etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

systemvmtemplate: move to using Debian10 (#4104) 

This upgrades the systemvmtemplate base to Debian 10 with openjdk-11 and a newer strongswan package.

Fixes #3654

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This commit is contained in:
Rohit Yadav 2020-06-09 08:20:51 +05:30 committed by GitHub
parent f72b61edb8
commit 1e19ea5bdd
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 63 additions and 89 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41400to41500.java
View File

@ -103,12 +103,12 @@ public class Upgrade41400to41500 implements DbUpgrade {
final Map<Hypervisor.HypervisorType, String> NewTemplateNameList = new HashMap<Hypervisor.HypervisorType, String>() {
{
put(Hypervisor.HypervisorType.KVM, "systemvm-kvm-4.14.0");
put(Hypervisor.HypervisorType.VMware, "systemvm-vmware-4.14.0");
put(Hypervisor.HypervisorType.XenServer, "systemvm-xenserver-4.14.0");
put(Hypervisor.HypervisorType.Hyperv, "systemvm-hyperv-4.14.0");
put(Hypervisor.HypervisorType.LXC, "systemvm-lxc-4.14.0");
put(Hypervisor.HypervisorType.Ovm3, "systemvm-ovm3-4.14.0");
put(Hypervisor.HypervisorType.KVM, "systemvm-kvm-4.15.0");
put(Hypervisor.HypervisorType.VMware, "systemvm-vmware-4.15.0");
put(Hypervisor.HypervisorType.XenServer, "systemvm-xenserver-4.15.0");
put(Hypervisor.HypervisorType.Hyperv, "systemvm-hyperv-4.15.0");
put(Hypervisor.HypervisorType.LXC, "systemvm-lxc-4.15.0");
put(Hypervisor.HypervisorType.Ovm3, "systemvm-ovm3-4.15.0");
}
};
@ -125,30 +125,30 @@ public class Upgrade41400to41500 implements DbUpgrade {
final Map<Hypervisor.HypervisorType, String> newTemplateUrl = new HashMap<Hypervisor.HypervisorType, String>() {
{
put(Hypervisor.HypervisorType.KVM, "https://download.cloudstack.org/systemvm/4.14/systemvmtemplate-4.14.0-kvm.qcow2.bz2");
put(Hypervisor.HypervisorType.VMware, "https://download.cloudstack.org/systemvm/4.14/systemvmtemplate-4.14.0-vmware.ova");
put(Hypervisor.HypervisorType.XenServer, "https://download.cloudstack.org/systemvm/4.14/systemvmtemplate-4.14.0-xen.vhd.bz2");
put(Hypervisor.HypervisorType.Hyperv, "https://download.cloudstack.org/systemvm/4.14/systemvmtemplate-4.14.0-hyperv.vhd.zip");
put(Hypervisor.HypervisorType.LXC, "https://download.cloudstack.org/systemvm/4.14/systemvmtemplate-4.14.0-kvm.qcow2.bz2");
put(Hypervisor.HypervisorType.Ovm3, "https://download.cloudstack.org/systemvm/4.14/systemvmtemplate-4.14.0-ovm.raw.bz2");
put(Hypervisor.HypervisorType.KVM, "https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.0-kvm.qcow2.bz2");
put(Hypervisor.HypervisorType.VMware, "https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.0-vmware.ova");
put(Hypervisor.HypervisorType.XenServer, "https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.0-xen.vhd.bz2");
put(Hypervisor.HypervisorType.Hyperv, "https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.0-hyperv.vhd.zip");
put(Hypervisor.HypervisorType.LXC, "https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.0-kvm.qcow2.bz2");
put(Hypervisor.HypervisorType.Ovm3, "https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.0-ovm.raw.bz2");
}
};
final Map<Hypervisor.HypervisorType, String> newTemplateChecksum = new HashMap<Hypervisor.HypervisorType, String>() {
{
put(Hypervisor.HypervisorType.KVM, "d15ed159be32151b07e3211caf9cb802");
put(Hypervisor.HypervisorType.XenServer, "fcaf1abc9aa62e7ed75f62b3092a01a2");
put(Hypervisor.HypervisorType.VMware, "eb39f8b5a556dfc93c6be23ae45f34e1");
put(Hypervisor.HypervisorType.Hyperv, "b4e91c14958e0fca9470695b0be05f99");
put(Hypervisor.HypervisorType.LXC, "d15ed159be32151b07e3211caf9cb802");
put(Hypervisor.HypervisorType.Ovm3, "1f97f4beb30af8cda886f1e977514704");
put(Hypervisor.HypervisorType.KVM, "81b3e48bb934784a13555a43c5ef5ffb");
put(Hypervisor.HypervisorType.XenServer, "1b178a5dbdbe090555515340144c6017");
put(Hypervisor.HypervisorType.VMware, "e6a88e518c57d6f36c096c4204c3417f");
put(Hypervisor.HypervisorType.Hyperv, "5c94da45337cf3e1910dcbe084d4b9ad");
put(Hypervisor.HypervisorType.LXC, "81b3e48bb934784a13555a43c5ef5ffb");
put(Hypervisor.HypervisorType.Ovm3, "875c5c65455fc06c4a012394410db375");
}
};
for (final Map.Entry<Hypervisor.HypervisorType, String> hypervisorAndTemplateName : NewTemplateNameList.entrySet()) {
LOG.debug("Updating " + hypervisorAndTemplateName.getKey() + " System Vms");
try (PreparedStatement pstmt = conn.prepareStatement("select id from `cloud`.`vm_template` where name = ? and removed is null order by id desc limit 1")) {
// Get 4.11 systemvm template id for corresponding hypervisor
// Get systemvm template id for corresponding hypervisor
long templateId = -1;
pstmt.setString(1, hypervisorAndTemplateName.getValue());
try (ResultSet rs = pstmt.executeQuery()) {
@ -198,12 +198,12 @@ public class Upgrade41400to41500 implements DbUpgrade {
// Change value of global configuration parameter
// minreq.sysvmtemplate.version for the ACS version
try (PreparedStatement update_pstmt = conn.prepareStatement("UPDATE `cloud`.`configuration` SET value = ? WHERE name = ?");) {
update_pstmt.setString(1, "4.14.0");
update_pstmt.setString(1, "4.15.0");
update_pstmt.setString(2, "minreq.sysvmtemplate.version");
update_pstmt.executeUpdate();
} catch (final SQLException e) {
LOG.error("updateSystemVmTemplates:Exception while setting 'minreq.sysvmtemplate.version' to 4.14.0: " + e.getMessage());
throw new CloudRuntimeException("updateSystemVmTemplates:Exception while setting 'minreq.sysvmtemplate.version' to 4.14.0", e);
LOG.error("updateSystemVmTemplates:Exception while setting 'minreq.sysvmtemplate.version' to 4.15.0: " + e.getMessage());
throw new CloudRuntimeException("updateSystemVmTemplates:Exception while setting 'minreq.sysvmtemplate.version' to 4.15.0", e);
}
} else {
if (hypervisorsListInUse.contains(hypervisorAndTemplateName.getKey())) {

2
systemvm/debian/etc/apache2/vhost.template
View File

@ -90,7 +90,7 @@
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLProtocol TLSv1.2
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLCipherSuite @SECLEVEL=1:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
SSLHonorCipherOrder on
# A self-signed (snakeoil) certificate can be created by installing

24
tools/appliance/systemvmtemplate/http/preseed.cfg
View File

@ -18,8 +18,10 @@
### Localization
# Locale sets language and country.
d-i debian-installer/locale string en_US.UTF-8
d-i debian-installer/country string IN
# Keyboard selection.
d-i keymap select us
d-i keyboard-configuration/xkb-keymap select us
### Network configuration
@ -32,7 +34,7 @@ d-i hw-detect/load_firmware boolean true
### Mirror settings
d-i mirror/country string manual
d-i mirror/http/hostname string http.debian.net
d-i mirror/http/hostname string deb.debian.org
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string
@ -60,21 +62,11 @@ d-i partman-auto/expert_recipe string \
use_filesystem{ } filesystem{ ext2 } \
mountpoint{ /boot } \
. \
1175 40 1200 ext4 \
2240 40 2500 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ / } \
. \
480 50 700 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /var } \
. \
80 90 100 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /tmp } \
. \
256 1000 256 linux-swap \
method{ swap } format{ } \
.
@ -100,24 +92,18 @@ d-i user-setup/encrypt-home boolean false
d-i user-setup/allow-password-weak boolean true
d-i passwd/user-default-groups string audio cdrom video admin
openssh-server openssh-server/permit-root-login boolean true
### Package selection
tasksel tasksel/first multiselect ssh-server
d-i pkgsel/include string openssh-server ntp acpid sudo bzip2 openssl
# Allowed values: none, safe-upgrade, full-upgrade
d-i pkgsel/upgrade select full-upgrade
d-i pkgsel/update-policy select none
popularity-contest popularity-contest/participate boolean false
### Boot loader installation
d-i grub-installer/only_debian boolean true
d-i grub-installer/with_other_os boolean true
d-i grub-installer/bootdev string default
d-i finish-install/reboot_in_progress note
#### Advanced options
# Prevent packaged version of VirtualBox Guest Additions being installed:
d-i preseed/early_command string sed -i \
'/in-target/idiscover(){/sbin/discover|grep -v VirtualBox;}' \
/usr/lib/pre-pkgsel.d/20install-hwpackages

4
tools/appliance/systemvmtemplate/scripts/apt_upgrade.sh
View File

@ -36,8 +36,8 @@ function add_backports() {
sed -i '/deb-src/d' /etc/apt/sources.list
sed -i '/backports/d' /etc/apt/sources.list
sed -i '/security/d' /etc/apt/sources.list
echo 'deb http://http.debian.net/debian stretch-backports main' >> /etc/apt/sources.list
echo 'deb http://security.debian.org/debian-security stretch/updates main' >> /etc/apt/sources.list
echo 'deb http://http.debian.net/debian buster-backports main' >> /etc/apt/sources.list
echo 'deb http://security.debian.org/debian-security buster/updates main' >> /etc/apt/sources.list
}
function apt_upgrade() {

4
tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh
View File

@ -19,7 +19,7 @@
set -e
set -x
CLOUDSTACK_RELEASE=4.14.0
CLOUDSTACK_RELEASE=4.15.0
function configure_apache2() {
# Enable ssl, rewrite and auth
@ -41,7 +41,7 @@ function configure_issue() {
__?.o/ Apache CloudStack SystemVM $CLOUDSTACK_RELEASE
( )# https://cloudstack.apache.org
(___(_) Debian GNU/Linux 9.12 \n \l
(___(_) Debian GNU/Linux 10 \n \l
EOF
}

17
tools/appliance/systemvmtemplate/scripts/install_systemvm_packages.sh
View File

@ -41,26 +41,26 @@ function install_packages() {
local arch=`dpkg --print-architecture`
debconf_packages
install_vhd_util
local apt_get="apt-get --no-install-recommends -q -y"
${apt_get} install grub-legacy \
rsyslog logrotate cron net-tools ifupdown tmux vim-tiny htop netbase iptables \
openssh-server e2fsprogs tcpdump iftop socat wget \
python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps \
rsyslog logrotate cron net-tools ifupdown tmux vim-tiny htop netbase iptables nftables \
openssh-server e2fsprogs tcpdump iftop socat wget coreutils systemd \
python python3 bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps \
inetutils-ping iputils-arping httping curl \
dnsutils zip unzip ethtool uuid file iproute acpid sudo \
dnsutils zip unzip ethtool uuid file iproute2 acpid sudo \
sysstat python-netaddr \
apache2 ssl-cert \
dnsmasq dnsmasq-utils \
nfs-common \
samba-common cifs-utils \
xl2tpd bcrelay ppp ipsec-tools tdb-tools \
xl2tpd bcrelay ppp tdb-tools \
xenstore-utils libxenstore3.0 \
ipvsadm conntrackd libnetfilter-conntrack3 \
keepalived irqbalance \
ipcalc \
openjdk-11-jre-headless \
ipset \
iptables-persistent \
libtcnative-1 libssl-dev libapr1-dev \
@ -69,11 +69,9 @@ function install_packages() {
haveged \
radvd \
sharutils genisoimage aria2 \
strongswan libcharon-extra-plugins libstrongswan-extra-plugins \
strongswan libcharon-extra-plugins libstrongswan-extra-plugins strongswan-charon strongswan-starter \
virt-what open-vm-tools qemu-guest-agent hyperv-daemons
apt-get -q -y -t stretch-backports install nftables openjdk-11-jre-headless
apt-get -y autoremove --purge
apt-get clean
apt-get autoclean
@ -87,6 +85,7 @@ function install_packages() {
${apt_get} install libuuid1:i386 libc6:i386
fi
install_vhd_util
# Install xenserver guest utilities as debian repos don't have it
wget https://mirrors.kernel.org/ubuntu/pool/main/x/xe-guest-utilities/xe-guest-utilities_7.10.0-0ubuntu1_amd64.deb
dpkg -i xe-guest-utilities_7.10.0-0ubuntu1_amd64.deb

57
tools/appliance/systemvmtemplate/template.json
View File

@ -4,7 +4,7 @@
"provisioners": [
{
"type": "shell",
"execute_command": "echo 'cloud'|sudo -S bash '{{.Path}}'",
"execute_command": "echo 'cloud' | sudo -u root -S bash {{.Path}}",
"scripts": [
"scripts/apt_upgrade.sh",
"scripts/configure_grub.sh",
@ -13,11 +13,11 @@
"scripts/configure_acpid.sh",
"scripts/install_systemvm_packages.sh",
"scripts/configure_conntrack.sh",
"../cloud_scripts_shar_archive.sh",
"scripts/configure_systemvm_services.sh",
"scripts/authorized_keys.sh",
"scripts/configure_persistent_config.sh",
"scripts/configure_login.sh",
"../cloud_scripts_shar_archive.sh",
"scripts/configure_systemvm_services.sh",
"scripts/cleanup.sh",
"scripts/finalize.sh"
]
@ -29,50 +29,39 @@
"accelerator": "kvm",
"headless": true,
"qemuargs": [
[ "-m", "512M" ],
[ "-smp", "cpus=1,maxcpus=1,cores=1" ]
[ "-m", "500M" ],
[ "-smp", "1" ]
],
"disk_size": 2000,
"format": "qcow2",
"disk_size": 2500,
"disk_interface": "virtio",
"net_device": "virtio-net",
"iso_url": "https://cdimage.debian.org/cdimage/archive/9.12.0/amd64/iso-cd/debian-9.12.0-amd64-netinst.iso",
"iso_checksum": "af81de39678db1f814be4ce1b7b64b891f6f59926d6f835842c4b52b462ac7e78c45b5efd8273c196d64ba0b2dd1a0aabfb97c6e4f10702ee11a72e07aec9d67",
"iso_url": "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-10.4.0-amd64-netinst.iso",
"iso_checksum": "ec69e4bfceca56222e6e81766bf235596171afe19d47c20120783c1644f72dc605d341714751341051518b0b322d6c84e9de997815e0c74f525c66f9d9eb4295",
"iso_checksum_type": "sha512",
"vm_name": "systemvmtemplate",
"output_directory": "../dist",
"http_directory": "http",
"http_port_min": 10082,
"http_port_max": 10089,
"ssh_host_port_min": 2222,
"ssh_host_port_max": 2229,
"vm_name": "systemvmtemplate",
"ssh_username": "cloud",
"ssh_password": "cloud",
"ssh_port": 22,
"ssh_wait_timeout": "30m",
"boot_wait": "10s",
"boot_wait": "5s",
"boot_command": [
"<esc><wait>",
"install <wait>",
" preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg <wait>",
" debian-installer=en_US <wait>",
" auto <wait>",
" locale=en_US <wait>",
" kbd-chooser/method=us <wait>",
" netcfg/get_hostname=systemvm <wait>",
" netcfg/get_domain=apache.org <wait>",
" fb=false <wait>",
" debconf/frontend=noninteractive <wait>",
" console-setup/ask_detect=false <wait>",
" console-keymaps-at/keymap=us <wait>",
" keyboard-configuration/xkb-keymap=us <wait>",
"preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg <wait>",
"debian-installer=en_US.UTF-8 <wait>",
"auto <wait>",
"language=en locale=en_US.UTF-8 <wait>",
"kbd-chooser/method=us <wait>",
"keyboard-configuration/xkb-keymap=us <wait>",
"netcfg/get_hostname=systemvm <wait>",
"netcfg/get_domain=apache.org <wait>",
"country=IN keymap=us <wait>",
"fb=false <wait>",
"debconf/frontend=noninteractive <wait>",
"console-setup/ask_detect=false <wait>",
"console-keymaps-at/keymap=us <wait>",
"<enter><wait>"
],