFAULT_SS_VM_RAMSIZE); int cpuFreq = NumbersUtil.parseInt(_configDao.getValue("ssvm.cpu.mhz"), DEFAULT_SS_VM_CPUMHZ); List offerings = _offeringDao.createSystemServiceOfferings("System Offering For Secondary Storage VM", - ServiceOffering.ssvmDefaultOffUniqueName, 1, ramSize, cpuFreq, null, null, false, null, + ServiceOffering.ssvmDefaultOffUniqueName, 2, ramSize, cpuFreq, null, null, false, null, Storage.ProvisioningType.THIN, true, null, true, VirtualMachine.Type.SecondaryStorageVm, true); // this can sometimes happen, if DB is manually or programmatically manipulated if (offerings == null || offerings.size() < 2) { diff --git a/systemvm/debian/etc/issue b/systemvm/debian/etc/issue index 2d2b7c0f2f19..fdef90e7c8a8 100644 --- a/systemvm/debian/etc/issue +++ b/systemvm/debian/etc/issue @@ -1,3 +1,3 @@ - __?.o/ Apache CloudStack SystemVM 4.11 + __?.o/ Apache CloudStack SystemVM ( )# https://cloudstack.apache.org (___(_) \s \r \n \l diff --git a/systemvm/debian/etc/rc.local b/systemvm/debian/etc/rc.local index 94c6466387c4..e419de0939cc 100755 --- a/systemvm/debian/etc/rc.local +++ b/systemvm/debian/etc/rc.local @@ -16,32 +16,4 @@ # specific language governing permissions and limitations # under the License. -[ ! -f /var/cache/cloud/enabled_svcs ] && touch /var/cache/cloud/enabled_svcs -for svc in $(cat /var/cache/cloud/enabled_svcs) -do - logger -t cloud "Starting $svc" - systemctl enable --no-block --now $svc -done -[ ! -f /var/cache/cloud/disabled_svcs ] && touch /var/cache/cloud/disabled_svcs -for svc in $(cat /var/cache/cloud/disabled_svcs) -do - logger -t cloud "Stopping $svc" - systemctl disable --no-block --now $svc -done - -# Restore the persistent iptables nat, rules and filters for IPv4 and IPv6 if they exist -ipv4="/etc/iptables/rules.v4" -if [ -e $ipv4 ] -then - iptables-restore < $ipv4 -fi - -ipv6="/etc/iptables/rules.v6" -if [ -e $ipv6 ] -then - iptables-restore < $ipv6 -fi - -date > /var/cache/cloud/boot_up_done -logger -t cloud "Boot up process done" diff --git a/systemvm/debian/etc/systemd/system/cloud-postinit.service b/systemvm/debian/etc/systemd/system/cloud-postinit.service index 83f0636a72de..c23516e67ffb 100644 --- a/systemvm/debian/etc/systemd/system/cloud-postinit.service +++ b/systemvm/debian/etc/systemd/system/cloud-postinit.service @@ -11,4 +11,4 @@ WantedBy=multi-user.target Type=oneshot ExecStart=/opt/cloud/bin/setup/postinit.sh RemainAfterExit=true -TimeoutStartSec=1min +TimeoutStartSec=10min diff --git a/systemvm/debian/opt/cloud/bin/cs/CsApp.py b/systemvm/debian/opt/cloud/bin/cs/CsApp.py index 2085088db8e4..031ac0565ab7 100755 --- a/systemvm/debian/opt/cloud/bin/cs/CsApp.py +++ b/systemvm/debian/opt/cloud/bin/cs/CsApp.py @@ -66,7 +66,7 @@ def setup(self): class CsPasswdSvc(): """ - nohup bash /opt/cloud/bin/vpc_passwd_server $ip >/dev/null 2>&1 & + CloudStack VR password server """ def __init__(self, ip): diff --git a/systemvm/debian/opt/cloud/bin/cs/CsRedundant.py b/systemvm/debian/opt/cloud/bin/cs/CsRedundant.py index 108f3377fdd8..29b502895aa2 100755 --- a/systemvm/debian/opt/cloud/bin/cs/CsRedundant.py +++ b/systemvm/debian/opt/cloud/bin/cs/CsRedundant.py @@ -75,6 +75,10 @@ def set(self): def _redundant_off(self): CsHelper.service("conntrackd", "stop") CsHelper.service("keepalived", "stop") + CsHelper.umount_tmpfs(self.CS_RAMDISK_DIR) + CsHelper.rmdir(self.CS_RAMDISK_DIR) + CsHelper.rm(self.CONNTRACKD_CONF) + CsHelper.rm(self.KEEPALIVED_CONF) def _redundant_on(self): guest = self.address.get_guest_if() @@ -107,10 +111,9 @@ def _redundant_on(self): CsHelper.service("keepalived", "stop") return - # setup_router should execute this already: - # CsHelper.mkdir(self.CS_RAMDISK_DIR, 0755, False) - # CsHelper.mount_tmpfs(self.CS_RAMDISK_DIR) - # CsHelper.mkdir(self.CS_ROUTER_DIR, 0755, False) + CsHelper.mkdir(self.CS_RAMDISK_DIR, 0755, False) + CsHelper.mount_tmpfs(self.CS_RAMDISK_DIR) + CsHelper.mkdir(self.CS_ROUTER_DIR, 0755, False) for s in self.CS_TEMPLATES: d = s if s.endswith(".templ"): diff --git a/systemvm/debian/opt/cloud/bin/passwd_server b/systemvm/debian/opt/cloud/bin/passwd_server deleted file mode 100755 index 295e720edd2a..000000000000 --- a/systemvm/debian/opt/cloud/bin/passwd_server +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -#we have intentionally split the ip gathering command into two. -#This was done to avoid getting a SIGPIPE during certain load conditions. -ipInfo=$(ip addr show dev eth0 | grep inet | grep eth0 ) -ips=$(echo "$ipInfo" | awk '{print $2}' ); echo $ips -for ip in $ips; do - addr=$(echo $ip | awk -F'/' '{print $1}') - /opt/cloud/bin/passwd_server_ip $addr >> /var/log/cloud.log 2>&1 & -done; diff --git a/systemvm/debian/opt/cloud/bin/passwd_server_ip b/systemvm/debian/opt/cloud/bin/passwd_server_ip deleted file mode 100755 index ce21b53832be..000000000000 --- a/systemvm/debian/opt/cloud/bin/passwd_server_ip +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -addr=$1; -while true -do - python /opt/cloud/bin/passwd_server_ip.py $addr >/dev/null 2>/dev/null - rc=$? - if [ $rc -ne 0 ] - then - logger -t cloud "Password server failed with error code $rc. Restarting it..." - sleep 3 - fi -done diff --git a/systemvm/debian/opt/cloud/bin/setup/common.sh b/systemvm/debian/opt/cloud/bin/setup/common.sh index e6a4417f55f9..078cb58320b0 100755 --- a/systemvm/debian/opt/cloud/bin/setup/common.sh +++ b/systemvm/debian/opt/cloud/bin/setup/common.sh @@ -590,8 +590,7 @@ routing_svcs() { systemctl disable --now portmap systemctl enable apache2 systemctl enable haproxy - systemctl enable ssh - echo "ssh haproxy apache2" > /var/cache/cloud/enabled_svcs + echo "haproxy apache2" > /var/cache/cloud/enabled_svcs echo "cloud nfs-common portmap" > /var/cache/cloud/disabled_svcs if [ $RROUTER -eq 1 ] then @@ -609,61 +608,6 @@ routing_svcs() { fi } -setup_redundant_router() { - rrouter_bin_path="/ramdisk/rrouter" - rrouter_log="/ramdisk/rrouter/keepalived.log" - rrouter_bin_path_str="\/ramdisk\/rrouter" - rrouter_log_str="\/ramdisk\/rrouter\/keepalived.log" - mkdir -p /ramdisk - mount tmpfs /ramdisk -t tmpfs - mkdir -p /ramdisk/rrouter - ip route delete default - - # Seed keepalived - cp /opt/cloud/templates/keepalived.conf.templ /etc/keepalived/keepalived.conf # changes! - sed -i "s/\[ROUTER_ID\]/$NAME/g" /etc/keepalived/keepalived.conf - sed -i "s/\[ROUTER_IP\]/$GUEST_GW\/$GUEST_CIDR_SIZE/g" /etc/keepalived/keepalived.conf #fixme, multiple ips? - sed -i "s/\[BOARDCAST\]/$GUEST_BRD/g" /etc/keepalived/keepalived.conf - sed -i "s/\[PRIORITY\]/$ROUTER_PR/g" /etc/keepalived/keepalived.conf - sed -i "s/\[PASS\]/$VM_PASSWORD/g" /etc/keepalived/keepalived.conf #FIXME, router password? - sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" /etc/keepalived/keepalived.conf - sed -i "s/\[DELTA\]/2/g" /etc/keepalived/keepalived.conf - sed -i "s/--exec\ \$DAEMON;/--exec\ \$DAEMON\ --\ --vrrp;/g" /etc/init.d/keepalived - if [ $ADVERT_INT ] - then - sed -i "s/advert_int 1/advert_int $ADVERT_INT/g" /etc/keepalived/keepalived.conf - fi - chmod -x /etc/keepalived/keepalived.conf - - # Seed conntrackd - cp /opt/cloud/templates/conntrackd.conf.templ /etc/conntrackd/conntrackd.conf - sed -i "s/\[LINK_IF\]/eth0/g" /etc/conntrackd/conntrackd.conf - sed -i "s/\[LINK_IP\]/$ETH0_IP/g" /etc/conntrackd/conntrackd.conf - sed -i "s/\[IGNORE_IP1\]/$GUEST_GW/g" /etc/conntrackd/conntrackd.conf # checkme? - sed -i "s/\[IGNORE_IP2\]/$ETH0_IP/g" /etc/conntrackd/conntrackd.conf - sed -i "s/\[IGNORE_IP3\]/$ETH1_IP/g" /etc/conntrackd/conntrackd.conf - - # ramdisk scripts - cp /opt/cloud/templates/heartbeat.sh.templ $rrouter_bin_path/heartbeat.sh - cp /opt/cloud/templates/check_heartbeat.sh.templ $rrouter_bin_path/check_heartbeat.sh - cp /opt/cloud/templates/arping_gateways.sh.templ $rrouter_bin_path/arping_gateways.sh - cp /opt/cloud/templates/check_bumpup.sh $rrouter_bin_path/ - cp /opt/cloud/templates/checkrouter.sh.templ /opt/cloud/bin/checkrouter.sh # changes! - #sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" /opt/cloud/bin/checkrouter.sh - - sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/heartbeat.sh - sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/check_heartbeat.sh - sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/check_heartbeat.sh - sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/arping_gateways.sh - chmod a+x $rrouter_bin_path/*.sh - - crontab -l|grep "check_heartbeat.sh" - if [ $? -ne 0 ] - then - (crontab -l; echo -e "SHELL=/bin/bash\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n* * * * * $rrouter_bin_path/check_heartbeat.sh 2>&1 > /dev/null") | crontab - fi -} - parse_cmd_line() { CMDLINE=$(cat /var/cache/cloud/cmdline) TYPE="unknown" @@ -782,6 +726,9 @@ parse_cmd_line() { redundant_router) export RROUTER=$VALUE ;; + redundant_state) + export RROUTER_STATE=$VALUE + ;; guestgw) export GUEST_GW=$VALUE ;; diff --git a/systemvm/debian/opt/cloud/bin/setup/consoleproxy.sh b/systemvm/debian/opt/cloud/bin/setup/consoleproxy.sh index a3b2797f8501..225dc6f5ad2d 100755 --- a/systemvm/debian/opt/cloud/bin/setup/consoleproxy.sh +++ b/systemvm/debian/opt/cloud/bin/setup/consoleproxy.sh @@ -19,7 +19,7 @@ . /opt/cloud/bin/setup/common.sh consoleproxy_svcs() { - echo "cloud ssh" > /var/cache/cloud/enabled_svcs + echo "cloud" > /var/cache/cloud/enabled_svcs echo "haproxy dnsmasq apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs mkdir -p /var/log/cloud } diff --git a/systemvm/debian/opt/cloud/bin/setup/dhcpsrvr.sh b/systemvm/debian/opt/cloud/bin/setup/dhcpsrvr.sh index 467bb56171a5..9161aeb37ee4 100755 --- a/systemvm/debian/opt/cloud/bin/setup/dhcpsrvr.sh +++ b/systemvm/debian/opt/cloud/bin/setup/dhcpsrvr.sh @@ -19,7 +19,7 @@ . /opt/cloud/bin/setup/common.sh dhcpsrvr_svcs() { - echo "ssh dnsmasq apache2" > /var/cache/cloud/enabled_svcs + echo "dnsmasq apache2" > /var/cache/cloud/enabled_svcs echo "cloud nfs-common conntrackd keepalived haproxy portmap" > /var/cache/cloud/disabled_svcs } diff --git a/systemvm/debian/opt/cloud/bin/setup/elbvm.sh b/systemvm/debian/opt/cloud/bin/setup/elbvm.sh index 600fb0d0aaea..ae16b4bcb7c4 100755 --- a/systemvm/debian/opt/cloud/bin/setup/elbvm.sh +++ b/systemvm/debian/opt/cloud/bin/setup/elbvm.sh @@ -19,7 +19,7 @@ . /opt/cloud/bin/setup/common.sh elbvm_svcs() { - echo "ssh haproxy" > /var/cache/cloud/enabled_svcs + echo "haproxy" > /var/cache/cloud/enabled_svcs echo "cloud dnsmasq conntrackd keepalived apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs } diff --git a/systemvm/debian/opt/cloud/bin/setup/ilbvm.sh b/systemvm/debian/opt/cloud/bin/setup/ilbvm.sh index 58a711c8df55..ac801b200e6a 100755 --- a/systemvm/debian/opt/cloud/bin/setup/ilbvm.sh +++ b/systemvm/debian/opt/cloud/bin/setup/ilbvm.sh @@ -19,7 +19,7 @@ . /opt/cloud/bin/setup/common.sh ilbvm_svcs() { - echo "ssh haproxy" > /var/cache/cloud/enabled_svcs + echo "haproxy" > /var/cache/cloud/enabled_svcs echo "cloud dnsmasq conntrackd keepalived apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs } diff --git a/systemvm/debian/opt/cloud/bin/setup/patchsystemvm.sh b/systemvm/debian/opt/cloud/bin/setup/patchsystemvm.sh index 8642945bece4..ba5e2d8146cc 100755 --- a/systemvm/debian/opt/cloud/bin/setup/patchsystemvm.sh +++ b/systemvm/debian/opt/cloud/bin/setup/patchsystemvm.sh @@ -44,6 +44,10 @@ CMDLINE=/var/cache/cloud/cmdline PATCH_MOUNT=$1 TYPE=$2 +# Refresh and setup systemd +chmod -x /etc/systemd/system/cloud*.service +systemctl daemon-reload + echo "Patching systemvm for cloud service with mount=$PATCH_MOUNT for type=$TYPE" >> $logfile if [ "$TYPE" == "consoleproxy" ] || [ "$TYPE" == "secstorage" ] && [ -f ${PATCH_MOUNT}/agent.zip ] diff --git a/systemvm/debian/opt/cloud/bin/setup/postinit.sh b/systemvm/debian/opt/cloud/bin/setup/postinit.sh index efd1b4ba2061..d29203f71c2f 100755 --- a/systemvm/debian/opt/cloud/bin/setup/postinit.sh +++ b/systemvm/debian/opt/cloud/bin/setup/postinit.sh @@ -15,9 +15,13 @@ # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. - +# # This scripts before ssh.service but after cloud-early-config +# Eject cdrom if any +eject || true + +# Setup router CMDLINE=/var/cache/cloud/cmdline for str in $(cat $CMDLINE) do @@ -32,15 +36,12 @@ for str in $(cat $CMDLINE) esac done -chmod -x /etc/systemd/system/cloud*.service -systemctl daemon-reload - if [ "$TYPE" == "router" ] || [ "$TYPE" == "vpcrouter" ] || [ "$TYPE" == "dhcpsrvr" ] then if [ -x /opt/cloud/bin/update_config.py ] then - /opt/cloud/bin/update_config.py cmd_line.json - logger -t cloud "Updated config: cmd_line.json" + /opt/cloud/bin/update_config.py cmd_line.json || true + logger -t cloud "postinit: Updated config cmd_line.json" fi fi @@ -49,3 +50,36 @@ then python /opt/cloud/bin/baremetal-vr.py & logger -t cloud "Started baremetal-vr service" fi + +[ ! -f /var/cache/cloud/enabled_svcs ] && touch /var/cache/cloud/enabled_svcs +for svc in $(cat /var/cache/cloud/enabled_svcs) +do + logger -t cloud "Starting $svc" + systemctl enable --no-block --now $svc +done + +[ ! -f /var/cache/cloud/disabled_svcs ] && touch /var/cache/cloud/disabled_svcs +for svc in $(cat /var/cache/cloud/disabled_svcs) +do + logger -t cloud "Stopping $svc" + systemctl disable --no-block --now $svc +done + +# Enable SSH by default +systemctl enable --no-block --now ssh + +# Restore the persistent iptables nat, rules and filters for IPv4 and IPv6 if they exist +ipv4="/etc/iptables/rules.v4" +if [ -e $ipv4 ] +then + iptables-restore < $ipv4 +fi + +ipv6="/etc/iptables/rules.v6" +if [ -e $ipv6 ] +then + iptables-restore < $ipv6 +fi + +date > /var/cache/cloud/boot_up_done +logger -t cloud "Boot up process done" diff --git a/systemvm/debian/opt/cloud/bin/setup/router.sh b/systemvm/debian/opt/cloud/bin/setup/router.sh index 3bd42240ec74..c3141f895108 100755 --- a/systemvm/debian/opt/cloud/bin/setup/router.sh +++ b/systemvm/debian/opt/cloud/bin/setup/router.sh @@ -49,11 +49,6 @@ setup_router() { fi fi - if [ -n "$ETH2_IP" -a "$RROUTER" == "1" ] - then - setup_redundant_router - fi - log_it "Checking udev NIC assignment order changes" if [ "$NIC_MACS" != "" ] then diff --git a/systemvm/debian/opt/cloud/bin/setup/secstorage.sh b/systemvm/debian/opt/cloud/bin/setup/secstorage.sh index b890d77d7528..8b6d4ee5a4bd 100755 --- a/systemvm/debian/opt/cloud/bin/setup/secstorage.sh +++ b/systemvm/debian/opt/cloud/bin/setup/secstorage.sh @@ -19,7 +19,7 @@ . /opt/cloud/bin/setup/common.sh secstorage_svcs() { - echo "apache2 cloud ssh nfs-common portmap" > /var/cache/cloud/enabled_svcs + echo "apache2 cloud nfs-common portmap" > /var/cache/cloud/enabled_svcs echo "conntrackd keepalived haproxy dnsmasq" > /var/cache/cloud/disabled_svcs mkdir -p /var/log/cloud } diff --git a/systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh b/systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh index 5ed09c7031c6..106cfd6adc3f 100755 --- a/systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh +++ b/systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh @@ -73,11 +73,6 @@ EOF fi fi - if [ "$RROUTER" == "1" ] - then - setup_redundant_router - fi - ip route delete default # create route table for static route diff --git a/systemvm/debian/opt/cloud/bin/update_config.py b/systemvm/debian/opt/cloud/bin/update_config.py index a603f47e3ae4..7b86378ee2a6 100755 --- a/systemvm/debian/opt/cloud/bin/update_config.py +++ b/systemvm/debian/opt/cloud/bin/update_config.py @@ -39,13 +39,6 @@ jsonConfigFile = jsonPath % jsonFilename currentGuestNetConfig = "/etc/cloudstack/guestnetwork.json" -# If the command line json file is unprocessed process it -# This is important or, the control interfaces will get deleted! -if os.path.isfile(jsonPath % "cmd_line.json"): - qf = QueueFile() - qf.setFile("cmd_line.json") - qf.load(None) - def finish_config(): # Converge diff --git a/systemvm/debian/opt/cloud/bin/vpc_passwd_server b/systemvm/debian/opt/cloud/bin/vpc_passwd_server deleted file mode 100755 index 3e201cb10d21..000000000000 --- a/systemvm/debian/opt/cloud/bin/vpc_passwd_server +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - - -ip=$1 -result=$ip -while [ -n "$result" ] -do - python /opt/cloud/bin/passwd_server_ip.py $ip >/dev/null 2>/dev/null - rc=$? - if [ $rc -ne 0 ] - then - logger -t cloud "Password server failed with error code $rc. Restarting password server..." - sleep 3 - fi - result=`ip addr show | grep $ip` -done & \ No newline at end of file diff --git a/systemvm/debian/opt/cloud/templates/keepalived.conf.templ b/systemvm/debian/opt/cloud/templates/keepalived.conf.templ index 5434ec5302f3..5412fd96b3cc 100644 --- a/systemvm/debian/opt/cloud/templates/keepalived.conf.templ +++ b/systemvm/debian/opt/cloud/templates/keepalived.conf.templ @@ -21,16 +21,23 @@ global_defs { vrrp_script heartbeat { script "[RROUTER_BIN_PATH]/heartbeat.sh" - interval 4 + interval 5 } vrrp_instance inside_network { - state BACKUP + state EQUAL interface eth2 virtual_router_id 51 nopreempt advert_int 1 + garp_master_delay 1 + garp_master_repeat 10 + garp_master_refresh 5 + + #use_vmac + #vmac_xmit_base + authentication { auth_type AH auth_pass PASS diff --git a/test/integration/smoke/test_accounts.py b/test/integration/smoke/test_accounts.py index a64d922e9565..00047bf5c2ea 100644 --- a/test/integration/smoke/test_accounts.py +++ b/test/integration/smoke/test_accounts.py @@ -32,7 +32,7 @@ PublicIPAddress) from marvin.lib.common import (get_domain, get_zone, - get_template, + get_test_template, list_accounts, list_virtual_machines, list_service_offering, @@ -128,11 +128,12 @@ def setUpClass(cls): cls.services = Services().services cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests()) + cls.hypervisor = cls.testClient.getHypervisorInfo() cls.services['mode'] = cls.zone.networktype - cls.template = get_template( + cls.template = get_test_template( cls.api_client, cls.zone.id, - cls.services["ostype"] + cls.hypervisor ) cls.services["virtual_machine"]["zoneid"] = cls.zone.id cls.services["virtual_machine"]["template"] = cls.template.id @@ -270,11 +271,12 @@ def setUpClass(cls): cls.services = Services().services cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests()) + cls.hypervisor = cls.testClient.getHypervisorInfo() cls.services['mode'] = cls.zone.networktype - cls.template = get_template( + cls.template = get_test_template( cls.api_client, cls.zone.id, - cls.services["ostype"] + cls.hypervisor ) cls.services["virtual_machine"]["zoneid"] = cls.zone.id cls.services["virtual_machine"]["template"] = cls.template.id @@ -948,6 +950,7 @@ def setUpClass(cls): cls.services = Services().services cls.domain = get_domain(cls.api_client) cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests()) + cls.hypervisor = cls.testClient.getHypervisorInfo() cls.services['mode'] = cls.zone.networktype cls.sub_domain = Domain.create( cls.api_client, @@ -983,10 +986,10 @@ def setUpClass(cls): cls.sub_domain, cls.service_offering ] - cls.template = get_template( + cls.template = get_test_template( cls.api_client, cls.zone.id, - cls.services["ostype"] + cls.hypervisor ) cls.services["virtual_machine"]["zoneid"] = cls.zone.id cls.vm_1 = VirtualMachine.create( @@ -1717,12 +1720,13 @@ def setUpClass(cls): cls.services = Services().services cls.domain = get_domain(cls.api_client) cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests()) + cls.hypervisor = cls.testClient.getHypervisorInfo() cls.services['mode'] = cls.zone.networktype - cls.template = get_template( + cls.template = get_test_template( cls.api_client, cls.zone.id, - cls.services["ostype"] + cls.hypervisor ) cls.services["virtual_machine"]["zoneid"] = cls.zone.id diff --git a/test/integration/smoke/test_affinity_groups.py b/test/integration/smoke/test_affinity_groups.py index 3f78a84481c1..64ec8ae8df35 100644 --- a/test/integration/smoke/test_affinity_groups.py +++ b/test/integration/smoke/test_affinity_groups.py @@ -40,15 +40,16 @@ def setUpClass(cls): cls.services = cls.testClient.getParsedTestDataConfig() # Get Zone, Domain and templates cls.zone = get_zone(cls.apiclient, cls.testClient.getZoneForTests()) - - cls.template = get_template( + cls.hypervisor = cls.testClient.getHypervisorInfo() + + cls.template = get_test_template( cls.apiclient, cls.zone.id, - cls.services["ostype"] + cls.hypervisor ) if cls.template == FAILED: - assert False, "get_template() failed to return template with description %s" % cls.services["ostype"] + assert False, "get_test_template() failed to return template" cls.services["virtual_machine"]["zoneid"] = cls.zone.id @@ -155,7 +156,6 @@ def test_DeployVmAntiAffinityGroup(self): @classmethod def tearDownClass(cls): try: - #Clean up, terminate the created templates cleanup_resources(cls.apiclient, cls._cleanup) except Exception as e: raise Exception("Warning: Exception during cleanup : %s" % e) diff --git a/test/integration/smoke/test_affinity_groups_projects.py b/test/integration/smoke/test_affinity_groups_projects.py index 2e971c5033fb..76401c64adf2 100644 --- a/test/integration/smoke/test_affinity_groups_projects.py +++ b/test/integration/smoke/test_affinity_groups_projects.py @@ -40,16 +40,17 @@ def setUpClass(cls): cls.services = cls.testClient.getParsedTestDataConfig() # Get Zone, Domain and templates cls.zone = get_zone(cls.apiclient, cls.testClient.getZoneForTests()) - - cls.template = get_template( + cls.hypervisor = cls.testClient.getHypervisorInfo() + + cls.template = get_test_template( cls.apiclient, cls.zone.id, - cls.services["ostype"] + cls.hypervisor ) if cls.template == FAILED: - assert False, "get_template() failed to return template with description %s" % cls.services["ostype"] - + assert False, "get_test_template() failed to return template" + cls.services["virtual_machine"]["zoneid"] = cls.zone.id cls.services["template"] = cls.template.id diff --git a/test/integration/smoke/test_deploy_vm_iso.py b/test/integration/smoke/test_deploy_vm_iso.py index 5298c48ee197..f2273cb374bf 100644 --- a/test/integration/smoke/test_deploy_vm_iso.py +++ b/test/integration/smoke/test_deploy_vm_iso.py @@ -28,7 +28,7 @@ DiskOffering) from marvin.lib.common import (get_zone, get_domain, - get_template) + get_test_template) from marvin.codes import PASS @@ -44,11 +44,12 @@ def setUpClass(cls): # Get Zone, Domain and templates cls.domain = get_domain(cls.api_client) cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests()) + cls.hypervisor = cls.testClient.getHypervisorInfo() - cls.template = get_template( + cls.template = get_test_template( cls.api_client, cls.zone.id, - cls.testdata["ostype"] + cls.hypervisor ) # Create service, disk offerings etc diff --git a/test/integration/smoke/test_deploy_vm_with_userdata.py b/test/integration/smoke/test_deploy_vm_with_userdata.py index 96c99861a9ec..52b71f7ea1aa 100644 --- a/test/integration/smoke/test_deploy_vm_with_userdata.py +++ b/test/integration/smoke/test_deploy_vm_with_userdata.py @@ -19,7 +19,7 @@ from marvin.lib.base import (ServiceOffering, VirtualMachine, Account) -from marvin.lib.common import get_template, get_zone, list_virtual_machines +from marvin.lib.common import get_test_template, get_zone, list_virtual_machines from marvin.lib.utils import cleanup_resources from nose.plugins.attrib import attr from marvin.codes import FAILED @@ -37,6 +37,7 @@ def setUpClass(cls): cls.services = testClient.getParsedTestDataConfig() cls.zone = get_zone(cls.apiClient, testClient.getZoneForTests()) + cls.hypervisor = testClient.getHypervisorInfo() if cls.zone.localstorageenabled: #For devcloud since localstroage is enabled cls.services["service_offerings"]["tiny"]["storagetype"] = "local" @@ -46,14 +47,14 @@ def setUpClass(cls): ) cls.account = Account.create(cls.apiClient, services=cls.services["account"]) cls.cleanup = [cls.account] - cls.template = get_template( + cls.template = get_test_template( cls.apiClient, cls.zone.id, - cls.services["ostype"] + cls.hypervisor ) if cls.template == FAILED: - assert False, "get_template() failed to return template with description %s" % cls.services["ostype"] + assert False, "get_test_template() failed to return template" cls.debug("Successfully created account: %s, id: \ %s" % (cls.account.name,\ @@ -68,7 +69,7 @@ def setUpClass(cls): cls.services["virtual_machine"]["userdata"] = user_data def setup(self): - self.hypervisor = self.testClient.getHypervisorInfo() + self.hypervisor = self.testClient.getHypervisorInfo() @attr(tags=["devcloud", "basic", "advanced", "post"], required_hardware="true") def test_deployvm_userdata_post(self): diff --git a/test/integration/smoke/test_deploy_vms_with_varied_deploymentplanners.py b/test/integration/smoke/test_deploy_vms_with_varied_deploymentplanners.py index 1ef6af9064c1..62ba1a44b903 100644 --- a/test/integration/smoke/test_deploy_vms_with_varied_deploymentplanners.py +++ b/test/integration/smoke/test_deploy_vms_with_varied_deploymentplanners.py @@ -18,7 +18,7 @@ from marvin.codes import FAILED from marvin.cloudstackTestCase import cloudstackTestCase from marvin.lib.base import Account, VirtualMachine, ServiceOffering, Host, Cluster -from marvin.lib.common import get_zone, get_domain, get_template +from marvin.lib.common import get_zone, get_domain, get_test_template from marvin.lib.utils import cleanup_resources from nose.plugins.attrib import attr @@ -36,14 +36,15 @@ def setUpClass(cls): # Get Zone, Domain and templates cls.domain = get_domain(cls.apiclient) cls.zone = get_zone(cls.apiclient, testClient.getZoneForTests()) - cls.template = get_template( + cls.hypervisor = testClient.getHypervisorInfo() + cls.template = get_test_template( cls.apiclient, cls.zone.id, - cls.services["ostype"] + cls.hypervisor ) if cls.template == FAILED: - assert False, "get_template() failed to return template with description %s" % cls.services["ostype"] + assert False, "get_test_template() failed to return template" cls.services["virtual_machine"]["zoneid"] = cls.zone.id cls.services["template"] = cls.template.id diff --git a/test/integration/smoke/test_host_maintenance.py b/test/integration/smoke/test_host_maintenance.py index 94f964caf067..7fc2139e3bbd 100644 --- a/test/integration/smoke/test_host_maintenance.py +++ b/test/integration/smoke/test_host_maintenance.py @@ -89,14 +89,14 @@ def tearDown(self): def createVMs(self, hostId, number): - self.template = get_template( + self.template = get_test_template( self.apiclient, self.zone.id, - self.services["ostype"] + self.hypervisor ) if self.template == FAILED: - assert False, "get_template() failed to return template with description %s" % self.services["ostype"] + assert False, "get_test_template() failed to return template" self.logger.debug("Using template %s " % self.template.id) diff --git a/test/integration/smoke/test_hostha_kvm.py b/test/integration/smoke/test_hostha_kvm.py index cc44426227b2..a153e15a918b 100644 --- a/test/integration/smoke/test_hostha_kvm.py +++ b/test/integration/smoke/test_hostha_kvm.py @@ -80,10 +80,10 @@ def setUp(self): self.services["service_offerings"]["hasmall"] ) - self.template = get_template( + self.template = get_test_template( self.apiclient, self.zone.id, - self.services["ostype"] + self.hypervisor ) self.configureAndDisableHostHa() diff --git a/test/integration/smoke/test_internal_lb.py b/test/integration/smoke/test_internal_lb.py index 5b4c66325ad7..1f4751761dbc 100644 --- a/test/integration/smoke/test_internal_lb.py +++ b/test/integration/smoke/test_internal_lb.py @@ -47,7 +47,7 @@ from marvin.lib.common import (get_zone, get_domain, - get_template, + get_test_template, list_network_offerings) from nose.plugins.attrib import attr @@ -219,44 +219,6 @@ def __init__(self): "privateport": 22, "publicport": 22, "protocol": 'TCP', - }, - "template": { - "kvm": { - "name": "tiny-kvm", - "displaytext": "macchinina kvm", - "format": "qcow2", - "hypervisor": "kvm", - "ostype": "Other Linux (64-bit)", - "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-kvm.qcow2.bz2", - "requireshvm": "True" - }, - "xenserver": { - "name": "tiny-xen", - "displaytext": "macchinina xen", - "format": "vhd", - "hypervisor": "xenserver", - "ostype": "Other Linux (64-bit)", - "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-xen.vhd.bz2", - "requireshvm": "True", - }, - "hyperv": { - "name": "tiny-hyperv", - "displaytext": "macchinina xen", - "format": "vhd", - "hypervisor": "hyperv", - "ostype": "Other Linux (64-bit)", - "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-hyperv.vhd.zip", - "requireshvm": "True", - }, - "vmware": { - "name": "tiny-vmware", - "displaytext": "macchinina vmware", - "format": "ova", - "hypervisor": "vmware", - "ostype": "Other Linux (64-bit)", - "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-vmware.ova", - "requireshvm": "True", - } } } @@ -291,12 +253,14 @@ def setUpClass(cls): cls.hypervisor = testClient.getHypervisorInfo() - cls.logger.debug("Downloading Template: %s from: %s" %(cls.services["template"][cls.hypervisor.lower()], cls.services["template"][cls.hypervisor.lower()]["url"])) - cls.template = Template.register(cls.apiclient, cls.services["template"][cls.hypervisor.lower()], cls.zone.id, hypervisor=cls.hypervisor.lower(), account=cls.account.name, domainid=cls.domain.id) - cls.template.download(cls.apiclient) + cls.template = get_test_template( + cls.apiclient, + cls.zone.id, + cls.hypervisor + ) if cls.template == FAILED: - assert False, "get_template() failed to return template" + assert False, "get_test_template() failed to return template" cls.logger.debug("Successfully created account: %s, id: \ %s" % (cls.account.name, @@ -846,9 +810,6 @@ def execute_internallb_haproxy_tests(self, vpc_offering): def tearDownClass(cls): try: cls.logger.debug("Cleaning up class resources") - try: - cls.template.delete(cls.apiclient) - except Exception: pass cleanup_resources(cls.apiclient, cls._cleanup) except Exception as e: raise Exception("Cleanup failed with %s" % e) diff --git a/test/integration/smoke/test_list_ids_parameter.py b/test/integration/smoke/test_list_ids_parameter.py index cc45ce396b3b..e5053cb99805 100755 --- a/test/integration/smoke/test_list_ids_parameter.py +++ b/test/integration/smoke/test_list_ids_parameter.py @@ -29,7 +29,7 @@ VmSnapshot, VirtualMachine) from marvin.lib.common import (get_domain, - get_zone, get_template) + get_zone, get_test_template) from marvin.codes import FAILED, PASS from nose.plugins.attrib import attr #Import System modules @@ -62,14 +62,14 @@ def setUpClass(cls): cls.services["service_offerings"]["tiny"] ) - template = get_template( + template = get_test_template( cls.apiclient, cls.zone.id, - cls.services["ostype"] + cls.hypervisor ) if template == FAILED: - assert False, "get_template() failed to return template with description %s" % cls.services["ostype"] - + assert False, "get_test_template() failed to return template" + cls.services["template"]["ostypeid"] = template.ostypeid cls.services["template_2"]["ostypeid"] = template.ostypeid cls.services["ostypeid"] = template.ostypeid diff --git a/test/integration/smoke/test_loadbalance.py b/test/integration/smoke/test_loadbalance.py index 8e958a9b58bd..53047f91f233 100644 --- a/test/integration/smoke/test_loadbalance.py +++ b/test/integration/smoke/test_loadbalance.py @@ -40,14 +40,14 @@ def setUpClass(cls): # Get Zone, Domain and templates cls.domain = get_domain(cls.apiclient) cls.zone = get_zone(cls.apiclient, testClient.getZoneForTests()) - template = get_template( + cls.hypervisor = testClient.getHypervisorInfo() + template = get_test_template( cls.apiclient, cls.zone.id, - cls.services["ostype"] - ) + cls.hypervisor) if template == FAILED: - assert False, "get_template() failed to return template with description %s" % cls.services["ostype"] - + assert False, "get_test_template() failed to return template" + cls.services["virtual_machine"]["zoneid"] = cls.zone.id #Create an account, network, VM and IP addresses diff --git a/test/integration/smoke/test_metrics_api.py b/test/integration/smoke/test_metrics_api.py index 27c4a1bd75bf..7cd09b44c76d 100644 --- a/test/integration/smoke/test_metrics_api.py +++ b/test/integration/smoke/test_metrics_api.py @@ -49,10 +49,10 @@ def setUp(self): self.apiclient, self.services["service_offering"] ) - self.template = get_template( + self.template = get_test_template( self.apiclient, self.zone.id, - self.services["ostype"] + self.hypervisor ) self.cleanup = [] diff --git a/test/integration/smoke/test_multipleips_per_nic.py b/test/integration/smoke/test_multipleips_per_nic.py index 40933564174d..30783284bc24 100644 --- a/test/integration/smoke/test_multipleips_per_nic.py +++ b/test/integration/smoke/test_multipleips_per_nic.py @@ -30,7 +30,7 @@ from marvin.lib.utils import cleanup_resources #common - commonly used methods for all tests are listed here -from marvin.lib.common import get_zone, get_domain, get_template +from marvin.lib.common import get_zone, get_domain, get_test_template from marvin.cloudstackAPI.addIpToNic import addIpToNicCmd from marvin.cloudstackAPI.removeIpFromNic import removeIpFromNicCmd @@ -50,11 +50,12 @@ def setUp(self): # Get Zone, Domain and Default Built-in template self.domain = get_domain(self.apiclient) self.zone = get_zone(self.apiclient, self.testClient.getZoneForTests()) + self.hypervisor = self.testClient.getHypervisorInfo() self.testdata["mode"] = self.zone.networktype - self.template = get_template(self.apiclient, self.zone.id, self.testdata["ostype"]) + self.template = get_test_template(self.apiclient, self.zone.id, self.hypervisor) if self.template == FAILED: - assert False, "get_template() failed to return template with description %s" % self.testdata["ostype"] + assert False, "get_test_template() failed to return template" #create a user account self.account = Account.create( diff --git a/test/integration/smoke/test_nested_virtualization.py b/test/integration/smoke/test_nested_virtualization.py index 3b03f776cad2..c10dd2f98a4e 100755 --- a/test/integration/smoke/test_nested_virtualization.py +++ b/test/integration/smoke/test_nested_virtualization.py @@ -30,7 +30,7 @@ Network) from marvin.lib.common import (get_zone, get_domain, - get_template) + get_test_template) from nose.plugins.attrib import attr from marvin.sshClient import SshClient import logging @@ -49,6 +49,7 @@ def setUpClass(cls): cls.logger.addHandler(cls.stream_handler) cls.zone = get_zone(cls.apiclient, testClient.getZoneForTests()) + cls.hypervisor = get_hypervisor_type(cls.apiclient) cls.services['mode'] = cls.zone.networktype cls.services["isolated_network"]["zoneid"] = cls.zone.id cls.domain = get_domain(cls.apiclient) @@ -57,13 +58,12 @@ def setUpClass(cls): cls.services["service_offerings"]["tiny"] ) cls.account = Account.create(cls.apiclient, services=cls.services["account"]) - cls.template = get_template( + cls.template = get_test_template( cls.apiclient, cls.zone.id, - cls.services["ostype"] + cls.hypervisor ) - cls.hypervisor = get_hypervisor_type(cls.apiclient) - + cls.isolated_network_offering = NetworkOffering.create( cls.apiclient, cls.services["isolated_network_offering"]) @@ -71,8 +71,8 @@ def setUpClass(cls): cls.isolated_network_offering.update(cls.apiclient, state='Enabled') if cls.template == FAILED: - assert False, "get_template() failed to return template with description %s" % cls.services["ostype"] - + assert False, "get_test_template() failed to return template" + cls.services["small"]["zoneid"] = cls.zone.id cls.services["small"]["template"] = cls.template.id @@ -149,4 +149,3 @@ def tearDownClass(cls): cleanup_resources(cls.apiclient, cls.cleanup) except Exception, e: raise Exception("Cleanup failed with %s" % e) - \ No newline at end of file diff --git a/test/integration/smoke/test_network.py b/test/integration/smoke/test_network.py index db939cf0d15e..742243d14d2a 100644 --- a/test/integration/smoke/test_network.py +++ b/test/integration/smoke/test_network.py @@ -37,7 +37,7 @@ Router) from marvin.lib.common import (get_domain, get_zone, - get_template, + get_test_template, list_hosts, list_publicIP, list_nat_rules, @@ -258,14 +258,13 @@ def setUpClass(cls): # Get Zone, Domain and templates cls.domain = get_domain(cls.apiclient) cls.zone = get_zone(cls.apiclient, testClient.getZoneForTests()) - template = get_template( + template = get_test_template( cls.apiclient, cls.zone.id, - cls.services["ostype"] + cls.hypervisor ) if template == FAILED: - assert False, "get_template() failed to return template with description %s" % cls.services[ - "ostype"] + assert False, "get_test_template() failed to return template" # Create an account, network, VM and IP addresses cls.account = Account.create( @@ -583,15 +582,15 @@ def setUp(self): # Get Zone, Domain and templates self.domain = get_domain(self.apiclient) self.zone = get_zone(self.apiclient, self.testClient.getZoneForTests()) - template = get_template( + self.hypervisor = self.testClient.getHypervisorInfo() + template = get_test_template( self.apiclient, self.zone.id, - self.services["ostype"] + self.hypervisor ) if template == FAILED: - self.fail( - "get_template() failed to return template with description %s" % - self.services["ostype"]) + self.fail("get_test_template() failed to return template") + self.services["virtual_machine"]["zoneid"] = self.zone.id # Create an account, network, VM and IP addresses @@ -756,10 +755,11 @@ def setUp(self): # Get Zone, Domain and templates self.domain = get_domain(self.apiclient) self.zone = get_zone(self.apiclient, self.testClient.getZoneForTests()) - template = get_template( + self.hypervisor = self.testClient.getHypervisorInfo() + template = get_test_template( self.apiclient, self.zone.id, - self.services["ostype"] + self.hypervisor ) self.services["virtual_machine"]["zoneid"] = self.zone.id @@ -897,10 +897,11 @@ def setUp(self): # Get Zone, Domain and templates self.domain = get_domain(self.apiclient) self.zone = get_zone(self.apiclient, self.testClient.getZoneForTests()) - template = get_template( + self.hypervisor = self.testClient.getHypervisorInfo() + template = get_test_template( self.apiclient, self.zone.id, - self.services["ostype"] + self.hypervisor ) self.services["virtual_machine"]["zoneid"] = self.zone.id @@ -1040,14 +1041,13 @@ def setUpClass(cls): cls.zone = get_zone(cls.apiclient, testClient.getZoneForTests()) cls.hypervisor = testClient.getHypervisorInfo() cls.hostConfig = cls.config.__dict__["zones"][0].__dict__["pods"][0].__dict__["clusters"][0].__dict__["hosts"][0].__dict__ - template = get_template( + template = get_test_template( cls.apiclient, cls.zone.id, - cls.services["ostype"] + cls.hypervisor ) if template == FAILED: - assert False, "get_template() failed to return template\ - with description %s" % cls.services["ostype"] + assert False, "get_test_template() failed to return template" # Create an account, network, VM and IP addresses cls.account = Account.create( diff --git a/test/integration/smoke/test_network_acl.py b/test/integration/smoke/test_network_acl.py index 734c312977ec..7b8aa369125e 100644 --- a/test/integration/smoke/test_network_acl.py +++ b/test/integration/smoke/test_network_acl.py @@ -34,20 +34,21 @@ def setUpClass(cls): cls.services = testClient.getParsedTestDataConfig() cls.zone = get_zone(cls.apiclient, testClient.getZoneForTests()) + cls.hypervisor = testClient.getHypervisorInfo() cls.domain = get_domain(cls.apiclient) cls.service_offering = ServiceOffering.create( cls.apiclient, cls.services["service_offerings"]["tiny"] ) cls.account = Account.create(cls.apiclient, services=cls.services["account"]) - cls.template = get_template( + cls.template = get_test_template( cls.apiclient, cls.zone.id, - cls.services["ostype"] + cls.hypervisor ) - + if cls.template == FAILED: - assert False, "get_template() failed to return template with description %s" % cls.services["ostype"] + assert False, "get_test_template() failed to return template" cls.debug("Successfully created account: %s, id: \ %s" % (cls.account.name,\ diff --git a/test/integration/smoke/test_nic_adapter_type.py b/test/integration/smoke/test_nic_adapter_type.py index 91492ebc676c..933b8d978949 100644 --- a/test/integration/smoke/test_nic_adapter_type.py +++ b/test/integration/smoke/test_nic_adapter_type.py @@ -33,7 +33,7 @@ ) from marvin.lib.common import (get_domain, get_zone, - get_template + get_test_template ) from marvin.lib.utils import ( get_hypervisor_type, @@ -57,10 +57,10 @@ def setUpClass(cls): cls.domain = get_domain(cls.api_client) cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests()) - cls.template = get_template( + cls.template = get_test_template( cls.api_client, cls.zone.id, - cls.testdata["ostype"]) + cls.hypervisor) # Create Accounts & networks cls.testdata["isolated_network"]["zoneid"] = cls.zone.id diff --git a/test/integration/smoke/test_password_server.py b/test/integration/smoke/test_password_server.py index 98c5ced19f17..b6233130bf68 100644 --- a/test/integration/smoke/test_password_server.py +++ b/test/integration/smoke/test_password_server.py @@ -35,7 +35,7 @@ Network, Router) from marvin.lib.common import (get_zone, - get_template, + get_test_template, get_domain, list_virtual_machines, list_networks, @@ -69,11 +69,12 @@ def setUpClass(cls): # Get Zone, Domain and templates cls.domain = get_domain(cls.api_client) cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests()) + cls.hypervisor = cls.testClient.getHypervisorInfo() cls.services['mode'] = cls.zone.networktype - template = get_template( + template = get_test_template( cls.api_client, cls.zone.id, - cls.services["ostype"] + cls.hypervisor ) cls.services["virtual_machine"]["zoneid"] = cls.zone.id diff --git a/test/integration/smoke/test_portforwardingrules.py b/test/integration/smoke/test_portforwardingrules.py index fbac0b442d38..11901bdf55af 100644 --- a/test/integration/smoke/test_portforwardingrules.py +++ b/test/integration/smoke/test_portforwardingrules.py @@ -38,7 +38,7 @@ User) from marvin.lib.common import (get_domain, get_zone, - get_template) + get_test_template) from marvin.lib.utils import validateList, cleanup_resources from marvin.codes import PASS from nose.plugins.attrib import attr @@ -58,10 +58,10 @@ def setUpClass(cls): cls.zone = get_zone( cls.api_client, cls.testClient.getZoneForTests()) - cls.template = get_template( + cls.template = get_test_template( cls.api_client, cls.zone.id, - cls.services["ostype"] + cls.hypervisor ) if cls.zone.localstorageenabled: cls.storagetype = 'local' diff --git a/test/integration/smoke/test_privategw_acl.py b/test/integration/smoke/test_privategw_acl.py index b86b96ea0313..8293ff79981a 100644 --- a/test/integration/smoke/test_privategw_acl.py +++ b/test/integration/smoke/test_privategw_acl.py @@ -167,11 +167,12 @@ def setUpClass(cls): # Get Zone, Domain and templates cls.domain = get_domain(cls.api_client) cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests()) + cls.hypervisor = cls.testClient.getHypervisorInfo() cls.services['mode'] = cls.zone.networktype - cls.template = get_template( + cls.template = get_test_template( cls.api_client, cls.zone.id, - cls.services["ostype"]) + cls.hypervisor) cls.hostConfig = cls.config.__dict__["zones"][0].__dict__["pods"][0].__dict__["clusters"][0].__dict__["hosts"][0].__dict__ cls.services["virtual_machine"]["zoneid"] = cls.zone.id diff --git a/test/integration/smoke/test_projects.py b/test/integration/smoke/test_projects.py index e38bccc45ca9..173e81dbb39e 100644 --- a/test/integration/smoke/test_projects.py +++ b/test/integration/smoke/test_projects.py @@ -30,7 +30,7 @@ Domain) from marvin.lib.common import (get_domain, get_zone, - get_template, + get_test_template, list_configurations) import time @@ -1532,12 +1532,13 @@ def setUpClass(cls): cls.services = Services().services # Get Zone cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests()) + cls.hypervisor = cls.testClient.getHypervisorInfo() cls.domain = get_domain(cls.api_client) cls.services['mode'] = cls.zone.networktype - cls.template = get_template( + cls.template = get_test_template( cls.api_client, cls.zone.id, - cls.services["ostype"] + cls.hypervisor ) cls._cleanup = [] cls.isGlobalSettingInvalid = False diff --git a/test/integration/smoke/test_reset_vm_on_reboot.py b/test/integration/smoke/test_reset_vm_on_reboot.py index 668c77fa7df3..5c1e93d43774 100644 --- a/test/integration/smoke/test_reset_vm_on_reboot.py +++ b/test/integration/smoke/test_reset_vm_on_reboot.py @@ -38,15 +38,16 @@ def setUpClass(cls): # Get Zone, Domain and templates domain = get_domain(cls.apiclient) zone = get_zone(cls.apiclient, testClient.getZoneForTests()) + hypervisor = testClient.getHypervisorInfo() cls.services['mode'] = zone.networktype - template = get_template( + template = get_test_template( cls.apiclient, zone.id, - cls.services["ostype"] + hypervisor ) if template == FAILED: - assert False, "get_template() failed to return template with description %s" % cls.services["ostype"] + assert False, "get_test_template() failed to return template" # Set Zones and disk offerings ?? cls.services["small"]["zoneid"] = zone.id diff --git a/test/integration/smoke/test_router_dhcphosts.py b/test/integration/smoke/test_router_dhcphosts.py index 668475e35102..aff50bc93c2c 100644 --- a/test/integration/smoke/test_router_dhcphosts.py +++ b/test/integration/smoke/test_router_dhcphosts.py @@ -35,7 +35,7 @@ Network, Router) from marvin.lib.common import (get_zone, - get_template, + get_test_template, get_domain, list_virtual_machines, list_networks, @@ -68,11 +68,12 @@ def setUpClass(cls): # Get Zone, Domain and templates cls.domain = get_domain(cls.api_client) cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests()) + cls.hypervisor = cls.testClient.getHypervisorInfo() cls.services['mode'] = cls.zone.networktype - cls.template = get_template( + cls.template = get_test_template( cls.api_client, cls.zone.id, - cls.services["ostype"] + cls.hypervisor ) cls.hostConfig = cls.config.__dict__["zones"][0].__dict__["pods"][0].__dict__["clusters"][0].__dict__["hosts"][0].__dict__ cls.services["virtual_machine"]["zoneid"] = cls.zone.id @@ -407,11 +408,12 @@ def setUpClass(cls): # Get Zone, Domain and templates cls.domain = get_domain(cls.api_client) cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests()) + cls.hypervisor = cls.testClient.getHypervisorInfo() cls.services['mode'] = cls.zone.networktype - cls.template = get_template( + cls.template = get_test_template( cls.api_client, cls.zone.id, - cls.services["ostype"] + cls.hypervisor ) cls.hostConfig = cls.config.__dict__["zones"][0].__dict__["pods"][0].__dict__["clusters"][0].__dict__["hosts"][0].__dict__ cls.services["virtual_machine"]["zoneid"] = cls.zone.id diff --git a/test/integration/smoke/test_router_dns.py b/test/integration/smoke/test_router_dns.py index 9b4ca7ea7568..ec1d2754203b 100644 --- a/test/integration/smoke/test_router_dns.py +++ b/test/integration/smoke/test_router_dns.py @@ -29,7 +29,7 @@ NetworkOffering, Network) from marvin.lib.common import (get_zone, - get_template, + get_test_template, get_domain, list_routers, list_nat_rules, @@ -51,12 +51,15 @@ def setUpClass(cls): cls.domain = get_domain(cls.api_client) cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests()) + cls.hypervisor = cls.testClient.getHypervisorInfo() + cls.services['mode'] = cls.zone.networktype - cls.template = get_template( + cls.template = get_test_template( cls.api_client, cls.zone.id, - cls.services["ostype"] + cls.hypervisor ) + cls.services["virtual_machine"]["zoneid"] = cls.zone.id cls.logger.debug("Creating Admin Account for domain %s on zone %s" % (cls.domain.id, cls.zone.id)) @@ -264,5 +267,5 @@ def test_router_dns_guestipquery(self): if not result: self.fail("Did not to receive any response from the guest VM, failing.") - self.assertTrue("google.com" in result and "#53" in result, + self.assertTrue("google.com" in result and "10.1.1.1" in result, "VR DNS should serve requests from guest network, unable to get valid nslookup result from guest VM.") diff --git a/test/integration/smoke/test_router_dnsservice.py b/test/integration/smoke/test_router_dnsservice.py index ffadec7b409a..d0c5a67a3bf1 100644 --- a/test/integration/smoke/test_router_dnsservice.py +++ b/test/integration/smoke/test_router_dnsservice.py @@ -29,7 +29,7 @@ NetworkOffering, Network) from marvin.lib.common import (get_zone, - get_template, + get_test_template, get_domain, list_routers, list_nat_rules, @@ -54,11 +54,12 @@ def setUpClass(cls): cls.domain = get_domain(cls.api_client) cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests()) + cls.hypervisor = cls.testClient.getHypervisorInfo() cls.services['mode'] = cls.zone.networktype - cls.template = get_template( + cls.template = get_test_template( cls.api_client, cls.zone.id, - cls.services["ostype"] + cls.hypervisor ) cls.services["virtual_machine"]["zoneid"] = cls.zone.id @@ -267,9 +268,9 @@ def test_router_dns_guestipquery(self): if not result1: self.fail("Did not to receive any response from the guest VM, failing.") - self.assertTrue(VM1_NAME in result1 and "#53" in result1, + self.assertTrue(VM1_NAME in result1 and "10.1.1.1" in result1, "VR DNS should serve requests from guest network, ping for %s successful." % VM1_NAME) - self.assertTrue(VM2_NAME in result2 and "#53" in result2, + self.assertTrue(VM2_NAME in result2 and "10.1.1.1" in result2, "VR DNS should serve requests from guest network, ping for %s successful." % VM2_NAME) return diff --git a/test/integration/smoke/test_routers.py b/test/integration/smoke/test_routers.py index 070841ed8f0f..dfd5916892fe 100644 --- a/test/integration/smoke/test_routers.py +++ b/test/integration/smoke/test_routers.py @@ -31,7 +31,7 @@ VirtualMachine) from marvin.lib.common import (get_domain, get_zone, - get_template, + get_test_template, list_hosts, list_routers, list_networks, @@ -57,17 +57,15 @@ def setUpClass(cls): # Get Zone, Domain and templates cls.domain = get_domain(cls.apiclient) cls.zone = get_zone(cls.apiclient, testClient.getZoneForTests()) + cls.hypervisor = testClient.getHypervisorInfo() cls.services['mode'] = cls.zone.networktype - template = get_template( + template = get_test_template( cls.apiclient, cls.zone.id, - cls.services["ostype"] + cls.hypervisor ) if template == FAILED: - cls.fail( - "get_template() failed to return template\ - with description %s" % - cls.services["ostype"]) + cls.fail("get_test_template() failed to return template") cls.services["virtual_machine"]["zoneid"] = cls.zone.id diff --git a/test/integration/smoke/test_routers_iptables_default_policy.py b/test/integration/smoke/test_routers_iptables_default_policy.py index ec35396017ba..c077b56e582a 100644 --- a/test/integration/smoke/test_routers_iptables_default_policy.py +++ b/test/integration/smoke/test_routers_iptables_default_policy.py @@ -35,7 +35,7 @@ LoadBalancerRule) from marvin.lib.common import (get_domain, get_zone, - get_template, + get_test_template, list_routers, list_hosts) from marvin.lib.utils import (cleanup_resources, @@ -214,10 +214,12 @@ def setUpClass(cls): # Get Zone, Domain and templates cls.domain = get_domain(cls.apiclient) cls.zone = get_zone(cls.apiclient, cls.testClient.getZoneForTests()) - cls.template = get_template( + cls.hypervisor = cls.testClient.getHypervisorInfo() + cls.template = get_test_template( cls.apiclient, cls.zone.id, - cls.services["ostype"]) + cls.hypervisor) + cls.hostConfig = cls.config.__dict__["zones"][0].__dict__["pods"][0].__dict__["clusters"][0].__dict__["hosts"][0].__dict__ cls.services["virtual_machine"]["zoneid"] = cls.zone.id @@ -366,11 +368,12 @@ def setUpClass(cls): # Get Zone, Domain and templates cls.domain = get_domain(cls.apiclient) cls.zone = get_zone(cls.apiclient, cls.testClient.getZoneForTests()) - cls.template = get_template( + cls.hypervisor = cls.testClient.getHypervisorInfo() + cls.template = get_test_template( cls.apiclient, cls.zone.id, - cls.services["ostype"]) - + cls.hypervisor) + cls.hostConfig = cls.config.__dict__["zones"][0].__dict__["pods"][0].__dict__["clusters"][0].__dict__["hosts"][0].__dict__ cls.services["virtual_machine"]["zoneid"] = cls.zone.id cls.services["virtual_machine"]["template"] = cls.template.id diff --git a/test/integration/smoke/test_routers_network_ops.py b/test/integration/smoke/test_routers_network_ops.py index 93563e29818a..2f122a281e22 100644 --- a/test/integration/smoke/test_routers_network_ops.py +++ b/test/integration/smoke/test_routers_network_ops.py @@ -39,7 +39,7 @@ Router, EgressFireWallRule) from marvin.lib.common import (get_zone, - get_template, + get_test_template, get_domain, list_virtual_machines, list_networks, @@ -67,57 +67,6 @@ def check_router_command(virtual_machine, public_ip, ssh_command, check_string, return result.count(check_string) -class Templates: - """Test data for templates - """ - - def __init__(self): - self.templates = { - "macchinina": { - "kvm": { - "name": "tiny-kvm", - "displaytext": "macchinina kvm", - "format": "qcow2", - "hypervisor": "kvm", - "ostype": "Other Linux (64-bit)", - "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-kvm.qcow2.bz2", - "requireshvm": "True", - "ispublic": "True", - }, - "xenserver": { - "name": "tiny-xen", - "displaytext": "macchinina xen", - "format": "vhd", - "hypervisor": "xen", - "ostype": "Other Linux (64-bit)", - "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-xen.vhd.bz2", - "requireshvm": "True", - "ispublic": "True", - }, - "hyperv": { - "name": "tiny-hyperv", - "displaytext": "macchinina xen", - "format": "vhd", - "hypervisor": "hyperv", - "ostype": "Other Linux (64-bit)", - "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-hyperv.vhd.zip", - "requireshvm": "True", - "ispublic": "True", - }, - "vmware": { - "name": "tiny-vmware", - "displaytext": "macchinina vmware", - "format": "ova", - "hypervisor": "vmware", - "ostype": "Other Linux (64-bit)", - "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-vmware.ova", - "requireshvm": "True", - "ispublic": "True", - }, - } - } - - class TestRedundantIsolateNetworks(cloudstackTestCase): @classmethod @@ -137,16 +86,11 @@ def setUpClass(cls): cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests()) cls.services['mode'] = cls.zone.networktype - macchinina = Templates().templates["macchinina"] cls.hypervisor = cls.testClient.getHypervisorInfo() - cls.logger.debug("Downloading Template: %s from: %s" % (macchinina[cls.hypervisor.lower()], - macchinina[cls.hypervisor.lower()]["url"])) - cls.template = Template.register(cls.api_client, macchinina[cls.hypervisor.lower()], - cls.zone.id, hypervisor=cls.hypervisor.lower(), domainid=cls.domain.id) - cls.template.download(cls.api_client) + cls.template = get_test_template(cls.api_client, cls.zone.id, cls.hypervisor) if cls.template == FAILED: - assert False, "get_template() failed to return template" + assert False, "get_test_template() failed to return template" cls.services["virtual_machine"]["zoneid"] = cls.zone.id cls.services["virtual_machine"]["template"] = cls.template.id @@ -185,8 +129,7 @@ def setUpClass(cls): cls._cleanup = [ cls.service_offering, - cls.account, - cls.template + cls.account ] return @@ -712,11 +655,12 @@ def setUpClass(cls): # Get Zone, Domain and templates cls.domain = get_domain(cls.api_client) cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests()) + cls.hypervisor = cls.testClient.getHypervisorInfo() cls.services['mode'] = cls.zone.networktype - cls.template = get_template( + cls.template = get_test_template( cls.api_client, cls.zone.id, - cls.services["ostype"] + cls.hypervisor ) cls.services["virtual_machine"]["zoneid"] = cls.zone.id diff --git a/test/integration/smoke/test_service_offerings.py b/test/integration/smoke/test_service_offerings.py index 519b5ae4caa0..50c69d7147bd 100644 --- a/test/integration/smoke/test_service_offerings.py +++ b/test/integration/smoke/test_service_offerings.py @@ -31,7 +31,7 @@ list_virtual_machines, get_domain, get_zone, - get_template) + get_test_template) from nose.plugins.attrib import attr @@ -163,14 +163,13 @@ def setUpClass(cls): cls.apiclient, cls.services["service_offerings"]["tiny"] ) - template = get_template( + template = get_test_template( cls.apiclient, cls.zone.id, - cls.services["ostype"] + cls.hypervisor ) if template == FAILED: - assert False, "get_template() failed to return\ - template with description %s" % cls.services["ostype"] + assert False, "get_test_template() failed to return template" # Set Zones and disk offerings cls.services["small"]["zoneid"] = cls.zone.id @@ -386,7 +385,7 @@ def test_04_change_offering_small(self): "Check CPU Speed for small offering" ) - range = 20 + range = 25 if self.hypervisor.lower() == "hyperv": range = 200 # TODO: Find the memory allocated to VM on hyperv hypervisor using diff --git a/test/integration/smoke/test_snapshots.py b/test/integration/smoke/test_snapshots.py index 57612627f270..6e9a877cbc14 100644 --- a/test/integration/smoke/test_snapshots.py +++ b/test/integration/smoke/test_snapshots.py @@ -30,7 +30,7 @@ Volume, DiskOffering) from marvin.lib.common import (get_domain, - get_template, + get_test_template, get_zone, get_pod, list_volumes, @@ -41,57 +41,6 @@ from marvin.codes import PASS -class Templates: - """Test data for templates - """ - - def __init__(self): - self.templates = { - "macchinina": { - "kvm": { - "name": "tiny-kvm", - "displaytext": "macchinina kvm", - "format": "qcow2", - "hypervisor": "kvm", - "ostype": "Other Linux (64-bit)", - "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-kvm.qcow2.bz2", - "requireshvm": "True", - "ispublic": "True", - }, - "xenserver": { - "name": "tiny-xen", - "displaytext": "macchinina xen", - "format": "vhd", - "hypervisor": "xen", - "ostype": "Other Linux (64-bit)", - "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-xen.vhd.bz2", - "requireshvm": "True", - "ispublic": "True", - }, - "hyperv": { - "name": "tiny-hyperv", - "displaytext": "macchinina xen", - "format": "vhd", - "hypervisor": "hyperv", - "ostype": "Other Linux (64-bit)", - "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-hyperv.vhd.zip", - "requireshvm": "True", - "ispublic": "True", - }, - "vmware": { - "name": "tiny-vmware", - "displaytext": "macchinina vmware", - "format": "ova", - "hypervisor": "vmware", - "ostype": "Other Linux (64-bit)", - "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-vmware.ova", - "requireshvm": "True", - "ispublic": "True", - }, - } - } - - class TestSnapshotRootDisk(cloudstackTestCase): @classmethod @@ -113,14 +62,9 @@ def setUpClass(cls): cls._cleanup = [] if not cls.hypervisorNotSupported: - macchinina = Templates().templates["macchinina"] - cls.template = Template.register(cls.apiclient, macchinina[cls.hypervisor.lower()], - cls.zone.id, hypervisor=cls.hypervisor.lower(), domainid=cls.domain.id) - cls.template.download(cls.apiclient) - + cls.template = get_test_template(cls.apiclient, cls.zone.id, cls.hypervisor) if cls.template == FAILED: - assert False, "get_template() failed to return template" - + assert False, "get_test_template() failed to return template" cls.services["domainid"] = cls.domain.id cls.services["small"]["zoneid"] = cls.zone.id @@ -155,7 +99,6 @@ def setUpClass(cls): cls._cleanup.append(cls.service_offering) cls._cleanup.append(cls.account) - cls._cleanup.append(cls.template) cls._cleanup.append(cls.disk_offering) return @@ -430,4 +373,4 @@ def test_02_list_snapshots_with_removed_data_store(self): "Check list Snapshot response" ) - return \ No newline at end of file + return diff --git a/test/integration/smoke/test_templates.py b/test/integration/smoke/test_templates.py index 8d76de36a59e..6544ad2d268f 100644 --- a/test/integration/smoke/test_templates.py +++ b/test/integration/smoke/test_templates.py @@ -106,7 +106,7 @@ def setUp(self): if "kvm" in self.hypervisor.lower(): self.test_template = registerTemplate.registerTemplateCmd() self.test_template = registerTemplate.registerTemplateCmd() - self.test_template.checksum = "{SHA-1}" + "bf580a13f791d86acf3449a7b457a91a14389264" + self.test_template.checksum = "{SHA-1}" + "6952e58f39b470bd166ace11ffd20bf479bed936" self.test_template.hypervisor = self.hypervisor self.test_template.zoneid = self.zone.id self.test_template.name = 'test sha-2333' @@ -114,13 +114,13 @@ def setUp(self): self.test_template.url = "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-kvm.qcow2.bz2" self.test_template.format = "QCOW2" self.test_template.ostypeid = self.getOsType("Other Linux (64-bit)") - self.md5 = "ada77653dcf1e59495a9e1ac670ad95f" - self.sha256 = "0efc03633f2b8f5db08acbcc5dc1be9028572dfd8f1c6c8ea663f0ef94b458c5" + self.md5 = "88c60fd500ce7ced985cf845df0db9da" + self.sha256 = "bc4cc040bbab843000fab78db6cb4a33f3a06ae1ced2cf563d36b38c7fee3049" if "vmware" in self.hypervisor.lower(): self.test_template = registerTemplate.registerTemplateCmd() self.test_template = registerTemplate.registerTemplateCmd() - self.test_template.checksum = "{SHA-1}" + "b25d404de8335b4348ff01e49a95b403c90df466" + self.test_template.checksum = "{SHA-1}" + "178639bd5ec089a27f6d39025be28c3de5d9393b" self.test_template.hypervisor = self.hypervisor self.test_template.zoneid = self.zone.id self.test_template.name = 'test sha-2333' @@ -128,13 +128,13 @@ def setUp(self): self.test_template.url = "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-vmware.ova" self.test_template.format = "OVA" self.test_template.ostypeid = self.getOsType("Other Linux (64-bit)") - self.md5 = "d6d97389b129c7d898710195510bf4fb" - self.sha256 = "f57b59f118ab59284a70d6c63229d1de8f2d69bffc5a82b773d6c47e769c12d9" + self.md5 = "3c23ac66bac7888dc7c972783646c644" + self.sha256 = "97aaa096d419522158c54f83eb61d9242d9f6bca9166fd4030d73683d647c7e7" if "xen" in self.hypervisor.lower(): self.test_template = registerTemplate.registerTemplateCmd() self.test_template = registerTemplate.registerTemplateCmd() - self.test_template.checksum = "{SHA-1}" + "427fad501d0d8a1d63b8600a9a469fbf91191314" + self.test_template.checksum = "{SHA-1}" + "80af2c18f96e94273188808c3d56e561a1cda717" self.test_template.hypervisor = self.hypervisor self.test_template.zoneid = self.zone.id self.test_template.name = 'test sha-2333' @@ -142,8 +142,8 @@ def setUp(self): self.test_template.url = "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-xen.vhd.bz2" self.test_template.format = "VHD" self.test_template.ostypeid = self.getOsType("Other Linux (64-bit)") - self.md5 = "54ebc933e6e07ae58c0dc97dfd37c824" - self.sha256 = "bddd9876021d33df9792b71ae4b776598680ac68ecf55e9d9af33c80904cc1f3" + self.md5 = "1662bbf224e41bb62b1dee043d785731" + self.sha256 = "80fba5a7a83842ec4e5f67cc6755d61d4fca46ae170d59b0c6ed47ebf7162722" if self.unsupportedHypervisor: self.skipTest("Skipping test because unsupported hypervisor\ @@ -158,7 +158,6 @@ def tearDown(self): cmd.id = temp.id cmd.zoneid = self.zone.id self.apiclient.deleteTemplate(cmd) - except Exception as e: raise Exception("Warning: Exception during cleanup : %s" % e) return @@ -227,7 +226,8 @@ def test_05_create_template_with_no_checksum(self): def registerTemplate(self, cmd): temp = self.apiclient.registerTemplate(cmd)[0] - self.cleanup.append(temp) + if not temp: + self.cleanup.append(temp) return temp def getOsType(self, param): diff --git a/test/integration/smoke/test_usage.py b/test/integration/smoke/test_usage.py index e6c65650496b..44198357f39d 100644 --- a/test/integration/smoke/test_usage.py +++ b/test/integration/smoke/test_usage.py @@ -680,26 +680,12 @@ def test_01_volume_usage(self): "Check VOLUME.DELETE in events table" ) self.hypervisor = str(get_hypervisor_type(self.apiclient)).lower() - if self.hypervisor == "vmware": - self.testdata["coreos_volume"][ - "url"] = self.testdata["coreos_volume"]["urlvmware"] - self.testdata["coreos_volume"]["format"] = "OVA" - elif self.hypervisor == "xenserver": - self.testdata["coreos_volume"][ - "url"] = self.testdata["coreos_volume"]["urlxen"] - self.testdata["coreos_volume"]["format"] = "VHD" - elif self.hypervisor == "kvm": - self.testdata["coreos_volume"][ - "url"] = self.testdata["coreos_volume"]["urlkvm"] - self.testdata["coreos_volume"]["format"] = "QCOW2" - elif self.hypervisor == "hyperv": - self.testdata["coreos_volume"][ - "url"] = self.testdata["coreos_volume"]["urlxen"] - self.testdata["coreos_volume"]["format"] = "VHD" - + volume_template = self.testdata["test_templates"][self.hypervisor] + volume_template["diskname"] = "Volume_tiny" + volume_template["format"] = volume_template["format"].upper() volume_uploaded = Volume.upload( self.apiclient, - self.testdata["coreos_volume"], + volume_template, self.zone.id, account=self.account.name, domainid=self.account.domainid) diff --git a/test/integration/smoke/test_vpc_redundant.py b/test/integration/smoke/test_vpc_redundant.py index 372d8476710a..f2e75a5d59fa 100644 --- a/test/integration/smoke/test_vpc_redundant.py +++ b/test/integration/smoke/test_vpc_redundant.py @@ -40,7 +40,7 @@ Configurations) from marvin.lib.common import (get_domain, get_zone, - get_template, + get_test_template, list_routers, list_hosts) from marvin.lib.utils import (cleanup_resources, @@ -193,49 +193,7 @@ def __init__(self): "publicport": 22, "protocol": 'TCP', }, - "timeout": 10, - "template": { - "kvm": { - "name": "tiny-kvm", - "displaytext": "macchinina kvm", - "format": "qcow2", - "hypervisor": "kvm", - "ostype": "Other Linux (64-bit)", - "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-kvm.qcow2.bz2", - "requireshvm": "True", - "ispublic": "True", - }, - "xenserver": { - "name": "tiny-xen", - "displaytext": "macchinina xen", - "format": "vhd", - "hypervisor": "xen", - "ostype": "Other Linux (64-bit)", - "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-xen.vhd.bz2", - "requireshvm": "True", - "ispublic": "True", - }, - "hyperv": { - "name": "tiny-hyperv", - "displaytext": "macchinina xen", - "format": "vhd", - "hypervisor": "hyperv", - "ostype": "Other Linux (64-bit)", - "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-hyperv.vhd.zip", - "requireshvm": "True", - "ispublic": "True", - }, - "vmware": { - "name": "tiny-vmware", - "displaytext": "macchinina vmware", - "format": "ova", - "hypervisor": "vmware", - "ostype": "Other Linux (64-bit)", - "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-vmware.ova", - "requireshvm": "True", - "ispublic": "True", - } - } + "timeout": 10 } @@ -255,12 +213,10 @@ def setUpClass(cls): cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests()) cls.hypervisor = cls.testClient.getHypervisorInfo() - cls.template = Template.register(cls.api_client, cls.services["template"][cls.hypervisor.lower( - )], cls.zone.id, hypervisor=cls.hypervisor.lower(), domainid=cls.domain.id) - cls.template.download(cls.api_client) + cls.template = get_test_template(cls.api_client, cls.zone.id, cls.hypervisor) if cls.template == FAILED: - assert False, "get_template() failed to return template" + assert False, "get_test_template() failed to return template" cls.services["virtual_machine"]["zoneid"] = cls.zone.id cls.services["virtual_machine"]["template"] = cls.template.id @@ -268,7 +224,7 @@ def setUpClass(cls): cls.service_offering = ServiceOffering.create( cls.api_client, cls.services["service_offering"]) - cls._cleanup = [cls.service_offering, cls.template] + cls._cleanup = [cls.service_offering] cls.logger = logging.getLogger('TestVPCRedundancy') cls.stream_handler = logging.StreamHandler() diff --git a/test/integration/smoke/test_vpc_router_nics.py b/test/integration/smoke/test_vpc_router_nics.py index 39a92144438f..092a70f47e4a 100644 --- a/test/integration/smoke/test_vpc_router_nics.py +++ b/test/integration/smoke/test_vpc_router_nics.py @@ -35,7 +35,7 @@ LoadBalancerRule) from marvin.lib.common import (get_domain, get_zone, - get_template, + get_test_template, list_routers) from marvin.lib.utils import cleanup_resources import socket @@ -186,10 +186,11 @@ def setUpClass(cls): # Get Zone, Domain and templates cls.domain = get_domain(cls.api_client) cls.zone = get_zone(cls.api_client, cls.testClient.getZoneForTests()) - cls.template = get_template( + cls.hypervisor = cls.testClient.getHypervisorInfo() + cls.template = get_test_template( cls.api_client, cls.zone.id, - cls.services["ostype"]) + cls.hypervisor) cls.services["virtual_machine"]["zoneid"] = cls.zone.id cls.services["virtual_machine"]["template"] = cls.template.id @@ -450,10 +451,10 @@ def check_ssh_into_vm(self): def do_default_routes_test(self): for o in self.networks: for vmObj in o.get_vms(): - ssh_command = "ping -c 3 8.8.8.8" + ssh_command = "ping -c 5 8.8.8.8" # Should be able to SSH VM - result = 'failed' + packet_loss = 100 try: vm = vmObj.get_vm() public_ip = vmObj.get_ip() @@ -462,19 +463,22 @@ def do_default_routes_test(self): ssh = vm.get_ssh_client(ipaddress=public_ip.ipaddress.ipaddress) self.logger.debug("Ping to google.com from VM") - result = str(ssh.execute(ssh_command)) + result = ssh.execute(ssh_command) - self.logger.debug("SSH result: %s; COUNT is ==> %s" % (result, result.count(" 0% packet loss"))) + for line in result: + if "packet loss" in line: + packet_loss = int(line.split("% packet loss")[0].split(" ")[-1]) + break + + self.logger.debug("SSH result: %s; packet loss is ==> %s" % (result, packet_loss)) except Exception as e: self.fail("SSH Access failed for %s: %s" % \ (vmObj.get_ip(), e) ) - - self.assertEqual( - result.count(" 0% packet loss"), - 1, - "Ping to outside world from VM should be successful" - ) + + # Most pings should be successful + self.assertTrue(packet_loss < 50, + "Ping to outside world from VM should be successful") class networkO(object): diff --git a/test/integration/smoke/test_vpc_vpn.py b/test/integration/smoke/test_vpc_vpn.py index 849f139028ff..8c873d240d4d 100644 --- a/test/integration/smoke/test_vpc_vpn.py +++ b/test/integration/smoke/test_vpc_vpn.py @@ -52,7 +52,7 @@ from marvin.lib.common import (get_zone, get_domain, - get_template, + get_test_template, list_network_offerings) from nose.plugins.attrib import attr @@ -215,48 +215,6 @@ def __init__(self): "privateport": 22, "publicport": 22, "protocol": 'TCP', - }, - "template": { - - "kvm": { - "name": "tiny-kvm", - "displaytext": "macchinina kvm", - "format": "qcow2", - "hypervisor": "kvm", - "ostype": "Other Linux (64-bit)", - "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-kvm.qcow2.bz2", - "requireshvm": "True", - }, - - "xenserver": { - "name": "tiny-xen", - "displaytext": "macchinina xen", - "format": "vhd", - "hypervisor": "xen", - "ostype": "Other Linux (64-bit)", - "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-xen.vhd.bz2", - "requireshvm": "True", - }, - - "hyperv": { - "name": "tiny-hyperv", - "displaytext": "macchinina xen", - "format": "vhd", - "hypervisor": "hyperv", - "ostype": "Other Linux (64-bit)", - "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-hyperv.vhd.zip", - "requireshvm": "True", - }, - - "vmware": { - "name": "tiny-vmware", - "displaytext": "macchinina vmware", - "format": "ova", - "hypervisor": "vmware", - "ostype": "Other Linux (64-bit)", - "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-vmware.ova", - "requireshvm": "True", - } } } @@ -287,14 +245,9 @@ def setUpClass(cls): cls.hypervisor = testClient.getHypervisorInfo() - cls.logger.debug("Downloading Template: %s from: %s" % (cls.services["template"][ - cls.hypervisor.lower()], cls.services["template"][cls.hypervisor.lower()]["url"])) - cls.template = Template.register(cls.apiclient, cls.services["template"][cls.hypervisor.lower( - )], cls.zone.id, hypervisor=cls.hypervisor.lower(), account=cls.account.name, domainid=cls.domain.id) - cls.template.download(cls.apiclient) - + cls.template = get_test_template(cls.apiclient, cls.zone.id, cls.hypervisor) if cls.template == FAILED: - assert False, "get_template() failed to return template" + assert False, "get_test_template() failed to return template" cls.logger.debug("Successfully created account: %s, id: \ %s" % (cls.account.name, @@ -437,9 +390,6 @@ def tearDownClass(cls): try: cls.logger.debug("Cleaning up resources") - try: - cls.template.delete(cls.apiclient) - except Exception: pass cleanup_resources(cls.apiclient, cls.cleanup) except Exception, e: raise Exception("Cleanup failed with %s" % e) @@ -471,14 +421,9 @@ def setUpClass(cls): cls.hypervisor = testClient.getHypervisorInfo() - cls.logger.debug("Downloading Template: %s from: %s" % (cls.services["template"][ - cls.hypervisor.lower()], cls.services["template"][cls.hypervisor.lower()]["url"])) - cls.template = Template.register(cls.apiclient, cls.services["template"][cls.hypervisor.lower( - )], cls.zone.id, hypervisor=cls.hypervisor.lower(), account=cls.account.name, domainid=cls.domain.id) - cls.template.download(cls.apiclient) - + cls.template = get_test_template(cls.apiclient, cls.zone.id, cls.hypervisor) if cls.template == FAILED: - assert False, "get_template() failed to return template" + assert False, "get_test_template() failed to return template" cls.logger.debug("Successfully created account: %s, id: \ %s" % (cls.account.name, @@ -814,9 +759,6 @@ def checkVpnConnected(): @classmethod def tearDownClass(cls): try: - try: - cls.template.delete(cls.apiclient) - except Exception: pass cleanup_resources(cls.apiclient, cls.cleanup) except Exception, e: raise Exception("Cleanup failed with %s" % e) @@ -848,14 +790,9 @@ def setUpClass(cls): cls.hypervisor = testClient.getHypervisorInfo() - cls.logger.debug("Downloading Template: %s from: %s" % (cls.services["template"][ - cls.hypervisor.lower()], cls.services["template"][cls.hypervisor.lower()]["url"])) - cls.template = Template.register(cls.apiclient, cls.services["template"][cls.hypervisor.lower( - )], cls.zone.id, hypervisor=cls.hypervisor.lower(), account=cls.account.name, domainid=cls.domain.id) - cls.template.download(cls.apiclient) - + cls.template = get_test_template(cls.apiclient, cls.zone.id, cls.hypervisor) if cls.template == FAILED: - assert False, "get_template() failed to return template" + assert False, "get_test_template() failed to return template" cls.logger.debug("Successfully created account: %s, id: \ %s" % (cls.account.name, @@ -1194,9 +1131,6 @@ def checkVpnConnected(): @classmethod def tearDownClass(cls): try: - try: - cls.template.delete(cls.apiclient) - except Exception: pass cleanup_resources(cls.apiclient, cls.cleanup) except Exception, e: raise Exception("Cleanup failed with %s" % e) @@ -1228,14 +1162,9 @@ def setUpClass(cls): cls.hypervisor = testClient.getHypervisorInfo() - cls.logger.debug("Downloading Template: %s from: %s" % (cls.services["template"][ - cls.hypervisor.lower()], cls.services["template"][cls.hypervisor.lower()]["url"])) - cls.template = Template.register(cls.apiclient, cls.services["template"][cls.hypervisor.lower( - )], cls.zone.id, hypervisor=cls.hypervisor.lower(), account=cls.account.name, domainid=cls.domain.id) - cls.template.download(cls.apiclient) - + cls.template = get_test_template(cls.apiclient, cls.zone.id, cls.hypervisor) if cls.template == FAILED: - assert False, "get_template() failed to return template" + assert False, "get_test_template() failed to return template" cls.logger.debug("Successfully created account: %s, id: \ %s" % (cls.account.name, @@ -1642,9 +1571,6 @@ def _get_vpn_config(self, c): @classmethod def tearDownClass(cls): try: - try: - cls.template.delete(cls.apiclient) - except Exception: pass cleanup_resources(cls.apiclient, cls.cleanup) except Exception, e: raise Exception("Cleanup failed with %s" % e) diff --git a/tools/appliance/build.sh b/tools/appliance/build.sh index 45f472802951..ab3cac891bd7 100755 --- a/tools/appliance/build.sh +++ b/tools/appliance/build.sh @@ -397,7 +397,7 @@ function stage_vmx (){ displayname = "${1}" annotation = "${1}" guestos = "otherlinux-64" -virtualhw.version = "7" +virtualHW.version = "8" config.version = "8" numvcpus = "1" cpuid.coresPerSocket = "1" @@ -611,8 +611,8 @@ function main() { ovm_export "${hdd_path}" kvm_export "${hdd_path}" vmware_export "${machine_uuid}" "${hdd_uuid}" - vagrant_export "${machine_uuid}" hyperv_export "${hdd_uuid}" + #vagrant_export "${machine_uuid}" md5sum dist/* > dist/md5sum.txt add_on_exit log INFO "BUILD SUCCESSFUL" } diff --git a/tools/appliance/definitions/systemvmtemplate/apt_upgrade.sh b/tools/appliance/definitions/systemvmtemplate/apt_upgrade.sh index 6f37e343fefd..4d5ff2626d86 100644 --- a/tools/appliance/definitions/systemvmtemplate/apt_upgrade.sh +++ b/tools/appliance/definitions/systemvmtemplate/apt_upgrade.sh @@ -19,10 +19,12 @@ set -e set -x -function remove_reserved_blocks() { +# Perform fsck check on every 2nd boot +function fix_tune2fs() { for partition in $(blkid -o list | grep ext | awk '{print $1}') do - tune2fs -m0 $partition + tune2fs -m 1 $partition + tune2fs -c 2 $partition done fdisk -l df -h @@ -39,10 +41,11 @@ function apt_upgrade() { DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical + fix_tune2fs + # Setup sudo echo 'cloud ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/cloud - remove_reserved_blocks add_backports rm -fv /root/*.iso diff --git a/tools/appliance/definitions/systemvmtemplate/cleanup.sh b/tools/appliance/definitions/systemvmtemplate/cleanup.sh index 00f068d2fa71..eed29af4c579 100644 --- a/tools/appliance/definitions/systemvmtemplate/cleanup.sh +++ b/tools/appliance/definitions/systemvmtemplate/cleanup.sh @@ -21,8 +21,8 @@ set -x function cleanup_apt() { apt-get -y remove --purge dictionaries-common busybox isc-dhcp-client isc-dhcp-common \ - task-english task-ssh-server tasksel tasksel-data laptop-detect nano wamerican \ - debconf-i18n sharutils gnupg gnupg-agent keyboard-configuration + task-english task-ssh-server tasksel tasksel-data laptop-detect wamerican \ + debconf-i18n sharutils gnupg gnupg-agent apt-get -y autoremove --purge apt-get autoclean @@ -59,7 +59,6 @@ function cleanup_misc() { # Docs and data files rm -fr /var/lib/apt/* rm -fr /var/cache/apt/* - rm -fr /usr/lib/gnupg* rm -fr /usr/share/doc rm -fr /usr/share/man rm -fr /usr/share/info diff --git a/tools/appliance/definitions/systemvmtemplate/configure_grub.sh b/tools/appliance/definitions/systemvmtemplate/configure_grub.sh index eb2692ec53c1..5d80e4622ca5 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_grub.sh +++ b/tools/appliance/definitions/systemvmtemplate/configure_grub.sh @@ -27,8 +27,8 @@ function configure_grub() { GRUB_DEFAULT=0 GRUB_TIMEOUT=0 GRUB_DISTRIBUTOR=Debian -GRUB_CMDLINE_LINUX_DEFAULT="quiet" -GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8 console=hvc0 earlyprintk=xen net.ifnames=0 biosdevname=0 debian-installer=en_US" +GRUB_CMDLINE_LINUX_DEFAULT="" +GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8 console=hvc0 earlyprintk=xen net.ifnames=0 biosdevname=0 debian-installer=en_US nomodeset" GRUB_CMDLINE_XEN="com1=115200 console=com1" GRUB_TERMINAL="console serial" GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1" diff --git a/tools/appliance/definitions/systemvmtemplate/definition.rb b/tools/appliance/definitions/systemvmtemplate/definition.rb index 03be56845b66..52cb7df618e0 100644 --- a/tools/appliance/definitions/systemvmtemplate/definition.rb +++ b/tools/appliance/definitions/systemvmtemplate/definition.rb @@ -27,16 +27,16 @@ architectures = { :amd64 => { :os_type_id => 'Debian_64', - :iso_file => 'debian-9.2.1-amd64-netinst.iso', - :iso_src => 'https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.2.1-amd64-netinst.iso', - :iso_sha512 => 'ebfe25dc593967e39349b205480b0ec0103ef4a0468c602f4857e13d06d407bfe876162399e0e8d4dea5675953dc37ab585316f307ccf9f4440124b4f719df04' + :iso_file => 'debian-9.3.0-amd64-netinst.iso', + :iso_src => 'https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.3.0-amd64-netinst.iso', + :iso_sha512 => '8775231d6f56a3d8f116eb64fe048f5cbd2ea0f8c092a1cb7608bcb4106f9c85cb69ce68f53bd381019ab40f1c0316843036daf3fd9107c81c58a240334cc747' } } config = { :cpu_count => '1', :memory_size => '512', - :disk_size => '2000', :disk_format => 'VDI', :hostiocache => 'off', + :disk_size => '2100', :disk_format => 'VDI', :hostiocache => 'off', :iso_download_timeout => '1000', :boot_wait => '10', :boot_cmd_sequence => [ diff --git a/tools/appliance/definitions/systemvmtemplate/finalize.sh b/tools/appliance/definitions/systemvmtemplate/finalize.sh index 1a25e399e77a..febae7bacc18 100644 --- a/tools/appliance/definitions/systemvmtemplate/finalize.sh +++ b/tools/appliance/definitions/systemvmtemplate/finalize.sh @@ -51,13 +51,14 @@ function cleanup_veewee() { # Zero out the free space to save space in the final image: function zero_disk() { + df -h + fstrim -av for path in / /boot /var/log /tmp do dd if=/dev/zero of=${path}/zero bs=1M || true sync rm -f ${path}/zero done - df -h } function finalize() { diff --git a/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh b/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh index 40ff6df4d68c..b60f9087a668 100644 --- a/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh +++ b/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh @@ -53,7 +53,7 @@ function install_packages() { fi ${apt_get} install grub-legacy \ - rsyslog logrotate cron net-tools ifupdown vim netbase iptables \ + rsyslog logrotate cron net-tools ifupdown tmux vim netbase iptables \ openssh-server e2fsprogs tcpdump socat wget \ python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps \ inetutils-ping iputils-arping httping curl \ diff --git a/tools/appliance/definitions/systemvmtemplate/preseed.cfg b/tools/appliance/definitions/systemvmtemplate/preseed.cfg index 5a8e2d9fba99..d218172eec39 100644 --- a/tools/appliance/definitions/systemvmtemplate/preseed.cfg +++ b/tools/appliance/definitions/systemvmtemplate/preseed.cfg @@ -57,23 +57,28 @@ d-i partman-auto/method string regular d-i partman-auto/choose_recipe select atomic d-i partman-auto/expert_recipe string \ boot-root :: \ - 50 50 50 ext2 \ + 100 50 200 ext2 \ $primary{ } $bootable{ } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext2 } \ mountpoint{ /boot } \ . \ - 1500 40 1600 ext4 \ + 1450 40 1600 ext4 \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ / } \ . \ - 350 50 400 ext4 \ + 350 60 500 ext4 \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /var/log } \ . \ - 100 100 100 linux-swap \ + 100 90 200 ext4 \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ /tmp } \ + . \ + 100 100 1024 linux-swap \ method{ swap } format{ } \ . diff --git a/tools/marvin/marvin/config/test_data.py b/tools/marvin/marvin/config/test_data.py index bca541f62377..9f8e6a95f875 100644 --- a/tools/marvin/marvin/config/test_data.py +++ b/tools/marvin/marvin/config/test_data.py @@ -956,8 +956,54 @@ "name": "xs", "passwordenabled": False, "ostype": "CentOS 5.6 (64-bit)" + }, + "test_templates": { + "kvm": { + "name": "tiny-kvm", + "displaytext": "tiny kvm", + "format": "qcow2", + "hypervisor": "kvm", + "ostype": "Other Linux (64-bit)", + "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-kvm.qcow2.bz2", + "requireshvm": "True", + "ispublic": "True", + "isextractable": "True" + }, + "xenserver": { + "name": "tiny-xen", + "displaytext": "tiny xen", + "format": "vhd", + "hypervisor": "xenserver", + "ostype": "Other Linux (64-bit)", + "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-xen.vhd.bz2", + "requireshvm": "True", + "ispublic": "True", + "isextractable": "True" + }, + "hyperv": { + "name": "tiny-hyperv", + "displaytext": "tiny hyperv", + "format": "vhd", + "hypervisor": "hyperv", + "ostype": "Other Linux (64-bit)", + "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-hyperv.vhd.zip", + "requireshvm": "True", + "ispublic": "True", + "isextractable": "True" + }, + "vmware": { + "name": "tiny-vmware", + "displaytext": "tiny vmware", + "format": "ova", + "hypervisor": "vmware", + "ostype": "Other Linux (64-bit)", + "url": "http://dl.openvm.eu/cloudstack/macchinina/x86_64/macchinina-vmware.ova", + "requireshvm": "True", + "ispublic": "True" + } }, + "coreos_volume": { "diskname": "Volume_core", "urlvmware":"http://dl.openvm.eu/cloudstack/coreos/x86_64/coreos_production_cloudstack_image-vmware.ova", diff --git a/tools/marvin/marvin/lib/base.py b/tools/marvin/marvin/lib/base.py index d8fcb595aa1f..bd00237df175 100755 --- a/tools/marvin/marvin/lib/base.py +++ b/tools/marvin/marvin/lib/base.py @@ -1225,13 +1225,16 @@ def create(cls, apiclient, services, volumeid=None, @classmethod def register(cls, apiclient, services, zoneid=None, account=None, domainid=None, hypervisor=None, - projectid=None, details=None): + projectid=None, details=None, randomize_name=True): """Create template from URL""" # Create template from Virtual machine and Volume ID cmd = registerTemplate.registerTemplateCmd() cmd.displaytext = services["displaytext"] - cmd.name = "-".join([services["name"], random_gen()]) + if randomize_name: + cmd.name = "-".join([services["name"], random_gen()]) + else: + cmd.name = services["name"] cmd.format = services["format"] if hypervisor: cmd.hypervisor = hypervisor diff --git a/tools/marvin/marvin/lib/common.py b/tools/marvin/marvin/lib/common.py index d1b872a953ae..86203d6d6fe4 100644 --- a/tools/marvin/marvin/lib/common.py +++ b/tools/marvin/marvin/lib/common.py @@ -18,6 +18,7 @@ """ # Import Local Modules +from marvin.config.test_data import test_data from marvin.cloudstackAPI import (listConfigurations, listPhysicalNetworks, listRegions, @@ -76,6 +77,7 @@ NATRule, StaticNATRule, Volume, + Template, Account, Project, Snapshot, @@ -296,6 +298,7 @@ def get_pod(apiclient, zone_id=None, pod_id=None, pod_name=None): if validateList(cmd_out)[0] != PASS: return FAILED return cmd_out[0] + def get_template( apiclient, zone_id=None, ostype_desc=None, template_filter="featured", template_type='BUILTIN', template_id=None, template_name=None, account=None, domain_id=None, project_id=None, @@ -342,6 +345,50 @@ def get_template( return list_templatesout[0] +def get_test_template(apiclient, zone_id=None, hypervisor=None): + """ + @Name : get_test_template + @Desc : Retrieves the test template used to running tests. When the template + is missing it will be download at most one in a zone for a hypervisor. + @Input : returns a template + """ + test_templates = test_data["test_templates"] + + if hypervisor is None: + return FAILED + + hypervisor = hypervisor.lower() + + # Return built-in template for simulator + if hypervisor == 'simulator': + return get_template(apiclient, zone_id) + + if hypervisor not in test_templates.keys(): + print "Provided hypervisor has no test template" + return FAILED + + test_template = test_templates[hypervisor] + + cmd = listTemplates.listTemplatesCmd() + cmd.name = test_template['name'] + cmd.templatefilter = 'all' + if zone_id is not None: + cmd.zoneid = zone_id + if hypervisor is not None: + cmd.hypervisor = hypervisor + templates = apiclient.listTemplates(cmd) + + if validateList(templates)[0] != PASS: + template = Template.register(apiclient, test_template, zoneid=zone_id, hypervisor=hypervisor.lower(), randomize_name=False) + template.download(apiclient) + return template + + for template in templates: + if template.isready and template.ispublic: + return template + + return FAILED + def get_windows_template( apiclient, zone_id=None, ostype_desc=None, template_filter="featured", template_type='USER', diff --git a/ui/l10n/en.js b/ui/l10n/en.js index fe2e80ff0f85..e3b0064b0605 100644 --- a/ui/l10n/en.js +++ b/ui/l10n/en.js @@ -558,7 +558,6 @@ var dictionary = {"ICMP.code":"ICMP Code", "label.console.proxy.vm":"Console Proxy VM", "label.continue":"Continue", "label.continue.basic.install":"Continue with basic installation", -"label.control.ip":"Control IP", "label.copying.iso":"Copying ISO", "label.corrections.saved":"Corrections saved", "label.counter":"Counter", diff --git a/ui/scripts/system.js b/ui/scripts/system.js index 9e80e27711e0..d0e616235661 100755 --- a/ui/scripts/system.js +++ b/ui/scripts/system.js @@ -10993,8 +10993,8 @@ return args; } }, - controlip: { - label: 'label.control.ip' + publicip: { + label: 'label.public.ip' }, hostname: { label: 'label.host' diff --git a/ui/scripts/ui/dialog.js b/ui/scripts/ui/dialog.js index 1564a2b6f25d..c5188592259e 100644 --- a/ui/scripts/ui/dialog.js +++ b/ui/scripts/ui/dialog.js @@ -897,7 +897,7 @@ $listView.dialog({ dialogClass: 'multi-edit-add-list panel', - width: 825, + width: 900, title: _l('Select VM'), buttons: [{ text: _l('label.apply'), diff --git a/ui/scripts/ui/widgets/multiEdit.js b/ui/scripts/ui/widgets/multiEdit.js index 48d597e6859a..677448a15ab7 100755 --- a/ui/scripts/ui/widgets/multiEdit.js +++ b/ui/scripts/ui/widgets/multiEdit.js @@ -579,7 +579,7 @@ var $dataList = $listView.addClass('multi-edit-add-list').dialog({ dialogClass: 'multi-edit-add-list panel', - width: 825, + width: 900, title: label, buttons: [{ text: _l('label.apply'), From 6fc389a044288e8f12f41a651a711a1ab7113b86 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Wed, 13 Dec 2017 01:28:18 +0530 Subject: [PATCH 13/22] CLOUDSTACK-10187: Don't delete vifs for VPCs with source nat On XenServer, both redundant router's vifs were getting deleted when any PF rule is removed from any of the acquired public IPs. This fix ensures that lastIp is set to `false` when processed by hypervisor resources to avoid removing of VIFs when VPCs have any source nat IP. Signed-off-by: Rohit Yadav --- .../network/router/CommandSetupHelper.java | 19 ++++++++++++++----- test/integration/smoke/test_vpc_redundant.py | 4 ++-- 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/server/src/com/cloud/network/router/CommandSetupHelper.java b/server/src/com/cloud/network/router/CommandSetupHelper.java index cadaf4fcdf80..c8d85fe26446 100644 --- a/server/src/com/cloud/network/router/CommandSetupHelper.java +++ b/server/src/com/cloud/network/router/CommandSetupHelper.java @@ -475,7 +475,7 @@ public void createFirewallRulesCommands(final List rules public void createAssociateIPCommands(final VirtualRouter router, final List ips, final Commands cmds, final long vmId) { final String ipAssocCommand = "IPAssocCommand"; - createRedundantAssociateIPCommands(router, ips, cmds, ipAssocCommand, vmId); + createRedundantAssociateIPCommands(router, ips, cmds, ipAssocCommand, false); } public void createNetworkACLsCommands(final List rules, final VirtualRouter router, final Commands cmds, final long guestNetworkId, @@ -645,7 +645,7 @@ public void createVpcAssociatePublicIPCommands(final VirtualRouter router, final final String ipAssocCommand = "IPAssocVpcCommand"; if (router.getIsRedundantRouter()) { - createRedundantAssociateIPCommands(router, ips, cmds, ipAssocCommand, 0); + createRedundantAssociateIPCommands(router, ips, cmds, ipAssocCommand, true); return; } @@ -742,7 +742,7 @@ public int compare(final PublicIpAddress o1, final PublicIpAddress o2) { } } - public void createRedundantAssociateIPCommands(final VirtualRouter router, final List ips, final Commands cmds, final String ipAssocCommand, final long vmId) { + public void createRedundantAssociateIPCommands(final VirtualRouter router, final List ips, final Commands cmds, final String ipAssocCommand, final boolean isVPC) { // Ensure that in multiple vlans case we first send all ip addresses of // vlan1, then all ip addresses of vlan2, etc.. @@ -840,7 +840,16 @@ public int compare(final PublicIpAddress o1, final PublicIpAddress o2) { } // for network if the ips does not have any rules, then only last ip - List userIps = _ipAddressDao.listByAssociatedNetwork(associatedWithNetworkId, null); + final List userIps = _ipAddressDao.listByAssociatedNetwork(associatedWithNetworkId, null); + boolean hasSourceNat = false; + if (isVPC && userIps.size() > 0 && userIps.get(0) != null) { + // All ips should belong to a VPC + final Long vpcId = userIps.get(0).getVpcId(); + final List sourceNatIps = _ipAddressDao.listByAssociatedVpc(vpcId, true); + if (sourceNatIps != null && sourceNatIps.size() > 0) { + hasSourceNat = true; + } + } int ipsWithrules = 0; int ipsStaticNat = 0; @@ -864,7 +873,7 @@ public int compare(final PublicIpAddress o1, final PublicIpAddress o2) { cmd.setAccessDetail(NetworkElementCommand.ZONE_NETWORK_TYPE, dcVo.getNetworkType().toString()); // if there is 1 static nat then it will be checked for remove at the resource - if (ipsWithrules == 0 && ipsStaticNat == 0) { + if (ipsWithrules == 0 && ipsStaticNat == 0 && !hasSourceNat) { // there is only one ip address for the network. cmd.setAccessDetail(NetworkElementCommand.NETWORK_PUB_LAST_IP, "true"); } else { diff --git a/test/integration/smoke/test_vpc_redundant.py b/test/integration/smoke/test_vpc_redundant.py index f2e75a5d59fa..2fde8d992075 100644 --- a/test/integration/smoke/test_vpc_redundant.py +++ b/test/integration/smoke/test_vpc_redundant.py @@ -600,7 +600,7 @@ def test_04_rvpc_network_garbage_collector_nics(self): gc_wait = Configurations.list(self.apiclient, name="network.gc.wait") gc_interval = Configurations.list(self.apiclient, name="network.gc.interval") - + self.logger.debug("network.gc.wait is ==> %s" % gc_wait) self.logger.debug("network.gc.interval is ==> %s" % gc_interval) @@ -618,7 +618,7 @@ def test_04_rvpc_network_garbage_collector_nics(self): @attr(tags=["advanced", "intervlan"], required_hardware="true") def test_05_rvpc_multi_tiers(self): - """ Create a redundant VPC with 1 Tier, 1 VM, 1 ACL, 1 PF and test Network GC Nics""" + """ Create a redundant VPC with multiple tiers""" self.logger.debug("Starting test_05_rvpc_multi_tiers") self.query_routers() From 6ab46b3c29c167a3d8a08828bc754c383648404b Mon Sep 17 00:00:00 2001 From: lmrv Date: Thu, 14 Dec 2017 00:54:05 +0530 Subject: [PATCH 14/22] CLOUDSTACK-9501: route is not available by default on CentOS7 (#1637) This adds the `net-tools` dependency on CentOS cloudstack-agent rpms. This will provide ifconfig, route and other tools that may be used by CloudStack scripts and utilities. Signed-off-by: Rohit Yadav --- packaging/centos7/cloud.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/packaging/centos7/cloud.spec b/packaging/centos7/cloud.spec index 219b8b6edf1f..f16858a4a8f1 100644 --- a/packaging/centos7/cloud.spec +++ b/packaging/centos7/cloud.spec @@ -104,6 +104,7 @@ Requires: bridge-utils Requires: ebtables Requires: iptables Requires: ethtool +Requires: net-tools Requires: iproute Requires: ipset Requires: perl From ce3303212b5f9639ee91db52972fc9fd4b9a3c68 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Sat, 16 Dec 2017 14:19:28 +0530 Subject: [PATCH 15/22] CLOUDSTACK-9953: Resize root disk for VMware when full clone is enabled Resize for VMware root disk should only be performed during VM start when vmware.create.full.clone is true i.e. the disk chain length is one. Signed-off-by: Rohit Yadav --- .../vmware/resource/VmwareResource.java | 34 ++++++++----------- 1 file changed, 15 insertions(+), 19 deletions(-) diff --git a/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java b/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java index c08a6120ebf6..d8691505203d 100644 --- a/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java +++ b/plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java @@ -2178,9 +2178,9 @@ protected StartAnswer execute(StartCommand cmd) { hyperHost.setRestartPriorityForVM(vmMo, DasVmPriority.HIGH.value()); } - //For resizing root disk. + // For resizing root disk. if (rootDiskTO != null && !hasSnapshot) { - resizeRootDisk(vmMo, rootDiskTO, hyperHost, context); + resizeRootDiskOnVMStart(vmMo, rootDiskTO, hyperHost, context); } // @@ -2250,28 +2250,24 @@ private String appendFileType(String path, String fileType) { return path + fileType; } - private void resizeRootDisk(VirtualMachineMO vmMo, DiskTO rootDiskTO, VmwareHypervisorHost hyperHost, VmwareContext context) throws Exception - { - Pair vdisk = getVirtualDiskInfo(vmMo, appendFileType(rootDiskTO.getPath(), ".vmdk")); + private void resizeRootDiskOnVMStart(VirtualMachineMO vmMo, DiskTO rootDiskTO, VmwareHypervisorHost hyperHost, VmwareContext context) throws Exception { + final Pair vdisk = getVirtualDiskInfo(vmMo, appendFileType(rootDiskTO.getPath(), ".vmdk")); assert(vdisk != null); - Long reqSize=((VolumeObjectTO)rootDiskTO.getData()).getSize()/1024; - VirtualDisk disk = vdisk.first(); - if (reqSize > disk.getCapacityInKB()) - { - VirtualMachineDiskInfo diskInfo = getMatchingExistingDisk(vmMo.getDiskInfoBuilder(), rootDiskTO, hyperHost, context); + final Long reqSize = ((VolumeObjectTO)rootDiskTO.getData()).getSize() / 1024; + final VirtualDisk disk = vdisk.first(); + if (reqSize > disk.getCapacityInKB()) { + final VirtualMachineDiskInfo diskInfo = getMatchingExistingDisk(vmMo.getDiskInfoBuilder(), rootDiskTO, hyperHost, context); assert (diskInfo != null); - String[] diskChain = diskInfo.getDiskChain(); + final String[] diskChain = diskInfo.getDiskChain(); - if (diskChain != null && diskChain.length>1) - { - s_logger.error("Unsupported Disk chain length "+ diskChain.length); - throw new Exception("Unsupported Disk chain length "+ diskChain.length); + if (diskChain != null && diskChain.length > 1) { + s_logger.warn("Disk chain length for the VM is greater than one, skipping resizing of root disk."); + return; } - if (diskInfo.getDiskDeviceBusName() == null || !diskInfo.getDiskDeviceBusName().toLowerCase().startsWith("scsi")) - { - s_logger.error("Unsupported root disk device bus "+ diskInfo.getDiskDeviceBusName() ); - throw new Exception("Unsupported root disk device bus "+ diskInfo.getDiskDeviceBusName()); + if (diskInfo.getDiskDeviceBusName() == null || !diskInfo.getDiskDeviceBusName().toLowerCase().startsWith("scsi")) { + s_logger.warn("Resizing of root disk is only support for scsi device/bus, the provide disk's device bus name is " + diskInfo.getDiskDeviceBusName()); + return; } disk.setCapacityInKB(reqSize); From 15b11a3b27800afcb598f8e97416f0d826cac491 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Wed, 13 Dec 2017 01:42:05 +0530 Subject: [PATCH 16/22] CLOUDSTACK-10013: Fix VMware related issues and fix misc tests This fixes test failures around VMware with the new systemvmtemplate. In addition: - Does not skip rVR related test cases for VMware - Removes rc.local - Processes unprocessed cmd_line.json - Fixed NPEs around VMware tests/code - On VMware, use udevadm to reconfigure nic/mac address than rebooting - Fix proper acpi shutdown script for faster systemvm shutdowns - Give at least 256MB of swap for VRs to avoid OOM on VMware - Fixes smoke tests for environment related failures Signed-off-by: Rohit Yadav --- .../cloud/vm/VirtualMachineManagerImpl.java | 2 +- python/lib/cloudutils/utilities.py | 4 +- .../src/com/cloud/server/StatsCollector.java | 20 ++++++- systemvm/agent/conf/log4j-cloud.xml | 12 ++-- systemvm/debian/etc/issue | 3 - systemvm/debian/etc/rc.local | 19 ------- systemvm/debian/opt/cloud/bin/cs/CsDhcp.py | 2 +- systemvm/debian/opt/cloud/bin/setup/common.sh | 8 +-- systemvm/debian/opt/cloud/bin/setup/router.sh | 6 +- .../debian/opt/cloud/bin/setup/vpcrouter.sh | 7 +-- .../debian/opt/cloud/bin/update_config.py | 6 ++ .../opt/cloud/templates/keepalived.conf.templ | 2 +- .../smoke/test_deploy_virtio_scsi_vm.py | 3 +- .../smoke/test_deploy_vm_root_resize.py | 56 ++++++++----------- test/integration/smoke/test_iso.py | 0 .../smoke/test_list_ids_parameter.py | 0 .../smoke/test_nested_virtualization.py | 0 test/integration/smoke/test_ssvm.py | 4 +- test/integration/smoke/test_vm_life_cycle.py | 0 test/integration/smoke/test_volumes.py | 2 + .../systemvmtemplate/configure_acpid.sh | 13 +---- .../systemvmtemplate/configure_grub.sh | 4 +- .../configure_systemvm_services.sh | 10 ++++ .../install_systemvm_packages.sh | 4 +- .../definitions/systemvmtemplate/preseed.cfg | 6 +- ui/scripts/network.js | 2 +- 26 files changed, 92 insertions(+), 103 deletions(-) delete mode 100644 systemvm/debian/etc/issue delete mode 100755 systemvm/debian/etc/rc.local mode change 100755 => 100644 test/integration/smoke/test_deploy_vm_root_resize.py mode change 100755 => 100644 test/integration/smoke/test_iso.py mode change 100755 => 100644 test/integration/smoke/test_list_ids_parameter.py mode change 100755 => 100644 test/integration/smoke/test_nested_virtualization.py mode change 100755 => 100644 test/integration/smoke/test_vm_life_cycle.py diff --git a/engine/orchestration/src/com/cloud/vm/VirtualMachineManagerImpl.java b/engine/orchestration/src/com/cloud/vm/VirtualMachineManagerImpl.java index da13b7ac20a5..8413ce9f6e9e 100755 --- a/engine/orchestration/src/com/cloud/vm/VirtualMachineManagerImpl.java +++ b/engine/orchestration/src/com/cloud/vm/VirtualMachineManagerImpl.java @@ -4776,8 +4776,8 @@ private Pair orchestrateStop(final VmWorkStop work) thro final VMInstanceVO vm = _entityMgr.findById(VMInstanceVO.class, work.getVmId()); if (vm == null) { s_logger.info("Unable to find vm " + work.getVmId()); + throw new CloudRuntimeException("Unable to find VM id=" + work.getVmId()); } - assert vm != null; orchestrateStop(vm.getUuid(), work.isCleanup()); return new Pair(JobInfo.Status.SUCCEEDED, null); diff --git a/python/lib/cloudutils/utilities.py b/python/lib/cloudutils/utilities.py index 05a2a5855200..b9d47630cc60 100755 --- a/python/lib/cloudutils/utilities.py +++ b/python/lib/cloudutils/utilities.py @@ -216,8 +216,8 @@ def isKVMEnabled(self): class serviceOpsRedhat7(serviceOps): def isServiceRunning(self, servicename): try: - o = bash("systemctl status " + servicename) - if "running" in o.getStdout() or "start" in o.getStdout() or "Running" in o.getStdout(): + o = bash("systemctl is-active " + servicename) + if "inactive" not in o.getStdout(): return True else: return False diff --git a/server/src/com/cloud/server/StatsCollector.java b/server/src/com/cloud/server/StatsCollector.java index d32ed98b1e81..b66fa5f0600d 100644 --- a/server/src/com/cloud/server/StatsCollector.java +++ b/server/src/com/cloud/server/StatsCollector.java @@ -64,6 +64,7 @@ import com.cloud.cluster.dao.ManagementServerHostDao; import com.cloud.dc.Vlan.VlanType; import com.cloud.dc.VlanVO; +import com.cloud.dc.dao.ClusterDao; import com.cloud.dc.dao.VlanDao; import com.cloud.exception.StorageUnavailableException; import com.cloud.gpu.dao.HostGpuGroupsDao; @@ -92,18 +93,20 @@ import com.cloud.network.as.dao.AutoScaleVmProfileDao; import com.cloud.network.as.dao.ConditionDao; import com.cloud.network.as.dao.CounterDao; +import com.cloud.org.Cluster; import com.cloud.resource.ResourceManager; import com.cloud.resource.ResourceState; import com.cloud.service.ServiceOfferingVO; import com.cloud.service.dao.ServiceOfferingDao; import com.cloud.storage.ImageStoreDetailsUtil; +import com.cloud.storage.ScopeType; +import com.cloud.storage.Storage.ImageFormat; import com.cloud.storage.StorageManager; import com.cloud.storage.StorageStats; import com.cloud.storage.VolumeStats; import com.cloud.storage.VolumeVO; import com.cloud.storage.dao.VolumeDao; import com.cloud.user.UserStatisticsVO; -import com.cloud.storage.Storage.ImageFormat; import com.cloud.user.VmDiskStatisticsVO; import com.cloud.user.dao.UserStatisticsDao; import com.cloud.user.dao.VmDiskStatisticsDao; @@ -173,6 +176,8 @@ public String toString() { @Inject private HostDao _hostDao; @Inject + private ClusterDao _clusterDao; + @Inject private UserVmDao _userVmDao; @Inject private VolumeDao _volsDao; @@ -916,7 +921,18 @@ else if (volume.getFormat() == ImageFormat.OVA){ } } try { - HashMap volumeStatsByUuid = _userVmMgr.getVolumeStatistics(pool.getClusterId(), pool.getUuid(), pool.getPoolType(), volumeLocators, StatsTimeout.value()); + Map volumeStatsByUuid; + if (pool.getScope() == ScopeType.ZONE) { + volumeStatsByUuid = new HashMap<>(); + for (final Cluster cluster: _clusterDao.listByZoneId(pool.getDataCenterId())) { + final Map volumeStatsForCluster = _userVmMgr.getVolumeStatistics(cluster.getId(), pool.getUuid(), pool.getPoolType(), volumeLocators, StatsTimeout.value()); + if (volumeStatsForCluster != null) { + volumeStatsByUuid.putAll(volumeStatsForCluster); + } + } + } else { + volumeStatsByUuid = _userVmMgr.getVolumeStatistics(pool.getClusterId(), pool.getUuid(), pool.getPoolType(), volumeLocators, StatsTimeout.value()); + } if (volumeStatsByUuid != null){ for (final Map.Entry entry : volumeStatsByUuid.entrySet()) { if (entry == null || entry.getKey() == null || entry.getValue() == null) { diff --git a/systemvm/agent/conf/log4j-cloud.xml b/systemvm/agent/conf/log4j-cloud.xml index b32bb570d57a..338fae234f67 100644 --- a/systemvm/agent/conf/log4j-cloud.xml +++ b/systemvm/agent/conf/log4j-cloud.xml @@ -24,7 +24,7 @@ under the License. - + @@ -34,7 +34,7 @@ under the License. - + @@ -45,7 +45,7 @@ under the License. - + @@ -123,9 +123,9 @@ under the License. - - - + + + diff --git a/systemvm/debian/etc/issue b/systemvm/debian/etc/issue deleted file mode 100644 index fdef90e7c8a8..000000000000 --- a/systemvm/debian/etc/issue +++ /dev/null @@ -1,3 +0,0 @@ - __?.o/ Apache CloudStack SystemVM - ( )# https://cloudstack.apache.org - (___(_) \s \r \n \l diff --git a/systemvm/debian/etc/rc.local b/systemvm/debian/etc/rc.local deleted file mode 100755 index e419de0939cc..000000000000 --- a/systemvm/debian/etc/rc.local +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - - diff --git a/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py b/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py index f61350107440..bcdba51e6c89 100755 --- a/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py +++ b/systemvm/debian/opt/cloud/bin/cs/CsDhcp.py @@ -80,7 +80,7 @@ def configure_server(self): # DNS search order if gn.get_dns() and device: sline = "dhcp-option=tag:interface-%s-%s,6" % (device, idx) - dns_list = [x for x in gn.get_dns() if x is not None] + dns_list = [x for x in gn.get_dns() if not (not x)] line = "dhcp-option=tag:interface-%s-%s,6,%s" % (device, idx, ','.join(dns_list)) self.conf.search(sline, line) # Gateway diff --git a/systemvm/debian/opt/cloud/bin/setup/common.sh b/systemvm/debian/opt/cloud/bin/setup/common.sh index 078cb58320b0..0622e2e1aa83 100755 --- a/systemvm/debian/opt/cloud/bin/setup/common.sh +++ b/systemvm/debian/opt/cloud/bin/setup/common.sh @@ -331,14 +331,14 @@ setup_common() { ip route add default via $GW dev $gwdev fi - # a hacking way to activate vSwitch under VMware - ping -n -c 3 $GW & + # Workaround to activate vSwitch under VMware + timeout 3 ping -n -c 3 $GW || true if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ] then - ping -n -c 3 $LOCAL_GW & + timeout 3 ping -n -c 3 $LOCAL_GW || true #This code is added to address ARP issue by pinging MGMT_GW MGMT_GW=$(echo $MGMTNET | awk -F "." '{print $1"."$2"."$3".1"}') - ping -n -c 3 $MGMT_GW & + timeout 3 ping -n -c 3 $MGMT_GW || true fi if [ "$HYPERVISOR" == "vmware" ]; then diff --git a/systemvm/debian/opt/cloud/bin/setup/router.sh b/systemvm/debian/opt/cloud/bin/setup/router.sh index c3141f895108..f41e57e63750 100755 --- a/systemvm/debian/opt/cloud/bin/setup/router.sh +++ b/systemvm/debian/opt/cloud/bin/setup/router.sh @@ -59,10 +59,8 @@ setup_router() { if [ "$oldmd5" != "$newmd5" ] then - log_it "udev NIC assignment requires reboot to take effect" - sync - sleep 2 - reboot + log_it "Reloading udev for new udev NIC assignment" + udevadm control --reload-rules && udevadm trigger fi fi diff --git a/systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh b/systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh index 106cfd6adc3f..220a2ea8747a 100755 --- a/systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh +++ b/systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh @@ -65,11 +65,8 @@ EOF if [ "$HYPERVISOR" == "vmware" ] || [ "$HYPERVISOR" == "hyperv" ]; then ip route add $MGMTNET via $LOCAL_GW dev eth0 - - # a hacking way to activate vSwitch under VMware - ping -n -c 3 $LOCAL_GW & - sleep 3 - pkill ping + # workaround to activate vSwitch under VMware + timeout 3 ping -n -c 3 $LOCAL_GW || true fi fi diff --git a/systemvm/debian/opt/cloud/bin/update_config.py b/systemvm/debian/opt/cloud/bin/update_config.py index 7b86378ee2a6..c22aea03b4f5 100755 --- a/systemvm/debian/opt/cloud/bin/update_config.py +++ b/systemvm/debian/opt/cloud/bin/update_config.py @@ -112,6 +112,12 @@ def is_guestnet_configured(guestnet_dict, keys): return exists +# If the command line json file is unprocessed process it +# This is important or, the control interfaces will get deleted! +if jsonFilename != "cmd_line.json" and os.path.isfile(jsonPath % "cmd_line.json"): + qf = QueueFile() + qf.setFile("cmd_line.json") + qf.load(None) if not (os.path.isfile(jsonConfigFile) and os.access(jsonConfigFile, os.R_OK)): print "[ERROR] update_config.py :: Unable to read and access %s to process it" % jsonConfigFile diff --git a/systemvm/debian/opt/cloud/templates/keepalived.conf.templ b/systemvm/debian/opt/cloud/templates/keepalived.conf.templ index 5412fd96b3cc..0a5377766238 100644 --- a/systemvm/debian/opt/cloud/templates/keepalived.conf.templ +++ b/systemvm/debian/opt/cloud/templates/keepalived.conf.templ @@ -25,7 +25,7 @@ vrrp_script heartbeat { } vrrp_instance inside_network { - state EQUAL + state BACKUP interface eth2 virtual_router_id 51 nopreempt diff --git a/test/integration/smoke/test_deploy_virtio_scsi_vm.py b/test/integration/smoke/test_deploy_virtio_scsi_vm.py index 52ef25470fdd..260e299d4f99 100644 --- a/test/integration/smoke/test_deploy_virtio_scsi_vm.py +++ b/test/integration/smoke/test_deploy_virtio_scsi_vm.py @@ -219,7 +219,8 @@ def verifyVirshState(self, diskcount): "controller index") elif child.tag.lower() == "driver": discard = child.get("discard") - self.assertEqual(discard, "unmap", "discard settings not unmap") + if discard: # may not be defined by older qemu/libvirt + self.assertEqual(discard, "unmap", "discard settings not unmap") def verifyGuestState(self, diskcount): ssh = self.virtual_machine.get_ssh_client(reconnect=True) diff --git a/test/integration/smoke/test_deploy_vm_root_resize.py b/test/integration/smoke/test_deploy_vm_root_resize.py old mode 100755 new mode 100644 index 4855099917fa..e23bbcec6d2c --- a/test/integration/smoke/test_deploy_vm_root_resize.py +++ b/test/integration/smoke/test_deploy_vm_root_resize.py @@ -53,8 +53,8 @@ def setUpClass(cls): cls.services = cls.testClient.getParsedTestDataConfig() cls.services["mode"] = cls.zone.networktype cls._cleanup = [] + cls.storageID = None cls.updateclone = False - cls.restartreq = False cls.defaultdiskcontroller = "ide" cls.template = get_template(cls.api_client, cls.zone.id) if cls.template == FAILED: @@ -70,7 +70,8 @@ def setUpClass(cls): list_pool_resp = list_storage_pools(cls.api_client, account=cls.account.name, domainid=cls.domain.id) - #Identify the storage pool type and set vmware fullclone to + + # Identify the storage pool type and set vmware fullclone to # true if storage is VMFS if cls.hypervisor == 'vmware': # please make sure url of templateregister dictionary in @@ -89,26 +90,13 @@ def setUpClass(cls): value="scsi") cls.updateclone = True - cls.restartreq = True - - list_config_fullclone_global_response = list_configurations( - cls.api_client - , name= - "vmware.create.full.clone") - if list_config_fullclone_global_response[0].value=="false": - Configurations.update(cls.api_client, - "vmware.create.full.clone", - value="true") - - cls.updateclone = True - cls.restartreq = True for strpool in list_pool_resp: if strpool.type.lower() == "vmfs" or strpool.type.lower()== "networkfilesystem": list_config_storage_response = list_configurations( - cls.api_client - , name= - "vmware.create.full.clone",storageid=strpool.id) + cls.api_client, name="vmware.create.full.clone", + storageid=strpool.id) + res = validateList(list_config_storage_response) if res[2]== INVALID_INPUT: raise Exception("Failed to list configurations ") @@ -123,12 +111,16 @@ def setUpClass(cls): tags="scsi") cls.storageID = strpool.id break - if cls.restartreq: - cls.restartServer() - #Giving 30 seconds to management to warm-up, - #Experienced failures when trying to deploy a VM exactly when management came up - time.sleep(30) + list_config_fullclone_global_response = list_configurations( + cls.api_client, name="vmware.create.full.clone") + + if list_config_fullclone_global_response[0].value=="false": + Configurations.update(cls.api_client, + "vmware.create.full.clone", + value="true") + cls.updateclone = True + #create a service offering cls.service_offering = ServiceOffering.create( @@ -147,21 +139,17 @@ def tearDownClass(cls): if cls.updateclone: Configurations.update(cls.api_client, - "vmware.create.full.clone", - value="false",storageid=cls.storageID) + "vmware.root.disk.controller", + value=cls.defaultdiskcontroller) Configurations.update(cls.api_client, "vmware.create.full.clone", value="false") Configurations.update(cls.api_client, - "vmware.root.disk.controller", - value=cls.defaultdiskcontroller) - StoragePool.update(cls.api_client, id=cls.storageID, - tags="") - cls.restartServer() - - #Giving 30 seconds to management to warm-up, - #Experienced failures when trying to deploy a VM exactly when management came up - time.sleep(30) + "vmware.create.full.clone", + value="false", storageid=cls.storageID) + if cls.storageID: + StoragePool.update(cls.api_client, id=cls.storageID, + tags="") cleanup_resources(cls.api_client, cls._cleanup) except Exception as e: diff --git a/test/integration/smoke/test_iso.py b/test/integration/smoke/test_iso.py old mode 100755 new mode 100644 diff --git a/test/integration/smoke/test_list_ids_parameter.py b/test/integration/smoke/test_list_ids_parameter.py old mode 100755 new mode 100644 diff --git a/test/integration/smoke/test_nested_virtualization.py b/test/integration/smoke/test_nested_virtualization.py old mode 100755 new mode 100644 diff --git a/test/integration/smoke/test_ssvm.py b/test/integration/smoke/test_ssvm.py index 41db1abf31b1..f20003bf23aa 100644 --- a/test/integration/smoke/test_ssvm.py +++ b/test/integration/smoke/test_ssvm.py @@ -73,7 +73,7 @@ def checkRunningAgent(): return list_host_response[0].state == 'Up', None return False, None - res, _ = wait_until(3, self.services["sleep"], checkRunningAgent) + res, _ = wait_until(3, 300, checkRunningAgent) if not res: raise Exception("Failed to wait for SSVM agent to be Up") @@ -99,7 +99,7 @@ def checkRunningState(): return ssvm_response.state == 'Running', ssvm_response return False, None - res, ssvm_response = wait_until(3, self.services["sleep"], checkRunningState) + res, ssvm_response = wait_until(3, 300, checkRunningState) if not res: self.fail("Failed to reach systemvm state to Running") return ssvm_response diff --git a/test/integration/smoke/test_vm_life_cycle.py b/test/integration/smoke/test_vm_life_cycle.py old mode 100755 new mode 100644 diff --git a/test/integration/smoke/test_volumes.py b/test/integration/smoke/test_volumes.py index 4e9e0777faca..431dfa9b7974 100644 --- a/test/integration/smoke/test_volumes.py +++ b/test/integration/smoke/test_volumes.py @@ -246,6 +246,8 @@ def test_01_create_volume(self): ret = checkVolumeSize(ssh_handle=ssh,volume_name=volume_name,size_to_verify=vol_sz) elif list_volume_response[0].hypervisor.lower() == "hyperv": ret = checkVolumeSize(ssh_handle=ssh,volume_name="/dev/sdb",size_to_verify=vol_sz) + elif list_volume_response[0].hypervisor.lower() == "vmware": + ret = checkVolumeSize(ssh_handle=ssh,volume_name="/dev/sda",size_to_verify=vol_sz) else: ret = checkVolumeSize(ssh_handle=ssh,volume_name="/dev/sdb",size_to_verify=vol_sz) self.debug(" Volume Size Expected %s Actual :%s" %(vol_sz,ret[1])) diff --git a/tools/appliance/definitions/systemvmtemplate/configure_acpid.sh b/tools/appliance/definitions/systemvmtemplate/configure_acpid.sh index f2463424f9d9..6e27eee76575 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_acpid.sh +++ b/tools/appliance/definitions/systemvmtemplate/configure_acpid.sh @@ -20,18 +20,11 @@ set -e set -x function configure_acpid() { - grep /usr/local/sbin/power.sh /etc/acpi/events/power && return - mkdir -p /etc/acpi/events - cat >> /etc/acpi/events/power << EOF -event=button/power.* -action=/usr/local/sbin/power.sh "%e" -EOF - cat >> /usr/local/sbin/power.sh << EOF -#!/bin/bash -/sbin/poweroff + cat > /etc/acpi/events/powerbtn </dev/null || configure_acpid diff --git a/tools/appliance/definitions/systemvmtemplate/configure_grub.sh b/tools/appliance/definitions/systemvmtemplate/configure_grub.sh index 5d80e4622ca5..53ffb2dc306b 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_grub.sh +++ b/tools/appliance/definitions/systemvmtemplate/configure_grub.sh @@ -20,14 +20,14 @@ set -e set -x function configure_grub() { - cat < /etc/default/grub + cat > /etc/default/grub < /etc/cloudstack-release } +function configure_issue() { + cat > /etc/issue </dev/null || configure_services diff --git a/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh b/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh index b60f9087a668..30ad66dd4efb 100644 --- a/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh +++ b/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh @@ -53,10 +53,10 @@ function install_packages() { fi ${apt_get} install grub-legacy \ - rsyslog logrotate cron net-tools ifupdown tmux vim netbase iptables \ + rsyslog logrotate cron net-tools ifupdown tmux vim htop netbase iptables \ openssh-server e2fsprogs tcpdump socat wget \ python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps \ - inetutils-ping iputils-arping httping curl \ + inetutils-ping iputils-arping httping curl \ dnsutils zip unzip ethtool uuid file iproute acpid sudo \ sysstat python-netaddr \ apache2 ssl-cert \ diff --git a/tools/appliance/definitions/systemvmtemplate/preseed.cfg b/tools/appliance/definitions/systemvmtemplate/preseed.cfg index d218172eec39..0f6c265f19cc 100644 --- a/tools/appliance/definitions/systemvmtemplate/preseed.cfg +++ b/tools/appliance/definitions/systemvmtemplate/preseed.cfg @@ -57,13 +57,13 @@ d-i partman-auto/method string regular d-i partman-auto/choose_recipe select atomic d-i partman-auto/expert_recipe string \ boot-root :: \ - 100 50 200 ext2 \ + 50 50 100 ext2 \ $primary{ } $bootable{ } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext2 } \ mountpoint{ /boot } \ . \ - 1450 40 1600 ext4 \ + 1300 40 1600 ext4 \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ / } \ @@ -78,7 +78,7 @@ d-i partman-auto/expert_recipe string \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /tmp } \ . \ - 100 100 1024 linux-swap \ + 256 100 1024 linux-swap \ method{ swap } format{ } \ . diff --git a/ui/scripts/network.js b/ui/scripts/network.js index 776517829124..7dd459dc9158 100644 --- a/ui/scripts/network.js +++ b/ui/scripts/network.js @@ -844,7 +844,7 @@ 'Released': 'off', 'Destroy': 'off', 'Shutdown': 'off', - 'Setup': 'warning', + 'Setup': 'on', 'Implemented': 'on' } } From 60a216bcc94ff12ee9100362393cae8ce8ba4792 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Sun, 17 Dec 2017 12:26:35 +0530 Subject: [PATCH 17/22] CLOUDSTACK-10193: Use other64Linux for systemvms on VMware In default/fresh installations, the guest os type for systemvms with id=15 or Debian 5 (32-bit) can cause memory allocation issues to guest. Using Other Linux 64-bit as guest OS systemvms get all the allocated RAM. This avoids OOM related kernel panics for certain VRs such as rVRs, lbvm etc. Signed-off-by: Rohit Yadav --- engine/schema/resources/META-INF/db/schema-41000to41100.sql | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/engine/schema/resources/META-INF/db/schema-41000to41100.sql b/engine/schema/resources/META-INF/db/schema-41000to41100.sql index 2a2fe2ddede5..76bcb3f9c5b1 100644 --- a/engine/schema/resources/META-INF/db/schema-41000to41100.sql +++ b/engine/schema/resources/META-INF/db/schema-41000to41100.sql @@ -495,3 +495,7 @@ UPDATE `cloud`.`monitoring_services` SET pidfile="/var/run/apache2/apache2.pid" -- Boost secondary storage systemvm UPDATE `cloud`.`service_offering` SET ram_size=1024, cpu=2 WHERE vm_type="secondarystoragevm" and cpu=1 and ram_size=512; + +-- Use 'Other Linux 64-bit' as guest os for the default systemvmtemplate for VMware +-- This fixes a memory allocation issue to systemvms on VMware/ESXi +UPDATE `cloud`.`vm_template` SET guest_os_id=99 WHERE id=8; From 3839239a21fc14a64acc18900ae303961036ef91 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Sun, 17 Dec 2017 12:55:26 +0530 Subject: [PATCH 18/22] CLOUDSTACK-10194: Use packer for building systemvmtemplates - This migrates the current systemvmtemplate build system from veewee/virtualbox to packer and qemu based. - This also introduces and updates a CentOS7 built-in template. - Remove old appliance build scripts and files. - Adds iftop package (CLOUDSTACK-9785) Signed-off-by: Rohit Yadav --- pom.xml | 8 +- tools/appliance/.ruby-version | 1 - tools/appliance/.rvmrc | 24 -- tools/appliance/README.md | 105 +---- tools/appliance/build.sh | 360 +++--------------- tools/appliance/builtin/http/kickstart.cfg | 91 +++++ .../builtin/scripts/base.sh} | 15 +- .../{Gemfile => builtin/scripts/cleanup.sh} | 20 +- tools/appliance/builtin/template.json | 53 +++ tools/appliance/convert/Convert.class | Bin 984 -> 0 bytes tools/appliance/convert/Convert.java | 36 -- tools/appliance/convert_ovf_vbox_to_esx.xslt | 42 -- tools/appliance/definitions/builtin/base.sh | 14 - .../appliance/definitions/builtin/cleanup.sh | 21 - .../definitions/builtin/definition.rb | 33 -- .../definitions/builtin/install-xs-tools.sh | 10 - tools/appliance/definitions/builtin/ks.cfg | 35 -- .../definitions/builtin/postinstall.sh | 54 --- .../appliance/definitions/builtin/zerodisk.sh | 3 - .../definitions/debianbase/cleanup.sh | 49 --- .../definitions/debianbase/configure_login.sh | 78 ---- .../definitions/debianbase/definition.rb | 80 ---- .../definitions/debianbase/preseed.cfg | 129 ------- .../definitions/debianbase/zerodisk.sh | 43 --- tools/appliance/definitions/devcloud/base.sh | 12 - .../appliance/definitions/devcloud/cleanup.sh | 21 - .../definitions/devcloud/definition.rb | 45 --- .../definitions/devcloud/postinstall.sh | 60 --- .../definitions/devcloud/preseed.cfg | 357 ----------------- .../definitions/devcloud/zerodisk.sh | 11 - tools/appliance/shar_cloud_scripts.sh | 2 +- .../http}/preseed.cfg | 13 +- .../scripts}/apt_upgrade.sh | 5 +- .../scripts}/authorized_keys.sh | 0 .../scripts}/cleanup.sh | 0 .../scripts}/configure_acpid.sh | 0 .../scripts}/configure_conntrack.sh | 0 .../scripts}/configure_grub.sh | 4 + .../scripts}/configure_locale.sh | 0 .../scripts}/configure_login.sh | 0 .../scripts}/configure_networking.sh | 0 .../scripts}/configure_persistent_config.sh | 1 - .../scripts}/configure_systemvm_services.sh | 0 .../scripts}/definition.rb | 4 +- .../scripts}/finalize.sh | 8 +- .../scripts}/install_systemvm_packages.sh | 16 +- .../appliance/systemvmtemplate/template.json | 82 ++++ tools/appliance/test.sh | 180 --------- tools/appliance/vbox_disk_clean.rb | 49 --- tools/appliance/vbox_vm_clean.rb | 77 ---- tools/vagrant/devcloud/Vagrantfile | 206 ---------- .../devcloud/templates/tmpl/1/1/README | 1 - .../devcloud/templates/tmpl/1/5/README | 2 - tools/vagrant/systemvm/.gitignore | 52 --- tools/vagrant/systemvm/.ruby-version | 1 - tools/vagrant/systemvm/.rvmrc | 24 -- tools/vagrant/systemvm/README.md | 30 -- tools/vagrant/systemvm/VBoxManage | 41 -- tools/vagrant/systemvm/Vagrantfile | 123 ------ tools/vagrant/systemvm/test.sh | 213 ----------- tools/vagrant/systemvm/vagrant.pub | 1 - 61 files changed, 343 insertions(+), 2602 deletions(-) delete mode 100644 tools/appliance/.ruby-version delete mode 100644 tools/appliance/.rvmrc create mode 100644 tools/appliance/builtin/http/kickstart.cfg rename tools/{vagrant/systemvm/Gemfile => appliance/builtin/scripts/base.sh} (65%) rename tools/appliance/{Gemfile => builtin/scripts/cleanup.sh} (74%) create mode 100644 tools/appliance/builtin/template.json delete mode 100644 tools/appliance/convert/Convert.class delete mode 100644 tools/appliance/convert/Convert.java delete mode 100644 tools/appliance/convert_ovf_vbox_to_esx.xslt delete mode 100644 tools/appliance/definitions/builtin/base.sh delete mode 100644 tools/appliance/definitions/builtin/cleanup.sh delete mode 100644 tools/appliance/definitions/builtin/definition.rb delete mode 100644 tools/appliance/definitions/builtin/install-xs-tools.sh delete mode 100644 tools/appliance/definitions/builtin/ks.cfg delete mode 100644 tools/appliance/definitions/builtin/postinstall.sh delete mode 100644 tools/appliance/definitions/builtin/zerodisk.sh delete mode 100644 tools/appliance/definitions/debianbase/cleanup.sh delete mode 100644 tools/appliance/definitions/debianbase/configure_login.sh delete mode 100644 tools/appliance/definitions/debianbase/definition.rb delete mode 100644 tools/appliance/definitions/debianbase/preseed.cfg delete mode 100644 tools/appliance/definitions/debianbase/zerodisk.sh delete mode 100644 tools/appliance/definitions/devcloud/base.sh delete mode 100644 tools/appliance/definitions/devcloud/cleanup.sh delete mode 100644 tools/appliance/definitions/devcloud/definition.rb delete mode 100644 tools/appliance/definitions/devcloud/postinstall.sh delete mode 100644 tools/appliance/definitions/devcloud/preseed.cfg delete mode 100644 tools/appliance/definitions/devcloud/zerodisk.sh rename tools/appliance/{definitions/systemvmtemplate => systemvmtemplate/http}/preseed.cfg (92%) rename tools/appliance/{definitions/systemvmtemplate => systemvmtemplate/scripts}/apt_upgrade.sh (97%) rename tools/appliance/{definitions/systemvmtemplate => systemvmtemplate/scripts}/authorized_keys.sh (100%) rename tools/appliance/{definitions/systemvmtemplate => systemvmtemplate/scripts}/cleanup.sh (100%) rename tools/appliance/{definitions/systemvmtemplate => systemvmtemplate/scripts}/configure_acpid.sh (100%) rename tools/appliance/{definitions/systemvmtemplate => systemvmtemplate/scripts}/configure_conntrack.sh (100%) rename tools/appliance/{definitions/systemvmtemplate => systemvmtemplate/scripts}/configure_grub.sh (92%) rename tools/appliance/{definitions/systemvmtemplate => systemvmtemplate/scripts}/configure_locale.sh (100%) rename tools/appliance/{definitions/systemvmtemplate => systemvmtemplate/scripts}/configure_login.sh (100%) rename tools/appliance/{definitions/systemvmtemplate => systemvmtemplate/scripts}/configure_networking.sh (100%) rename tools/appliance/{definitions/systemvmtemplate => systemvmtemplate/scripts}/configure_persistent_config.sh (99%) rename tools/appliance/{definitions/systemvmtemplate => systemvmtemplate/scripts}/configure_systemvm_services.sh (100%) rename tools/appliance/{definitions/systemvmtemplate => systemvmtemplate/scripts}/definition.rb (93%) rename tools/appliance/{definitions/systemvmtemplate => systemvmtemplate/scripts}/finalize.sh (95%) rename tools/appliance/{definitions/systemvmtemplate => systemvmtemplate/scripts}/install_systemvm_packages.sh (98%) create mode 100644 tools/appliance/systemvmtemplate/template.json delete mode 100644 tools/appliance/test.sh delete mode 100755 tools/appliance/vbox_disk_clean.rb delete mode 100755 tools/appliance/vbox_vm_clean.rb delete mode 100644 tools/vagrant/devcloud/Vagrantfile delete mode 100644 tools/vagrant/devcloud/templates/tmpl/1/1/README delete mode 100644 tools/vagrant/devcloud/templates/tmpl/1/5/README delete mode 100644 tools/vagrant/systemvm/.gitignore delete mode 100644 tools/vagrant/systemvm/.ruby-version delete mode 100644 tools/vagrant/systemvm/.rvmrc delete mode 100644 tools/vagrant/systemvm/README.md delete mode 100755 tools/vagrant/systemvm/VBoxManage delete mode 100644 tools/vagrant/systemvm/Vagrantfile delete mode 100755 tools/vagrant/systemvm/test.sh delete mode 100644 tools/vagrant/systemvm/vagrant.pub diff --git a/pom.xml b/pom.xml index 39a611d5e9d7..00a3542bc274 100644 --- a/pom.xml +++ b/pom.xml @@ -880,14 +880,8 @@ services/secondary-storage/conf/agent.properties services/secondary-storage/conf/environment.properties test/systemvm/README.md - tools/appliance/.ruby-version - tools/vagrant/systemvm/vagrant.pub - tools/vagrant/systemvm/.ruby-version tools/devcloud/basebuild/puppet-devcloudinitial/files/network.conf - tools/appliance/definitions/devcloud/* - tools/appliance/definitions/systemvmtemplate/* - tools/appliance/definitions/systemvm64template/* - tools/appliance/definitions/builtin/* + tools/appliance/*/template.json tools/cli/cloudmonkey.egg-info/* tools/devcloud/src/deps/boxes/basebox-build/definition.rb tools/devcloud/src/deps/boxes/basebox-build/preseed.cfg diff --git a/tools/appliance/.ruby-version b/tools/appliance/.ruby-version deleted file mode 100644 index bc9bac6213bd..000000000000 --- a/tools/appliance/.ruby-version +++ /dev/null @@ -1 +0,0 @@ -2.3.0p0 diff --git a/tools/appliance/.rvmrc b/tools/appliance/.rvmrc deleted file mode 100644 index 573ecb78640e..000000000000 --- a/tools/appliance/.rvmrc +++ /dev/null @@ -1,24 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -rvm use ruby-2.3.0@vagrant-release-cloudstack --create -export VAGRANT_HOME=$HOME/.vagrant.d-release-cloudstack -bundle check > /dev/null 2>&1 -RETVAL=$? -if [ $RETVAL -ne 0 ]; then - bundle install -fi diff --git a/tools/appliance/README.md b/tools/appliance/README.md index 403eb45bb447..6d8370fdfa48 100644 --- a/tools/appliance/README.md +++ b/tools/appliance/README.md @@ -17,104 +17,27 @@ under the License. =========================================================== -# Setting up Tools and Environment - - - Install latest VirtualBox (5.0+) - - Install tools for exporting appliances: qemu-img, vboxmanage, vhd-util, ovftool - - Install [RVM](https://rvm.io/rvm/install) - - Install dependencies (tested on Ubuntu 16.04): - apt-get install sharutils libxslt1-dev libxml2-dev zlib1g-dev build-essential ruby ruby-bundler ruby-dev qemu-utils blktap-utils faketime - - Setup paths: - export PATH=~/.rvm/bin:$PATH - - Install Ruby 2.3.0, if it installed some other version: - rvm install 2.3.0 - - Set rvm to use that 2.3.0 - rvm use ruby-2.3.0 - - Install bundler: (if you get any openssl issue see https://rvm.io/packages/openssl) - gem install bundler - -All the dependencies will be fetched automatically. - -To save some time if you've downloaded iso of your distro, put the isos in: -tools/appliance/iso/ +# Introduction -# Setting up jenkins (CI) builds +This is used to build appliances for use with CloudStack. Currently two +build profiles are available for building systemvmtemplate (Debian based) and +CentOS based built-in user VM template. -All the tools listed above are expected to be available. If you follow - - http://rvm.io/integration/jenkins - -then you'll need to do a bit of logic to load RVM in jenkins. In the -build script you put into jenkins, start it with -``` -#!/bin/bash -l -``` +# Setting up Tools and Environment -to ensure a login shell, then add something like -``` -# inspired by https://github.com/CloudBees-community/rubyci-clickstart/blob/master/bin/run-ci -# also see https://rvm.io/integration/jenkins -# .rvmrc won't get trusted/auto-loaded by jenkins by default -export VAGRANT_HOME=$HOME/.vagrant.d-release-cloudstack -rvm use ruby-1.9.3@vagrant-release-cloudstack --create -# do not use --deployment since that requires Gemfile.lock...and we prefer an up-to-date veewee -bundle_args="--path vendor/bundle" -``` +- Install packer and latest KVM, qemu on a Linux machine +- Install tools for exporting appliances: qemu-img, ovftool, faketime +- Build and install `vhd-util` as described in build.sh or use pre-built + binaries at: + http://packages.shapeblue.com/systemvmtemplate/vhd-util + http://packages.shapeblue.com/systemvmtemplate/libvhd.so.1.0 -# How to build SystemVMs automatically +# How to build appliances Just run build.sh, it will export archived appliances for KVM, XenServer, VMWare and HyperV in `dist` directory: - bundle install - bash build.sh systemvm64template - -# Building SystemVM template appliance manually - -List available appliances one can build: - - veewee vbox list - -Modify scripts in definitions/*appliance*/ as per needs. -Build systemvm template appliance: - - veewee vbox build 'systemvmtemplate' - -Start the box: - - veewee vbox up 'systemvmtemplate' - -Halt the box: - - veewee vbox halt 'systemvmtemplate' - -Now VirtualBox can be used to export appliance. - -To build the systemvm64template by hand using veewee, set VM_ARCH=amd64 and use -the systemvmtemplate: - - export VM_ARCH=amd64 - cp -r definitions/systemvmtemplate definitions/systemvm64template - veewee vbox build 'systemvm64template' - -Troubleshooting -=============== -If you see following line in the screen, then veewee is failing -extracting vboxmanage version. - - Downloading vbox guest additions iso v - http://download.virtualbox.org/vi - -You would be able to check it manually by typing: - - vboxmanage --version - -If you're using Fedora for example, you'll need to install `kernel-devel` -package and run `/etc/init.d/vboxdrv setup` to get veewee working. - -Testing -======= -The ./test.sh script tries out a few different default ways to invoke build.sh. + bash build.sh systemvmtemplate + bash build.sh builtin -See ../vagrant/systemvm for a test setup that uses vagrant+serverspec to -provide actual integration tests that verify the built systemvm is up to spec. diff --git a/tools/appliance/build.sh b/tools/appliance/build.sh index ab3cac891bd7..8b1032ecc8b2 100755 --- a/tools/appliance/build.sh +++ b/tools/appliance/build.sh @@ -1,6 +1,4 @@ #!/bin/bash -l -# note: the -l is needed here for bash to always make a login shell and load rvm if it hasn't been loaded -# # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information @@ -18,35 +16,21 @@ # specific language governing permissions and limitations # under the License. -# build script which wraps around veewee and virtualbox to create the systemvm template +# build script which wraps around packer and virtualbox to create the systemvm template function usage() { cat </dev/null || echo unknown) | sed -e 's/remotes\/.*\///g' | sed -e 's|/|_|g'` -fi - -branch_tag= -if [ ! -z "${branch}" ]; then - branch_tag="-${branch}" -fi - version_tag= if [ ! -z "${version}" ]; then if [ ! -z "${BUILD_NUMBER}" ]; then @@ -152,10 +101,7 @@ elif [ ! -z "${BUILD_NUMBER}" ]; then version_tag="-${BUILD_NUMBER}" fi -appliance_build_name=${appliance}${branch_tag}${version_tag} - -# mac address of the vm we create -mac_address= +appliance_build_name=${appliance}${version_tag} ### ### Generic helper functions @@ -244,151 +190,29 @@ function retry() { ### function create_definition() { - if [ "${appliance}" == "systemvm64template" ]; then - arch="amd64" - export VM_ARCH="${arch}" - rm -rf definitions/systemvm64template # in case of left-over cruft from failed build - cp -r definitions/systemvmtemplate definitions/systemvm64template - add_on_exit rm -rf definitions/systemvm64template - fi - if [ "${appliance}" != "${appliance_build_name}" ]; then - cp -r "definitions/${appliance}" "definitions/${appliance_build_name}" + cp -r "${appliance}" "${appliance_build_name}" set +e if [ ! -z "${version}" ]; then sed ${sed_regex_option} -i -e "s/^CLOUDSTACK_RELEASE=.+/CLOUDSTACK_RELEASE=${version}/" \ - "definitions/${appliance_build_name}/configure_systemvm_services.sh" - fi - if [ ! -z "${ssh_key}" ]; then - # ssh key lines can contain / - sed ${sed_regex_option} -i -e "s|^key=.+|key=\"${ssh_key}\"|" \ - "definitions/${appliance_build_name}/authorized_keys.sh" + "${appliance_build_name}/configure_systemvm_services.sh" fi set -e - add_on_exit rm -rf "definitions/${appliance_build_name}" + add_on_exit rm -rf "${appliance_build_name}" fi ./shar_cloud_scripts.sh add_on_exit rm -f cloud_scripts_shar_archive.sh } -function setup_ruby() { - bundle check || bundle install ${BUNDLE_ARGS} -} - -function stop_vbox() { - log INFO "stoppping all virtualbox vms for ${USER}" - bundle exec ./vbox_vm_clean.rb -} - -function clean_vbox() { - log INFO "deleting all virtualbox vms and disks for ${USER}" - bundle exec ./vbox_vm_clean.rb --delete --kill - bundle exec ./vbox_disk_clean.rb -} - function prepare() { log INFO "preparing for build" - setup_ruby rm -rf dist *.ova *.vhd *.vdi *.qcow* *.bz2 *.vmdk *.ovf - mkdir dist } -function veewee_destroy() { - log INFO "destroying existing veewee image, if any" - set +e - bundle exec veewee vbox destroy "${appliance_build_name}" ${VEEWEE_ARGS} - set -e -} - -function veewee_build() { - log INFO "building new image with veewee" - bundle exec veewee vbox build "${appliance_build_name}" ${VEEWEE_BUILD_ARGS} -} - -function veewee_halt() { - log INFO "shutting down new vm with veewee" - bundle exec veewee vbox halt "${appliance_build_name}" ${VEEWEE_ARGS} -} - -function save_mac_address() { - log INFO "saving new vm mac address" - mac_address=`vboxmanage showvminfo --details --machinereadable ${appliance_build_name} | grep macaddress1= | sed 's/macaddress1=//' | sed 's/"//g'` - if [ "${mac_address}" == "" ]; then - error "Could not find mac address for appliance ${appliance_build_name}" - fi -} - -function check_appliance_shutdown() { - log INFO "waiting for veewee appliance to shut down..." - ! (vboxmanage list runningvms | grep "${appliance_build_name}") - local result=$? - if [ ${result} -eq 0 ]; then - log INFO "...veewee appliance shut down ok" - else - log INFO "...veewee appliance still running" - fi - return ${result} -} - -function check_appliance_disk_ready() { - log INFO "waiting for veewee appliance disk to be available..." - # local hdd_path="vboxmanage showvminfo '${appliance_build_name}' --machinereadable | \ - # egrep '(SATA|IDE) Controller-[0-9]+-[0-9]+' | grep -v '.iso' | \ - # grep -v '="none"' | egrep -o '=".*"' | sed 's/=//' | sed 's/"//g'" - local hdd_path=`vboxmanage list hdds | grep "${appliance_build_name}\/" | grep vdi | \ - cut -c 14- | sed ${sed_regex_option} 's/^ *//'` - disk_state=`vboxmanage showhdinfo "${hdd_path}" | egrep '^State:' | sed 's/State://' | egrep -o '[a-zA-Z]+' | awk '{print tolower($0)}'` - if [ "${disk_state}" == "notcreated" ]; then - log ERROR "disk ${hdd_path} in state notcreated" - return 1 - elif [ "${disk_state}" == "created" ]; then - log INFO "disk ${hdd_path} in state created" - return 0 - elif [ "${disk_state}" == "lockedread" ]; then - log INFO "disk ${hdd_path} in state lockedread" - return 1 - elif [ "${disk_state}" == "lockedwrite" ]; then - log INFO "disk ${hdd_path} in state lockedwrite" - return 1 - elif [ "${disk_state}" == "inaccessible" ]; then - log INFO "disk ${hdd_path} in state inaccessible" - return 1 - elif [ "${disk_state}" == "creating" ]; then - log WARN "disk ${hdd_path} in state creating" - return 1 - elif [ "${disk_state}" == "deleting" ]; then - log WARN "disk ${hdd_path} in state deleting" - return 1 - else - log WARN "disk ${hdd_path} has unknown disk state ${disk_state}" - return 1 - fi -} - -function remove_shares() { - log INFO "removing shared folders from appliance..." - set +e - local shared_folders=`vboxmanage showvminfo "${appliance_build_name}" | grep Name | grep Host` - if [ "${shared_folders}" == "" ]; then - return 0 - fi - folder_name=`echo "${shared_folders}" | head -1 | cut -c 8- | cut -d \' -f 1` - vboxmanage sharedfolder remove "${appliance_build_name}" --name "${folder_name}" - ! (vboxmanage showvminfo "${appliance_build_name}" | grep Name | grep Host) - local result=$? - set -e - if [ ${result} -eq 0 ]; then - log INFO "...veewee appliance shared folders removed" - else - log INFO "...veewee appliance still has shared folders" - fi - return ${result} -} - -function compact_hdd() { - log INFO "compacting image" - vboxmanage modifyhd "${1}" --compact +function packer_build() { + log INFO "building new image with packer" + cd ${appliance_build_name} && packer build template.json && cd .. } function stage_vmx (){ @@ -442,13 +266,12 @@ VMXFILE function xen_server_export() { log INFO "creating xen server export" - local hdd_path="${1}" set +e which faketime >/dev/null 2>&1 && which vhd-util >/dev/null 2>&1 local result=$? set -e if [ ${result} == 0 ]; then - vboxmanage internalcommands converttoraw -format vdi "${hdd_path}" img.raw + qemu-img convert -f qcow2 -O raw "dist/${appliance}" img.raw vhd-util convert -s 0 -t 1 -i img.raw -o stagefixed.vhd faketime '2010-01-01' vhd-util convert -s 1 -t 2 -i stagefixed.vhd -o "${appliance_build_name}-xen.vhd" rm -f *.bak @@ -463,117 +286,48 @@ function xen_server_export() { function ovm_export() { log INFO "creating OVM export" - local hdd_path="${1}" - rm -f img.raw - vboxmanage internalcommands converttoraw -format vdi "${hdd_path}" img.raw - mv img.raw ${appliance_build_name}-ovm.raw - bzip2 "${appliance_build_name}-ovm.raw" - mv "${appliance_build_name}-ovm.raw.bz2" dist/ + qemu-img convert -f qcow2 -O raw "dist/${appliance}" "dist/${appliance_build_name}-ovm.raw" + cd dist && bzip2 "${appliance_build_name}-ovm.raw" && cd .. log INFO "${appliance} exported for OracleVM: dist/${appliance_build_name}-ovm.raw.bz2" } function kvm_export() { + log INFO "creating kvm export" set +e - which faketime >/dev/null 2>&1 && which vhd-util >/dev/null 2>&1 - local result=$? - set -e - if [ ${result} == 0 ]; then - log INFO "creating kvm export" - local hdd_path="${1}" - rm -f raw.img - vboxmanage internalcommands converttoraw -format vdi "${hdd_path}" raw.img - set +e - qemu-img convert -o compat=0.10 -f raw -c -O qcow2 raw.img "${appliance_build_name}-kvm.qcow2" - local qemuresult=$? - set -e - if [ ${qemuresult} != 0 ]; then - log INFO "'qemu-img convert' failed, trying without compat option" - qemu-img convert -f raw -c -O qcow2 raw.img "${appliance_build_name}-kvm.qcow2" - fi - add_on_exit rm -f raw.img - bzip2 "${appliance_build_name}-kvm.qcow2" - mv "${appliance_build_name}-kvm.qcow2.bz2" dist/ - log INFO "${appliance} exported for KVM: dist/${appliance_build_name}-kvm.qcow2.bz2" - else - log WARN "** Skipping ${appliance_build_name} export for KVM: qemu-img is missing. **" - fi + qemu-img convert -o compat=0.10 -f qcow2 -c -O qcow2 "dist/${appliance}" "dist/${appliance_build_name}-kvm.qcow2" + local qemuresult=$? + cd dist && bzip2 "${appliance_build_name}-kvm.qcow2" && cd .. + log INFO "${appliance} exported for KVM: dist/${appliance_build_name}-kvm.qcow2.bz2" } function vmware_export() { log INFO "creating vmware export" - local machine_uuid="${1}" - local hdd_uuid="${2}" - vboxmanage clonehd "${hdd_uuid}" "${appliance_build_name}-vmware.vmdk" --format VMDK + qemu-img convert -f qcow2 -O vmdk "dist/${appliance}" "dist/${appliance_build_name}-vmware.vmdk" if ! ovftool_loc="$(type -p "ovftool")" || [ -z "$ovftool_loc" ]; then - log INFO "ovftool not found, using traditional method to export ova file" - vboxmanage export "${machine_uuid}" --output "${appliance_build_name}-vmware.ovf" - log INFO "${appliance} exported for VMWare: dist/${appliance_build_name}-vmware.{vmdk.bz2,ovf}" - add_on_exit rm -f ${appliance_build_name}-vmware.ovf - add_on_exit rm -f ${appliance_build_name}-vmware-disk[0-9].vmdk - - # xsltproc doesn't support this XSLT so we use java to run this one XSLT - mv ${appliance_build_name}-vmware.ovf ${appliance_build_name}-vmware.ovf-orig - java -cp convert Convert convert_ovf_vbox_to_esx.xslt \ - ${appliance_build_name}-vmware.ovf-orig \ - ${appliance_build_name}-vmware.ovf - add_on_exit rm -f ${appliance_build_name}-vmware.ovf-orig - chmod 666 *.vmdk *.ovf - tar -cf ${appliance_build_name}-vmware.ova \ - ${appliance_build_name}-vmware.ovf \ - ${appliance_build_name}-vmware-disk[0-9].vmdk - else - log INFO "ovftool found, using it to export ova file" - chmod 666 ${appliance_build_name}-vmware.vmdk - stage_vmx ${appliance_build_name}-vmware ${appliance_build_name}-vmware.vmdk - ovftool ${appliance_build_name}-vmware.vmx ${appliance_build_name}-vmware.ova + log INFO "ovftool not found, skipping ova generation for VMware" + return fi - mv ${appliance_build_name}-vmware.ova dist/ - log INFO "${appliance} exported for VMWare: dist/${appliance_build_name}-vmware.ova" -} -function vagrant_export() { - log INFO "creating vagrant export" - local machine_uuid="${1}" - # this is based on veewee export logic, but, we don't want to use veewee export, - # since it makes optimistic assumptions about VM shutdown/halt leading to available - # disks and the like - # predicting VBoxManage disk naming seems problematic - # disk="${appliance_build_name}-vmware.ovf" - # image="${appliance_build_name}-vmware-disk1.vmdk" - mkdir -p "box/${appliance_build_name}" - # cp "${disk}" "box/${appliance_build_name}/box.ovf" - # cp "${image}" "box/${appliance_build_name}/box-disk1.vmdk" - cat >box/${appliance_build_name}/Vagrantfile < dist/md5sum.txt + packer_build + + # process the disk at dist + kvm_export + ovm_export + xen_server_export + vmware_export + hyperv_export + rm -f "dist/${appliance}" + cd dist && md5sum * > md5sum.txt && cd .. + cd dist && sha512sum * > sha512sum.txt && cd .. add_on_exit log INFO "BUILD SUCCESSFUL" } diff --git a/tools/appliance/builtin/http/kickstart.cfg b/tools/appliance/builtin/http/kickstart.cfg new file mode 100644 index 000000000000..80a5d6d92550 --- /dev/null +++ b/tools/appliance/builtin/http/kickstart.cfg @@ -0,0 +1,91 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# Run the installer +install +# Use cdrom media +cdrom +lang en_US.UTF-8 +keyboard us +network --bootproto=dhcp --hostname=builtin-centos7 +rootpw password +firewall --disabled +selinux --disabled +timezone UTC +unsupported_hardware +bootloader --location=mbr +text +skipx +zerombr +clearpart --all --initlabel +autopart +auth --enableshadow --passalgo=sha512 --kickstart +firstboot --disabled +eula --agreed +services --disabled="chronyd" --enabled="sshd" +reboot +user --name=cloud --plaintext --password cloud + +%packages --ignoremissing --excludedocs +@^minimal +@core +kexec-tools +# unnecessary firmware +-aic94xx-firmware +-atmel-firmware +-b43-openfwwf +-bfa-firmware +-ipw2100-firmware +-ipw2200-firmware +-ivtv-firmware +-iwl100-firmware +-iwl1000-firmware +-iwl3945-firmware +-iwl4965-firmware +-iwl5000-firmware +-iwl5150-firmware +-iwl6000-firmware +-iwl6000g2a-firmware +-iwl6050-firmware +-libertas-usb8388-firmware +-ql2100-firmware +-ql2200-firmware +-ql23xx-firmware +-ql2400-firmware +-ql2500-firmware +-rt61pci-firmware +-rt73usb-firmware +-xorg-x11-drv-ati-firmware +-zd1211-firmware + +%end + +%post +exec < /dev/tty3 > /dev/tty3 +chvt 3 +echo +echo "################################" +echo "# Running Post Configuration #" +echo "################################" +( +echo "cloud ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers +sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers +/usr/bin/yum -y --enablerepo extras install epel-release +) 2>&1 | /usr/bin/tee /var/log/post_install.log +chvt 1 + +%end diff --git a/tools/vagrant/systemvm/Gemfile b/tools/appliance/builtin/scripts/base.sh similarity index 65% rename from tools/vagrant/systemvm/Gemfile rename to tools/appliance/builtin/scripts/base.sh index cd0fea4b1b66..30e6438de9e3 100644 --- a/tools/vagrant/systemvm/Gemfile +++ b/tools/appliance/builtin/scripts/base.sh @@ -15,6 +15,17 @@ # specific language governing permissions and limitations # under the License. -source 'https://rubygems.org' +set -eux -gem 'vagrant-wrapper' +sed -i 's/^GSS/\#GSS/g' /etc/ssh/sshd_config +echo "PermitRootLogin yes" >> /etc/ssh/sshd_config +echo "UseDNS no" >> /etc/ssh/sshd_config + +yum -y update + +yum install -y tmux vim htop wget telnet tcpdump sed awk ssh httpd net-tools open-vm-tools +systemctl enable httpd + +iptables -I INPUT -p tcp -m tcp --dport 22 -j ACCEPT +iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT +iptables-save > /etc/sysconfig/iptables diff --git a/tools/appliance/Gemfile b/tools/appliance/builtin/scripts/cleanup.sh similarity index 74% rename from tools/appliance/Gemfile rename to tools/appliance/builtin/scripts/cleanup.sh index 8930c3b06dad..811b30dbe8a1 100644 --- a/tools/appliance/Gemfile +++ b/tools/appliance/builtin/scripts/cleanup.sh @@ -15,11 +15,17 @@ # specific language governing permissions and limitations # under the License. -source 'https://rubygems.org' +set -ux -gem 'veewee', '~> 0.4.5.1' -gem 'em-winrm' -gem 'sys-proctable' -gem 'net-scp' -gem 'net-ssh' -gem 'progressbar', '0.21.0' +rm -f /etc/udev/rules.d/70-persistent* + +yum -y clean all + +fstrim -av +dd if=/dev/zero of=/EMPTY bs=1M +rm -f /EMPTY +# Block until the empty file has been removed, otherwise, Packer +# will try to kill the box while the disk is still full and that's bad +sync +sync +sync diff --git a/tools/appliance/builtin/template.json b/tools/appliance/builtin/template.json new file mode 100644 index 000000000000..c9881c15e5e5 --- /dev/null +++ b/tools/appliance/builtin/template.json @@ -0,0 +1,53 @@ +{ + "description": "CentOS 7 x86_64 Built-in template for CloudStack", + "provisioners": [ + { + "type": "shell", + "scripts": [ + "scripts/base.sh", + "scripts/cleanup.sh" + ] + } + ], + "builders": [ + { + "type": "qemu", + "accelerator": "kvm", + "headless": true, + "qemuargs": [ + [ "-m", "512M" ], + [ "-smp", "cpus=1,maxcpus=1,cores=1" ] + ], + "disk_size": 10240, + "format": "qcow2", + "disk_interface": "virtio", + "net_device": "virtio-net", + + "iso_url": "http://mirror.nbrc.ac.in/centos/7/isos/x86_64/CentOS-7-x86_64-Minimal-1708.iso", + "iso_checksum": "5848f2fd31c7acf3811ad88eaca6f4aa", + "iso_checksum_type": "md5", + + "vm_name": "builtin", + "output_directory": "../dist", + + "http_directory": "http", + "http_port_min": 10082, + "http_port_max": 10089, + + "ssh_host_port_min": 2222, + "ssh_host_port_max": 2229, + + "ssh_username": "root", + "ssh_password": "password", + "ssh_port": 22, + "ssh_wait_timeout": "30m", + + "boot_wait": "10s", + "boot_command": [ + " text ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}//kickstart.cfg" + ], + + "shutdown_command": "shutdown -P now" + } + ] +} diff --git a/tools/appliance/convert/Convert.class b/tools/appliance/convert/Convert.class deleted file mode 100644 index 3f243418fff20c041ed3ad6d5fc9a874cd6900cb..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 984 zcma)5U2hUW6g>kA1KYJ9)>bK0T0h!_eyrk~7=38OkYJmXYSQ#+!Liu}X3g$U>Cf_| z7)ksA{wU*}T}nyQ6!&57&bfE)xp&UoKYxGy22jB(6BcqNR*>f?aIBgz@YqBWMGdZT zteeQ_%@aK3c*gOZA^paao_foWv`e2Ej6MI0V3=!oQtbD-EfE~KtqvhZ*YzaBvVGDx zbI)C;u_|*@(PN)Lmb~Ou`I1^=w=sn-jNp+TOz3f=nh4Vjo4n^4O zD2^8vUZTRlM^!P*UpIEpIumWhuy{pQKN$DNkdII)l=JDZ-n@{??N4}Z?Y-H`(N$9- zmiRXI7>7Wl`_1G zgKiSVT2!Z2LG;BbEiz=sf-_X_zJVd&|d;fKQCJ6Xtzq1kxi8cU_a=G zq^30;fjMNcfctbrhlVsCDY74aBGDKkc|3%1TuxR7NDYwwxV3!=zCXr|5&qiP$r(dr v;^ - - - - vmx-07 - - - - - scsiController0 - SCSI Controller - scsiController0 - - lsilogic - 6 - - - - - - - - - - diff --git a/tools/appliance/definitions/builtin/base.sh b/tools/appliance/definitions/builtin/base.sh deleted file mode 100644 index 38138695daa5..000000000000 --- a/tools/appliance/definitions/builtin/base.sh +++ /dev/null @@ -1,14 +0,0 @@ -# Base install - -sed -i "s/^.*requiretty/#Defaults requiretty/" /etc/sudoers - -cat > /etc/yum.repos.d/epel.repo << EOM -[epel] -name=epel -baseurl=http://download.fedoraproject.org/pub/epel/6/\$basearch -enabled=1 -gpgcheck=0 -EOM - -# Make ssh faster by not waiting on DNS -echo "UseDNS no" >> /etc/ssh/sshd_config diff --git a/tools/appliance/definitions/builtin/cleanup.sh b/tools/appliance/definitions/builtin/cleanup.sh deleted file mode 100644 index 825a0091d2c7..000000000000 --- a/tools/appliance/definitions/builtin/cleanup.sh +++ /dev/null @@ -1,21 +0,0 @@ -# Clean up unneeded packages. -yum -y erase gtk2 libX11 hicolor-icon-theme avahi freetype bitstream-vera-fonts -yum -y clean all - -#rm -rf /etc/yum.repos.d/{puppetlabs,epel}.repo -rm -rf VBoxGuestAdditions_*.iso -rm -rf xs-tools*.iso - -# Ensure that udev doesn't screw us with network device naming. -ln -sf /dev/null /lib/udev/rules.d/75-persistent-net-generator.rules -rm -f /etc/udev/rules.d/70-persistent-net.rules - -# On startup, remove HWADDR from the eth0 interface. -cp -f /etc/sysconfig/network-scripts/ifcfg-eth0 /tmp/eth0 -sed "/^HWADDR/d" /tmp/eth0 > /etc/sysconfig/network-scripts/ifcfg-eth0 -sed -e "s/dhcp/none/;s/eth0/eth1/" /etc/sysconfig/network-scripts/ifcfg-eth0 > /etc/sysconfig/network-scripts/ifcfg-eth1 - -# Prevent way too much CPU usage in VirtualBox by disabling APIC. -sed -e 's/\tkernel.*/& noapic/' /boot/grub/grub.conf > /tmp/new_grub.conf -mv /boot/grub/grub.conf /boot/grub/grub.conf.bak -mv /tmp/new_grub.conf /boot/grub/grub.conf diff --git a/tools/appliance/definitions/builtin/definition.rb b/tools/appliance/definitions/builtin/definition.rb deleted file mode 100644 index a994728c8e60..000000000000 --- a/tools/appliance/definitions/builtin/definition.rb +++ /dev/null @@ -1,33 +0,0 @@ -Veewee::Definition.declare({ - :cpu_count => '1', - :memory_size=> '2048', - :disk_size => '8000', :disk_format => 'VDI', :hostiocache => 'off', - :os_type_id => 'RedHat6_64', - :iso_file => "CentOS-6.4-x86_64-minimal.iso", - :iso_src => "http://centos.mirror.net.in/centos/6.4/isos/x86_64/CentOS-6.4-x86_64-minimal.iso", - :iso_md5 => "4a5fa01c81cc300f4729136e28ebe600", - :iso_download_timeout => "1000", - :boot_wait => "10", - :boot_cmd_sequence => [ - ' text ks=http://%IP%:%PORT%/ks.cfg' - ], - :kickstart_port => "7122", - :kickstart_timeout => "10000", - :kickstart_file => "ks.cfg", - :ssh_login_timeout => "10000", - :ssh_user => "root", - :ssh_password => "password", - :ssh_key => "", - :ssh_host_port => "7222", - :ssh_guest_port => "22", - :sudo_cmd => "echo '%p'|sudo -S sh '%f'", - :shutdown_cmd => "halt -p", - :postinstall_files => [ - "base.sh", - "postinstall.sh", - "install-xs-tools.sh", - "cleanup.sh", - "zerodisk.sh" - ], - :postinstall_timeout => "10000" -}) diff --git a/tools/appliance/definitions/builtin/install-xs-tools.sh b/tools/appliance/definitions/builtin/install-xs-tools.sh deleted file mode 100644 index 94f96c385689..000000000000 --- a/tools/appliance/definitions/builtin/install-xs-tools.sh +++ /dev/null @@ -1,10 +0,0 @@ -# get the latest xs tools available from xen.org -wget --no-check-certificate http://downloads.xen.org/XCP/debian/xs-tools-5.9.960.iso -O xs-tools.iso - -sudo mount -o loop xs-tools.iso /mnt - -#install the xs tools -sudo yes | sudo sh /mnt/Linux/install.sh - -#unmount and cleanup -sudo umount /mnt diff --git a/tools/appliance/definitions/builtin/ks.cfg b/tools/appliance/definitions/builtin/ks.cfg deleted file mode 100644 index 3034b0571898..000000000000 --- a/tools/appliance/definitions/builtin/ks.cfg +++ /dev/null @@ -1,35 +0,0 @@ -install -cdrom -lang en_US.UTF-8 -keyboard us -network --bootproto=dhcp -rootpw password -firewall --enabled --service=ssh -authconfig --enableshadow --passalgo=sha512 -selinux --disabled -timezone UTC -bootloader --location=mbr - -text -skipx -zerombr - -clearpart --all --initlabel -autopart - -auth --useshadow --enablemd5 -firstboot --disabled -reboot - -%packages --nobase -@core -%end - -%post -/usr/bin/yum -y install sudo -/usr/sbin/groupadd veewee -/usr/sbin/useradd veewee -g veewee -G wheel -echo "veewee"|passwd --stdin veewee -echo "veewee ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers.d/veewee -chmod 0440 /etc/sudoers.d/veewee -%end diff --git a/tools/appliance/definitions/builtin/postinstall.sh b/tools/appliance/definitions/builtin/postinstall.sh deleted file mode 100644 index ef595126c352..000000000000 --- a/tools/appliance/definitions/builtin/postinstall.sh +++ /dev/null @@ -1,54 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -set -x - -install_packages() { - - # dev tools, ssh, nfs - yum -y install wget telnet tcpdump sed awk ssh htop - - # utlities - yum -y install httpd -} - -start_services() { - service httpd start -} - -httpd_configure() { - # start httpd on boot - chkconfig httpd on - # open port 80 - iptables -I INPUT -p tcp --dport 80 -j ACCEPT - # create a test page - echo "

Hello, World

" > /var/www/html/test.html - # give 755 permissions and ownership - chmod -R 755 /var/www/html/ - chown -R apache:apache /var/www/html/ -} - -begin=$(date +%s) - -install_packages -httpd_configure -start_services - -fin=$(date +%s) -t=$((fin-begin)) - -echo "Testing Builtin baked in $t seconds" diff --git a/tools/appliance/definitions/builtin/zerodisk.sh b/tools/appliance/definitions/builtin/zerodisk.sh deleted file mode 100644 index 938075a31e69..000000000000 --- a/tools/appliance/definitions/builtin/zerodisk.sh +++ /dev/null @@ -1,3 +0,0 @@ -# Zero out the free space to save space in the final image: -dd if=/dev/zero of=/EMPTY bs=1M -rm -f /EMPTY diff --git a/tools/appliance/definitions/debianbase/cleanup.sh b/tools/appliance/definitions/debianbase/cleanup.sh deleted file mode 100644 index cd32d5b42aa3..000000000000 --- a/tools/appliance/definitions/debianbase/cleanup.sh +++ /dev/null @@ -1,49 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -set -e -set -x - -function cleanup_apt() { - #apt-get -y remove linux-headers-$(uname -r) build-essential - apt-get -y remove dictionaries-common busybox - apt-get -y autoremove - apt-get autoclean - apt-get clean -} - -# Removing leftover leases and persistent rules -function cleanup_dhcp() { - rm -f /var/lib/dhcp/* -} - -# Make sure Udev doesn't block our network -function cleanup_dev() { - echo "cleaning up udev rules" - rm -f /etc/udev/rules.d/70-persistent-net.rules - rm -rf /dev/.udev/ - rm -f /lib/udev/rules.d/75-persistent-net-generator.rules -} - -function cleanup() { - cleanup_apt - cleanup_dhcp - cleanup_dev -} - -return 2>/dev/null || cleanup diff --git a/tools/appliance/definitions/debianbase/configure_login.sh b/tools/appliance/definitions/debianbase/configure_login.sh deleted file mode 100644 index 36fccabc5fa4..000000000000 --- a/tools/appliance/definitions/debianbase/configure_login.sh +++ /dev/null @@ -1,78 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -set -e -set -x - -function add_admin_group() { - groupadd -f -r admin -} - -function configure_cloud_user() { - usermod -a -G admin cloud - mkdir -p /home/cloud/.ssh - chmod 700 /home/cloud/.ssh - echo "cloud:`openssl rand -base64 32`" | chpasswd -} - -function configure_sudoers() { - cat >/etc/sudoers < /etc/sudoers.d/cloud -} - -# sshd_config is overwritten from cloud_scripts -#function configure_sshd() { -# grep "UseDNS no" /etc/ssh/sshd_config && \ -# grep "PasswordAuthentication no" /etc/ssh/sshd_config && \ -# return -# # Tweak sshd to prevent DNS resolution (speed up logins) -# echo 'UseDNS no' >> /etc/ssh/sshd_config -# -# # Require ssh keys for login -# sed -i -e 's/^.*PasswordAuthentication .*$/PasswordAuthentication no/g' /etc/ssh/sshd_config -#} - -function configure_inittab() { - grep "vc:2345:respawn:/sbin/getty" /etc/inittab && return - - # Fix inittab - cat >> /etc/inittab << EOF - -vc:2345:respawn:/sbin/getty 38400 hvc0 -EOF -} - -function configure_login() { - add_admin_group - configure_cloud_user - configure_sudoers - # configure_sshd - configure_inittab -} - -return 2>/dev/null || configure_login diff --git a/tools/appliance/definitions/debianbase/definition.rb b/tools/appliance/definitions/debianbase/definition.rb deleted file mode 100644 index 9e41e65946d9..000000000000 --- a/tools/appliance/definitions/debianbase/definition.rb +++ /dev/null @@ -1,80 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -arch = ENV['VM_ARCH'] || 'i386' - -architectures = { - :i386 => { - :os_type_id => 'Debian', - :iso_file => 'debian-7.6.0-i386-netinst.iso', - :iso_src => 'http://cdimage.debian.org/debian-cd/7.6.0/i386/iso-cd/debian-7.6.0-i386-netinst.iso', - :iso_md5 => '528e1a7315da1bbf50bd4d187880a519', - }, - :amd64 => { - :os_type_id => 'Debian_64', - :iso_file => 'debian-7.6.0-amd64-netinst.iso', - :iso_src => 'http://cdimage.debian.org/debian-cd/7.6.0/amd64/iso-cd/debian-7.6.0-amd64-netinst.iso', - :iso_md5 => '8a3c2ad7fd7a9c4c7e9bcb5cae38c135' - } -} - -config = { - :cpu_count => '1', - :memory_size => '256', - :disk_size => '2500', :disk_format => 'VDI', :hostiocache => 'off', - :iso_download_timeout => '1200', - :boot_wait => '10', - :boot_cmd_sequence => [ - '', - 'install ', - 'preseed/url=http://%IP%:%PORT%/preseed.cfg ', - 'debian-installer=en_US ', - 'auto ', - 'locale=en_US ', - 'kbd-chooser/method=us ', - 'netcfg/get_hostname=systemvm ', - 'netcfg/get_domain=apache.org ', - 'fb=false ', - 'debconf/frontend=noninteractive ', - 'console-setup/ask_detect=false ', - 'console-keymaps-at/keymap=us ', - 'keyboard-configuration/xkb-keymap=us ', - '' - ], - :kickstart_port => '7122', - :kickstart_timeout => '1200', - :kickstart_file => 'preseed.cfg', - :ssh_login_timeout => '1200', - :ssh_user => 'root', - :ssh_password => 'password', - :ssh_key => '', - :ssh_host_port => '7222', - :ssh_guest_port => '22', - :sudo_cmd => "echo '%p'|sudo -S sh '%f'", - :shutdown_cmd => 'halt -p', - :postinstall_files => [ - # basic minimal vm creation - 'configure_login.sh', - 'cleanup.sh', - 'zerodisk.sh' - ], - :postinstall_timeout => '1200' -} - -config.merge! architectures[arch.to_sym] - -Veewee::Definition.declare(config) diff --git a/tools/appliance/definitions/debianbase/preseed.cfg b/tools/appliance/definitions/debianbase/preseed.cfg deleted file mode 100644 index e6e5adbdd32f..000000000000 --- a/tools/appliance/definitions/debianbase/preseed.cfg +++ /dev/null @@ -1,129 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -### Localization -# Locale sets language and country. -d-i debian-installer/locale string en_US - -# Keyboard selection. -d-i console-keymaps-at/keymap select us - -### Network configuration -d-i netcfg/choose_interface select auto -d-i netcfg/get_hostname string debianbase -d-i netcfg/get_domain string cloudstack.org - -### Mirror settings -d-i mirror/country string manual -d-i mirror/http/hostname string http.us.debian.org -d-i mirror/http/directory string /debian -d-i mirror/http/proxy string - -### Clock and time zone setup -d-i clock-setup/utc boolean true -d-i time/zone string UTC -d-i clock-setup/ntp boolean true - -### Partitioning -d-i partman-auto/disk string /dev/sda -d-i partman-auto/method string regular -d-i partman-auto/choose_recipe select atomic -d-i partman-auto/expert_recipe string \ - boot-root :: \ - 30 50 100 ext4 \ - $primary{ } $bootable{ } \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /boot } \ - . \ - 300 40 400 ext4 \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ / } \ - . \ - 50 100 200 ext4 \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /home } \ - . \ - 650 20 1100 ext4 \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /usr } \ - . \ - 400 40 500 ext4 \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /opt } \ - . \ - 450 60 1000 ext4 \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /var } \ - . \ - 50 70 400 ext4 \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /tmp } \ - . \ - 70 512 300% linux-swap \ - method{ swap } format{ } \ - . -d-i partman/confirm_write_new_label boolean true -d-i partman/choose_partition select finish -d-i partman/confirm boolean true -d-i partman/confirm_nooverwrite boolean true - -### Base system installation -# ... - -### Account setup -d-i passwd/root-login boolean true -d-i passwd/root-password password password -d-i passwd/root-password-again password password -d-i passwd/user-fullname string Cloud Stack -d-i passwd/username string cloud -d-i passwd/user-password password cloud -d-i passwd/user-password-again password cloud -d-i user-setup/encrypt-home boolean false -d-i user-setup/allow-password-weak boolean true -d-i passwd/user-default-groups string audio cdrom video admin - -### Apt setup -# ... - -### Package selection -tasksel tasksel/first multiselect ssh-server -d-i pkgsel/include string openssh-server ntp acpid sudo bzip2 -# Allowed values: none, safe-upgrade, full-upgrade -d-i pkgsel/upgrade select none - -popularity-contest popularity-contest/participate boolean false - -### Boot loader installation -d-i grub-installer/only_debian boolean true -d-i finish-install/reboot_in_progress note - -### Preseeding other packages -libssl1.0.0 libssl1.0.0/restart-services string -libssl1.0.0 libssl1.0.0/restart-failed error - -#### Advanced options -# Prevent packaged version of VirtualBox Guest Additions being installed: -d-i preseed/early_command string sed -i \ - '/in-target/idiscover(){/sbin/discover|grep -v VirtualBox;}' \ - /usr/lib/pre-pkgsel.d/20install-hwpackages diff --git a/tools/appliance/definitions/debianbase/zerodisk.sh b/tools/appliance/definitions/debianbase/zerodisk.sh deleted file mode 100644 index 581e868edc9a..000000000000 --- a/tools/appliance/definitions/debianbase/zerodisk.sh +++ /dev/null @@ -1,43 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -set -e -set -x - -# clean up stuff copied in by veewee -function cleanup_veewee() { - # this has to be here since it is the last file to run (and we remove ourselves) - rm -fv /root/*.iso - rm -fv /root/{apt_upgrade,authorized_keys,build_time,cleanup,install_systemvm_packages,zerodisk}.sh - rm -fv /root/configure_{acpid,conntrack,grub,locale,login,networking,systemvm_services}.sh - rm -fv .veewee_version .veewee_params .vbox_version -} - -# Zero out the free space to save space in the final image: -function zero_disk() { - cleanup_veewee - - for path in / /boot /usr /var /opt /tmp /home - do - dd if=/dev/zero of=${path}/zero bs=1M || true - sync - rm -f ${path}/zero - done -} - -return 2>/dev/null || zero_disk diff --git a/tools/appliance/definitions/devcloud/base.sh b/tools/appliance/definitions/devcloud/base.sh deleted file mode 100644 index 7fec0fc342da..000000000000 --- a/tools/appliance/definitions/devcloud/base.sh +++ /dev/null @@ -1,12 +0,0 @@ -# Update the box -apt-get -y update -#below are needed for ruby perhaps -#apt-get -y install linux-headers-$(uname -r) build-essential -#apt-get -y install zlib1g-dev libssl-dev libreadline-gplv2-dev -apt-get -y install curl unzip -apt-get clean - -echo 'cloud ALL=NOPASSWD:/bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount' > /etc/sudoers.d/cloud - -# Tweak sshd to prevent DNS resolution (speed up logins) -echo 'UseDNS no' >> /etc/ssh/sshd_config diff --git a/tools/appliance/definitions/devcloud/cleanup.sh b/tools/appliance/definitions/devcloud/cleanup.sh deleted file mode 100644 index 9e98ab03531f..000000000000 --- a/tools/appliance/definitions/devcloud/cleanup.sh +++ /dev/null @@ -1,21 +0,0 @@ -# Clean up -#apt-get -y remove linux-headers-$(uname -r) build-essential -apt-get -y remove dictionaries-common busybox -apt-get -y autoremove -apt-get autoclean -apt-get clean - -# Removing leftover leases and persistent rules -echo "cleaning up dhcp leases" -rm /var/lib/dhcp/* - -# Make sure Udev doesn't block our network -echo "cleaning up udev rules" -rm /etc/udev/rules.d/70-persistent-net.rules -mkdir /etc/udev/rules.d/70-persistent-net.rules -rm -rf /dev/.udev/ -rm /lib/udev/rules.d/75-persistent-net-generator.rules - -echo "Adding a 2 sec delay to the interface up, to make the dhclient happy" -echo "pre-up sleep 2" >> /etc/network/interfaces - diff --git a/tools/appliance/definitions/devcloud/definition.rb b/tools/appliance/definitions/devcloud/definition.rb deleted file mode 100644 index 29a3f052a12d..000000000000 --- a/tools/appliance/definitions/devcloud/definition.rb +++ /dev/null @@ -1,45 +0,0 @@ -Veewee::Definition.declare({ - :cpu_count => '1', - :memory_size=> '2048', - :disk_size => '32000', :disk_format => 'VDI', :hostiocache => 'off', - :os_type_id => 'Debian', - :iso_file => "debian-7.0.0-i386-netinst.iso", - :iso_src => "http://cdimage.debian.org/mirror/cdimage/archive/7.0.0/i386/iso-cd/debian-7.0.0-i386-netinst.iso", - :iso_md5 => "a6b93666a5393334accb7ac4ee28d949", - :iso_download_timeout => "1000", - :boot_wait => "10", :boot_cmd_sequence => [ - '', - 'install ', - 'preseed/url=http://%IP%:%PORT%/preseed.cfg ', - 'debian-installer=en_US ', - 'auto ', - 'locale=en_US ', - 'kbd-chooser/method=us ', - 'netcfg/get_hostname=systemvm ', - 'netcfg/get_domain=apache.org ', - 'fb=false ', - 'debconf/frontend=noninteractive ', - 'console-setup/ask_detect=false ', - 'console-keymaps-at/keymap=us ', - 'keyboard-configuration/xkb-keymap=us ', - '' - ], - :kickstart_port => "7122", - :kickstart_timeout => "10000", - :kickstart_file => "preseed.cfg", - :ssh_login_timeout => "10000", - :ssh_user => "root", - :ssh_password => "password", - :ssh_key => "", - :ssh_host_port => "7222", - :ssh_guest_port => "22", - :sudo_cmd => "echo '%p'|sudo -S sh '%f'", - :shutdown_cmd => "halt -p", - :postinstall_files => [ - "base.sh", - "postinstall.sh", - "cleanup.sh", - "zerodisk.sh" - ], - :postinstall_timeout => "10000" -}) diff --git a/tools/appliance/definitions/devcloud/postinstall.sh b/tools/appliance/definitions/devcloud/postinstall.sh deleted file mode 100644 index 9ec1240d3690..000000000000 --- a/tools/appliance/definitions/devcloud/postinstall.sh +++ /dev/null @@ -1,60 +0,0 @@ -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -set -x - -install_packages() { - DEBIAN_FRONTEND=noninteractive - DEBIAN_PRIORITY=critical - - # utlities - apt-get --no-install-recommends -q -y --force-yes install python bzip2 sed gawk diffutils grep gzip less tar telnet wget zip unzip sudo - - # dev tools, ssh, nfs - apt-get --no-install-recommends -q -y --force-yes install git vim tcpdump ebtables iptables openssl openssh-server openjdk-6-jdk genisoimage python-pip nfs-kernel-server - - # mysql with root password=password - debconf-set-selections <<< 'mysql-server- mysql-server/root_password password password' - debconf-set-selections <<< 'mysql-server- mysql-server/root_password_again password password' - apt-get --no-install-recommends -q -y --force-yes install mysql-server - - # xen and xcp - apt-get --no-install-recommends -q -y --force-yes install linux-headers-3.2.0-4-686-pae xen-hypervisor-4.1-i386 xcp-xapi xcp-xe xcp-guest-templates xcp-vncterm xen-tools blktap-utils blktap-dkms qemu-keymaps qemu-utils - -} - -fix_locale() { - cat >> /etc/default/locale << EOF -LANG=en_US.UTF-8 -LC_ALL=en_US.UTF-8 -EOF - cat >> /etc/locale.gen << EOF -en_US.UTF-8 UTF-8 -EOF - - locale-gen en_US.UTF-8 -} - -begin=$(date +%s) - -install_packages -fix_locale - -fin=$(date +%s) -t=$((fin-begin)) - -echo "DevCloud baked in $t seconds" diff --git a/tools/appliance/definitions/devcloud/preseed.cfg b/tools/appliance/definitions/devcloud/preseed.cfg deleted file mode 100644 index ac9edd312132..000000000000 --- a/tools/appliance/definitions/devcloud/preseed.cfg +++ /dev/null @@ -1,357 +0,0 @@ -#### Contents of the preconfiguration file (for squeeze) -### Localization -# Locale sets language and country. -d-i debian-installer/locale string en_US - -# Keyboard selection. -#d-i console-tools/archs select at -d-i console-keymaps-at/keymap select us -# Example for a different keyboard architecture -#d-i console-keymaps-usb/keymap select mac-usb-us - -### Network configuration -# netcfg will choose an interface that has link if possible. This makes it -# skip displaying a list if there is more than one interface. -d-i netcfg/choose_interface select auto - -# To pick a particular interface instead: -#d-i netcfg/choose_interface select eth1 - -# If you have a slow dhcp server and the installer times out waiting for -# it, this might be useful. -#d-i netcfg/dhcp_timeout string 60 - -# If you prefer to configure the network manually, uncomment this line and -# the static network configuration below. -#d-i netcfg/disable_dhcp boolean true - -# If you want the preconfiguration file to work on systems both with and -# without a dhcp server, uncomment these lines and the static network -# configuration below. -#d-i netcfg/dhcp_failed note -#d-i netcfg/dhcp_options select Configure network manually - -# Static network configuration. -#d-i netcfg/get_nameservers string 192.168.1.1 -#d-i netcfg/get_ipaddress string 192.168.1.42 -#d-i netcfg/get_netmask string 255.255.255.0 -#d-i netcfg/get_gateway string 192.168.1.1 -#d-i netcfg/confirm_static boolean true - -# Any hostname and domain names assigned from dhcp take precedence over -# values set here. However, setting the values still prevents the questions -# from being shown, even if values come from dhcp. -d-i netcfg/get_hostname string systemvm -d-i netcfg/get_domain string cloudstack.org - -# Disable that annoying WEP key dialog. -d-i netcfg/wireless_wep string -# The wacky dhcp hostname that some ISPs use as a password of sorts. -#d-i netcfg/dhcp_hostname string radish - -# If non-free firmware is needed for the network or other hardware, you can -# configure the installer to always try to load it, without prompting. Or -# change to false to disable asking. -#d-i hw-detect/load_firmware boolean true - -### Network console -# Use the following settings if you wish to make use of the network-console -# component for remote installation over SSH. This only makes sense if you -# intend to perform the remainder of the installation manually. -#d-i anna/choose_modules string network-console -#d-i network-console/password password r00tme -#d-i network-console/password-again password r00tme - -### Mirror settings -# If you select ftp, the mirror/country string does not need to be set. -#d-i mirror/protocol string ftp -d-i mirror/country string manual -d-i mirror/http/hostname string http.us.debian.org -d-i mirror/http/directory string /debian -d-i mirror/http/proxy string - -# Suite to install. -#d-i mirror/suite string testing -# Suite to use for loading installer components (optional). -#d-i mirror/udeb/suite string testing - -### Clock and time zone setup -# Controls whether or not the hardware clock is set to UTC. -d-i clock-setup/utc boolean true - -# You may set this to any valid setting for $TZ; see the contents of -# /usr/share/zoneinfo/ for valid values. -d-i time/zone string UTC - -# Controls whether to use NTP to set the clock during the install -d-i clock-setup/ntp boolean true -# NTP server to use. The default is almost always fine here. -#d-i clock-setup/ntp-server string ntp.example.com - -### Partitioning -# If the system has free space you can choose to only partition that space. -#d-i partman-auto/init_automatically_partition select biggest_free - -# Alternatively, you can specify a disk to partition. The device name must -# be given in traditional non-devfs format. -# Note: A disk must be specified, unless the system has only one disk. -# For example, to use the first SCSI/SATA hard disk: -d-i partman-auto/disk string /dev/sda -# In addition, you'll need to specify the method to use. -# The presently available methods are: "regular", "lvm" and "crypto" -d-i partman-auto/method string regular - -# If one of the disks that are going to be automatically partitioned -# contains an old LVM configuration, the user will normally receive a -# warning. This can be preseeded away... -#d-i partman-lvm/device_remove_lvm boolean true -# The same applies to pre-existing software RAID array: -#d-i partman-md/device_remove_md boolean true - -# And the same goes for the confirmation to write the lvm partitions. -#d-i partman-lvm/confirm boolean true -#d-i partman-lvm/confirm_nooverwrite boolean true - -#d-i partman/choose_partition select finish -#d-i partman-auto-lvm/guided_size string max - -# You can choose one of the three predefined partitioning recipes: -# - atomic: all files in one partition -# - home: separate /home partition -# - multi: separate /home, /usr, /var, and /tmp partitions -d-i partman-auto/choose_recipe select atomic -#d-i partman/default_filesystem string ext3 - -# Or provide a recipe of your own... -# The recipe format is documented in the file devel/partman-auto-recipe.txt. -# If you have a way to get a recipe file into the d-i environment, you can -# just point at it. -#d-i partman-auto/expert_recipe_file string /hd-media/recipe - -d-i partman-auto/expert_recipe string \ - boot-root :: \ - 40 50 100 ext4 \ - $primary{ } $bootable{ } \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /boot } \ - . \ - 400 40 500 ext4 \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ / } \ - . \ - 60 100 200 ext4 \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /home } \ - . \ - 500 30 1000 ext4 \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /usr } \ - . \ - 400 40 500 ext4 \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /opt } \ - . \ - 500 60 1000 ext4 \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /var } \ - . \ - 100 70 400 ext4 \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /tmp } \ - . \ - 64 512 300% linux-swap \ - method{ swap } format{ } \ - . - -# If not, you can put an entire recipe into the preconfiguration file in one -# (logical) line. This example creates a small /boot partition, suitable -# swap, and uses the rest of the space for the root partition: -#d-i partman-auto/expert_recipe string \ -# boot-root :: \ -# 40 50 100 ext3 \ -# $primary{ } $bootable{ } \ -# method{ format } format{ } \ -# use_filesystem{ } filesystem{ ext3 } \ -# mountpoint{ /boot } \ -# . \ -# 500 10000 1000000000 ext3 \ -# method{ format } format{ } \ -# use_filesystem{ } filesystem{ ext3 } \ -# mountpoint{ / } \ -# . \ -# 64 512 300% linux-swap \ -# method{ swap } format{ } \ -# . - -#The preseed line that "selects finish" needs to be in a certain order in your preseed, the example-preseed does not follow this. -#http://ubuntuforums.org/archive/index.php/t-1504045.html - -# This makes partman automatically partition without confirmation, provided -# that you told it what to do using one of the methods above. -#d-i partman-partitioning/confirm_write_new_label boolean true -d-i partman/confirm_write_new_label boolean true -d-i partman/choose_partition select finish -d-i partman/confirm boolean true -d-i partman/confirm_nooverwrite boolean true - -### Base system installation -# Select the initramfs generator used to generate the initrd for 2.6 kernels. -#d-i base-installer/kernel/linux/initramfs-generators string yaird - -# The kernel image (meta) package to be installed; "none" can be used if no -# kernel is to be installed. -#d-i base-installer/kernel/image string linux-image-2.6-486 - -### Account setup -# Skip creation of a root account (normal user account will be able to -# use sudo). -d-i passwd/root-login boolean true -# Alternatively, to skip creation of a normal user account. -#d-i passwd/make-user boolean false - -# Root password, either in clear text -d-i passwd/root-password password password -d-i passwd/root-password-again password password -# or encrypted using an MD5 hash. -#d-i passwd/root-password-crypted password [MD5 hash] - -# To create a normal user account. -d-i passwd/user-fullname string Cloud Stack -d-i passwd/username string cloud -# Normal user's password, either in clear text -d-i passwd/user-password password cloud -d-i passwd/user-password-again password cloud -# or encrypted using an MD5 hash. -#d-i passwd/user-password-crypted password [MD5 hash] -# Create the first user with the specified UID instead of the default. -#d-i passwd/user-uid string 1010 -d-i user-setup/encrypt-home boolean false -d-i user-setup/allow-password-weak boolean true - -# The user account will be added to some standard initial groups. To -# override that, use this. -d-i passwd/user-default-groups string audio cdrom video admin - -### Apt setup -# You can choose to install non-free and contrib software. -#d-i apt-setup/non-free boolean true -#d-i apt-setup/contrib boolean true -# Uncomment this if you don't want to use a network mirror. -#d-i apt-setup/use_mirror boolean false -# Select which update services to use; define the mirrors to be used. -# Values shown below are the normal defaults. -#d-i apt-setup/services-select multiselect security, volatile -#d-i apt-setup/security_host string security.debian.org -#d-i apt-setup/volatile_host string volatile.debian.org - - -# By default the installer requires that repositories be authenticated -# using a known gpg key. This setting can be used to disable that -# authentication. Warning: Insecure, not recommended. -#d-i debian-installer/allow_unauthenticated string true - -### Package selection -tasksel tasksel/first multiselect ssh-server -# If the desktop task is selected, install the kde and xfce desktops -# instead of the default gnome desktop. -#tasksel tasksel/desktop multiselect kde, xfce - -# Individual additional packages to install -d-i pkgsel/include string openssh-server ntp acpid sudo bzip2 - -# Whether to upgrade packages after debootstrap. -# Allowed values: none, safe-upgrade, full-upgrade -d-i pkgsel/upgrade select none - -# Some versions of the installer can report back on what software you have -# installed, and what software you use. The default is not to report back, -# but sending reports helps the project determine what software is most -# popular and include it on CDs. -popularity-contest popularity-contest/participate boolean false - -### Boot loader installation -# Grub is the default boot loader (for x86). If you want lilo installed -# instead, uncomment this: -#d-i grub-installer/skip boolean true -# To also skip installing lilo, and install no bootloader, uncomment this -# too: -#d-i lilo-installer/skip boolean true - -# This is fairly safe to set, it makes grub install automatically to the MBR -# if no other operating system is detected on the machine. -d-i grub-installer/only_debian boolean true - -# This one makes grub-installer install to the MBR if it also finds some other -# OS, which is less safe as it might not be able to boot that other OS. -#d-i grub-installer/with_other_os boolean true - -# Alternatively, if you want to install to a location other than the mbr, -# uncomment and edit these lines: -#d-i grub-installer/only_debian boolean false -#d-i grub-installer/with_other_os boolean false -#d-i grub-installer/bootdev string (hd0,0) -# To install grub to multiple disks: -#d-i grub-installer/bootdev string (hd0,0) (hd1,0) (hd2,0) - -# Optional password for grub, either in clear text -#d-i grub-installer/password password r00tme -#d-i grub-installer/password-again password r00tme -# or encrypted using an MD5 hash, see grub-md5-crypt(8). -#d-i grub-installer/password-crypted password [MD5 hash] - -### Finishing up the installation -# During installations from serial console, the regular virtual consoles -# (VT1-VT6) are normally disabled in /etc/inittab. Uncomment the next -# line to prevent this. -#d-i finish-install/keep-consoles boolean true - -# Avoid that last message about the install being complete. -d-i finish-install/reboot_in_progress note - -# This will prevent the installer from ejecting the CD during the reboot, -# which is useful in some situations. -#d-i cdrom-detect/eject boolean false - -# This is how to make the installer shutdown when finished, but not -# reboot into the installed system. -#d-i debian-installer/exit/halt boolean true -# This will power off the machine instead of just halting it. -#d-i debian-installer/exit/poweroff boolean true - -### Preseeding other packages -# Depending on what software you choose to install, or if things go wrong -# during the installation process, it's possible that other questions may -# be asked. You can preseed those too, of course. To get a list of every -# possible question that could be asked during an install, do an -# installation, and then run these commands: -# debconf-get-selections --installer > file -# debconf-get-selections >> file - - -#### Advanced options -### Running custom commands during the installation -# d-i preseeding is inherently not secure. Nothing in the installer checks -# for attempts at buffer overflows or other exploits of the values of a -# preconfiguration file like this one. Only use preconfiguration files from -# trusted locations! To drive that home, and because it's generally useful, -# here's a way to run any shell command you'd like inside the installer, -# automatically. - -# This first command is run as early as possible, just after -# preseeding is read. -# Prevent packaged version of VirtualBox Guest Additions being installed: -d-i preseed/early_command string sed -i \ - '/in-target/idiscover(){/sbin/discover|grep -v VirtualBox;}' \ - /usr/lib/pre-pkgsel.d/20install-hwpackages - -# This command is run just before the install finishes, but when there is -# still a usable /target directory. You can chroot to /target and use it -# directly, or use the apt-install and in-target commands to easily install -# packages and run commands in the target system. diff --git a/tools/appliance/definitions/devcloud/zerodisk.sh b/tools/appliance/definitions/devcloud/zerodisk.sh deleted file mode 100644 index a70d3e6ee895..000000000000 --- a/tools/appliance/definitions/devcloud/zerodisk.sh +++ /dev/null @@ -1,11 +0,0 @@ -# Clean up stuff copied in by veewee -rm -fv /root/*.iso -rm -fv /root/base.sh /root/cleanup.sh /root/postinstall.sh /root/zerodisk.sh -rm -fv .veewee_version .veewee_params .vbox_version - -echo "Cleaning up" - -# Zero out the free space to save space in the final image: -dd if=/dev/zero of=/zero bs=1M -sync -rm -fv /zero diff --git a/tools/appliance/shar_cloud_scripts.sh b/tools/appliance/shar_cloud_scripts.sh index 30ae2cb6f407..7847b855c33d 100755 --- a/tools/appliance/shar_cloud_scripts.sh +++ b/tools/appliance/shar_cloud_scripts.sh @@ -16,7 +16,7 @@ # specific language governing permissions and limitations # under the License. -# since veewee wants .sh files to execute, we'll give it a shar +# since packer wants .sh files to execute, we'll give it a shar set -e set -x diff --git a/tools/appliance/definitions/systemvmtemplate/preseed.cfg b/tools/appliance/systemvmtemplate/http/preseed.cfg similarity index 92% rename from tools/appliance/definitions/systemvmtemplate/preseed.cfg rename to tools/appliance/systemvmtemplate/http/preseed.cfg index 0f6c265f19cc..5a286fc60290 100644 --- a/tools/appliance/definitions/systemvmtemplate/preseed.cfg +++ b/tools/appliance/systemvmtemplate/http/preseed.cfg @@ -52,26 +52,25 @@ d-i time/zone string UTC d-i clock-setup/ntp boolean true ### Partitioning -d-i partman-auto/disk string /dev/sda +d-i partman-auto/disk string /dev/vda d-i partman-auto/method string regular -d-i partman-auto/choose_recipe select atomic d-i partman-auto/expert_recipe string \ boot-root :: \ - 50 50 100 ext2 \ + 80 50 100 ext2 \ $primary{ } $bootable{ } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext2 } \ mountpoint{ /boot } \ . \ - 1300 40 1600 ext4 \ + 1100 40 1600 ext4 \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ / } \ . \ - 350 60 500 ext4 \ + 600 60 800 ext4 \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /var/log } \ + mountpoint{ /var } \ . \ 100 90 200 ext4 \ method{ format } format{ } \ @@ -103,7 +102,7 @@ d-i user-setup/encrypt-home boolean false d-i user-setup/allow-password-weak boolean true d-i passwd/user-default-groups string audio cdrom video admin -#openssh-server openssh-server/permit-root-login boolean true +openssh-server openssh-server/permit-root-login boolean true ### Apt setup # ... diff --git a/tools/appliance/definitions/systemvmtemplate/apt_upgrade.sh b/tools/appliance/systemvmtemplate/scripts/apt_upgrade.sh similarity index 97% rename from tools/appliance/definitions/systemvmtemplate/apt_upgrade.sh rename to tools/appliance/systemvmtemplate/scripts/apt_upgrade.sh index 4d5ff2626d86..7387159696fd 100644 --- a/tools/appliance/definitions/systemvmtemplate/apt_upgrade.sh +++ b/tools/appliance/systemvmtemplate/scripts/apt_upgrade.sh @@ -49,10 +49,11 @@ function apt_upgrade() { add_backports rm -fv /root/*.iso - apt-get -y autoremove - apt-get autoclean apt-get -q -y update apt-get -q -y upgrade + apt-get -y autoremove --purge + apt-get autoclean + apt-get clean } return 2>/dev/null || apt_upgrade diff --git a/tools/appliance/definitions/systemvmtemplate/authorized_keys.sh b/tools/appliance/systemvmtemplate/scripts/authorized_keys.sh similarity index 100% rename from tools/appliance/definitions/systemvmtemplate/authorized_keys.sh rename to tools/appliance/systemvmtemplate/scripts/authorized_keys.sh diff --git a/tools/appliance/definitions/systemvmtemplate/cleanup.sh b/tools/appliance/systemvmtemplate/scripts/cleanup.sh similarity index 100% rename from tools/appliance/definitions/systemvmtemplate/cleanup.sh rename to tools/appliance/systemvmtemplate/scripts/cleanup.sh diff --git a/tools/appliance/definitions/systemvmtemplate/configure_acpid.sh b/tools/appliance/systemvmtemplate/scripts/configure_acpid.sh similarity index 100% rename from tools/appliance/definitions/systemvmtemplate/configure_acpid.sh rename to tools/appliance/systemvmtemplate/scripts/configure_acpid.sh diff --git a/tools/appliance/definitions/systemvmtemplate/configure_conntrack.sh b/tools/appliance/systemvmtemplate/scripts/configure_conntrack.sh similarity index 100% rename from tools/appliance/definitions/systemvmtemplate/configure_conntrack.sh rename to tools/appliance/systemvmtemplate/scripts/configure_conntrack.sh diff --git a/tools/appliance/definitions/systemvmtemplate/configure_grub.sh b/tools/appliance/systemvmtemplate/scripts/configure_grub.sh similarity index 92% rename from tools/appliance/definitions/systemvmtemplate/configure_grub.sh rename to tools/appliance/systemvmtemplate/scripts/configure_grub.sh index 53ffb2dc306b..1391eb993cd3 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_grub.sh +++ b/tools/appliance/systemvmtemplate/scripts/configure_grub.sh @@ -20,6 +20,10 @@ set -e set -x function configure_grub() { + echo "blacklist floppy" > /etc/modprobe.d/blacklist-floppy.conf + rmmod floppy || true + update-initramfs -u + cat > /etc/default/grub < 'Debian_64', :iso_file => 'debian-9.3.0-amd64-netinst.iso', :iso_src => 'https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.3.0-amd64-netinst.iso', - :iso_sha512 => '8775231d6f56a3d8f116eb64fe048f5cbd2ea0f8c092a1cb7608bcb4106f9c85cb69ce68f53bd381019ab40f1c0316843036daf3fd9107c81c58a240334cc747' + :iso_md5 => '8775231d6f56a3d8f116eb64fe048f5cbd2ea0f8c092a1cb7608bcb4106f9c85cb69ce68f53bd381019ab40f1c0316843036daf3fd9107c81c58a240334cc747' } } @@ -77,7 +77,7 @@ # turning it into a systemvm 'install_systemvm_packages.sh', 'configure_conntrack.sh', - '../../cloud_scripts_shar_archive.sh', + #'../../cloud_scripts_shar_archive.sh', 'configure_systemvm_services.sh', 'authorized_keys.sh', 'configure_persistent_config.sh', diff --git a/tools/appliance/definitions/systemvmtemplate/finalize.sh b/tools/appliance/systemvmtemplate/scripts/finalize.sh similarity index 95% rename from tools/appliance/definitions/systemvmtemplate/finalize.sh rename to tools/appliance/systemvmtemplate/scripts/finalize.sh index febae7bacc18..260bddff4e52 100644 --- a/tools/appliance/definitions/systemvmtemplate/finalize.sh +++ b/tools/appliance/systemvmtemplate/scripts/finalize.sh @@ -39,8 +39,8 @@ END echo 'cloud ALL=NOPASSWD:/bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount, /sbin/halt' > /etc/sudoers.d/cloud } -# clean up stuff copied in by veewee -function cleanup_veewee() { +# clean up stuff copied in +function cleanup_final() { # this has to be here since it is the last file to run (and we remove ourselves) cd /home/cloud rm -fv *.iso @@ -64,10 +64,10 @@ function zero_disk() { function finalize() { configure_misc configure_sudoers - cleanup_veewee + cleanup_final sync zero_disk - halt -p + sync } return 2>/dev/null || finalize diff --git a/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh b/tools/appliance/systemvmtemplate/scripts/install_systemvm_packages.sh similarity index 98% rename from tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh rename to tools/appliance/systemvmtemplate/scripts/install_systemvm_packages.sh index 30ad66dd4efb..fc35987c17fc 100644 --- a/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh +++ b/tools/appliance/systemvmtemplate/scripts/install_systemvm_packages.sh @@ -45,16 +45,9 @@ function install_packages() { local apt_get="apt-get --no-install-recommends -q -y" - #32 bit architecture support:: not required for 32 bit template - if [ "${arch}" != "i386" ]; then - dpkg --add-architecture i386 - apt-get update - ${apt_get} install links:i386 libuuid1:i386 libc6:i386 - fi - ${apt_get} install grub-legacy \ rsyslog logrotate cron net-tools ifupdown tmux vim htop netbase iptables \ - openssh-server e2fsprogs tcpdump socat wget \ + openssh-server e2fsprogs tcpdump iftop socat wget \ python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps \ inetutils-ping iputils-arping httping curl \ dnsutils zip unzip ethtool uuid file iproute acpid sudo \ @@ -83,6 +76,13 @@ function install_packages() { apt-get autoclean apt-get clean + #32 bit architecture support:: not required for 32 bit template + if [ "${arch}" != "i386" ]; then + dpkg --add-architecture i386 + apt-get update + ${apt_get} install links:i386 libuuid1:i386 libc6:i386 + fi + # Install xenserver guest utilities as debian repos don't have it wget https://mirrors.kernel.org/ubuntu/pool/universe/x/xe-guest-utilities/xe-guest-utilities_7.4.0-0ubuntu1_amd64.deb dpkg -i xe-guest-utilities_7.4.0-0ubuntu1_amd64.deb diff --git a/tools/appliance/systemvmtemplate/template.json b/tools/appliance/systemvmtemplate/template.json new file mode 100644 index 000000000000..99c718be5a26 --- /dev/null +++ b/tools/appliance/systemvmtemplate/template.json @@ -0,0 +1,82 @@ +{ + "_license": "Apache License 2.0", + "description": "CloudStack SystemVM template", + "provisioners": [ + { + "type": "shell", + "execute_command": "echo 'cloud'|sudo -S bash '{{.Path}}'", + "scripts": [ + "scripts/apt_upgrade.sh", + "scripts/configure_grub.sh", + "scripts/configure_locale.sh", + "scripts/configure_networking.sh", + "scripts/configure_acpid.sh", + "scripts/install_systemvm_packages.sh", + "scripts/configure_conntrack.sh", + "../cloud_scripts_shar_archive.sh", + "scripts/configure_systemvm_services.sh", + "scripts/authorized_keys.sh", + "scripts/configure_persistent_config.sh", + "scripts/configure_login.sh", + "scripts/cleanup.sh", + "scripts/finalize.sh" + ] + } + ], + "builders": [ + { + "type": "qemu", + "accelerator": "kvm", + "headless": true, + "qemuargs": [ + [ "-m", "512M" ], + [ "-smp", "cpus=1,maxcpus=1,cores=1" ] + ], + "disk_size": 2100, + "format": "qcow2", + + "disk_interface": "virtio", + "net_device": "virtio-net", + + "iso_url": "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.3.0-amd64-netinst.iso", + "iso_checksum": "8775231d6f56a3d8f116eb64fe048f5cbd2ea0f8c092a1cb7608bcb4106f9c85cb69ce68f53bd381019ab40f1c0316843036daf3fd9107c81c58a240334cc747", + "iso_checksum_type": "sha512", + + "vm_name": "systemvmtemplate", + "output_directory": "../dist", + + "http_directory": "http", + "http_port_min": 10082, + "http_port_max": 10089, + + "ssh_host_port_min": 2222, + "ssh_host_port_max": 2229, + + "ssh_username": "cloud", + "ssh_password": "cloud", + "ssh_port": 22, + "ssh_wait_timeout": "30m", + + "boot_wait": "10s", + "boot_command": [ + "", + "install ", + " preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg ", + " debian-installer=en_US ", + " auto ", + " locale=en_US ", + " kbd-chooser/method=us ", + " netcfg/get_hostname=systemvm ", + " netcfg/get_domain=apache.org ", + " fb=false ", + " debconf/frontend=noninteractive ", + " console-setup/ask_detect=false ", + " console-keymaps-at/keymap=us ", + " keyboard-configuration/xkb-keymap=us ", + "" + ], + + "shutdown_command": "sudo halt -p" + } + ] +} diff --git a/tools/appliance/test.sh b/tools/appliance/test.sh deleted file mode 100644 index 5cd7316eac30..000000000000 --- a/tools/appliance/test.sh +++ /dev/null @@ -1,180 +0,0 @@ -#!/bin/bash -xl -# note: the -l is needed here for bash to always make a login shell and load rvm if it hasn't been loaded -# -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -# test script for build.sh which tries a variety of options/configs to make different vms - -set -e - -DEBUG="${DEBUG:-}" -TRACE="${TRACE:-0}" - -### -### Configuration -### - -if [[ "${DEBUG}" == "1" ]]; then - set -x -fi - -# which test to run -test_to_run=${1:-} -# build.sh settings for running the tests -appliance=debianbase -version=`date "+%Y%m%d%H%M%S"` -branch=`git status | grep '# On branch' | awk '{print $4}'` -BUILD_NUMBER="${BUILD_NUMBER:-}" -ssh_key= - -# where we are running the tests from -CURR_DIR=${PWD} -# where this script is -SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" -# ensure we are running in isolation -if [ ${CURR_DIR} == ${SCRIPT_DIR} ]; then - mkdir -p ../appliance-work - cd ../appliance-work - CURR_DIR=${PWD} -fi - -### -### testing 'framework' -### - -function test_result() { - log INFO "$@" - add_on_exit log INFO "$@" -} - -function run_test() { - set +e - cleanup - fixture - log INFO running test: "$@" - eval $@ - result=$? - if ${result}; then - test_result "$@" FAIL - else - test_result "$@" OK - fi - cleanup - set -e -} - -function cleanup() { - ( - cd ${CURR_DIR}; - rm -rf iso definitions Gemfile shar_cloud_scripts convert_ovf_vbox_to_esx.xslt .rvmrc; - ) -} - -function fixture() { - ( - cd ${CURR_DIR}; - mkdir -p ${SCRIPT_DIR}/iso; - ln -s ${SCRIPT_DIR}/iso; - mkdir definitions; - ln -s ${SCRIPT_DIR}/definitions/${appliance} definitions/${appliance}; - - ln -s ${SCRIPT_DIR}/Gemfile; - ln -s ${SCRIPT_DIR}/shar_cloud_scripts.sh; - ln -s ${SCRIPT_DIR}/convert_ovf_vbox_to_esx.xslt; - ln -s ${SCRIPT_DIR}/.rvmrc; - ) -} - -### -### Test definitions -### - -function do_test_vm() { - prepare - create_definition - veewee_build - retry 10 check_appliance_shutdown - retry 10 remove_shares - veewee_destroy -} - -function do_test_export() { - prepare - create_definition - veewee_build - retry 10 check_appliance_shutdown - retry 10 remove_shares - - # Get appliance uuids - local vm_info=`vboxmanage showvminfo "${appliance_build_name}"` - local machine_uuid=`echo "${vm_info}" | grep UUID | head -1 | awk '{print $2}'` - local hdd_uuid=`echo "${vm_info}" | grep vdi | head -1 | awk '{print $8}' | cut -d ')' -f 1` - local hdd_path=`vboxmanage list hdds | grep "${appliance_build_name}\/" | grep vdi | \ - cut -c 14- | sed ${sed_regex_option} 's/^ *//'` - - compact_hdd "${hdd_uuid}" - xen_server_export "${hdd_path}" - kvm_export "${hdd_path}" - vmware_export "${machine_uuid}" "${hdd_uuid}" - hyperv_export "${hdd_uuid}" - - veewee_destroy -} - -function test_basic_veewee_invocation() { - appliance=debianbase - appliance_build_name=${appliance}${branch_tag}${version_tag} - do_test_vm -} - -function test_export() { - appliance=debianbase - appliance_build_name=${appliance}${branch_tag}${version_tag} - do_test_export -} - -function test_systemvm() { - appliance=systemvmtemplate - appliance_build_name=${appliance}${branch_tag}${version_tag} - do_test_vm -} - -function test_systemvm64() { - appliance=systemvm64template - appliance_build_name=${appliance}${branch_tag}${version_tag} - do_test_vm -} - -function test_suite() { - if [ "${test_to_run}" == "" ]; then - # list of all tests goes here - run_test test_basic_veewee_invocation - run_test test_systemvm - run_test test_systemvm64 - run_test test_export - else - run_test "${test_to_run}" - fi -} - -### -### Main invocation -### - -source ${SCRIPT_DIR}/build.sh -return 2>/dev/null || test_suite diff --git a/tools/appliance/vbox_disk_clean.rb b/tools/appliance/vbox_disk_clean.rb deleted file mode 100755 index 9bbe801ba103..000000000000 --- a/tools/appliance/vbox_disk_clean.rb +++ /dev/null @@ -1,49 +0,0 @@ -#!/usr/bin/env ruby -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -lines = `VBoxManage list hdds` -disks = lines.split(/\n\s*\n/) -disks.each do |disk| - disk_lines = disk.split(/\n/) - disk_config = {} - disk_lines.each do |line| - pair = line.split(/:\s*/) - disk_config[pair[0]] = pair[1] - # if pair[0] == 'Location' - # location = pair[1] - - # if location.include? '/Snapshots/' - # disk_config['is_snapshot'] = true - # end - # if location.include? '/VirtualBox VMs/' - # disk_config['vm_name'] = location.split('/VirtualBox VMs/')[1].split('/')[0] - # disk_config['disk_name'] = location.split('/')[-1] - # disk_config['is_virtualbox_vm'] = true - # else - # disk_config['is_virtualbox_vm'] = false - # disk_config['disk_name'] = location.split('/')[-1] - # end - # end - end - - if disk_config.include? 'Location' - cmd="VBoxManage closemedium disk '#{disk_config['Location']}' --delete" - puts cmd - `#{cmd}` - end -end diff --git a/tools/appliance/vbox_vm_clean.rb b/tools/appliance/vbox_vm_clean.rb deleted file mode 100755 index ba0a1cc40491..000000000000 --- a/tools/appliance/vbox_vm_clean.rb +++ /dev/null @@ -1,77 +0,0 @@ -#!/usr/bin/env ruby -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -# script that tries hard to forcibly shut down all vms - -# gem install sys-proctable -require 'sys/proctable' - -include Sys - -do_delete = (ARGV.include? 'delete' or ARGV.include? '--delete' or ARGV.include? '-d') -do_kill = (ARGV.include? 'kill' or ARGV.include? '--kill' or ARGV.include? '-k') - -lines = `VBoxManage list vms` -vms = lines.split(/\n/) -if vms.nil? - vms = [] -end -vms.each do |vmline| - vm_info = /\"(.*)\"[^{]*\{(.*)\}/.match(vmline) - next if vm_info.nil? - vm_name = vm_info[1] - vm_uuid = vm_info[2] - - cmd="VBoxManage controlvm #{vm_name} poweroff" - puts cmd - `#{cmd}` - if do_delete - sleep(1) - cmd="VBoxManage unregistervm #{vm_name} --delete" - puts cmd - `#{cmd}` - end - - if do_kill - sleep(1) - # ps x | grep VBoxHeadless | grep systemvm64template-4.4.0 | egrep -o '^\s*[0-9]+' | xargs kill - ProcTable.ps do |p| - next unless p.cmdline.include? "VBoxHeadless" - next unless p.cmdline.include? vm_name - # not all rubies / proctables expose ruid - if defined? p.ruid - # VBoxManage should only list _our_ vms, but just to be safe... - next unless p.ruid == Process.uid - end - - puts "kill -SIGKILL #{p.pid}" - begin - Process.kill("KILL", p.pid) - rescue => exception - puts exception.backtrace - end - sleep(5) - puts "kill -SIGTERM #{p.pid}" - begin - Process.kill("TERM", p.pid) - rescue => exception - puts exception.backtrace - end - end - end -end diff --git a/tools/vagrant/devcloud/Vagrantfile b/tools/vagrant/devcloud/Vagrantfile deleted file mode 100644 index ca99fee293e5..000000000000 --- a/tools/vagrant/devcloud/Vagrantfile +++ /dev/null @@ -1,206 +0,0 @@ -# -*- mode: ruby -*- -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. -# -# vi: set ft=ruby : - -# Vagrantfile API/syntax version. Don't touch unless you know what you're doing! -VAGRANTFILE_API_VERSION = "2" - -$mysql_script = <