From 95aef332cc851f91bafb9af7bf5f0f682bb566ce Mon Sep 17 00:00:00 2001 From: anthony Date: Wed, 23 Jan 2013 11:08:24 -0800 Subject: [PATCH 01/42] CLOUDSTACK-737, allow to add security group enabled networks in security group enabled zone --- .../ConfigurationManagerImpl.java | 10 +++--- .../consoleproxy/ConsoleProxyManagerImpl.java | 31 +++++++++++------- .../SecondaryStorageManagerImpl.java | 32 ++++++++++++------- 3 files changed, 44 insertions(+), 29 deletions(-) diff --git a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java index df6642af9ca..f976fd204dc 100755 --- a/server/src/com/cloud/configuration/ConfigurationManagerImpl.java +++ b/server/src/com/cloud/configuration/ConfigurationManagerImpl.java @@ -1526,13 +1526,11 @@ public class ConfigurationManagerImpl implements ConfigurationManager, Configura // check if zone has necessary trafficTypes before enabling try { PhysicalNetwork mgmtPhyNetwork; - if (NetworkType.Advanced == zone.getNetworkType()) { - // zone should have a physical network with public and management traffiType + // zone should have a physical network with management traffiType + mgmtPhyNetwork = _networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Management); + if (NetworkType.Advanced == zone.getNetworkType() && ! zone.isSecurityGroupEnabled() ) { + // advanced zone without SG should have a physical network with public Thpe _networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Public); - mgmtPhyNetwork = _networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Management); - } else { - // zone should have a physical network with management traffiType - mgmtPhyNetwork = _networkModel.getDefaultPhysicalNetworkByZoneAndTrafficType(zoneId, TrafficType.Management); } try { diff --git a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java index 6b2d8ad8e42..2d104978223 100755 --- a/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java +++ b/server/src/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java @@ -756,19 +756,28 @@ public class ConsoleProxyManagerImpl implements ConsoleProxyManager, ConsoleProx DataCenterDeployment plan = new DataCenterDeployment(dataCenterId); - TrafficType defaultTrafficType = TrafficType.Public; - if (dc.getNetworkType() == NetworkType.Basic || dc.isSecurityGroupEnabled()) { - defaultTrafficType = TrafficType.Guest; + NetworkVO defaultNetwork = null; + if (dc.getNetworkType() == NetworkType.Advanced && dc.isSecurityGroupEnabled()) { + List networks = _networkDao.listByZoneSecurityGroup(dataCenterId); + if (networks == null || networks.size() == 0) { + throw new CloudRuntimeException("Can not found security enabled network in SG Zone " + dc); + } + defaultNetwork = networks.get(0); + } else { + TrafficType defaultTrafficType = TrafficType.Public; + if (dc.getNetworkType() == NetworkType.Basic || dc.isSecurityGroupEnabled()) { + defaultTrafficType = TrafficType.Guest; + } + List defaultNetworks = _networkDao.listByZoneAndTrafficType(dataCenterId, defaultTrafficType); + + // api should never allow this situation to happen + if (defaultNetworks.size() != 1) { + throw new CloudRuntimeException("Found " + defaultNetworks.size() + " networks of type " + + defaultTrafficType + " when expect to find 1"); + } + defaultNetwork = defaultNetworks.get(0); } - List defaultNetworks = _networkDao.listByZoneAndTrafficType(dataCenterId, defaultTrafficType); - - if (defaultNetworks.size() != 1) { - throw new CloudRuntimeException("Found " + defaultNetworks.size() + " networks of type " + defaultTrafficType + " when expect to find 1"); - } - - NetworkVO defaultNetwork = defaultNetworks.get(0); - List offerings = _networkModel.getSystemAccountNetworkOfferings(NetworkOffering.SystemControlNetwork, NetworkOffering.SystemManagementNetwork); List> networks = new ArrayList>(offerings.size() + 1); NicProfile defaultNic = new NicProfile(); diff --git a/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java b/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java index e4208811f23..b53ecd3293d 100755 --- a/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java +++ b/server/src/com/cloud/storage/secondary/SecondaryStorageManagerImpl.java @@ -537,19 +537,27 @@ public class SecondaryStorageManagerImpl implements SecondaryStorageVmManager, V DataCenterDeployment plan = new DataCenterDeployment(dataCenterId); DataCenter dc = _dcDao.findById(plan.getDataCenterId()); - TrafficType defaultTrafficType = TrafficType.Public; - if (dc.getNetworkType() == NetworkType.Basic || dc.isSecurityGroupEnabled()) { - defaultTrafficType = TrafficType.Guest; + NetworkVO defaultNetwork = null; + if (dc.getNetworkType() == NetworkType.Advanced && dc.isSecurityGroupEnabled()) { + List networks = _networkDao.listByZoneSecurityGroup(dataCenterId); + if (networks == null || networks.size() == 0) { + throw new CloudRuntimeException("Can not found security enabled network in SG Zone " + dc); + } + defaultNetwork = networks.get(0); + } else { + TrafficType defaultTrafficType = TrafficType.Public; + + if (dc.getNetworkType() == NetworkType.Basic || dc.isSecurityGroupEnabled()) { + defaultTrafficType = TrafficType.Guest; + } + List defaultNetworks = _networkDao.listByZoneAndTrafficType(dataCenterId, defaultTrafficType); + // api should never allow this situation to happen + if (defaultNetworks.size() != 1) { + throw new CloudRuntimeException("Found " + defaultNetworks.size() + " networks of type " + + defaultTrafficType + " when expect to find 1"); + } + defaultNetwork = defaultNetworks.get(0); } - - List defaultNetworks = _networkDao.listByZoneAndTrafficType(dataCenterId, defaultTrafficType); - - //api should never allow this situation to happen - if (defaultNetworks.size() != 1) { - throw new CloudRuntimeException("Found " + defaultNetworks.size() + " networks of type " + defaultTrafficType + " when expect to find 1"); - } - - NetworkVO defaultNetwork = defaultNetworks.get(0); List offerings = _networkModel.getSystemAccountNetworkOfferings(NetworkOfferingVO.SystemControlNetwork, NetworkOfferingVO.SystemManagementNetwork, NetworkOfferingVO.SystemStorageNetwork); List> networks = new ArrayList>(offerings.size() + 1); From d7201dfe1f49fb75054e1f0b6922ed21446ad130 Mon Sep 17 00:00:00 2001 From: anthony Date: Thu, 24 Jan 2013 17:26:51 -0800 Subject: [PATCH 02/42] CLOUDSTACK-737 add xenserver support in UI only XenServer and KVM clusters are allowed in security enabled zone. only shared security enabled networks are allowed in security enabled zone. --- .../src/com/cloud/network/NetworkManagerImpl.java | 15 +++++++++------ .../com/cloud/resource/ResourceManagerImpl.java | 6 ++++++ ui/scripts/zoneWizard.js | 1 - 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index bb60dcfcdc8..b3273919002 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -1870,13 +1870,16 @@ public class NetworkManagerImpl implements NetworkManager, Manager, Listener { } else if (zone.getNetworkType() == NetworkType.Advanced) { if (zone.isSecurityGroupEnabled()) { - // Only Account specific Isolated network with sourceNat service disabled are allowed in security group + // Only shared network with sourceNat service disabled are allowed in security group // enabled zone - boolean allowCreation = (ntwkOff.getGuestType() == GuestType.Isolated - && !_networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SourceNat)); - if (!allowCreation) { - throw new InvalidParameterValueException("Only Account specific Isolated network with sourceNat " + - "service disabled are allowed in security group enabled zone"); + if ( ntwkOff.getGuestType() != GuestType.Shared ){ + throw new InvalidParameterValueException("Only shared guest network can be created in security group enabled zone"); + } + if ( _networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SourceNat)) { + throw new InvalidParameterValueException("Service SourceNat is not allowed in security group enabled zone"); + } + if ( _networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SecurityGroup)) { + throw new InvalidParameterValueException("network must have SecurityGroup provider in security group enabled zone"); } } diff --git a/server/src/com/cloud/resource/ResourceManagerImpl.java b/server/src/com/cloud/resource/ResourceManagerImpl.java index f82424a10c2..5817d4d827e 100755 --- a/server/src/com/cloud/resource/ResourceManagerImpl.java +++ b/server/src/com/cloud/resource/ResourceManagerImpl.java @@ -388,6 +388,12 @@ public class ResourceManagerImpl implements ResourceManager, ResourceService, Ma throw new InvalidParameterValueException("Unable to resolve " + cmd.getHypervisor() + " to a supported "); } + if (zone.isSecurityGroupEnabled()) { + if( hypervisorType != HypervisorType.KVM && hypervisorType != HypervisorType.XenServer ) { + throw new InvalidParameterValueException("Don't support hypervisor type " + hypervisorType + " in advanced security enabled zone"); + } + } + Cluster.ClusterType clusterType = null; if (cmd.getClusterType() != null && !cmd.getClusterType().isEmpty()) { clusterType = Cluster.ClusterType.valueOf(cmd.getClusterType()); diff --git a/ui/scripts/zoneWizard.js b/ui/scripts/zoneWizard.js index 26838a173c3..141cd6dd24a 100755 --- a/ui/scripts/zoneWizard.js +++ b/ui/scripts/zoneWizard.js @@ -373,7 +373,6 @@ var nonSupportedHypervisors = {}; if(args.context.zones[0]['network-model'] == "Advanced" && args.context.zones[0]['zone-advanced-sg-enabled'] == "on") { firstOption = "KVM"; - nonSupportedHypervisors["XenServer"] = 1; //to developers: comment this line if you need to test Advanced SG-enabled zone with XenServer hypervisor nonSupportedHypervisors["VMware"] = 1; nonSupportedHypervisors["BareMetal"] = 1; nonSupportedHypervisors["Ovm"] = 1; From 65210f4e7ee62b237ccdd8d853553e7c990f19c8 Mon Sep 17 00:00:00 2001 From: Anthony Xu Date: Thu, 31 Jan 2013 15:45:52 -0800 Subject: [PATCH 03/42] CLOUDSTACK-737 support multiple NICs in Security group in java side --- .../com/cloud/network/NetworkManagerImpl.java | 2 +- .../src/com/cloud/vm/UserVmManagerImpl.java | 82 +++++-------------- 2 files changed, 22 insertions(+), 62 deletions(-) diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java index b3273919002..da0a560938b 100755 --- a/server/src/com/cloud/network/NetworkManagerImpl.java +++ b/server/src/com/cloud/network/NetworkManagerImpl.java @@ -1878,7 +1878,7 @@ public class NetworkManagerImpl implements NetworkManager, Manager, Listener { if ( _networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SourceNat)) { throw new InvalidParameterValueException("Service SourceNat is not allowed in security group enabled zone"); } - if ( _networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SecurityGroup)) { + if ( ! _networkModel.areServicesSupportedByNetworkOffering(ntwkOff.getId(), Service.SecurityGroup)) { throw new InvalidParameterValueException("network must have SecurityGroup provider in security group enabled zone"); } } diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java index 58910562beb..8ceee383028 100644 --- a/server/src/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/com/cloud/vm/UserVmManagerImpl.java @@ -2048,80 +2048,41 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager Account caller = UserContext.current().getCaller(); List networkList = new ArrayList(); - boolean isSecurityGroupEnabledNetworkUsed = false; boolean isVmWare = (template.getHypervisorType() == HypervisorType.VMware || (hypervisor != null && hypervisor == HypervisorType.VMware)); + if (isVmWare) { + throw new InvalidParameterValueException("Security group feature is not supported for vmWare hypervisor"); + } //Verify that caller can perform actions in behalf of vm owner _accountMgr.checkAccess(caller, null, true, owner); - - // If no network is specified, find system security group enabled network if (networkIdList == null || networkIdList.isEmpty()) { - Network networkWithSecurityGroup = _networkModel.getNetworkWithSecurityGroupEnabled(zone.getId()); - if (networkWithSecurityGroup == null) { - throw new InvalidParameterValueException("No network with security enabled is found in zone id=" + zone.getId()); - } - - networkList.add(_networkDao.findById(networkWithSecurityGroup.getId())); - isSecurityGroupEnabledNetworkUsed = true; - - } else if (securityGroupIdList != null && !securityGroupIdList.isEmpty()) { - if (isVmWare) { - throw new InvalidParameterValueException("Security group feature is not supported for vmWare hypervisor"); - } - // Only one network can be specified, and it should be security group enabled - if (networkIdList.size() > 1) { - throw new InvalidParameterValueException("Only support one network per VM if security group enabled"); - } - - NetworkVO network = _networkDao.findById(networkIdList.get(0).longValue()); - + throw new InvalidParameterValueException("need to specify networkIDs"); + } + // Verify that all the networks are Shared/Guest; can't create combination of SG enabled and disabled networks + for (Long networkId : networkIdList) { + NetworkVO network = _networkDao.findById(networkId); if (network == null) { throw new InvalidParameterValueException("Unable to find network by id " + networkIdList.get(0).longValue()); } - if (!_networkModel.isSecurityGroupSupportedInNetwork(network)) { - throw new InvalidParameterValueException("Network is not security group enabled: " + network.getId()); - } + boolean isSecurityGroupEnabled = _networkModel.isSecurityGroupSupportedInNetwork(network); + if ( ! isSecurityGroupEnabled) { + throw new InvalidParameterValueException("Only support Security Group enabled networks in Security enabled zone, network " + network.getUuid() + " doesn't support security group "); + } - networkList.add(network); - isSecurityGroupEnabledNetworkUsed = true; - - } else { - // Verify that all the networks are Shared/Guest; can't create combination of SG enabled and disabled networks - for (Long networkId : networkIdList) { - NetworkVO network = _networkDao.findById(networkId); - - if (network == null) { - throw new InvalidParameterValueException("Unable to find network by id " + networkIdList.get(0).longValue()); - } - - boolean isSecurityGroupEnabled = _networkModel.isSecurityGroupSupportedInNetwork(network); - if (isSecurityGroupEnabled) { - if (networkIdList.size() > 1) { - throw new InvalidParameterValueException("Can't create a vm with multiple networks one of" + - " which is Security Group enabled"); - } - - isSecurityGroupEnabledNetworkUsed = true; - } - - if (!(network.getTrafficType() == TrafficType.Guest && network.getGuestType() == Network.GuestType.Shared)) { - throw new InvalidParameterValueException("Can specify only Shared Guest networks when" + + if (!(network.getTrafficType() == TrafficType.Guest && network.getGuestType() == Network.GuestType.Shared)) { + throw new InvalidParameterValueException("Can specify only Shared Guest networks when" + " deploy vm in Advance Security Group enabled zone"); - } - - // Perform account permission check - if (network.getAclType() == ACLType.Account) { - _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network); - } - networkList.add(network); } - } + // Perform account permission check + if (network.getAclType() == ACLType.Account) { + _accountMgr.checkAccess(caller, AccessType.UseNetwork, false, network); + } + networkList.add(network); + } // if network is security group enabled, and no security group is specified, then add the default security group automatically - if (isSecurityGroupEnabledNetworkUsed && !isVmWare && _networkModel.canAddDefaultSecurityGroup()) { - - //add the default securityGroup only if no security group is specified + if ( _networkModel.canAddDefaultSecurityGroup()) { if(securityGroupIdList == null || securityGroupIdList.isEmpty()){ if (securityGroupIdList == null) { securityGroupIdList = new ArrayList(); @@ -2140,7 +2101,6 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager } } } - return createVirtualMachine(zone, serviceOffering, template, hostName, displayName, owner, diskOfferingId, diskSize, networkList, securityGroupIdList, group, userData, sshKeyPair, hypervisor, caller, requestedIps, defaultIp, keyboard); } From 8a86d08fe307719e50d28d61d8e9025e56ab27da Mon Sep 17 00:00:00 2001 From: Anthony Xu Date: Mon, 4 Feb 2013 17:09:06 -0800 Subject: [PATCH 04/42] CLOUDSTACK-737 Security Group script assume there is only one nic per VM, it is a big task to support multiple NICs, may seperate that as another project --- server/src/com/cloud/vm/UserVmManagerImpl.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/server/src/com/cloud/vm/UserVmManagerImpl.java b/server/src/com/cloud/vm/UserVmManagerImpl.java index 8ceee383028..7a139f418a8 100644 --- a/server/src/com/cloud/vm/UserVmManagerImpl.java +++ b/server/src/com/cloud/vm/UserVmManagerImpl.java @@ -2058,6 +2058,9 @@ public class UserVmManagerImpl implements UserVmManager, UserVmService, Manager if (networkIdList == null || networkIdList.isEmpty()) { throw new InvalidParameterValueException("need to specify networkIDs"); } + if (networkIdList.size() > 1 ) { + throw new InvalidParameterValueException("VM can only be on one network in Zone with Security group enabled zone"); + } // Verify that all the networks are Shared/Guest; can't create combination of SG enabled and disabled networks for (Long networkId : networkIdList) { NetworkVO network = _networkDao.findById(networkId); From 5ce1f3b12801a947062bac7f8d68a3c037c5fef5 Mon Sep 17 00:00:00 2001 From: Wido den Hollander Date: Thu, 7 Feb 2013 17:04:30 +0100 Subject: [PATCH 05/42] CLOUDSTACK-1193 / docs: Fix typo in libvirt tcp_listen port The correct port is 16509, but this is clearly a typo. This fixes: CLOUDSTACK-1193 --- docs/en-US/hypervisor-host-install-libvirt.xml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/en-US/hypervisor-host-install-libvirt.xml b/docs/en-US/hypervisor-host-install-libvirt.xml index 4649d8522db..d7dc47f8dbd 100644 --- a/docs/en-US/hypervisor-host-install-libvirt.xml +++ b/docs/en-US/hypervisor-host-install-libvirt.xml @@ -31,7 +31,7 @@ Set the following paramaters: listen_tls = 0 listen_tcp = 1 - tcp_port = "16059" + tcp_port = "16509" auth_tcp = "none" mdns_adv = 0 From a02c66594f3209409737a7c364ce65884a0f1f83 Mon Sep 17 00:00:00 2001 From: Jessica Wang Date: Thu, 7 Feb 2013 13:17:45 -0800 Subject: [PATCH 06/42] CLOUDSTACK-537: cloudstack UI - Infrastructure menu - create network dialog - Advanced sg-enabled zone - (1) account-specific network doesn't work at backend. Therefore, remove "account" option from scope dropdown. (2) zone-wide network: list only sg network offerings. --- ui/scripts/system.js | 46 ++++++++++++++++++-------------------------- 1 file changed, 19 insertions(+), 27 deletions(-) diff --git a/ui/scripts/system.js b/ui/scripts/system.js index 2ce7672a60f..cb09a851742 100644 --- a/ui/scripts/system.js +++ b/ui/scripts/system.js @@ -1144,8 +1144,7 @@ docID: 'helpGuestNetworkZoneScope', select: function(args) { var array1 = []; - if(args.context.zones[0].networktype == "Advanced" && args.context.zones[0].securitygroupsenabled == true) { - array1.push({id: 'account-specific', description: 'Account'}); + if(args.context.zones[0].networktype == "Advanced" && args.context.zones[0].securitygroupsenabled == true) { array1.push({id: 'zone-wide', description: 'All'}); } else { @@ -1312,38 +1311,31 @@ } var networkOfferingArray = []; + $.ajax({ url: createURL(apiCmd + array1.join("")), dataType: "json", async: false, - success: function(json) { + success: function(json) { networkOfferingObjs = json.listnetworkofferingsresponse.networkoffering; if (networkOfferingObjs != null && networkOfferingObjs.length > 0) { - for (var i = 0; i < networkOfferingObjs.length; i++) { - - if(args.scope=="account-specific" && args.context.zones[0].securitygroupsenabled == true) { //BUG - CLOUDSTACK-1063 - var serviceObjArray = networkOfferingObjs[i].name; - if(serviceObjArray == "DefaultSharedNetworkOfferingWithSGService"){ - continue; - } - } - - //comment out the following 12 lines because of CS-16718 - /* - if(args.scope == "account-specific" || args.scope == "project-specific") { //if args.scope == "account-specific" or "project-specific", exclude Isolated network offerings with SourceNat service (bug 12869) - var includingSourceNat = false; - var serviceObjArray = networkOfferingObjs[i].service; - for(var k = 0; k < serviceObjArray.length; k++) { - if(serviceObjArray[k].name == "SourceNat") { - includingSourceNat = true; - break; - } - } - if(includingSourceNat == true) - continue; //skip to next network offering + for (var i = 0; i < networkOfferingObjs.length; i++) { + //for zone-wide network in Advanced SG-enabled zone, list only SG network offerings + if(args.context.zones[0].networktype == 'Advanced' && args.context.zones[0].securitygroupsenabled == true) { + if(args.scope == "zone-wide") { + var includingSecurityGroup = false; + var serviceObjArray = networkOfferingObjs[i].service; + for(var k = 0; k < serviceObjArray.length; k++) { + if(serviceObjArray[k].name == "SecurityGroup") { + includingSecurityGroup = true; + break; + } + } + if(includingSecurityGroup == false) + continue; //skip to next network offering + } } - */ - + networkOfferingArray.push({id: networkOfferingObjs[i].id, description: networkOfferingObjs[i].displaytext}); } } From cc24bebcb6c6f3bddcdb7bd26d7f6a7556c16c07 Mon Sep 17 00:00:00 2001 From: Jessica Wang Date: Thu, 7 Feb 2013 13:19:55 -0800 Subject: [PATCH 07/42] CLOUDSTACK-537: cloudstack UI - Advanced sg-enabled zone - VM Wizard - step 5 - select network screen - populate only sg networks (i.e. not show non-sg networks). --- ui/scripts/instanceWizard.js | 24 +++++++++++++++--------- 1 file changed, 15 insertions(+), 9 deletions(-) diff --git a/ui/scripts/instanceWizard.js b/ui/scripts/instanceWizard.js index e5e2fb7bcbb..d9260b0b2de 100644 --- a/ui/scripts/instanceWizard.js +++ b/ui/scripts/instanceWizard.js @@ -360,14 +360,11 @@ canusefordeploy: true }; - // step5ContainerType of Advanced SG-enabled zone is 'select-security-group', so won't come into this block - /* if(selectedZoneObj.networktype == 'Advanced' && selectedZoneObj.securitygroupsenabled == true) { $.extend(networkData, { type: 'Shared' }); - } - */ + } if (!(cloudStack.context.projects && cloudStack.context.projects[0])) { networkData.domainid = g_domainid; @@ -386,22 +383,31 @@ } }); + var networkObjsToPopulate = []; $.ajax({ url: createURL('listNetworks'), data: networkData, async: false, success: function(json) { - networkObjs = json.listnetworksresponse.network ? json.listnetworksresponse.network : []; - + networkObjs = json.listnetworksresponse.network ? json.listnetworksresponse.network : []; if(networkObjs.length > 0) { for(var i = 0; i < networkObjs.length; i++) { var networkObj = networkObjs[i]; + var includingSecurityGroup = false; var serviceObjArray = networkObj.service; for(var k = 0; k < serviceObjArray.length; k++) { if(serviceObjArray[k].name == "SecurityGroup") { - networkObjs[i].type = networkObjs[i].type + ' (sg)'; + networkObjs[i].type = networkObjs[i].type + ' (sg)'; + includingSecurityGroup = true; + break; } - } + } + //for Advanced SG-enabled zone, list only SG network offerings + if(selectedZoneObj.networktype == 'Advanced' && selectedZoneObj.securitygroupsenabled == true) { + if(includingSecurityGroup == false) + continue; //skip to next network offering + } + networkObjsToPopulate.push(networkObj); } } } @@ -439,7 +445,7 @@ args.response.success({ type: 'select-network', data: { - networkObjs: networkObjs, + networkObjs: networkObjsToPopulate, securityGroups: [], networkOfferings: networkOfferingObjs, vpcs: vpcObjs From 2f44ed08201e1df9e7a4003058304b1444a522ec Mon Sep 17 00:00:00 2001 From: Hugo Trippaers Date: Thu, 7 Feb 2013 22:43:50 +0100 Subject: [PATCH 08/42] Include the compiled python module, so it will be removed as well when the package is removed --- packaging/centos63/cloud.spec | 1 + 1 file changed, 1 insertion(+) diff --git a/packaging/centos63/cloud.spec b/packaging/centos63/cloud.spec index b2eb3527347..cc62acfaf74 100644 --- a/packaging/centos63/cloud.spec +++ b/packaging/centos63/cloud.spec @@ -382,6 +382,7 @@ fi %attr(0644, root, root) %{_datadir}/%{name}-common/vms/systemvm.iso %attr(0644, root, root) %{_datadir}/%{name}-common/vms/systemvm.zip %attr(0644,root,root) %{_libdir}/python2.6/site-packages/cloud_utils.py +%attr(0644,root,root) %{_libdir}/python2.6/site-packages/cloud_utils.pyc %attr(0644,root,root) %{_libdir}/python2.6/site-packages/cloudutils/* %doc LICENSE %doc NOTICE From f6c4b221395b08a809c3e05baca2b39ca162c778 Mon Sep 17 00:00:00 2001 From: Wido den Hollander Date: Thu, 7 Feb 2013 19:41:15 +0100 Subject: [PATCH 09/42] agent: Remove the main() method from LibvirtComputingResource Seems like very ancient code which is not needed. --- .../resource/LibvirtComputingResource.java | 22 ------------------- 1 file changed, 22 deletions(-) diff --git a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java index f320a66b487..4acd0832750 100755 --- a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java +++ b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java @@ -1064,28 +1064,6 @@ ServerResource { return true; } - public static void main(String[] args) { - s_logger.addAppender(new org.apache.log4j.ConsoleAppender( - new org.apache.log4j.PatternLayout(), "System.out")); - LibvirtComputingResource test = new LibvirtComputingResource(); - Map params = new HashMap(); - try { - test.configure("test", params); - } catch (ConfigurationException e) { - System.out.println(e.getMessage()); - e.printStackTrace(); - } - String result = null; - // String result = test.startDomainRouter("domr1", - // "/var/lib/images/centos.5-4.x86-64/centos-small.img", 128, "0064", - // "02:00:30:00:01:01", "00:16:3e:77:e2:a1", "02:00:30:00:64:01"); - boolean created = (result == null); - s_logger.info("Domain " + (created ? " " : " not ") + " created"); - - s_logger.info("Rule " + (created ? " " : " not ") + " created"); - test.stop(); - } - @Override public Answer executeRequest(Command cmd) { From 5dfcd309f10e5bd6a918f7fdff3f44a3dff2374a Mon Sep 17 00:00:00 2001 From: Wido den Hollander Date: Thu, 7 Feb 2013 22:58:20 +0100 Subject: [PATCH 10/42] agent: Do not define domains persistent in libvirt We used to define domains persistent in libvirt, which caused XML definitions to stay there after a reboot of the hypervisor. We however don't do anything with those already defined domains, actually, we wipe all defined domains when starting the agent. Some users however reported that libvirt started these domains after a reboot before the CloudStack agent was started. By starting domains from the XML description and not defining them we prevent them from ever being stored in libvirt. --- .../resource/LibvirtComputingResource.java | 100 +++--------------- 1 file changed, 13 insertions(+), 87 deletions(-) diff --git a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java index 4acd0832750..49d2f0b03a3 100755 --- a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java +++ b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java @@ -368,10 +368,6 @@ ServerResource { NATIVE, OPENVSWITCH } - protected enum defineOps { - UNDEFINE_VM, DEFINE_VM - } - protected BridgeType _bridgeType; private String getEndIpFromStartIp(String startIp, int numIps) { @@ -981,75 +977,22 @@ ServerResource { protected String startDomain(Connect conn, String vmName, String domainXML) throws LibvirtException, InternalErrorException { - /* No duplicated vm, we will success, or failed */ - boolean failed = false; Domain dm = null; try { - dm = conn.domainDefineXML(domainXML); + /* + We create a transient domain here. When this method gets + called we receive a full XML specification of the guest, + so no need to define it persistent. + + This also makes sure we never have any old "garbage" defined + in libvirt which might haunt us. + */ + dm = conn.domainCreateXML(domainXML, 0); } catch (final LibvirtException e) { - /* Duplicated defined vm */ - s_logger.warn("Failed to define domain " + vmName + ": " + s_logger.warn("Failed to start domain " + vmName + ": " + e.getMessage()); - failed = true; - } finally { - try { - if (dm != null) { - dm.free(); - } - } catch (final LibvirtException e) { - - } } - /* If failed, undefine the vm */ - Domain dmOld = null; - Domain dmNew = null; - try { - if (failed) { - dmOld = conn.domainLookupByUUID(UUID.nameUUIDFromBytes(vmName - .getBytes())); - dmOld.undefine(); - dmNew = conn.domainDefineXML(domainXML); - } - } catch (final LibvirtException e) { - s_logger.warn("Failed to define domain (second time) " + vmName - + ": " + e.getMessage()); - throw e; - } catch (Exception e) { - s_logger.warn("Failed to define domain (second time) " + vmName - + ": " + e.getMessage()); - throw new InternalErrorException(e.toString()); - } finally { - try { - if (dmOld != null) { - dmOld.free(); - } - if (dmNew != null) { - dmNew.free(); - } - } catch (final LibvirtException e) { - - } - } - - /* Start the VM */ - try { - dm = conn.domainLookupByUUID(UUID.nameUUIDFromBytes(vmName - .getBytes())); - dm.create(); - } catch (LibvirtException e) { - s_logger.warn("Failed to start domain: " + vmName + ": " - + e.getMessage()); - throw e; - } finally { - try { - if (dm != null) { - dm.free(); - } - } catch (final LibvirtException e) { - - } - } return null; } @@ -2845,7 +2788,7 @@ ServerResource { List ifaces = getInterfaces(conn, vmName); destroy_network_rules_for_vm(conn, vmName); - String result = stopVM(conn, vmName, defineOps.UNDEFINE_VM); + String result = stopVM(conn, vmName); if (result == null) { for (DiskDef disk : disks) { if (disk.getDeviceType() == DiskDef.deviceType.CDROM @@ -3888,7 +3831,7 @@ ServerResource { .getBytes())); String vmDef = dm.getXMLDesc(0); s_logger.debug(vmDef); - msg = stopVM(conn, vmName, defineOps.UNDEFINE_VM); + msg = stopVM(conn, vmName); msg = startDomain(conn, vmName, vmDef); return null; } catch (LibvirtException e) { @@ -3910,7 +3853,7 @@ ServerResource { return msg; } - protected String stopVM(Connect conn, String vmName, defineOps df) { + protected String stopVM(Connect conn, String vmName) { DomainInfo.DomainState state = null; Domain dm = null; @@ -3960,23 +3903,6 @@ ServerResource { } } - if (df == defineOps.UNDEFINE_VM) { - try { - dm = conn.domainLookupByUUID(UUID.nameUUIDFromBytes(vmName - .getBytes())); - dm.undefine(); - } catch (LibvirtException e) { - - } finally { - try { - if (dm != null) { - dm.free(); - } - } catch (LibvirtException l) { - - } - } - } return null; } From a5f0be186f8d18f97d9114292cd56b4b2e5880d0 Mon Sep 17 00:00:00 2001 From: Wido den Hollander Date: Thu, 7 Feb 2013 23:02:03 +0100 Subject: [PATCH 11/42] agent: Rename startDomain to startVM The other methods are called stopVM and rebootVM, so it makes sence to use startVM. --- .../hypervisor/kvm/resource/LibvirtComputingResource.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java index 49d2f0b03a3..552afb1e665 100755 --- a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java +++ b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java @@ -975,7 +975,7 @@ ServerResource { } } - protected String startDomain(Connect conn, String vmName, String domainXML) + protected String startVM(Connect conn, String vmName, String domainXML) throws LibvirtException, InternalErrorException { Domain dm = null; try { @@ -3006,7 +3006,7 @@ ServerResource { createVifs(vmSpec, vm); s_logger.debug("starting " + vmName + ": " + vm.toString()); - startDomain(conn, vmName, vm.toString()); + startVM(conn, vmName, vm.toString()); NicTO[] nics = vmSpec.getNics(); for (NicTO nic : nics) { @@ -3832,7 +3832,7 @@ ServerResource { String vmDef = dm.getXMLDesc(0); s_logger.debug(vmDef); msg = stopVM(conn, vmName); - msg = startDomain(conn, vmName, vmDef); + msg = startVM(conn, vmName, vmDef); return null; } catch (LibvirtException e) { s_logger.warn("Failed to create vm", e); From 3dea9a7be578cd5116e02d66a39e2e61f8aedd9a Mon Sep 17 00:00:00 2001 From: Chiradeep Vittal Date: Thu, 7 Feb 2013 14:44:31 -0800 Subject: [PATCH 12/42] Summary: Remove superfluous chroot and change to use standard jre Detail: Since the script executes inside the running vm, the chroot is not necessary. Also the standard jre is used instead of sun jre. BUG-ID: CLOUDSTACK-1066 Signed-off-by: Chiradeep Vittal 1360277071 -0800 --- .../systemvmtemplate/postinstall.sh | 46 ++++++++++--------- 1 file changed, 24 insertions(+), 22 deletions(-) diff --git a/tools/appliance/definitions/systemvmtemplate/postinstall.sh b/tools/appliance/definitions/systemvmtemplate/postinstall.sh index 4473bbfb5ca..40064325a2b 100644 --- a/tools/appliance/definitions/systemvmtemplate/postinstall.sh +++ b/tools/appliance/definitions/systemvmtemplate/postinstall.sh @@ -59,44 +59,46 @@ EOF install_packages() { DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical - DEBCONF_DB_OVERRIDE=’File{/root/config.dat}’ - export DEBIAN_FRONTEND DEBIAN_PRIORITY DEBCONF_DB_OVERRIDE #basic stuff - chroot . apt-get --no-install-recommends -q -y --force-yes install rsyslog logrotate cron chkconfig insserv net-tools ifupdown vim-tiny netbase iptables openssh-server grub-legacy e2fsprogs dhcp3-client dnsmasq tcpdump socat wget python bzip2 sed gawk diff grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps monit inetutils-ping iputils-arping httping dnsutils zip unzip ethtool uuid file iproute acpid iptables-persistent virt-what sudo + apt-get --no-install-recommends -q -y --force-yes install rsyslog logrotate cron chkconfig insserv net-tools ifupdown vim-tiny netbase iptables openssh-server grub-legacy e2fsprogs dhcp3-client dnsmasq tcpdump socat wget python bzip2 sed gawk diff grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps monit inetutils-ping iputils-arping httping dnsutils zip unzip ethtool uuid file iproute acpid iptables-persistent virt-what sudo #fix hostname in openssh-server generated keys sed -i "s/root@\(.*\)$/root@systemvm/g" etc/ssh/ssh_host_*.pub #sysstat - chroot . echo 'sysstat sysstat/enable boolean true' | chroot . debconf-set-selections - chroot . apt-get --no-install-recommends -q -y --force-yes install sysstat + echo 'sysstat sysstat/enable boolean true' | debconf-set-selections + apt-get --no-install-recommends -q -y --force-yes install sysstat #apache - chroot . apt-get --no-install-recommends -q -y --force-yes install apache2 ssl-cert + apt-get --no-install-recommends -q -y --force-yes install apache2 ssl-cert #haproxy - chroot . apt-get --no-install-recommends -q -y --force-yes install haproxy + apt-get --no-install-recommends -q -y --force-yes install haproxy #dnsmasq - chroot . apt-get --no-install-recommends -q -y --force-yes install dnsmasq + apt-get --no-install-recommends -q -y --force-yes install dnsmasq #nfs client - chroot . apt-get --no-install-recommends -q -y --force-yes install nfs-common + apt-get --no-install-recommends -q -y --force-yes install nfs-common #vpn stuff - chroot . apt-get --no-install-recommends -q -y --force-yes install xl2tpd openswan bcrelay ppp ipsec-tools tdb-tools + apt-get --no-install-recommends -q -y --force-yes install xl2tpd openswan bcrelay ppp ipsec-tools tdb-tools #vmware tools - chroot . apt-get --no-install-recommends -q -y --force-yes install open-vm-tools + apt-get --no-install-recommends -q -y --force-yes install open-vm-tools #xenstore utils - chroot . apt-get --no-install-recommends -q -y --force-yes install xenstore-utils libxenstore3.0 + apt-get --no-install-recommends -q -y --force-yes install xenstore-utils libxenstore3.0 #keepalived and conntrackd - chroot . apt-get --no-install-recommends -q -y --force-yes install keepalived conntrackd ipvsadm libnetfilter-conntrack3 libnl1 + apt-get --no-install-recommends -q -y --force-yes install keepalived conntrackd ipvsadm libnetfilter-conntrack3 libnl1 #ipcalc - chroot . apt-get --no-install-recommends -q -y --force-yes install ipcalc + apt-get --no-install-recommends -q -y --force-yes install ipcalc + #java + apt-get --no-install-recommends -q -y --force-yes install default-jre-headless + + # Setup sudo to allow no-password sudo for "admin" + groupadd -r admin + usermod -a -G admin cloud + echo "root:password" | chpasswd + sed -i -e '/Defaults\s\+env_reset/a Defaults\texempt_group=admin' /etc/sudoers + sed -i -e 's/%admin ALL=(ALL) ALL/%admin ALL=NOPASSWD:ALL/g' /etc/sudoers + + mkdir /home/cloud/.ssh + chmod 700 /home/cloud/.ssh - echo "***** getting sun jre 6*********" - chroot . echo 'sun-java6-bin shared/accepted-sun-dlj-v1-1 boolean true - sun-java6-jre shared/accepted-sun-dlj-v1-1 boolean true - sun-java6-jre sun-java6-jre/stopthread boolean true - sun-java6-jre sun-java6-jre/jcepolicy note - sun-java6-bin shared/present-sun-dlj-v1-1 note - sun-java6-jre shared/present-sun-dlj-v1-1 note ' | chroot . debconf-set-selections - chroot . apt-get --no-install-recommends -q -y install sun-java6-jre } cleanup() { From 4e4edc9e42f69b10314d0b09629546acc4db333a Mon Sep 17 00:00:00 2001 From: Prachi Damle Date: Thu, 7 Feb 2013 17:22:16 -0800 Subject: [PATCH 13/42] CLOUDSTACK-1116 [EC2 Query API] Support for ModifyImageAttribute and ResetImageAttribute https://reviews.apache.org/r/9213 Add support for EC2 ApiI's ModifyImageAttribute and ResetImageAttribute. Attributes supported are Description and LaunchPermission. --- .../cloud/bridge/service/EC2RestServlet.java | 107 +++++++++++++++--- .../bridge/service/EC2SoapServiceImpl.java | 30 ++--- .../bridge/service/core/ec2/EC2Engine.java | 71 ++++-------- .../core/ec2/EC2ImageLaunchPermission.java | 53 +++++++++ .../core/ec2/EC2ModifyImageAttribute.java | 39 ++----- 5 files changed, 193 insertions(+), 107 deletions(-) create mode 100644 awsapi/src/com/cloud/bridge/service/core/ec2/EC2ImageLaunchPermission.java diff --git a/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java b/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java index 57a32a48289..4612b60eef5 100644 --- a/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java +++ b/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java @@ -87,6 +87,7 @@ import com.amazon.ec2.DetachVolumeResponse; import com.amazon.ec2.DisassociateAddressResponse; import com.amazon.ec2.GetPasswordDataResponse; import com.amazon.ec2.ImportKeyPairResponse; +import com.amazon.ec2.LaunchPermissionItemType; import com.amazon.ec2.ModifyImageAttributeResponse; import com.amazon.ec2.RebootInstancesResponse; import com.amazon.ec2.RegisterImageResponse; @@ -123,10 +124,13 @@ import com.cloud.bridge.service.core.ec2.EC2Engine; import com.cloud.bridge.service.core.ec2.EC2Filter; import com.cloud.bridge.service.core.ec2.EC2GroupFilterSet; import com.cloud.bridge.service.core.ec2.EC2Image; +import com.cloud.bridge.service.core.ec2.EC2ImageAttributes.ImageAttribute; +import com.cloud.bridge.service.core.ec2.EC2ImageLaunchPermission; import com.cloud.bridge.service.core.ec2.EC2ImportKeyPair; import com.cloud.bridge.service.core.ec2.EC2InstanceFilterSet; import com.cloud.bridge.service.core.ec2.EC2IpPermission; import com.cloud.bridge.service.core.ec2.EC2KeyPairFilterSet; +import com.cloud.bridge.service.core.ec2.EC2ModifyImageAttribute; import com.cloud.bridge.service.core.ec2.EC2RebootInstances; import com.cloud.bridge.service.core.ec2.EC2RegisterImage; import com.cloud.bridge.service.core.ec2.EC2ReleaseAddress; @@ -1021,38 +1025,105 @@ public class EC2RestServlet extends HttpServlet { serializeResponse(response, EC2response); } - private void modifyImageAttribute( HttpServletRequest request, HttpServletResponse response ) + private void modifyImageAttribute( HttpServletRequest request, HttpServletResponse response ) throws ADBException, XMLStreamException, IOException { - EC2Image image = new EC2Image(); + EC2ModifyImageAttribute ec2request = new EC2ModifyImageAttribute(); - // -> its interesting to note that the SOAP API docs has description but the REST API docs do not - String[] imageId = request.getParameterValues( "ImageId" ); - if ( null != imageId && 0 < imageId.length ) - image.setId( imageId[0] ); - else { response.sendError(530, "Missing ImageId parameter" ); return; } + String[] imageId = request.getParameterValues( "ImageId" ); + if ( imageId != null && imageId.length > 0 ) + ec2request.setImageId( imageId[0]); + else { + response.sendError(530, "Missing ImageId parameter" ); + return; + } - String[] description = request.getParameterValues( "Description" ); - if ( null != description && 0 < description.length ) - image.setDescription( description[0] ); - else { response.sendError(530, "Missing Description parameter" ); return; } + String[] description = request.getParameterValues( "Description.Value" ); + if ( description != null && description.length > 0 ) { + ec2request.setAttribute(ImageAttribute.description); + ec2request.setDescription(description[0]); + } else { + //add all launch permissions to ec2request + ec2request = addLaunchPermImageAttribute(request, ec2request); + if (ec2request.getLaunchPermissionSet().length > 0) + ec2request.setAttribute(ImageAttribute.launchPermission); + else { + response.sendError(530, "Missing Attribute parameter - Description/LaunchPermission should be provided" ); + return; + } + } // -> execute the request - ModifyImageAttributeResponse EC2response = EC2SoapServiceImpl.toModifyImageAttributeResponse( ServiceProvider.getInstance().getEC2Engine().modifyImageAttribute( image )); + ModifyImageAttributeResponse EC2response = EC2SoapServiceImpl.toModifyImageAttributeResponse( + ServiceProvider.getInstance().getEC2Engine().modifyImageAttribute( ec2request )); serializeResponse(response, EC2response); } + private EC2ModifyImageAttribute addLaunchPermImageAttribute(HttpServletRequest request, EC2ModifyImageAttribute ec2request) { + String[] users = {".UserId", ".Group"}; + String[] operations = {"LaunchPermission.Add.", "LaunchPermission.Remove."}; + int nCount = 1; + + for (int i = 0; i < 2; i++) { + for (int j = 0; j < 2; j++) { + List launchPermissionList = new ArrayList(); + do { + String[] launchPermissionAddGroup = request.getParameterValues( operations[j] + nCount + users[i] ); + if (launchPermissionAddGroup != null && launchPermissionAddGroup.length > 0) + launchPermissionList.add(launchPermissionAddGroup[0]); + else + break; + nCount++; + } while (true); + if (nCount != 1) { + EC2ImageLaunchPermission ec2LaunchPermission = new EC2ImageLaunchPermission(); + if (operations[j].contains("Add")) + ec2LaunchPermission.setLaunchPermOp(EC2ImageLaunchPermission.Operation.add); + else + ec2LaunchPermission.setLaunchPermOp(EC2ImageLaunchPermission.Operation.remove); + for (String launchPerm : launchPermissionList) { + ec2LaunchPermission.addLaunchPermission(launchPerm); + } + ec2request.addLaunchPermission(ec2LaunchPermission); + nCount = 1; + } + } + } + + return ec2request; + } + private void resetImageAttribute( HttpServletRequest request, HttpServletResponse response ) throws ADBException, XMLStreamException, IOException { - EC2Image image = new EC2Image(); + EC2ModifyImageAttribute ec2request = new EC2ModifyImageAttribute(); String[] imageId = request.getParameterValues( "ImageId" ); - if ( null != imageId && 0 < imageId.length ) - image.setId( imageId[0] ); - else { response.sendError(530, "Missing ImageId parameter" ); return; } + if ( imageId != null && imageId.length > 0) + ec2request.setImageId(imageId[0]); + else { + response.sendError(530, "Missing ImageId parameter" ); + return; + } + + String[] attribute = request.getParameterValues( "Attribute" ); + if ( attribute != null && attribute.length > 0 ) { + if (attribute[0].equalsIgnoreCase("launchPermission")) + ec2request.setAttribute(ImageAttribute.launchPermission); + else { + response.sendError(501, "Unsupported Attribute - only launchPermission supported" ); + return; + } + } else { + response.sendError(530, "Missing Attribute parameter" ); + return; + } + + EC2ImageLaunchPermission launchPermission = new EC2ImageLaunchPermission(); + launchPermission.setLaunchPermOp(EC2ImageLaunchPermission.Operation.reset); + ec2request.addLaunchPermission(launchPermission); // -> execute the request - image.setDescription( "" ); - ResetImageAttributeResponse EC2response = EC2SoapServiceImpl.toResetImageAttributeResponse( ServiceProvider.getInstance().getEC2Engine().modifyImageAttribute( image )); + ResetImageAttributeResponse EC2response = EC2SoapServiceImpl.toResetImageAttributeResponse( + ServiceProvider.getInstance().getEC2Engine().modifyImageAttribute( ec2request )); serializeResponse(response, EC2response); } diff --git a/awsapi/src/com/cloud/bridge/service/EC2SoapServiceImpl.java b/awsapi/src/com/cloud/bridge/service/EC2SoapServiceImpl.java index b2451c6a0cb..6fae480e222 100644 --- a/awsapi/src/com/cloud/bridge/service/EC2SoapServiceImpl.java +++ b/awsapi/src/com/cloud/bridge/service/EC2SoapServiceImpl.java @@ -47,6 +47,7 @@ import com.cloud.bridge.service.core.ec2.EC2DescribeInstances; import com.cloud.bridge.service.core.ec2.EC2DescribeInstancesResponse; import com.cloud.bridge.service.core.ec2.EC2DescribeKeyPairs; import com.cloud.bridge.service.core.ec2.EC2DescribeKeyPairsResponse; +import com.cloud.bridge.service.core.ec2.EC2ImageLaunchPermission; import com.cloud.bridge.service.core.ec2.EC2ResourceTag; import com.cloud.bridge.service.core.ec2.EC2DescribeSecurityGroups; import com.cloud.bridge.service.core.ec2.EC2DescribeSecurityGroupsResponse; @@ -595,31 +596,32 @@ public class EC2SoapServiceImpl implements AmazonEC2SkeletonInterface { request.setImageId(miat.getImageId()); request.setAttribute(ImageAttribute.launchPermission); if(launchPermOp.getAdd() != null){ - request.setLaunchPermOperation(EC2ModifyImageAttribute.Operation.add); - setAccountOrGroupList(launchPermOp.getAdd().getItem(), request); + setAccountOrGroupList(launchPermOp.getAdd().getItem(), request, "add"); }else if(launchPermOp.getRemove() != null){ - request.setLaunchPermOperation(EC2ModifyImageAttribute.Operation.remove); - setAccountOrGroupList(launchPermOp.getRemove().getItem(), request); + setAccountOrGroupList(launchPermOp.getRemove().getItem(), request, "remove"); } return toModifyImageAttributeResponse( engine.modifyImageAttribute( request )); } throw new EC2ServiceException( ClientError.Unsupported, "Unsupported - can only modify image description or launchPermission"); } - private void setAccountOrGroupList(LaunchPermissionItemType[] items, EC2ModifyImageAttribute request){ - - List launchPermissionAccountsOrGroupList = new ArrayList(); - + private void setAccountOrGroupList(LaunchPermissionItemType[] items, EC2ModifyImageAttribute request, String operation){ + EC2ImageLaunchPermission launchPermission = new EC2ImageLaunchPermission(); + + if (operation.equalsIgnoreCase("add")) + launchPermission.setLaunchPermOp(EC2ImageLaunchPermission.Operation.add); + else + launchPermission.setLaunchPermOp(EC2ImageLaunchPermission.Operation.remove); + for (LaunchPermissionItemType lpItem : items) { if(lpItem.getGroup() != null){ - launchPermissionAccountsOrGroupList.add(lpItem.getGroup()); + launchPermission.addLaunchPermission(lpItem.getGroup()); }else if(lpItem.getUserId() != null){ - launchPermissionAccountsOrGroupList.add(lpItem.getUserId()); + launchPermission.addLaunchPermission(lpItem.getUserId()); } } - - request.setLaunchPermissionAccountsOrGroupList(launchPermissionAccountsOrGroupList); + request.addLaunchPermission(launchPermission); } /** * Did not find a matching service offering so for now we just return disabled @@ -702,7 +704,9 @@ public class EC2SoapServiceImpl implements AmazonEC2SkeletonInterface { if(elementType != null){ request.setImageId( riat.getImageId()); request.setAttribute(ImageAttribute.launchPermission); - request.setLaunchPermOperation(EC2ModifyImageAttribute.Operation.reset); + EC2ImageLaunchPermission launchPermission = new EC2ImageLaunchPermission(); + launchPermission.setLaunchPermOp(EC2ImageLaunchPermission.Operation.reset); + request.addLaunchPermission(launchPermission); return toResetImageAttributeResponse( engine.modifyImageAttribute( request )); } throw new EC2ServiceException( ClientError.Unsupported, "Unsupported - can only reset image launchPermission" ); diff --git a/awsapi/src/com/cloud/bridge/service/core/ec2/EC2Engine.java b/awsapi/src/com/cloud/bridge/service/core/ec2/EC2Engine.java index 8a5a733c4fb..2f45b03ae06 100644 --- a/awsapi/src/com/cloud/bridge/service/core/ec2/EC2Engine.java +++ b/awsapi/src/com/cloud/bridge/service/core/ec2/EC2Engine.java @@ -535,32 +535,6 @@ public class EC2Engine extends ManagerBase { } - /** REST API calls this method. - * Modify an existing template - * - * @param request - * @return - */ - public boolean modifyImageAttribute( EC2Image request ) - { - // TODO: This is incomplete - EC2DescribeImagesResponse images = new EC2DescribeImagesResponse(); - - try { - images = listTemplates( request.getId(), images ); - EC2Image[] imageSet = images.getImageSet(); - - CloudStackTemplate resp = getApi().updateTemplate(request.getId(), null, request.getDescription(), null, imageSet[0].getName(), null, null); - if (resp != null) { - return true; - } - return false; - } catch( Exception e ) { - logger.error( "EC2 ModifyImage - ", e); - throw new EC2ServiceException(ServerError.InternalError, e.getMessage()); - } - } - /** * Modify an existing template @@ -572,32 +546,35 @@ public class EC2Engine extends ManagerBase { { try { if(request.getAttribute().equals(ImageAttribute.launchPermission)){ - - String accounts = ""; - Boolean isPublic = null; - EC2ModifyImageAttribute.Operation operation = request.getLaunchPermOperation(); - - List accountOrGroupList = request.getLaunchPermissionAccountsList(); - if(accountOrGroupList != null && !accountOrGroupList.isEmpty()){ - boolean first = true; - for(String accountOrGroup : accountOrGroupList){ - if("all".equalsIgnoreCase(accountOrGroup)){ - if(operation.equals(EC2ModifyImageAttribute.Operation.add)){ - isPublic = true; + EC2ImageLaunchPermission[] launchPermissions = request.getLaunchPermissionSet(); + for (EC2ImageLaunchPermission launchPermission : launchPermissions) { + String accounts = ""; + Boolean isPublic = null; + EC2ImageLaunchPermission.Operation operation = launchPermission.getLaunchPermOp(); + List accountOrGroupList = launchPermission.getLaunchPermissionList(); + if(accountOrGroupList != null && !accountOrGroupList.isEmpty()){ + boolean first = true; + for(String accountOrGroup : accountOrGroupList){ + if("all".equalsIgnoreCase(accountOrGroup)){ + if(operation.equals(EC2ImageLaunchPermission.Operation.add)){ + isPublic = true; + }else{ + isPublic = false; + } }else{ - isPublic = false; + if(!first){ + accounts = accounts + ","; + } + accounts = accounts + accountOrGroup; + first = false; } - }else{ - if(!first){ - accounts = accounts + ","; - } - accounts = accounts + accountOrGroup; - first = false; } } + CloudStackInfoResponse resp = getApi().updateTemplatePermissions(request.getImageId(), accounts, null, null, isPublic, operation.toString()); + if (!resp.getSuccess()) + return false; } - CloudStackInfoResponse resp = getApi().updateTemplatePermissions(request.getImageId(), accounts, null, null, isPublic, operation.toString()); - return resp.getSuccess(); + return true; }else if(request.getAttribute().equals(ImageAttribute.description)){ CloudStackTemplate resp = getApi().updateTemplate(request.getImageId(), null, request.getDescription(), null, null, null, null); if (resp != null) { diff --git a/awsapi/src/com/cloud/bridge/service/core/ec2/EC2ImageLaunchPermission.java b/awsapi/src/com/cloud/bridge/service/core/ec2/EC2ImageLaunchPermission.java new file mode 100644 index 00000000000..552ffbe77d9 --- /dev/null +++ b/awsapi/src/com/cloud/bridge/service/core/ec2/EC2ImageLaunchPermission.java @@ -0,0 +1,53 @@ +// Licensed to the Apache Software Foundation (ASF) under one +// or more contributor license agreements. See the NOTICE file +// distributed with this work for additional information +// regarding copyright ownership. The ASF licenses this file +// to you under the Apache License, Version 2.0 (the +// "License"); you may not use this file except in compliance +// with the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, +// software distributed under the License is distributed on an +// "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +// KIND, either express or implied. See the License for the +// specific language governing permissions and limitations +// under the License. +package com.cloud.bridge.service.core.ec2; + +import java.util.ArrayList; +import java.util.List; + +public class EC2ImageLaunchPermission { + + private Operation launchPermOperation; + public enum Operation{ + add, + remove, + reset; + } + + private List launchPermissionList = new ArrayList(); + + public EC2ImageLaunchPermission() { + launchPermOperation = null; + } + + public void addLaunchPermission(String launchPermission) { + launchPermissionList.add(launchPermission); + } + + public List getLaunchPermissionList() { + return launchPermissionList; + } + + public void setLaunchPermOp( Operation launchPermOperation ) { + this.launchPermOperation = launchPermOperation; + } + + public Operation getLaunchPermOp() { + return this.launchPermOperation; + } + +} diff --git a/awsapi/src/com/cloud/bridge/service/core/ec2/EC2ModifyImageAttribute.java b/awsapi/src/com/cloud/bridge/service/core/ec2/EC2ModifyImageAttribute.java index 16f5ef750c7..e88d2d191aa 100644 --- a/awsapi/src/com/cloud/bridge/service/core/ec2/EC2ModifyImageAttribute.java +++ b/awsapi/src/com/cloud/bridge/service/core/ec2/EC2ModifyImageAttribute.java @@ -16,7 +16,7 @@ // under the License. package com.cloud.bridge.service.core.ec2; - +import java.util.ArrayList; import java.util.List; import com.cloud.bridge.service.core.ec2.EC2ImageAttributes.ImageAttribute; @@ -28,15 +28,7 @@ public class EC2ModifyImageAttribute { private String description; private Boolean isPublic = null; - private Operation launchPermOperation = null; - public enum Operation{ - add, - remove, - reset; - } - - private List launchPermissionAccountsOrGroupList; - + private List launchPermissionList = new ArrayList(); public EC2ModifyImageAttribute() { } @@ -65,31 +57,20 @@ public class EC2ModifyImageAttribute { return this.description; } - public void setLaunchPermissionAccountsOrGroupList(List launchPermissionAccountsOrGroupList) { - this.launchPermissionAccountsOrGroupList = launchPermissionAccountsOrGroupList; - } - - public List getLaunchPermissionAccountsList() { - return launchPermissionAccountsOrGroupList; - } - - public void setLaunchPermOperation( Operation launchPermOperation ) { - this.launchPermOperation = launchPermOperation; - } - - public Operation getLaunchPermOperation() { - return this.launchPermOperation; - } - - public void setIsPublic(Boolean isPublic) { this.isPublic = isPublic; } - public Boolean getIsPublic() { return isPublic; } - + + public void addLaunchPermission( EC2ImageLaunchPermission param ) { + launchPermissionList.add( param ); + } + + public EC2ImageLaunchPermission[] getLaunchPermissionSet() { + return launchPermissionList.toArray(new EC2ImageLaunchPermission[0]); + } } From 12ad296b6c323f017f2fdbeb1e9be79c81c8dca2 Mon Sep 17 00:00:00 2001 From: Likitha Shetty Date: Thu, 7 Feb 2013 17:52:48 -0800 Subject: [PATCH 14/42] CLOUDSTACK-1117 [EC2 Query API] DescribeImageAttribute fails EC2DescribeImageAttribute fails with 'Unsupported - only description supported' error. And this is observed for both the supported attributes 'Description' and 'LaunchPermission' --- .../cloud/bridge/service/EC2RestServlet.java | 33 ++++++++++++------- 1 file changed, 22 insertions(+), 11 deletions(-) diff --git a/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java b/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java index 4612b60eef5..c3a86a00c69 100644 --- a/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java +++ b/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java @@ -113,6 +113,7 @@ import com.cloud.bridge.service.core.ec2.EC2CreateVolume; import com.cloud.bridge.service.core.ec2.EC2DeleteKeyPair; import com.cloud.bridge.service.core.ec2.EC2DescribeAddresses; import com.cloud.bridge.service.core.ec2.EC2DescribeAvailabilityZones; +import com.cloud.bridge.service.core.ec2.EC2DescribeImageAttribute; import com.cloud.bridge.service.core.ec2.EC2DescribeImages; import com.cloud.bridge.service.core.ec2.EC2DescribeInstances; import com.cloud.bridge.service.core.ec2.EC2DescribeKeyPairs; @@ -1311,25 +1312,35 @@ public class EC2RestServlet extends HttpServlet { private void describeImageAttribute( HttpServletRequest request, HttpServletResponse response ) throws ADBException, XMLStreamException, IOException { - EC2DescribeImages EC2request = new EC2DescribeImages(); + EC2DescribeImageAttribute ec2request = new EC2DescribeImageAttribute(); - // -> only works for queries about descriptions - String[] descriptions = request.getParameterValues( "Description" ); - if ( null != descriptions && 0 < descriptions.length ) { - String[] value = request.getParameterValues( "ImageId" ); - EC2request.addImageSet( value[0] ); - } + String[] imageId = request.getParameterValues( "ImageId" ); + if (imageId != null && imageId.length > 0) + ec2request.setImageId(imageId[0]); else { - response.sendError(501, "Unsupported - only description supported" ); + response.sendError(530, "Missing ImageId parameter"); return; } - // -> execute the request - DescribeImageAttributeResponse EC2response = EC2SoapServiceImpl.toDescribeImageAttributeResponse( ServiceProvider.getInstance().getEC2Engine().describeImages( EC2request )); + String[] attribute = request.getParameterValues( "Attribute" ); + if (attribute != null && attribute.length > 0) { + if (attribute[0].equalsIgnoreCase("description")) + ec2request.setAttribute(ImageAttribute.description); + else if (attribute[0].equalsIgnoreCase("launchPermission")) + ec2request.setAttribute(ImageAttribute.launchPermission); + else { + response.sendError(501, "Unsupported Attribute - description and launchPermission supported" ); + return; + } + } else { + response.sendError(530, "Missing Attribute parameter"); + return; + } + + DescribeImageAttributeResponse EC2response = EC2SoapServiceImpl.toDescribeImageAttributeResponse( ServiceProvider.getInstance().getEC2Engine().describeImageAttribute( ec2request )); serializeResponse(response, EC2response); } - private void describeInstances( HttpServletRequest request, HttpServletResponse response ) throws ADBException, XMLStreamException, IOException { From b5e28038cbc85e4e39bfc2b71927e2935b1f1673 Mon Sep 17 00:00:00 2001 From: Likitha Shetty Date: Thu, 7 Feb 2013 18:00:25 -0800 Subject: [PATCH 15/42] [EC2 Query API] DescribeAvailabilityZones doesn't have any filter support. CLOUDSTACK-1118 Support will be available for filters - zone-name and message --- .../src/com/cloud/bridge/service/EC2RestServlet.java | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java b/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java index c3a86a00c69..8f364907595 100644 --- a/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java +++ b/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java @@ -107,6 +107,7 @@ import com.cloud.bridge.persist.dao.UserCredentialsDaoImpl; import com.cloud.bridge.service.controller.s3.ServiceProvider; import com.cloud.bridge.service.core.ec2.EC2AssociateAddress; import com.cloud.bridge.service.core.ec2.EC2AuthorizeRevokeSecurityGroup; +import com.cloud.bridge.service.core.ec2.EC2AvailabilityZonesFilterSet; import com.cloud.bridge.service.core.ec2.EC2CreateImage; import com.cloud.bridge.service.core.ec2.EC2CreateKeyPair; import com.cloud.bridge.service.core.ec2.EC2CreateVolume; @@ -1286,6 +1287,17 @@ public class EC2RestServlet extends HttpServlet { if (null != value && 0 < value.length) EC2request.addZone( value[0] ); } } + + // add filters + EC2Filter[] filterSet = extractFilters( request ); + if ( filterSet != null ) { + EC2AvailabilityZonesFilterSet afs = new EC2AvailabilityZonesFilterSet(); + for( int i=0; i < filterSet.length; i++ ) { + afs.addFilter(filterSet[i]); + } + EC2request.setFilterSet( afs ); + } + // -> execute the request DescribeAvailabilityZonesResponse EC2response = EC2SoapServiceImpl.toDescribeAvailabilityZonesResponse( ServiceProvider.getInstance().getEC2Engine().handleRequest( EC2request )); serializeResponse(response, EC2response); From 2364ada4df2543c75d5a569de73a83f4a235afa8 Mon Sep 17 00:00:00 2001 From: Likitha Shetty Date: Thu, 7 Feb 2013 18:31:36 -0800 Subject: [PATCH 16/42] CLOUDSTACK-1119 [EC2 Query API] Add filter support for DecsribeAddresses EC2DescribeAddresses doesn't have filter support. Support will be available for filters -> instance-id and public-ip --- .../src/com/cloud/bridge/service/EC2RestServlet.java | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java b/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java index 8f364907595..0186db4ad08 100644 --- a/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java +++ b/awsapi/src/com/cloud/bridge/service/EC2RestServlet.java @@ -105,6 +105,7 @@ import com.cloud.bridge.persist.dao.CloudStackUserDaoImpl; import com.cloud.bridge.persist.dao.OfferingDaoImpl; import com.cloud.bridge.persist.dao.UserCredentialsDaoImpl; import com.cloud.bridge.service.controller.s3.ServiceProvider; +import com.cloud.bridge.service.core.ec2.EC2AddressFilterSet; import com.cloud.bridge.service.core.ec2.EC2AssociateAddress; import com.cloud.bridge.service.core.ec2.EC2AuthorizeRevokeSecurityGroup; import com.cloud.bridge.service.core.ec2.EC2AvailabilityZonesFilterSet; @@ -1397,6 +1398,15 @@ public class EC2RestServlet extends HttpServlet { if (null != value && 0 < value.length) ec2Request.addPublicIp( value[0] ); } } + + // add filters + EC2Filter[] filterSet = extractFilters( request ); + if ( filterSet != null ) { + EC2AddressFilterSet afs = new EC2AddressFilterSet(); + for ( int i=0; i < filterSet.length; i++ ) + afs.addFilter( filterSet[i] ); + ec2Request.setFilterSet( afs ); + } // -> execute the request EC2Engine engine = ServiceProvider.getInstance().getEC2Engine(); serializeResponse(response, EC2SoapServiceImpl.toDescribeAddressesResponse( engine.describeAddresses( ec2Request))); From 990d20b67b478ced23e5b2164bd0cff165a980e2 Mon Sep 17 00:00:00 2001 From: Chiradeep Vittal Date: Thu, 7 Feb 2013 18:47:46 -0800 Subject: [PATCH 17/42] CLOUDSTACK-1066 slim down the package by not choosing 'standard'. Allow root user to login (FIXME) otherwise veewee is unable to login --- tools/appliance/definitions/systemvmtemplate/preseed.cfg | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/appliance/definitions/systemvmtemplate/preseed.cfg b/tools/appliance/definitions/systemvmtemplate/preseed.cfg index 2b956e11cdb..a21fd8a362f 100644 --- a/tools/appliance/definitions/systemvmtemplate/preseed.cfg +++ b/tools/appliance/definitions/systemvmtemplate/preseed.cfg @@ -187,7 +187,7 @@ d-i partman/confirm_nooverwrite boolean true ### Account setup # Skip creation of a root account (normal user account will be able to # use sudo). -d-i passwd/root-login boolean false +d-i passwd/root-login boolean true # Alternatively, to skip creation of a normal user account. #d-i passwd/make-user boolean false @@ -233,7 +233,7 @@ d-i passwd/user-default-groups string audio cdrom video admin #d-i debian-installer/allow_unauthenticated string true ### Package selection -tasksel tasksel/first multiselect standard +tasksel tasksel/first multiselect ssh-server # If the desktop task is selected, install the kde and xfce desktops # instead of the default gnome desktop. #tasksel tasksel/desktop multiselect kde, xfce @@ -265,7 +265,7 @@ d-i grub-installer/only_debian boolean true # This one makes grub-installer install to the MBR if it also finds some other # OS, which is less safe as it might not be able to boot that other OS. -d-i grub-installer/with_other_os boolean true +#d-i grub-installer/with_other_os boolean true # Alternatively, if you want to install to a location other than the mbr, # uncomment and edit these lines: From ee9baefe3f3336cf57cb9feada252f0d9ce3ce17 Mon Sep 17 00:00:00 2001 From: Chiradeep Vittal Date: Thu, 7 Feb 2013 18:51:14 -0800 Subject: [PATCH 18/42] CLOUDSTACK-1066: restore modularity in config files by splitting postinstall tasks Add config.dat to ensure that openswan install does not hang asking for user input --- .../definitions/systemvmtemplate/base.sh | 27 + .../definitions/systemvmtemplate/cleanup.sh | 17 + .../systemvmtemplate/cloudstack-packages.sh | 86 ++ .../definitions/systemvmtemplate/config.dat | 878 ++++++++++++++++++ .../systemvmtemplate/definition.rb | 10 +- .../definitions/systemvmtemplate/zerodisk.sh | 3 + 6 files changed, 1018 insertions(+), 3 deletions(-) create mode 100644 tools/appliance/definitions/systemvmtemplate/base.sh create mode 100644 tools/appliance/definitions/systemvmtemplate/cleanup.sh create mode 100644 tools/appliance/definitions/systemvmtemplate/cloudstack-packages.sh create mode 100644 tools/appliance/definitions/systemvmtemplate/config.dat create mode 100644 tools/appliance/definitions/systemvmtemplate/zerodisk.sh diff --git a/tools/appliance/definitions/systemvmtemplate/base.sh b/tools/appliance/definitions/systemvmtemplate/base.sh new file mode 100644 index 00000000000..6b44e0aac3a --- /dev/null +++ b/tools/appliance/definitions/systemvmtemplate/base.sh @@ -0,0 +1,27 @@ +# Update the box +apt-get -y update +#below are needed for ruby perhaps +apt-get -y install linux-headers-$(uname -r) build-essential +apt-get -y install zlib1g-dev libssl-dev libreadline-gplv2-dev +apt-get -y install curl unzip +apt-get clean + +# Set up sudo +echo 'vagrant ALL=NOPASSWD:ALL' > /etc/sudoers.d/vagrant + +# Tweak sshd to prevent DNS resolution (speed up logins) +echo 'UseDNS no' >> /etc/ssh/sshd_config + +# Remove 5s grub timeout to speed up booting +echo < /etc/default/grub +# If you change this file, run 'update-grub' afterwards to update +# /boot/grub/grub.cfg. + +GRUB_DEFAULT=0 +GRUB_TIMEOUT=0 +GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian` +GRUB_CMDLINE_LINUX_DEFAULT="quiet" +GRUB_CMDLINE_LINUX="debian-installer=en_US" +EOF + +update-grub diff --git a/tools/appliance/definitions/systemvmtemplate/cleanup.sh b/tools/appliance/definitions/systemvmtemplate/cleanup.sh new file mode 100644 index 00000000000..bf8a6192e53 --- /dev/null +++ b/tools/appliance/definitions/systemvmtemplate/cleanup.sh @@ -0,0 +1,17 @@ +# Clean up +apt-get -y remove linux-headers-$(uname -r) build-essential +apt-get -y autoremove + +# Removing leftover leases and persistent rules +echo "cleaning up dhcp leases" +rm /var/lib/dhcp/* + +# Make sure Udev doesn't block our network +echo "cleaning up udev rules" +rm /etc/udev/rules.d/70-persistent-net.rules +mkdir /etc/udev/rules.d/70-persistent-net.rules +rm -rf /dev/.udev/ +rm /lib/udev/rules.d/75-persistent-net-generator.rules + +echo "Adding a 2 sec delay to the interface up, to make the dhclient happy" +echo "pre-up sleep 2" >> /etc/network/interfaces diff --git a/tools/appliance/definitions/systemvmtemplate/cloudstack-packages.sh b/tools/appliance/definitions/systemvmtemplate/cloudstack-packages.sh new file mode 100644 index 00000000000..426cd033b55 --- /dev/null +++ b/tools/appliance/definitions/systemvmtemplate/cloudstack-packages.sh @@ -0,0 +1,86 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + + +ROOTPW=password +CLOUDSTACK_RELEASE=4.2.0 + + +install_packages() { + DEBIAN_FRONTEND=noninteractive + DEBIAN_PRIORITY=critical + + #basic stuff + apt-get --no-install-recommends -q -y --force-yes install rsyslog logrotate cron chkconfig insserv net-tools ifupdown vim-tiny netbase iptables openssh-server grub-legacy e2fsprogs dhcp3-client dnsmasq tcpdump socat wget python bzip2 sed gawk diff grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps monit inetutils-ping iputils-arping httping dnsutils zip unzip ethtool uuid file iproute acpid iptables-persistent virt-what sudo + + #sysstat + echo 'sysstat sysstat/enable boolean true' | debconf-set-selections + apt-get --no-install-recommends -q -y --force-yes install sysstat + #apache + apt-get --no-install-recommends -q -y --force-yes install apache2 ssl-cert + #haproxy + apt-get --no-install-recommends -q -y --force-yes install haproxy + #dnsmasq + apt-get --no-install-recommends -q -y --force-yes install dnsmasq + #nfs client + apt-get --no-install-recommends -q -y --force-yes install nfs-common + #vpn stuff + apt-get --no-install-recommends -q -y --force-yes install xl2tpd openswan bcrelay ppp ipsec-tools tdb-tools + #vmware tools + apt-get --no-install-recommends -q -y --force-yes install open-vm-tools + #xenstore utils + apt-get --no-install-recommends -q -y --force-yes install xenstore-utils libxenstore3.0 + #keepalived and conntrackd + apt-get --no-install-recommends -q -y --force-yes install keepalived conntrackd ipvsadm libnetfilter-conntrack3 libnl1 + #ipcalc + apt-get --no-install-recommends -q -y --force-yes install ipcalc + #java + apt-get --no-install-recommends -q -y --force-yes install default-jre-headless + +} + +accounts() { + # Setup sudo to allow no-password sudo for "admin" + groupadd -r admin + #create a 'cloud' user + usermod -a -G admin cloud + echo "root:password" | chpasswd + echo "cloud:password" | chpasswd + sed -i -e '/Defaults\s\+env_reset/a Defaults\texempt_group=admin' /etc/sudoers + sed -i -e 's/%admin ALL=(ALL) ALL/%admin ALL=NOPASSWD:ALL/g' /etc/sudoers + + mkdir -p /home/cloud/.ssh + chmod 700 /home/cloud/.ssh + +} + +do_fixes() { + #fix hostname in openssh-server generated keys + sed -i "s/root@\(.*\)$/root@systemvm/g" etc/ssh/ssh_host_*.pub +} + +signature() { + touch /var/cache/cloud/cloud-scripts-signature + echo "Cloudstack Release $CLOUDSTACK_RELEASE $(date)" > /etc/cloudstack-release +} + +echo "*************INSTALLING PACKAGES********************" +install_packages +echo "*************DONE INSTALLING PACKAGES********************" +accounts +do_fixes +signature diff --git a/tools/appliance/definitions/systemvmtemplate/config.dat b/tools/appliance/definitions/systemvmtemplate/config.dat new file mode 100644 index 00000000000..bc71fb981db --- /dev/null +++ b/tools/appliance/definitions/systemvmtemplate/config.dat @@ -0,0 +1,878 @@ +Name: adduser/homedir-permission +Template: adduser/homedir-permission +Value: true +Owners: adduser + +Name: adduser/title +Template: adduser/title +Owners: adduser + +Name: apt-listchanges/confirm +Template: apt-listchanges/confirm +Value: false +Owners: apt-listchanges + +Name: apt-listchanges/email-address +Template: apt-listchanges/email-address +Value: root +Owners: apt-listchanges + +Name: apt-listchanges/frontend +Template: apt-listchanges/frontend +Value: pager +Owners: apt-listchanges + +Name: apt-listchanges/save-seen +Template: apt-listchanges/save-seen +Value: true +Owners: apt-listchanges + +Name: apt-listchanges/which +Template: apt-listchanges/which +Value: news +Owners: apt-listchanges + +Name: ca-certificates/enable_crts +Template: ca-certificates/enable_crts +Value: cacert.org/cacert.org.crt, debconf.org/ca.crt, mozilla/ACEDICOM_Root.crt, mozilla/AC_Raíz_Certicámara_S.A..crt, mozilla/Actalis_Authentication_Root_CA.crt, mozilla/AddTrust_External_Root.crt, mozilla/AddTrust_Low-Value_Services_Root.crt, mozilla/AddTrust_Public_Services_Root.crt, mozilla/AddTrust_Qualified_Certificates_Root.crt, mozilla/AffirmTrust_Commercial.crt, mozilla/AffirmTrust_Networking.crt, mozilla/AffirmTrust_Premium.crt, mozilla/AffirmTrust_Premium_ECC.crt, mozilla/America_Online_Root_Certification_Authority_1.crt, mozilla/America_Online_Root_Certification_Authority_2.crt, mozilla/ApplicationCA_-_Japanese_Government.crt, mozilla/A-Trust-nQual-03.crt, mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/Buypass_Class_2_CA_1.crt, mozilla/Buypass_Class_2_Root_CA.crt, mozilla/Buypass_Class_3_CA_1.crt, mozilla/Buypass_Class_3_Root_CA.crt, mozilla/CA_Disig.crt, mozilla/Camerfirma_Chambers_of_Commerce_Root.crt, mozilla/Camerfirma_Global_Chambersign_Root.crt, mozilla/Certigna.crt, mozilla/Certinomis_-_Autorité_Racine.crt, mozilla/Certplus_Class_2_Primary_CA.crt, mozilla/certSIGN_ROOT_CA.crt, mozilla/Certum_Root_CA.crt, mozilla/Certum_Trusted_Network_CA.crt, mozilla/Chambers_of_Commerce_Root_-_2008.crt, mozilla/CNNIC_ROOT.crt, mozilla/Comodo_AAA_Services_root.crt, mozilla/COMODO_Certification_Authority.crt, mozilla/COMODO_ECC_Certification_Authority.crt, mozilla/Comodo_Secure_Services_root.crt, mozilla/Comodo_Trusted_Services_root.crt, mozilla/ComSign_CA.crt, mozilla/ComSign_Secured_CA.crt, mozilla/Cybertrust_Global_Root.crt, mozilla/Deutsche_Telekom_Root_CA_2.crt, mozilla/DigiCert_Assured_ID_Root_CA.crt, mozilla/DigiCert_Global_Root_CA.crt, mozilla/DigiCert_High_Assurance_EV_Root_CA.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt, mozilla/DST_ACES_CA_X6.crt, mozilla/DST_Root_CA_X3.crt, mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt, mozilla/EC-ACC.crt, mozilla/EE_Certification_Centre_Root_CA.crt, mozilla/E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/Entrust.net_Secure_Server_CA.crt, mozilla/Entrust_Root_Certification_Authority.crt, mozilla/ePKI_Root_Certification_Authority.crt, mozilla/Equifax_Secure_CA.crt, mozilla/Equifax_Secure_eBusiness_CA_1.crt, mozilla/Equifax_Secure_eBusiness_CA_2.crt, mozilla/Equifax_Secure_Global_eBusiness_CA.crt, mozilla/Firmaprofesional_Root_CA.crt, mozilla/GeoTrust_Global_CA_2.crt, mozilla/GeoTrust_Global_CA.crt, mozilla/GeoTrust_Primary_Certification_Authority.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt, mozilla/GeoTrust_Universal_CA_2.crt, mozilla/GeoTrust_Universal_CA.crt, mozilla/Global_Chambersign_Root_-_2008.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/GlobalSign_Root_CA_-_R2.crt, mozilla/GlobalSign_Root_CA_-_R3.crt, mozilla/Go_Daddy_Class_2_CA.crt, mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt, mozilla/GTE_CyberTrust_Global_Root.crt, mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt, mozilla/Hongkong_Post_Root_CA_1.crt, mozilla/IGC_A.crt, mozilla/Izenpe.com.crt, mozilla/Juur-SK.crt, mozilla/Microsec_e-Szigno_Root_CA_2009.crt, mozilla/Microsec_e-Szigno_Root_CA.crt, mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt, mozilla/NetLock_Business_=Class_B=_Root.crt, mozilla/NetLock_Express_=Class_C=_Root.crt, mozilla/NetLock_Notary_=Class_A=_Root.crt, mozilla/NetLock_Qualified_=Class_QA=_Root.crt, mozilla/Network_Solutions_Certificate_Authority.crt, mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt, mozilla/QuoVadis_Root_CA_2.crt, mozilla/QuoVadis_Root_CA_3.crt, mozilla/QuoVadis_Root_CA.crt, mozilla/Root_CA_Generalitat_Valenciana.crt, mozilla/RSA_Root_Certificate_1.crt, mozilla/RSA_Security_2048_v3.crt, mozilla/Secure_Global_CA.crt, mozilla/SecureSign_RootCA11.crt, mozilla/SecureTrust_CA.crt, mozilla/Security_Communication_EV_RootCA1.crt, mozilla/Security_Communication_RootCA2.crt, mozilla/Security_Communication_Root_CA.crt, mozilla/Sonera_Class_1_Root_CA.crt, mozilla/Sonera_Class_2_Root_CA.crt, mozilla/Staat_der_Nederlanden_Root_CA.crt, mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt, mozilla/Starfield_Class_2_CA.crt, mozilla/Starfield_Root_Certificate_Authority_-_G2.crt, mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt, mozilla/StartCom_Certification_Authority.crt, mozilla/StartCom_Certification_Authority_G2.crt, mozilla/S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt, mozilla/Swisscom_Root_CA_1.crt, mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/SwissSign_Platinum_CA_-_G2.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, mozilla/TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt, mozilla/Taiwan_GRCA.crt, mozilla/TC_TrustCenter_Class_2_CA_II.crt, mozilla/TC_TrustCenter_Class_3_CA_II.crt, mozilla/TC_TrustCenter_Universal_CA_I.crt, mozilla/TC_TrustCenter_Universal_CA_III.crt, mozilla/TDC_Internet_Root_CA.crt, mozilla/TDC_OCES_Root_CA.crt, mozilla/Thawte_Premium_Server_CA.crt, mozilla/thawte_Primary_Root_CA.crt, mozilla/thawte_Primary_Root_CA_-_G2.crt, mozilla/thawte_Primary_Root_CA_-_G3.crt, mozilla/Thawte_Server_CA.crt, mozilla/Trustis_FPS_Root_CA.crt, mozilla/T-TeleSec_GlobalRoot_Class_3.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_1.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_2.crt, mozilla/TWCA_Root_Certification_Authority.crt, mozilla/UTN_DATACorp_SGC_Root_CA.crt, mozilla/UTN_USERFirst_Email_Root_CA.crt, mozilla/UTN_USERFirst_Hardware_Root_CA.crt, mozilla/ValiCert_Class_1_VA.crt, mozilla/ValiCert_Class_2_VA.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt, mozilla/VeriSign_Universal_Root_Certification_Authority.crt, mozilla/Visa_eCommerce_Root.crt, mozilla/Wells_Fargo_Root_CA.crt, mozilla/WellsSecure_Public_Root_Certificate_Authority.crt, mozilla/XRamp_Global_CA_Root.crt, spi-inc.org/spi-ca-2003.crt, spi-inc.org/spi-cacert-2008.crt +Owners: ca-certificates +Variables: + enable_crts = cacert.org/cacert.org.crt, debconf.org/ca.crt, mozilla/ACEDICOM_Root.crt, mozilla/AC_Raíz_Certicámara_S.A..crt, mozilla/Actalis_Authentication_Root_CA.crt, mozilla/AddTrust_External_Root.crt, mozilla/AddTrust_Low-Value_Services_Root.crt, mozilla/AddTrust_Public_Services_Root.crt, mozilla/AddTrust_Qualified_Certificates_Root.crt, mozilla/AffirmTrust_Commercial.crt, mozilla/AffirmTrust_Networking.crt, mozilla/AffirmTrust_Premium.crt, mozilla/AffirmTrust_Premium_ECC.crt, mozilla/America_Online_Root_Certification_Authority_1.crt, mozilla/America_Online_Root_Certification_Authority_2.crt, mozilla/ApplicationCA_-_Japanese_Government.crt, mozilla/A-Trust-nQual-03.crt, mozilla/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.crt, mozilla/Baltimore_CyberTrust_Root.crt, mozilla/Buypass_Class_2_CA_1.crt, mozilla/Buypass_Class_2_Root_CA.crt, mozilla/Buypass_Class_3_CA_1.crt, mozilla/Buypass_Class_3_Root_CA.crt, mozilla/CA_Disig.crt, mozilla/Camerfirma_Chambers_of_Commerce_Root.crt, mozilla/Camerfirma_Global_Chambersign_Root.crt, mozilla/Certigna.crt, mozilla/Certinomis_-_Autorité_Racine.crt, mozilla/Certplus_Class_2_Primary_CA.crt, mozilla/certSIGN_ROOT_CA.crt, mozilla/Certum_Root_CA.crt, mozilla/Certum_Trusted_Network_CA.crt, mozilla/Chambers_of_Commerce_Root_-_2008.crt, mozilla/CNNIC_ROOT.crt, mozilla/Comodo_AAA_Services_root.crt, mozilla/COMODO_Certification_Authority.crt, mozilla/COMODO_ECC_Certification_Authority.crt, mozilla/Comodo_Secure_Services_root.crt, mozilla/Comodo_Trusted_Services_root.crt, mozilla/ComSign_CA.crt, mozilla/ComSign_Secured_CA.crt, mozilla/Cybertrust_Global_Root.crt, mozilla/Deutsche_Telekom_Root_CA_2.crt, mozilla/DigiCert_Assured_ID_Root_CA.crt, mozilla/DigiCert_Global_Root_CA.crt, mozilla/DigiCert_High_Assurance_EV_Root_CA.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_1.crt, mozilla/Digital_Signature_Trust_Co._Global_CA_3.crt, mozilla/DST_ACES_CA_X6.crt, mozilla/DST_Root_CA_X3.crt, mozilla/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.crt, mozilla/EC-ACC.crt, mozilla/EE_Certification_Centre_Root_CA.crt, mozilla/E-Guven_Kok_Elektronik_Sertifika_Hizmet_Saglayicisi.crt, mozilla/Entrust.net_Premium_2048_Secure_Server_CA.crt, mozilla/Entrust.net_Secure_Server_CA.crt, mozilla/Entrust_Root_Certification_Authority.crt, mozilla/ePKI_Root_Certification_Authority.crt, mozilla/Equifax_Secure_CA.crt, mozilla/Equifax_Secure_eBusiness_CA_1.crt, mozilla/Equifax_Secure_eBusiness_CA_2.crt, mozilla/Equifax_Secure_Global_eBusiness_CA.crt, mozilla/Firmaprofesional_Root_CA.crt, mozilla/GeoTrust_Global_CA_2.crt, mozilla/GeoTrust_Global_CA.crt, mozilla/GeoTrust_Primary_Certification_Authority.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G2.crt, mozilla/GeoTrust_Primary_Certification_Authority_-_G3.crt, mozilla/GeoTrust_Universal_CA_2.crt, mozilla/GeoTrust_Universal_CA.crt, mozilla/Global_Chambersign_Root_-_2008.crt, mozilla/GlobalSign_Root_CA.crt, mozilla/GlobalSign_Root_CA_-_R2.crt, mozilla/GlobalSign_Root_CA_-_R3.crt, mozilla/Go_Daddy_Class_2_CA.crt, mozilla/Go_Daddy_Root_Certificate_Authority_-_G2.crt, mozilla/GTE_CyberTrust_Global_Root.crt, mozilla/Hellenic_Academic_and_Research_Institutions_RootCA_2011.crt, mozilla/Hongkong_Post_Root_CA_1.crt, mozilla/IGC_A.crt, mozilla/Izenpe.com.crt, mozilla/Juur-SK.crt, mozilla/Microsec_e-Szigno_Root_CA_2009.crt, mozilla/Microsec_e-Szigno_Root_CA.crt, mozilla/NetLock_Arany_=Class_Gold=_Főtanúsítvány.crt, mozilla/NetLock_Business_=Class_B=_Root.crt, mozilla/NetLock_Express_=Class_C=_Root.crt, mozilla/NetLock_Notary_=Class_A=_Root.crt, mozilla/NetLock_Qualified_=Class_QA=_Root.crt, mozilla/Network_Solutions_Certificate_Authority.crt, mozilla/OISTE_WISeKey_Global_Root_GA_CA.crt, mozilla/QuoVadis_Root_CA_2.crt, mozilla/QuoVadis_Root_CA_3.crt, mozilla/QuoVadis_Root_CA.crt, mozilla/Root_CA_Generalitat_Valenciana.crt, mozilla/RSA_Root_Certificate_1.crt, mozilla/RSA_Security_2048_v3.crt, mozilla/Secure_Global_CA.crt, mozilla/SecureSign_RootCA11.crt, mozilla/SecureTrust_CA.crt, mozilla/Security_Communication_EV_RootCA1.crt, mozilla/Security_Communication_RootCA2.crt, mozilla/Security_Communication_Root_CA.crt, mozilla/Sonera_Class_1_Root_CA.crt, mozilla/Sonera_Class_2_Root_CA.crt, mozilla/Staat_der_Nederlanden_Root_CA.crt, mozilla/Staat_der_Nederlanden_Root_CA_-_G2.crt, mozilla/Starfield_Class_2_CA.crt, mozilla/Starfield_Root_Certificate_Authority_-_G2.crt, mozilla/Starfield_Services_Root_Certificate_Authority_-_G2.crt, mozilla/StartCom_Certification_Authority.crt, mozilla/StartCom_Certification_Authority_G2.crt, mozilla/S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.crt, mozilla/Swisscom_Root_CA_1.crt, mozilla/SwissSign_Gold_CA_-_G2.crt, mozilla/SwissSign_Platinum_CA_-_G2.crt, mozilla/SwissSign_Silver_CA_-_G2.crt, mozilla/TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.crt, mozilla/Taiwan_GRCA.crt, mozilla/TC_TrustCenter_Class_2_CA_II.crt, mozilla/TC_TrustCenter_Class_3_CA_II.crt, mozilla/TC_TrustCenter_Universal_CA_I.crt, mozilla/TC_TrustCenter_Universal_CA_III.crt, mozilla/TDC_Internet_Root_CA.crt, mozilla/TDC_OCES_Root_CA.crt, mozilla/Thawte_Premium_Server_CA.crt, mozilla/thawte_Primary_Root_CA.crt, mozilla/thawte_Primary_Root_CA_-_G2.crt, mozilla/thawte_Primary_Root_CA_-_G3.crt, mozilla/Thawte_Server_CA.crt, mozilla/Trustis_FPS_Root_CA.crt, mozilla/T-TeleSec_GlobalRoot_Class_3.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_1.crt, mozilla/TURKTRUST_Certificate_Services_Provider_Root_2.crt, mozilla/TWCA_Root_Certification_Authority.crt, mozilla/UTN_DATACorp_SGC_Root_CA.crt, mozilla/UTN_USERFirst_Email_Root_CA.crt, mozilla/UTN_USERFirst_Hardware_Root_CA.crt, mozilla/ValiCert_Class_1_VA.crt, mozilla/ValiCert_Class_2_VA.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.crt, mozilla/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.crt, mozilla/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.crt, mozilla/Verisign_Class_4_Public_Primary_Certification_Authority_-_G3.crt, mozilla/VeriSign_Universal_Root_Certification_Authority.crt, mozilla/Visa_eCommerce_Root.crt, mozilla/Wells_Fargo_Root_CA.crt, mozilla/WellsSecure_Public_Root_Certificate_Authority.crt, mozilla/XRamp_Global_CA_Root.crt, spi-inc.org/spi-ca-2003.crt, spi-inc.org/spi-cacert-2008.crt + +Name: ca-certificates/new_crts +Template: ca-certificates/new_crts +Owners: ca-certificates +Variables: + new_crts = + +Name: ca-certificates/title +Template: ca-certificates/title +Owners: ca-certificates + +Name: ca-certificates/trust_new_crts +Template: ca-certificates/trust_new_crts +Value: yes +Owners: ca-certificates + +Name: console-setup/charmap47 +Template: console-setup/charmap47 +Value: ISO-8859-1 +Owners: console-setup +Variables: + CHOICES = ARMSCII-8, CP1251, CP1255, CP1256, GEORGIAN-ACADEMY, GEORGIAN-PS, IBM1133, ISIRI-3342, ISO-8859-1, ISO-8859-10, ISO-8859-11, ISO-8859-13, ISO-8859-14, ISO-8859-15, ISO-8859-16, ISO-8859-2, ISO-8859-3, ISO-8859-4, ISO-8859-5, ISO-8859-6, ISO-8859-7, ISO-8859-8, ISO-8859-9, KOI8-R, KOI8-U, TIS-620, UTF-8, VISCII + +Name: console-setup/codeset47 +Template: console-setup/codeset47 +Value: # Latin1 and Latin5 - western Europe and Turkic languages +Owners: console-setup + +Name: console-setup/codesetcode +Template: console-setup/codesetcode +Value: Lat15 +Owners: console-setup + +Name: console-setup/fontface47 +Template: console-setup/fontface47 +Value: Fixed +Owners: console-setup +Variables: + CHOICES = Fixed, Terminus, TerminusBold, TerminusBoldVGA, VGA, Do not change the boot/kernel font, Let the system select a suitable font + +Name: console-setup/fontsize +Template: console-setup/fontsize +Value: 8x16 +Owners: console-setup + +Name: console-setup/fontsize-fb47 +Template: console-setup/fontsize-fb47 +Value: 8x16 +Owners: console-setup +Variables: + CHOICES = 8x13, 8x14, 8x15, 8x16, 8x18 + +Name: console-setup/fontsize-text47 +Template: console-setup/fontsize-text47 +Value: 8x16 +Owners: console-setup + +Name: console-setup/framebuffer_only +Template: console-setup/framebuffer_only +Owners: console-setup + +Name: console-setup/guess_font +Template: console-setup/guess_font +Owners: console-setup + +Name: console-setup/store_defaults_in_debconf_db +Template: console-setup/store_defaults_in_debconf_db +Value: true +Owners: console-setup + +Name: console-setup/use_system_font +Template: console-setup/use_system_font +Owners: console-setup + +Name: dash/sh +Template: dash/sh +Value: true +Owners: dash +Flags: seen + +Name: debconf-apt-progress/info +Template: debconf-apt-progress/info +Owners: debconf + +Name: debconf-apt-progress/media-change +Template: debconf-apt-progress/media-change +Owners: debconf + +Name: debconf-apt-progress/preparing +Template: debconf-apt-progress/preparing +Owners: debconf + +Name: debconf-apt-progress/title +Template: debconf-apt-progress/title +Owners: debconf + +Name: debconf/frontend +Template: debconf/frontend +Value: Dialog +Owners: debconf + +Name: debconf/priority +Template: debconf/priority +Value: high +Owners: debconf + +Name: debian-installer/console-setup-udeb/title +Template: debian-installer/console-setup-udeb/title +Owners: keyboard-configuration + +Name: debian-installer/country +Template: debian-installer/country +Value: US +Owners: d-i + +Name: debian-installer/language +Template: debian-installer/language +Value: en +Owners: d-i + +Name: dictionaries-common/default-ispell +Template: dictionaries-common/default-ispell +Value: american (American English) +Owners: dictionaries-common +Flags: seen +Variables: + choices = american (American English), british (British English) + echoices = american (American English), british (British English) + +Name: dictionaries-common/default-wordlist +Template: dictionaries-common/default-wordlist +Value: american (American English) +Owners: dictionaries-common +Flags: seen +Variables: + choices = american (American English) + echoices = american (American English) + +Name: dictionaries-common/invalid_debconf_value +Template: dictionaries-common/invalid_debconf_value +Owners: dictionaries-common + +Name: dictionaries-common/ispell-autobuildhash-message +Template: dictionaries-common/ispell-autobuildhash-message +Owners: dictionaries-common + +Name: dictionaries-common/move_old_usr_dict +Template: dictionaries-common/move_old_usr_dict +Owners: dictionaries-common + +Name: dictionaries-common/old_wordlist_link +Template: dictionaries-common/old_wordlist_link +Owners: dictionaries-common + +Name: dictionaries-common/remove_old_usr_dict_link +Template: dictionaries-common/remove_old_usr_dict_link +Value: false +Owners: dictionaries-common + +Name: dictionaries-common/selecting_ispell_wordlist_default +Template: dictionaries-common/selecting_ispell_wordlist_default +Owners: dictionaries-common + +Name: discover/install_hw_packages +Template: discover/install_hw_packages +Owners: discover + +Name: exim4-base/drec +Template: exim4-base/drec +Owners: exim4-base + +Name: exim4-daemon-light/drec +Template: exim4-daemon-light/drec +Owners: exim4-daemon-light + +Name: exim4/dc_eximconfig_configtype +Template: exim4/dc_eximconfig_configtype +Value: local delivery only; not on a network +Owners: exim4-config + +Name: exim4/dc_local_interfaces +Template: exim4/dc_local_interfaces +Value: 127.0.0.1 ; ::1 +Owners: exim4-config + +Name: exim4/dc_localdelivery +Template: exim4/dc_localdelivery +Value: mbox format in /var/mail/ +Owners: exim4-config + +Name: exim4/dc_minimaldns +Template: exim4/dc_minimaldns +Value: false +Owners: exim4-config + +Name: exim4/dc_other_hostnames +Template: exim4/dc_other_hostnames +Value: ahha.citrite.net +Owners: exim4-config +Flags: mailname +Variables: + fqdn = ahha.citrite.net + +Name: exim4/dc_postmaster +Template: exim4/dc_postmaster +Value: vagrant +Owners: exim4-config + +Name: exim4/dc_readhost +Template: exim4/dc_readhost +Owners: exim4-config + +Name: exim4/dc_relay_domains +Template: exim4/dc_relay_domains +Owners: exim4-config + +Name: exim4/dc_relay_nets +Template: exim4/dc_relay_nets +Owners: exim4-config + +Name: exim4/dc_smarthost +Template: exim4/dc_smarthost +Owners: exim4-config + +Name: exim4/drec +Template: exim4/drec +Owners: exim4 + +Name: exim4/exim4-config-title +Template: exim4/exim4-config-title +Owners: exim4-config + +Name: exim4/hide_mailname +Template: exim4/hide_mailname +Owners: exim4-config + +Name: exim4/mailname +Template: exim4/mailname +Value: ahha.citrite.net +Owners: exim4-config + +Name: exim4/no_config +Template: exim4/no_config +Owners: exim4-config + +Name: exim4/purge_spool +Template: exim4/purge_spool +Owners: exim4-base + +Name: exim4/use_split_config +Template: exim4/use_split_config +Value: false +Owners: exim4-config + +Name: glibc/disable-screensaver +Template: glibc/disable-screensaver +Owners: libc6, libc6:i386 + +Name: glibc/restart-failed +Template: glibc/restart-failed +Owners: libc6, libc6:i386 + +Name: glibc/restart-services +Template: glibc/restart-services +Owners: libc6, libc6:i386 + +Name: glibc/upgrade +Template: glibc/upgrade +Owners: libc6, libc6:i386 + +Name: grub-pc/chainload_from_menu.lst +Template: grub-pc/chainload_from_menu.lst +Owners: grub-pc + +Name: grub-pc/disk_description +Template: grub-pc/disk_description +Owners: grub-pc +Variables: + DEVICE = /dev/mapper/ahha-root + MODEL = ahha-root + SIZE = 1753 + +Name: grub-pc/install_devices +Template: grub-pc/install_devices +Value: /dev/disk/by-id/ata-VBOX_HARDDISK_VBe38481e3-55a686f1 +Owners: grub-pc +Flags: seen +Variables: + CHOICES = /dev/sda (2147 MB; VBOX_HARDDISK), - /dev/sda1 (254 MB; /boot), /dev/mapper/ahha-root (1753 MB; ahha-root) + RAW_CHOICES = /dev/disk/by-id/ata-VBOX_HARDDISK_VBe38481e3-55a686f1, /dev/disk/by-id/ata-VBOX_HARDDISK_VBe38481e3-55a686f1-part1, /dev/mapper/ahha-root + +Name: grub-pc/install_devices_disks_changed +Template: grub-pc/install_devices_disks_changed +Owners: grub-pc + +Name: grub-pc/install_devices_empty +Template: grub-pc/install_devices_empty +Value: false +Owners: grub-pc + +Name: grub-pc/install_devices_failed +Template: grub-pc/install_devices_failed +Owners: grub-pc + +Name: grub-pc/install_devices_failed_upgrade +Template: grub-pc/install_devices_failed_upgrade +Owners: grub-pc + +Name: grub-pc/kopt_extracted +Template: grub-pc/kopt_extracted +Owners: grub-pc + +Name: grub-pc/mixed_legacy_and_grub2 +Template: grub-pc/mixed_legacy_and_grub2 +Owners: grub-pc + +Name: grub-pc/partition_description +Template: grub-pc/partition_description +Owners: grub-pc +Variables: + DEVICE = /dev/sda1 + PATH = /boot + SIZE = 254 + +Name: grub-pc/postrm_purge_boot_grub +Template: grub-pc/postrm_purge_boot_grub +Owners: grub-pc + +Name: grub2/device_map_regenerated +Template: grub2/device_map_regenerated +Owners: grub-pc + +Name: grub2/kfreebsd_cmdline +Template: grub2/kfreebsd_cmdline +Owners: grub-pc + +Name: grub2/kfreebsd_cmdline_default +Template: grub2/kfreebsd_cmdline_default +Owners: grub-pc + +Name: grub2/linux_cmdline +Template: grub2/linux_cmdline +Value: debian-installer=en_US +Owners: grub-pc +Flags: seen + +Name: grub2/linux_cmdline_default +Template: grub2/linux_cmdline_default +Value: quiet +Owners: grub-pc +Flags: seen + +Name: iamerican/languages +Template: iamerican/languages +Owners: iamerican + +Name: ibritish/languages +Template: ibritish/languages +Owners: ibritish + +Name: keyboard-configuration/altgr +Template: keyboard-configuration/altgr +Value: The default for the keyboard layout +Owners: d-i, keyboard-configuration +Flags: seen + +Name: keyboard-configuration/compose +Template: keyboard-configuration/compose +Value: No compose key +Owners: d-i, keyboard-configuration +Flags: seen + +Name: keyboard-configuration/ctrl_alt_bksp +Template: keyboard-configuration/ctrl_alt_bksp +Value: false +Owners: d-i, keyboard-configuration + +Name: keyboard-configuration/layout +Template: keyboard-configuration/layout +Owners: d-i, keyboard-configuration +Flags: seen + +Name: keyboard-configuration/layoutcode +Template: keyboard-configuration/layoutcode +Value: us +Owners: d-i, keyboard-configuration +Flags: seen + +Name: keyboard-configuration/model +Template: keyboard-configuration/model +Value: Generic 105-key (Intl) PC +Owners: d-i, keyboard-configuration +Flags: seen +Variables: + CHOICES = A4Tech KB-21, A4Tech KBS-8, A4Tech Wireless Desktop RFKB-23, Acer AirKey V, Acer C300, Acer Ferrari 4000, Acer Laptop, Advance Scorpius KI, Amiga, Apple, Apple Aluminium Keyboard (ANSI), Apple Aluminium Keyboard (ISO), Apple Aluminium Keyboard (JIS), Apple Laptop, Asus Laptop, Atari TT, Azona RF2300 wireless Internet Keyboard, BenQ X-Touch, BenQ X-Touch 730, BenQ X-Touch 800, Brother Internet Keyboard, BTC 5090, BTC 5113RF Multimedia, BTC 5126T, BTC 6301URF, BTC 9000, BTC 9000A, BTC 9001AH, BTC 9019U, BTC 9116U Mini Wireless Internet and Gaming, Cherry Blue Line CyBo@rd, Cherry Blue Line CyBo@rd (alternate option), Cherry B.UNLIMITED, Cherry CyBo@rd USB-Hub, Cherry CyMotion Expert, Cherry CyMotion Master Linux, Cherry CyMotion Master XPress, Chicony Internet Keyboard, Chicony KB-9885, Chicony KU-0108, Chicony KU-0420, Classmate PC, Compaq Easy Access Keyboard, Compaq Internet Keyboard (13 keys), Compaq Internet Keyboard (18 keys), Compaq Internet Keyboard (7 keys), Compaq iPaq Keyboard, Creative Desktop Wireless 7000, Dell, Dell 101-key PC, Dell Laptop/notebook Inspiron 6xxx/8xxx, Dell Laptop/notebook Precision M series, Dell Latitude series laptop, Dell Precision M65, Dell SK-8125, Dell SK-8135, Dell USB Multimedia Keyboard, Dexxa Wireless Desktop Keyboard, Diamond 9801 / 9802 series, DTK2000, Ennyah DKB-1008, Everex STEPnote, FL90, Fujitsu-Siemens Computers AMILO laptop, Generic 101-key PC, Generic 102-key (Intl) PC, Generic 104-key PC, Generic 105-key (Intl) PC, Genius Comfy KB-12e, Genius Comfy KB-16M / Genius MM Keyboard KWD-910, Genius Comfy KB-21e-Scroll, Genius KB-19e NB, Genius KKB-2050HS, Gyration, Happy Hacking Keyboard, Happy Hacking Keyboard for Mac, Hewlett-Packard Internet Keyboard, Hewlett-Packard Mini 110 Notebook, Hewlett-Packard nx9020, Hewlett-Packard Omnibook 500 FA, Hewlett-Packard Omnibook 5xx, Hewlett-Packard Omnibook 6000/6100, Hewlett-Packard Omnibook XE3 GC, Hewlett-Packard Omnibook XE3 GF, Hewlett-Packard Omnibook XT1000, Hewlett-Packard Pavilion dv5, Hewlett-Packard Pavilion ZT11xx, Hewlett-Packard SK-250x Multimedia Keyboard, Honeywell Euroboard, HTC Dream, Htc Dream phone, IBM Rapid Access, IBM Rapid Access II, IBM Space Saver, IBM ThinkPad 560Z/600/600E/A22E, IBM ThinkPad R60/T60/R61/T61, IBM ThinkPad Z60m/Z60t/Z61m/Z61t, Keytronic FlexPro, Kinesis, Laptop/notebook Compaq (eg. Armada) Laptop Keyboard, Laptop/notebook Compaq (eg. Presario) Internet Keyboard, Laptop/notebook eMachines m68xx, Logitech Access Keyboard, Logitech Cordless Desktop, Logitech Cordless Desktop (alternate option), Logitech Cordless Desktop EX110, Logitech Cordless Desktop iTouch, Logitech Cordless Desktop LX-300, Logitech Cordless Desktop Navigator, Logitech Cordless Desktop Optical, Logitech Cordless Desktop Pro (alternate option 2), Logitech Cordless Freedom/Desktop Navigator, Logitech diNovo Edge Keyboard, Logitech diNovo Keyboard, Logitech G15 extra keys via G15daemon, Logitech Generic Keyboard, Logitech Internet 350 Keyboard, Logitech Internet Keyboard, Logitech Internet Navigator Keyboard, Logitech iTouch, Logitech iTouch Cordless Keyboard (model Y-RB6), Logitech iTouch Internet Navigator Keyboard SE, Logitech iTouch Internet Navigator Keyboard SE (USB), Logitech Media Elite Keyboard, Logitech Ultra-X Cordless Media Desktop Keyboard, Logitech Ultra-X Keyboard, MacBook/MacBook Pro, MacBook/MacBook Pro (Intl), Macintosh, Macintosh Old, Memorex MX1998, Memorex MX2500 EZ-Access Keyboard, Memorex MX2750, Microsoft Comfort Curve Keyboard 2000, Microsoft Internet Keyboard, Microsoft Internet Keyboard Pro\, Swedish, Microsoft Natural, Microsoft Natural Keyboard Elite, Microsoft Natural Keyboard Pro OEM, Microsoft Natural Keyboard Pro / Microsoft Internet Keyboard Pro, Microsoft Natural Keyboard Pro USB / Microsoft Internet Keyboard Pro, Microsoft Natural Wireless Ergonomic Keyboard 4000, Microsoft Natural Wireless Ergonomic Keyboard 7000, Microsoft Office Keyboard, Microsoft Wireless Multimedia Keyboard 1.0A, Northgate OmniKey 101, OLPC, Ortek MCK-800 MM/Internet keyboard, PC-98xx Series, Propeller Voyager (KTEZ-1000), QTronix Scorpius 98N+, Samsung SDM 4500P, Samsung SDM 4510P, Sanwa Supply SKB-KG3, SILVERCREST Multimedia Wireless Keyboard, SK-1300, SK-2500, SK-6200, SK-7100, Sun Type 4, Sun Type 5, Sun Type 5/6, Super Power Multimedia Keyboard, SVEN Ergonomic 2500, SVEN Slim 303, Symplon PaceBook (tablet PC), Targa Visionary 811, Toshiba Satellite S3000, Trust Direct Access Keyboard, Trust Slimline, Trust Wireless Keyboard Classic, TypeMatrix EZ-Reach 2020, TypeMatrix EZ-Reach 2030 PS2, TypeMatrix EZ-Reach 2030 USB, TypeMatrix EZ-Reach 2030 USB (102/105:EU mode), TypeMatrix EZ-Reach 2030 USB (106:JP mode), Unitek KB-1925, ViewSonic KU-306 Internet Keyboard, Winbook Model XP5, Yahoo! Internet Keyboard + +Name: keyboard-configuration/modelcode +Template: keyboard-configuration/modelcode +Value: pc105 +Owners: d-i, keyboard-configuration +Flags: seen + +Name: keyboard-configuration/optionscode +Template: keyboard-configuration/optionscode +Value: +Owners: d-i, keyboard-configuration +Flags: seen + +Name: keyboard-configuration/other +Template: keyboard-configuration/other +Owners: d-i, keyboard-configuration +Flags: seen + +Name: keyboard-configuration/store_defaults_in_debconf_db +Template: keyboard-configuration/store_defaults_in_debconf_db +Value: true +Owners: d-i, keyboard-configuration +Flags: seen + +Name: keyboard-configuration/switch +Template: keyboard-configuration/switch +Value: No temporary switch +Owners: d-i, keyboard-configuration +Flags: seen + +Name: keyboard-configuration/toggle +Template: keyboard-configuration/toggle +Value: No toggling +Owners: d-i, keyboard-configuration +Flags: seen + +Name: keyboard-configuration/unsupported_config_layout +Template: keyboard-configuration/unsupported_config_layout +Value: true +Owners: d-i, keyboard-configuration + +Name: keyboard-configuration/unsupported_config_options +Template: keyboard-configuration/unsupported_config_options +Value: true +Owners: d-i, keyboard-configuration + +Name: keyboard-configuration/unsupported_layout +Template: keyboard-configuration/unsupported_layout +Value: true +Owners: d-i, keyboard-configuration + +Name: keyboard-configuration/unsupported_options +Template: keyboard-configuration/unsupported_options +Value: true +Owners: d-i, keyboard-configuration + +Name: keyboard-configuration/variant +Template: keyboard-configuration/variant +Value: English (US) +Owners: d-i, keyboard-configuration +Flags: seen +Variables: + CHOICES = English (US), English (US) - Cherokee, English (US) - English (classic Dvorak), English (US) - English (Colemak), English (US) - English (Dvorak), English (US) - English (Dvorak alternative international no dead keys), English (US) - English (Dvorak international with dead keys), English (US) - English (international AltGr dead keys), English (US) - English (layout toggle on multiply/divide key), English (US) - English (left handed Dvorak), English (US) - English (Macintosh), English (US) - English (programmer Dvorak), English (US) - English (right handed Dvorak), English (US) - English (US\, alternative international), English (US) - English (US\, international with dead keys), English (US) - English (US\, with euro on 5), English (US) - Russian (US\, phonetic), English (US) - Serbo-Croatian (US), Other + +Name: keyboard-configuration/variantcode +Template: keyboard-configuration/variantcode +Value: +Owners: d-i, keyboard-configuration +Flags: seen + +Name: keyboard-configuration/xkb-keymap +Template: keyboard-configuration/xkb-keymap +Value: us +Owners: d-i, keyboard-configuration +Flags: seen + +Name: libpam-modules/disable-screensaver +Template: libpam-modules/disable-screensaver +Owners: libpam-modules + +Name: libpam-runtime/conflicts +Template: libpam-runtime/conflicts +Owners: libpam-runtime + +Name: libpam-runtime/no_profiles_chosen +Template: libpam-runtime/no_profiles_chosen +Owners: libpam-runtime + +Name: libpam-runtime/override +Template: libpam-runtime/override +Value: false +Owners: libpam-runtime + +Name: libpam-runtime/profiles +Template: libpam-runtime/profiles +Value: unix +Owners: libpam-runtime +Variables: + profile_names = unix + profiles = Unix authentication + +Name: libpam-runtime/title +Template: libpam-runtime/title +Owners: libpam-runtime + +Name: libpam0g/restart-failed +Template: libpam0g/restart-failed +Owners: libpam0g:i386 + +Name: libpam0g/restart-services +Template: libpam0g/restart-services +Owners: libpam0g:i386 + +Name: libpam0g/xdm-needs-restart +Template: libpam0g/xdm-needs-restart +Owners: libpam0g:i386 + +Name: libraries/restart-without-asking +Template: libraries/restart-without-asking +Owners: libc6, libc6:i386, libpam0g:i386 + +Name: libssl1.0.0/restart-failed +Template: libssl1.0.0/restart-failed +Owners: libssl1.0.0:i386 + +Name: libssl1.0.0/restart-services +Template: libssl1.0.0/restart-services +Owners: libssl1.0.0:i386 + +Name: linux-base/disk-id-convert-auto +Template: linux-base/disk-id-convert-auto +Owners: linux-base + +Name: linux-base/disk-id-convert-plan +Template: linux-base/disk-id-convert-plan +Owners: linux-base + +Name: linux-base/disk-id-convert-plan-no-relabel +Template: linux-base/disk-id-convert-plan-no-relabel +Owners: linux-base + +Name: linux-base/disk-id-manual +Template: linux-base/disk-id-manual +Owners: linux-base + +Name: linux-base/disk-id-manual-boot-loader +Template: linux-base/disk-id-manual-boot-loader +Owners: linux-base + +Name: linux-base/disk-id-update-failed +Template: linux-base/disk-id-update-failed +Owners: linux-base + +Name: linux-base/do-bootloader-default-changed +Template: linux-base/do-bootloader-default-changed +Owners: linux-base + +Name: linux-image-3.2.0-4-686-pae/postinst/depmod-error-initrd-3.2.0-4-686-pae +Template: linux-image-3.2.0-4-686-pae/postinst/depmod-error-initrd-3.2.0-4-686-pae +Owners: linux-image-3.2.0-4-686-pae + +Name: linux-image-3.2.0-4-686-pae/postinst/ignoring-ramdisk +Template: linux-image-3.2.0-4-686-pae/postinst/ignoring-ramdisk +Owners: linux-image-3.2.0-4-686-pae + +Name: linux-image-3.2.0-4-686-pae/postinst/missing-firmware-3.2.0-4-686-pae +Template: linux-image-3.2.0-4-686-pae/postinst/missing-firmware-3.2.0-4-686-pae +Owners: linux-image-3.2.0-4-686-pae + +Name: linux-image-3.2.0-4-686-pae/prerm/removing-running-kernel-3.2.0-4-686-pae +Template: linux-image-3.2.0-4-686-pae/prerm/removing-running-kernel-3.2.0-4-686-pae +Owners: linux-image-3.2.0-4-686-pae + +Name: locales/default_environment_locale +Template: locales/default_environment_locale +Owners: locales + +Name: locales/locales_to_be_generated +Template: locales/locales_to_be_generated +Value: +Owners: locales +Variables: + locales = aa_DJ ISO-8859-1, aa_DJ.UTF-8 UTF-8, aa_ER UTF-8, aa_ER@saaho UTF-8, aa_ET UTF-8, af_ZA ISO-8859-1, af_ZA.UTF-8 UTF-8, am_ET UTF-8, an_ES ISO-8859-15, an_ES.UTF-8 UTF-8, ar_AE ISO-8859-6, ar_AE.UTF-8 UTF-8, ar_BH ISO-8859-6, ar_BH.UTF-8 UTF-8, ar_DZ ISO-8859-6, ar_DZ.UTF-8 UTF-8, ar_EG ISO-8859-6, ar_EG.UTF-8 UTF-8, ar_IN UTF-8, ar_IQ ISO-8859-6, ar_IQ.UTF-8 UTF-8, ar_JO ISO-8859-6, ar_JO.UTF-8 UTF-8, ar_KW ISO-8859-6, ar_KW.UTF-8 UTF-8, ar_LB ISO-8859-6, ar_LB.UTF-8 UTF-8, ar_LY ISO-8859-6, ar_LY.UTF-8 UTF-8, ar_MA ISO-8859-6, ar_MA.UTF-8 UTF-8, ar_OM ISO-8859-6, ar_OM.UTF-8 UTF-8, ar_QA ISO-8859-6, ar_QA.UTF-8 UTF-8, ar_SA ISO-8859-6, ar_SA.UTF-8 UTF-8, ar_SD ISO-8859-6, ar_SD.UTF-8 UTF-8, ar_SY ISO-8859-6, ar_SY.UTF-8 UTF-8, ar_TN ISO-8859-6, ar_TN.UTF-8 UTF-8, ar_YE ISO-8859-6, ar_YE.UTF-8 UTF-8, as_IN.UTF-8 UTF-8, ast_ES ISO-8859-15, ast_ES.UTF-8 UTF-8, az_AZ.UTF-8 UTF-8, be_BY CP1251, be_BY.UTF-8 UTF-8, be_BY@latin UTF-8, bem_ZM UTF-8, ber_DZ UTF-8, ber_MA UTF-8, bg_BG CP1251, bg_BG.UTF-8 UTF-8, bn_BD UTF-8, bn_IN UTF-8, bo_CN UTF-8, bo_IN UTF-8, br_FR ISO-8859-1, br_FR.UTF-8 UTF-8, br_FR@euro ISO-8859-15, bs_BA ISO-8859-2, bs_BA.UTF-8 UTF-8, byn_ER UTF-8, ca_AD ISO-8859-15, ca_AD.UTF-8 UTF-8, ca_ES ISO-8859-1, ca_ES.UTF-8 UTF-8, ca_ES.UTF-8@valencia UTF-8, ca_ES@euro ISO-8859-15, ca_ES@valencia ISO-8859-15, ca_FR ISO-8859-15, ca_FR.UTF-8 UTF-8, ca_IT ISO-8859-15, ca_IT.UTF-8 UTF-8, crh_UA UTF-8, cs_CZ ISO-8859-2, cs_CZ.UTF-8 UTF-8, csb_PL UTF-8, cv_RU UTF-8, cy_GB ISO-8859-14, cy_GB.UTF-8 UTF-8, da_DK ISO-8859-1, da_DK.UTF-8 UTF-8, de_AT ISO-8859-1, de_AT.UTF-8 UTF-8, de_AT@euro ISO-8859-15, de_BE ISO-8859-1, de_BE.UTF-8 UTF-8, de_BE@euro ISO-8859-15, de_CH ISO-8859-1, de_CH.UTF-8 UTF-8, de_DE ISO-8859-1, de_DE.UTF-8 UTF-8, de_DE@euro ISO-8859-15, de_LI.UTF-8 UTF-8, de_LU ISO-8859-1, de_LU.UTF-8 UTF-8, de_LU@euro ISO-8859-15, dv_MV UTF-8, dz_BT UTF-8, el_CY ISO-8859-7, el_CY.UTF-8 UTF-8, el_GR ISO-8859-7, el_GR.UTF-8 UTF-8, en_AG UTF-8, en_AU ISO-8859-1, en_AU.UTF-8 UTF-8, en_BW ISO-8859-1, en_BW.UTF-8 UTF-8, en_CA ISO-8859-1, en_CA.UTF-8 UTF-8, en_DK ISO-8859-1, en_DK.ISO-8859-15 ISO-8859-15, en_DK.UTF-8 UTF-8, en_GB ISO-8859-1, en_GB.ISO-8859-15 ISO-8859-15, en_GB.UTF-8 UTF-8, en_HK ISO-8859-1, en_HK.UTF-8 UTF-8, en_IE ISO-8859-1, en_IE.UTF-8 UTF-8, en_IE@euro ISO-8859-15, en_IN UTF-8, en_NG UTF-8, en_NZ ISO-8859-1, en_NZ.UTF-8 UTF-8, en_PH ISO-8859-1, en_PH.UTF-8 UTF-8, en_SG ISO-8859-1, en_SG.UTF-8 UTF-8, en_US ISO-8859-1, en_US.ISO-8859-15 ISO-8859-15, en_US.UTF-8 UTF-8, en_ZA ISO-8859-1, en_ZA.UTF-8 UTF-8, en_ZM UTF-8, en_ZW ISO-8859-1, en_ZW.UTF-8 UTF-8, eo ISO-8859-3, eo.UTF-8 UTF-8, es_AR ISO-8859-1, es_AR.UTF-8 UTF-8, es_BO ISO-8859-1, es_BO.UTF-8 UTF-8, es_CL ISO-8859-1, es_CL.UTF-8 UTF-8, es_CO ISO-8859-1, es_CO.UTF-8 UTF-8, es_CR ISO-8859-1, es_CR.UTF-8 UTF-8, es_DO ISO-8859-1, es_DO.UTF-8 UTF-8, es_EC ISO-8859-1, es_EC.UTF-8 UTF-8, es_ES ISO-8859-1, es_ES.UTF-8 UTF-8, es_ES@euro ISO-8859-15, es_GT ISO-8859-1, es_GT.UTF-8 UTF-8, es_HN ISO-8859-1, es_HN.UTF-8 UTF-8, es_MX ISO-8859-1, es_MX.UTF-8 UTF-8, es_NI ISO-8859-1, es_NI.UTF-8 UTF-8, es_PA ISO-8859-1, es_PA.UTF-8 UTF-8, es_PE ISO-8859-1, es_PE.UTF-8 UTF-8, es_PR ISO-8859-1, es_PR.UTF-8 UTF-8, es_PY ISO-8859-1, es_PY.UTF-8 UTF-8, es_SV ISO-8859-1, es_SV.UTF-8 UTF-8, es_US ISO-8859-1, es_US.UTF-8 UTF-8, es_UY ISO-8859-1, es_UY.UTF-8 UTF-8, es_VE ISO-8859-1, es_VE.UTF-8 UTF-8, et_EE ISO-8859-1, et_EE.ISO-8859-15 ISO-8859-15, et_EE.UTF-8 UTF-8, eu_ES ISO-8859-1, eu_ES.UTF-8 UTF-8, eu_ES@euro ISO-8859-15, eu_FR ISO-8859-1, eu_FR.UTF-8 UTF-8, eu_FR@euro ISO-8859-15, fa_IR UTF-8, ff_SN UTF-8, fi_FI ISO-8859-1, fi_FI.UTF-8 UTF-8, fi_FI@euro ISO-8859-15, fil_PH UTF-8, fo_FO ISO-8859-1, fo_FO.UTF-8 UTF-8, fr_BE ISO-8859-1, fr_BE.UTF-8 UTF-8, fr_BE@euro ISO-8859-15, fr_CA ISO-8859-1, fr_CA.UTF-8 UTF-8, fr_CH ISO-8859-1, fr_CH.UTF-8 UTF-8, fr_FR ISO-8859-1, fr_FR.UTF-8 UTF-8, fr_FR@euro ISO-8859-15, fr_LU ISO-8859-1, fr_LU.UTF-8 UTF-8, fr_LU@euro ISO-8859-15, fur_IT UTF-8, fy_DE UTF-8, fy_NL UTF-8, ga_IE ISO-8859-1, ga_IE.UTF-8 UTF-8, ga_IE@euro ISO-8859-15, gd_GB ISO-8859-15, gd_GB.UTF-8 UTF-8, gez_ER UTF-8, gez_ER@abegede UTF-8, gez_ET UTF-8, gez_ET@abegede UTF-8, gl_ES ISO-8859-1, gl_ES.UTF-8 UTF-8, gl_ES@euro ISO-8859-15, gu_IN UTF-8, gv_GB ISO-8859-1, gv_GB.UTF-8 UTF-8, ha_NG UTF-8, he_IL ISO-8859-8, he_IL.UTF-8 UTF-8, hi_IN UTF-8, hne_IN UTF-8, hr_HR ISO-8859-2, hr_HR.UTF-8 UTF-8, hsb_DE ISO-8859-2, hsb_DE.UTF-8 UTF-8, ht_HT UTF-8, hu_HU ISO-8859-2, hu_HU.UTF-8 UTF-8, hy_AM UTF-8, hy_AM.ARMSCII-8 ARMSCII-8, ia UTF-8, id_ID ISO-8859-1, id_ID.UTF-8 UTF-8, ig_NG UTF-8, ik_CA UTF-8, is_IS ISO-8859-1, is_IS.UTF-8 UTF-8, it_CH ISO-8859-1, it_CH.UTF-8 UTF-8, it_IT ISO-8859-1, it_IT.UTF-8 UTF-8, it_IT@euro ISO-8859-15, iu_CA UTF-8, iw_IL ISO-8859-8, iw_IL.UTF-8 UTF-8, ja_JP.EUC-JP EUC-JP, ja_JP.UTF-8 UTF-8, ka_GE GEORGIAN-PS, ka_GE.UTF-8 UTF-8, kk_KZ PT154, kk_KZ RK1048, kk_KZ.UTF-8 UTF-8, kl_GL ISO-8859-1, kl_GL.UTF-8 UTF-8, km_KH UTF-8, kn_IN UTF-8, ko_KR.EUC-KR EUC-KR, ko_KR.UTF-8 UTF-8, kok_IN UTF-8, ks_IN UTF-8, ks_IN@devanagari UTF-8, ku_TR ISO-8859-9, ku_TR.UTF-8 UTF-8, kw_GB ISO-8859-1, kw_GB.UTF-8 UTF-8, ky_KG UTF-8, lg_UG ISO-8859-10, lg_UG.UTF-8 UTF-8, li_BE UTF-8, li_NL UTF-8, lo_LA UTF-8, lt_LT ISO-8859-13, lt_LT.UTF-8 UTF-8, lv_LV ISO-8859-13, lv_LV.UTF-8 UTF-8, mai_IN UTF-8, mg_MG ISO-8859-15, mg_MG.UTF-8 UTF-8, mi_NZ ISO-8859-13, mi_NZ.UTF-8 UTF-8, mk_MK ISO-8859-5, mk_MK.UTF-8 UTF-8, ml_IN UTF-8, mn_MN UTF-8, mr_IN UTF-8, ms_MY ISO-8859-1, ms_MY.UTF-8 UTF-8, mt_MT ISO-8859-3, mt_MT.UTF-8 UTF-8, my_MM UTF-8, nan_TW@latin UTF-8, nb_NO ISO-8859-1, nb_NO.UTF-8 UTF-8, nds_DE UTF-8, nds_NL UTF-8, ne_NP UTF-8, nl_AW UTF-8, nl_BE ISO-8859-1, nl_BE.UTF-8 UTF-8, nl_BE@euro ISO-8859-15, nl_NL ISO-8859-1, nl_NL.UTF-8 UTF-8, nl_NL@euro ISO-8859-15, nn_NO ISO-8859-1, nn_NO.UTF-8 UTF-8, nr_ZA UTF-8, nso_ZA UTF-8, oc_FR ISO-8859-1, oc_FR.UTF-8 UTF-8, om_ET UTF-8, om_KE ISO-8859-1, om_KE.UTF-8 UTF-8, or_IN UTF-8, os_RU UTF-8, pa_IN UTF-8, pa_PK UTF-8, pap_AN UTF-8, pl_PL ISO-8859-2, pl_PL.UTF-8 UTF-8, ps_AF UTF-8, pt_BR ISO-8859-1, pt_BR.UTF-8 UTF-8, pt_PT ISO-8859-1, pt_PT.UTF-8 UTF-8, pt_PT@euro ISO-8859-15, ro_RO ISO-8859-2, ro_RO.UTF-8 UTF-8, ru_RU ISO-8859-5, ru_RU.CP1251 CP1251, ru_RU.KOI8-R KOI8-R, ru_RU.UTF-8 UTF-8, ru_UA KOI8-U, ru_UA.UTF-8 UTF-8, rw_RW UTF-8, sa_IN UTF-8, sc_IT UTF-8, sd_IN UTF-8, sd_IN@devanagari UTF-8, se_NO UTF-8, shs_CA UTF-8, si_LK UTF-8, sid_ET UTF-8, sk_SK ISO-8859-2, sk_SK.UTF-8 UTF-8, sl_SI ISO-8859-2, sl_SI.UTF-8 UTF-8, so_DJ ISO-8859-1, so_DJ.UTF-8 UTF-8, so_ET UTF-8, so_KE ISO-8859-1, so_KE.UTF-8 UTF-8, so_SO ISO-8859-1, so_SO.UTF-8 UTF-8, sq_AL ISO-8859-1, sq_AL.UTF-8 UTF-8, sq_MK UTF-8, sr_ME UTF-8, sr_RS UTF-8, sr_RS@latin UTF-8, ss_ZA UTF-8, st_ZA ISO-8859-1, st_ZA.UTF-8 UTF-8, sv_FI ISO-8859-1, sv_FI.UTF-8 UTF-8, sv_FI@euro ISO-8859-15, sv_SE ISO-8859-1, sv_SE.ISO-8859-15 ISO-8859-15, sv_SE.UTF-8 UTF-8, sw_KE UTF-8, sw_TZ UTF-8, ta_IN UTF-8, te_IN UTF-8, tg_TJ KOI8-T, tg_TJ.UTF-8 UTF-8, th_TH TIS-620, th_TH.UTF-8 UTF-8, ti_ER UTF-8, ti_ET UTF-8, tig_ER UTF-8, tk_TM UTF-8, tl_PH ISO-8859-1, tl_PH.UTF-8 UTF-8, tn_ZA UTF-8, tr_CY ISO-8859-9, tr_CY.UTF-8 UTF-8, tr_TR ISO-8859-9, tr_TR.UTF-8 UTF-8, ts_ZA UTF-8, tt_RU.UTF-8 UTF-8, tt_RU.UTF-8@iqtelif UTF-8, ug_CN UTF-8, uk_UA KOI8-U, uk_UA.UTF-8 UTF-8, ur_PK UTF-8, uz_UZ ISO-8859-1, uz_UZ.UTF-8 UTF-8, uz_UZ@cyrillic UTF-8, ve_ZA UTF-8, vi_VN UTF-8, vi_VN.TCVN TCVN5712-1, wa_BE ISO-8859-1, wa_BE.UTF-8 UTF-8, wa_BE@euro ISO-8859-15, wo_SN UTF-8, xh_ZA ISO-8859-1, xh_ZA.UTF-8 UTF-8, yi_US CP1255, yi_US.UTF-8 UTF-8, yo_NG UTF-8, zh_CN GB2312, zh_CN.GB18030 GB18030, zh_CN.GBK GBK, zh_CN.UTF-8 UTF-8, zh_HK BIG5-HKSCS, zh_HK.UTF-8 UTF-8, zh_SG GB2312, zh_SG.GBK GBK, zh_SG.UTF-8 UTF-8, zh_TW BIG5, zh_TW.EUC-TW EUC-TW, zh_TW.UTF-8 UTF-8, zu_ZA ISO-8859-1, zu_ZA.UTF-8 UTF-8 + +Name: make-ssl-cert/altname +Template: make-ssl-cert/altname +Owners: ssl-cert + +Name: make-ssl-cert/hostname +Template: make-ssl-cert/hostname +Owners: ssl-cert + +Name: make-ssl-cert/title +Template: make-ssl-cert/title +Owners: ssl-cert + +Name: make-ssl-cert/vulnerable_prng +Template: make-ssl-cert/vulnerable_prng +Owners: ssl-cert + +Name: man-db/auto-update +Template: man-db/auto-update +Owners: man-db + +Name: man-db/install-setuid +Template: man-db/install-setuid +Value: false +Owners: man-db + +Name: openswan/existing_x509_certificate_filename +Template: openswan/existing_x509_certificate_filename +Owners: openswan + +Name: openswan/existing_x509_key_filename +Template: openswan/existing_x509_key_filename +Owners: openswan + +Name: openswan/existing_x509_rootca_filename +Template: openswan/existing_x509_rootca_filename +Owners: openswan + +Name: openswan/how_to_get_x509_certificate +Template: openswan/how_to_get_x509_certificate +Owners: openswan + +Name: openswan/install_x509_certificate +Template: openswan/install_x509_certificate +Value: false +Owners: openswan +Flags: seen + +Name: openswan/no-oe_include_file +Template: openswan/no-oe_include_file +Owners: openswan + +Name: openswan/restart +Template: openswan/restart +Value: true +Owners: openswan + +Name: openswan/rsa_key_length +Template: openswan/rsa_key_length +Owners: openswan + +Name: openswan/runlevel_changes +Template: openswan/runlevel_changes +Owners: openswan + +Name: openswan/x509_common_name +Template: openswan/x509_common_name +Owners: openswan + +Name: openswan/x509_country_code +Template: openswan/x509_country_code +Owners: openswan + +Name: openswan/x509_email_address +Template: openswan/x509_email_address +Owners: openswan + +Name: openswan/x509_locality_name +Template: openswan/x509_locality_name +Owners: openswan + +Name: openswan/x509_organization_name +Template: openswan/x509_organization_name +Owners: openswan + +Name: openswan/x509_organizational_unit +Template: openswan/x509_organizational_unit +Owners: openswan + +Name: openswan/x509_self_signed +Template: openswan/x509_self_signed +Owners: openswan + +Name: openswan/x509_state_name +Template: openswan/x509_state_name +Owners: openswan + +Name: passwd/username +Template: passwd/username +Value: vagrant +Owners: user-setup-udeb +Flags: seen + +Name: shared/packages-ispell +Template: shared/packages-ispell +Owners: iamerican, ibritish + +Name: shared/packages-wordlist +Template: shared/packages-wordlist +Owners: wamerican + +Name: ssh/disable_cr_auth +Template: ssh/disable_cr_auth +Owners: openssh-server + +Name: ssh/encrypted_host_key_but_no_keygen +Template: ssh/encrypted_host_key_but_no_keygen +Owners: openssh-server + +Name: ssh/use_old_init_script +Template: ssh/use_old_init_script +Value: true +Owners: openssh-server +Flags: seen + +Name: ssh/vulnerable_host_keys +Template: ssh/vulnerable_host_keys +Owners: openssh-server + +Name: sysstat/enable +Template: sysstat/enable +Value: true +Owners: sysstat +Flags: seen + +Name: sysstat/remove_files +Template: sysstat/remove_files +Value: true +Owners: sysstat + +Name: tasksel/desktop +Template: tasksel/desktop +Owners: tasksel + +Name: tasksel/first +Template: tasksel/first +Value: ssh-server +Owners: tasksel +Variables: + CHOICES = Debian desktop environment, Web server, Print server, SQL database, DNS Server, File server, Mail server, SSH server, Laptop, Standard system utilities + CHOICES_C = desktop, web-server, print-server, database-server, dns-server, file-server, mail-server, ssh-server, laptop, standard + +Name: tasksel/tasks +Template: tasksel/tasks +Owners: tasksel + +Name: tasksel/title +Template: tasksel/title +Owners: tasksel + +Name: tzdata/Areas +Template: tzdata/Areas +Value: Etc +Owners: tzdata +Flags: seen + +Name: tzdata/Zones/Africa +Template: tzdata/Zones/Africa +Owners: tzdata + +Name: tzdata/Zones/America +Template: tzdata/Zones/America +Owners: tzdata + +Name: tzdata/Zones/Antarctica +Template: tzdata/Zones/Antarctica +Owners: tzdata + +Name: tzdata/Zones/Arctic +Template: tzdata/Zones/Arctic +Owners: tzdata + +Name: tzdata/Zones/Asia +Template: tzdata/Zones/Asia +Owners: tzdata + +Name: tzdata/Zones/Atlantic +Template: tzdata/Zones/Atlantic +Owners: tzdata + +Name: tzdata/Zones/Australia +Template: tzdata/Zones/Australia +Owners: tzdata + +Name: tzdata/Zones/Etc +Template: tzdata/Zones/Etc +Value: UTC +Owners: tzdata +Flags: seen + +Name: tzdata/Zones/Europe +Template: tzdata/Zones/Europe +Owners: tzdata + +Name: tzdata/Zones/Indian +Template: tzdata/Zones/Indian +Owners: tzdata + +Name: tzdata/Zones/Pacific +Template: tzdata/Zones/Pacific +Owners: tzdata + +Name: tzdata/Zones/SystemV +Template: tzdata/Zones/SystemV +Owners: tzdata + +Name: tzdata/Zones/US +Template: tzdata/Zones/US +Owners: tzdata + +Name: ucf/changeprompt +Template: ucf/changeprompt +Owners: ucf + +Name: ucf/changeprompt_threeway +Template: ucf/changeprompt_threeway +Owners: ucf + +Name: ucf/conflicts_found +Template: ucf/conflicts_found +Owners: ucf + +Name: ucf/show_diff +Template: ucf/show_diff +Owners: ucf + +Name: ucf/title +Template: ucf/title +Owners: ucf + +Name: udev/new_kernel_needed +Template: udev/new_kernel_needed +Owners: udev + +Name: udev/reboot_needed +Template: udev/reboot_needed +Owners: udev + +Name: udev/sysfs_deprecated_incompatibility +Template: udev/sysfs_deprecated_incompatibility +Owners: udev + +Name: udev/title/upgrade +Template: udev/title/upgrade +Owners: udev + +Name: wamerican/languages +Template: wamerican/languages +Owners: wamerican + diff --git a/tools/appliance/definitions/systemvmtemplate/definition.rb b/tools/appliance/definitions/systemvmtemplate/definition.rb index aebb4f24ff8..cc2f972bdf0 100644 --- a/tools/appliance/definitions/systemvmtemplate/definition.rb +++ b/tools/appliance/definitions/systemvmtemplate/definition.rb @@ -38,6 +38,7 @@ Veewee::Definition.declare({ 'debconf/frontend=noninteractive ', 'console-setup/ask_detect=false ', 'console-keymaps-at/keymap=us ', + 'keyboard-configuration/xkb-keymap=us ', '' ], :kickstart_port => "7122", @@ -45,14 +46,17 @@ Veewee::Definition.declare({ :kickstart_file => "preseed.cfg", :ssh_login_timeout => "10000", :ssh_user => "root", - :ssh_password => "password", + :ssh_password => "vagrant", :ssh_key => "", :ssh_host_port => "7222", :ssh_guest_port => "22", :sudo_cmd => "echo '%p'|sudo -S sh '%f'", :shutdown_cmd => "halt -p", :postinstall_files => [ - "postinstall.sh", + "base.sh", + "cloudstack-packages.sh", + "cleanup.sh", + "zerodisk.sh" ], - :postinstall_timeout => "10000" + :postinstall_timeout => "100000" }) diff --git a/tools/appliance/definitions/systemvmtemplate/zerodisk.sh b/tools/appliance/definitions/systemvmtemplate/zerodisk.sh new file mode 100644 index 00000000000..938075a31e6 --- /dev/null +++ b/tools/appliance/definitions/systemvmtemplate/zerodisk.sh @@ -0,0 +1,3 @@ +# Zero out the free space to save space in the final image: +dd if=/dev/zero of=/EMPTY bs=1M +rm -f /EMPTY From 97833c9f939ad02ec96f2adb8c563de5988b99e3 Mon Sep 17 00:00:00 2001 From: Chiradeep Vittal Date: Thu, 7 Feb 2013 19:02:09 -0800 Subject: [PATCH 19/42] CLOUDSTACK-1066: bug fixes to cloudstack package script --- .../definitions/systemvmtemplate/cloudstack-packages.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tools/appliance/definitions/systemvmtemplate/cloudstack-packages.sh b/tools/appliance/definitions/systemvmtemplate/cloudstack-packages.sh index 426cd033b55..070122ddaab 100644 --- a/tools/appliance/definitions/systemvmtemplate/cloudstack-packages.sh +++ b/tools/appliance/definitions/systemvmtemplate/cloudstack-packages.sh @@ -57,7 +57,7 @@ accounts() { # Setup sudo to allow no-password sudo for "admin" groupadd -r admin #create a 'cloud' user - usermod -a -G admin cloud + useradd -G admin cloud echo "root:password" | chpasswd echo "cloud:password" | chpasswd sed -i -e '/Defaults\s\+env_reset/a Defaults\texempt_group=admin' /etc/sudoers @@ -70,7 +70,7 @@ accounts() { do_fixes() { #fix hostname in openssh-server generated keys - sed -i "s/root@\(.*\)$/root@systemvm/g" etc/ssh/ssh_host_*.pub + sed -i "s/root@\(.*\)$/root@systemvm/g" /etc/ssh/ssh_host_*.pub } signature() { From eaaf880dcf231a23c7c26920e05d057f0e8d18f9 Mon Sep 17 00:00:00 2001 From: Chiradeep Vittal Date: Thu, 7 Feb 2013 19:06:47 -0800 Subject: [PATCH 20/42] CLOUDSTACK-1066: add license and attribution --- .../definitions/systemvmtemplate/LICENSE | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 tools/appliance/definitions/systemvmtemplate/LICENSE diff --git a/tools/appliance/definitions/systemvmtemplate/LICENSE b/tools/appliance/definitions/systemvmtemplate/LICENSE new file mode 100644 index 00000000000..c33c3bba2ae --- /dev/null +++ b/tools/appliance/definitions/systemvmtemplate/LICENSE @@ -0,0 +1,21 @@ +The MIT License + +Copyright (c) 2010-2012 Patrick Debois + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. From d71cfc1aec58a7e43591e228546ae773847d2d46 Mon Sep 17 00:00:00 2001 From: Min Chen Date: Thu, 7 Feb 2013 21:49:37 -0800 Subject: [PATCH 21/42] Revert "CLOUDSTACK-1175: Fix NPE by making _store a static variable shared by objects" This reverts commit 9b691fc443cc27f1e2026ec239fc4aa11a4167aa. --- .../apache/cloudstack/ratelimit/ApiRateLimitServiceImpl.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitServiceImpl.java b/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitServiceImpl.java index 5f38ccf6141..a5726e1d2ac 100644 --- a/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitServiceImpl.java +++ b/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitServiceImpl.java @@ -56,7 +56,7 @@ public class ApiRateLimitServiceImpl extends AdapterBase implements APIChecker, */ private int maxAllowed = 30; - private static LimitStore _store = null; + private LimitStore _store = null; @Inject AccountService _accountService; From 12cbaad69147edb9c91e4025fe19d1ed6275a198 Mon Sep 17 00:00:00 2001 From: Min Chen Date: Thu, 7 Feb 2013 21:42:30 -0800 Subject: [PATCH 22/42] Remove duplicate bean for ApiRateLimitServiceImpl to make sure that only one ApiChecker instance is injected in ApiServer. --- client/tomcatconf/componentContext.xml.in | 7 ++----- client/tomcatconf/nonossComponentContext.xml.in | 7 ++----- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/client/tomcatconf/componentContext.xml.in b/client/tomcatconf/componentContext.xml.in index de013de60de..43d31fb4b95 100644 --- a/client/tomcatconf/componentContext.xml.in +++ b/client/tomcatconf/componentContext.xml.in @@ -52,9 +52,8 @@ - - - + + @@ -125,8 +124,6 @@ - - From 6d952a15ab80480e147359f92c922fa3c5ab150b Mon Sep 17 00:00:00 2001 From: Hugo Trippaers Date: Fri, 8 Feb 2013 08:16:14 +0100 Subject: [PATCH 23/42] Compileall does not compile single files --- packaging/centos63/cloud.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/packaging/centos63/cloud.spec b/packaging/centos63/cloud.spec index cc62acfaf74..d8143214b6b 100644 --- a/packaging/centos63/cloud.spec +++ b/packaging/centos63/cloud.spec @@ -185,7 +185,7 @@ install -D console-proxy/dist/systemvm.iso ${RPM_BUILD_ROOT}%{_datadir}/%{name}- install -D console-proxy/dist/systemvm.zip ${RPM_BUILD_ROOT}%{_datadir}/%{name}-common/vms/systemvm.zip install python/lib/cloud_utils.py ${RPM_BUILD_ROOT}%{_libdir}/python2.6/site-packages/cloud_utils.py cp -r python/lib/cloudutils ${RPM_BUILD_ROOT}%{_libdir}/python2.6/site-packages/ -python -m compileall ${RPM_BUILD_ROOT}%{_libdir}/python2.6/site-packages/cloud_utils.py +python -m py_compile ${RPM_BUILD_ROOT}%{_libdir}/python2.6/site-packages/cloud_utils.py python -m compileall ${RPM_BUILD_ROOT}%{_libdir}/python2.6/site-packages/cloudutils # Management From 0b1e3a4af0d1cfc3968fe1361bddd829397e366c Mon Sep 17 00:00:00 2001 From: Min Chen Date: Thu, 7 Feb 2013 23:48:15 -0800 Subject: [PATCH 24/42] Move Api rate limit configurations from xml file to global configuration, and also modify listCapabilitiesCmd to also return api limit interval and max for UI consumption. --- .../user/config/ListCapabilitiesCmd.java | 2 ++ .../api/response/CapabilitiesResponse.java | 15 +++++++++++++ .../ratelimit/ApiRateLimitServiceImpl.java | 21 +++++++++++-------- .../ratelimit/ApiRateLimitTest.java | 8 +++++++ .../src/com/cloud/configuration/Config.java | 8 +++++-- .../cloud/server/ManagementServerImpl.java | 16 +++++++++----- setup/db/db/schema-40to410.sql | 4 ++++ 7 files changed, 58 insertions(+), 16 deletions(-) diff --git a/api/src/org/apache/cloudstack/api/command/user/config/ListCapabilitiesCmd.java b/api/src/org/apache/cloudstack/api/command/user/config/ListCapabilitiesCmd.java index 85011175536..eb862e62f47 100644 --- a/api/src/org/apache/cloudstack/api/command/user/config/ListCapabilitiesCmd.java +++ b/api/src/org/apache/cloudstack/api/command/user/config/ListCapabilitiesCmd.java @@ -52,6 +52,8 @@ public class ListCapabilitiesCmd extends BaseCmd { response.setProjectInviteRequired((Boolean)capabilities.get("projectInviteRequired")); response.setAllowUsersCreateProjects((Boolean)capabilities.get("allowusercreateprojects")); response.setDiskOffMaxSize((Long)capabilities.get("customDiskOffMaxSize")); + response.setApiLimitInterval((Integer)capabilities.get("apiLimitInterval")); + response.setApiLimitMax((Integer)capabilities.get("apiLimitMax")); response.setObjectName("capability"); response.setResponseName(getCommandName()); this.setResponseObject(response); diff --git a/api/src/org/apache/cloudstack/api/response/CapabilitiesResponse.java b/api/src/org/apache/cloudstack/api/response/CapabilitiesResponse.java index 4afa604577f..c2996f0aa0a 100644 --- a/api/src/org/apache/cloudstack/api/response/CapabilitiesResponse.java +++ b/api/src/org/apache/cloudstack/api/response/CapabilitiesResponse.java @@ -46,6 +46,12 @@ public class CapabilitiesResponse extends BaseResponse { "create disk from disk offering with custom size") private Long diskOffMaxSize; + @SerializedName("apilimitinterval") @Param(description="time interval (in seconds) to reset api count") + private Integer apiLimitInterval; + + @SerializedName("apilimitmax") @Param(description="Max allowed number of api requests within the specified interval") + private Integer apiLimitMax; + public void setSecurityGroupsEnabled(boolean securityGroupsEnabled) { this.securityGroupsEnabled = securityGroupsEnabled; @@ -75,4 +81,13 @@ public class CapabilitiesResponse extends BaseResponse { this.diskOffMaxSize = diskOffMaxSize; } + public void setApiLimitInterval(Integer apiLimitInterval) { + this.apiLimitInterval = apiLimitInterval; + } + + public void setApiLimitMax(Integer apiLimitMax) { + this.apiLimitMax = apiLimitMax; + } + + } diff --git a/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitServiceImpl.java b/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitServiceImpl.java index a5726e1d2ac..1f84ca18bbb 100644 --- a/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitServiceImpl.java +++ b/plugins/api/rate-limit/src/org/apache/cloudstack/ratelimit/ApiRateLimitServiceImpl.java @@ -29,10 +29,13 @@ import net.sf.ehcache.CacheManager; import org.apache.log4j.Logger; import org.apache.cloudstack.acl.APIChecker; +import org.apache.cloudstack.api.ApiConstants.LDAPParams; import org.apache.cloudstack.api.command.admin.ratelimit.ResetApiLimitCmd; import org.apache.cloudstack.api.command.user.ratelimit.GetApiLimitCmd; import org.apache.cloudstack.api.response.ApiLimitResponse; +import com.cloud.configuration.Config; +import com.cloud.configuration.dao.ConfigurationDao; import com.cloud.exception.PermissionDeniedException; import com.cloud.exception.RequestLimitException; import com.cloud.user.Account; @@ -61,29 +64,29 @@ public class ApiRateLimitServiceImpl extends AdapterBase implements APIChecker, @Inject AccountService _accountService; + @Inject + ConfigurationDao _configDao; + @Override public boolean configure(String name, Map params) throws ConfigurationException { super.configure(name, params); if (_store == null) { - // not configured yet, note that since this class is both adapter - // and pluggableService, so this method - // may be invoked twice in ComponentLocator. // get global configured duration and max values - Object duration = params.get("api.throttling.interval"); + String duration = _configDao.getValue(Config.ApiLimitInterval.key()); if (duration != null) { - timeToLive = Integer.parseInt((String) duration); + timeToLive = Integer.parseInt(duration); } - Object maxReqs = params.get("api.throttling.max"); + String maxReqs = _configDao.getValue(Config.ApiLimitMax.key()); if (maxReqs != null) { - maxAllowed = Integer.parseInt((String) maxReqs); + maxAllowed = Integer.parseInt(maxReqs); } // create limit store EhcacheLimitStore cacheStore = new EhcacheLimitStore(); int maxElements = 10000; - Object cachesize = params.get("api.throttling.cachesize"); + String cachesize = _configDao.getValue(Config.ApiLimitCacheSize.key()); if ( cachesize != null ){ - maxElements = Integer.parseInt((String)cachesize); + maxElements = Integer.parseInt(cachesize); } CacheManager cm = CacheManager.create(); Cache cache = new Cache("api-limit-cache", maxElements, false, false, timeToLive, timeToLive); diff --git a/plugins/api/rate-limit/test/org/apache/cloudstack/ratelimit/ApiRateLimitTest.java b/plugins/api/rate-limit/test/org/apache/cloudstack/ratelimit/ApiRateLimitTest.java index 502b15cf316..1a77a4ef3a6 100644 --- a/plugins/api/rate-limit/test/org/apache/cloudstack/ratelimit/ApiRateLimitTest.java +++ b/plugins/api/rate-limit/test/org/apache/cloudstack/ratelimit/ApiRateLimitTest.java @@ -29,6 +29,8 @@ import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; +import com.cloud.configuration.Config; +import com.cloud.configuration.dao.ConfigurationDao; import com.cloud.exception.RequestLimitException; import com.cloud.user.Account; import com.cloud.user.AccountService; @@ -43,12 +45,18 @@ public class ApiRateLimitTest { static ApiRateLimitServiceImpl _limitService = new ApiRateLimitServiceImpl(); static AccountService _accountService = mock(AccountService.class); + static ConfigurationDao _configDao = mock(ConfigurationDao.class); private static long acctIdSeq = 5L; private static Account testAccount; @BeforeClass public static void setUp() throws ConfigurationException { + when(_configDao.getValue(Config.ApiLimitInterval.key())).thenReturn(null); + when(_configDao.getValue(Config.ApiLimitMax.key())).thenReturn(null); + when(_configDao.getValue(Config.ApiLimitCacheSize.key())).thenReturn(null); + _limitService._configDao = _configDao; + _limitService.configure("ApiRateLimitTest", Collections. emptyMap()); _limitService._accountService = _accountService; diff --git a/server/src/com/cloud/configuration/Config.java b/server/src/com/cloud/configuration/Config.java index 7592b6bdfca..cbd5b013699 100755 --- a/server/src/com/cloud/configuration/Config.java +++ b/server/src/com/cloud/configuration/Config.java @@ -358,12 +358,16 @@ public enum Config { ConcurrentSnapshotsThresholdPerHost("Advanced", ManagementServer.class, Long.class, "concurrent.snapshots.threshold.perhost", null, "Limits number of snapshots that can be handled by the host concurrently; default is NULL - unlimited", null), NetworkIPv6SearchRetryMax("Network", ManagementServer.class, Integer.class, "network.ipv6.search.retry.max", "10000", "The maximum number of retrying times to search for an available IPv6 address in the table", null), - + ExternalBaremetalSystemUrl("Advanced", ManagementServer.class, String.class, "external.baremetal.system.url", null, "url of external baremetal system that CloudStack will talk to", null), ExternalBaremetalResourceClassName("Advanced", ManagementServer.class, String.class, "external,baremetal.resource.classname", null, "class name for handling external baremetal resource", null), EnableBaremetalSecurityGroupAgentEcho("Advanced", ManagementServer.class, Boolean.class, "enable.baremetal.securitygroup.agent.echo", "false", "After starting provision process, periodcially echo security agent installed in the template. Treat provisioning as success only if echo successfully", null), IntervalToEchoBaremetalSecurityGroupAgent("Advanced", ManagementServer.class, Integer.class, "interval.baremetal.securitygroup.agent.echo", "10", "Interval to echo baremetal security group agent, in seconds", null), - TimeoutToEchoBaremetalSecurityGroupAgent("Advanced", ManagementServer.class, Integer.class, "timeout.baremetal.securitygroup.agent.echo", "3600", "Timeout to echo baremetal security group agent, in seconds, the provisioning process will be treated as a failure", null); + TimeoutToEchoBaremetalSecurityGroupAgent("Advanced", ManagementServer.class, Integer.class, "timeout.baremetal.securitygroup.agent.echo", "3600", "Timeout to echo baremetal security group agent, in seconds, the provisioning process will be treated as a failure", null), + + ApiLimitInterval("Advanced", ManagementServer.class, Integer.class, "api.throttling.interval", "1", "Time interval (in seconds) to reset API count", null), + ApiLimitMax("Advanced", ManagementServer.class, Integer.class, "api.throttling.max", "25", "Max allowed number of APIs within fixed interval", null), + ApiLimitCacheSize("Advanced", ManagementServer.class, Integer.class, "api.throttling.cachesize", "50000", "Account based API count cache size", null); private final String _category; private final Class _componentClass; diff --git a/server/src/com/cloud/server/ManagementServerImpl.java b/server/src/com/cloud/server/ManagementServerImpl.java index 5306bc0928d..fd6c8766639 100755 --- a/server/src/com/cloud/server/ManagementServerImpl.java +++ b/server/src/com/cloud/server/ManagementServerImpl.java @@ -5,7 +5,7 @@ // to you under the Apache License, Version 2.0 (the // "License"); you may not use this file except in compliance // with the License. You may obtain a copy of the License at -// +// // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, @@ -375,7 +375,7 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe @Inject S3Manager _s3Mgr; -/* +/* @Inject ComponentContext _forceContextRef; // create a dependency to ComponentContext so that it can be loaded beforehead @@ -417,14 +417,14 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe for (String id : availableIds) { _availableIdsMap.put(id, true); } - + return true; } - + @Override public boolean start() { s_logger.info("Startup CloudStack management server..."); - + enableAdminUser("password"); return true; } @@ -2187,6 +2187,10 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe String userPublicTemplateEnabled = _configs.get(Config.AllowPublicUserTemplates.key()); + // add some parameters UI needs to handle API throttling + Integer apiLimitInterval = Integer.valueOf(_configDao.getValue(Config.ApiLimitInterval.key())); + Integer apiLimitMax = Integer.valueOf(_configDao.getValue(Config.ApiLimitMax.key())); + capabilities.put("securityGroupsEnabled", securityGroupsEnabled); capabilities .put("userPublicTemplateEnabled", (userPublicTemplateEnabled == null || userPublicTemplateEnabled.equals("false") ? false : true)); @@ -2195,6 +2199,8 @@ public class ManagementServerImpl extends ManagerBase implements ManagementServe capabilities.put("projectInviteRequired", _projectMgr.projectInviteRequired()); capabilities.put("allowusercreateprojects", _projectMgr.allowUserToCreateProject()); capabilities.put("customDiskOffMaxSize", diskOffMaxSize); + capabilities.put("apiLimitInterval", apiLimitInterval); + capabilities.put("apiLimitMax", apiLimitMax); return capabilities; } diff --git a/setup/db/db/schema-40to410.sql b/setup/db/db/schema-40to410.sql index 6d5b2621dbc..d771a150f10 100644 --- a/setup/db/db/schema-40to410.sql +++ b/setup/db/db/schema-40to410.sql @@ -146,6 +146,10 @@ UPDATE `cloud`.`counter` set uuid=id WHERE uuid is NULL; UPDATE `cloud`.`conditions` set uuid=id WHERE uuid is NULL; INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server', '"detail.batch.query.size"', '2000', 'Default entity detail batch query size for listing'); +INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server', '"api.throttling.interval"', '1', 'Time interval (in seconds) to reset API count'); +INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server', '"api.throttling.max"', '25', 'Max allowed number of APIs within fixed interval'); +INSERT IGNORE INTO `cloud`.`configuration` VALUES ('Advanced', 'DEFAULT', 'management-server', '"api.throttling.cachesize"', '50000', 'Account based API count cache size'); + -- DB views for list api From 31f0c6a3bdedc7f1af605f36e2a036ea4233e5c2 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Fri, 8 Feb 2013 13:52:40 +0530 Subject: [PATCH 25/42] INSTALL.md: Update port info with better summary and fix building section Signed-off-by: Rohit Yadav --- INSTALL.md | 31 ++++++++++++++++--------------- 1 file changed, 16 insertions(+), 15 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index 00c724b11b4..a2137fdf69d 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -51,19 +51,21 @@ Apache CloudStack uses some ports, make sure at least those used by the manageme server are available and not blocked by any local firewall. Following ports are used by Apache CloudStack and its entities: - 8787: Apache CloudStack (Tomcat) debug socket - 9090, 8250, 8080: Apache CloudStack Management Server, User/Client API - 8096: User/Client to CloudStack Management Server (unauthenticated) - 7080: AWS API Server - 3306: MySQL Server - 3922, 8250, 80/443, 111/2049, 53: Secondary Storage VM - 3922, 8250, 53: Console Proxy VM - 3922, 8250, 53: Virtual Router + 8080: API Server (authenticated), browser or CLI client to management server + 8096: API Server (unauthenticated), browser or CLI client to management server + 8787: Remote java debug debugging port, from IDE to management server + 9090: Management server to management server (cluster) + 7080: AWS API Server to which an AWS client can connect + 80/443: HTTP client to Secondary Storage VM (template download) + 111/2049: Secondary Storage to NFS server + 3922: Port used to ssh/scp into system vms (SSVM, CPVM, VR) + 8250: Agent (SSVM, CPVM, VR) to management server 22, 80, 443: XenServer, XAPI 22: KVM 443: vCenter - DNS: 53 - NFS: 111/2049 + 53: DNS + 111/2049: NFS + 3306: MySQL Server to which the management server connects ### Configuring MySQL Server @@ -93,8 +95,7 @@ For example, for master: Clean and build: - $ mvn clean - $ mvn install + $ mvn clean install -P systemvm,developer In case you want support for VMWare, SRX and other non-Apache (referred to as nonoss) compliant libs, you may download the following jar artifacts from respective vendors: @@ -112,9 +113,9 @@ Install them to ~/.m2 so maven can get them as dependencies: $ cd deps $ ./install-non-oss.sh -And build them with the nonoss flag: +To build with nonoss components, use the build command with the nonoss flag: - $ mvn install -Dnonoss + $ mvn clean install -P systemvm,developer -Dnonoss Clear old database (if any) and deploy the database schema: @@ -122,7 +123,7 @@ Clear old database (if any) and deploy the database schema: Export the following variable if you need to run and debug the management server: - $ export MAVEN_OPTS="-Xmx1024m -Xdebug -Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=n" + $ export MAVEN_OPTS="-Xmx1024m -XX:MaxPermSize=500m -Xdebug -Xrunjdwp:transport=dt_socket,address=8787,server=y,suspend=n" Start the management server: From e4b2fe42e0305c57f87cf8e77b75d9c02dfb0163 Mon Sep 17 00:00:00 2001 From: Wido den Hollander Date: Fri, 8 Feb 2013 10:50:48 +0100 Subject: [PATCH 26/42] CLOUDSTACK-1206: Change path from /etc/cloud to /etc/cloudstack Reported-by: Pradeep Soundararajan --- .../storage/secondary/cloud-install-sys-tmplt | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/scripts/storage/secondary/cloud-install-sys-tmplt b/scripts/storage/secondary/cloud-install-sys-tmplt index 63a04d8cb07..2172b287848 100755 --- a/scripts/storage/secondary/cloud-install-sys-tmplt +++ b/scripts/storage/secondary/cloud-install-sys-tmplt @@ -20,7 +20,7 @@ usage() { - printf "Usage: %s: -m -f [-h ] [ -s ][-u ] [-F ] [-e