etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-10013: Debian9 SystemVM appliance improvements 

- Refactor cloud-early-config and make appliance specific scripts
- Make patching work without requiring restart of appliance and remove
  postinit script
- Migrate to systemd, speedup booting/loading
- Takes about 5-15s to boot on KVM, and 10-30seconds for VMware and XenServer
- Appliance boots and works on KVM, VMware, XenServer and HyperV
- Update Debian9 ISO url with sha512 checksum
- Speedup console proxy service launch
- Enable additional kernel modules
- Remove unknown ssh key
- Update vhd-util URL as previous URL was down
- Enable sshd by default
- Use hostnamectl to add hostname
- Disable services by default
- Use existing log4j xml, patching not necessary by cloud-early-config
- Several minor fixes and file refactorings, removed dead code/files
- Removes inserv
- Fix dnsmasq config syntax
- Fix haproxy config syntax
- Fix smoke tests and improve performance
- Fix apache pid file path in cloud.monitoring per the new template

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This commit is contained in:
Rohit Yadav 2017-11-17 14:53:57 +05:30
parent 2aa70eecce
commit bb965649d9
60 changed files with 2000 additions and 2375 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java
View File

@ -59,6 +59,7 @@ import com.cloud.host.Host.Type;
import com.cloud.resource.ServerResource;
import com.cloud.resource.ServerResourceBase;
import com.cloud.utils.NumbersUtil;
import com.cloud.utils.ReflectUtil;
import com.cloud.utils.net.NetUtils;
import com.cloud.utils.script.Script;
import com.google.gson.Gson;
@ -315,20 +316,19 @@ public class ConsoleProxyResource extends ServerResourceBase implements ServerRe
private void launchConsoleProxy(final byte[] ksBits, final String ksPassword, final String encryptorPassword) {
final Object resource = this;
s_logger.info("Building class loader for com.cloud.consoleproxy.ConsoleProxy");
final ClassLoader loader = ReflectUtil.getClassLoaderForName("console-proxy");
if (_consoleProxyMain == null) {
s_logger.info("Running com.cloud.consoleproxy.ConsoleProxy with encryptor password=" + encryptorPassword);
_consoleProxyMain = new Thread(new ManagedContextRunnable() {
@Override
protected void runInContext() {
try {
Class<?> consoleProxyClazz = Class.forName("com.cloud.consoleproxy.ConsoleProxy");
Class<?> consoleProxyClazz = loader.loadClass("com.cloud.consoleproxy.ConsoleProxy");
try {
s_logger.info("Invoke setEncryptorPassword(), ecnryptorPassword: " + encryptorPassword);
Method methodSetup = consoleProxyClazz.getMethod("setEncryptorPassword", String.class);
methodSetup.invoke(null, encryptorPassword);
s_logger.info("Invoke startWithContext()");
Method method = consoleProxyClazz.getMethod("startWithContext", Properties.class, Object.class, byte[].class, String.class);
method.invoke(null, _properties, resource, ksBits, ksPassword);
Method method = consoleProxyClazz.getMethod("startWithContext", Properties.class, Object.class, byte[].class, String.class, String.class);
method.invoke(null, _properties, resource, ksBits, ksPassword, encryptorPassword);
} catch (SecurityException e) {
s_logger.error("Unable to launch console proxy due to SecurityException", e);
System.exit(ExitStatus.Error.value());
@ -357,7 +357,7 @@ public class ConsoleProxyResource extends ServerResourceBase implements ServerRe
s_logger.info("com.cloud.consoleproxy.ConsoleProxy is already running");
try {
Class<?> consoleProxyClazz = Class.forName("com.cloud.consoleproxy.ConsoleProxy");
Class<?> consoleProxyClazz = loader.loadClass("com.cloud.consoleproxy.ConsoleProxy");
Method methodSetup = consoleProxyClazz.getMethod("setEncryptorPassword", String.class);
methodSetup.invoke(null, encryptorPassword);
} catch (SecurityException e) {
@ -440,6 +440,11 @@ public class ConsoleProxyResource extends ServerResourceBase implements ServerRe
}
}
@Override
public boolean stop() {
return true;
}
@Override
public void setName(String name) {
}

16
core/src/com/cloud/network/HAProxyConfigurator.java
View File

@ -48,7 +48,7 @@ public class HAProxyConfigurator implements LoadBalancerConfigurator {
private static String[] defaultsSection = {"defaults", "\tlog global", "\tmode tcp", "\toption dontlognull", "\tretries 3", "\toption redispatch",
"\toption forwardfor", "\toption forceclose", "\ttimeout connect 5000", "\ttimeout client 50000", "\ttimeout server 50000"};
private static String[] defaultListen = {"listen vmops 0.0.0.0:9", "\toption transparent"};
private static String[] defaultListen = {"listen vmops", "\tbind 0.0.0.0:9", "\toption transparent"};
@Override
public String[] generateConfiguration(final List<PortForwardingRuleTO> fwRules) {
@ -100,7 +100,10 @@ public class HAProxyConfigurator implements LoadBalancerConfigurator {
final List<String> result = new ArrayList<String>();
// add line like this: "listen 65_37_141_30-80 65.37.141.30:80"
StringBuilder sb = new StringBuilder();
sb.append("listen ").append(poolName).append(" ").append(publicIP).append(":").append(publicPort);
sb.append("listen ").append(poolName);
result.add(sb.toString());
sb = new StringBuilder();
sb.append("\tbind ").append(publicIP).append(":").append(publicPort);
result.add(sb.toString());
sb = new StringBuilder();
// FIXME sb.append("\t").append("balance ").append(algorithm);
@ -474,9 +477,12 @@ public class HAProxyConfigurator implements LoadBalancerConfigurator {
final String algorithm = lbTO.getAlgorithm();
final List<String> result = new ArrayList<String>();
// add line like this: "listen 65_37_141_30-80 65.37.141.30:80"
// add line like this: "listen 65_37_141_30-80\n\tbind 65.37.141.30:80"
sb = new StringBuilder();
sb.append("listen ").append(poolName).append(" ").append(publicIP).append(":").append(publicPort);
sb.append("listen ").append(poolName);
result.add(sb.toString());
sb = new StringBuilder();
sb.append("\tbind ").append(publicIP).append(":").append(publicPort);
result.add(sb.toString());
sb = new StringBuilder();
sb.append("\t").append("balance ").append(algorithm);
@ -552,7 +558,7 @@ public class HAProxyConfigurator implements LoadBalancerConfigurator {
}
private String generateStatsRule(final LoadBalancerConfigCommand lbCmd, final String ruleName, final String statsIp) {
final StringBuilder rule = new StringBuilder("\nlisten ").append(ruleName).append(" ").append(statsIp).append(":").append(lbCmd.lbStatsPort);
final StringBuilder rule = new StringBuilder("\nlisten ").append(ruleName).append("\n\tbind ").append(statsIp).append(":").append(lbCmd.lbStatsPort);
// TODO DH: write test for this in both cases
if (!lbCmd.keepAliveEnabled) {
s_logger.info("Haproxy mode http enabled");

8
core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java
View File

@ -834,7 +834,8 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer {
"\ttimeout client 50000\n" +
"\ttimeout server 50000\n" +
"\n" +
"listen stats_on_guest 10.1.10.2:8081\n" +
"listen stats_on_guest\n" +
"\tbind 10.1.10.2:8081\n" +
"\tmode http\n" +
"\toption httpclose\n" +
"\tstats enable\n" +
@ -843,7 +844,8 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer {
"\tstats auth admin1:AdMiN123\n" +
"\n" +
"\t \n" +
"listen 64_10_1_10-80 64.10.1.10:80\n" +
"listen 64_10_1_10-80\n" +
"\tbind 64.10.1.10:80\n" +
"\tbalance algo\n" +
"\tserver 64_10_1_10-80_0 10.1.10.2:80 check\n" +
"\tmode http\n" +
@ -917,4 +919,4 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer {
assertTrue(args.startsWith("-c /var/cache/cloud/VR-"));
assertTrue(args.endsWith(".cfg"));
}
}
}

3
engine/schema/resources/META-INF/db/schema-41000to41100.sql
View File

@ -489,3 +489,6 @@ INSERT IGNORE INTO `cloud`.`guest_os_hypervisor` (uuid, hypervisor_type, hypervi
-- Add XenServer 7.2 hypervisor guest OS mappings (copy 7.1.0 & remove Windows Vista, Windows XP, Windows 2003, CentOS 4.x, RHEL 4.xS, LES 10 (all versions) as per XenServer 7.2 Release Notes)
INSERT IGNORE INTO `cloud`.`guest_os_hypervisor` (uuid,hypervisor_type, hypervisor_version, guest_os_name, guest_os_id, created, is_user_defined) SELECT UUID(),'Xenserver', '7.2.0', guest_os_name, guest_os_id, utc_timestamp(), 0 FROM `cloud`.`guest_os_hypervisor` WHERE hypervisor_type='Xenserver' AND hypervisor_version='7.1.0' AND guest_os_id not in (1,2,3,4,56,101,56,58,93,94,50,51,87,88,89,90,91,92,26,27,28,29,40,41,42,43,44,45,96,97,107,108,109,110,151,152,153);
-- Change monitor patch for apache2 in systemvm
UPDATE `cloud`.`monitoring_services` SET pidfile="/var/run/apache2/apache2.pid" WHERE process_name="apache2" AND service_name="apache2";

41
services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxy.java
View File

@ -26,21 +26,18 @@ import java.lang.reflect.Method;
import java.net.InetSocketAddress;
import java.net.URISyntaxException;
import java.net.URL;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.util.Hashtable;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.Executor;
import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.xml.DOMConfigurator;
import com.google.gson.Gson;
import com.sun.net.httpserver.HttpServer;
import com.cloud.consoleproxy.util.Logger;
import com.cloud.utils.PropertiesUtil;
import com.cloud.utils.ReflectUtil;
import com.google.gson.Gson;
import com.sun.net.httpserver.HttpServer;
/**
*
@ -74,25 +71,11 @@ public class ConsoleProxy {
static String factoryClzName;
static boolean standaloneStart = false;
static String encryptorPassword = genDefaultEncryptorPassword();
private static String genDefaultEncryptorPassword() {
try {
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
byte[] randomBytes = new byte[16];
random.nextBytes(randomBytes);
return Base64.encodeBase64String(randomBytes);
} catch (NoSuchAlgorithmException e) {
s_logger.error("Unexpected exception ", e);
assert (false);
}
return "Dummy";
}
static String encryptorPassword = "Dummy";
private static void configLog4j() {
URL configUrl = System.class.getResource("/conf/log4j-cloud.xml");
final ClassLoader loader = ReflectUtil.getClassLoaderForName("conf");
URL configUrl = loader.getResource("/conf/log4j-cloud.xml");
if (configUrl == null)
configUrl = ClassLoader.getSystemResource("log4j-cloud.xml");
@ -249,23 +232,25 @@ public class ConsoleProxy {
}
}
public static void startWithContext(Properties conf, Object context, byte[] ksBits, String ksPassword) {
public static void startWithContext(Properties conf, Object context, byte[] ksBits, String ksPassword, String password) {
setEncryptorPassword(password);
configLog4j();
Logger.setFactory(new ConsoleProxyLoggerFactory());
s_logger.info("Start console proxy with context");
if (conf != null) {
for (Object key : conf.keySet()) {
s_logger.info("Context property " + (String)key + ": " + conf.getProperty((String)key));
}
}
configLog4j();
Logger.setFactory(new ConsoleProxyLoggerFactory());
// Using reflection to setup private/secure communication channel towards management server
ConsoleProxy.context = context;
ConsoleProxy.ksBits = ksBits;
ConsoleProxy.ksPassword = ksPassword;
try {
Class<?> contextClazz = Class.forName("com.cloud.agent.resource.consoleproxy.ConsoleProxyResource");
final ClassLoader loader = ReflectUtil.getClassLoaderForName("agent");
Class<?> contextClazz = loader.loadClass("com.cloud.agent.resource.consoleproxy.ConsoleProxyResource");
authMethod = contextClazz.getDeclaredMethod("authenticateConsoleAccess", String.class, String.class, String.class, String.class, String.class, Boolean.class);
reportMethod = contextClazz.getDeclaredMethod("reportLoadInfo", String.class);
ensureRouteMethod = contextClazz.getDeclaredMethod("ensureRoute", String.class);

97
systemvm/conf/log4j-cloud.xml
View File

@ -18,37 +18,67 @@ specific language governing permissions and limitations
under the License.
-->
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false">
<!-- ================================= -->
<!-- Preserve messages in a local file -->
<!-- ================================= -->
<!-- A time/date based rolling appender -->
<appender name="FILE" class="org.apache.log4j.DailyRollingFileAppender">
<param name="File" value="${log.home}systemvm.log"/>
<appender name="FILE1" class="org.apache.log4j.RollingFileAppender">
<param name="File" value="/var/log/cloud.log"/>
<param name="MaxFileSize" value="10000KB"/>
<param name="MaxBackupIndex" value="4"/>
<layout class="org.apache.log4j.EnhancedPatternLayout">
<param name="ConversionPattern" value="%d{ISO8601}{GMT} %-5p [%c{3}] (%t:%x) %m%n"/>
</layout>
</appender>
<appender name="FILE2" class="org.apache.log4j.RollingFileAppender">
<param name="File" value="/var/log/cloud/cloud.out"/>
<param name="Append" value="true"/>
<param name="MaxFileSize" value="10000KB"/>
<param name="MaxBackupIndex" value="4"/>
<layout class="org.apache.log4j.EnhancedPatternLayout">
<param name="ConversionPattern" value="%d{ISO8601}{GMT} %-5p [%c{3}] (%t:%x) %m%n"/>
</layout>
</appender>
<appender name="FILE3" class="org.apache.log4j.rolling.RollingFileAppender">
<param name="File" value="/usr/local/cloud/systemvm/cloud.log"/>
<param name="Append" value="true"/>
<param name="MaxFileSize" value="10000KB"/>
<param name="MaxBackupIndex" value="4"/>
<layout class="org.apache.log4j.EnhancedPatternLayout">
<param name="ConversionPattern" value="%d{ISO8601}{GMT} %-5p [%c{3}] (%t:%x) %m%n"/>
</layout>
</appender>
<appender name="APISERVER" class="org.apache.log4j.rolling.RollingFileAppender">
<param name="Append" value="true"/>
<param name="Threshold" value="DEBUG"/>
<rollingPolicy class="org.apache.log4j.rolling.TimeBasedRollingPolicy">
<param name="FileNamePattern" value="/var/log/cloud/api-server.log.%d{yyyy-MM-dd}{GMT}.gz"/>
<param name="ActiveFileName" value="/var/log/cloud/api-server.log"/>
</rollingPolicy>
<!-- Rollover at midnight each day -->
<param name="DatePattern" value="'.'yyyy-MM-dd"/>
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%d %-5p [%c{3}] (%t:%x) %m%n"/>
<layout class="org.apache.log4j.EnhancedPatternLayout">
<param name="ConversionPattern" value="%d{ISO8601}{GMT} %m%n"/>
</layout>
</appender>
<!-- ============================== -->
<!-- Append messages to the console -->
<!-- ============================== -->
<appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
<param name="Target" value="System.out"/>
<param name="Threshold" value="WARN"/>
<param name="Threshold" value="INFO"/>
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%d{ABSOLUTE} %5p %c{1}:%L - %m%n"/>
<layout class="org.apache.log4j.EnhancedPatternLayout">
<param name="ConversionPattern" value="%d{ABSOLUTE}{GMT} %5p %c{1}:%L - %m%n"/>
</layout>
</appender>
@ -56,26 +86,14 @@ under the License.
<!-- Limit categories -->
<!-- ================ -->
<category name="com.cloud.console.ConsoleCanvas">
<priority value="WARN"/>
</category>
<category name="com.cloud.consoleproxy.ConsoleProxyAjaxImageHandler">
<priority value="WARN"/>
</category>
<category name="com.cloud.consoleproxy.ConsoleProxyViewer">
<priority value="WARN"/>
</category>
<category name="com.cloud.consoleproxy">
<priority value="INFO"/>
</category>
<category name="com.cloud">
<priority value="DEBUG"/>
</category>
<category name="org.apache.cloudstack">
<priority value="DEBUG"/>
</category>
<!-- Limit the org.apache category to INFO as its DEBUG is verbose -->
<category name="org.apache">
<priority value="INFO"/>
@ -84,20 +102,19 @@ under the License.
<category name="org">
<priority value="INFO"/>
</category>
<category name="net">
<priority value="INFO"/>
</category>
<!-- Limit the com.amazonaws category to INFO as its DEBUG is verbose -->
<category name="com.amazonaws">
<priority value="INFO"/>
<category name="apiserver.com.cloud">
<priority value="DEBUG"/>
</category>
<!-- Limit the httpclient.wire category to INFO as its DEBUG is verbose -->
<category name="httpclient.wire">
<priority value="INFO"/>
</category>
<logger name="apiserver.com.cloud" additivity="false">
<level value="DEBUG"/>
<appender-ref ref="APISERVER"/>
</logger>
<!-- ======================= -->
<!-- Setup the Root category -->
@ -106,7 +123,9 @@ under the License.
<root>
<level value="INFO"/>
<appender-ref ref="CONSOLE"/>
<appender-ref ref="FILE"/>
<appender-ref ref="FILE1"/>
<appender-ref ref="FILE2"/>
<appender-ref ref="FILE3"/>
</root>
</log4j:configuration>

7
systemvm/patches/debian/config/etc/apache2/vhost.template
View File

@ -83,9 +83,6 @@
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
# Include CORS configuration **IF SET**
Include /etc/apache2/[cC][oO][rR][sS].conf
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
@ -228,12 +225,8 @@
# README.Debian.gz
Listen 10.1.1.1:80
NameVirtualHost 10.1.1.1:80
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
Listen 10.1.1.1:443

3
systemvm/patches/debian/config/etc/haproxy/haproxy.cfg
View File

@ -22,5 +22,6 @@ defaults
timeout server 50000
listen cloud-default 0.0.0.0:35999
listen cloud-default
bind 0.0.0.0:35999
option transparent

1545
systemvm/patches/debian/config/etc/init.d/cloud-early-config
View File

File diff suppressed because it is too large Load Diff

4
systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr
View File

@ -24,9 +24,6 @@
# specific language governing permissions and limitations
# under the License.
ENABLED=0
[ -e /etc/default/cloud-passwd-srvr ] && . /etc/default/cloud-passwd-srvr
add_iptables_rules()
{
#Delete any old iptables rule for port 8080 on eth0
@ -72,7 +69,6 @@ remove_iptables_rules()
}
start() {
[ "$ENABLED" != 0 ] || exit 0
pid=$(getpid)
[ "$pid" != "" ] && echo "Password server is already running (pid=$pid)" && return 0
add_iptables_rules

176
systemvm/patches/debian/config/etc/init.d/postinit
View File

@ -1,176 +0,0 @@
#!/bin/bash -e
### BEGIN INIT INFO
# Provides: postinit
# Required-Start: $local_fs cloud-early-config
# Required-Stop: $local_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: post-init
### END INIT INFO
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
replace_in_file() {
local filename=$1
local keyname=$2
local value=$3
sed -i /$keyname=/d $filename
echo "$keyname=$value" >> $filename
return $?
}
setup_secstorage() {
public_ip=$ETH2_IP
sed -i /$NAME/d /etc/hosts
echo "$public_ip $NAME" >> /etc/hosts
[ -f /etc/httpd/conf/httpd.conf ] && sed -i -e "s/^Listen.*:80$/Listen $public_ip:80/" /etc/httpd/conf/httpd.conf
[ -f /etc/httpd/conf/httpd.conf ] && sed -i -e "s/^Listen.*:443$/Listen $public_ip:443/" /etc/httpd/conf/httpd.conf
}
setup_console_proxy() {
public_ip=$ETH2_IP
sed -i /$NAME/d /etc/hosts
echo "$public_ip $NAME" >> /etc/hosts
}
setup_redundant_router() {
if [ "$RROUTER" != "1" ]
then
return 1
fi
rrouter_bin_path="/ramdisk/rrouter"
eth2mac=`ip link show eth2 | awk '/ether/ {print $2}'`
sed -i "s/\[ETH2MAC\]/$eth2mac/g" $rrouter_bin_path/enable_pubip.sh
}
start() {
case $TYPE in
secstorage)
[ "$NAME" == "" ] && NAME=secstorage
setup_secstorage;
;;
consoleproxy)
[ "$NAME" == "" ] && NAME=consoleproxy
setup_console_proxy;
;;
router)
[ "$NAME" == "" ] && NAME=router
setup_redundant_router;
;;
esac
}
stop() {
echo ""
}
status() {
echo ""
}
CMDLINE=$(cat /var/cache/cloud/cmdline)
TYPE="router"
BOOTPROTO="static"
for i in $CMDLINE
do
# search for foo=bar pattern and cut out foo
KEY=$(echo $i | cut -d= -f1)
VALUE=$(echo $i | cut -d= -f2)
case $KEY in
eth0ip)
ETH0_IP=$VALUE
;;
eth1ip)
ETH1_IP=$VALUE
;;
eth2ip)
ETH2_IP=$VALUE
;;
gateway)
GW=$VALUE
;;
eth0mask)
ETH0_MASK=$VALUE
;;
eth1mask)
ETH1_MASK=$VALUE
;;
eth2mask)
ETH2_MASK=$VALUE
;;
dns1)
NS1=$VALUE
;;
dns2)
NS2=$VALUE
;;
domain)
DOMAIN=$VALUE
;;
mgmtcidr)
MGMTNET=$VALUE
;;
localgw)
LOCAL_GW=$VALUE
;;
template)
TEMPLATE=$VALUE
;;
name)
NAME=$VALUE
;;
dhcprange)
DHCP_RANGE=$(echo $VALUE | tr ':' ',')
;;
bootproto)
BOOTPROTO=$VALUE
;;
type)
TYPE=$VALUE
;;
redundant_router)
RROUTER=$VALUE
;;
esac
done
if [ "$BOOTPROTO" == "static" -a "$RROUTER" != "1" ]
then
exit 0
fi
ETH1_IP=$(ifconfig eth1|grep 'inet addr:'|cut -d : -f 2|cut -d \ -f 1)
ETH2_IP=$(ifconfig eth2|grep 'inet addr:'|cut -d : -f 2|cut -d \ -f 1)
case "$1" in
start) start
;;
stop) stop
;;
status) status
;;
restart) stop
start
;;
*) echo "Usage: $0 {start|stop|status|restart}"
exit 1
;;
esac

60
systemvm/patches/debian/config/etc/rc.local
View File

@ -18,37 +18,19 @@
#under the License.
[ ! -f /var/cache/cloud/enabled_svcs ] && touch /var/cache/cloud/enabled_svcs
for svc in $(cat /var/cache/cloud/enabled_svcs)
for svc in $(cat /var/cache/cloud/enabled_svcs)
do
logger -t cloud "Starting $svc"
service $svc start
systemctl enable --now $svc
done
[ ! -f /var/cache/cloud/disabled_svcs ] && touch /var/cache/cloud/disabled_svcs
for svc in $(cat /var/cache/cloud/disabled_svcs)
for svc in $(cat /var/cache/cloud/disabled_svcs)
do
logger -t cloud "Stopping $svc"
service $svc stop
systemctl disable --now $svc
done
CMDLINE=$(cat /var/cache/cloud/cmdline)
router=$(echo "$CMDLINE" | grep -o type=router)
vpcrouter=$(echo "$CMDLINE" | grep -o type=vpcrouter)
if [ "$router" != "" ] || [ "$vpcrouter" != "" ]
then
echo 1000000 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
echo 1000000 > /proc/sys/net/netfilter/nf_conntrack_max
echo 1000000 > /proc/sys/net/nf_conntrack_max
fi
if [ "$router" != "" ]
then
python /opt/cloud/bin/baremetal-vr.py &
fi
date > /var/cache/cloud/boot_up_done
logger -t cloud "Boot up process done"
#Restore the persistent iptables nat, rules and filters for IPv4 and IPv6 if they exist
ipv4="/etc/iptables/router_rules.v4"
@ -61,4 +43,36 @@ ipv6="/etc/iptables/router_rules.v6"
if [ -e $ipv6 ]
then
iptables-restore < $ipv6
fi
fi
date > /var/cache/cloud/boot_up_done
logger -t cloud "Boot up process done"
CMDLINE=/var/cache/cloud/cmdline
for str in $(cat $CMDLINE)
do
KEY=$(echo $str | cut -d= -f1)
VALUE=$(echo $str | cut -d= -f2)
case $KEY in
type)
export TYPE=$VALUE
;;
*)
;;
esac
done
if [ "$TYPE" == "router" ]
then
python /opt/cloud/bin/baremetal-vr.py &
logger -t cloud "Started baremetal-vr service"
fi
if [ "$TYPE" == "router" ] || [ "$TYPE" == "vpcrouter" ] || [ "$TYPE" == "dhcpsrvr" ]
then
if [ -x /opt/cloud/bin/update_config.py ]
then
/opt/cloud/bin/update_config.py cmd_line.json
logger -t cloud "Updated config: cmd_line.json"
fi
fi

1
systemvm/patches/debian/config/etc/sysctl.conf
View File

@ -48,7 +48,6 @@ net.ipv4.tcp_syncookies = 1
# disable tcp time stamps
net.ipv4.tcp_timestamps = 0
net.ipv4.netfilter.ip_conntrack_max = 1000000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_tw_buckets = 1000000
net.core.somaxconn = 65535

4
systemvm/patches/debian/config/opt/cloud/bin/configure.py
View File

@ -678,13 +678,13 @@ class CsRemoteAccessVpn(CsDataBag):
self.remoteaccessvpn_iptables(public_ip, self.dbag[public_ip])
CsHelper.execute("ipsec update")
CsHelper.execute("service xl2tpd start")
CsHelper.execute("systemctl start xl2tpd")
CsHelper.execute("ipsec rereadsecrets")
else:
logging.debug("Disabling remote access vpn .....")
#disable remote access vpn
CsHelper.execute("ipsec down L2TP-PSK")
CsHelper.execute("service xl2tpd stop")
CsHelper.execute("systemctl stop xl2tpd")
def configure_l2tpIpsec(self, left, obj):

1
systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py
View File

@ -49,7 +49,6 @@ class CsApache(CsApp):
file.search("<VirtualHost.*:443>", "\t<VirtualHost %s:443>" % (self.ip))
file.search("Listen .*:80", "Listen %s:80" % (self.ip))
file.search("Listen .*:443", "Listen %s:443" % (self.ip))
file.search("NameVirtualHost .*:80", "NameVirtualHost %s:80" % (self.ip))
file.search("ServerName.*", "\tServerName %s.%s" % (self.config.cl.get_type(), self.config.get_domain()))
if file.is_changed():
file.commit()

4
systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py
View File

@ -70,8 +70,8 @@ class CsDhcp(CsDataBag):
continue
device = i['dev']
ip = i['ip'].split('/')[0]
sline = "dhcp-range=interface:%s,set:interface-%s-%s" % (device, device, idx)
line = "dhcp-range=interface:%s,set:interface-%s-%s,%s,static" % (device, device, idx, ip)
sline = "dhcp-range=set:interface-%s-%s" % (device, idx)
line = "dhcp-range=set:interface-%s-%s,%s,static" % (device, idx, ip)
self.conf.search(sline, line)
gn = CsGuestNetwork(device, self.config)
sline = "dhcp-option=tag:interface-%s-%s,15" % (device, idx)

6
systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py
View File

@ -212,14 +212,14 @@ def execute2(command):
def service(name, op):
execute("service %s %s" % (name, op))
execute("systemctl %s %s" % (op, name))
logging.info("Service %s %s" % (name, op))
def start_if_stopped(name):
ret = execute2("service %s status" % name)
ret = execute2("systemctl is-active %s" % name)
if ret.returncode:
execute2("service %s start" % name)
execute2("systemctl start %s" % name)
def hup_dnsmasq(name, user):

4
systemvm/patches/debian/config/opt/cloud/bin/dnsmasq.sh
View File

@ -111,7 +111,7 @@ echo -e "$dns_option" >> "$DHCP_CONFIG"
#restart the dnsmasq
service dnsmasq restart
systemctl restart dnsmasq
result=$?
if [ "$result" -ne "0" ]
then
@ -122,7 +122,7 @@ then
cp "$DHCP_CONFIG_MAIN" "$DHCP_FAILURE_CONFIG_MAIN"
cp "$DHCP_CONFIG_BAK" "$DHCP_CONFIG"
cp "$DHCP_CONFIG_MAIN_BAK" "$DHCP_CONFIG_MAIN"
service dnsmasq restart
systemctl restart dnsmasq
unlock_exit $result $lock $locked
fi
rm "$DHCP_CONFIG_BAK"

2
systemvm/patches/debian/config/opt/cloud/bin/edithosts.sh
View File

@ -215,7 +215,7 @@ then
then
kill -HUP $pid
else
service dnsmasq restart
systemctl restart dnsmasq
fi
else
if [ $no_redundant -eq 1 ]

62
systemvm/patches/debian/config/opt/cloud/bin/ipsectunnel.sh
View File

@ -29,15 +29,15 @@ usage() {
#set -x
start_ipsec() {
service ipsec status > /dev/null
systemctl is-active ipsec > /dev/null
if [ $? -ne 0 ]
then
service ipsec start > /dev/null
systemctl start ipsec > /dev/null
#Wait until ipsec started, 5 seconds at most
for i in {1..5}
do
logger -t cloud "$(basename $0): waiting ipsec start..."
service ipsec status > /dev/null
systemctl is-active ipsec > /dev/null
result=$?
if [ $result -eq 0 ]
then
@ -46,7 +46,7 @@ start_ipsec() {
sleep 1
done
fi
service ipsec status > /dev/null
systemctl is-active ipsec > /dev/null
return $?
}
@ -139,36 +139,36 @@ ipsec_tunnel_add() {
check_and_enable_iptables
sudo echo "conn vpn-$rightpeer" > $vpnconffile &&
sudo echo " left=$leftpeer" >> $vpnconffile &&
sudo echo " leftsubnet=$leftnet" >> $vpnconffile &&
sudo echo " leftnexthop=$leftnexthop" >> $vpnconffile &&
sudo echo " right=$rightpeer" >> $vpnconffile &&
sudo echo " rightsubnets={$rightnets}" >> $vpnconffile &&
sudo echo " type=tunnel" >> $vpnconffile &&
sudo echo " authby=secret" >> $vpnconffile &&
sudo echo " keyexchange=ike" >> $vpnconffile &&
sudo echo " ike=$ikepolicy" >> $vpnconffile &&
sudo echo " ikelifetime=${ikelifetime}s" >> $vpnconffile &&
sudo echo " esp=$esppolicy" >> $vpnconffile &&
sudo echo " salifetime=${esplifetime}s" >> $vpnconffile &&
sudo echo " pfs=$pfs" >> $vpnconffile &&
sudo echo " keyingtries=2" >> $vpnconffile &&
sudo echo " auto=start" >> $vpnconffile &&
sudo echo "$leftpeer $rightpeer: PSK \"$secret\"" > $vpnsecretsfile &&
sudo chmod 0400 $vpnsecretsfile
sudo echo "conn vpn-$rightpeer" > $vpnconffile &&
sudo echo " left=$leftpeer" >> $vpnconffile &&
sudo echo " leftsubnet=$leftnet" >> $vpnconffile &&
sudo echo " leftnexthop=$leftnexthop" >> $vpnconffile &&
sudo echo " right=$rightpeer" >> $vpnconffile &&
sudo echo " rightsubnets={$rightnets}" >> $vpnconffile &&
sudo echo " type=tunnel" >> $vpnconffile &&
sudo echo " authby=secret" >> $vpnconffile &&
sudo echo " keyexchange=ike" >> $vpnconffile &&
sudo echo " ike=$ikepolicy" >> $vpnconffile &&
sudo echo " ikelifetime=${ikelifetime}s" >> $vpnconffile &&
sudo echo " esp=$esppolicy" >> $vpnconffile &&
sudo echo " salifetime=${esplifetime}s" >> $vpnconffile &&
sudo echo " pfs=$pfs" >> $vpnconffile &&
sudo echo " keyingtries=2" >> $vpnconffile &&
sudo echo " auto=start" >> $vpnconffile &&
sudo echo "$leftpeer $rightpeer: PSK \"$secret\"" > $vpnsecretsfile &&
sudo chmod 0400 $vpnsecretsfile
if [ $dpd -ne 0 ]
then
sudo echo " dpddelay=30" >> $vpnconffile &&
sudo echo " dpdtimeout=120" >> $vpnconffile &&
sudo echo " dpdaction=restart" >> $vpnconffile
fi
if [ $dpd -ne 0 ]
then
sudo echo " dpddelay=30" >> $vpnconffile &&
sudo echo " dpdtimeout=120" >> $vpnconffile &&
sudo echo " dpdaction=restart" >> $vpnconffile
fi
enable_iptables_subnets
enable_iptables_subnets
sudo ipsec auto --rereadall
sudo ipsec auto --add vpn-$rightpeer
sudo ipsec auto --rereadall
sudo ipsec auto --add vpn-$rightpeer
logger -t cloud "$(basename $0): done ipsec tunnel entry for right peer=$rightpeer right networks=$rightnets"

4
systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip
View File

@ -16,9 +16,8 @@
# specific language governing permissions and limitations
# under the License.
. /etc/default/cloud-passwd-srvr
addr=$1;
while [ "$ENABLED" == "1" ]
while true
do
python /opt/cloud/bin/passwd_server_ip.py $addr >/dev/null 2>/dev/null
rc=$?
@ -27,5 +26,4 @@ do
logger -t cloud "Password server failed with error code $rc. Restarting it..."
sleep 3
fi
. /etc/default/cloud-passwd-srvr
done

262
systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh
View File

@ -1,262 +0,0 @@
#/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#set -x
logfile="/var/log/patchsystemvm.log"
# To use existing console proxy .zip-based package file
patch_console_proxy() {
local patchfile=$1
local backupfolder="/tmp/.conf.backup"
if [ -f /usr/local/cloud/systemvm/conf/cloud.jks ]; then
rm -fr $backupfolder
mkdir -p $backupfolder
cp -r /usr/local/cloud/systemvm/conf/* $backupfolder/
fi
rm /usr/local/cloud/systemvm -rf
mkdir -p /usr/local/cloud/systemvm
echo "All" | unzip $patchfile -d /usr/local/cloud/systemvm >$logfile 2>&1
find /usr/local/cloud/systemvm/ -name \*.sh | xargs chmod 555
if [ -f $backupfolder/cloud.jks ]; then
cp -r $backupfolder/* /usr/local/cloud/systemvm/conf/
echo "Restored keystore file and certs using backup" >> $logfile
fi
rm -fr $backupfolder
return 0
}
consoleproxy_svcs() {
systemctl enable cloud
systemctl enable postinit
systemctl disable cloud-passwd-srvr
systemctl disable haproxy
systemctl disable dnsmasq
systemctl enable ssh
systemctl disable apache2
systemctl disable nfs-common
systemctl disable portmap
systemctl disable keepalived
systemctl disable conntrackd
echo "cloud postinit ssh" > /var/cache/cloud/enabled_svcs
echo "cloud-passwd-srvr haproxy dnsmasq apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs
mkdir -p /var/log/cloud
}
secstorage_svcs() {
systemctl enable cloud on
systemctl enable postinit on
systemctl disable cloud-passwd-srvr
systemctl disable haproxy
systemctl disable dnsmasq
systemctl enable portmap
systemctl enable nfs-common
systemctl enable ssh
systemctl disable apache2
systemctl disable keepalived
systemctl disable conntrackd
echo "cloud postinit ssh nfs-common portmap" > /var/cache/cloud/enabled_svcs
echo "cloud-passwd-srvr haproxy dnsmasq" > /var/cache/cloud/disabled_svcs
mkdir -p /var/log/cloud
}
routing_svcs() {
grep "redundant_router=1" /var/cache/cloud/cmdline > /dev/null
RROUTER=$?
systemctl disable cloud
systemctl disable haproxy
systemctl enable ssh
systemctl disable nfs-common
systemctl disable portmap
echo "ssh haproxy apache2" > /var/cache/cloud/enabled_svcs
echo "cloud nfs-common portmap" > /var/cache/cloud/disabled_svcs
if [ $RROUTER -eq 0 ]
then
systemctl disable dnsmasq
systemctl disable cloud-passwd-srvr
systemctl enable keepalived
systemctl enable conntrackd
systemctl enable postinit
echo "keepalived conntrackd postinit" >> /var/cache/cloud/enabled_svcs
echo "dnsmasq cloud-passwd-srvr" >> /var/cache/cloud/disabled_svcs
else
systemctl enable dnsmasq
systemctl enable cloud-passwd-srvr
systemctl disable keepalived
systemctl disable conntrackd
echo "dnsmasq cloud-passwd-srvr " >> /var/cache/cloud/enabled_svcs
echo "keepalived conntrackd " >> /var/cache/cloud/disabled_svcs
fi
}
dhcpsrvr_svcs() {
systemctl disable cloud
systemctl enable cloud-passwd-srvr
systemctl disable haproxy
systemctl enable dnsmasq
systemctl enable ssh
systemctl disable nfs-common
systemctl disable portmap
systemctl disable keepalived
systemctl disable conntrackd
echo "ssh dnsmasq cloud-passwd-srvr apache2" > /var/cache/cloud/enabled_svcs
echo "cloud nfs-common haproxy portmap" > /var/cache/cloud/disabled_svcs
}
elbvm_svcs() {
systemctl disable cloud
systemctl disable haproxy
systemctl enable ssh
systemctl disable nfs-common
systemctl disable portmap
systemctl disable keepalived
systemctl disable conntrackd
echo "ssh haproxy" > /var/cache/cloud/enabled_svcs
echo "cloud dnsmasq cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs
}
ilbvm_svcs() {
systemctl disable cloud
systemctl enable haproxy
systemctl enable ssh
systemctl disable nfs-common
systemctl disable portmap
systemctl disable keepalived
systemctl disable conntrackd
echo "ssh haproxy" > /var/cache/cloud/enabled_svcs
echo "cloud dnsmasq cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs
}
enable_pcihotplug() {
sed -i -e "/acpiphp/d" /etc/modules
sed -i -e "/pci_hotplug/d" /etc/modules
echo acpiphp >> /etc/modules
echo pci_hotplug >> /etc/modules
}
enable_serial_console() {
#sed -i -e "/^serial.*/d" /boot/grub/grub.conf
#sed -i -e "/^terminal.*/d" /boot/grub/grub.conf
#sed -i -e "/^default.*/a\serial --unit=0 --speed=115200 --parity=no --stop=1" /boot/grub/grub.conf
#sed -i -e "/^serial.*/a\terminal --timeout=0 serial console" /boot/grub/grub.conf
#sed -i -e "s/\(^kernel.* ro\) \(console.*\)/\1 console=tty0 console=ttyS0,115200n8/" /boot/grub/grub.conf
sed -i -e "/^s0:2345:respawn.*/d" /etc/inittab
sed -i -e "/6:23:respawn/a\s0:2345:respawn:/sbin/getty -L 115200 ttyS0 vt102" /etc/inittab
}
CMDLINE=$(cat /var/cache/cloud/cmdline)
TYPE="router"
PATCH_MOUNT=$1
Hypervisor=$2
for i in $CMDLINE
do
# search for foo=bar pattern and cut out foo
KEY=$(echo $i | cut -d= -f1)
VALUE=$(echo $i | cut -d= -f2)
case $KEY in
type)
TYPE=$VALUE
;;
*)
;;
esac
done
if [ "$TYPE" == "consoleproxy" ] || [ "$TYPE" == "secstorage" ] && [ -f ${PATCH_MOUNT}/systemvm.zip ]
then
patch_console_proxy ${PATCH_MOUNT}/systemvm.zip
if [ $? -gt 0 ]
then
printf "Failed to apply patch systemvm\n" >$logfile
exit 5
fi
fi
#empty known hosts
echo "" > /root/.ssh/known_hosts
if [ "$Hypervisor" == "kvm" ]
then
enable_pcihotplug
enable_serial_console
fi
if [ "$TYPE" == "router" ] || [ "$TYPE" == "vpcrouter" ]
then
routing_svcs
if [ $? -gt 0 ]
then
printf "Failed to execute routing_svcs\n" >$logfile
exit 6
fi
fi
if [ "$TYPE" == "dhcpsrvr" ]
then
dhcpsrvr_svcs
if [ $? -gt 0 ]
then
printf "Failed to execute dhcpsrvr_svcs\n" >$logfile
exit 6
fi
fi
if [ "$TYPE" == "consoleproxy" ]
then
consoleproxy_svcs
if [ $? -gt 0 ]
then
printf "Failed to execute consoleproxy_svcs\n" >$logfile
exit 7
fi
fi
if [ "$TYPE" == "secstorage" ]
then
secstorage_svcs
if [ $? -gt 0 ]
then
printf "Failed to execute secstorage_svcs\n" >$logfile
exit 8
fi
fi
if [ "$TYPE" == "elbvm" ]
then
elbvm_svcs
if [ $? -gt 0 ]
then
printf "Failed to execute elbvm svcs\n" >$logfile
exit 9
fi
fi
if [ "$TYPE" == "ilbvm" ]
then
ilbvm_svcs
if [ $? -gt 0 ]
then
printf "Failed to execute ilbvm svcs\n" >$logfile
exit 9
fi
fi
exit $?

862
systemvm/patches/debian/config/opt/cloud/bin/setup/common.sh Executable file
View File

@ -0,0 +1,862 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
. /lib/lsb/init-functions
log_it() {
echo "$(date) $@" >> /var/log/cloud.log
log_action_msg "$@"
}
init_interfaces_orderby_macs() {
macs=( $(echo $1 | sed "s/|/ /g") )
total_nics=${#macs[@]}
interface_file=${2:-"/etc/network/interfaces"}
rule_file=${3:-"/etc/udev/rules.d/70-persistent-net.rules"}
echo -n "auto lo" > $interface_file
for((i=0; i<total_nics; i++))
do
if [[ $i < 3 ]]
then
echo -n " eth$i" >> $interface_file
fi
done
cat >> $interface_file << EOF
iface lo inet loopback
EOF
echo "" > $rule_file
for((i=0; i < ${#macs[@]}; i++))
do
echo "SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", ATTR{address}==\"${macs[$i]}\", NAME=\"eth$i\"" >> $rule_file
done
}
init_interfaces() {
if [ "$NIC_MACS" == "" ]
then
cat > /etc/network/interfaces << EOF
auto lo $1 $2 $3
iface lo inet loopback
EOF
else
init_interfaces_orderby_macs "$NIC_MACS"
fi
}
setup_interface() {
local intfnum=$1
local ip=$2
local mask=$3
local gw=$4
local force=$5
local intf=eth${intfnum}
local bootproto="static"
if [ "$BOOTPROTO" == "dhcp" ]
then
if [ "$intfnum" != "0" ]
then
bootproto="dhcp"
fi
fi
if [ "$ip" != "0.0.0.0" -a "$ip" != "" -o "$force" == "force" ]
then
echo "iface $intf inet $bootproto" >> /etc/network/interfaces
if [ "$bootproto" == "static" ]
then
echo " address $ip " >> /etc/network/interfaces
echo " netmask $mask" >> /etc/network/interfaces
fi
fi
if [ "$ip" == "0.0.0.0" -o "$ip" == "" ]
then
ifconfig $intf down
fi
if [ "$force" == "force" ]
then
ifdown $intf
else
ifdown $intf
if [ "$RROUTER" != "1" -o "$1" != "2" ]
then
ifup $intf
fi
fi
}
setup_interface_ipv6() {
sysctl net.ipv6.conf.all.disable_ipv6=0
sysctl net.ipv6.conf.all.forwarding=1
sysctl net.ipv6.conf.all.accept_ra=1
sed -i "s/net.ipv6.conf.all.disable_ipv6 =.*$/net.ipv6.conf.all.disable_ipv6 = 0/" /etc/sysctl.conf
sed -i "s/net.ipv6.conf.all.forwarding =.*$/net.ipv6.conf.all.forwarding = 1/" /etc/sysctl.conf
sed -i "s/net.ipv6.conf.all.accept_ra =.*$/net.ipv6.conf.all.accept_ra = 1/" /etc/sysctl.conf
local intfnum=$1
local ipv6="$2"
local prelen="$3"
local intf=eth${intfnum}
echo "iface $intf inet6 static" >> /etc/network/interfaces
echo " address $ipv6 " >> /etc/network/interfaces
echo " netmask $prelen" >> /etc/network/interfaces
echo " accept_ra 1" >> /etc/network/interfaces
ifdown $intf
ifup $intf
}
enable_fwding() {
local enabled=$1
log_it "cloud: enable_fwding = $1"
log_it "enable_fwding = $1"
echo "$1" > /proc/sys/net/ipv4/ip_forward
[ -f /etc/iptables/iptables.conf ] && sed -i "s/ENABLE_ROUTING=.*$/ENABLE_ROUTING=$enabled/" /etc/iptables/iptables.conf && return
}
disable_rpfilter() {
log_it "cloud: disable rp_filter"
log_it "disable rpfilter"
sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf
}
get_public_vif_list() {
local vif_list=""
for i in /sys/class/net/eth*; do
vif=$(basename $i);
if [ "$vif" != "eth0" ] && [ "$vif" != "eth1" ]
then
vif_list="$vif_list $vif";
fi
done
echo $vif_list
}
disable_rpfilter_domR() {
log_it "cloud: Tuning rp_filter on public interfaces"
VIF_LIST=$(get_public_vif_list)
log_it "rpfilter public interfaces : $VIF_LIST"
if [ "$DISABLE_RP_FILTER" == "true" ]
then
log_it "cloud: disable rp_filter on public interfaces"
sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf
echo "0" > /proc/sys/net/ipv4/conf/default/rp_filter
for vif in $VIF_LIST; do
log_it "cloud: disable rp_filter on public interface: $vif"
sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 0/" /etc/sysctl.conf
echo "0" > /proc/sys/net/ipv4/conf/$vif/rp_filter
done
else
log_it "cloud: enable rp_filter on public interfaces"
sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 1/" /etc/sysctl.conf
echo "1" > /proc/sys/net/ipv4/conf/default/rp_filter
for vif in $VIF_LIST; do
log_it "cloud: enable rp_filter on public interface: $vif"
sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 1/" /etc/sysctl.conf
echo "1" > /proc/sys/net/ipv4/conf/$vif/rp_filter
done
fi
log_it "cloud: Enabling rp_filter on Non-public interfaces(eth0,eth1,lo)"
echo "1" > /proc/sys/net/ipv4/conf/eth0/rp_filter
echo "1" > /proc/sys/net/ipv4/conf/eth1/rp_filter
echo "1" > /proc/sys/net/ipv4/conf/lo/rp_filter
}
enable_irqbalance() {
local enabled=$1
local proc=0
proc=$(cat /proc/cpuinfo | grep "processor" | wc -l)
if [ $proc -le 1 ] && [ $enabled -eq 1 ]
then
enabled=0
fi
log_it "Processors = $proc Enable service ${svc} = $enabled"
local cfg=/etc/default/irqbalance
[ -f $cfg ] && sed -i "s/ENABLED=.*$/ENABLED=$enabled/" $cfg && return
}
enable_vpc_rpsrfs() {
local enable=$1
if [ $enable -eq 0 ]
then
echo 0 > /etc/rpsrfsenable
else
echo 1 > /etc/rpsrfsenable
fi
return 0
}
enable_rpsrfs() {
local enable=$1
if [ $enable -eq 0 ]
then
echo 0 > /etc/rpsrfsenable
return 0
fi
if [ ! -f /sys/class/net/eth0/queues/rx-0/rps_cpus ]
then
echo "rps is not enabled in the kernel"
echo 0 > /etc/rpsrfsenable
return 0
fi
proc=$(cat /proc/cpuinfo | grep "processor" | wc -l)
if [ $proc -le 1 ]
then
echo 0 > /etc/rpsrfsenable
return 0;
fi
echo 1 > /etc/rpsrfsenable
num=1
num=$(($num<<$proc))
num=$(($num-1));
echo $num;
hex=$(printf "%x\n" $num)
echo $hex;
#enable rps
echo $hex > /sys/class/net/eth0/queues/rx-0/rps_cpus
echo $hex > /sys/class/net/eth2/queues/rx-0/rps_cpus
#enble rfs
echo 256 > /proc/sys/net/core/rps_sock_flow_entries
echo 256 > /sys/class/net/eth0/queues/rx-0/rps_flow_cnt
echo 256 > /sys/class/net/eth2/queues/rx-0/rps_flow_cnt
}
setup_common() {
init_interfaces $1 $2 $3
if [ -n "$ETH0_IP" ]
then
setup_interface "0" $ETH0_IP $ETH0_MASK $GW
fi
if [ -n "$ETH0_IP6" ]
then
setup_interface_ipv6 "0" $ETH0_IP6 $ETH0_IP6_PRELEN
fi
setup_interface "1" $ETH1_IP $ETH1_MASK $GW
if [ -n "$ETH2_IP" ]
then
setup_interface "2" $ETH2_IP $ETH2_MASK $GW
fi
echo $NAME > /etc/hostname
echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon
hostnamectl set-hostname $NAME
#Nameserver
sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries
sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries
if [ -n "$internalNS1" ]
then
echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf
echo "nameserver $internalNS1" > /etc/resolv.conf
fi
if [ -n "$internalNS2" ]
then
echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf
echo "nameserver $internalNS2" >> /etc/resolv.conf
fi
if [ -n "$NS1" ]
then
echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf
echo "nameserver $NS1" >> /etc/resolv.conf
fi
if [ -n "$NS2" ]
then
echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf
echo "nameserver $NS2" >> /etc/resolv.conf
fi
if [ -n "$IP6_NS1" ]
then
echo "nameserver $IP6_NS1" >> /etc/dnsmasq-resolv.conf
echo "nameserver $IP6_NS1" >> /etc/resolv.conf
fi
if [ -n "$IP6_NS2" ]
then
echo "nameserver $IP6_NS2" >> /etc/dnsmasq-resolv.conf
echo "nameserver $IP6_NS2" >> /etc/resolv.conf
fi
if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ]
then
ip route add $MGMTNET via $LOCAL_GW dev eth1
fi
ip route delete default
if [ "$RROUTER" != "1" ]
then
gwdev=$3
if [ -z "$gwdev" ]
then
gwdev="eth0"
fi
ip route add default via $GW dev $gwdev
fi
# a hacking way to activate vSwitch under VMware
ping -n -c 3 $GW &
if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ]
then
ping -n -c 3 $LOCAL_GW &
#This code is added to address ARP issue by pinging MGMT_GW
MGMT_GW=$(echo $MGMTNET | awk -F "." '{print $1"."$2"."$3".1"}')
ping -n -c 3 $MGMT_GW &
fi
if [ "$HYPERVISOR" == "vmware" ]; then
ntpq -p &> /dev/null || vmware-toolbox-cmd timesync enable
fi
}
setup_dnsmasq() {
log_it "Setting up dnsmasq"
touch /etc/dhcpopts.txt
[ -z $DHCP_RANGE ] && [ $ETH0_IP ] && DHCP_RANGE=$ETH0_IP
[ $ETH0_IP6 ] && DHCP_RANGE_IP6=$ETH0_IP6
[ -z $DOMAIN ] && DOMAIN="cloudnine.internal"
#removing the dnsmasq multiple ranges config file.
rm /etc/dnsmasq.d/multiple_ranges.conf
#get the template
cp /etc/dnsmasq.conf.tmpl /etc/dnsmasq.conf
if [ -n "$DOMAIN" ]
then
#send domain name to dhcp clients
sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\"$DOMAIN\"/ /etc/dnsmasq.conf
#DNS server will append $DOMAIN to local queries
sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf
#answer all local domain queries
sed -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf
fi
if [ -n "$DNS_SEARCH_ORDER" ]
then
sed -i -e "/^[#]*dhcp-option.*=119.*$/d" /etc/dnsmasq.conf
echo "dhcp-option-force=119,$DNS_SEARCH_ORDER" >> /etc/dnsmasq.conf
# set the domain search order as a space seprated list for option 15
DNS_SEARCH_ORDER=$(echo $DNS_SEARCH_ORDER | sed 's/,/ /g')
#send domain name to dhcp clients
sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\""$DNS_SEARCH_ORDER"\"/ /etc/dnsmasq.conf
fi
if [ $DHCP_RANGE ]
then
sed -i -e "s/^dhcp-range_ip4=.*$/dhcp-range=$DHCP_RANGE,static/" /etc/dnsmasq.conf
else
sed -i -e "s/^dhcp-range_ip4=.*$//" /etc/dnsmasq.conf
fi
if [ $DHCP_RANGE_IP6 ]
then
sed -i -e "s/^dhcp-range_ip6=.*$/dhcp-range=$DHCP_RANGE_IP6,static/" /etc/dnsmasq.conf
# For nondefault6 tagged host, don't send dns-server information
sed -i /nondefault6/d /etc/dnsmasq.conf
echo "dhcp-option=nondefault6,option6:dns-server" >> /etc/dnsmasq.conf
else
sed -i -e "s/^dhcp-range_ip6=.*$//" /etc/dnsmasq.conf
fi
if [ "$RROUTER" == "1" ]
then
DEFAULT_GW=$GUEST_GW
INTERNAL_DNS=$GUEST_GW
else
if [ "$TYPE" == "dhcpsrvr" ]
then
DEFAULT_GW=$GW
else
DEFAULT_GW=$ETH0_IP
fi
INTERNAL_DNS=$ETH0_IP
fi
sed -i -e "/^[#]*dhcp-option=option:router.*$/d" /etc/dnsmasq.conf
[ $DEFAULT_GW ] && echo "dhcp-option=option:router,$DEFAULT_GW" >> /etc/dnsmasq.conf
[ $ETH0_IP ] && [ $NS1 ] && NS="$NS1,"
[ $ETH0_IP ] && [ $NS2 ] && NS="$NS$NS2,"
[ $ETH0_IP6 ] && [ $IP6_NS1 ] && NS6="[$IP6_NS1],"
[ $ETH0_IP6 ] && [ $IP6_NS2 ] && NS6="$NS6[$IP6_NS2],"
#for now set up ourself as the dns server as well
sed -i -e "/^[#]*dhcp-option=6,.*$/d" /etc/dnsmasq.conf
sed -i -e "/^[#]*dhcp-option=option6:dns-server,.*$/d" /etc/dnsmasq.conf
if [ "$USE_EXTERNAL_DNS" != "true" ]
then
[ $ETH0_IP ] && NS="$INTERNAL_DNS,$NS"
[ $ETH0_IP6 ] && NS6="[::],$NS6"
# enable dns
sed -i -e "/^[#]*port=.*$/d" /etc/dnsmasq.conf
else
# disable dns
sed -i -e "/^[#]*port=.*$/d" /etc/dnsmasq.conf
echo "port=0" >> /etc/dnsmasq.conf
fi
NS=${NS%?}
NS6=${NS6%?}
[ $ETH0_IP ] && echo "dhcp-option=6,$NS" >> /etc/dnsmasq.conf
[ $ETH0_IP6 ] && echo "dhcp-option=option6:dns-server,$NS6" >> /etc/dnsmasq.conf
#adding the name data-server to the /etc/hosts for allowing the access to user-data service and ssh-key reset in every subnet.
#removing the existing entires to avoid duplicates on restarts.
sed -i '/data-server/d' /etc/hosts
if [ -n "$ETH0_IP" ]
then
echo "$ETH0_IP data-server" >> /etc/hosts
fi
if [ -n "$ETH0_IP6" ]
then
echo "$ETH0_IP6 data-server" >> /etc/hosts
fi
#add the dhcp-client-update only if dnsmasq version is 2.6 and above
dnsmasqVersion=$(dnsmasq -v | grep version -m 1 | grep -o "[[:digit:]]\.[[:digit:]]")
major=$(echo "$dnsmasqVersion" | cut -d '.' -f 1)
minor=$(echo "$dnsmasqVersion" | cut -d '.' -f 2)
if [ "$major" -eq '2' -a "$minor" -ge '6' ] || [ "$major" -gt '2' ]
then
sed -i -e "/^dhcp-client-update/d" /etc/dnsmasq.conf
echo 'dhcp-client-update' >> /etc/dnsmasq.conf
fi
command -v dhcp_release > /dev/null 2>&1
no_dhcp_release=$?
if [ $no_dhcp_release -eq 0 -a -z "$ETH0_IP6" ]
then
echo 1 > /var/cache/cloud/dnsmasq_managed_lease
sed -i -e "/^leasefile-ro/d" /etc/dnsmasq.conf
else
echo 0 > /var/cache/cloud/dnsmasq_managed_lease
fi
}
setup_sshd(){
local ip=$1
local eth=$2
[ -f /etc/ssh/sshd_config ] && sed -i -e "s/^[#]*ListenAddress.*$/ListenAddress $ip/" /etc/ssh/sshd_config
sed -i "/3922/s/eth./$eth/" /etc/iptables/rules.v4
sed -i "/3922/s/eth./$eth/" /etc/iptables/rules
}
setup_vpc_apache2() {
log_it "Setting up apache web server for VPC"
systemctl disable apache2
clean_ipalias_config
setup_apache2_common
}
clean_ipalias_config() {
# Old
rm -f /etc/apache2/conf.d/ports.*.meta-data.conf
rm -f /etc/apache2/sites-available/ipAlias*
rm -f /etc/apache2/sites-enabled/ipAlias*
rm -f /etc/apache2/conf.d/vhost*.conf
rm -f /etc/apache2/ports.conf
rm -f /etc/apache2/vhostexample.conf
rm -f /etc/apache2/sites-available/default
rm -f /etc/apache2/sites-available/default-ssl
rm -f /etc/apache2/sites-enabled/default
rm -f /etc/apache2/sites-enabled/default-ssl
# New
rm -f /etc/apache2/sites-enabled/vhost-*.conf
rm -f /etc/apache2/sites-enabled/000-default
rm -rf /etc/failure_config
}
setup_apache2_common() {
sed -i 's/^Include ports.conf.*/# CS: Done by Python CsApp config\n#Include ports.conf/g' /etc/apache2/apache2.conf
[ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerTokens .*/ServerTokens Prod/g" /etc/apache2/conf.d/security
[ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerSignature .*/ServerSignature Off/g" /etc/apache2/conf.d/security
# Disable listing of http://SSVM-IP/icons folder for security issue. see article http://www.i-lateral.com/tutorials/disabling-the-icons-folder-on-an-ubuntu-web-server/
[ -f /etc/apache2/mods-available/alias.conf ] && sed -i s/"Options Indexes MultiViews"/"Options -Indexes MultiViews"/ /etc/apache2/mods-available/alias.conf
echo "Options -Indexes" > /var/www/html/.htaccess
}
setup_apache2() {
log_it "Setting up apache web server"
clean_ipalias_config
setup_apache2_common
local ip=$1
}
setup_aesni() {
if [ `grep aes /proc/cpuinfo | wc -l` -gt 0 ]
then
modprobe aesni_intel
fi
}
setup_storage_network() {
if [ x"$STORAGE_IP" == "x" -o x"$STORAGE_NETMASK" == "x" ]
then
log_it "Incompleted parameters STORAGE_IP:$STORAGE_IP, STORAGE_NETMASK:$STORAGE_NETMASK, STORAGE_CIDR:$STORAGE_CIDR. Cannot setup storage network"
return
fi
echo "" >> /etc/network/interfaces
echo "auto eth3" >> /etc/network/interfaces
setup_interface "3" "$STORAGE_IP" "$STORAGE_NETMASK"
[ -n "$MTU" ] && ifconfig eth3 mtu $MTU && echo " mtu $MTU" >> /etc/network/interfaces
#ip route add "$STORAGE_CIDR" via "$STORAGE_IP"
log_it "Successfully setup storage network with STORAGE_IP:$STORAGE_IP, STORAGE_NETMASK:$STORAGE_NETMASK, STORAGE_CIDR:$STORAGE_CIDR"
}
setup_system_rfc1918_internal() {
public_ip=`getPublicIp`
echo "$public_ip" | grep -E "^((127\.)|(10\.)|(172\.1[6-9]\.)|(172\.2[0-9]\.)|(172\.3[0-1]\.)|(192\.168\.))"
if [ "$?" == "0" ]; then
log_it "Not setting up route of RFC1918 space to $LOCAL_GW befause $public_ip is RFC1918."
else
log_it "Setting up route of RFC1918 space to $LOCAL_GW"
# Setup general route for RFC 1918 space, as otherwise it will be sent to
# the public gateway and not work
# More specific routes that may be set have preference over this generic route.
ip route add 10.0.0.0/8 via $LOCAL_GW
ip route add 172.16.0.0/12 via $LOCAL_GW
ip route add 192.168.0.0/16 via $LOCAL_GW
fi
}
getPublicIp() {
public_ip=$ETH2_IP
[ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH1_IP
echo $public_ip
}
setup_ntp() {
log_it "Setting up NTP"
NTP_CONF_FILE="/etc/ntp.conf"
if [ -f $NTP_CONF_FILE ]
then
IFS=',' read -a server_list <<< "$NTP_SERVER_LIST"
for (( iterator=${#server_list[@]}-1 ; iterator>=0 ; iterator-- ))
do
server=$(echo ${server_list[iterator]} | tr -d '\r')
PATTERN="server $server"
if grep -q "^$PATTERN$" $NTP_CONF_FILE ; then
sed -i "/^$PATTERN$/d" $NTP_CONF_FILE
fi
sed -i "0,/^server/s//$PATTERN\nserver/" $NTP_CONF_FILE
done
systemctl enable ntp
else
log_it "NTP configuration file not found"
fi
}
routing_svcs() {
systemctl disable --now cloud
systemctl disable --now nfs-common
systemctl disable --now portmap
systemctl enable apache2
systemctl enable haproxy
systemctl enable ssh
echo "ssh haproxy apache2" > /var/cache/cloud/enabled_svcs
echo "cloud nfs-common portmap" > /var/cache/cloud/disabled_svcs
if [ $RROUTER -eq 1 ]
then
systemctl disable --now cloud-passwd-srvr
systemctl disable --now dnsmasq
systemctl enable conntrackd
systemctl enable keepalived
echo "keepalived conntrackd" >> /var/cache/cloud/enabled_svcs
echo "dnsmasq cloud-passwd-srvr" >> /var/cache/cloud/disabled_svcs
else
systemctl disable --now conntrackd
systemctl disable --now keepalived
systemctl enable cloud-passwd-srvr
systemctl enable dnsmasq
echo "dnsmasq cloud-passwd-srvr " >> /var/cache/cloud/enabled_svcs
echo "keepalived conntrackd " >> /var/cache/cloud/disabled_svcs
fi
}
setup_redundant_router() {
rrouter_bin_path="/ramdisk/rrouter"
rrouter_log="/ramdisk/rrouter/keepalived.log"
rrouter_bin_path_str="\/ramdisk\/rrouter"
rrouter_log_str="\/ramdisk\/rrouter\/keepalived.log"
mkdir -p /ramdisk
mount tmpfs /ramdisk -t tmpfs
mkdir -p /ramdisk/rrouter
ip route delete default
cp /root/redundant_router/keepalived.conf.templ /etc/keepalived/keepalived.conf
cp /root/redundant_router/conntrackd.conf.templ /etc/conntrackd/conntrackd.conf
cp /root/redundant_router/enable_pubip.sh.templ $rrouter_bin_path/enable_pubip.sh
cp /root/redundant_router/master.sh.templ $rrouter_bin_path/master.sh
cp /root/redundant_router/backup.sh.templ $rrouter_bin_path/backup.sh
cp /root/redundant_router/fault.sh.templ $rrouter_bin_path/fault.sh
cp /root/redundant_router/primary-backup.sh.templ $rrouter_bin_path/primary-backup.sh
cp /root/redundant_router/heartbeat.sh.templ $rrouter_bin_path/heartbeat.sh
cp /root/redundant_router/check_heartbeat.sh.templ $rrouter_bin_path/check_heartbeat.sh
cp /root/redundant_router/arping_gateways.sh.templ $rrouter_bin_path/arping_gateways.sh
cp /root/redundant_router/check_bumpup.sh $rrouter_bin_path/
cp /root/redundant_router/disable_pubip.sh $rrouter_bin_path/
cp /root/redundant_router/checkrouter.sh.templ /opt/cloud/bin/checkrouter.sh
cp /root/redundant_router/services.sh $rrouter_bin_path/
sed -i "s/\[ROUTER_ID\]/$NAME/g" /etc/keepalived/keepalived.conf
sed -i "s/\[ROUTER_IP\]/$GUEST_GW\/$GUEST_CIDR_SIZE/g" /etc/keepalived/keepalived.conf
sed -i "s/\[BOARDCAST\]/$GUEST_BRD/g" /etc/keepalived/keepalived.conf
sed -i "s/\[PRIORITY\]/$ROUTER_PR/g" /etc/keepalived/keepalived.conf
sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" /etc/keepalived/keepalived.conf
sed -i "s/\[DELTA\]/2/g" /etc/keepalived/keepalived.conf
sed -i "s/\[LINK_IF\]/eth0/g" /etc/conntrackd/conntrackd.conf
sed -i "s/\[LINK_IP\]/$ETH0_IP/g" /etc/conntrackd/conntrackd.conf
sed -i "s/\[IGNORE_IP1\]/$GUEST_GW/g" /etc/conntrackd/conntrackd.conf
sed -i "s/\[IGNORE_IP2\]/$ETH0_IP/g" /etc/conntrackd/conntrackd.conf
sed -i "s/\[IGNORE_IP3\]/$ETH1_IP/g" /etc/conntrackd/conntrackd.conf
sed -i "s/\[ETH2IP\]/$ETH2_IP/g" $rrouter_bin_path/enable_pubip.sh
sed -i "s/\[ETH2MASK\]/$ETH2_MASK/g" $rrouter_bin_path/enable_pubip.sh
sed -i "s/\[GATEWAY\]/$GW/g" $rrouter_bin_path/enable_pubip.sh
sed -i "s/\[GATEWAY\]/$GW/g" $rrouter_bin_path/master.sh
sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/master.sh
sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/backup.sh
sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/fault.sh
sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/heartbeat.sh
sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/check_heartbeat.sh
sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/master.sh
sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/backup.sh
sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/fault.sh
sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/primary-backup.sh
sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/check_heartbeat.sh
sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/arping_gateways.sh
sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" /opt/cloud/bin/checkrouter.sh
if [ $ADVERT_INT ]
then
sed -i "s/advert_int 1/advert_int $ADVERT_INT/g" /etc/keepalived/keepalived.conf
fi
chmod a+x $rrouter_bin_path/*.sh
sed -i "s/--exec\ \$DAEMON;/--exec\ \$DAEMON\ --\ --vrrp;/g" /etc/init.d/keepalived
crontab -l|grep "check_heartbeat.sh"
if [ $? -ne 0 ]
then
(crontab -l; echo -e "SHELL=/bin/bash\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n*/1 * * * * $rrouter_bin_path/check_heartbeat.sh 2>&1 > /dev/null") | crontab
fi
}
parse_cmd_line() {
CMDLINE=$(cat /var/cache/cloud/cmdline)
TYPE="unknown"
BOOTPROTO="static"
DISABLE_RP_FILTER="false"
STORAGE_IP=""
STORAGE_NETMASK=""
STORAGE_CIDR=""
VM_PASSWORD=""
CHEF_TMP_FILE=/tmp/cmdline.json
COMMA="\t"
echo -e "{\n\"type\": \"cmdline\"," > ${CHEF_TMP_FILE}
echo -e "\"cmd_line\": {" >> ${CHEF_TMP_FILE}
for i in $CMDLINE
do
# search for foo=bar pattern and cut out foo
KEY=$(echo $i | cut -d= -f1)
VALUE=$(echo $i | cut -d= -f2)
echo -en ${COMMA} >> ${CHEF_TMP_FILE}
# Two lines so values do not accidently interpretted as escapes!!
echo -n \"${KEY}\"': '\"${VALUE}\" >> ${CHEF_TMP_FILE}
COMMA=",\n\t"
case $KEY in
disable_rp_filter)
export DISABLE_RP_FILTER=$VALUE
;;
eth0ip)
export ETH0_IP=$VALUE
;;
eth1ip)
export ETH1_IP=$VALUE
;;
eth2ip)
export ETH2_IP=$VALUE
;;
host)
export MGMT_HOST=$VALUE
;;
gateway)
export GW=$VALUE
;;
ip6gateway)
export IP6GW=$VALUE
;;
eth0mask)
export ETH0_MASK=$VALUE
;;
eth1mask)
export ETH1_MASK=$VALUE
;;
eth2mask)
export ETH2_MASK=$VALUE
;;
eth0ip6)
export ETH0_IP6=$VALUE
;;
eth0ip6prelen)
export ETH0_IP6_PRELEN=$VALUE
;;
internaldns1)
export internalNS1=$VALUE
;;
internaldns2)
export internalNS2=$VALUE
;;
dns1)
export NS1=$VALUE
;;
dns2)
export NS2=$VALUE
;;
ip6dns1)
export IP6_NS1=$VALUE
;;
ip6dns2)
export IP6_NS2=$VALUE
;;
domain)
export DOMAIN=$VALUE
;;
dnssearchorder)
export DNS_SEARCH_ORDER=$VALUE
;;
useextdns)
export USE_EXTERNAL_DNS=$VALUE
;;
mgmtcidr)
export MGMTNET=$VALUE
;;
localgw)
export LOCAL_GW=$VALUE
;;
template)
export TEMPLATE=$VALUE
;;
sshonguest)
export SSHONGUEST=$VALUE
;;
name)
export NAME=$VALUE
;;
dhcprange)
export DHCP_RANGE=$(echo $VALUE | tr ':' ',')
;;
bootproto)
export BOOTPROTO=$VALUE
;;
type)
export TYPE=$VALUE
;;
defaultroute)
export DEFAULTROUTE=$VALUE
;;
redundant_router)
export RROUTER=$VALUE
;;
guestgw)
export GUEST_GW=$VALUE
;;
guestbrd)
export GUEST_BRD=$VALUE
;;
guestcidrsize)
export GUEST_CIDR_SIZE=$VALUE
;;
router_pr)
export ROUTER_PR=$VALUE
;;
extra_pubnics)
export EXTRA_PUBNICS=$VALUE
;;
nic_macs)
export NIC_MACS=$VALUE
;;
mtu)
export MTU=$VALUE
;;
storageip)
export STORAGE_IP=$VALUE
;;
storagenetmask)
export STORAGE_NETMASK=$VALUE
;;
storagecidr)
export STORAGE_CIDR=$VALUE
;;
vmpassword)
export VM_PASSWORD=$VALUE
;;
vpccidr)
export VPCCIDR=$VALUE
;;
cidrsize)
export CIDR_SIZE=$VALUE
;;
advert_int)
export ADVERT_INT=$VALUE
;;
ntpserverlist)
export NTP_SERVER_LIST=$VALUE
;;
esac
done
echo -e "\n\t}\n}" >> ${CHEF_TMP_FILE}
if [ "$TYPE" != "unknown" ]
then
mv ${CHEF_TMP_FILE} /var/cache/cloud/cmd_line.json
fi
[ $ETH0_IP ] && export LOCAL_ADDRS=$ETH0_IP
[ $ETH0_IP6 ] && export LOCAL_ADDRS=$ETH0_IP6
[ $ETH0_IP ] && [ $ETH0_IP6 ] && export LOCAL_ADDRS="$ETH0_IP,$ETH0_IP6"
# Randomize cloud password so only ssh login is allowed
echo "cloud:`openssl rand -base64 32`" | chpasswd
if [ x"$VM_PASSWORD" != x"" ]
then
echo "root:$VM_PASSWORD" | chpasswd
fi
}
parse_cmd_line

61
systemvm/patches/debian/config/opt/cloud/bin/setup/consoleproxy.sh Executable file
View File

@ -0,0 +1,61 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
. /opt/cloud/bin/setup/common.sh
consoleproxy_svcs() {
echo "cloud ssh" > /var/cache/cloud/enabled_svcs
echo "cloud-passwd-srvr haproxy dnsmasq apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs
mkdir -p /var/log/cloud
}
setup_console_proxy() {
log_it "Setting up console proxy system vm"
setup_common eth0 eth1 eth2
setup_system_rfc1918_internal
log_it "Setting up entry in hosts"
sed -i /$NAME/d /etc/hosts
public_ip=`getPublicIp`
echo "$public_ip $NAME" >> /etc/hosts
log_it "Applying iptables rules"
cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules.v4
cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules
log_it "Configuring sshd"
local hyp=$HYPERVISOR
if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ]; then
setup_sshd $ETH1_IP "eth1"
else
setup_sshd $ETH0_IP "eth0"
fi
disable_rpfilter
enable_fwding 0
enable_irqbalance 0
rm -f /etc/logrotate.d/cloud
}
consoleproxy_svcs
if [ $? -gt 0 ]
then
log_it "Failed to execute consoleproxy_svcs"
exit 1
fi
setup_console_proxy

14
systemvm/patches/debian/config/etc/default/cloud → systemvm/patches/debian/config/opt/cloud/bin/setup/default.sh Normal file → Executable file
View File

@ -1,3 +1,4 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@ -15,5 +16,14 @@
# specific language governing permissions and limitations
# under the License.
#set ENABLED to 1 if you want the init script to start the password server
ENABLED=0
. /opt/cloud/bin/setup/common.sh
setup_default() {
cat > /etc/network/interfaces << EOF
auto lo
iface lo inet loopback
EOF
cp -f /etc/iptables/rt_tables_init /etc/iproute2/rt_tables
}
setup_default

62
systemvm/patches/debian/config/opt/cloud/bin/setup/dhcpsrvr.sh Executable file
View File

@ -0,0 +1,62 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
. /opt/cloud/bin/setup/common.sh
dhcpsrvr_svcs() {
echo "ssh dnsmasq cloud-passwd-srvr apache2" > /var/cache/cloud/enabled_svcs
echo "cloud nfs-common conntrackd keepalived haproxy portmap" > /var/cache/cloud/disabled_svcs
}
setup_dhcpsrvr() {
log_it "Setting up dhcp server system vm"
setup_common eth0 eth1
setup_dnsmasq
setup_apache2 $ETH0_IP
sed -i /$NAME/d /etc/hosts
[ $ETH0_IP ] && echo "$ETH0_IP $NAME" >> /etc/hosts
[ $ETH0_IP6 ] && echo "$ETH0_IP6 $NAME" >> /etc/hosts
enable_irqbalance 0
enable_fwding 0
cp /etc/iptables/iptables-router /etc/iptables/rules.v4
cp /etc/iptables/iptables-router /etc/iptables/rules
#Only allow DNS service for current network
sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
if [ "$SSHONGUEST" == "true" ]
then
setup_sshd $ETH0_IP "eth0"
else
setup_sshd $ETH1_IP "eth1"
fi
}
dhcpsrvr_svcs
if [ $? -gt 0 ]
then
log_it "Failed to execute dhcpsrvr_svcs"
exit 1
fi
setup_dhcpsrvr

53
systemvm/patches/debian/config/opt/cloud/bin/setup/elbvm.sh Executable file
View File

@ -0,0 +1,53 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
. /opt/cloud/bin/setup/common.sh
elbvm_svcs() {
echo "ssh haproxy" > /var/cache/cloud/enabled_svcs
echo "cloud dnsmasq conntrackd keepalived cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs
}
setup_elbvm() {
log_it "Setting up Elastic Load Balancer system vm"
setup_common eth0 eth1
sed -i /$NAME/d /etc/hosts
public_ip=$ETH2_IP
[ "$ETH2_IP" == "0.0.0.0" ] || [ "$ETH2_IP" == "" ] && public_ip=$ETH0_IP
echo "$public_ip $NAME" >> /etc/hosts
cp /etc/iptables/iptables-elbvm /etc/iptables/rules.v4
cp /etc/iptables/iptables-elbvm /etc/iptables/rules
if [ "$SSHONGUEST" == "true" ]
then
setup_sshd $ETH0_IP "eth0"
else
setup_sshd $ETH1_IP "eth1"
fi
enable_fwding 0
enable_irqbalance 0
}
elbvm_svcs
if [ $? -gt 0 ]
then
log_it "Failed to execute elbvm svcs"
exit 1
fi
setup_elbvm

33
systemvm/patches/debian/config/etc/default/cloud-passwd-srvr → systemvm/patches/debian/config/opt/cloud/bin/setup/ilbvm.sh Normal file → Executable file
View File

@ -1,3 +1,4 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@ -15,5 +16,33 @@
# specific language governing permissions and limitations
# under the License.
#set ENABLED to 1 if you want the init script to start the password server
ENABLED=0
. /opt/cloud/bin/setup/common.sh
ilbvm_svcs() {
echo "ssh haproxy" > /var/cache/cloud/enabled_svcs
echo "cloud dnsmasq conntrackd keepalived cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs
}
setup_ilbvm() {
log_it "Setting up Internal Load Balancer system vm"
setup_common eth0 eth1
#eth0 = guest network, eth1=control network
sed -i /$NAME/d /etc/hosts
echo "$ETH0_IP $NAME" >> /etc/hosts
cp /etc/iptables/iptables-ilbvm /etc/iptables/rules.v4
cp /etc/iptables/iptables-ilbvm /etc/iptables/rules
setup_sshd $ETH1_IP "eth1"
enable_fwding 0
enable_irqbalance 1
}
ilbvm_svcs
if [ $? -gt 0 ]
then
log_it "Failed to execute ilbvm svcs"
exit 1
fi
setup_ilbvm

57
systemvm/patches/debian/config/opt/cloud/bin/setup/patchsystemvm.sh Executable file
View File

@ -0,0 +1,57 @@
#/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#set -x
logfile="/var/log/patchsystemvm.log"
# To use existing console proxy .zip-based package file
patch_systemvm() {
local patchfile=$1
local backupfolder="/tmp/.conf.backup"
if [ -f /usr/local/cloud/systemvm/conf/cloud.jks ]; then
rm -fr $backupfolder
mkdir -p $backupfolder
cp -r /usr/local/cloud/systemvm/conf/* $backupfolder/
fi
rm /usr/local/cloud/systemvm -rf
mkdir -p /usr/local/cloud/systemvm
echo "All" | unzip $patchfile -d /usr/local/cloud/systemvm >$logfile 2>&1
find /usr/local/cloud/systemvm/ -name \*.sh | xargs chmod 555
if [ -f $backupfolder/cloud.jks ]; then
cp -r $backupfolder/* /usr/local/cloud/systemvm/conf/
echo "Restored keystore file and certs using backup" >> $logfile
fi
rm -fr $backupfolder
return 0
}
CMDLINE=/var/cache/cloud/cmdline
PATCH_MOUNT=$1
TYPE=$2
echo "Patching systemvm for cloud service with mount=$PATCH_MOUNT for type=$TYPE" >> $logfile
if [ "$TYPE" == "consoleproxy" ] || [ "$TYPE" == "secstorage" ] && [ -f ${PATCH_MOUNT}/systemvm.zip ]
then
patch_systemvm ${PATCH_MOUNT}/systemvm.zip
if [ $? -gt 0 ]
then
echo "Failed to apply patch systemvm\n" >> $logfile
exit 1
fi
fi

106
systemvm/patches/debian/config/opt/cloud/bin/setup/router.sh Executable file
View File

@ -0,0 +1,106 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
. /opt/cloud/bin/setup/common.sh
setup_router() {
log_it "Setting up virtual router system vm"
#To save router public interface and gw ip information
touch /var/cache/cloud/ifaceGwIp
oldmd5=
[ -f "/etc/udev/rules.d/70-persistent-net.rules" ] && oldmd5=$(md5sum "/etc/udev/rules.d/70-persistent-net.rules" | awk '{print $1}')
if [ -n "$ETH2_IP" ]
then
setup_common eth0 eth1 eth2
if [ -n "$EXTRA_PUBNICS" ]
then
for((i = 3; i < 3 + $EXTRA_PUBNICS; i++))
do
setup_interface "$i" "0.0.0.0" "255.255.255.255" $GW "force"
done
fi
else
setup_common eth0 eth1
if [ -n "$EXTRA_PUBNICS" ]
then
for((i = 2; i < 2 + $EXTRA_PUBNICS; i++))
do
setup_interface "$i" "0.0.0.0" "255.255.255.255" $GW "force"
done
fi
fi
if [ -n "$ETH2_IP" -a "$RROUTER" == "1" ]
then
setup_redundant_router
fi
log_it "Checking udev NIC assignment order changes"
if [ "$NIC_MACS" != "" ]
then
init_interfaces_orderby_macs "$NIC_MACS" "/tmp/interfaces" "/tmp/udev-rules"
newmd5=$(md5sum "/tmp/udev-rules" | awk '{print $1}')
rm /tmp/interfaces
rm /tmp/udev-rules
if [ "$oldmd5" != "$newmd5" ]
then
log_it "udev NIC assignment requires reboot to take effect"
sync
sleep 2
reboot
fi
fi
setup_aesni
setup_dnsmasq
setup_apache2 $ETH0_IP
sed -i /$NAME/d /etc/hosts
echo "$ETH0_IP $NAME" >> /etc/hosts
enable_irqbalance 1
disable_rpfilter_domR
enable_fwding 1
enable_rpsrfs 1
cp /etc/iptables/iptables-router /etc/iptables/rules.v4
#for old templates
cp /etc/iptables/iptables-router /etc/iptables/rules
setup_sshd $ETH1_IP "eth1"
#Only allow DNS service for current network
sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
#setup hourly logrotate
mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1
}
routing_svcs
if [ $? -gt 0 ]
then
log_it "Failed to execute routing_svcs"
exit 1
fi
setup_router

90
systemvm/patches/debian/config/opt/cloud/bin/setup/secstorage.sh Executable file
View File

@ -0,0 +1,90 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
. /opt/cloud/bin/setup/common.sh
secstorage_svcs() {
echo "apache2 cloud ssh nfs-common portmap" > /var/cache/cloud/enabled_svcs
echo "cloud-passwd-srvr conntrackd keepalived haproxy dnsmasq" > /var/cache/cloud/disabled_svcs
mkdir -p /var/log/cloud
}
setup_secstorage() {
log_it "Setting up secondary storage system vm"
sysctl vm.min_free_kbytes=8192
setup_common eth0 eth1 eth2
setup_storage_network
setup_system_rfc1918_internal
log_it "Setting up entry in hosts"
sed -i /$NAME/d /etc/hosts
public_ip=`getPublicIp`
echo "$public_ip $NAME" >> /etc/hosts
log_it "Applying iptables rules"
cp /etc/iptables/iptables-secstorage /etc/iptables/rules.v4
cp /etc/iptables/iptables-secstorage /etc/iptables/rules
log_it "Configuring sshd"
local hyp=$HYPERVISOR
if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ]; then
setup_sshd $ETH1_IP "eth1"
else
setup_sshd $ETH0_IP "eth0"
fi
log_it "Configuring apache2"
setup_apache2 $ETH2_IP
# Deprecated, should move to Cs Python all of it
sed -e "s/<VirtualHost .*:80>/<VirtualHost $ETH2_IP:80>/" \
-e "s/<VirtualHost .*:443>/<VirtualHost $ETH2_IP:443>/" \
-e "s/Listen .*:80/Listen $ETH2_IP:80/g" \
-e "s/Listen .*:443/Listen $ETH2_IP:443/g" /etc/apache2/vhost.template > /etc/apache2/sites-enabled/vhost-${ETH2_IP}.conf
log_it "Setting up apache2 for post upload of volume/template"
a2enmod proxy
a2enmod proxy_http
a2enmod headers
cat >/etc/apache2/cors.conf <<CORS
RewriteEngine On
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_METHOD} =POST
RewriteRule ^/upload/(.*) http://127.0.0.1:8210/upload?uuid=\$1 [P,L]
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, OPTIONS"
Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token, x-signature, x-metadata, x-expires"
CORS
disable_rpfilter
enable_fwding 0
enable_irqbalance 0
setup_ntp
rm -f /etc/logrotate.d/cloud
}
secstorage_svcs
if [ $? -gt 0 ]
then
log_it "Failed to execute secstorage_svcs"
exit 1
fi
setup_secstorage

129
systemvm/patches/debian/config/opt/cloud/bin/setup/vpcrouter.sh Executable file
View File

@ -0,0 +1,129 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
. /opt/cloud/bin/setup/common.sh
setup_vpcrouter() {
log_it "Setting up VPC virtual router system vm"
if [ -f /etc/hosts ]; then
grep -q $NAME /etc/hosts || echo "127.0.0.1 $NAME" >> /etc/hosts;
fi
cat > /etc/network/interfaces << EOF
auto lo eth0
iface lo inet loopback
EOF
setup_interface "0" $ETH0_IP $ETH0_MASK $GW
echo $NAME > /etc/hostname
echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon
hostnamectl set-hostname $NAME
#Nameserver
sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries
sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries
if [ -n "$internalNS1" ]
then
echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf
echo "nameserver $internalNS1" > /etc/resolv.conf
fi
if [ -n "$internalNS2" ]
then
echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf
echo "nameserver $internalNS2" >> /etc/resolv.conf
fi
if [ -n "$NS1" ]
then
echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf
echo "nameserver $NS1" >> /etc/resolv.conf
fi
if [ -n "$NS2" ]
then
echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf
echo "nameserver $NS2" >> /etc/resolv.conf
fi
if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ]
then
if [ "$HYPERVISOR" == "vmware" ] || [ "$HYPERVISOR" == "hyperv" ];
then
ip route add $MGMTNET via $LOCAL_GW dev eth0
# a hacking way to activate vSwitch under VMware
ping -n -c 3 $LOCAL_GW &
sleep 3
pkill ping
fi
fi
if [ "$RROUTER" == "1" ]
then
setup_redundant_router
fi
ip route delete default
# create route table for static route
sudo echo "252 static_route" >> /etc/iproute2/rt_tables 2>/dev/null
sudo echo "251 static_route_back" >> /etc/iproute2/rt_tables 2>/dev/null
sudo ip rule add from $VPCCIDR table static_route 2>/dev/null
sudo ip rule add from $VPCCIDR table static_route_back 2>/dev/null
setup_vpc_apache2
enable_irqbalance 1
enable_vpc_rpsrfs 1
disable_rpfilter
enable_fwding 1
cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules.v4
cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules
setup_sshd $ETH0_IP "eth0"
cp /etc/vpcdnsmasq.conf /etc/dnsmasq.conf
cp /etc/cloud-nic.rules /etc/udev/rules.d/cloud-nic.rules
echo "" > /etc/dnsmasq.d/dhcphosts.txt
echo "dhcp-hostsfile=/etc/dhcphosts.txt" > /etc/dnsmasq.d/cloud.conf
[ -z $DOMAIN ] && DOMAIN="cloudnine.internal"
#DNS server will append $DOMAIN to local queries
sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf
#answer all local domain queries
sed -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf
command -v dhcp_release > /dev/null 2>&1
no_dhcp_release=$?
if [ $no_dhcp_release -eq 0 ]
then
echo 1 > /var/cache/cloud/dnsmasq_managed_lease
sed -i -e "/^leasefile-ro/d" /etc/dnsmasq.conf
else
echo 0 > /var/cache/cloud/dnsmasq_managed_lease
fi
#setup hourly logrotate
mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1
}
routing_svcs
if [ $? -gt 0 ]
then
log_it "Failed to execute routing_svcs"
exit 1
fi
setup_vpcrouter

6
systemvm/patches/debian/config/opt/cloud/templates/check_heartbeat.sh.templ
View File

@ -47,9 +47,9 @@ then
if [ $s -gt 2 ]
then
echo Keepalived process is dead! >> $ROUTER_LOG
service keepalived stop >> $ROUTER_LOG 2>&1
service conntrackd stop >> $ROUTER_LOG 2>&1
systemctl stop keepalived >> $ROUTER_LOG 2>&1
systemctl stop conntrackd >> $ROUTER_LOG 2>&1
#Set fault so we have the same effect as a KeepaliveD fault.
python /opt/cloud/bin/master.py --fault

2
systemvm/patches/debian/config/root/.ssh/authorized_keys
View File

@ -1 +1 @@
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvFu3MLSPphFRBR1yM7nBukXWS9gPdAXfqq9cfC8ZqQN9ybi531aj44CybZ4BVT4kLfzbAs7+7nJeSIpPHxjv9XFqbxjIxoFeGYkj7s0RrJgtsEmvAAubZ3mYboUAYUivMgnJFLnv4VqyAbpjix6CfECUiU4ygwo24F3F6bAmhl4Vo1R5TSUdDIX876YePJTFtuVkLl4lu/+xw1QRWrgaSFosGICT37IKY7RjE79Ozb0GjNHyJPPgVAGkUVO4LawroL9dYOBlzdHpmqqA9Kc44oQBpvcU7s1+ezRTt7fZNnP7TG9ninZtrvnP4qmwAc4iUJ7N1bwh0mCblnoTfZ28hw== anthony@mobl-ant
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2RIE3hgSAD8zULuyE7KDW9EKh2oVbNGY7iSL/VI5xHLISKh4e8ksTshWjlGBtrUCnuzR7y2BUxZ65RI8XkB1fEDxcOU4/0lVPvJYDSsGveXoOgpLwOtKRoGLgjFUGzBQlj2s6YaYQxoNTqtBVkDIH6ekPNq0Q38hRrFcsVIk1sFo5ejuvFxt2wx6APcFIQtHSNezEDO0GVUScDU1N1YEMMv1PU3M/SrcezkXrGl/efF3kWtY9L5xm7sojHMCCqsI38r8ogof67F7JdWRXM6Nl3VzkdCBzWGcyAl+cYfjzgOiBGXyAyYBk8qqzJjKwUOtdjfRvCyowA/0xBwMW1T7PQ==

24
systemvm/scripts/_run.sh
View File

@ -16,24 +16,16 @@
# specific language governing permissions and limitations
# under the License.
# run.sh runs the cloud service
#set -x
# make sure we delete the old files from the original template
rm -f console-proxy.jar
rm -f console-common.jar
rm -f conf/cloud.properties
CP="./:./conf:$(ls *.jar | tr '\n' ':' | sed s'/.$//')"
#run.sh runs the console proxy.
# make sure we delete the old files from the original template
rm console-proxy.jar
rm console-common.jar
rm conf/cloud.properties
set -x
CP=./:./conf
for file in *.jar
do
CP=${CP}:$file
done
keyvalues=
LOGHOME=/var/log/cloud/
@ -50,7 +42,7 @@ for i in $CMDLINE
keyvalues="${keyvalues} $KEY=$VALUE"
esac
done
tot_mem_k=$(cat /proc/meminfo | grep MemTotal | awk '{print $2}')
let "tot_mem_m=tot_mem_k>>10"
let "eightypcnt=$tot_mem_m*8/10"

1
systemvm/scripts/config_ssl.sh
View File

@ -49,7 +49,6 @@ config_apache2_conf() {
sed -i -e "s/<VirtualHost.*>/<VirtualHost $ip:443>/" /etc/apache2/sites-available/default-ssl
sed -i -e "s/Listen .*:80/Listen $ip:80/g" /etc/apache2/ports.conf
sed -i -e "s/Listen .*:443/Listen $ip:443/g" /etc/apache2/ports.conf
sed -i -e "s/NameVirtualHost .*:80/NameVirtualHost $ip:80/g" /etc/apache2/ports.conf
sed -i 's/ssl-cert-snakeoil.key/cert_apache.key/' /etc/apache2/sites-available/default-ssl
sed -i 's/ssl-cert-snakeoil.pem/cert_apache.crt/' /etc/apache2/sites-available/default-ssl
sed -i 's/SSLProtocol.*$/SSLProtocol all -SSLv2 -SSLv3/' /etc/apache2/sites-available/default-ssl

4
systemvm/scripts/run.sh
View File

@ -16,10 +16,6 @@
# specific language governing permissions and limitations
# under the License.
#_run.sh runs the agent client.
# set -x

6
systemvm/systemvm-descriptor.xml
View File

@ -58,8 +58,8 @@
<fileMode>555</fileMode>
<includes>
<include>log4j-cloud.xml</include>
<include>consoleproxy.properties</include>
<include>agent.properties</include>
<include>consoleproxy.properties</include>
<include>agent.properties</include>
</includes>
</fileSet>
<fileSet>
@ -69,7 +69,7 @@
<fileMode>555</fileMode>
<includes>
<include>*.jpg</include>
<include>*.gif</include>
<include>*.gif</include>
<include>*.png</include>
<include>*.cur</include>
</includes>

6
test/integration/component/test_browse_templates.py
View File

@ -856,7 +856,7 @@ class TestBrowseUploadVolume(cloudstackTestCase):
self.apiclient.connection.user,
self.apiclient.connection.passwd,
ssvm.privateip,
"service cloud status",
"systemctl is-active cloud",
hypervisor=self.hypervisor
)
else:
@ -868,7 +868,7 @@ class TestBrowseUploadVolume(cloudstackTestCase):
host.user,
host.passwd,
ssvm.linklocalip,
"service cloud status"
"systemctl is-active cloud"
)
except KeyError:
self.skipTest("Marvin configuration has no host credentials to check router services")
@ -876,7 +876,7 @@ class TestBrowseUploadVolume(cloudstackTestCase):
self.debug("Cloud Process status: %s" % res)
# Apache CloudStack service (type=secstorage) is running: process id: 2346
self.assertEqual(
res.count("is running"),
res.count("active"),
1,
"Check cloud service is running or not"
)

6
test/integration/component/test_browse_volumes.py
View File

@ -1288,7 +1288,7 @@ class TestBrowseUploadVolume(cloudstackTestCase):
self.apiclient.connection.user,
self.apiclient.connection.passwd,
ssvm.privateip,
"service cloud status",
"systemctl is-active cloud",
hypervisor=self.hypervisor
)
else:
@ -1300,7 +1300,7 @@ class TestBrowseUploadVolume(cloudstackTestCase):
host.user,
host.passwd,
ssvm.linklocalip,
"service cloud status"
"systemctl is-active cloud"
)
except KeyError:
self.skipTest("Marvin configuration has no host credentials to check router services")
@ -1308,7 +1308,7 @@ class TestBrowseUploadVolume(cloudstackTestCase):
self.debug("Cloud Process status: %s" % res)
# Apache CloudStack service (type=secstorage) is running: process id: 2346
self.assertEqual(
res.count("is running"),
res.count("active"),
1,
"Check cloud service is running or not"
)

4
test/integration/component/test_security_groups.py
View File

@ -767,13 +767,13 @@ class TestDhcpOnlyRouter(cloudstackTestCase):
self.testdata['configurableData']['host']["username"],
self.testdata['configurableData']['host']["password"],
router.linklocalip,
"service dnsmasq status"
"systemctl is-active dnsmasq"
)
res = str(result)
self.debug("Dnsmasq process status: %s" % res)
self.assertEqual(
res.count("running"),
res.count("active"),
1,
"Check dnsmasq service is running or not"
)

70
test/integration/smoke/test_list_ids_parameter.py
View File

@ -105,20 +105,20 @@ class TestListIdsParams(cloudstackTestCase):
mode=cls.services["mode"]
)
#Take 3 VM1 Snapshots
#PLEASE UNCOMMENT ONCE VM SNAPSHOT DELAY BUG AFTER VM CREATION IS FIXED
"""cls.vmsnapshot_1 = VmSnapshot.create(
cls.apiclient,
cls.virtual_machine_1.id
)
cls.vmsnapshot_2 = VmSnapshot.create(
cls.apiclient,
cls.virtual_machine_1.id
)
cls.vmsnapshot_3 = VmSnapshot.create(
cls.apiclient,
cls.virtual_machine_1.id
)"""
# Take 3 VM1 Snapshots
# PLEASE UNCOMMENT ONCE VM SNAPSHOT DELAY BUG AFTER VM CREATION IS FIXED
# cls.vmsnapshot_1 = VmSnapshot.create(
# cls.apiclient,
# cls.virtual_machine_1.id
# )
# cls.vmsnapshot_2 = VmSnapshot.create(
# cls.apiclient,
# cls.virtual_machine_1.id
# )
# cls.vmsnapshot_3 = VmSnapshot.create(
# cls.apiclient,
# cls.virtual_machine_1.id
# )
#Stop VMs
cls.virtual_machine_1.stop(cls.apiclient)
@ -229,7 +229,7 @@ class TestListIdsParams(cloudstackTestCase):
3,
"ListVolumes response expected 3 Volumes, received %s" % len(list_volume_response)
)
@attr(tags = ["advanced", "advancedns", "smoke", "basic"], required_hardware="false")
def test_02_list_templates(self):
"""Test listing Templates using 'ids' parameter
@ -273,23 +273,23 @@ class TestListIdsParams(cloudstackTestCase):
"ListSnapshots response expected 3 Snapshots, received %s" % len(list_snapshot_response)
)
#PLEASE UNCOMMENT ONCE VM SNAPSHOT DELAY BUG AFTER VM CREATION IS FIXED
#@attr(tags = ["advanced", "advancedns", "smoke", "basic"], required_hardware="false")
#def test_04_list_vm_snapshots(self):
"""Test listing VMSnapshots using 'vmsnapshotids' parameter
"""
"""list_vm_snapshot_response = VmSnapshot.list(
self.apiclient,
vmsnapshotids=[self.vmsnapshot_1.id, self.vmsnapshot_2.id, self.vmsnapshot_3.id],
listall=True
)
self.assertEqual(
isinstance(list_vm_snapshot_response, list),
True,
"ListVMSnapshots response was not a valid list"
)
self.assertEqual(
len(list_vm_snapshot_response),
3,
"ListVMSnapshots response expected 3 VMSnapshots, received %s" % len(list_vm_snapshot_response)
)"""
# PLEASE UNCOMMENT ONCE VM SNAPSHOT DELAY BUG AFTER VM CREATION IS FIXED
# @attr(tags = ["advanced", "advancedns", "smoke", "basic"], required_hardware="false")
# def test_04_list_vm_snapshots(self):
# """Test listing VMSnapshots using 'vmsnapshotids' parameter
# """
# list_vm_snapshot_response = VmSnapshot.list(
# self.apiclient,
# vmsnapshotids=[self.vmsnapshot_1.id, self.vmsnapshot_2.id, self.vmsnapshot_3.id],
# listall=True
# )
# self.assertEqual(
# isinstance(list_vm_snapshot_response, list),
# True,
# "ListVMSnapshots response was not a valid list"
# )
# self.assertEqual(
# len(list_vm_snapshot_response),
# 3,
# "ListVMSnapshots response expected 3 VMSnapshots, received %s" % len(list_vm_snapshot_response)
# )

15
test/integration/smoke/test_loadbalance.py
View File

@ -120,29 +120,30 @@ class TestLoadBalance(cloudstackTestCase):
cleanup_resources(cls.apiclient, cls._cleanup)
return
def try_ssh(self, ip_addr, unameCmd):
def try_ssh(self, ip_addr, unameCmd, firstAttempt=False):
try:
self.debug(
"SSH into VM (IPaddress: %s) & NAT Rule (Public IP: %s)" %
(self.vm_1.ipaddress, ip_addr)
)
# If Round Robin Algorithm is chosen,
retries = 3
if firstAttempt:
retries = 30
# If Round Robin Algorithm is chosen,
# each ssh command should alternate between VMs
ssh_1 = SshClient(
ip_addr,
self.services['lbrule']["publicport"],
self.vm_1.username,
self.vm_1.password,
retries=10
retries=retries
)
unameCmd.append(ssh_1.execute("uname")[0])
self.debug(unameCmd)
except Exception as e:
self.fail("%s: SSH failed for VM with IP Address: %s" %
(e, ip_addr))
time.sleep(10)
return
time.sleep(5)
@attr(tags = ["advanced", "advancedns", "smoke"], required_hardware="true")
def test_01_create_lb_rule_src_nat(self):
@ -256,7 +257,7 @@ class TestLoadBalance(cloudstackTestCase):
unameResults = []
self.try_ssh(src_nat_ip_addr.ipaddress, unameResults)
self.try_ssh(src_nat_ip_addr.ipaddress, unameResults, True)
self.try_ssh(src_nat_ip_addr.ipaddress, unameResults)
self.try_ssh(src_nat_ip_addr.ipaddress, unameResults)
self.try_ssh(src_nat_ip_addr.ipaddress, unameResults)

2
test/integration/smoke/test_router_dns.py
View File

@ -256,7 +256,7 @@ class TestRouterDns(cloudstackTestCase):
result = None
try:
self.logger.debug("SSH into guest VM with IP: %s" % nat_rule1.ipaddress)
ssh = self.vm.get_ssh_client(ipaddress=nat_rule1.ipaddress, port=self.services['natrule1']["publicport"], retries=8)
ssh = self.vm.get_ssh_client(ipaddress=nat_rule1.ipaddress, port=self.services['natrule1']["publicport"], retries=15)
result = str(ssh.execute("nslookup google.com"))
except Exception as e:
self.fail("Failed to SSH into VM - %s due to exception: %s" % (nat_rule1.ipaddress, e))

16
test/integration/smoke/test_router_dnsservice.py
View File

@ -92,8 +92,8 @@ class TestRouterDnsService(cloudstackTestCase):
zoneid=cls.zone.id)
cls.logger.debug("Creating guest VM for Account %s using offering %s" % (cls.account.name, cls.service_offering.id))
cls.services["virtual_machine"]["displayname"] = VM1_NAME;
cls.services["virtual_machine"]["name"] = VM1_NAME;
cls.services["virtual_machine"]["displayname"] = VM1_NAME
cls.services["virtual_machine"]["name"] = VM1_NAME
cls.vm1 = VirtualMachine.create(cls.api_client,
cls.services["virtual_machine"],
templateid=cls.template.id,
@ -102,10 +102,10 @@ class TestRouterDnsService(cloudstackTestCase):
serviceofferingid=cls.service_offering.id,
networkids=[str(cls.network.id)])
cls.vm1.password = "password"
cls.logger.debug("Created VM named %s" % VM1_NAME);
cls.services["virtual_machine"]["displayname"] = VM2_NAME;
cls.services["virtual_machine"]["name"] = VM2_NAME;
cls.logger.debug("Created VM named %s" % VM1_NAME)
cls.services["virtual_machine"]["displayname"] = VM2_NAME
cls.services["virtual_machine"]["name"] = VM2_NAME
cls.vm2 = VirtualMachine.create(cls.api_client,
cls.services["virtual_machine"],
templateid=cls.template.id,
@ -114,7 +114,7 @@ class TestRouterDnsService(cloudstackTestCase):
serviceofferingid=cls.service_offering.id,
networkids=[str(cls.network.id)])
cls.vm2.password = "password"
cls.logger.debug("Created VM named %s" % VM2_NAME);
cls.logger.debug("Created VM named %s" % VM2_NAME)
cls.services["natrule1"] = {
"privateport": 22,
@ -256,7 +256,7 @@ class TestRouterDnsService(cloudstackTestCase):
result1 = None
try:
self.logger.debug("SSH into guest VM with IP: %s" % nat_rule1.ipaddress)
ssh = self.vm1.get_ssh_client(ipaddress=nat_rule1.ipaddress, port=self.services['natrule1']["publicport"], retries=8)
ssh = self.vm1.get_ssh_client(ipaddress=nat_rule1.ipaddress, port=self.services['natrule1']["publicport"], retries=15)
result1 = str(ssh.execute("nslookup %s" % VM1_NAME))
self.logger.debug("nslookup %s: %s " % (VM1_NAME, result1))
result2 = str(ssh.execute("nslookup %s" % VM2_NAME))

18
test/integration/smoke/test_routers.py
View File

@ -171,7 +171,7 @@ class TestRouterServices(cloudstackTestCase):
self.apiclient.connection.user,
self.apiclient.connection.passwd,
router.linklocalip,
"service dnsmasq status",
"systemctl is-active dnsmasq",
hypervisor=self.hypervisor
)
else:
@ -184,7 +184,7 @@ class TestRouterServices(cloudstackTestCase):
host.user,
host.passwd,
router.linklocalip,
"service dnsmasq status"
"systemctl is-active dnsmasq"
)
except KeyError:
@ -195,7 +195,7 @@ class TestRouterServices(cloudstackTestCase):
self.debug("Dnsmasq process status: %s" % res)
self.assertEqual(
res.count("running"),
res.count("active"),
1,
"Check dnsmasq service is running or not"
)
@ -251,7 +251,7 @@ class TestRouterServices(cloudstackTestCase):
self.apiclient.connection.user,
self.apiclient.connection.passwd,
router.linklocalip,
"service dnsmasq status",
"systemctl is-active dnsmasq",
hypervisor=self.hypervisor
)
else:
@ -264,7 +264,7 @@ class TestRouterServices(cloudstackTestCase):
host.user,
host.passwd,
router.linklocalip,
"service dnsmasq status"
"systemctl is-active dnsmasq"
)
except KeyError:
self.skipTest(
@ -273,7 +273,7 @@ class TestRouterServices(cloudstackTestCase):
res = str(result)
self.debug("Dnsmasq process status: %s" % res)
self.assertEqual(
res.count("running"),
res.count("active"),
1,
"Check dnsmasq service is running or not"
)
@ -285,7 +285,7 @@ class TestRouterServices(cloudstackTestCase):
self.apiclient.connection.user,
self.apiclient.connection.passwd,
router.linklocalip,
"service haproxy status",
"systemctl is-active haproxy",
hypervisor=self.hypervisor
)
else:
@ -298,7 +298,7 @@ class TestRouterServices(cloudstackTestCase):
host.user,
host.passwd,
router.linklocalip,
"service haproxy status"
"systemctl is-active haproxy"
)
except KeyError:
self.skipTest(
@ -306,7 +306,7 @@ class TestRouterServices(cloudstackTestCase):
to check router services")
res = str(result)
self.assertEqual(
res.count("running"),
res.count("active"),
1,
"Check haproxy service is running or not"
)

237
test/integration/smoke/test_ssvm.py
View File

@ -44,7 +44,7 @@ _multiprocess_shared_ = True
class TestSSVMs(cloudstackTestCase):
def setUp(self):
test_case = super(TestSSVMs, self)
test_case = super(TestSSVMs, self)
self.apiclient = self.testClient.getApiClient()
self.hypervisor = self.testClient.getHypervisorInfo()
self.cleanup = []
@ -57,40 +57,52 @@ class TestSSVMs(cloudstackTestCase):
self.logger.setLevel(logging.DEBUG)
self.logger.addHandler(self.stream_handler)
# Default sleep is set to 90 seconds, which is too long if the SSVM takes up to 2min to start.
# Second sleep in the loop will waste test time.
self.services["sleep"] = 30
# Default value is 120 seconds. That's just too much.
self.services["configurableData"]["systemVmDelay"] = 60
return
def tearDown(self):
try:
# Clean up, terminate the created templates
cleanup_resources(self.apiclient, self.cleanup)
except Exception as e:
raise Exception("Warning: Exception during cleanup : %s" % e)
return
def waitForSystemVMAgent(self, vmname):
timeout = 120
while True:
def checkRunningAgent():
list_host_response = list_hosts(
self.apiclient,
name=vmname
)
if isinstance(list_host_response, list):
return list_host_response[0].state == 'Up', None
return False, None
if list_host_response and list_host_response[0].state == 'Up':
break
res, _ = wait_until(3, self.services["sleep"], checkRunningAgent)
if not res:
raise Exception("Failed to wait for SSVM agent to be Up")
if timeout == 0:
raise Exception("Timed out waiting for SSVM agent to be Up")
def checkForRunningSystemVM(self, ssvm, ssvm_type=None):
if not ssvm:
return None
time.sleep(1)
timeout = timeout - 1
def checkRunningState():
if not ssvm_type:
response = list_ssvms(
self.apiclient,
id=ssvm.id
)
else:
response = list_ssvms(
self.apiclient,
zoneid=self.zone.id,
systemvmtype=ssvm_type
)
if isinstance(response, list):
ssvm_response = response[0]
return ssvm_response.state == 'Running', ssvm_response
return False, None
res, ssvm_response = wait_until(3, self.services["sleep"], checkRunningState)
if not res:
self.fail("Failed to reach systemvm state to Running")
return ssvm_response
@attr(
tags=[
@ -228,7 +240,6 @@ class TestSSVMs(cloudstackTestCase):
zone_response[0].dns2,
"Check DNS2 with that of corresponding zone"
)
return
@attr(
tags=[
@ -360,7 +371,6 @@ class TestSSVMs(cloudstackTestCase):
zone_response[0].dns2,
"Check DNS2 with that of corresponding zone"
)
return
@attr(
tags=[
@ -459,7 +469,7 @@ class TestSSVMs(cloudstackTestCase):
self.apiclient.connection.user,
self.apiclient.connection.passwd,
ssvm.privateip,
"service cloud status",
"systemctl is-active cloud",
hypervisor=self.hypervisor
)
else:
@ -472,7 +482,7 @@ class TestSSVMs(cloudstackTestCase):
host.user,
host.passwd,
ssvm.linklocalip,
"service cloud status"
"systemctl is-active cloud"
)
except KeyError:
self.skipTest(
@ -482,11 +492,11 @@ class TestSSVMs(cloudstackTestCase):
self.debug("Cloud Process status: %s" % res)
# Apache CloudStack service (type=secstorage) is running: process id: 2346
self.assertEqual(
res.count("is running"),
res.count("active"),
1,
"Check cloud service is running or not"
)
linklocal_ip = None
# Check status of cloud service
if self.hypervisor.lower() in ('vmware', 'hyperv'):
@ -526,8 +536,6 @@ class TestSSVMs(cloudstackTestCase):
res,
"The cached Link Local should be the same as the current Link Local IP, but they are different! Current ==> %s; Cached ==> %s " % (linklocal_ip, res)
)
return
@attr(
tags=[
@ -595,7 +603,7 @@ class TestSSVMs(cloudstackTestCase):
self.apiclient.connection.user,
self.apiclient.connection.passwd,
cpvm.privateip,
"service cloud status",
"systemctl is-active cloud",
hypervisor=self.hypervisor
)
else:
@ -608,7 +616,7 @@ class TestSSVMs(cloudstackTestCase):
host.user,
host.passwd,
cpvm.linklocalip,
"service cloud status"
"systemctl is-active cloud"
)
except KeyError:
self.skipTest(
@ -617,7 +625,7 @@ class TestSSVMs(cloudstackTestCase):
res = str(result)
self.debug("Cloud Process status: %s" % res)
self.assertEqual(
res.count("is running"),
res.count("active"),
1,
"Check cloud service is running or not"
)
@ -662,8 +670,6 @@ class TestSSVMs(cloudstackTestCase):
"The cached Link Local should be the same as the current Link Local IP, but they are different! Current ==> %s; Cached ==> %s " % (linklocal_ip, res)
)
return
@attr(
tags=[
"advanced",
@ -711,45 +717,21 @@ class TestSSVMs(cloudstackTestCase):
cmd.id = ssvm.id
self.apiclient.stopSystemVm(cmd)
timeout = self.services["timeout"]
while True:
list_ssvm_response = list_ssvms(
self.apiclient,
id=ssvm.id
)
if isinstance(list_ssvm_response, list):
if list_ssvm_response[0].state == 'Running':
break
if timeout == 0:
raise Exception("List SSVM call failed!")
time.sleep(self.services["sleep"])
timeout = timeout - 1
self.assertEqual(
isinstance(list_ssvm_response, list),
True,
"Check list response returns a valid list"
)
ssvm_response = list_ssvm_response[0]
ssvm_response = self.checkForRunningSystemVM(ssvm)
self.debug("SSVM state after debug: %s" % ssvm_response.state)
self.assertEqual(
ssvm_response.state,
'Running',
"Check whether SSVM is running or not"
)
# Wait for the agent to be up
self.waitForSystemVMAgent(ssvm_response.name)
# Call above tests to ensure SSVM is properly running
self.test_01_list_sec_storage_vm()
# Wait for some time before running diagnostic scripts on SSVM
# as it may take some time to start all service properly
time.sleep(int(self.services["configurableData"]["systemVmDelay"]))
self.test_03_ssvm_internals()
return
@attr(
tags=[
@ -798,23 +780,7 @@ class TestSSVMs(cloudstackTestCase):
cmd.id = cpvm.id
self.apiclient.stopSystemVm(cmd)
timeout = 120
while True:
list_cpvm_response = list_ssvms(
self.apiclient,
id=cpvm.id
)
if isinstance(list_cpvm_response, list):
if list_cpvm_response[0].state == 'Running':
break
if timeout == 0:
raise Exception("List CPVM call failed!")
time.sleep(1)
timeout = timeout - 1
cpvm_response = list_cpvm_response[0]
cpvm_response = self.checkForRunningSystemVM(cpvm)
self.debug("CPVM state after debug: %s" % cpvm_response.state)
self.assertEqual(
@ -829,12 +795,7 @@ class TestSSVMs(cloudstackTestCase):
# Call above tests to ensure CPVM is properly running
self.test_02_list_cpvm_vm()
# Wait for some time before running diagnostic scripts on SSVM
# as it may take some time to start all service properly
time.sleep(int(self.services["configurableData"]["systemVmDelay"]))
self.test_04_cpvm_internals()
return
@attr(
tags=[
@ -887,22 +848,7 @@ class TestSSVMs(cloudstackTestCase):
cmd.id = ssvm_response.id
self.apiclient.rebootSystemVm(cmd)
timeout = self.services["timeout"]
while True:
list_ssvm_response = list_ssvms(
self.apiclient,
id=ssvm_response.id
)
if isinstance(list_ssvm_response, list):
if list_ssvm_response[0].state == 'Running':
break
if timeout == 0:
raise Exception("List SSVM call failed!")
time.sleep(self.services["sleep"])
timeout = timeout - 1
ssvm_response = list_ssvm_response[0]
ssvm_response = self.checkForRunningSystemVM(ssvm_response)
self.debug("SSVM State: %s" % ssvm_response.state)
self.assertEqual(
'Running',
@ -921,13 +867,8 @@ class TestSSVMs(cloudstackTestCase):
# Wait for the agent to be up
self.waitForSystemVMAgent(ssvm_response.name)
# Wait for some time before running diagnostic scripts on SSVM
# as it may take some time to start all service properly
time.sleep(int(self.services["configurableData"]["systemVmDelay"]))
# Call to verify cloud process is running
self.test_03_ssvm_internals()
return
@attr(
tags=[
@ -979,23 +920,7 @@ class TestSSVMs(cloudstackTestCase):
cmd.id = cpvm_response.id
self.apiclient.rebootSystemVm(cmd)
timeout = self.services["timeout"]
while True:
list_cpvm_response = list_ssvms(
self.apiclient,
id=cpvm_response.id
)
if isinstance(list_cpvm_response, list):
if list_cpvm_response[0].state == 'Running':
break
if timeout == 0:
raise Exception("List CPVM call failed!")
time.sleep(self.services["sleep"])
timeout = timeout - 1
cpvm_response = list_cpvm_response[0]
cpvm_response = self.checkForRunningSystemVM(cpvm_response)
self.debug("CPVM state: %s" % cpvm_response.state)
self.assertEqual(
'Running',
@ -1010,17 +935,12 @@ class TestSSVMs(cloudstackTestCase):
)
# Private IP Address of System VMs are allowed to change after reboot - CLOUDSTACK-7745
# Wait for the agent to be up
self.waitForSystemVMAgent(cpvm_response.name)
# Wait for some time before running diagnostic scripts on SSVM
# as it may take some time to start all service properly
time.sleep(int(self.services["configurableData"]["systemVmDelay"]))
# Call to verify cloud process is running
self.test_04_cpvm_internals()
return
@attr(
tags=[
@ -1061,23 +981,7 @@ class TestSSVMs(cloudstackTestCase):
cmd.id = ssvm_response.id
self.apiclient.destroySystemVm(cmd)
timeout = self.services["timeout"]
while True:
list_ssvm_response = list_ssvms(
self.apiclient,
zoneid=self.zone.id,
systemvmtype='secondarystoragevm'
)
if isinstance(list_ssvm_response, list):
if list_ssvm_response[0].state == 'Running':
break
if timeout == 0:
raise Exception("List SSVM call failed!")
time.sleep(self.services["sleep"])
timeout = timeout - 1
ssvm_response = list_ssvm_response[0]
ssvm_response = self.checkForRunningSystemVM(ssvm_response, 'secondarystoragevm')
# Verify Name, Public IP, Private IP and Link local IP
# for newly created SSVM
@ -1107,13 +1011,8 @@ class TestSSVMs(cloudstackTestCase):
# Wait for the agent to be up
self.waitForSystemVMAgent(ssvm_response.name)
# Wait for some time before running diagnostic scripts on SSVM
# as it may take some time to start all service properly
time.sleep(int(self.services["configurableData"]["systemVmDelay"]))
# Call to verify cloud process is running
self.test_03_ssvm_internals()
return
@attr(
tags=[
@ -1153,23 +1052,7 @@ class TestSSVMs(cloudstackTestCase):
cmd.id = cpvm_response.id
self.apiclient.destroySystemVm(cmd)
timeout = self.services["timeout"]
while True:
list_cpvm_response = list_ssvms(
self.apiclient,
systemvmtype='consoleproxy',
zoneid=self.zone.id
)
if isinstance(list_cpvm_response, list):
if list_cpvm_response[0].state == 'Running':
break
if timeout == 0:
raise Exception("List CPVM call failed!")
time.sleep(self.services["sleep"])
timeout = timeout - 1
cpvm_response = list_cpvm_response[0]
cpvm_response = self.checkForRunningSystemVM(cpvm_response, 'consoleproxy')
# Verify Name, Public IP, Private IP and Link local IP
# for newly created CPVM
@ -1199,13 +1082,8 @@ class TestSSVMs(cloudstackTestCase):
# Wait for the agent to be up
self.waitForSystemVMAgent(cpvm_response.name)
# Wait for some time before running diagnostic scripts on SSVM
# as it may take some time to start all service properly
time.sleep(int(self.services["configurableData"]["systemVmDelay"]))
# Call to verify cloud process is running
self.test_04_cpvm_internals()
return
@attr(
tags=[
@ -1300,22 +1178,7 @@ class TestSSVMs(cloudstackTestCase):
cmd.id = ssvm.id
self.apiclient.stopSystemVm(cmd)
def checkForRunningSSVM():
new_list_ssvm_response = list_ssvms(
self.apiclient,
id=ssvm.id
)
if isinstance(new_list_ssvm_response, list):
return new_list_ssvm_response[0].state == 'Running', None
res, _ = wait_until(self.services["sleep"], self.services["timeout"], checkForRunningSSVM)
if not res:
self.fail("List SSVM call failed!")
new_list_ssvm_response = list_ssvms(
self.apiclient,
id=ssvm.id
)
new_list_ssvm_response = self.checkForRunningSystemVM(ssvm)
self.assertNotEqual(
new_list_ssvm_response,
@ -1363,5 +1226,3 @@ class TestSSVMs(cloudstackTestCase):
int(nfs_version),
"Check mounted NFS version to be the same as provided"
)
return

7
tools/appliance/definitions/systemvmtemplate/authorized_keys.sh
View File

@ -16,15 +16,10 @@
# specific language governing permissions and limitations
# under the License.
# override this file during build to inject /root/.ssh/authorized_keys
set -e
set -x
# the key that we have in ../patches/debian/config/root/.ssh/authorized_keys for some reason
key='ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvFu3MLSPphFRBR1yM7nBukXWS9gPdAXfqq9cfC8ZqQN9ybi531aj44CybZ4BVT4kLfzbAs7+7nJeSIpPHxjv9XFqbxjIxoFeGYkj7s0RrJgtsEmvAAubZ3mYboUAYUivMgnJFLnv4VqyAbpjix6CfECUiU4ygwo24F3F6bAmhl4Vo1R5TSUdDIX876YePJTFtuVkLl4lu/+xw1QRWrgaSFosGICT37IKY7RjE79Ozb0GjNHyJPPgVAGkUVO4LawroL9dYOBlzdHpmqqA9Kc44oQBpvcU7s1+ezRTt7fZNnP7TG9ninZtrvnP4qmwAc4iUJ7N1bwh0mCblnoTfZ28hw== anthony@mobl-ant'
mkdir -p /root/.ssh
chmod 644 /root/.ssh
#touch /root/.ssh/authorized_keys
echo ${key} > /root/.ssh/authorized_keys
touch /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys

13
tools/appliance/definitions/systemvmtemplate/cleanup.sh
View File

@ -20,7 +20,7 @@ set -e
set -x
function cleanup_apt() {
apt-get -y remove dictionaries-common busybox
apt-get -y remove dictionaries-common busybox isc-dhcp-client isc-dhcp-common
apt-get -y autoremove
apt-get autoclean
apt-get clean
@ -39,10 +39,21 @@ function cleanup_dev() {
rm -f /lib/udev/rules.d/75-persistent-net-generator.rules
}
function cleanup_misc() {
rm -fr /home/cloud/cloud_scripts*
rm -f /root/.rnd
rm -f /var/www/html/index.html
rm -f /var/log/*.log
rm -f /var/log/apache2/*
rm -f /var/log/messages
rm -f /var/log/syslog
}
function cleanup() {
cleanup_apt
cleanup_dhcp
cleanup_dev
cleanup_misc
}
return 2>/dev/null || cleanup

3
tools/appliance/definitions/systemvmtemplate/configure_conntrack.sh
View File

@ -38,6 +38,9 @@ nf_conntrack_ipv4
nf_conntrack_ipv6
nf_conntrack
nf_conntrack_ftp
nf_conntrack_pptp
nf_conntrack_proto_gre
nf_nat_tftp
nf_nat_ftp
EOF
}

8
tools/appliance/definitions/systemvmtemplate/configure_grub.sh
View File

@ -19,19 +19,17 @@
set -e
set -x
# Remove 5s grub timeout to speed up booting
function configure_grub() {
grep GRUB_TIMEOUT=0 /etc/default/grub && return
cat <<EOF > /etc/default/grub
# If you change this file, run 'update-grub' afterwards to update
# /boot/grub/grub.cfg.
GRUB_DEFAULT=0
GRUB_TIMEOUT=0
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_DISTRIBUTOR=Debian
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
GRUB_CMDLINE_LINUX="console=tty1 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 debian-installer=en_US"
GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8 console=hvc0 earlyprintk=xen net.ifnames=0 biosdevname=0 debian-installer=en_US"
GRUB_CMDLINE_XEN="com1=115200 console=com1"
GRUB_TERMINAL="console serial"
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"

1
tools/appliance/definitions/systemvmtemplate/configure_login.sh
View File

@ -73,6 +73,7 @@ function configure_login() {
configure_sudoers
configure_user
rm -fv /home/cloud/configure_login.sh
sync
halt -p
}

1
tools/appliance/definitions/systemvmtemplate/configure_networking.sh
View File

@ -56,7 +56,6 @@ iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet dhcp
pre-up sleep 2
EOF
}

56
tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh
View File

@ -36,14 +36,19 @@ function install_cloud_scripts() {
rsync -av ./cloud_scripts/ /
chmod +x /opt/cloud/bin/* \
/root/{clearUsageRules.sh,reconfigLB.sh,monitorServices.py} \
/etc/init.d/{cloud-early-config,cloud-passwd-srvr,postinit} \
/etc/init.d/{cloud-early-config,cloud-passwd-srvr} \
/etc/profile.d/cloud.sh
cat > /etc/systemd/system/cloud-early-config.service << EOF
[Unit]
Description=cloud-early-config: configure according to cmdline
Description=cloud-early-config: configures systemvm using cmdline
DefaultDependencies=no
After=local-fs.target apparmor.service systemd-sysctl.service systemd-modules-load.service
Before=network-pre.target
Wants=network-pre.target
Requires=local-fs.target
After=local-fs.target
[Install]
WantedBy=multi-user.target
@ -85,30 +90,14 @@ WantedBy=multi-user.target
Type=forking
ExecStart=/etc/init.d/cloud-passwd-srvr start
ExecStop=/etc/init.d/cloud-passwd-srvr stop
RemainAfterExit=true
TimeoutStartSec=5min
EOF
cat > /etc/systemd/system/postinit.service << EOF
[Unit]
Description=cloud post-init service
After=cloud-early-config.service network.target local-fs.target
[Install]
WantedBy=multi-user.target
[Service]
Type=forking
ExecStart=/etc/init.d/postinit start
ExecStop=/etc/init.d/postinit stop
RemainAfterExit=true
TimeoutStartSec=5min
Restart=always
RestartSec=5
EOF
systemctl daemon-reload
systemctl enable cloud-early-config
systemctl disable cloud-passwd-srvr
systemctl disable cloud
systemctl disable cloud-passwd-srvr
}
function do_signature() {
@ -130,6 +119,9 @@ function configure_services() {
mkdir -p /usr/share/cloud
mkdir -p /usr/local/cloud
# Fix dnsmasq directory issue
mkdir -p /opt/tftpboot
# Fix haproxy directory issue
mkdir -p /var/lib/haproxy
@ -137,21 +129,21 @@ function configure_services() {
do_signature
systemctl daemon-reload
systemctl disable xl2tpd
systemctl disable apt-daily.service
systemctl disable apt-daily.timer
systemctl disable apt-daily-upgrade.timer
# Disable services that slow down boot and are not used anyway
systemctl disable x11-common
systemctl disable console-setup
systemctl disable haproxy
systemctl disable apache2
systemctl disable conntrackd
systemctl disable console-setup
systemctl disable dnsmasq
# Hyperv kvp daemon - 64bit only
local arch=`dpkg --print-architecture`
if [ "${arch}" == "amd64" ]; then
systemctl disable hv_kvp_daemon
fi
systemctl disable haproxy
systemctl disable keepalived
systemctl disable radvd
systemctl disable strongswan
systemctl disable x11-common
systemctl disable xl2tpd
configure_apache2
configure_strongswan

6
tools/appliance/definitions/systemvmtemplate/definition.rb
View File

@ -27,9 +27,9 @@ arch = 'amd64'
architectures = {
:amd64 => {
:os_type_id => 'Debian_64',
:iso_file => 'debian-9.1.0-amd64-netinst.iso',
:iso_src => 'https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.1.0-amd64-netinst.iso',
:iso_md5 => 'ddd8f6542dae8baf410e90b9ae0fe986'
:iso_file => 'debian-9.2.1-amd64-netinst.iso',
:iso_src => 'https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.2.1-amd64-netinst.iso',
:iso_sha512 => 'ebfe25dc593967e39349b205480b0ec0103ef4a0468c602f4857e13d06d407bfe876162399e0e8d4dea5675953dc37ab585316f307ccf9f4440124b4f719df04'
}
}

31
tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh
View File

@ -22,7 +22,7 @@ set -x
function install_vhd_util() {
[[ -f /bin/vhd-util ]] && return
wget --no-check-certificate http://download.cloudstack.org/tools/vhd-util -O /bin/vhd-util
wget --no-check-certificate https://github.com/rhtyd/cloudstack-nonoss/raw/master/vhd-util -O /bin/vhd-util
chmod a+x /bin/vhd-util
}
@ -52,12 +52,12 @@ function install_packages() {
${apt_get} install links:i386 libuuid1:i386 libc6:i386
fi
${apt_get} install \
rsyslog logrotate cron insserv net-tools ifupdown vim netbase iptables \
openssh-server e2fsprogs isc-dhcp-client tcpdump socat wget \
${apt_get} install grub-legacy \
rsyslog logrotate cron net-tools ifupdown vim tmux netbase iptables \
openssh-server e2fsprogs tcpdump socat wget \
python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps \
inetutils-ping iputils-arping httping curl \
dnsutils zip unzip ethtool uuid file iproute acpid virt-what sudo \
dnsutils zip unzip ethtool uuid file iproute acpid sudo \
sysstat python-netaddr \
apache2 ssl-cert \
dnsmasq dnsmasq-utils \
@ -65,7 +65,9 @@ function install_packages() {
samba-common cifs-utils \
xl2tpd bcrelay ppp ipsec-tools tdb-tools \
xenstore-utils libxenstore3.0 \
conntrackd ipvsadm libnetfilter-conntrack3 libnl-3-200 libnl-genl-3-200 \
ipvsadm conntrackd libnetfilter-conntrack3 \
keepalived irqbalance \
libnl-3-200 libnl-genl-3-200 \
ipcalc \
openjdk-8-jre-headless \
ipset \
@ -75,22 +77,19 @@ function install_packages() {
haproxy \
radvd \
sharutils \
keepalived irqbalance open-vm-tools qemu-guest-agent \
strongswan libcharon-extra-plugins libstrongswan-extra-plugins
strongswan libcharon-extra-plugins libstrongswan-extra-plugins \
virt-what open-vm-tools qemu-guest-agent hyperv-daemons
# Install xenserver guest utilities as debian repos don't have it
wget https://mirrors.kernel.org/ubuntu/pool/universe/x/xe-guest-utilities/xe-guest-utilities_7.4.0-0ubuntu1_amd64.deb
dpkg -i xe-guest-utilities_7.4.0-0ubuntu1_amd64.deb
rm -f xe-guest-utilities_7.4.0-0ubuntu1_amd64.deb
apt-get autoclean
apt-get clean
apt-get update
apt-get -y upgrade
if [ "${arch}" == "amd64" ]; then
# Hyperv kvp daemon - 64bit only
# Download the hv kvp daemon
wget http://people.apache.org/~rajeshbattala/hv-kvp-daemon_3.1_amd64.deb
dpkg -i hv-kvp-daemon_3.1_amd64.deb
rm -f hv-kvp-daemon_3.1_amd64.deb
fi
}
return 2>/dev/null || install_packages

4
tools/appliance/definitions/systemvmtemplate/preseed.cfg
View File

@ -57,10 +57,10 @@ d-i partman-auto/method string regular
d-i partman-auto/choose_recipe select atomic
d-i partman-auto/expert_recipe string \
boot-root :: \
80 50 100 ext4 \
80 50 100 ext2 \
$primary{ } $bootable{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
use_filesystem{ } filesystem{ ext2 } \
mountpoint{ /boot } \
. \
1500 40 1600 ext4 \

5
tools/appliance/definitions/systemvmtemplate/zerodisk.sh
View File

@ -39,6 +39,11 @@ function zero_disk() {
sync
rm -f ${path}/zero
done
for partition in $(blkid -o list | grep ext | awk '{print $1}')
do
tune2fs -m0 $partition
done
}
return 2>/dev/null || zero_disk

21
utils/src/main/java/com/cloud/utils/ReflectUtil.java
View File

@ -29,6 +29,8 @@ import java.beans.PropertyDescriptor;
import java.lang.annotation.Annotation;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
import java.net.URL;
import java.net.URLClassLoader;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
@ -210,4 +212,23 @@ public class ReflectUtil {
}
}
/**
* Finds and returns class loader based on the provided module/jar name
* @param name
* @return returns ClassLoader
*/
public static ClassLoader getClassLoaderForName(final String name) {
final URL[] urls = ((URLClassLoader) (Thread.currentThread().getContextClassLoader())).getURLs();
final List<URL> searchUrls = new ArrayList<>();
for (final URL url: urls) {
if (url.toString().contains(name)) {
if (s_logger.isDebugEnabled()) {
s_logger.debug("Search URL: " + url.toString());
}
searchUrls.add(url);
}
}
return new URLClassLoader(searchUrls.toArray(new URL[searchUrls.size()]));
}
}

4
utils/src/main/java/com/cloud/utils/nio/Link.java
View File

@ -503,7 +503,7 @@ public class Link {
s_logger.error(String.format("SSL error caught during unwrap data: %s, for local address=%s, remote address=%s. The client may have invalid ca-certificates.",
sslException.getMessage(), socketChannel.getLocalAddress(), socketChannel.getRemoteAddress()));
sslEngine.closeOutbound();
return true;
return false;
}
switch (result.getStatus()) {
case OK:
@ -545,7 +545,7 @@ public class Link {
s_logger.error(String.format("SSL error caught during wrap data: %s, for local address=%s, remote address=%s.",
sslException.getMessage(), socketChannel.getLocalAddress(), socketChannel.getRemoteAddress()));
sslEngine.closeOutbound();
return true;
return false;
}
switch (result.getStatus()) {
case OK :