From bb965649d90768d27b55105de882873863bb8012 Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Fri, 17 Nov 2017 14:53:57 +0530 Subject: [PATCH] CLOUDSTACK-10013: Debian9 SystemVM appliance improvements - Refactor cloud-early-config and make appliance specific scripts - Make patching work without requiring restart of appliance and remove postinit script - Migrate to systemd, speedup booting/loading - Takes about 5-15s to boot on KVM, and 10-30seconds for VMware and XenServer - Appliance boots and works on KVM, VMware, XenServer and HyperV - Update Debian9 ISO url with sha512 checksum - Speedup console proxy service launch - Enable additional kernel modules - Remove unknown ssh key - Update vhd-util URL as previous URL was down - Enable sshd by default - Use hostnamectl to add hostname - Disable services by default - Use existing log4j xml, patching not necessary by cloud-early-config - Several minor fixes and file refactorings, removed dead code/files - Removes inserv - Fix dnsmasq config syntax - Fix haproxy config syntax - Fix smoke tests and improve performance - Fix apache pid file path in cloud.monitoring per the new template Signed-off-by: Rohit Yadav --- .../consoleproxy/ConsoleProxyResource.java | 21 +- .../cloud/network/HAProxyConfigurator.java | 16 +- .../VirtualRoutingResourceTest.java | 8 +- .../META-INF/db/schema-41000to41100.sql | 3 + .../com/cloud/consoleproxy/ConsoleProxy.java | 41 +- systemvm/conf/log4j-cloud.xml | 97 +- .../debian/config/etc/apache2/vhost.template | 7 - .../debian/config/etc/haproxy/haproxy.cfg | 3 +- .../config/etc/init.d/cloud-early-config | 1545 ++--------------- .../config/etc/init.d/cloud-passwd-srvr | 4 - .../patches/debian/config/etc/init.d/postinit | 176 -- systemvm/patches/debian/config/etc/rc.local | 60 +- .../patches/debian/config/etc/sysctl.conf | 1 - .../debian/config/opt/cloud/bin/configure.py | 4 +- .../debian/config/opt/cloud/bin/cs/CsApp.py | 1 - .../debian/config/opt/cloud/bin/cs/CsDhcp.py | 4 +- .../config/opt/cloud/bin/cs/CsHelper.py | 6 +- .../debian/config/opt/cloud/bin/dnsmasq.sh | 4 +- .../debian/config/opt/cloud/bin/edithosts.sh | 2 +- .../config/opt/cloud/bin/ipsectunnel.sh | 62 +- .../config/opt/cloud/bin/passwd_server_ip | 4 +- .../config/opt/cloud/bin/patchsystemvm.sh | 262 --- .../config/opt/cloud/bin/setup/common.sh | 862 +++++++++ .../opt/cloud/bin/setup/consoleproxy.sh | 61 + .../cloud => opt/cloud/bin/setup/default.sh} | 14 +- .../config/opt/cloud/bin/setup/dhcpsrvr.sh | 62 + .../config/opt/cloud/bin/setup/elbvm.sh | 53 + .../cloud/bin/setup/ilbvm.sh} | 33 +- .../opt/cloud/bin/setup/patchsystemvm.sh | 57 + .../config/opt/cloud/bin/setup/router.sh | 106 ++ .../config/opt/cloud/bin/setup/secstorage.sh | 90 + .../config/opt/cloud/bin/setup/vpcrouter.sh | 129 ++ .../cloud/templates/check_heartbeat.sh.templ | 6 +- .../debian/config/root/.ssh/authorized_keys | 2 +- systemvm/scripts/_run.sh | 24 +- systemvm/scripts/config_ssl.sh | 1 - systemvm/scripts/run.sh | 4 - systemvm/systemvm-descriptor.xml | 6 +- .../component/test_browse_templates.py | 6 +- .../component/test_browse_volumes.py | 6 +- .../component/test_security_groups.py | 4 +- .../smoke/test_list_ids_parameter.py | 70 +- test/integration/smoke/test_loadbalance.py | 15 +- test/integration/smoke/test_router_dns.py | 2 +- .../smoke/test_router_dnsservice.py | 16 +- test/integration/smoke/test_routers.py | 18 +- test/integration/smoke/test_ssvm.py | 237 +-- .../systemvmtemplate/authorized_keys.sh | 7 +- .../definitions/systemvmtemplate/cleanup.sh | 13 +- .../systemvmtemplate/configure_conntrack.sh | 3 + .../systemvmtemplate/configure_grub.sh | 8 +- .../systemvmtemplate/configure_login.sh | 1 + .../systemvmtemplate/configure_networking.sh | 1 - .../configure_systemvm_services.sh | 56 +- .../systemvmtemplate/definition.rb | 6 +- .../install_systemvm_packages.sh | 31 +- .../definitions/systemvmtemplate/preseed.cfg | 4 +- .../definitions/systemvmtemplate/zerodisk.sh | 5 + .../java/com/cloud/utils/ReflectUtil.java | 21 + .../main/java/com/cloud/utils/nio/Link.java | 4 +- 60 files changed, 2000 insertions(+), 2375 deletions(-) delete mode 100755 systemvm/patches/debian/config/etc/init.d/postinit delete mode 100755 systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh create mode 100755 systemvm/patches/debian/config/opt/cloud/bin/setup/common.sh create mode 100755 systemvm/patches/debian/config/opt/cloud/bin/setup/consoleproxy.sh rename systemvm/patches/debian/config/{etc/default/cloud => opt/cloud/bin/setup/default.sh} (78%) mode change 100644 => 100755 create mode 100755 systemvm/patches/debian/config/opt/cloud/bin/setup/dhcpsrvr.sh create mode 100755 systemvm/patches/debian/config/opt/cloud/bin/setup/elbvm.sh rename systemvm/patches/debian/config/{etc/default/cloud-passwd-srvr => opt/cloud/bin/setup/ilbvm.sh} (51%) mode change 100644 => 100755 create mode 100755 systemvm/patches/debian/config/opt/cloud/bin/setup/patchsystemvm.sh create mode 100755 systemvm/patches/debian/config/opt/cloud/bin/setup/router.sh create mode 100755 systemvm/patches/debian/config/opt/cloud/bin/setup/secstorage.sh create mode 100755 systemvm/patches/debian/config/opt/cloud/bin/setup/vpcrouter.sh diff --git a/agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java b/agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java index 1fed3be753c..24e82572109 100644 --- a/agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java +++ b/agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java @@ -59,6 +59,7 @@ import com.cloud.host.Host.Type; import com.cloud.resource.ServerResource; import com.cloud.resource.ServerResourceBase; import com.cloud.utils.NumbersUtil; +import com.cloud.utils.ReflectUtil; import com.cloud.utils.net.NetUtils; import com.cloud.utils.script.Script; import com.google.gson.Gson; @@ -315,20 +316,19 @@ public class ConsoleProxyResource extends ServerResourceBase implements ServerRe private void launchConsoleProxy(final byte[] ksBits, final String ksPassword, final String encryptorPassword) { final Object resource = this; + s_logger.info("Building class loader for com.cloud.consoleproxy.ConsoleProxy"); + final ClassLoader loader = ReflectUtil.getClassLoaderForName("console-proxy"); if (_consoleProxyMain == null) { + s_logger.info("Running com.cloud.consoleproxy.ConsoleProxy with encryptor password=" + encryptorPassword); _consoleProxyMain = new Thread(new ManagedContextRunnable() { @Override protected void runInContext() { try { - Class consoleProxyClazz = Class.forName("com.cloud.consoleproxy.ConsoleProxy"); + Class consoleProxyClazz = loader.loadClass("com.cloud.consoleproxy.ConsoleProxy"); try { - s_logger.info("Invoke setEncryptorPassword(), ecnryptorPassword: " + encryptorPassword); - Method methodSetup = consoleProxyClazz.getMethod("setEncryptorPassword", String.class); - methodSetup.invoke(null, encryptorPassword); - s_logger.info("Invoke startWithContext()"); - Method method = consoleProxyClazz.getMethod("startWithContext", Properties.class, Object.class, byte[].class, String.class); - method.invoke(null, _properties, resource, ksBits, ksPassword); + Method method = consoleProxyClazz.getMethod("startWithContext", Properties.class, Object.class, byte[].class, String.class, String.class); + method.invoke(null, _properties, resource, ksBits, ksPassword, encryptorPassword); } catch (SecurityException e) { s_logger.error("Unable to launch console proxy due to SecurityException", e); System.exit(ExitStatus.Error.value()); @@ -357,7 +357,7 @@ public class ConsoleProxyResource extends ServerResourceBase implements ServerRe s_logger.info("com.cloud.consoleproxy.ConsoleProxy is already running"); try { - Class consoleProxyClazz = Class.forName("com.cloud.consoleproxy.ConsoleProxy"); + Class consoleProxyClazz = loader.loadClass("com.cloud.consoleproxy.ConsoleProxy"); Method methodSetup = consoleProxyClazz.getMethod("setEncryptorPassword", String.class); methodSetup.invoke(null, encryptorPassword); } catch (SecurityException e) { @@ -440,6 +440,11 @@ public class ConsoleProxyResource extends ServerResourceBase implements ServerRe } } + @Override + public boolean stop() { + return true; + } + @Override public void setName(String name) { } diff --git a/core/src/com/cloud/network/HAProxyConfigurator.java b/core/src/com/cloud/network/HAProxyConfigurator.java index d3db0db6132..3b5f23faac1 100644 --- a/core/src/com/cloud/network/HAProxyConfigurator.java +++ b/core/src/com/cloud/network/HAProxyConfigurator.java @@ -48,7 +48,7 @@ public class HAProxyConfigurator implements LoadBalancerConfigurator { private static String[] defaultsSection = {"defaults", "\tlog global", "\tmode tcp", "\toption dontlognull", "\tretries 3", "\toption redispatch", "\toption forwardfor", "\toption forceclose", "\ttimeout connect 5000", "\ttimeout client 50000", "\ttimeout server 50000"}; - private static String[] defaultListen = {"listen vmops 0.0.0.0:9", "\toption transparent"}; + private static String[] defaultListen = {"listen vmops", "\tbind 0.0.0.0:9", "\toption transparent"}; @Override public String[] generateConfiguration(final List fwRules) { @@ -100,7 +100,10 @@ public class HAProxyConfigurator implements LoadBalancerConfigurator { final List result = new ArrayList(); // add line like this: "listen 65_37_141_30-80 65.37.141.30:80" StringBuilder sb = new StringBuilder(); - sb.append("listen ").append(poolName).append(" ").append(publicIP).append(":").append(publicPort); + sb.append("listen ").append(poolName); + result.add(sb.toString()); + sb = new StringBuilder(); + sb.append("\tbind ").append(publicIP).append(":").append(publicPort); result.add(sb.toString()); sb = new StringBuilder(); // FIXME sb.append("\t").append("balance ").append(algorithm); @@ -474,9 +477,12 @@ public class HAProxyConfigurator implements LoadBalancerConfigurator { final String algorithm = lbTO.getAlgorithm(); final List result = new ArrayList(); - // add line like this: "listen 65_37_141_30-80 65.37.141.30:80" + // add line like this: "listen 65_37_141_30-80\n\tbind 65.37.141.30:80" sb = new StringBuilder(); - sb.append("listen ").append(poolName).append(" ").append(publicIP).append(":").append(publicPort); + sb.append("listen ").append(poolName); + result.add(sb.toString()); + sb = new StringBuilder(); + sb.append("\tbind ").append(publicIP).append(":").append(publicPort); result.add(sb.toString()); sb = new StringBuilder(); sb.append("\t").append("balance ").append(algorithm); @@ -552,7 +558,7 @@ public class HAProxyConfigurator implements LoadBalancerConfigurator { } private String generateStatsRule(final LoadBalancerConfigCommand lbCmd, final String ruleName, final String statsIp) { - final StringBuilder rule = new StringBuilder("\nlisten ").append(ruleName).append(" ").append(statsIp).append(":").append(lbCmd.lbStatsPort); + final StringBuilder rule = new StringBuilder("\nlisten ").append(ruleName).append("\n\tbind ").append(statsIp).append(":").append(lbCmd.lbStatsPort); // TODO DH: write test for this in both cases if (!lbCmd.keepAliveEnabled) { s_logger.info("Haproxy mode http enabled"); diff --git a/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java b/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java index 6405037dd0f..200f266b925 100644 --- a/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java +++ b/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java @@ -834,7 +834,8 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer { "\ttimeout client 50000\n" + "\ttimeout server 50000\n" + "\n" + - "listen stats_on_guest 10.1.10.2:8081\n" + + "listen stats_on_guest\n" + + "\tbind 10.1.10.2:8081\n" + "\tmode http\n" + "\toption httpclose\n" + "\tstats enable\n" + @@ -843,7 +844,8 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer { "\tstats auth admin1:AdMiN123\n" + "\n" + "\t \n" + - "listen 64_10_1_10-80 64.10.1.10:80\n" + + "listen 64_10_1_10-80\n" + + "\tbind 64.10.1.10:80\n" + "\tbalance algo\n" + "\tserver 64_10_1_10-80_0 10.1.10.2:80 check\n" + "\tmode http\n" + @@ -917,4 +919,4 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer { assertTrue(args.startsWith("-c /var/cache/cloud/VR-")); assertTrue(args.endsWith(".cfg")); } -} \ No newline at end of file +} diff --git a/engine/schema/resources/META-INF/db/schema-41000to41100.sql b/engine/schema/resources/META-INF/db/schema-41000to41100.sql index f546027f517..5f7eff2dd9e 100644 --- a/engine/schema/resources/META-INF/db/schema-41000to41100.sql +++ b/engine/schema/resources/META-INF/db/schema-41000to41100.sql @@ -489,3 +489,6 @@ INSERT IGNORE INTO `cloud`.`guest_os_hypervisor` (uuid, hypervisor_type, hypervi -- Add XenServer 7.2 hypervisor guest OS mappings (copy 7.1.0 & remove Windows Vista, Windows XP, Windows 2003, CentOS 4.x, RHEL 4.xS, LES 10 (all versions) as per XenServer 7.2 Release Notes) INSERT IGNORE INTO `cloud`.`guest_os_hypervisor` (uuid,hypervisor_type, hypervisor_version, guest_os_name, guest_os_id, created, is_user_defined) SELECT UUID(),'Xenserver', '7.2.0', guest_os_name, guest_os_id, utc_timestamp(), 0 FROM `cloud`.`guest_os_hypervisor` WHERE hypervisor_type='Xenserver' AND hypervisor_version='7.1.0' AND guest_os_id not in (1,2,3,4,56,101,56,58,93,94,50,51,87,88,89,90,91,92,26,27,28,29,40,41,42,43,44,45,96,97,107,108,109,110,151,152,153); + +-- Change monitor patch for apache2 in systemvm +UPDATE `cloud`.`monitoring_services` SET pidfile="/var/run/apache2/apache2.pid" WHERE process_name="apache2" AND service_name="apache2"; diff --git a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxy.java b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxy.java index 863f0bfc2e0..f0c3c4e4644 100644 --- a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxy.java +++ b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxy.java @@ -26,21 +26,18 @@ import java.lang.reflect.Method; import java.net.InetSocketAddress; import java.net.URISyntaxException; import java.net.URL; -import java.security.NoSuchAlgorithmException; -import java.security.SecureRandom; import java.util.Hashtable; import java.util.Map; import java.util.Properties; import java.util.concurrent.Executor; -import org.apache.commons.codec.binary.Base64; import org.apache.log4j.xml.DOMConfigurator; -import com.google.gson.Gson; -import com.sun.net.httpserver.HttpServer; - import com.cloud.consoleproxy.util.Logger; import com.cloud.utils.PropertiesUtil; +import com.cloud.utils.ReflectUtil; +import com.google.gson.Gson; +import com.sun.net.httpserver.HttpServer; /** * @@ -74,25 +71,11 @@ public class ConsoleProxy { static String factoryClzName; static boolean standaloneStart = false; - static String encryptorPassword = genDefaultEncryptorPassword(); - - private static String genDefaultEncryptorPassword() { - try { - SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); - - byte[] randomBytes = new byte[16]; - random.nextBytes(randomBytes); - return Base64.encodeBase64String(randomBytes); - } catch (NoSuchAlgorithmException e) { - s_logger.error("Unexpected exception ", e); - assert (false); - } - - return "Dummy"; - } + static String encryptorPassword = "Dummy"; private static void configLog4j() { - URL configUrl = System.class.getResource("/conf/log4j-cloud.xml"); + final ClassLoader loader = ReflectUtil.getClassLoaderForName("conf"); + URL configUrl = loader.getResource("/conf/log4j-cloud.xml"); if (configUrl == null) configUrl = ClassLoader.getSystemResource("log4j-cloud.xml"); @@ -249,23 +232,25 @@ public class ConsoleProxy { } } - public static void startWithContext(Properties conf, Object context, byte[] ksBits, String ksPassword) { + public static void startWithContext(Properties conf, Object context, byte[] ksBits, String ksPassword, String password) { + setEncryptorPassword(password); + configLog4j(); + Logger.setFactory(new ConsoleProxyLoggerFactory()); s_logger.info("Start console proxy with context"); + if (conf != null) { for (Object key : conf.keySet()) { s_logger.info("Context property " + (String)key + ": " + conf.getProperty((String)key)); } } - configLog4j(); - Logger.setFactory(new ConsoleProxyLoggerFactory()); - // Using reflection to setup private/secure communication channel towards management server ConsoleProxy.context = context; ConsoleProxy.ksBits = ksBits; ConsoleProxy.ksPassword = ksPassword; try { - Class contextClazz = Class.forName("com.cloud.agent.resource.consoleproxy.ConsoleProxyResource"); + final ClassLoader loader = ReflectUtil.getClassLoaderForName("agent"); + Class contextClazz = loader.loadClass("com.cloud.agent.resource.consoleproxy.ConsoleProxyResource"); authMethod = contextClazz.getDeclaredMethod("authenticateConsoleAccess", String.class, String.class, String.class, String.class, String.class, Boolean.class); reportMethod = contextClazz.getDeclaredMethod("reportLoadInfo", String.class); ensureRouteMethod = contextClazz.getDeclaredMethod("ensureRoute", String.class); diff --git a/systemvm/conf/log4j-cloud.xml b/systemvm/conf/log4j-cloud.xml index 9c26bf4dd7c..b32bb570d57 100644 --- a/systemvm/conf/log4j-cloud.xml +++ b/systemvm/conf/log4j-cloud.xml @@ -18,37 +18,67 @@ specific language governing permissions and limitations under the License. --> - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - + + - + - + - - + + @@ -56,26 +86,14 @@ under the License. - - - - - - - - - - - - - - - - - + + + + + @@ -84,20 +102,19 @@ under the License. - + - - - + + - - - - + + + + @@ -106,7 +123,9 @@ under the License. - + + + diff --git a/systemvm/patches/debian/config/etc/apache2/vhost.template b/systemvm/patches/debian/config/etc/apache2/vhost.template index 043a286680d..7b89c3b5b46 100644 --- a/systemvm/patches/debian/config/etc/apache2/vhost.template +++ b/systemvm/patches/debian/config/etc/apache2/vhost.template @@ -83,9 +83,6 @@ Allow from 127.0.0.0/255.0.0.0 ::1/128 - # Include CORS configuration **IF SET** - Include /etc/apache2/[cC][oO][rR][sS].conf - # SSL Engine Switch: # Enable/Disable SSL for this virtual host. SSLEngine on @@ -228,12 +225,8 @@ # README.Debian.gz Listen 10.1.1.1:80 -NameVirtualHost 10.1.1.1:80 - # If you add NameVirtualHost *:443 here, you will also have to change - # the VirtualHost statement in /etc/apache2/sites-available/default-ssl - # to # Server Name Indication for SSL named virtual hosts is currently not # supported by MSIE on Windows XP. Listen 10.1.1.1:443 diff --git a/systemvm/patches/debian/config/etc/haproxy/haproxy.cfg b/systemvm/patches/debian/config/etc/haproxy/haproxy.cfg index 94737ac328e..0adbfc6f3bb 100644 --- a/systemvm/patches/debian/config/etc/haproxy/haproxy.cfg +++ b/systemvm/patches/debian/config/etc/haproxy/haproxy.cfg @@ -22,5 +22,6 @@ defaults timeout server 50000 -listen cloud-default 0.0.0.0:35999 +listen cloud-default + bind 0.0.0.0:35999 option transparent diff --git a/systemvm/patches/debian/config/etc/init.d/cloud-early-config b/systemvm/patches/debian/config/etc/init.d/cloud-early-config index 6eaed913c51..9964f903754 100755 --- a/systemvm/patches/debian/config/etc/init.d/cloud-early-config +++ b/systemvm/patches/debian/config/etc/init.d/cloud-early-config @@ -5,7 +5,7 @@ # Required-Stop: $local_fs # Default-Start: S # Default-Stop: 0 6 -# Short-Description: configure according to cmdline +# Short-Description: configures systemvm using cmdline ### END INIT INFO # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file @@ -24,21 +24,14 @@ # specific language governing permissions and limitations # under the License. -PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" #set -x #exec 3>&0 4>&1 > /var/log/test.log 2>&1 -#start hv_kvp daemon -[ -f /usr/sbin/hv_kvp_daemon ] && /usr/sbin/hv_kvp_daemon - -# Fix haproxy directory issue -mkdir -p /var/lib/haproxy +PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" +CMDLINE=/var/cache/cloud/cmdline # Clear boot up flag, it would be created by rc.local after boot up done rm -f /var/cache/cloud/boot_up_done -# Randomize cloud password so only ssh login is allowed -echo "cloud:`openssl rand -base64 32`" | chpasswd - [ -x /sbin/ifup ] || exit 0 . /lib/lsb/init-functions @@ -48,71 +41,45 @@ log_it() { log_action_msg "$@" } -init_interfaces_orderby_macs() { - macs=( $(echo $1 | sed "s/|/ /g") ) - total_nics=${#macs[@]} - interface_file=${2:-"/etc/network/interfaces"} - rule_file=${3:-"/etc/udev/rules.d/70-persistent-net.rules"} - - echo -n "auto lo" > $interface_file - for((i=0; i> $interface_file - fi - done - cat >> $interface_file << EOF - -iface lo inet loopback - -EOF - - echo "" > $rule_file - for((i=0; i < ${#macs[@]}; i++)) - do - echo "SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", ATTR{address}==\"${macs[$i]}\", NAME=\"eth$i\"" >> $rule_file - done -} - -init_interfaces() { - if [ "$NIC_MACS" == "" ] - then - cat > /etc/network/interfaces << EOF -auto lo $1 $2 $3 -iface lo inet loopback - -EOF - else - init_interfaces_orderby_macs "$NIC_MACS" - fi -} - hypervisor() { - [ -d /proc/xen ] && mount -t xenfs none /proc/xen - [ -d /proc/xen ] && echo "xen-domU" && return 0 - local try=$([ -x /usr/sbin/virt-what ] && virt-what | tail -1) [ "$try" != "" ] && echo $try && return 0 - vmware-checkvm &> /dev/null && echo "vmware" && return 0 - grep -q QEMU /proc/cpuinfo && echo "kvm" && return 0 grep -q QEMU /var/log/messages && echo "kvm" && return 0 - echo "unknown" && return 1 + [ -d /proc/xen ] && mount -t xenfs none /proc/xen + [ -d /proc/xen ] && echo "xen-domU" && return 0 + vmware-checkvm &> /dev/null && echo "vmware" && return 0 + + echo "unknown" && return 1 +} + +config_guest() { + if [ "$HYPERVISOR" == "kvm" ] + then + # Configure hot-plug + modprobe acpiphp || true + modprobe pci_hotplug || true + # Configure serial console FIXME: remove during build we enable it? + #sed -i -e "/^serial.*/d" /boot/grub/grub.conf + #sed -i -e "/^terminal.*/d" /boot/grub/grub.conf + #sed -i -e "/^default.*/a\serial --unit=0 --speed=115200 --parity=no --stop=1" /boot/grub/grub.conf + #sed -i -e "/^serial.*/a\terminal --timeout=0 serial console" /boot/grub/grub.conf + #sed -i -e "s/\(^kernel.* ro\) \(console.*\)/\1 console=tty0 console=ttyS0,115200n8/" /boot/grub/grub.conf + sed -i -e "/^s0:2345:respawn.*/d" /etc/inittab + sed -i -e "/6:23:respawn/a\s0:2345:respawn:/sbin/getty -L 115200 ttyS0 vt102" /etc/inittab + fi + [ ! -d /proc/xen ] && sed -i 's/^vc/#vc/' /etc/inittab && telinit q + [ -d /proc/xen ] && sed -i 's/^#vc/vc/' /etc/inittab && telinit q } get_boot_params() { - local EXTRA_MOUNT=/media/extra - local hyp=$(hypervisor) - [ $? -ne 0 ] && log_it "Failed to detect hypervisor type, bailing out of early init" && exit 10 - - case $hyp in + case $HYPERVISOR in xen-domU|xen-hvm) - cat /proc/cmdline > /var/cache/cloud/cmdline - sed -i "s/%/ /g" /var/cache/cloud/cmdline + cat /proc/cmdline > $CMDLINE + sed -i "s/%/ /g" $CMDLINE ;; kvm) VPORT=$(find /dev/virtio-ports -type l -name '*.vport' 2>/dev/null|head -1) @@ -125,66 +92,79 @@ get_boot_params() { log_it "${VPORT} not loaded, perhaps guest kernel is too old." && exit 2 fi - local factor=2 - local progress=1 - for i in {1..5} - do - while read line; do - if [[ $line == cmdline:* ]]; then - cmd=${line//cmdline:/} - echo $cmd > /var/cache/cloud/cmdline - elif [[ $line == pubkey:* ]]; then - pubkey=${line//pubkey:/} - echo $pubkey > /var/cache/cloud/authorized_keys - echo $pubkey > /root/.ssh/authorized_keys + local factor=2 + local progress=1 + for i in {1..5} + do + while read line; do + if [[ $line == cmdline:* ]]; then + cmd=${line//cmdline:/} + echo $cmd > $CMDLINE + elif [[ $line == pubkey:* ]]; then + pubkey=${line//pubkey:/} + echo $pubkey > /var/cache/cloud/authorized_keys + echo $pubkey > /root/.ssh/authorized_keys fi - done < $VPORT - # In case of reboot we do not send the boot args again. - # So, no need to wait for them, as the boot args are already set at startup - if [ -s /var/cache/cloud/cmdline ] - then + done < $VPORT + # In case of reboot we do not send the boot args again. + # So, no need to wait for them, as the boot args are already set at startup + if [ -s $CMDLINE ] + then log_it "Found a non empty cmdline file. Will now exit the loop and proceed with configuration." break; fi sleep ${progress}s progress=$[ progress * factor ] - done + done chmod go-rwx /root/.ssh/authorized_keys ;; vmware) - vmtoolsd --cmd 'machine.id.get' > /var/cache/cloud/cmdline + vmtoolsd --cmd 'machine.id.get' > $CMDLINE ;; virtualpc|hyperv) # Hyper-V is recognized as virtualpc hypervisor type. Boot args are passed using KVP Daemon #waiting for the hv_kvp_daemon to start up #sleep need to fix the race condition of hv_kvp_daemon and cloud-early-config + [ -f /usr/sbin/hv_kvp_daemon ] && /usr/sbin/hv_kvp_daemon sleep 5 - cp -f /var/opt/hyperv/.kvp_pool_0 /var/cache/cloud/cmdline + cp -f /var/opt/hyperv/.kvp_pool_0 $CMDLINE cat /dev/null > /var/opt/hyperv/.kvp_pool_0 ;; virtualbox) # Virtualbox is used to test the virtual router # get the commandline from a dmistring (yes, hacky!) - dmidecode | grep cmdline | sed 's/^.*cmdline://' > /var/cache/cloud/cmdline + dmidecode | grep cmdline | sed 's/^.*cmdline://' > $CMDLINE RV=$? if [ $RV -ne 0 ] ; then log_it "Failed to get cmdline from a virtualbox dmi property" fi ;; esac +} +get_systemvm_type() { + for str in $(cat $CMDLINE) + do + KEY=$(echo $str | cut -d= -f1) + VALUE=$(echo $str | cut -d= -f2) + case $KEY in + type) + export TYPE=$VALUE + ;; + *) + ;; + esac + done } patch() { local PATCH_MOUNT=/media/cdrom local patchfile=$PATCH_MOUNT/cloud-scripts.tgz - local md5file=/var/cache/cloud/cloud-scripts-signature local privkey=$PATCH_MOUNT/authorized_keys - local shouldpatch=false + local md5file=/var/cache/cloud/cloud-scripts-signature local cdrom_dev= mkdir -p $PATCH_MOUNT - if [ -e /dev/xvdd ]; then cdrom_dev=/dev/xvdd elif [ -e /dev/cdrom ]; then @@ -196,1370 +176,101 @@ patch() { elif [ -e /dev/cdrom3 ]; then cdrom_dev=/dev/cdrom3 fi + [ -f /var/cache/cloud/authorized_keys ] && privkey=/var/cache/cloud/authorized_keys if [ -n "$cdrom_dev" ]; then mount -o ro $cdrom_dev $PATCH_MOUNT - [ -f $privkey ] && cp -f $privkey /root/.ssh/ && chmod go-rwx /root/.ssh/authorized_keys local oldmd5= [ -f ${md5file} ] && oldmd5=$(cat ${md5file}) local newmd5= [ -f ${patchfile} ] && newmd5=$(md5sum ${patchfile} | awk '{print $1}') - - if [ "$oldmd5" != "$newmd5" ] && [ -f ${patchfile} ] && [ "$newmd5" != "" ] + + log_it "Scripts checksum detected: oldmd5=$oldmd5 newmd5=$newmd5" + if [ "$oldmd5" != "$newmd5" ] && [ -f ${patchfile} ] && [ "$newmd5" != "" ] then - shouldpatch=true - log_it "Patching scripts oldmd5=$oldmd5 newmd5=$newmd5" tar xzf $patchfile -C / echo ${newmd5} > ${md5file} + log_it "Patched scripts using $patchfile" fi - log_it "Patching cloud service" - hyperVisor=$(hypervisor) - /opt/cloud/bin/patchsystemvm.sh $PATCH_MOUNT $hyperVisor + + log_it "Patching cloud service" + /opt/cloud/bin/setup/patchsystemvm.sh $PATCH_MOUNT $TYPE + + [ -f $privkey ] && cp -f $privkey /root/.ssh/ && chmod go-rwx /root/.ssh/authorized_keys umount $PATCH_MOUNT - - if [ "$shouldpatch" == "true" ] - then - log_it "Rebooting system since we patched init scripts" - sync - sleep 2 - reboot - fi fi + if [ -f /mnt/cmdline ]; then - cat /mnt/cmdline > /var/cache/cloud/cmdline + cat /mnt/cmdline > $CMDLINE fi + return 0 } -patch_log4j() { -log_it "Updating log4j-cloud.xml" -mkdir -p /usr/local/cloud/systemvm/conf -cat << "EOF" > /usr/local/cloud/systemvm/conf/temp.xml - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -EOF -mv /usr/local/cloud/systemvm/conf/temp.xml /usr/local/cloud/systemvm/conf/log4j-cloud.xml -} - -setup_interface() { - local intfnum=$1 - local ip=$2 - local mask=$3 - local gw=$4 - local force=$5 - local intf=eth${intfnum} - local bootproto="static" - - - if [ "$BOOTPROTO" == "dhcp" ] - then - if [ "$intfnum" != "0" ] - then - bootproto="dhcp" - fi - fi - - if [ "$ip" != "0.0.0.0" -a "$ip" != "" -o "$force" == "force" ] - then - echo "iface $intf inet $bootproto" >> /etc/network/interfaces - if [ "$bootproto" == "static" ] - then - echo " address $ip " >> /etc/network/interfaces - echo " netmask $mask" >> /etc/network/interfaces - fi - fi - - if [ "$ip" == "0.0.0.0" -o "$ip" == "" ] - then - ifconfig $intf down - fi - - if [ "$force" == "force" ] - then - ifdown $intf - else - ifdown $intf - if [ "$RROUTER" != "1" -o "$1" != "2" ] - then - ifup $intf - timer=0 - log_it "checking that $intf has IP " - while true - do - ip=$(ifconfig $intf | grep "inet addr:" | awk '{print $2}' | awk -F: '{print $2}') - if [ -z $ip ] - then - sleep 1; - #waiting for the interface to setup with ip - log_it "waiting for $intf interface setup with ip timer=$timer" - else - break - fi - - if [ $timer -gt 15 ] - then - log_it "interface $intf is not set up with ip... exiting"; - break - fi - - timer=`expr $timer + 1` - done - fi - fi -} - -setup_interface_ipv6() { - sysctl net.ipv6.conf.all.disable_ipv6=0 - sysctl net.ipv6.conf.all.forwarding=1 - sysctl net.ipv6.conf.all.accept_ra=1 - - sed -i "s/net.ipv6.conf.all.disable_ipv6 =.*$/net.ipv6.conf.all.disable_ipv6 = 0/" /etc/sysctl.conf - sed -i "s/net.ipv6.conf.all.forwarding =.*$/net.ipv6.conf.all.forwarding = 1/" /etc/sysctl.conf - sed -i "s/net.ipv6.conf.all.accept_ra =.*$/net.ipv6.conf.all.accept_ra = 1/" /etc/sysctl.conf - - local intfnum=$1 - local ipv6="$2" - local prelen="$3" - local intf=eth${intfnum} - - echo "iface $intf inet6 static" >> /etc/network/interfaces - echo " address $ipv6 " >> /etc/network/interfaces - echo " netmask $prelen" >> /etc/network/interfaces - echo " accept_ra 1" >> /etc/network/interfaces - ifdown $intf - ifup $intf -} - -enable_fwding() { - local enabled=$1 - log_it "cloud: enable_fwding = $1" - log_it "enable_fwding = $1" - echo "$1" > /proc/sys/net/ipv4/ip_forward - [ -f /etc/iptables/iptables.conf ] && sed -i "s/ENABLE_ROUTING=.*$/ENABLE_ROUTING=$enabled/" /etc/iptables/iptables.conf && return -} - -disable_rpfilter() { - log_it "cloud: disable rp_filter" - log_it "disable rpfilter" - sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf -} - -get_public_vif_list() { - local vif_list="" - for i in /sys/class/net/eth*; do - vif=$(basename $i); - if [ "$vif" != "eth0" ] && [ "$vif" != "eth1" ] - then - vif_list="$vif_list $vif"; - fi - done - - echo $vif_list -} - -disable_rpfilter_domR() { - log_it "cloud: Tuning rp_filter on public interfaces" - - VIF_LIST=$(get_public_vif_list) - log_it "rpfilter public interfaces : $VIF_LIST" - if [ "$DISABLE_RP_FILTER" == "true" ] - then - log_it "cloud: disable rp_filter on public interfaces" - sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf - echo "0" > /proc/sys/net/ipv4/conf/default/rp_filter - for vif in $VIF_LIST; do - log_it "cloud: disable rp_filter on public interface: $vif" - sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 0/" /etc/sysctl.conf - echo "0" > /proc/sys/net/ipv4/conf/$vif/rp_filter - done - else - log_it "cloud: enable rp_filter on public interfaces" - sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 1/" /etc/sysctl.conf - echo "1" > /proc/sys/net/ipv4/conf/default/rp_filter - for vif in $VIF_LIST; do - log_it "cloud: enable rp_filter on public interface: $vif" - sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 1/" /etc/sysctl.conf - echo "1" > /proc/sys/net/ipv4/conf/$vif/rp_filter - done - fi - log_it "cloud: Enabling rp_filter on Non-public interfaces(eth0,eth1,lo)" - echo "1" > /proc/sys/net/ipv4/conf/eth0/rp_filter - echo "1" > /proc/sys/net/ipv4/conf/eth1/rp_filter - echo "1" > /proc/sys/net/ipv4/conf/lo/rp_filter -} - -enable_irqbalance() { - local enabled=$1 - local proc=0 - - proc=$(cat /proc/cpuinfo | grep "processor" | wc -l) - if [ $proc -le 1 ] && [ $enabled -eq 1 ] - then - enabled=0 - fi - - log_it "Processors = $proc Enable service ${svc} = $enabled" - local cfg=/etc/default/irqbalance - [ -f $cfg ] && sed -i "s/ENABLED=.*$/ENABLED=$enabled/" $cfg && return -} - -disable_hvc() { - [ ! -d /proc/xen ] && sed -i 's/^vc/#vc/' /etc/inittab && telinit q - [ -d /proc/xen ] && sed -i 's/^#vc/vc/' /etc/inittab && telinit q -} - -enable_vpc_rpsrfs() { - local enable=$1 - if [ $enable -eq 0 ] - then - echo 0 > /etc/rpsrfsenable - else - echo 1 > /etc/rpsrfsenable - fi - - return 0 -} - -enable_rpsrfs() { - local enable=$1 - - if [ $enable -eq 0 ] - then - echo 0 > /etc/rpsrfsenable - return 0 - fi - - if [ ! -f /sys/class/net/eth0/queues/rx-0/rps_cpus ] - then - echo "rps is not enabled in the kernel" - echo 0 > /etc/rpsrfsenable - return 0 - fi - - proc=$(cat /proc/cpuinfo | grep "processor" | wc -l) - if [ $proc -le 1 ] - then - echo 0 > /etc/rpsrfsenable - return 0; - fi - - echo 1 > /etc/rpsrfsenable - num=1 - num=$(($num<<$proc)) - num=$(($num-1)); - echo $num; - hex=$(printf "%x\n" $num) - echo $hex; - #enable rps - echo $hex > /sys/class/net/eth0/queues/rx-0/rps_cpus - echo $hex > /sys/class/net/eth2/queues/rx-0/rps_cpus - - #enble rfs - echo 256 > /proc/sys/net/core/rps_sock_flow_entries - echo 256 > /sys/class/net/eth0/queues/rx-0/rps_flow_cnt - echo 256 > /sys/class/net/eth2/queues/rx-0/rps_flow_cnt -} - -setup_common() { - init_interfaces $1 $2 $3 - if [ -n "$ETH0_IP" ] - then - setup_interface "0" $ETH0_IP $ETH0_MASK $GW - fi - if [ -n "$ETH0_IP6" ] - then - setup_interface_ipv6 "0" $ETH0_IP6 $ETH0_IP6_PRELEN - fi - setup_interface "1" $ETH1_IP $ETH1_MASK $GW - if [ -n "$ETH2_IP" ] - then - setup_interface "2" $ETH2_IP $ETH2_MASK $GW - fi - - echo $NAME > /etc/hostname - echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon - hostname $NAME - - #Nameserver - sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries - sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries - if [ -n "$internalNS1" ] - then - echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf - echo "nameserver $internalNS1" > /etc/resolv.conf - fi - - if [ -n "$internalNS2" ] - then - echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf - echo "nameserver $internalNS2" >> /etc/resolv.conf - fi - if [ -n "$NS1" ] - then - echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf - echo "nameserver $NS1" >> /etc/resolv.conf - fi - - if [ -n "$NS2" ] - then - echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf - echo "nameserver $NS2" >> /etc/resolv.conf - fi - - if [ -n "$IP6_NS1" ] - then - echo "nameserver $IP6_NS1" >> /etc/dnsmasq-resolv.conf - echo "nameserver $IP6_NS1" >> /etc/resolv.conf - fi - if [ -n "$IP6_NS2" ] - then - echo "nameserver $IP6_NS2" >> /etc/dnsmasq-resolv.conf - echo "nameserver $IP6_NS2" >> /etc/resolv.conf - fi - - if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ] - then - ip route add $MGMTNET via $LOCAL_GW dev eth1 - fi - - ip route delete default - if [ "$RROUTER" != "1" ] - then - gwdev=$3 - if [ -z "$gwdev" ] - then - gwdev="eth0" - fi - - ip route add default via $GW dev $gwdev - - fi - - # a hacking way to activate vSwitch under VMware - ping -n -c 3 $GW & - sleep 3 - pkill ping - if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ] - then - ping -n -c 3 $LOCAL_GW & - sleep 3 - pkill ping - #This code is added to address ARP issue by pinging MGMT_GW - MGMT_GW=$(echo $MGMTNET | awk -F "." '{print $1"."$2"."$3".1"}') - ping -n -c 3 $MGMT_GW & - sleep 3 - pkill ping - - fi - - local hyp=$(hypervisor) - if [ "$hyp" == "vmware" ]; then - ntpq -p &> /dev/null || vmware-toolbox-cmd timesync enable - fi -} - -setup_dnsmasq() { - log_it "Setting up dnsmasq" - - touch /etc/dhcpopts.txt - - [ -z $DHCP_RANGE ] && [ $ETH0_IP ] && DHCP_RANGE=$ETH0_IP - [ $ETH0_IP6 ] && DHCP_RANGE_IP6=$ETH0_IP6 - [ -z $DOMAIN ] && DOMAIN="cloudnine.internal" - #removing the dnsmasq multiple ranges config file. - rm /etc/dnsmasq.d/multiple_ranges.conf - - #get the template - cp /etc/dnsmasq.conf.tmpl /etc/dnsmasq.conf - - if [ -n "$DOMAIN" ] - then - #send domain name to dhcp clients - sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\"$DOMAIN\"/ /etc/dnsmasq.conf - #DNS server will append $DOMAIN to local queries - sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf - #answer all local domain queries - sed -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf - fi - - if [ -n "$DNS_SEARCH_ORDER" ] - then - sed -i -e "/^[#]*dhcp-option.*=119.*$/d" /etc/dnsmasq.conf - echo "dhcp-option-force=119,$DNS_SEARCH_ORDER" >> /etc/dnsmasq.conf - # set the domain search order as a space seprated list for option 15 - DNS_SEARCH_ORDER=$(echo $DNS_SEARCH_ORDER | sed 's/,/ /g') - #send domain name to dhcp clients - sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\""$DNS_SEARCH_ORDER"\"/ /etc/dnsmasq.conf - fi - - if [ $DHCP_RANGE ] - then - sed -i -e "s/^dhcp-range_ip4=.*$/dhcp-range=$DHCP_RANGE,static/" /etc/dnsmasq.conf - else - sed -i -e "s/^dhcp-range_ip4=.*$//" /etc/dnsmasq.conf - fi - if [ $DHCP_RANGE_IP6 ] - then - sed -i -e "s/^dhcp-range_ip6=.*$/dhcp-range=$DHCP_RANGE_IP6,static/" /etc/dnsmasq.conf - # For nondefault6 tagged host, don't send dns-server information - sed -i /nondefault6/d /etc/dnsmasq.conf - echo "dhcp-option=nondefault6,option6:dns-server" >> /etc/dnsmasq.conf - else - sed -i -e "s/^dhcp-range_ip6=.*$//" /etc/dnsmasq.conf - fi - - if [ "$RROUTER" == "1" ] - then - DEFAULT_GW=$GUEST_GW - INTERNAL_DNS=$GUEST_GW - else - if [ "$TYPE" == "dhcpsrvr" ] - then - DEFAULT_GW=$GW - else - DEFAULT_GW=$ETH0_IP - fi - INTERNAL_DNS=$ETH0_IP - fi - sed -i -e "/^[#]*dhcp-option=option:router.*$/d" /etc/dnsmasq.conf - [ $DEFAULT_GW ] && echo "dhcp-option=option:router,$DEFAULT_GW" >> /etc/dnsmasq.conf - - [ $ETH0_IP ] && [ $NS1 ] && NS="$NS1," - [ $ETH0_IP ] && [ $NS2 ] && NS="$NS$NS2," - [ $ETH0_IP6 ] && [ $IP6_NS1 ] && NS6="[$IP6_NS1]," - [ $ETH0_IP6 ] && [ $IP6_NS2 ] && NS6="$NS6[$IP6_NS2]," - #for now set up ourself as the dns server as well - sed -i -e "/^[#]*dhcp-option=6,.*$/d" /etc/dnsmasq.conf - sed -i -e "/^[#]*dhcp-option=option6:dns-server,.*$/d" /etc/dnsmasq.conf - if [ "$USE_EXTERNAL_DNS" != "true" ] - then - [ $ETH0_IP ] && NS="$INTERNAL_DNS,$NS" - [ $ETH0_IP6 ] && NS6="[::],$NS6" - # enable dns - sed -i -e "/^[#]*port=.*$/d" /etc/dnsmasq.conf - else - # disable dns - sed -i -e "/^[#]*port=.*$/d" /etc/dnsmasq.conf - echo "port=0" >> /etc/dnsmasq.conf - fi - NS=${NS%?} - NS6=${NS6%?} - [ $ETH0_IP ] && echo "dhcp-option=6,$NS" >> /etc/dnsmasq.conf - [ $ETH0_IP6 ] && echo "dhcp-option=option6:dns-server,$NS6" >> /etc/dnsmasq.conf -#adding the name data-server to the /etc/hosts for allowing the access to user-data service and ssh-key reset in every subnet. -#removing the existing entires to avoid duplicates on restarts. - sed -i '/data-server/d' /etc/hosts - if [ -n "$ETH0_IP" ] - then - echo "$ETH0_IP data-server" >> /etc/hosts - fi - if [ -n "$ETH0_IP6" ] - then - echo "$ETH0_IP6 data-server" >> /etc/hosts - fi -#add the dhcp-client-update only if dnsmasq version is 2.6 and above - dnsmasqVersion=$(dnsmasq -v | grep version -m 1 | grep -o "[[:digit:]]\.[[:digit:]]") - major=$(echo "$dnsmasqVersion" | cut -d '.' -f 1) - minor=$(echo "$dnsmasqVersion" | cut -d '.' -f 2) - if [ "$major" -eq '2' -a "$minor" -ge '6' ] || [ "$major" -gt '2' ] - then - sed -i -e "/^dhcp-client-update/d" /etc/dnsmasq.conf - echo 'dhcp-client-update' >> /etc/dnsmasq.conf - fi - - command -v dhcp_release > /dev/null 2>&1 - no_dhcp_release=$? - if [ $no_dhcp_release -eq 0 -a -z "$ETH0_IP6" ] - then - echo 1 > /var/cache/cloud/dnsmasq_managed_lease - sed -i -e "/^leasefile-ro/d" /etc/dnsmasq.conf - else - echo 0 > /var/cache/cloud/dnsmasq_managed_lease - fi -} - -setup_sshd(){ - local ip=$1 - local eth=$2 - [ -f /etc/ssh/sshd_config ] && sed -i -e "s/^[#]*ListenAddress.*$/ListenAddress $ip/" /etc/ssh/sshd_config - sed -i "/3922/s/eth./$eth/" /etc/iptables/rules.v4 - sed -i "/3922/s/eth./$eth/" /etc/iptables/rules - systemctl restart sshd -} - - -setup_vpc_apache2() { - log_it "Setting up apache web server for VPC" - systemctl disable apache2 - clean_ipalias_config - setup_apache2_common -} - - -clean_ipalias_config() { - # Old - rm -f /etc/apache2/conf.d/ports.*.meta-data.conf - rm -f /etc/apache2/sites-available/ipAlias* - rm -f /etc/apache2/sites-enabled/ipAlias* - rm -f /etc/apache2/conf.d/vhost*.conf - rm -f /etc/apache2/ports.conf - rm -f /etc/apache2/vhostexample.conf - rm -f /etc/apache2/sites-available/default - rm -f /etc/apache2/sites-available/default-ssl - rm -f /etc/apache2/sites-enabled/default - rm -f /etc/apache2/sites-enabled/default-ssl - - # New - rm -f /etc/apache2/sites-enabled/vhost-*.conf - rm -f /etc/apache2/sites-enabled/000-default - - rm -rf /etc/failure_config -} - -setup_apache2_common() { - sed -i 's/^Include ports.conf.*/# CS: Done by Python CsApp config\n#Include ports.conf/g' /etc/apache2/apache2.conf - [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerTokens .*/ServerTokens Prod/g" /etc/apache2/conf.d/security - [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerSignature .*/ServerSignature Off/g" /etc/apache2/conf.d/security - - # Disable listing of http://SSVM-IP/icons folder for security issue. see article http://www.i-lateral.com/tutorials/disabling-the-icons-folder-on-an-ubuntu-web-server/ - [ -f /etc/apache2/mods-available/alias.conf ] && sed -i s/"Options Indexes MultiViews"/"Options -Indexes MultiViews"/ /etc/apache2/mods-available/alias.conf - - echo "Options -Indexes" > /var/www/html/.htaccess -} - -setup_apache2() { - log_it "Setting up apache web server" - clean_ipalias_config - setup_apache2_common - local ip=$1 - - # Deprecated, functionality moved to Cs Python code - # [ -f /etc/apache2/sites-available/default ] && sed -i -e "s///" /etc/apache2/sites-available/default - # [ -f /etc/apache2/sites-available/default-ssl ] && sed -i -e "s///" /etc/apache2/sites-available/default-ssl - # [ -f /etc/apache2/ports.conf ] && sed -i -e "s/Listen .*:80/Listen $ip:80/g" /etc/apache2/ports.conf - # [ -f /etc/apache2/ports.conf ] && sed -i -e "s/Listen .*:443/Listen $ip:443/g" /etc/apache2/ports.conf - # [ -f /etc/apache2/ports.conf ] && sed -i -e "s/NameVirtualHost .*:80/NameVirtualHost $ip:80/g" /etc/apache2/ports.conf -} - -setup_aesni() { - if [ `grep aes /proc/cpuinfo | wc -l` -gt 0 ] - then - modprobe aesni_intel - fi -} - -load_modules() { - - #load nf modules for ftp - modprobe nf_nat_ftp - modprobe nf_conntrack_ftp -} - -setup_router() { - log_it "Setting up virtual router system vm" - - #To save router public interface and gw ip information - touch /var/cache/cloud/ifaceGwIp - - oldmd5= - [ -f "/etc/udev/rules.d/70-persistent-net.rules" ] && oldmd5=$(md5sum "/etc/udev/rules.d/70-persistent-net.rules" | awk '{print $1}') - - if [ -n "$ETH2_IP" ] - then - setup_common eth0 eth1 eth2 - - if [ -n "$EXTRA_PUBNICS" ] - then - for((i = 3; i < 3 + $EXTRA_PUBNICS; i++)) - do - setup_interface "$i" "0.0.0.0" "255.255.255.255" $GW "force" - done - fi - else - setup_common eth0 eth1 - if [ -n "$EXTRA_PUBNICS" ] - then - for((i = 2; i < 2 + $EXTRA_PUBNICS; i++)) - do - setup_interface "$i" "0.0.0.0" "255.255.255.255" $GW "force" - done - fi - fi - - # Moved to Cs Python code - #if [ -n "$ETH2_IP" -a "$RROUTER" == "1" ] - #then - #setup_redundant_router - #fi - - log_it "Checking udev NIC assignment order changes" - if [ "$NIC_MACS" != "" ] - then - init_interfaces_orderby_macs "$NIC_MACS" "/tmp/interfaces" "/tmp/udev-rules" - newmd5=$(md5sum "/tmp/udev-rules" | awk '{print $1}') - rm /tmp/interfaces - rm /tmp/udev-rules - - if [ "$oldmd5" != "$newmd5" ] - then - log_it "udev NIC assignment requires reboot to take effect" - sync - sleep 2 - reboot - fi - fi - - setup_aesni - setup_dnsmasq - setup_apache2 $ETH0_IP - - sed -i /gateway/d /etc/hosts - echo "$ETH0_IP $NAME" >> /etc/hosts - - - systemctl enable dnsmasq haproxy cloud-passwd-srvr - systemctl restart dnsmasq haproxy cloud-passwd-srvr - enable_irqbalance 1 - disable_rpfilter_domR - enable_fwding 1 - enable_rpsrfs 1 - systemctl disable nfs-common - cp /etc/iptables/iptables-router /etc/iptables/rules.v4 -#for old templates - cp /etc/iptables/iptables-router /etc/iptables/rules - setup_sshd $ETH1_IP "eth1" - load_modules - - #Only allow DNS service for current network - sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4 - sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules - sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4 - sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules - - #setup hourly logrotate - mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1 - -} - - - -setup_vpcrouter() { - log_it "Setting up VPC virtual router system vm" - - if [ -f /etc/hosts ]; then - grep -q $NAME /etc/hosts || echo "127.0.0.1 $NAME" >> /etc/hosts; - fi - - cat > /etc/network/interfaces << EOF -auto lo eth0 -iface lo inet loopback -EOF - setup_interface "0" $ETH0_IP $ETH0_MASK $GW - - echo $NAME > /etc/hostname - echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon - hostname $NAME - - #Nameserver - sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries - sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries - if [ -n "$internalNS1" ] - then - echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf - echo "nameserver $internalNS1" > /etc/resolv.conf - fi - - if [ -n "$internalNS2" ] - then - echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf - echo "nameserver $internalNS2" >> /etc/resolv.conf - fi - if [ -n "$NS1" ] - then - echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf - echo "nameserver $NS1" >> /etc/resolv.conf - fi - - if [ -n "$NS2" ] - then - echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf - echo "nameserver $NS2" >> /etc/resolv.conf - fi - if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ] - then - if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ]; - then - ip route add $MGMTNET via $LOCAL_GW dev eth0 - - # a hacking way to activate vSwitch under VMware - ping -n -c 3 $LOCAL_GW & - sleep 3 - pkill ping - fi - fi - - ip route delete default - # create route table for static route - - sudo echo "252 static_route" >> /etc/iproute2/rt_tables 2>/dev/null - sudo echo "251 static_route_back" >> /etc/iproute2/rt_tables 2>/dev/null - sudo ip rule add from $VPCCIDR table static_route 2>/dev/null - sudo ip rule add from $VPCCIDR table static_route_back 2>/dev/null - - setup_vpc_apache2 - - systemctl enable dnsmasq haproxy cloud-passwd-srvr - enable_irqbalance 1 - enable_vpc_rpsrfs 1 - disable_rpfilter - enable_fwding 1 - cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules.v4 - cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules - setup_sshd $ETH0_IP "eth0" - cp /etc/vpcdnsmasq.conf /etc/dnsmasq.conf - cp /etc/cloud-nic.rules /etc/udev/rules.d/cloud-nic.rules - echo "" > /etc/dnsmasq.d/dhcphosts.txt - echo "dhcp-hostsfile=/etc/dhcphosts.txt" > /etc/dnsmasq.d/cloud.conf - - [ -z $DOMAIN ] && DOMAIN="cloudnine.internal" - #DNS server will append $DOMAIN to local queries - sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf - #answer all local domain queries - sed -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf - - command -v dhcp_release > /dev/null 2>&1 - no_dhcp_release=$? - if [ $no_dhcp_release -eq 0 ] - then - echo 1 > /var/cache/cloud/dnsmasq_managed_lease - sed -i -e "/^leasefile-ro/d" /etc/dnsmasq.conf - else - echo 0 > /var/cache/cloud/dnsmasq_managed_lease - fi - load_modules - - systemctl restart dnsmasq haproxy cloud-passwd-srvr - - #setup hourly logrotate - mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1 - -} - - - -setup_dhcpsrvr() { - log_it "Setting up dhcp server system vm" - setup_common eth0 eth1 - setup_dnsmasq - setup_apache2 $ETH0_IP - - sed -i /gateway/d /etc/hosts - [ $ETH0_IP ] && echo "$ETH0_IP $NAME" >> /etc/hosts - [ $ETH0_IP6 ] && echo "$ETH0_IP6 $NAME" >> /etc/hosts - - systemctl enable dnsmasq cloud-passwd-srvr - systemctl restart dnsmasq cloud-passwd-srvr - enable_irqbalance 0 - enable_fwding 0 - systemctl disable nfs-common - - cp /etc/iptables/iptables-router /etc/iptables/rules.v4 - cp /etc/iptables/iptables-router /etc/iptables/rules - - #Only allow DNS service for current network - sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4 - sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules - sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4 - sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules - - if [ "$SSHONGUEST" == "true" ] - then - setup_sshd $ETH0_IP "eth0" - else - setup_sshd $ETH1_IP "eth1" - fi -} - -setup_storage_network() { - if [ x"$STORAGE_IP" == "x" -o x"$STORAGE_NETMASK" == "x" ] - then - log_it "Incompleted parameters STORAGE_IP:$STORAGE_IP, STORAGE_NETMASK:$STORAGE_NETMASK, STORAGE_CIDR:$STORAGE_CIDR. Cannot setup storage network" - return - fi - - echo "" >> /etc/network/interfaces - echo "auto eth3" >> /etc/network/interfaces - - setup_interface "3" "$STORAGE_IP" "$STORAGE_NETMASK" - [ -n "$MTU" ] && ifconfig eth3 mtu $MTU && echo " mtu $MTU" >> /etc/network/interfaces - #ip route add "$STORAGE_CIDR" via "$STORAGE_IP" - log_it "Successfully setup storage network with STORAGE_IP:$STORAGE_IP, STORAGE_NETMASK:$STORAGE_NETMASK, STORAGE_CIDR:$STORAGE_CIDR" -} - -setup_system_rfc1918_internal() { - public_ip=`getPublicIp` - echo "$public_ip" | grep -E "^((127\.)|(10\.)|(172\.1[6-9]\.)|(172\.2[0-9]\.)|(172\.3[0-1]\.)|(192\.168\.))" - if [ "$?" == "0" ]; then - log_it "Not setting up route of RFC1918 space to $LOCAL_GW befause $public_ip is RFC1918." - else - log_it "Setting up route of RFC1918 space to $LOCAL_GW" - # Setup general route for RFC 1918 space, as otherwise it will be sent to - # the public gateway and not work - # More specific routes that may be set have preference over this generic route. - ip route add 10.0.0.0/8 via $LOCAL_GW - ip route add 172.16.0.0/12 via $LOCAL_GW - ip route add 192.168.0.0/16 via $LOCAL_GW - fi -} - -getPublicIp() { - public_ip=$ETH2_IP - [ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH1_IP - echo $public_ip -} - -setup_ntp() { - log_it "Setting up NTP" - NTP_CONF_FILE="/etc/ntp.conf" - if [ -f $NTP_CONF_FILE ] - then - IFS=',' read -a server_list <<< "$NTP_SERVER_LIST" - for (( iterator=${#server_list[@]}-1 ; iterator>=0 ; iterator-- )) - do - server=$(echo ${server_list[iterator]} | tr -d '\r') - PATTERN="server $server" - if grep -q "^$PATTERN$" $NTP_CONF_FILE ; then - sed -i "/^$PATTERN$/d" $NTP_CONF_FILE - fi - sed -i "0,/^server/s//$PATTERN\nserver/" $NTP_CONF_FILE - done - systemctl restart ntp - else - log_it "NTP configuration file not found" - fi -} - -setup_secstorage() { - log_it "Setting up secondary storage system vm" - sysctl vm.min_free_kbytes=8192 - local hyp=$1 - setup_common eth0 eth1 eth2 - setup_storage_network - setup_system_rfc1918_internal - sed -i /gateway/d /etc/hosts - public_ip=`getPublicIp` - echo "$public_ip $NAME" >> /etc/hosts - - cp /etc/iptables/iptables-secstorage /etc/iptables/rules.v4 - cp /etc/iptables/iptables-secstorage /etc/iptables/rules - if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ]; then - setup_sshd $ETH1_IP "eth1" - else - setup_sshd $ETH0_IP "eth0" - fi - setup_apache2 $ETH2_IP - - # Deprecated, should move to Cs Python all of it - sed -e "s///" \ - -e "s///" \ - -e "s/Listen .*:80/Listen $ETH2_IP:80/g" \ - -e "s/Listen .*:443/Listen $ETH2_IP:443/g" \ - -e "s/NameVirtualHost .*:80/NameVirtualHost $ETH2_IP:80/g" /etc/apache2/vhost.template > /etc/apache2/sites-enabled/vhost-${ETH2_IP}.conf - - log_it "setting up apache2 for post upload of volume/template" - a2enmod proxy - a2enmod proxy_http - a2enmod headers - - cat >/etc/apache2/cors.conf <> /etc/hosts - cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules.v4 - cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules - if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ]; then - setup_sshd $ETH1_IP "eth1" - else - setup_sshd $ETH0_IP "eth0" - fi - - systemctl enable cloud - disable_rpfilter - enable_fwding 0 - enable_irqbalance 0 - systemctl disable nfs-common - rm /etc/logrotate.d/cloud -} - -setup_elbvm() { - log_it "Setting up Elastic Load Balancer system vm" - local hyp=$1 - setup_common eth0 eth1 - sed -i /gateway/d /etc/hosts - public_ip=$ETH2_IP - [ "$ETH2_IP" == "0.0.0.0" ] || [ "$ETH2_IP" == "" ] && public_ip=$ETH0_IP - echo "$public_ip $NAME" >> /etc/hosts - - cp /etc/iptables/iptables-elbvm /etc/iptables/rules.v4 - cp /etc/iptables/iptables-elbvm /etc/iptables/rules - if [ "$SSHONGUEST" == "true" ] - then - setup_sshd $ETH0_IP "eth0" - else - setup_sshd $ETH1_IP "eth1" - fi - - enable_fwding 0 - enable_irqbalance 0 - systemctl disable nfs-common - systemctl disable portmap -} - -setup_ilbvm() { - log_it "Setting up Internal Load Balancer system vm" - local hyp=$1 - setup_common eth0 eth1 - #eth0 = guest network, eth1=control network - - sed -i /$NAME/d /etc/hosts - echo "$ETH0_IP $NAME" >> /etc/hosts - - cp /etc/iptables/iptables-ilbvm /etc/iptables/rules.v4 - cp /etc/iptables/iptables-ilbvm /etc/iptables/rules - setup_sshd $ETH1_IP "eth1" - - enable_fwding 0 - systemctl enable haproxy - enable_irqbalance 1 - systemctl disable nfs-common - systemctl disable portmap -} - -setup_default() { - cat > /etc/network/interfaces << EOF -auto lo -iface lo inet loopback -EOF - cp -f /etc/iptables/rt_tables_init /etc/iproute2/rt_tables -} - -change_password() { - if [ x"$VM_PASSWORD" != x"" ] - then - echo "root:$VM_PASSWORD" | chpasswd - fi -} - start() { # Clear /tmp for file lock rm -f /tmp/*.lock rm -f /tmp/rrouter_bumped - local hyp=$(hypervisor) + rm -f /root/.rnd + echo "" > /root/.ssh/known_hosts + + export HYPERVISOR=$(hypervisor) [ $? -ne 0 ] && log_it "Failed to detect hypervisor type, bailing out of early init" && exit 10 - log_it "Detected that we are running inside $hyp guest" + log_it "Detected that we are running inside $HYPERVISOR" + + config_guest get_boot_params + get_systemvm_type patch - patch_log4j - parse_cmd_line - change_password - case $TYPE in - router) - [ "$NAME" == "" ] && NAME=router - setup_router - if [ -x /opt/cloud/bin/update_config.py ] - then - /opt/cloud/bin/update_config.py cmd_line.json - fi - ;; - vpcrouter) - [ "$NAME" == "" ] && NAME=vpcrouter - setup_vpcrouter - if [ -x /opt/cloud/bin/update_config.py ] - then - /opt/cloud/bin/update_config.py cmd_line.json - fi - ;; - dhcpsrvr) - [ "$NAME" == "" ] && NAME=dhcpsrvr - setup_dhcpsrvr - if [ -x /opt/cloud/bin/update_config.py ] - then - /opt/cloud/bin/update_config.py cmd_line.json - fi - ;; - secstorage) - [ "$NAME" == "" ] && NAME=secstorage - setup_secstorage $hyp; - ;; - consoleproxy) - [ "$NAME" == "" ] && NAME=consoleproxy - setup_console_proxy $hyp; - ;; - elbvm) - [ "$NAME" == "" ] && NAME=elb - setup_elbvm - ;; - ilbvm) - [ "$NAME" == "" ] && NAME=ilb - setup_ilbvm - ;; - unknown) - [ "$NAME" == "" ] && NAME=systemvm - setup_default; - ;; - esac - if [ "$hyp" == "hyperv" ]; then - # eject the systemvm.iso - eject + sync + sysctl -p + + log_it "Configuring systemvm type=$TYPE" + + if [ -f "/opt/cloud/bin/setup/$TYPE.sh" ]; then + /opt/cloud/bin/setup/$TYPE.sh + else + /opt/cloud/bin/setup/default.sh fi + + log_it "Finished setting up systemvm" + return 0 } -disable_hvc - -parse_cmd_line() { -CMDLINE=$(cat /var/cache/cloud/cmdline) -TYPE="unknown" -BOOTPROTO="static" -DISABLE_RP_FILTER="false" -STORAGE_IP="" -STORAGE_NETMASK="" -STORAGE_CIDR="" -VM_PASSWORD="" - -CHEF_TMP_FILE=/tmp/cmdline.json -COMMA="\t" -echo -e "{\n\"type\": \"cmdline\"," > ${CHEF_TMP_FILE} -echo -e "\n\"cmd_line\": {" >> ${CHEF_TMP_FILE} - -for i in $CMDLINE - do - # search for foo=bar pattern and cut out foo - KEY=$(echo $i | cut -d= -f1) - VALUE=$(echo $i | cut -d= -f2) - echo -en ${COMMA} >> ${CHEF_TMP_FILE} - # Two lines so values do not accidently interpretted as escapes!! - echo -n \"${KEY}\"': '\"${VALUE}\" >> ${CHEF_TMP_FILE} - COMMA=",\n\t" - case $KEY in - disable_rp_filter) - DISABLE_RP_FILTER=$VALUE - ;; - eth0ip) - ETH0_IP=$VALUE - ;; - eth1ip) - ETH1_IP=$VALUE - ;; - eth2ip) - ETH2_IP=$VALUE - ;; - host) - MGMT_HOST=$VALUE - ;; - gateway) - GW=$VALUE - ;; - ip6gateway) - IP6GW=$VALUE - ;; - eth0mask) - ETH0_MASK=$VALUE - ;; - eth1mask) - ETH1_MASK=$VALUE - ;; - eth2mask) - ETH2_MASK=$VALUE - ;; - eth0ip6) - ETH0_IP6=$VALUE - ;; - eth0ip6prelen) - ETH0_IP6_PRELEN=$VALUE - ;; - internaldns1) - internalNS1=$VALUE - ;; - internaldns2) - internalNS2=$VALUE - ;; - dns1) - NS1=$VALUE - ;; - dns2) - NS2=$VALUE - ;; - ip6dns1) - IP6_NS1=$VALUE - ;; - ip6dns2) - IP6_NS2=$VALUE - ;; - domain) - DOMAIN=$VALUE - ;; - dnssearchorder) - DNS_SEARCH_ORDER=$VALUE - ;; - useextdns) - USE_EXTERNAL_DNS=$VALUE - ;; - mgmtcidr) - MGMTNET=$VALUE - ;; - localgw) - LOCAL_GW=$VALUE - ;; - template) - TEMPLATE=$VALUE - ;; - sshonguest) - SSHONGUEST=$VALUE - ;; - name) - NAME=$VALUE - ;; - dhcprange) - DHCP_RANGE=$(echo $VALUE | tr ':' ',') - ;; - bootproto) - BOOTPROTO=$VALUE - ;; - type) - TYPE=$VALUE - ;; - defaultroute) - DEFAULTROUTE=$VALUE - ;; - redundant_router) - RROUTER=$VALUE - ;; - guestgw) - GUEST_GW=$VALUE - ;; - guestbrd) - GUEST_BRD=$VALUE - ;; - guestcidrsize) - GUEST_CIDR_SIZE=$VALUE - ;; - router_pr) - ROUTER_PR=$VALUE - ;; - extra_pubnics) - EXTRA_PUBNICS=$VALUE - ;; - nic_macs) - NIC_MACS=$VALUE - ;; - mtu) - MTU=$VALUE - ;; - storageip) - STORAGE_IP=$VALUE - ;; - storagenetmask) - STORAGE_NETMASK=$VALUE - ;; - storagecidr) - STORAGE_CIDR=$VALUE - ;; - vmpassword) - VM_PASSWORD=$VALUE - ;; - vpccidr) - VPCCIDR=$VALUE - ;; - cidrsize) - CIDR_SIZE=$VALUE - ;; - advert_int) - ADVERT_INT=$VALUE - ;; - ntpserverlist) - NTP_SERVER_LIST=$VALUE - ;; - esac -done -echo -e "\n\t}\n}" >> ${CHEF_TMP_FILE} -if [ "$TYPE" != "unknown" ] -then - mv ${CHEF_TMP_FILE} /var/cache/cloud/cmd_line.json -fi - -[ $ETH0_IP ] && LOCAL_ADDRS=$ETH0_IP -[ $ETH0_IP6 ] && LOCAL_ADDRS=$ETH0_IP6 -[ $ETH0_IP ] && [ $ETH0_IP6 ] && LOCAL_ADDRS="$ETH0_IP,$ETH0_IP6" -} - case "$1" in -start) + start) + log_action_begin_msg "Executing cloud-early-config" + log_it "Executing cloud-early-config" + if start; then + log_action_end_msg $? + else + log_action_end_msg $? + fi + ;; - log_action_begin_msg "Executing cloud-early-config" - log_it "Executing cloud-early-config" - if start; then - log_action_end_msg $? - else - log_action_end_msg $? - fi - ;; + stop) + log_action_begin_msg "Stopping cloud-early-config" + #Override old system's interface setting + setup_default; + log_action_end_msg 0 + ;; -stop) - log_action_begin_msg "Stopping cloud-early-config" - #Override old system's interface setting - setup_default; - log_action_end_msg 0 - ;; + force-reload|restart) + log_warning_msg "Running $0 is deprecated because it may not enable again some interfaces" + log_action_begin_msg "Executing cloud-early-config" + if start; then + log_action_end_msg $? + else + log_action_end_msg $? + fi + ;; -force-reload|restart) - - log_warning_msg "Running $0 is deprecated because it may not enable again some interfaces" - log_action_begin_msg "Executing cloud-early-config" - if start; then - log_action_end_msg $? - else - log_action_end_msg $? - fi - ;; - -*) - echo "Usage: /etc/init.d/cloud-early-config {start|stop}" - exit 1 - ;; + *) + echo "Usage: /etc/init.d/cloud-early-config {start|stop}" + exit 1 + ;; esac exit 0 diff --git a/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr b/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr index c089e72ebc8..05e2f37a336 100755 --- a/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr +++ b/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr @@ -24,9 +24,6 @@ # specific language governing permissions and limitations # under the License. -ENABLED=0 -[ -e /etc/default/cloud-passwd-srvr ] && . /etc/default/cloud-passwd-srvr - add_iptables_rules() { #Delete any old iptables rule for port 8080 on eth0 @@ -72,7 +69,6 @@ remove_iptables_rules() } start() { - [ "$ENABLED" != 0 ] || exit 0 pid=$(getpid) [ "$pid" != "" ] && echo "Password server is already running (pid=$pid)" && return 0 add_iptables_rules diff --git a/systemvm/patches/debian/config/etc/init.d/postinit b/systemvm/patches/debian/config/etc/init.d/postinit deleted file mode 100755 index ddbcb083f5e..00000000000 --- a/systemvm/patches/debian/config/etc/init.d/postinit +++ /dev/null @@ -1,176 +0,0 @@ -#!/bin/bash -e -### BEGIN INIT INFO -# Provides: postinit -# Required-Start: $local_fs cloud-early-config -# Required-Stop: $local_fs -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: post-init -### END INIT INFO - -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -replace_in_file() { - local filename=$1 - local keyname=$2 - local value=$3 - sed -i /$keyname=/d $filename - echo "$keyname=$value" >> $filename - return $? -} - -setup_secstorage() { - public_ip=$ETH2_IP - sed -i /$NAME/d /etc/hosts - echo "$public_ip $NAME" >> /etc/hosts - [ -f /etc/httpd/conf/httpd.conf ] && sed -i -e "s/^Listen.*:80$/Listen $public_ip:80/" /etc/httpd/conf/httpd.conf - [ -f /etc/httpd/conf/httpd.conf ] && sed -i -e "s/^Listen.*:443$/Listen $public_ip:443/" /etc/httpd/conf/httpd.conf -} - -setup_console_proxy() { - public_ip=$ETH2_IP - sed -i /$NAME/d /etc/hosts - echo "$public_ip $NAME" >> /etc/hosts -} - -setup_redundant_router() { - if [ "$RROUTER" != "1" ] - then - return 1 - fi - rrouter_bin_path="/ramdisk/rrouter" - eth2mac=`ip link show eth2 | awk '/ether/ {print $2}'` - sed -i "s/\[ETH2MAC\]/$eth2mac/g" $rrouter_bin_path/enable_pubip.sh -} - -start() { - case $TYPE in - secstorage) - [ "$NAME" == "" ] && NAME=secstorage - setup_secstorage; - ;; - consoleproxy) - [ "$NAME" == "" ] && NAME=consoleproxy - setup_console_proxy; - ;; - router) - [ "$NAME" == "" ] && NAME=router - setup_redundant_router; - ;; - - esac -} - -stop() { - echo "" -} - -status() { - echo "" -} - -CMDLINE=$(cat /var/cache/cloud/cmdline) -TYPE="router" -BOOTPROTO="static" - -for i in $CMDLINE - do - # search for foo=bar pattern and cut out foo - KEY=$(echo $i | cut -d= -f1) - VALUE=$(echo $i | cut -d= -f2) - case $KEY in - eth0ip) - ETH0_IP=$VALUE - ;; - eth1ip) - ETH1_IP=$VALUE - ;; - eth2ip) - ETH2_IP=$VALUE - ;; - gateway) - GW=$VALUE - ;; - eth0mask) - ETH0_MASK=$VALUE - ;; - eth1mask) - ETH1_MASK=$VALUE - ;; - eth2mask) - ETH2_MASK=$VALUE - ;; - dns1) - NS1=$VALUE - ;; - dns2) - NS2=$VALUE - ;; - domain) - DOMAIN=$VALUE - ;; - mgmtcidr) - MGMTNET=$VALUE - ;; - localgw) - LOCAL_GW=$VALUE - ;; - template) - TEMPLATE=$VALUE - ;; - name) - NAME=$VALUE - ;; - dhcprange) - DHCP_RANGE=$(echo $VALUE | tr ':' ',') - ;; - bootproto) - BOOTPROTO=$VALUE - ;; - type) - TYPE=$VALUE - ;; - redundant_router) - RROUTER=$VALUE - ;; - esac -done - -if [ "$BOOTPROTO" == "static" -a "$RROUTER" != "1" ] -then - exit 0 -fi - -ETH1_IP=$(ifconfig eth1|grep 'inet addr:'|cut -d : -f 2|cut -d \ -f 1) -ETH2_IP=$(ifconfig eth2|grep 'inet addr:'|cut -d : -f 2|cut -d \ -f 1) - - -case "$1" in - start) start - ;; - stop) stop - ;; - status) status - ;; - restart) stop - start - ;; - *) echo "Usage: $0 {start|stop|status|restart}" - exit 1 - ;; -esac diff --git a/systemvm/patches/debian/config/etc/rc.local b/systemvm/patches/debian/config/etc/rc.local index c0b19395ae7..bb4e251d437 100755 --- a/systemvm/patches/debian/config/etc/rc.local +++ b/systemvm/patches/debian/config/etc/rc.local @@ -18,37 +18,19 @@ #under the License. [ ! -f /var/cache/cloud/enabled_svcs ] && touch /var/cache/cloud/enabled_svcs -for svc in $(cat /var/cache/cloud/enabled_svcs) +for svc in $(cat /var/cache/cloud/enabled_svcs) do logger -t cloud "Starting $svc" - service $svc start + systemctl enable --now $svc done [ ! -f /var/cache/cloud/disabled_svcs ] && touch /var/cache/cloud/disabled_svcs -for svc in $(cat /var/cache/cloud/disabled_svcs) +for svc in $(cat /var/cache/cloud/disabled_svcs) do logger -t cloud "Stopping $svc" - service $svc stop + systemctl disable --now $svc done -CMDLINE=$(cat /var/cache/cloud/cmdline) -router=$(echo "$CMDLINE" | grep -o type=router) -vpcrouter=$(echo "$CMDLINE" | grep -o type=vpcrouter) - -if [ "$router" != "" ] || [ "$vpcrouter" != "" ] -then - echo 1000000 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max - echo 1000000 > /proc/sys/net/netfilter/nf_conntrack_max - echo 1000000 > /proc/sys/net/nf_conntrack_max -fi - -if [ "$router" != "" ] -then - python /opt/cloud/bin/baremetal-vr.py & -fi - -date > /var/cache/cloud/boot_up_done -logger -t cloud "Boot up process done" #Restore the persistent iptables nat, rules and filters for IPv4 and IPv6 if they exist ipv4="/etc/iptables/router_rules.v4" @@ -61,4 +43,36 @@ ipv6="/etc/iptables/router_rules.v6" if [ -e $ipv6 ] then iptables-restore < $ipv6 -fi \ No newline at end of file +fi + +date > /var/cache/cloud/boot_up_done +logger -t cloud "Boot up process done" + +CMDLINE=/var/cache/cloud/cmdline +for str in $(cat $CMDLINE) + do + KEY=$(echo $str | cut -d= -f1) + VALUE=$(echo $str | cut -d= -f2) + case $KEY in + type) + export TYPE=$VALUE + ;; + *) + ;; + esac +done + +if [ "$TYPE" == "router" ] +then + python /opt/cloud/bin/baremetal-vr.py & + logger -t cloud "Started baremetal-vr service" +fi + +if [ "$TYPE" == "router" ] || [ "$TYPE" == "vpcrouter" ] || [ "$TYPE" == "dhcpsrvr" ] +then + if [ -x /opt/cloud/bin/update_config.py ] + then + /opt/cloud/bin/update_config.py cmd_line.json + logger -t cloud "Updated config: cmd_line.json" + fi +fi diff --git a/systemvm/patches/debian/config/etc/sysctl.conf b/systemvm/patches/debian/config/etc/sysctl.conf index b8a8fe01bd9..91baa5d31ed 100644 --- a/systemvm/patches/debian/config/etc/sysctl.conf +++ b/systemvm/patches/debian/config/etc/sysctl.conf @@ -48,7 +48,6 @@ net.ipv4.tcp_syncookies = 1 # disable tcp time stamps net.ipv4.tcp_timestamps = 0 -net.ipv4.netfilter.ip_conntrack_max = 1000000 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_max_tw_buckets = 1000000 net.core.somaxconn = 65535 diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py index 7468cf56b94..afbf2dd1174 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py @@ -678,13 +678,13 @@ class CsRemoteAccessVpn(CsDataBag): self.remoteaccessvpn_iptables(public_ip, self.dbag[public_ip]) CsHelper.execute("ipsec update") - CsHelper.execute("service xl2tpd start") + CsHelper.execute("systemctl start xl2tpd") CsHelper.execute("ipsec rereadsecrets") else: logging.debug("Disabling remote access vpn .....") #disable remote access vpn CsHelper.execute("ipsec down L2TP-PSK") - CsHelper.execute("service xl2tpd stop") + CsHelper.execute("systemctl stop xl2tpd") def configure_l2tpIpsec(self, left, obj): diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py index 9762e04875a..496a0e7876a 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py @@ -49,7 +49,6 @@ class CsApache(CsApp): file.search("", "\t" % (self.ip)) file.search("Listen .*:80", "Listen %s:80" % (self.ip)) file.search("Listen .*:443", "Listen %s:443" % (self.ip)) - file.search("NameVirtualHost .*:80", "NameVirtualHost %s:80" % (self.ip)) file.search("ServerName.*", "\tServerName %s.%s" % (self.config.cl.get_type(), self.config.get_domain())) if file.is_changed(): file.commit() diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py index 4bd94df3bea..3c267a0aca1 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py @@ -70,8 +70,8 @@ class CsDhcp(CsDataBag): continue device = i['dev'] ip = i['ip'].split('/')[0] - sline = "dhcp-range=interface:%s,set:interface-%s-%s" % (device, device, idx) - line = "dhcp-range=interface:%s,set:interface-%s-%s,%s,static" % (device, device, idx, ip) + sline = "dhcp-range=set:interface-%s-%s" % (device, idx) + line = "dhcp-range=set:interface-%s-%s,%s,static" % (device, idx, ip) self.conf.search(sline, line) gn = CsGuestNetwork(device, self.config) sline = "dhcp-option=tag:interface-%s-%s,15" % (device, idx) diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py index d0e512ef0b6..7ff32ee6ad4 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py +++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py @@ -212,14 +212,14 @@ def execute2(command): def service(name, op): - execute("service %s %s" % (name, op)) + execute("systemctl %s %s" % (op, name)) logging.info("Service %s %s" % (name, op)) def start_if_stopped(name): - ret = execute2("service %s status" % name) + ret = execute2("systemctl is-active %s" % name) if ret.returncode: - execute2("service %s start" % name) + execute2("systemctl start %s" % name) def hup_dnsmasq(name, user): diff --git a/systemvm/patches/debian/config/opt/cloud/bin/dnsmasq.sh b/systemvm/patches/debian/config/opt/cloud/bin/dnsmasq.sh index 8fae25c5b5e..11c0ffe351b 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/dnsmasq.sh +++ b/systemvm/patches/debian/config/opt/cloud/bin/dnsmasq.sh @@ -111,7 +111,7 @@ echo -e "$dns_option" >> "$DHCP_CONFIG" #restart the dnsmasq -service dnsmasq restart +systemctl restart dnsmasq result=$? if [ "$result" -ne "0" ] then @@ -122,7 +122,7 @@ then cp "$DHCP_CONFIG_MAIN" "$DHCP_FAILURE_CONFIG_MAIN" cp "$DHCP_CONFIG_BAK" "$DHCP_CONFIG" cp "$DHCP_CONFIG_MAIN_BAK" "$DHCP_CONFIG_MAIN" - service dnsmasq restart + systemctl restart dnsmasq unlock_exit $result $lock $locked fi rm "$DHCP_CONFIG_BAK" diff --git a/systemvm/patches/debian/config/opt/cloud/bin/edithosts.sh b/systemvm/patches/debian/config/opt/cloud/bin/edithosts.sh index f0d9c00ddf4..ab3f539848d 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/edithosts.sh +++ b/systemvm/patches/debian/config/opt/cloud/bin/edithosts.sh @@ -215,7 +215,7 @@ then then kill -HUP $pid else - service dnsmasq restart + systemctl restart dnsmasq fi else if [ $no_redundant -eq 1 ] diff --git a/systemvm/patches/debian/config/opt/cloud/bin/ipsectunnel.sh b/systemvm/patches/debian/config/opt/cloud/bin/ipsectunnel.sh index e0af6a2d20f..20caec5e79c 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/ipsectunnel.sh +++ b/systemvm/patches/debian/config/opt/cloud/bin/ipsectunnel.sh @@ -29,15 +29,15 @@ usage() { #set -x start_ipsec() { - service ipsec status > /dev/null + systemctl is-active ipsec > /dev/null if [ $? -ne 0 ] then - service ipsec start > /dev/null + systemctl start ipsec > /dev/null #Wait until ipsec started, 5 seconds at most for i in {1..5} do logger -t cloud "$(basename $0): waiting ipsec start..." - service ipsec status > /dev/null + systemctl is-active ipsec > /dev/null result=$? if [ $result -eq 0 ] then @@ -46,7 +46,7 @@ start_ipsec() { sleep 1 done fi - service ipsec status > /dev/null + systemctl is-active ipsec > /dev/null return $? } @@ -139,36 +139,36 @@ ipsec_tunnel_add() { check_and_enable_iptables - sudo echo "conn vpn-$rightpeer" > $vpnconffile && - sudo echo " left=$leftpeer" >> $vpnconffile && - sudo echo " leftsubnet=$leftnet" >> $vpnconffile && - sudo echo " leftnexthop=$leftnexthop" >> $vpnconffile && - sudo echo " right=$rightpeer" >> $vpnconffile && - sudo echo " rightsubnets={$rightnets}" >> $vpnconffile && - sudo echo " type=tunnel" >> $vpnconffile && - sudo echo " authby=secret" >> $vpnconffile && - sudo echo " keyexchange=ike" >> $vpnconffile && - sudo echo " ike=$ikepolicy" >> $vpnconffile && - sudo echo " ikelifetime=${ikelifetime}s" >> $vpnconffile && - sudo echo " esp=$esppolicy" >> $vpnconffile && - sudo echo " salifetime=${esplifetime}s" >> $vpnconffile && - sudo echo " pfs=$pfs" >> $vpnconffile && - sudo echo " keyingtries=2" >> $vpnconffile && - sudo echo " auto=start" >> $vpnconffile && - sudo echo "$leftpeer $rightpeer: PSK \"$secret\"" > $vpnsecretsfile && - sudo chmod 0400 $vpnsecretsfile + sudo echo "conn vpn-$rightpeer" > $vpnconffile && + sudo echo " left=$leftpeer" >> $vpnconffile && + sudo echo " leftsubnet=$leftnet" >> $vpnconffile && + sudo echo " leftnexthop=$leftnexthop" >> $vpnconffile && + sudo echo " right=$rightpeer" >> $vpnconffile && + sudo echo " rightsubnets={$rightnets}" >> $vpnconffile && + sudo echo " type=tunnel" >> $vpnconffile && + sudo echo " authby=secret" >> $vpnconffile && + sudo echo " keyexchange=ike" >> $vpnconffile && + sudo echo " ike=$ikepolicy" >> $vpnconffile && + sudo echo " ikelifetime=${ikelifetime}s" >> $vpnconffile && + sudo echo " esp=$esppolicy" >> $vpnconffile && + sudo echo " salifetime=${esplifetime}s" >> $vpnconffile && + sudo echo " pfs=$pfs" >> $vpnconffile && + sudo echo " keyingtries=2" >> $vpnconffile && + sudo echo " auto=start" >> $vpnconffile && + sudo echo "$leftpeer $rightpeer: PSK \"$secret\"" > $vpnsecretsfile && + sudo chmod 0400 $vpnsecretsfile - if [ $dpd -ne 0 ] - then - sudo echo " dpddelay=30" >> $vpnconffile && - sudo echo " dpdtimeout=120" >> $vpnconffile && - sudo echo " dpdaction=restart" >> $vpnconffile - fi + if [ $dpd -ne 0 ] + then + sudo echo " dpddelay=30" >> $vpnconffile && + sudo echo " dpdtimeout=120" >> $vpnconffile && + sudo echo " dpdaction=restart" >> $vpnconffile + fi - enable_iptables_subnets + enable_iptables_subnets - sudo ipsec auto --rereadall - sudo ipsec auto --add vpn-$rightpeer + sudo ipsec auto --rereadall + sudo ipsec auto --add vpn-$rightpeer logger -t cloud "$(basename $0): done ipsec tunnel entry for right peer=$rightpeer right networks=$rightnets" diff --git a/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip b/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip index 5e15a19ad82..ce21b53832b 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip +++ b/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip @@ -16,9 +16,8 @@ # specific language governing permissions and limitations # under the License. -. /etc/default/cloud-passwd-srvr addr=$1; -while [ "$ENABLED" == "1" ] +while true do python /opt/cloud/bin/passwd_server_ip.py $addr >/dev/null 2>/dev/null rc=$? @@ -27,5 +26,4 @@ do logger -t cloud "Password server failed with error code $rc. Restarting it..." sleep 3 fi - . /etc/default/cloud-passwd-srvr done diff --git a/systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh b/systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh deleted file mode 100755 index 81a1b149b3f..00000000000 --- a/systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh +++ /dev/null @@ -1,262 +0,0 @@ -#/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -#set -x -logfile="/var/log/patchsystemvm.log" -# To use existing console proxy .zip-based package file -patch_console_proxy() { - local patchfile=$1 - local backupfolder="/tmp/.conf.backup" - if [ -f /usr/local/cloud/systemvm/conf/cloud.jks ]; then - rm -fr $backupfolder - mkdir -p $backupfolder - cp -r /usr/local/cloud/systemvm/conf/* $backupfolder/ - fi - rm /usr/local/cloud/systemvm -rf - mkdir -p /usr/local/cloud/systemvm - echo "All" | unzip $patchfile -d /usr/local/cloud/systemvm >$logfile 2>&1 - find /usr/local/cloud/systemvm/ -name \*.sh | xargs chmod 555 - if [ -f $backupfolder/cloud.jks ]; then - cp -r $backupfolder/* /usr/local/cloud/systemvm/conf/ - echo "Restored keystore file and certs using backup" >> $logfile - fi - rm -fr $backupfolder - return 0 -} - -consoleproxy_svcs() { - systemctl enable cloud - systemctl enable postinit - systemctl disable cloud-passwd-srvr - systemctl disable haproxy - systemctl disable dnsmasq - systemctl enable ssh - systemctl disable apache2 - systemctl disable nfs-common - systemctl disable portmap - systemctl disable keepalived - systemctl disable conntrackd - echo "cloud postinit ssh" > /var/cache/cloud/enabled_svcs - echo "cloud-passwd-srvr haproxy dnsmasq apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs - mkdir -p /var/log/cloud -} - -secstorage_svcs() { - systemctl enable cloud on - systemctl enable postinit on - systemctl disable cloud-passwd-srvr - systemctl disable haproxy - systemctl disable dnsmasq - systemctl enable portmap - systemctl enable nfs-common - systemctl enable ssh - systemctl disable apache2 - systemctl disable keepalived - systemctl disable conntrackd - echo "cloud postinit ssh nfs-common portmap" > /var/cache/cloud/enabled_svcs - echo "cloud-passwd-srvr haproxy dnsmasq" > /var/cache/cloud/disabled_svcs - mkdir -p /var/log/cloud -} - -routing_svcs() { - grep "redundant_router=1" /var/cache/cloud/cmdline > /dev/null - RROUTER=$? - systemctl disable cloud - systemctl disable haproxy - systemctl enable ssh - systemctl disable nfs-common - systemctl disable portmap - echo "ssh haproxy apache2" > /var/cache/cloud/enabled_svcs - echo "cloud nfs-common portmap" > /var/cache/cloud/disabled_svcs - if [ $RROUTER -eq 0 ] - then - systemctl disable dnsmasq - systemctl disable cloud-passwd-srvr - systemctl enable keepalived - systemctl enable conntrackd - systemctl enable postinit - echo "keepalived conntrackd postinit" >> /var/cache/cloud/enabled_svcs - echo "dnsmasq cloud-passwd-srvr" >> /var/cache/cloud/disabled_svcs - else - systemctl enable dnsmasq - systemctl enable cloud-passwd-srvr - systemctl disable keepalived - systemctl disable conntrackd - echo "dnsmasq cloud-passwd-srvr " >> /var/cache/cloud/enabled_svcs - echo "keepalived conntrackd " >> /var/cache/cloud/disabled_svcs - fi -} - -dhcpsrvr_svcs() { - systemctl disable cloud - systemctl enable cloud-passwd-srvr - systemctl disable haproxy - systemctl enable dnsmasq - systemctl enable ssh - systemctl disable nfs-common - systemctl disable portmap - systemctl disable keepalived - systemctl disable conntrackd - echo "ssh dnsmasq cloud-passwd-srvr apache2" > /var/cache/cloud/enabled_svcs - echo "cloud nfs-common haproxy portmap" > /var/cache/cloud/disabled_svcs -} - -elbvm_svcs() { - systemctl disable cloud - systemctl disable haproxy - systemctl enable ssh - systemctl disable nfs-common - systemctl disable portmap - systemctl disable keepalived - systemctl disable conntrackd - echo "ssh haproxy" > /var/cache/cloud/enabled_svcs - echo "cloud dnsmasq cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs -} - - -ilbvm_svcs() { - systemctl disable cloud - systemctl enable haproxy - systemctl enable ssh - systemctl disable nfs-common - systemctl disable portmap - systemctl disable keepalived - systemctl disable conntrackd - echo "ssh haproxy" > /var/cache/cloud/enabled_svcs - echo "cloud dnsmasq cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs -} - -enable_pcihotplug() { - sed -i -e "/acpiphp/d" /etc/modules - sed -i -e "/pci_hotplug/d" /etc/modules - echo acpiphp >> /etc/modules - echo pci_hotplug >> /etc/modules -} - -enable_serial_console() { - #sed -i -e "/^serial.*/d" /boot/grub/grub.conf - #sed -i -e "/^terminal.*/d" /boot/grub/grub.conf - #sed -i -e "/^default.*/a\serial --unit=0 --speed=115200 --parity=no --stop=1" /boot/grub/grub.conf - #sed -i -e "/^serial.*/a\terminal --timeout=0 serial console" /boot/grub/grub.conf - #sed -i -e "s/\(^kernel.* ro\) \(console.*\)/\1 console=tty0 console=ttyS0,115200n8/" /boot/grub/grub.conf - sed -i -e "/^s0:2345:respawn.*/d" /etc/inittab - sed -i -e "/6:23:respawn/a\s0:2345:respawn:/sbin/getty -L 115200 ttyS0 vt102" /etc/inittab -} - - -CMDLINE=$(cat /var/cache/cloud/cmdline) -TYPE="router" -PATCH_MOUNT=$1 -Hypervisor=$2 - -for i in $CMDLINE - do - # search for foo=bar pattern and cut out foo - KEY=$(echo $i | cut -d= -f1) - VALUE=$(echo $i | cut -d= -f2) - case $KEY in - type) - TYPE=$VALUE - ;; - *) - ;; - esac -done - -if [ "$TYPE" == "consoleproxy" ] || [ "$TYPE" == "secstorage" ] && [ -f ${PATCH_MOUNT}/systemvm.zip ] -then - patch_console_proxy ${PATCH_MOUNT}/systemvm.zip - if [ $? -gt 0 ] - then - printf "Failed to apply patch systemvm\n" >$logfile - exit 5 - fi -fi - - -#empty known hosts -echo "" > /root/.ssh/known_hosts - -if [ "$Hypervisor" == "kvm" ] -then - enable_pcihotplug - enable_serial_console -fi - -if [ "$TYPE" == "router" ] || [ "$TYPE" == "vpcrouter" ] -then - routing_svcs - if [ $? -gt 0 ] - then - printf "Failed to execute routing_svcs\n" >$logfile - exit 6 - fi -fi - -if [ "$TYPE" == "dhcpsrvr" ] -then - dhcpsrvr_svcs - if [ $? -gt 0 ] - then - printf "Failed to execute dhcpsrvr_svcs\n" >$logfile - exit 6 - fi -fi - - -if [ "$TYPE" == "consoleproxy" ] -then - consoleproxy_svcs - if [ $? -gt 0 ] - then - printf "Failed to execute consoleproxy_svcs\n" >$logfile - exit 7 - fi -fi - -if [ "$TYPE" == "secstorage" ] -then - secstorage_svcs - if [ $? -gt 0 ] - then - printf "Failed to execute secstorage_svcs\n" >$logfile - exit 8 - fi -fi - -if [ "$TYPE" == "elbvm" ] -then - elbvm_svcs - if [ $? -gt 0 ] - then - printf "Failed to execute elbvm svcs\n" >$logfile - exit 9 - fi -fi - -if [ "$TYPE" == "ilbvm" ] -then - ilbvm_svcs - if [ $? -gt 0 ] - then - printf "Failed to execute ilbvm svcs\n" >$logfile - exit 9 - fi -fi - -exit $? diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/common.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/common.sh new file mode 100755 index 00000000000..3b766efc389 --- /dev/null +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/common.sh @@ -0,0 +1,862 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" + +. /lib/lsb/init-functions + +log_it() { + echo "$(date) $@" >> /var/log/cloud.log + log_action_msg "$@" +} + +init_interfaces_orderby_macs() { + macs=( $(echo $1 | sed "s/|/ /g") ) + total_nics=${#macs[@]} + interface_file=${2:-"/etc/network/interfaces"} + rule_file=${3:-"/etc/udev/rules.d/70-persistent-net.rules"} + + echo -n "auto lo" > $interface_file + for((i=0; i> $interface_file + fi + done + cat >> $interface_file << EOF + +iface lo inet loopback + +EOF + + echo "" > $rule_file + for((i=0; i < ${#macs[@]}; i++)) + do + echo "SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", ATTR{address}==\"${macs[$i]}\", NAME=\"eth$i\"" >> $rule_file + done +} + +init_interfaces() { + if [ "$NIC_MACS" == "" ] + then + cat > /etc/network/interfaces << EOF +auto lo $1 $2 $3 +iface lo inet loopback + +EOF + else + init_interfaces_orderby_macs "$NIC_MACS" + fi +} + +setup_interface() { + local intfnum=$1 + local ip=$2 + local mask=$3 + local gw=$4 + local force=$5 + local intf=eth${intfnum} + local bootproto="static" + + if [ "$BOOTPROTO" == "dhcp" ] + then + if [ "$intfnum" != "0" ] + then + bootproto="dhcp" + fi + fi + + if [ "$ip" != "0.0.0.0" -a "$ip" != "" -o "$force" == "force" ] + then + echo "iface $intf inet $bootproto" >> /etc/network/interfaces + if [ "$bootproto" == "static" ] + then + echo " address $ip " >> /etc/network/interfaces + echo " netmask $mask" >> /etc/network/interfaces + fi + fi + + if [ "$ip" == "0.0.0.0" -o "$ip" == "" ] + then + ifconfig $intf down + fi + + if [ "$force" == "force" ] + then + ifdown $intf + else + ifdown $intf + if [ "$RROUTER" != "1" -o "$1" != "2" ] + then + ifup $intf + fi + fi +} + +setup_interface_ipv6() { + sysctl net.ipv6.conf.all.disable_ipv6=0 + sysctl net.ipv6.conf.all.forwarding=1 + sysctl net.ipv6.conf.all.accept_ra=1 + + sed -i "s/net.ipv6.conf.all.disable_ipv6 =.*$/net.ipv6.conf.all.disable_ipv6 = 0/" /etc/sysctl.conf + sed -i "s/net.ipv6.conf.all.forwarding =.*$/net.ipv6.conf.all.forwarding = 1/" /etc/sysctl.conf + sed -i "s/net.ipv6.conf.all.accept_ra =.*$/net.ipv6.conf.all.accept_ra = 1/" /etc/sysctl.conf + + local intfnum=$1 + local ipv6="$2" + local prelen="$3" + local intf=eth${intfnum} + + echo "iface $intf inet6 static" >> /etc/network/interfaces + echo " address $ipv6 " >> /etc/network/interfaces + echo " netmask $prelen" >> /etc/network/interfaces + echo " accept_ra 1" >> /etc/network/interfaces + ifdown $intf + ifup $intf +} + + +enable_fwding() { + local enabled=$1 + log_it "cloud: enable_fwding = $1" + log_it "enable_fwding = $1" + echo "$1" > /proc/sys/net/ipv4/ip_forward + [ -f /etc/iptables/iptables.conf ] && sed -i "s/ENABLE_ROUTING=.*$/ENABLE_ROUTING=$enabled/" /etc/iptables/iptables.conf && return +} + +disable_rpfilter() { + log_it "cloud: disable rp_filter" + log_it "disable rpfilter" + sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf +} + +get_public_vif_list() { + local vif_list="" + for i in /sys/class/net/eth*; do + vif=$(basename $i); + if [ "$vif" != "eth0" ] && [ "$vif" != "eth1" ] + then + vif_list="$vif_list $vif"; + fi + done + + echo $vif_list +} + +disable_rpfilter_domR() { + log_it "cloud: Tuning rp_filter on public interfaces" + + VIF_LIST=$(get_public_vif_list) + log_it "rpfilter public interfaces : $VIF_LIST" + if [ "$DISABLE_RP_FILTER" == "true" ] + then + log_it "cloud: disable rp_filter on public interfaces" + sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf + echo "0" > /proc/sys/net/ipv4/conf/default/rp_filter + for vif in $VIF_LIST; do + log_it "cloud: disable rp_filter on public interface: $vif" + sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 0/" /etc/sysctl.conf + echo "0" > /proc/sys/net/ipv4/conf/$vif/rp_filter + done + else + log_it "cloud: enable rp_filter on public interfaces" + sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 1/" /etc/sysctl.conf + echo "1" > /proc/sys/net/ipv4/conf/default/rp_filter + for vif in $VIF_LIST; do + log_it "cloud: enable rp_filter on public interface: $vif" + sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 1/" /etc/sysctl.conf + echo "1" > /proc/sys/net/ipv4/conf/$vif/rp_filter + done + fi + log_it "cloud: Enabling rp_filter on Non-public interfaces(eth0,eth1,lo)" + echo "1" > /proc/sys/net/ipv4/conf/eth0/rp_filter + echo "1" > /proc/sys/net/ipv4/conf/eth1/rp_filter + echo "1" > /proc/sys/net/ipv4/conf/lo/rp_filter +} + +enable_irqbalance() { + local enabled=$1 + local proc=0 + + proc=$(cat /proc/cpuinfo | grep "processor" | wc -l) + if [ $proc -le 1 ] && [ $enabled -eq 1 ] + then + enabled=0 + fi + + log_it "Processors = $proc Enable service ${svc} = $enabled" + local cfg=/etc/default/irqbalance + [ -f $cfg ] && sed -i "s/ENABLED=.*$/ENABLED=$enabled/" $cfg && return +} + +enable_vpc_rpsrfs() { + local enable=$1 + if [ $enable -eq 0 ] + then + echo 0 > /etc/rpsrfsenable + else + echo 1 > /etc/rpsrfsenable + fi + + return 0 +} + +enable_rpsrfs() { + local enable=$1 + + if [ $enable -eq 0 ] + then + echo 0 > /etc/rpsrfsenable + return 0 + fi + + if [ ! -f /sys/class/net/eth0/queues/rx-0/rps_cpus ] + then + echo "rps is not enabled in the kernel" + echo 0 > /etc/rpsrfsenable + return 0 + fi + + proc=$(cat /proc/cpuinfo | grep "processor" | wc -l) + if [ $proc -le 1 ] + then + echo 0 > /etc/rpsrfsenable + return 0; + fi + + echo 1 > /etc/rpsrfsenable + num=1 + num=$(($num<<$proc)) + num=$(($num-1)); + echo $num; + hex=$(printf "%x\n" $num) + echo $hex; + #enable rps + echo $hex > /sys/class/net/eth0/queues/rx-0/rps_cpus + echo $hex > /sys/class/net/eth2/queues/rx-0/rps_cpus + + #enble rfs + echo 256 > /proc/sys/net/core/rps_sock_flow_entries + echo 256 > /sys/class/net/eth0/queues/rx-0/rps_flow_cnt + echo 256 > /sys/class/net/eth2/queues/rx-0/rps_flow_cnt +} + +setup_common() { + init_interfaces $1 $2 $3 + if [ -n "$ETH0_IP" ] + then + setup_interface "0" $ETH0_IP $ETH0_MASK $GW + fi + if [ -n "$ETH0_IP6" ] + then + setup_interface_ipv6 "0" $ETH0_IP6 $ETH0_IP6_PRELEN + fi + setup_interface "1" $ETH1_IP $ETH1_MASK $GW + if [ -n "$ETH2_IP" ] + then + setup_interface "2" $ETH2_IP $ETH2_MASK $GW + fi + + echo $NAME > /etc/hostname + echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon + hostnamectl set-hostname $NAME + + #Nameserver + sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries + sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries + if [ -n "$internalNS1" ] + then + echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf + echo "nameserver $internalNS1" > /etc/resolv.conf + fi + + if [ -n "$internalNS2" ] + then + echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf + echo "nameserver $internalNS2" >> /etc/resolv.conf + fi + if [ -n "$NS1" ] + then + echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf + echo "nameserver $NS1" >> /etc/resolv.conf + fi + + if [ -n "$NS2" ] + then + echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf + echo "nameserver $NS2" >> /etc/resolv.conf + fi + + if [ -n "$IP6_NS1" ] + then + echo "nameserver $IP6_NS1" >> /etc/dnsmasq-resolv.conf + echo "nameserver $IP6_NS1" >> /etc/resolv.conf + fi + if [ -n "$IP6_NS2" ] + then + echo "nameserver $IP6_NS2" >> /etc/dnsmasq-resolv.conf + echo "nameserver $IP6_NS2" >> /etc/resolv.conf + fi + + if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ] + then + ip route add $MGMTNET via $LOCAL_GW dev eth1 + fi + + ip route delete default + if [ "$RROUTER" != "1" ] + then + gwdev=$3 + if [ -z "$gwdev" ] + then + gwdev="eth0" + fi + + ip route add default via $GW dev $gwdev + fi + + # a hacking way to activate vSwitch under VMware + ping -n -c 3 $GW & + if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ] + then + ping -n -c 3 $LOCAL_GW & + #This code is added to address ARP issue by pinging MGMT_GW + MGMT_GW=$(echo $MGMTNET | awk -F "." '{print $1"."$2"."$3".1"}') + ping -n -c 3 $MGMT_GW & + fi + + if [ "$HYPERVISOR" == "vmware" ]; then + ntpq -p &> /dev/null || vmware-toolbox-cmd timesync enable + fi +} + +setup_dnsmasq() { + log_it "Setting up dnsmasq" + + touch /etc/dhcpopts.txt + + [ -z $DHCP_RANGE ] && [ $ETH0_IP ] && DHCP_RANGE=$ETH0_IP + [ $ETH0_IP6 ] && DHCP_RANGE_IP6=$ETH0_IP6 + [ -z $DOMAIN ] && DOMAIN="cloudnine.internal" + #removing the dnsmasq multiple ranges config file. + rm /etc/dnsmasq.d/multiple_ranges.conf + + #get the template + cp /etc/dnsmasq.conf.tmpl /etc/dnsmasq.conf + + if [ -n "$DOMAIN" ] + then + #send domain name to dhcp clients + sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\"$DOMAIN\"/ /etc/dnsmasq.conf + #DNS server will append $DOMAIN to local queries + sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf + #answer all local domain queries + sed -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf + fi + + if [ -n "$DNS_SEARCH_ORDER" ] + then + sed -i -e "/^[#]*dhcp-option.*=119.*$/d" /etc/dnsmasq.conf + echo "dhcp-option-force=119,$DNS_SEARCH_ORDER" >> /etc/dnsmasq.conf + # set the domain search order as a space seprated list for option 15 + DNS_SEARCH_ORDER=$(echo $DNS_SEARCH_ORDER | sed 's/,/ /g') + #send domain name to dhcp clients + sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\""$DNS_SEARCH_ORDER"\"/ /etc/dnsmasq.conf + fi + + if [ $DHCP_RANGE ] + then + sed -i -e "s/^dhcp-range_ip4=.*$/dhcp-range=$DHCP_RANGE,static/" /etc/dnsmasq.conf + else + sed -i -e "s/^dhcp-range_ip4=.*$//" /etc/dnsmasq.conf + fi + if [ $DHCP_RANGE_IP6 ] + then + sed -i -e "s/^dhcp-range_ip6=.*$/dhcp-range=$DHCP_RANGE_IP6,static/" /etc/dnsmasq.conf + # For nondefault6 tagged host, don't send dns-server information + sed -i /nondefault6/d /etc/dnsmasq.conf + echo "dhcp-option=nondefault6,option6:dns-server" >> /etc/dnsmasq.conf + else + sed -i -e "s/^dhcp-range_ip6=.*$//" /etc/dnsmasq.conf + fi + + if [ "$RROUTER" == "1" ] + then + DEFAULT_GW=$GUEST_GW + INTERNAL_DNS=$GUEST_GW + else + if [ "$TYPE" == "dhcpsrvr" ] + then + DEFAULT_GW=$GW + else + DEFAULT_GW=$ETH0_IP + fi + INTERNAL_DNS=$ETH0_IP + fi + sed -i -e "/^[#]*dhcp-option=option:router.*$/d" /etc/dnsmasq.conf + [ $DEFAULT_GW ] && echo "dhcp-option=option:router,$DEFAULT_GW" >> /etc/dnsmasq.conf + + [ $ETH0_IP ] && [ $NS1 ] && NS="$NS1," + [ $ETH0_IP ] && [ $NS2 ] && NS="$NS$NS2," + [ $ETH0_IP6 ] && [ $IP6_NS1 ] && NS6="[$IP6_NS1]," + [ $ETH0_IP6 ] && [ $IP6_NS2 ] && NS6="$NS6[$IP6_NS2]," + #for now set up ourself as the dns server as well + sed -i -e "/^[#]*dhcp-option=6,.*$/d" /etc/dnsmasq.conf + sed -i -e "/^[#]*dhcp-option=option6:dns-server,.*$/d" /etc/dnsmasq.conf + if [ "$USE_EXTERNAL_DNS" != "true" ] + then + [ $ETH0_IP ] && NS="$INTERNAL_DNS,$NS" + [ $ETH0_IP6 ] && NS6="[::],$NS6" + # enable dns + sed -i -e "/^[#]*port=.*$/d" /etc/dnsmasq.conf + else + # disable dns + sed -i -e "/^[#]*port=.*$/d" /etc/dnsmasq.conf + echo "port=0" >> /etc/dnsmasq.conf + fi + NS=${NS%?} + NS6=${NS6%?} + [ $ETH0_IP ] && echo "dhcp-option=6,$NS" >> /etc/dnsmasq.conf + [ $ETH0_IP6 ] && echo "dhcp-option=option6:dns-server,$NS6" >> /etc/dnsmasq.conf + #adding the name data-server to the /etc/hosts for allowing the access to user-data service and ssh-key reset in every subnet. + #removing the existing entires to avoid duplicates on restarts. + sed -i '/data-server/d' /etc/hosts + if [ -n "$ETH0_IP" ] + then + echo "$ETH0_IP data-server" >> /etc/hosts + fi + if [ -n "$ETH0_IP6" ] + then + echo "$ETH0_IP6 data-server" >> /etc/hosts + fi + #add the dhcp-client-update only if dnsmasq version is 2.6 and above + dnsmasqVersion=$(dnsmasq -v | grep version -m 1 | grep -o "[[:digit:]]\.[[:digit:]]") + major=$(echo "$dnsmasqVersion" | cut -d '.' -f 1) + minor=$(echo "$dnsmasqVersion" | cut -d '.' -f 2) + if [ "$major" -eq '2' -a "$minor" -ge '6' ] || [ "$major" -gt '2' ] + then + sed -i -e "/^dhcp-client-update/d" /etc/dnsmasq.conf + echo 'dhcp-client-update' >> /etc/dnsmasq.conf + fi + + command -v dhcp_release > /dev/null 2>&1 + no_dhcp_release=$? + if [ $no_dhcp_release -eq 0 -a -z "$ETH0_IP6" ] + then + echo 1 > /var/cache/cloud/dnsmasq_managed_lease + sed -i -e "/^leasefile-ro/d" /etc/dnsmasq.conf + else + echo 0 > /var/cache/cloud/dnsmasq_managed_lease + fi +} + +setup_sshd(){ + local ip=$1 + local eth=$2 + [ -f /etc/ssh/sshd_config ] && sed -i -e "s/^[#]*ListenAddress.*$/ListenAddress $ip/" /etc/ssh/sshd_config + sed -i "/3922/s/eth./$eth/" /etc/iptables/rules.v4 + sed -i "/3922/s/eth./$eth/" /etc/iptables/rules +} + +setup_vpc_apache2() { + log_it "Setting up apache web server for VPC" + systemctl disable apache2 + clean_ipalias_config + setup_apache2_common +} + +clean_ipalias_config() { + # Old + rm -f /etc/apache2/conf.d/ports.*.meta-data.conf + rm -f /etc/apache2/sites-available/ipAlias* + rm -f /etc/apache2/sites-enabled/ipAlias* + rm -f /etc/apache2/conf.d/vhost*.conf + rm -f /etc/apache2/ports.conf + rm -f /etc/apache2/vhostexample.conf + rm -f /etc/apache2/sites-available/default + rm -f /etc/apache2/sites-available/default-ssl + rm -f /etc/apache2/sites-enabled/default + rm -f /etc/apache2/sites-enabled/default-ssl + + # New + rm -f /etc/apache2/sites-enabled/vhost-*.conf + rm -f /etc/apache2/sites-enabled/000-default + + rm -rf /etc/failure_config +} + +setup_apache2_common() { + sed -i 's/^Include ports.conf.*/# CS: Done by Python CsApp config\n#Include ports.conf/g' /etc/apache2/apache2.conf + [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerTokens .*/ServerTokens Prod/g" /etc/apache2/conf.d/security + [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerSignature .*/ServerSignature Off/g" /etc/apache2/conf.d/security + + # Disable listing of http://SSVM-IP/icons folder for security issue. see article http://www.i-lateral.com/tutorials/disabling-the-icons-folder-on-an-ubuntu-web-server/ + [ -f /etc/apache2/mods-available/alias.conf ] && sed -i s/"Options Indexes MultiViews"/"Options -Indexes MultiViews"/ /etc/apache2/mods-available/alias.conf + + echo "Options -Indexes" > /var/www/html/.htaccess +} + +setup_apache2() { + log_it "Setting up apache web server" + clean_ipalias_config + setup_apache2_common + local ip=$1 +} + +setup_aesni() { + if [ `grep aes /proc/cpuinfo | wc -l` -gt 0 ] + then + modprobe aesni_intel + fi +} + +setup_storage_network() { + if [ x"$STORAGE_IP" == "x" -o x"$STORAGE_NETMASK" == "x" ] + then + log_it "Incompleted parameters STORAGE_IP:$STORAGE_IP, STORAGE_NETMASK:$STORAGE_NETMASK, STORAGE_CIDR:$STORAGE_CIDR. Cannot setup storage network" + return + fi + + echo "" >> /etc/network/interfaces + echo "auto eth3" >> /etc/network/interfaces + + setup_interface "3" "$STORAGE_IP" "$STORAGE_NETMASK" + [ -n "$MTU" ] && ifconfig eth3 mtu $MTU && echo " mtu $MTU" >> /etc/network/interfaces + #ip route add "$STORAGE_CIDR" via "$STORAGE_IP" + log_it "Successfully setup storage network with STORAGE_IP:$STORAGE_IP, STORAGE_NETMASK:$STORAGE_NETMASK, STORAGE_CIDR:$STORAGE_CIDR" +} + +setup_system_rfc1918_internal() { + public_ip=`getPublicIp` + echo "$public_ip" | grep -E "^((127\.)|(10\.)|(172\.1[6-9]\.)|(172\.2[0-9]\.)|(172\.3[0-1]\.)|(192\.168\.))" + if [ "$?" == "0" ]; then + log_it "Not setting up route of RFC1918 space to $LOCAL_GW befause $public_ip is RFC1918." + else + log_it "Setting up route of RFC1918 space to $LOCAL_GW" + # Setup general route for RFC 1918 space, as otherwise it will be sent to + # the public gateway and not work + # More specific routes that may be set have preference over this generic route. + ip route add 10.0.0.0/8 via $LOCAL_GW + ip route add 172.16.0.0/12 via $LOCAL_GW + ip route add 192.168.0.0/16 via $LOCAL_GW + fi +} + +getPublicIp() { + public_ip=$ETH2_IP + [ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH1_IP + echo $public_ip +} + +setup_ntp() { + log_it "Setting up NTP" + NTP_CONF_FILE="/etc/ntp.conf" + if [ -f $NTP_CONF_FILE ] + then + IFS=',' read -a server_list <<< "$NTP_SERVER_LIST" + for (( iterator=${#server_list[@]}-1 ; iterator>=0 ; iterator-- )) + do + server=$(echo ${server_list[iterator]} | tr -d '\r') + PATTERN="server $server" + if grep -q "^$PATTERN$" $NTP_CONF_FILE ; then + sed -i "/^$PATTERN$/d" $NTP_CONF_FILE + fi + sed -i "0,/^server/s//$PATTERN\nserver/" $NTP_CONF_FILE + done + systemctl enable ntp + else + log_it "NTP configuration file not found" + fi +} + +routing_svcs() { + systemctl disable --now cloud + systemctl disable --now nfs-common + systemctl disable --now portmap + systemctl enable apache2 + systemctl enable haproxy + systemctl enable ssh + echo "ssh haproxy apache2" > /var/cache/cloud/enabled_svcs + echo "cloud nfs-common portmap" > /var/cache/cloud/disabled_svcs + if [ $RROUTER -eq 1 ] + then + systemctl disable --now cloud-passwd-srvr + systemctl disable --now dnsmasq + systemctl enable conntrackd + systemctl enable keepalived + echo "keepalived conntrackd" >> /var/cache/cloud/enabled_svcs + echo "dnsmasq cloud-passwd-srvr" >> /var/cache/cloud/disabled_svcs + else + systemctl disable --now conntrackd + systemctl disable --now keepalived + systemctl enable cloud-passwd-srvr + systemctl enable dnsmasq + echo "dnsmasq cloud-passwd-srvr " >> /var/cache/cloud/enabled_svcs + echo "keepalived conntrackd " >> /var/cache/cloud/disabled_svcs + fi +} + +setup_redundant_router() { + rrouter_bin_path="/ramdisk/rrouter" + rrouter_log="/ramdisk/rrouter/keepalived.log" + rrouter_bin_path_str="\/ramdisk\/rrouter" + rrouter_log_str="\/ramdisk\/rrouter\/keepalived.log" + mkdir -p /ramdisk + mount tmpfs /ramdisk -t tmpfs + mkdir -p /ramdisk/rrouter + ip route delete default + cp /root/redundant_router/keepalived.conf.templ /etc/keepalived/keepalived.conf + cp /root/redundant_router/conntrackd.conf.templ /etc/conntrackd/conntrackd.conf + cp /root/redundant_router/enable_pubip.sh.templ $rrouter_bin_path/enable_pubip.sh + cp /root/redundant_router/master.sh.templ $rrouter_bin_path/master.sh + cp /root/redundant_router/backup.sh.templ $rrouter_bin_path/backup.sh + cp /root/redundant_router/fault.sh.templ $rrouter_bin_path/fault.sh + cp /root/redundant_router/primary-backup.sh.templ $rrouter_bin_path/primary-backup.sh + cp /root/redundant_router/heartbeat.sh.templ $rrouter_bin_path/heartbeat.sh + cp /root/redundant_router/check_heartbeat.sh.templ $rrouter_bin_path/check_heartbeat.sh + cp /root/redundant_router/arping_gateways.sh.templ $rrouter_bin_path/arping_gateways.sh + cp /root/redundant_router/check_bumpup.sh $rrouter_bin_path/ + cp /root/redundant_router/disable_pubip.sh $rrouter_bin_path/ + cp /root/redundant_router/checkrouter.sh.templ /opt/cloud/bin/checkrouter.sh + cp /root/redundant_router/services.sh $rrouter_bin_path/ + sed -i "s/\[ROUTER_ID\]/$NAME/g" /etc/keepalived/keepalived.conf + sed -i "s/\[ROUTER_IP\]/$GUEST_GW\/$GUEST_CIDR_SIZE/g" /etc/keepalived/keepalived.conf + sed -i "s/\[BOARDCAST\]/$GUEST_BRD/g" /etc/keepalived/keepalived.conf + sed -i "s/\[PRIORITY\]/$ROUTER_PR/g" /etc/keepalived/keepalived.conf + sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" /etc/keepalived/keepalived.conf + sed -i "s/\[DELTA\]/2/g" /etc/keepalived/keepalived.conf + sed -i "s/\[LINK_IF\]/eth0/g" /etc/conntrackd/conntrackd.conf + sed -i "s/\[LINK_IP\]/$ETH0_IP/g" /etc/conntrackd/conntrackd.conf + sed -i "s/\[IGNORE_IP1\]/$GUEST_GW/g" /etc/conntrackd/conntrackd.conf + sed -i "s/\[IGNORE_IP2\]/$ETH0_IP/g" /etc/conntrackd/conntrackd.conf + sed -i "s/\[IGNORE_IP3\]/$ETH1_IP/g" /etc/conntrackd/conntrackd.conf + sed -i "s/\[ETH2IP\]/$ETH2_IP/g" $rrouter_bin_path/enable_pubip.sh + sed -i "s/\[ETH2MASK\]/$ETH2_MASK/g" $rrouter_bin_path/enable_pubip.sh + sed -i "s/\[GATEWAY\]/$GW/g" $rrouter_bin_path/enable_pubip.sh + sed -i "s/\[GATEWAY\]/$GW/g" $rrouter_bin_path/master.sh + sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/master.sh + sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/backup.sh + sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/fault.sh + sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/heartbeat.sh + sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/check_heartbeat.sh + sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/master.sh + sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/backup.sh + sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/fault.sh + sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/primary-backup.sh + sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/check_heartbeat.sh + sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/arping_gateways.sh + sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" /opt/cloud/bin/checkrouter.sh + if [ $ADVERT_INT ] + then + sed -i "s/advert_int 1/advert_int $ADVERT_INT/g" /etc/keepalived/keepalived.conf + fi + chmod a+x $rrouter_bin_path/*.sh + sed -i "s/--exec\ \$DAEMON;/--exec\ \$DAEMON\ --\ --vrrp;/g" /etc/init.d/keepalived + crontab -l|grep "check_heartbeat.sh" + if [ $? -ne 0 ] + then + (crontab -l; echo -e "SHELL=/bin/bash\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n*/1 * * * * $rrouter_bin_path/check_heartbeat.sh 2>&1 > /dev/null") | crontab + fi +} + +parse_cmd_line() { + CMDLINE=$(cat /var/cache/cloud/cmdline) + TYPE="unknown" + BOOTPROTO="static" + DISABLE_RP_FILTER="false" + STORAGE_IP="" + STORAGE_NETMASK="" + STORAGE_CIDR="" + VM_PASSWORD="" + + CHEF_TMP_FILE=/tmp/cmdline.json + COMMA="\t" + echo -e "{\n\"type\": \"cmdline\"," > ${CHEF_TMP_FILE} + echo -e "\"cmd_line\": {" >> ${CHEF_TMP_FILE} + + for i in $CMDLINE + do + # search for foo=bar pattern and cut out foo + KEY=$(echo $i | cut -d= -f1) + VALUE=$(echo $i | cut -d= -f2) + echo -en ${COMMA} >> ${CHEF_TMP_FILE} + # Two lines so values do not accidently interpretted as escapes!! + echo -n \"${KEY}\"': '\"${VALUE}\" >> ${CHEF_TMP_FILE} + COMMA=",\n\t" + case $KEY in + disable_rp_filter) + export DISABLE_RP_FILTER=$VALUE + ;; + eth0ip) + export ETH0_IP=$VALUE + ;; + eth1ip) + export ETH1_IP=$VALUE + ;; + eth2ip) + export ETH2_IP=$VALUE + ;; + host) + export MGMT_HOST=$VALUE + ;; + gateway) + export GW=$VALUE + ;; + ip6gateway) + export IP6GW=$VALUE + ;; + eth0mask) + export ETH0_MASK=$VALUE + ;; + eth1mask) + export ETH1_MASK=$VALUE + ;; + eth2mask) + export ETH2_MASK=$VALUE + ;; + eth0ip6) + export ETH0_IP6=$VALUE + ;; + eth0ip6prelen) + export ETH0_IP6_PRELEN=$VALUE + ;; + internaldns1) + export internalNS1=$VALUE + ;; + internaldns2) + export internalNS2=$VALUE + ;; + dns1) + export NS1=$VALUE + ;; + dns2) + export NS2=$VALUE + ;; + ip6dns1) + export IP6_NS1=$VALUE + ;; + ip6dns2) + export IP6_NS2=$VALUE + ;; + domain) + export DOMAIN=$VALUE + ;; + dnssearchorder) + export DNS_SEARCH_ORDER=$VALUE + ;; + useextdns) + export USE_EXTERNAL_DNS=$VALUE + ;; + mgmtcidr) + export MGMTNET=$VALUE + ;; + localgw) + export LOCAL_GW=$VALUE + ;; + template) + export TEMPLATE=$VALUE + ;; + sshonguest) + export SSHONGUEST=$VALUE + ;; + name) + export NAME=$VALUE + ;; + dhcprange) + export DHCP_RANGE=$(echo $VALUE | tr ':' ',') + ;; + bootproto) + export BOOTPROTO=$VALUE + ;; + type) + export TYPE=$VALUE + ;; + defaultroute) + export DEFAULTROUTE=$VALUE + ;; + redundant_router) + export RROUTER=$VALUE + ;; + guestgw) + export GUEST_GW=$VALUE + ;; + guestbrd) + export GUEST_BRD=$VALUE + ;; + guestcidrsize) + export GUEST_CIDR_SIZE=$VALUE + ;; + router_pr) + export ROUTER_PR=$VALUE + ;; + extra_pubnics) + export EXTRA_PUBNICS=$VALUE + ;; + nic_macs) + export NIC_MACS=$VALUE + ;; + mtu) + export MTU=$VALUE + ;; + storageip) + export STORAGE_IP=$VALUE + ;; + storagenetmask) + export STORAGE_NETMASK=$VALUE + ;; + storagecidr) + export STORAGE_CIDR=$VALUE + ;; + vmpassword) + export VM_PASSWORD=$VALUE + ;; + vpccidr) + export VPCCIDR=$VALUE + ;; + cidrsize) + export CIDR_SIZE=$VALUE + ;; + advert_int) + export ADVERT_INT=$VALUE + ;; + ntpserverlist) + export NTP_SERVER_LIST=$VALUE + ;; + esac + done + echo -e "\n\t}\n}" >> ${CHEF_TMP_FILE} + if [ "$TYPE" != "unknown" ] + then + mv ${CHEF_TMP_FILE} /var/cache/cloud/cmd_line.json + fi + + [ $ETH0_IP ] && export LOCAL_ADDRS=$ETH0_IP + [ $ETH0_IP6 ] && export LOCAL_ADDRS=$ETH0_IP6 + [ $ETH0_IP ] && [ $ETH0_IP6 ] && export LOCAL_ADDRS="$ETH0_IP,$ETH0_IP6" + + # Randomize cloud password so only ssh login is allowed + echo "cloud:`openssl rand -base64 32`" | chpasswd + + if [ x"$VM_PASSWORD" != x"" ] + then + echo "root:$VM_PASSWORD" | chpasswd + fi +} + +parse_cmd_line diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/consoleproxy.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/consoleproxy.sh new file mode 100755 index 00000000000..36c1fa41115 --- /dev/null +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/consoleproxy.sh @@ -0,0 +1,61 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +. /opt/cloud/bin/setup/common.sh + +consoleproxy_svcs() { + echo "cloud ssh" > /var/cache/cloud/enabled_svcs + echo "cloud-passwd-srvr haproxy dnsmasq apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs + mkdir -p /var/log/cloud +} + +setup_console_proxy() { + log_it "Setting up console proxy system vm" + setup_common eth0 eth1 eth2 + setup_system_rfc1918_internal + + log_it "Setting up entry in hosts" + sed -i /$NAME/d /etc/hosts + public_ip=`getPublicIp` + echo "$public_ip $NAME" >> /etc/hosts + + log_it "Applying iptables rules" + cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules.v4 + cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules + + log_it "Configuring sshd" + local hyp=$HYPERVISOR + if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ]; then + setup_sshd $ETH1_IP "eth1" + else + setup_sshd $ETH0_IP "eth0" + fi + + disable_rpfilter + enable_fwding 0 + enable_irqbalance 0 + rm -f /etc/logrotate.d/cloud +} + +consoleproxy_svcs +if [ $? -gt 0 ] +then + log_it "Failed to execute consoleproxy_svcs" + exit 1 +fi +setup_console_proxy diff --git a/systemvm/patches/debian/config/etc/default/cloud b/systemvm/patches/debian/config/opt/cloud/bin/setup/default.sh old mode 100644 new mode 100755 similarity index 78% rename from systemvm/patches/debian/config/etc/default/cloud rename to systemvm/patches/debian/config/opt/cloud/bin/setup/default.sh index 0b85c63f71e..4272e645d41 --- a/systemvm/patches/debian/config/etc/default/cloud +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/default.sh @@ -1,3 +1,4 @@ +#!/bin/bash # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information @@ -15,5 +16,14 @@ # specific language governing permissions and limitations # under the License. -#set ENABLED to 1 if you want the init script to start the password server -ENABLED=0 +. /opt/cloud/bin/setup/common.sh + +setup_default() { + cat > /etc/network/interfaces << EOF +auto lo +iface lo inet loopback +EOF + cp -f /etc/iptables/rt_tables_init /etc/iproute2/rt_tables +} + +setup_default diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/dhcpsrvr.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/dhcpsrvr.sh new file mode 100755 index 00000000000..1e28ab45857 --- /dev/null +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/dhcpsrvr.sh @@ -0,0 +1,62 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +. /opt/cloud/bin/setup/common.sh + +dhcpsrvr_svcs() { + echo "ssh dnsmasq cloud-passwd-srvr apache2" > /var/cache/cloud/enabled_svcs + echo "cloud nfs-common conntrackd keepalived haproxy portmap" > /var/cache/cloud/disabled_svcs +} + +setup_dhcpsrvr() { + log_it "Setting up dhcp server system vm" + setup_common eth0 eth1 + setup_dnsmasq + setup_apache2 $ETH0_IP + + sed -i /$NAME/d /etc/hosts + [ $ETH0_IP ] && echo "$ETH0_IP $NAME" >> /etc/hosts + [ $ETH0_IP6 ] && echo "$ETH0_IP6 $NAME" >> /etc/hosts + + enable_irqbalance 0 + enable_fwding 0 + + cp /etc/iptables/iptables-router /etc/iptables/rules.v4 + cp /etc/iptables/iptables-router /etc/iptables/rules + + #Only allow DNS service for current network + sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4 + sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules + sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4 + sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules + + if [ "$SSHONGUEST" == "true" ] + then + setup_sshd $ETH0_IP "eth0" + else + setup_sshd $ETH1_IP "eth1" + fi +} + +dhcpsrvr_svcs +if [ $? -gt 0 ] +then + log_it "Failed to execute dhcpsrvr_svcs" + exit 1 +fi +setup_dhcpsrvr diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/elbvm.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/elbvm.sh new file mode 100755 index 00000000000..23a2607ff99 --- /dev/null +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/elbvm.sh @@ -0,0 +1,53 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +. /opt/cloud/bin/setup/common.sh + +elbvm_svcs() { + echo "ssh haproxy" > /var/cache/cloud/enabled_svcs + echo "cloud dnsmasq conntrackd keepalived cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs +} + +setup_elbvm() { + log_it "Setting up Elastic Load Balancer system vm" + setup_common eth0 eth1 + sed -i /$NAME/d /etc/hosts + public_ip=$ETH2_IP + [ "$ETH2_IP" == "0.0.0.0" ] || [ "$ETH2_IP" == "" ] && public_ip=$ETH0_IP + echo "$public_ip $NAME" >> /etc/hosts + + cp /etc/iptables/iptables-elbvm /etc/iptables/rules.v4 + cp /etc/iptables/iptables-elbvm /etc/iptables/rules + if [ "$SSHONGUEST" == "true" ] + then + setup_sshd $ETH0_IP "eth0" + else + setup_sshd $ETH1_IP "eth1" + fi + + enable_fwding 0 + enable_irqbalance 0 +} + +elbvm_svcs +if [ $? -gt 0 ] +then + log_it "Failed to execute elbvm svcs" + exit 1 +fi +setup_elbvm diff --git a/systemvm/patches/debian/config/etc/default/cloud-passwd-srvr b/systemvm/patches/debian/config/opt/cloud/bin/setup/ilbvm.sh old mode 100644 new mode 100755 similarity index 51% rename from systemvm/patches/debian/config/etc/default/cloud-passwd-srvr rename to systemvm/patches/debian/config/opt/cloud/bin/setup/ilbvm.sh index 0b85c63f71e..4cd599f59d7 --- a/systemvm/patches/debian/config/etc/default/cloud-passwd-srvr +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/ilbvm.sh @@ -1,3 +1,4 @@ +#!/bin/bash # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information @@ -15,5 +16,33 @@ # specific language governing permissions and limitations # under the License. -#set ENABLED to 1 if you want the init script to start the password server -ENABLED=0 +. /opt/cloud/bin/setup/common.sh + +ilbvm_svcs() { + echo "ssh haproxy" > /var/cache/cloud/enabled_svcs + echo "cloud dnsmasq conntrackd keepalived cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs +} + +setup_ilbvm() { + log_it "Setting up Internal Load Balancer system vm" + setup_common eth0 eth1 + #eth0 = guest network, eth1=control network + + sed -i /$NAME/d /etc/hosts + echo "$ETH0_IP $NAME" >> /etc/hosts + + cp /etc/iptables/iptables-ilbvm /etc/iptables/rules.v4 + cp /etc/iptables/iptables-ilbvm /etc/iptables/rules + setup_sshd $ETH1_IP "eth1" + + enable_fwding 0 + enable_irqbalance 1 +} + +ilbvm_svcs +if [ $? -gt 0 ] +then + log_it "Failed to execute ilbvm svcs" + exit 1 +fi +setup_ilbvm diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/patchsystemvm.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/patchsystemvm.sh new file mode 100755 index 00000000000..43c3c927e4f --- /dev/null +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/patchsystemvm.sh @@ -0,0 +1,57 @@ +#/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +#set -x +logfile="/var/log/patchsystemvm.log" + +# To use existing console proxy .zip-based package file +patch_systemvm() { + local patchfile=$1 + local backupfolder="/tmp/.conf.backup" + if [ -f /usr/local/cloud/systemvm/conf/cloud.jks ]; then + rm -fr $backupfolder + mkdir -p $backupfolder + cp -r /usr/local/cloud/systemvm/conf/* $backupfolder/ + fi + rm /usr/local/cloud/systemvm -rf + mkdir -p /usr/local/cloud/systemvm + echo "All" | unzip $patchfile -d /usr/local/cloud/systemvm >$logfile 2>&1 + find /usr/local/cloud/systemvm/ -name \*.sh | xargs chmod 555 + if [ -f $backupfolder/cloud.jks ]; then + cp -r $backupfolder/* /usr/local/cloud/systemvm/conf/ + echo "Restored keystore file and certs using backup" >> $logfile + fi + rm -fr $backupfolder + return 0 +} + +CMDLINE=/var/cache/cloud/cmdline +PATCH_MOUNT=$1 +TYPE=$2 + +echo "Patching systemvm for cloud service with mount=$PATCH_MOUNT for type=$TYPE" >> $logfile + +if [ "$TYPE" == "consoleproxy" ] || [ "$TYPE" == "secstorage" ] && [ -f ${PATCH_MOUNT}/systemvm.zip ] +then + patch_systemvm ${PATCH_MOUNT}/systemvm.zip + if [ $? -gt 0 ] + then + echo "Failed to apply patch systemvm\n" >> $logfile + exit 1 + fi +fi diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/router.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/router.sh new file mode 100755 index 00000000000..d9fadfef4b1 --- /dev/null +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/router.sh @@ -0,0 +1,106 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +. /opt/cloud/bin/setup/common.sh + +setup_router() { + log_it "Setting up virtual router system vm" + + #To save router public interface and gw ip information + touch /var/cache/cloud/ifaceGwIp + + oldmd5= + [ -f "/etc/udev/rules.d/70-persistent-net.rules" ] && oldmd5=$(md5sum "/etc/udev/rules.d/70-persistent-net.rules" | awk '{print $1}') + + if [ -n "$ETH2_IP" ] + then + setup_common eth0 eth1 eth2 + + if [ -n "$EXTRA_PUBNICS" ] + then + for((i = 3; i < 3 + $EXTRA_PUBNICS; i++)) + do + setup_interface "$i" "0.0.0.0" "255.255.255.255" $GW "force" + done + fi + else + setup_common eth0 eth1 + if [ -n "$EXTRA_PUBNICS" ] + then + for((i = 2; i < 2 + $EXTRA_PUBNICS; i++)) + do + setup_interface "$i" "0.0.0.0" "255.255.255.255" $GW "force" + done + fi + fi + + if [ -n "$ETH2_IP" -a "$RROUTER" == "1" ] + then + setup_redundant_router + fi + + log_it "Checking udev NIC assignment order changes" + if [ "$NIC_MACS" != "" ] + then + init_interfaces_orderby_macs "$NIC_MACS" "/tmp/interfaces" "/tmp/udev-rules" + newmd5=$(md5sum "/tmp/udev-rules" | awk '{print $1}') + rm /tmp/interfaces + rm /tmp/udev-rules + + if [ "$oldmd5" != "$newmd5" ] + then + log_it "udev NIC assignment requires reboot to take effect" + sync + sleep 2 + reboot + fi + fi + + setup_aesni + setup_dnsmasq + setup_apache2 $ETH0_IP + + sed -i /$NAME/d /etc/hosts + echo "$ETH0_IP $NAME" >> /etc/hosts + + enable_irqbalance 1 + disable_rpfilter_domR + enable_fwding 1 + enable_rpsrfs 1 + cp /etc/iptables/iptables-router /etc/iptables/rules.v4 + #for old templates + cp /etc/iptables/iptables-router /etc/iptables/rules + setup_sshd $ETH1_IP "eth1" + + #Only allow DNS service for current network + sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4 + sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules + sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4 + sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules + + #setup hourly logrotate + mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1 +} + +routing_svcs +if [ $? -gt 0 ] +then + log_it "Failed to execute routing_svcs" + exit 1 +fi +setup_router diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/secstorage.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/secstorage.sh new file mode 100755 index 00000000000..327353c0ae7 --- /dev/null +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/secstorage.sh @@ -0,0 +1,90 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +. /opt/cloud/bin/setup/common.sh + +secstorage_svcs() { + echo "apache2 cloud ssh nfs-common portmap" > /var/cache/cloud/enabled_svcs + echo "cloud-passwd-srvr conntrackd keepalived haproxy dnsmasq" > /var/cache/cloud/disabled_svcs + mkdir -p /var/log/cloud +} + +setup_secstorage() { + log_it "Setting up secondary storage system vm" + sysctl vm.min_free_kbytes=8192 + + setup_common eth0 eth1 eth2 + setup_storage_network + setup_system_rfc1918_internal + + log_it "Setting up entry in hosts" + sed -i /$NAME/d /etc/hosts + public_ip=`getPublicIp` + echo "$public_ip $NAME" >> /etc/hosts + + log_it "Applying iptables rules" + cp /etc/iptables/iptables-secstorage /etc/iptables/rules.v4 + cp /etc/iptables/iptables-secstorage /etc/iptables/rules + + log_it "Configuring sshd" + local hyp=$HYPERVISOR + if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ]; then + setup_sshd $ETH1_IP "eth1" + else + setup_sshd $ETH0_IP "eth0" + fi + + log_it "Configuring apache2" + setup_apache2 $ETH2_IP + + # Deprecated, should move to Cs Python all of it + sed -e "s///" \ + -e "s///" \ + -e "s/Listen .*:80/Listen $ETH2_IP:80/g" \ + -e "s/Listen .*:443/Listen $ETH2_IP:443/g" /etc/apache2/vhost.template > /etc/apache2/sites-enabled/vhost-${ETH2_IP}.conf + + log_it "Setting up apache2 for post upload of volume/template" + a2enmod proxy + a2enmod proxy_http + a2enmod headers + + cat >/etc/apache2/cors.conf <> /etc/hosts; + fi + + cat > /etc/network/interfaces << EOF +auto lo eth0 +iface lo inet loopback +EOF + setup_interface "0" $ETH0_IP $ETH0_MASK $GW + + echo $NAME > /etc/hostname + echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon + hostnamectl set-hostname $NAME + + #Nameserver + sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries + sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries + if [ -n "$internalNS1" ] + then + echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf + echo "nameserver $internalNS1" > /etc/resolv.conf + fi + + if [ -n "$internalNS2" ] + then + echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf + echo "nameserver $internalNS2" >> /etc/resolv.conf + fi + if [ -n "$NS1" ] + then + echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf + echo "nameserver $NS1" >> /etc/resolv.conf + fi + + if [ -n "$NS2" ] + then + echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf + echo "nameserver $NS2" >> /etc/resolv.conf + fi + if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ] + then + if [ "$HYPERVISOR" == "vmware" ] || [ "$HYPERVISOR" == "hyperv" ]; + then + ip route add $MGMTNET via $LOCAL_GW dev eth0 + + # a hacking way to activate vSwitch under VMware + ping -n -c 3 $LOCAL_GW & + sleep 3 + pkill ping + fi + fi + + if [ "$RROUTER" == "1" ] + then + setup_redundant_router + fi + + ip route delete default + # create route table for static route + + sudo echo "252 static_route" >> /etc/iproute2/rt_tables 2>/dev/null + sudo echo "251 static_route_back" >> /etc/iproute2/rt_tables 2>/dev/null + sudo ip rule add from $VPCCIDR table static_route 2>/dev/null + sudo ip rule add from $VPCCIDR table static_route_back 2>/dev/null + + setup_vpc_apache2 + + enable_irqbalance 1 + enable_vpc_rpsrfs 1 + disable_rpfilter + enable_fwding 1 + cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules.v4 + cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules + setup_sshd $ETH0_IP "eth0" + cp /etc/vpcdnsmasq.conf /etc/dnsmasq.conf + cp /etc/cloud-nic.rules /etc/udev/rules.d/cloud-nic.rules + echo "" > /etc/dnsmasq.d/dhcphosts.txt + echo "dhcp-hostsfile=/etc/dhcphosts.txt" > /etc/dnsmasq.d/cloud.conf + + [ -z $DOMAIN ] && DOMAIN="cloudnine.internal" + #DNS server will append $DOMAIN to local queries + sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf + #answer all local domain queries + sed -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf + + command -v dhcp_release > /dev/null 2>&1 + no_dhcp_release=$? + if [ $no_dhcp_release -eq 0 ] + then + echo 1 > /var/cache/cloud/dnsmasq_managed_lease + sed -i -e "/^leasefile-ro/d" /etc/dnsmasq.conf + else + echo 0 > /var/cache/cloud/dnsmasq_managed_lease + fi + + #setup hourly logrotate + mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1 +} + +routing_svcs +if [ $? -gt 0 ] +then + log_it "Failed to execute routing_svcs" + exit 1 +fi +setup_vpcrouter diff --git a/systemvm/patches/debian/config/opt/cloud/templates/check_heartbeat.sh.templ b/systemvm/patches/debian/config/opt/cloud/templates/check_heartbeat.sh.templ index 6a0d8a963fc..a9cbf308119 100755 --- a/systemvm/patches/debian/config/opt/cloud/templates/check_heartbeat.sh.templ +++ b/systemvm/patches/debian/config/opt/cloud/templates/check_heartbeat.sh.templ @@ -47,9 +47,9 @@ then if [ $s -gt 2 ] then echo Keepalived process is dead! >> $ROUTER_LOG - service keepalived stop >> $ROUTER_LOG 2>&1 - service conntrackd stop >> $ROUTER_LOG 2>&1 - + systemctl stop keepalived >> $ROUTER_LOG 2>&1 + systemctl stop conntrackd >> $ROUTER_LOG 2>&1 + #Set fault so we have the same effect as a KeepaliveD fault. python /opt/cloud/bin/master.py --fault diff --git a/systemvm/patches/debian/config/root/.ssh/authorized_keys b/systemvm/patches/debian/config/root/.ssh/authorized_keys index 72867605864..c09f6379a34 100644 --- a/systemvm/patches/debian/config/root/.ssh/authorized_keys +++ b/systemvm/patches/debian/config/root/.ssh/authorized_keys @@ -1 +1 @@ -ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvFu3MLSPphFRBR1yM7nBukXWS9gPdAXfqq9cfC8ZqQN9ybi531aj44CybZ4BVT4kLfzbAs7+7nJeSIpPHxjv9XFqbxjIxoFeGYkj7s0RrJgtsEmvAAubZ3mYboUAYUivMgnJFLnv4VqyAbpjix6CfECUiU4ygwo24F3F6bAmhl4Vo1R5TSUdDIX876YePJTFtuVkLl4lu/+xw1QRWrgaSFosGICT37IKY7RjE79Ozb0GjNHyJPPgVAGkUVO4LawroL9dYOBlzdHpmqqA9Kc44oQBpvcU7s1+ezRTt7fZNnP7TG9ninZtrvnP4qmwAc4iUJ7N1bwh0mCblnoTfZ28hw== anthony@mobl-ant +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2RIE3hgSAD8zULuyE7KDW9EKh2oVbNGY7iSL/VI5xHLISKh4e8ksTshWjlGBtrUCnuzR7y2BUxZ65RI8XkB1fEDxcOU4/0lVPvJYDSsGveXoOgpLwOtKRoGLgjFUGzBQlj2s6YaYQxoNTqtBVkDIH6ekPNq0Q38hRrFcsVIk1sFo5ejuvFxt2wx6APcFIQtHSNezEDO0GVUScDU1N1YEMMv1PU3M/SrcezkXrGl/efF3kWtY9L5xm7sojHMCCqsI38r8ogof67F7JdWRXM6Nl3VzkdCBzWGcyAl+cYfjzgOiBGXyAyYBk8qqzJjKwUOtdjfRvCyowA/0xBwMW1T7PQ== diff --git a/systemvm/scripts/_run.sh b/systemvm/scripts/_run.sh index 6d77002b8c4..96cc88bb17c 100755 --- a/systemvm/scripts/_run.sh +++ b/systemvm/scripts/_run.sh @@ -16,24 +16,16 @@ # specific language governing permissions and limitations # under the License. +# run.sh runs the cloud service +#set -x +# make sure we delete the old files from the original template +rm -f console-proxy.jar +rm -f console-common.jar +rm -f conf/cloud.properties - +CP="./:./conf:$(ls *.jar | tr '\n' ':' | sed s'/.$//')" -#run.sh runs the console proxy. - -# make sure we delete the old files from the original template -rm console-proxy.jar -rm console-common.jar -rm conf/cloud.properties - -set -x - -CP=./:./conf -for file in *.jar -do - CP=${CP}:$file -done keyvalues= LOGHOME=/var/log/cloud/ @@ -50,7 +42,7 @@ for i in $CMDLINE keyvalues="${keyvalues} $KEY=$VALUE" esac done - + tot_mem_k=$(cat /proc/meminfo | grep MemTotal | awk '{print $2}') let "tot_mem_m=tot_mem_k>>10" let "eightypcnt=$tot_mem_m*8/10" diff --git a/systemvm/scripts/config_ssl.sh b/systemvm/scripts/config_ssl.sh index 86358871c9c..931c1a5120a 100755 --- a/systemvm/scripts/config_ssl.sh +++ b/systemvm/scripts/config_ssl.sh @@ -49,7 +49,6 @@ config_apache2_conf() { sed -i -e "s///" /etc/apache2/sites-available/default-ssl sed -i -e "s/Listen .*:80/Listen $ip:80/g" /etc/apache2/ports.conf sed -i -e "s/Listen .*:443/Listen $ip:443/g" /etc/apache2/ports.conf - sed -i -e "s/NameVirtualHost .*:80/NameVirtualHost $ip:80/g" /etc/apache2/ports.conf sed -i 's/ssl-cert-snakeoil.key/cert_apache.key/' /etc/apache2/sites-available/default-ssl sed -i 's/ssl-cert-snakeoil.pem/cert_apache.crt/' /etc/apache2/sites-available/default-ssl sed -i 's/SSLProtocol.*$/SSLProtocol all -SSLv2 -SSLv3/' /etc/apache2/sites-available/default-ssl diff --git a/systemvm/scripts/run.sh b/systemvm/scripts/run.sh index 1e12f12e5f1..7923a34931f 100755 --- a/systemvm/scripts/run.sh +++ b/systemvm/scripts/run.sh @@ -16,10 +16,6 @@ # specific language governing permissions and limitations # under the License. - - - - #_run.sh runs the agent client. # set -x diff --git a/systemvm/systemvm-descriptor.xml b/systemvm/systemvm-descriptor.xml index eec916e86fc..ce5ae4b6d20 100644 --- a/systemvm/systemvm-descriptor.xml +++ b/systemvm/systemvm-descriptor.xml @@ -58,8 +58,8 @@ 555 log4j-cloud.xml - consoleproxy.properties - agent.properties + consoleproxy.properties + agent.properties @@ -69,7 +69,7 @@ 555 *.jpg - *.gif + *.gif *.png *.cur diff --git a/test/integration/component/test_browse_templates.py b/test/integration/component/test_browse_templates.py index 445fae8c1d7..0875d015c9b 100644 --- a/test/integration/component/test_browse_templates.py +++ b/test/integration/component/test_browse_templates.py @@ -856,7 +856,7 @@ class TestBrowseUploadVolume(cloudstackTestCase): self.apiclient.connection.user, self.apiclient.connection.passwd, ssvm.privateip, - "service cloud status", + "systemctl is-active cloud", hypervisor=self.hypervisor ) else: @@ -868,7 +868,7 @@ class TestBrowseUploadVolume(cloudstackTestCase): host.user, host.passwd, ssvm.linklocalip, - "service cloud status" + "systemctl is-active cloud" ) except KeyError: self.skipTest("Marvin configuration has no host credentials to check router services") @@ -876,7 +876,7 @@ class TestBrowseUploadVolume(cloudstackTestCase): self.debug("Cloud Process status: %s" % res) # Apache CloudStack service (type=secstorage) is running: process id: 2346 self.assertEqual( - res.count("is running"), + res.count("active"), 1, "Check cloud service is running or not" ) diff --git a/test/integration/component/test_browse_volumes.py b/test/integration/component/test_browse_volumes.py index 390d0ab93f8..08a41b4588a 100644 --- a/test/integration/component/test_browse_volumes.py +++ b/test/integration/component/test_browse_volumes.py @@ -1288,7 +1288,7 @@ class TestBrowseUploadVolume(cloudstackTestCase): self.apiclient.connection.user, self.apiclient.connection.passwd, ssvm.privateip, - "service cloud status", + "systemctl is-active cloud", hypervisor=self.hypervisor ) else: @@ -1300,7 +1300,7 @@ class TestBrowseUploadVolume(cloudstackTestCase): host.user, host.passwd, ssvm.linklocalip, - "service cloud status" + "systemctl is-active cloud" ) except KeyError: self.skipTest("Marvin configuration has no host credentials to check router services") @@ -1308,7 +1308,7 @@ class TestBrowseUploadVolume(cloudstackTestCase): self.debug("Cloud Process status: %s" % res) # Apache CloudStack service (type=secstorage) is running: process id: 2346 self.assertEqual( - res.count("is running"), + res.count("active"), 1, "Check cloud service is running or not" ) diff --git a/test/integration/component/test_security_groups.py b/test/integration/component/test_security_groups.py index b3620be239d..f95bd74220b 100755 --- a/test/integration/component/test_security_groups.py +++ b/test/integration/component/test_security_groups.py @@ -767,13 +767,13 @@ class TestDhcpOnlyRouter(cloudstackTestCase): self.testdata['configurableData']['host']["username"], self.testdata['configurableData']['host']["password"], router.linklocalip, - "service dnsmasq status" + "systemctl is-active dnsmasq" ) res = str(result) self.debug("Dnsmasq process status: %s" % res) self.assertEqual( - res.count("running"), + res.count("active"), 1, "Check dnsmasq service is running or not" ) diff --git a/test/integration/smoke/test_list_ids_parameter.py b/test/integration/smoke/test_list_ids_parameter.py index f679aedf379..cc45ce396b3 100755 --- a/test/integration/smoke/test_list_ids_parameter.py +++ b/test/integration/smoke/test_list_ids_parameter.py @@ -105,20 +105,20 @@ class TestListIdsParams(cloudstackTestCase): mode=cls.services["mode"] ) - #Take 3 VM1 Snapshots - #PLEASE UNCOMMENT ONCE VM SNAPSHOT DELAY BUG AFTER VM CREATION IS FIXED - """cls.vmsnapshot_1 = VmSnapshot.create( - cls.apiclient, - cls.virtual_machine_1.id - ) - cls.vmsnapshot_2 = VmSnapshot.create( - cls.apiclient, - cls.virtual_machine_1.id - ) - cls.vmsnapshot_3 = VmSnapshot.create( - cls.apiclient, - cls.virtual_machine_1.id - )""" +# Take 3 VM1 Snapshots +# PLEASE UNCOMMENT ONCE VM SNAPSHOT DELAY BUG AFTER VM CREATION IS FIXED +# cls.vmsnapshot_1 = VmSnapshot.create( +# cls.apiclient, +# cls.virtual_machine_1.id +# ) +# cls.vmsnapshot_2 = VmSnapshot.create( +# cls.apiclient, +# cls.virtual_machine_1.id +# ) +# cls.vmsnapshot_3 = VmSnapshot.create( +# cls.apiclient, +# cls.virtual_machine_1.id +# ) #Stop VMs cls.virtual_machine_1.stop(cls.apiclient) @@ -229,7 +229,7 @@ class TestListIdsParams(cloudstackTestCase): 3, "ListVolumes response expected 3 Volumes, received %s" % len(list_volume_response) ) - + @attr(tags = ["advanced", "advancedns", "smoke", "basic"], required_hardware="false") def test_02_list_templates(self): """Test listing Templates using 'ids' parameter @@ -273,23 +273,23 @@ class TestListIdsParams(cloudstackTestCase): "ListSnapshots response expected 3 Snapshots, received %s" % len(list_snapshot_response) ) - #PLEASE UNCOMMENT ONCE VM SNAPSHOT DELAY BUG AFTER VM CREATION IS FIXED - #@attr(tags = ["advanced", "advancedns", "smoke", "basic"], required_hardware="false") - #def test_04_list_vm_snapshots(self): - """Test listing VMSnapshots using 'vmsnapshotids' parameter - """ - """list_vm_snapshot_response = VmSnapshot.list( - self.apiclient, - vmsnapshotids=[self.vmsnapshot_1.id, self.vmsnapshot_2.id, self.vmsnapshot_3.id], - listall=True - ) - self.assertEqual( - isinstance(list_vm_snapshot_response, list), - True, - "ListVMSnapshots response was not a valid list" - ) - self.assertEqual( - len(list_vm_snapshot_response), - 3, - "ListVMSnapshots response expected 3 VMSnapshots, received %s" % len(list_vm_snapshot_response) - )""" +# PLEASE UNCOMMENT ONCE VM SNAPSHOT DELAY BUG AFTER VM CREATION IS FIXED +# @attr(tags = ["advanced", "advancedns", "smoke", "basic"], required_hardware="false") +# def test_04_list_vm_snapshots(self): +# """Test listing VMSnapshots using 'vmsnapshotids' parameter +# """ +# list_vm_snapshot_response = VmSnapshot.list( +# self.apiclient, +# vmsnapshotids=[self.vmsnapshot_1.id, self.vmsnapshot_2.id, self.vmsnapshot_3.id], +# listall=True +# ) +# self.assertEqual( +# isinstance(list_vm_snapshot_response, list), +# True, +# "ListVMSnapshots response was not a valid list" +# ) +# self.assertEqual( +# len(list_vm_snapshot_response), +# 3, +# "ListVMSnapshots response expected 3 VMSnapshots, received %s" % len(list_vm_snapshot_response) +# ) diff --git a/test/integration/smoke/test_loadbalance.py b/test/integration/smoke/test_loadbalance.py index 7ca5cf870a5..8e958a9b58b 100644 --- a/test/integration/smoke/test_loadbalance.py +++ b/test/integration/smoke/test_loadbalance.py @@ -120,29 +120,30 @@ class TestLoadBalance(cloudstackTestCase): cleanup_resources(cls.apiclient, cls._cleanup) return - def try_ssh(self, ip_addr, unameCmd): + def try_ssh(self, ip_addr, unameCmd, firstAttempt=False): try: self.debug( "SSH into VM (IPaddress: %s) & NAT Rule (Public IP: %s)" % (self.vm_1.ipaddress, ip_addr) ) - # If Round Robin Algorithm is chosen, + retries = 3 + if firstAttempt: + retries = 30 + # If Round Robin Algorithm is chosen, # each ssh command should alternate between VMs - ssh_1 = SshClient( ip_addr, self.services['lbrule']["publicport"], self.vm_1.username, self.vm_1.password, - retries=10 + retries=retries ) unameCmd.append(ssh_1.execute("uname")[0]) self.debug(unameCmd) except Exception as e: self.fail("%s: SSH failed for VM with IP Address: %s" % (e, ip_addr)) - time.sleep(10) - return + time.sleep(5) @attr(tags = ["advanced", "advancedns", "smoke"], required_hardware="true") def test_01_create_lb_rule_src_nat(self): @@ -256,7 +257,7 @@ class TestLoadBalance(cloudstackTestCase): unameResults = [] - self.try_ssh(src_nat_ip_addr.ipaddress, unameResults) + self.try_ssh(src_nat_ip_addr.ipaddress, unameResults, True) self.try_ssh(src_nat_ip_addr.ipaddress, unameResults) self.try_ssh(src_nat_ip_addr.ipaddress, unameResults) self.try_ssh(src_nat_ip_addr.ipaddress, unameResults) diff --git a/test/integration/smoke/test_router_dns.py b/test/integration/smoke/test_router_dns.py index ef772243340..9b4ca7ea756 100644 --- a/test/integration/smoke/test_router_dns.py +++ b/test/integration/smoke/test_router_dns.py @@ -256,7 +256,7 @@ class TestRouterDns(cloudstackTestCase): result = None try: self.logger.debug("SSH into guest VM with IP: %s" % nat_rule1.ipaddress) - ssh = self.vm.get_ssh_client(ipaddress=nat_rule1.ipaddress, port=self.services['natrule1']["publicport"], retries=8) + ssh = self.vm.get_ssh_client(ipaddress=nat_rule1.ipaddress, port=self.services['natrule1']["publicport"], retries=15) result = str(ssh.execute("nslookup google.com")) except Exception as e: self.fail("Failed to SSH into VM - %s due to exception: %s" % (nat_rule1.ipaddress, e)) diff --git a/test/integration/smoke/test_router_dnsservice.py b/test/integration/smoke/test_router_dnsservice.py index 436d9e4382e..ffadec7b409 100644 --- a/test/integration/smoke/test_router_dnsservice.py +++ b/test/integration/smoke/test_router_dnsservice.py @@ -92,8 +92,8 @@ class TestRouterDnsService(cloudstackTestCase): zoneid=cls.zone.id) cls.logger.debug("Creating guest VM for Account %s using offering %s" % (cls.account.name, cls.service_offering.id)) - cls.services["virtual_machine"]["displayname"] = VM1_NAME; - cls.services["virtual_machine"]["name"] = VM1_NAME; + cls.services["virtual_machine"]["displayname"] = VM1_NAME + cls.services["virtual_machine"]["name"] = VM1_NAME cls.vm1 = VirtualMachine.create(cls.api_client, cls.services["virtual_machine"], templateid=cls.template.id, @@ -102,10 +102,10 @@ class TestRouterDnsService(cloudstackTestCase): serviceofferingid=cls.service_offering.id, networkids=[str(cls.network.id)]) cls.vm1.password = "password" - cls.logger.debug("Created VM named %s" % VM1_NAME); - - cls.services["virtual_machine"]["displayname"] = VM2_NAME; - cls.services["virtual_machine"]["name"] = VM2_NAME; + cls.logger.debug("Created VM named %s" % VM1_NAME) + + cls.services["virtual_machine"]["displayname"] = VM2_NAME + cls.services["virtual_machine"]["name"] = VM2_NAME cls.vm2 = VirtualMachine.create(cls.api_client, cls.services["virtual_machine"], templateid=cls.template.id, @@ -114,7 +114,7 @@ class TestRouterDnsService(cloudstackTestCase): serviceofferingid=cls.service_offering.id, networkids=[str(cls.network.id)]) cls.vm2.password = "password" - cls.logger.debug("Created VM named %s" % VM2_NAME); + cls.logger.debug("Created VM named %s" % VM2_NAME) cls.services["natrule1"] = { "privateport": 22, @@ -256,7 +256,7 @@ class TestRouterDnsService(cloudstackTestCase): result1 = None try: self.logger.debug("SSH into guest VM with IP: %s" % nat_rule1.ipaddress) - ssh = self.vm1.get_ssh_client(ipaddress=nat_rule1.ipaddress, port=self.services['natrule1']["publicport"], retries=8) + ssh = self.vm1.get_ssh_client(ipaddress=nat_rule1.ipaddress, port=self.services['natrule1']["publicport"], retries=15) result1 = str(ssh.execute("nslookup %s" % VM1_NAME)) self.logger.debug("nslookup %s: %s " % (VM1_NAME, result1)) result2 = str(ssh.execute("nslookup %s" % VM2_NAME)) diff --git a/test/integration/smoke/test_routers.py b/test/integration/smoke/test_routers.py index c6aa4960db3..070841ed8f0 100644 --- a/test/integration/smoke/test_routers.py +++ b/test/integration/smoke/test_routers.py @@ -171,7 +171,7 @@ class TestRouterServices(cloudstackTestCase): self.apiclient.connection.user, self.apiclient.connection.passwd, router.linklocalip, - "service dnsmasq status", + "systemctl is-active dnsmasq", hypervisor=self.hypervisor ) else: @@ -184,7 +184,7 @@ class TestRouterServices(cloudstackTestCase): host.user, host.passwd, router.linklocalip, - "service dnsmasq status" + "systemctl is-active dnsmasq" ) except KeyError: @@ -195,7 +195,7 @@ class TestRouterServices(cloudstackTestCase): self.debug("Dnsmasq process status: %s" % res) self.assertEqual( - res.count("running"), + res.count("active"), 1, "Check dnsmasq service is running or not" ) @@ -251,7 +251,7 @@ class TestRouterServices(cloudstackTestCase): self.apiclient.connection.user, self.apiclient.connection.passwd, router.linklocalip, - "service dnsmasq status", + "systemctl is-active dnsmasq", hypervisor=self.hypervisor ) else: @@ -264,7 +264,7 @@ class TestRouterServices(cloudstackTestCase): host.user, host.passwd, router.linklocalip, - "service dnsmasq status" + "systemctl is-active dnsmasq" ) except KeyError: self.skipTest( @@ -273,7 +273,7 @@ class TestRouterServices(cloudstackTestCase): res = str(result) self.debug("Dnsmasq process status: %s" % res) self.assertEqual( - res.count("running"), + res.count("active"), 1, "Check dnsmasq service is running or not" ) @@ -285,7 +285,7 @@ class TestRouterServices(cloudstackTestCase): self.apiclient.connection.user, self.apiclient.connection.passwd, router.linklocalip, - "service haproxy status", + "systemctl is-active haproxy", hypervisor=self.hypervisor ) else: @@ -298,7 +298,7 @@ class TestRouterServices(cloudstackTestCase): host.user, host.passwd, router.linklocalip, - "service haproxy status" + "systemctl is-active haproxy" ) except KeyError: self.skipTest( @@ -306,7 +306,7 @@ class TestRouterServices(cloudstackTestCase): to check router services") res = str(result) self.assertEqual( - res.count("running"), + res.count("active"), 1, "Check haproxy service is running or not" ) diff --git a/test/integration/smoke/test_ssvm.py b/test/integration/smoke/test_ssvm.py index 616f8b38d24..41db1abf31b 100644 --- a/test/integration/smoke/test_ssvm.py +++ b/test/integration/smoke/test_ssvm.py @@ -44,7 +44,7 @@ _multiprocess_shared_ = True class TestSSVMs(cloudstackTestCase): def setUp(self): - test_case = super(TestSSVMs, self) + test_case = super(TestSSVMs, self) self.apiclient = self.testClient.getApiClient() self.hypervisor = self.testClient.getHypervisorInfo() self.cleanup = [] @@ -57,40 +57,52 @@ class TestSSVMs(cloudstackTestCase): self.logger.setLevel(logging.DEBUG) self.logger.addHandler(self.stream_handler) - # Default sleep is set to 90 seconds, which is too long if the SSVM takes up to 2min to start. - # Second sleep in the loop will waste test time. - self.services["sleep"] = 30 - # Default value is 120 seconds. That's just too much. - self.services["configurableData"]["systemVmDelay"] = 60 - - return - def tearDown(self): try: - # Clean up, terminate the created templates cleanup_resources(self.apiclient, self.cleanup) - except Exception as e: raise Exception("Warning: Exception during cleanup : %s" % e) - return def waitForSystemVMAgent(self, vmname): - timeout = 120 - - while True: + def checkRunningAgent(): list_host_response = list_hosts( self.apiclient, name=vmname ) + if isinstance(list_host_response, list): + return list_host_response[0].state == 'Up', None + return False, None - if list_host_response and list_host_response[0].state == 'Up': - break + res, _ = wait_until(3, self.services["sleep"], checkRunningAgent) + if not res: + raise Exception("Failed to wait for SSVM agent to be Up") - if timeout == 0: - raise Exception("Timed out waiting for SSVM agent to be Up") + def checkForRunningSystemVM(self, ssvm, ssvm_type=None): + if not ssvm: + return None - time.sleep(1) - timeout = timeout - 1 + def checkRunningState(): + if not ssvm_type: + response = list_ssvms( + self.apiclient, + id=ssvm.id + ) + else: + response = list_ssvms( + self.apiclient, + zoneid=self.zone.id, + systemvmtype=ssvm_type + ) + + if isinstance(response, list): + ssvm_response = response[0] + return ssvm_response.state == 'Running', ssvm_response + return False, None + + res, ssvm_response = wait_until(3, self.services["sleep"], checkRunningState) + if not res: + self.fail("Failed to reach systemvm state to Running") + return ssvm_response @attr( tags=[ @@ -228,7 +240,6 @@ class TestSSVMs(cloudstackTestCase): zone_response[0].dns2, "Check DNS2 with that of corresponding zone" ) - return @attr( tags=[ @@ -360,7 +371,6 @@ class TestSSVMs(cloudstackTestCase): zone_response[0].dns2, "Check DNS2 with that of corresponding zone" ) - return @attr( tags=[ @@ -459,7 +469,7 @@ class TestSSVMs(cloudstackTestCase): self.apiclient.connection.user, self.apiclient.connection.passwd, ssvm.privateip, - "service cloud status", + "systemctl is-active cloud", hypervisor=self.hypervisor ) else: @@ -472,7 +482,7 @@ class TestSSVMs(cloudstackTestCase): host.user, host.passwd, ssvm.linklocalip, - "service cloud status" + "systemctl is-active cloud" ) except KeyError: self.skipTest( @@ -482,11 +492,11 @@ class TestSSVMs(cloudstackTestCase): self.debug("Cloud Process status: %s" % res) # Apache CloudStack service (type=secstorage) is running: process id: 2346 self.assertEqual( - res.count("is running"), + res.count("active"), 1, "Check cloud service is running or not" ) - + linklocal_ip = None # Check status of cloud service if self.hypervisor.lower() in ('vmware', 'hyperv'): @@ -526,8 +536,6 @@ class TestSSVMs(cloudstackTestCase): res, "The cached Link Local should be the same as the current Link Local IP, but they are different! Current ==> %s; Cached ==> %s " % (linklocal_ip, res) ) - - return @attr( tags=[ @@ -595,7 +603,7 @@ class TestSSVMs(cloudstackTestCase): self.apiclient.connection.user, self.apiclient.connection.passwd, cpvm.privateip, - "service cloud status", + "systemctl is-active cloud", hypervisor=self.hypervisor ) else: @@ -608,7 +616,7 @@ class TestSSVMs(cloudstackTestCase): host.user, host.passwd, cpvm.linklocalip, - "service cloud status" + "systemctl is-active cloud" ) except KeyError: self.skipTest( @@ -617,7 +625,7 @@ class TestSSVMs(cloudstackTestCase): res = str(result) self.debug("Cloud Process status: %s" % res) self.assertEqual( - res.count("is running"), + res.count("active"), 1, "Check cloud service is running or not" ) @@ -662,8 +670,6 @@ class TestSSVMs(cloudstackTestCase): "The cached Link Local should be the same as the current Link Local IP, but they are different! Current ==> %s; Cached ==> %s " % (linklocal_ip, res) ) - return - @attr( tags=[ "advanced", @@ -711,45 +717,21 @@ class TestSSVMs(cloudstackTestCase): cmd.id = ssvm.id self.apiclient.stopSystemVm(cmd) - timeout = self.services["timeout"] - while True: - list_ssvm_response = list_ssvms( - self.apiclient, - id=ssvm.id - ) - if isinstance(list_ssvm_response, list): - if list_ssvm_response[0].state == 'Running': - break - if timeout == 0: - raise Exception("List SSVM call failed!") - - time.sleep(self.services["sleep"]) - timeout = timeout - 1 - - self.assertEqual( - isinstance(list_ssvm_response, list), - True, - "Check list response returns a valid list" - ) - ssvm_response = list_ssvm_response[0] + ssvm_response = self.checkForRunningSystemVM(ssvm) self.debug("SSVM state after debug: %s" % ssvm_response.state) self.assertEqual( ssvm_response.state, 'Running', "Check whether SSVM is running or not" ) + # Wait for the agent to be up self.waitForSystemVMAgent(ssvm_response.name) # Call above tests to ensure SSVM is properly running self.test_01_list_sec_storage_vm() - # Wait for some time before running diagnostic scripts on SSVM - # as it may take some time to start all service properly - time.sleep(int(self.services["configurableData"]["systemVmDelay"])) - self.test_03_ssvm_internals() - return @attr( tags=[ @@ -798,23 +780,7 @@ class TestSSVMs(cloudstackTestCase): cmd.id = cpvm.id self.apiclient.stopSystemVm(cmd) - timeout = 120 - while True: - list_cpvm_response = list_ssvms( - self.apiclient, - id=cpvm.id - ) - if isinstance(list_cpvm_response, list): - if list_cpvm_response[0].state == 'Running': - break - if timeout == 0: - raise Exception("List CPVM call failed!") - - time.sleep(1) - timeout = timeout - 1 - - cpvm_response = list_cpvm_response[0] - + cpvm_response = self.checkForRunningSystemVM(cpvm) self.debug("CPVM state after debug: %s" % cpvm_response.state) self.assertEqual( @@ -829,12 +795,7 @@ class TestSSVMs(cloudstackTestCase): # Call above tests to ensure CPVM is properly running self.test_02_list_cpvm_vm() - # Wait for some time before running diagnostic scripts on SSVM - # as it may take some time to start all service properly - time.sleep(int(self.services["configurableData"]["systemVmDelay"])) - self.test_04_cpvm_internals() - return @attr( tags=[ @@ -887,22 +848,7 @@ class TestSSVMs(cloudstackTestCase): cmd.id = ssvm_response.id self.apiclient.rebootSystemVm(cmd) - timeout = self.services["timeout"] - while True: - list_ssvm_response = list_ssvms( - self.apiclient, - id=ssvm_response.id - ) - if isinstance(list_ssvm_response, list): - if list_ssvm_response[0].state == 'Running': - break - if timeout == 0: - raise Exception("List SSVM call failed!") - - time.sleep(self.services["sleep"]) - timeout = timeout - 1 - - ssvm_response = list_ssvm_response[0] + ssvm_response = self.checkForRunningSystemVM(ssvm_response) self.debug("SSVM State: %s" % ssvm_response.state) self.assertEqual( 'Running', @@ -921,13 +867,8 @@ class TestSSVMs(cloudstackTestCase): # Wait for the agent to be up self.waitForSystemVMAgent(ssvm_response.name) - # Wait for some time before running diagnostic scripts on SSVM - # as it may take some time to start all service properly - time.sleep(int(self.services["configurableData"]["systemVmDelay"])) - # Call to verify cloud process is running self.test_03_ssvm_internals() - return @attr( tags=[ @@ -979,23 +920,7 @@ class TestSSVMs(cloudstackTestCase): cmd.id = cpvm_response.id self.apiclient.rebootSystemVm(cmd) - timeout = self.services["timeout"] - while True: - list_cpvm_response = list_ssvms( - self.apiclient, - id=cpvm_response.id - ) - if isinstance(list_cpvm_response, list): - if list_cpvm_response[0].state == 'Running': - break - if timeout == 0: - raise Exception("List CPVM call failed!") - - time.sleep(self.services["sleep"]) - timeout = timeout - 1 - - cpvm_response = list_cpvm_response[0] - + cpvm_response = self.checkForRunningSystemVM(cpvm_response) self.debug("CPVM state: %s" % cpvm_response.state) self.assertEqual( 'Running', @@ -1010,17 +935,12 @@ class TestSSVMs(cloudstackTestCase): ) # Private IP Address of System VMs are allowed to change after reboot - CLOUDSTACK-7745 - + # Wait for the agent to be up self.waitForSystemVMAgent(cpvm_response.name) - # Wait for some time before running diagnostic scripts on SSVM - # as it may take some time to start all service properly - time.sleep(int(self.services["configurableData"]["systemVmDelay"])) - # Call to verify cloud process is running self.test_04_cpvm_internals() - return @attr( tags=[ @@ -1061,23 +981,7 @@ class TestSSVMs(cloudstackTestCase): cmd.id = ssvm_response.id self.apiclient.destroySystemVm(cmd) - timeout = self.services["timeout"] - while True: - list_ssvm_response = list_ssvms( - self.apiclient, - zoneid=self.zone.id, - systemvmtype='secondarystoragevm' - ) - if isinstance(list_ssvm_response, list): - if list_ssvm_response[0].state == 'Running': - break - if timeout == 0: - raise Exception("List SSVM call failed!") - - time.sleep(self.services["sleep"]) - timeout = timeout - 1 - - ssvm_response = list_ssvm_response[0] + ssvm_response = self.checkForRunningSystemVM(ssvm_response, 'secondarystoragevm') # Verify Name, Public IP, Private IP and Link local IP # for newly created SSVM @@ -1107,13 +1011,8 @@ class TestSSVMs(cloudstackTestCase): # Wait for the agent to be up self.waitForSystemVMAgent(ssvm_response.name) - # Wait for some time before running diagnostic scripts on SSVM - # as it may take some time to start all service properly - time.sleep(int(self.services["configurableData"]["systemVmDelay"])) - # Call to verify cloud process is running self.test_03_ssvm_internals() - return @attr( tags=[ @@ -1153,23 +1052,7 @@ class TestSSVMs(cloudstackTestCase): cmd.id = cpvm_response.id self.apiclient.destroySystemVm(cmd) - timeout = self.services["timeout"] - while True: - list_cpvm_response = list_ssvms( - self.apiclient, - systemvmtype='consoleproxy', - zoneid=self.zone.id - ) - if isinstance(list_cpvm_response, list): - if list_cpvm_response[0].state == 'Running': - break - if timeout == 0: - raise Exception("List CPVM call failed!") - - time.sleep(self.services["sleep"]) - timeout = timeout - 1 - - cpvm_response = list_cpvm_response[0] + cpvm_response = self.checkForRunningSystemVM(cpvm_response, 'consoleproxy') # Verify Name, Public IP, Private IP and Link local IP # for newly created CPVM @@ -1199,13 +1082,8 @@ class TestSSVMs(cloudstackTestCase): # Wait for the agent to be up self.waitForSystemVMAgent(cpvm_response.name) - # Wait for some time before running diagnostic scripts on SSVM - # as it may take some time to start all service properly - time.sleep(int(self.services["configurableData"]["systemVmDelay"])) - # Call to verify cloud process is running self.test_04_cpvm_internals() - return @attr( tags=[ @@ -1300,22 +1178,7 @@ class TestSSVMs(cloudstackTestCase): cmd.id = ssvm.id self.apiclient.stopSystemVm(cmd) - def checkForRunningSSVM(): - new_list_ssvm_response = list_ssvms( - self.apiclient, - id=ssvm.id - ) - if isinstance(new_list_ssvm_response, list): - return new_list_ssvm_response[0].state == 'Running', None - - res, _ = wait_until(self.services["sleep"], self.services["timeout"], checkForRunningSSVM) - if not res: - self.fail("List SSVM call failed!") - - new_list_ssvm_response = list_ssvms( - self.apiclient, - id=ssvm.id - ) + new_list_ssvm_response = self.checkForRunningSystemVM(ssvm) self.assertNotEqual( new_list_ssvm_response, @@ -1363,5 +1226,3 @@ class TestSSVMs(cloudstackTestCase): int(nfs_version), "Check mounted NFS version to be the same as provided" ) - - return diff --git a/tools/appliance/definitions/systemvmtemplate/authorized_keys.sh b/tools/appliance/definitions/systemvmtemplate/authorized_keys.sh index d1857231074..721e04d882f 100644 --- a/tools/appliance/definitions/systemvmtemplate/authorized_keys.sh +++ b/tools/appliance/definitions/systemvmtemplate/authorized_keys.sh @@ -16,15 +16,10 @@ # specific language governing permissions and limitations # under the License. -# override this file during build to inject /root/.ssh/authorized_keys - set -e set -x -# the key that we have in ../patches/debian/config/root/.ssh/authorized_keys for some reason -key='ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvFu3MLSPphFRBR1yM7nBukXWS9gPdAXfqq9cfC8ZqQN9ybi531aj44CybZ4BVT4kLfzbAs7+7nJeSIpPHxjv9XFqbxjIxoFeGYkj7s0RrJgtsEmvAAubZ3mYboUAYUivMgnJFLnv4VqyAbpjix6CfECUiU4ygwo24F3F6bAmhl4Vo1R5TSUdDIX876YePJTFtuVkLl4lu/+xw1QRWrgaSFosGICT37IKY7RjE79Ozb0GjNHyJPPgVAGkUVO4LawroL9dYOBlzdHpmqqA9Kc44oQBpvcU7s1+ezRTt7fZNnP7TG9ninZtrvnP4qmwAc4iUJ7N1bwh0mCblnoTfZ28hw== anthony@mobl-ant' mkdir -p /root/.ssh chmod 644 /root/.ssh -#touch /root/.ssh/authorized_keys -echo ${key} > /root/.ssh/authorized_keys +touch /root/.ssh/authorized_keys chmod 600 /root/.ssh/authorized_keys diff --git a/tools/appliance/definitions/systemvmtemplate/cleanup.sh b/tools/appliance/definitions/systemvmtemplate/cleanup.sh index 67d6c236ebf..444cc948f17 100644 --- a/tools/appliance/definitions/systemvmtemplate/cleanup.sh +++ b/tools/appliance/definitions/systemvmtemplate/cleanup.sh @@ -20,7 +20,7 @@ set -e set -x function cleanup_apt() { - apt-get -y remove dictionaries-common busybox + apt-get -y remove dictionaries-common busybox isc-dhcp-client isc-dhcp-common apt-get -y autoremove apt-get autoclean apt-get clean @@ -39,10 +39,21 @@ function cleanup_dev() { rm -f /lib/udev/rules.d/75-persistent-net-generator.rules } +function cleanup_misc() { + rm -fr /home/cloud/cloud_scripts* + rm -f /root/.rnd + rm -f /var/www/html/index.html + rm -f /var/log/*.log + rm -f /var/log/apache2/* + rm -f /var/log/messages + rm -f /var/log/syslog +} + function cleanup() { cleanup_apt cleanup_dhcp cleanup_dev + cleanup_misc } return 2>/dev/null || cleanup diff --git a/tools/appliance/definitions/systemvmtemplate/configure_conntrack.sh b/tools/appliance/definitions/systemvmtemplate/configure_conntrack.sh index c898afc4778..7202717d73b 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_conntrack.sh +++ b/tools/appliance/definitions/systemvmtemplate/configure_conntrack.sh @@ -38,6 +38,9 @@ nf_conntrack_ipv4 nf_conntrack_ipv6 nf_conntrack nf_conntrack_ftp +nf_conntrack_pptp +nf_conntrack_proto_gre +nf_nat_tftp nf_nat_ftp EOF } diff --git a/tools/appliance/definitions/systemvmtemplate/configure_grub.sh b/tools/appliance/definitions/systemvmtemplate/configure_grub.sh index ec40b7c77bb..eb2692ec53c 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_grub.sh +++ b/tools/appliance/definitions/systemvmtemplate/configure_grub.sh @@ -19,19 +19,17 @@ set -e set -x -# Remove 5s grub timeout to speed up booting function configure_grub() { - grep GRUB_TIMEOUT=0 /etc/default/grub && return - cat < /etc/default/grub # If you change this file, run 'update-grub' afterwards to update # /boot/grub/grub.cfg. GRUB_DEFAULT=0 GRUB_TIMEOUT=0 -GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian` +GRUB_DISTRIBUTOR=Debian GRUB_CMDLINE_LINUX_DEFAULT="quiet" -GRUB_CMDLINE_LINUX="console=tty1 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 debian-installer=en_US" +GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8 console=hvc0 earlyprintk=xen net.ifnames=0 biosdevname=0 debian-installer=en_US" +GRUB_CMDLINE_XEN="com1=115200 console=com1" GRUB_TERMINAL="console serial" GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1" diff --git a/tools/appliance/definitions/systemvmtemplate/configure_login.sh b/tools/appliance/definitions/systemvmtemplate/configure_login.sh index 1735b810f7e..d5f80b105fc 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_login.sh +++ b/tools/appliance/definitions/systemvmtemplate/configure_login.sh @@ -73,6 +73,7 @@ function configure_login() { configure_sudoers configure_user rm -fv /home/cloud/configure_login.sh + sync halt -p } diff --git a/tools/appliance/definitions/systemvmtemplate/configure_networking.sh b/tools/appliance/definitions/systemvmtemplate/configure_networking.sh index 2ebd3a2e764..ab68cdfe68e 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_networking.sh +++ b/tools/appliance/definitions/systemvmtemplate/configure_networking.sh @@ -56,7 +56,6 @@ iface lo inet loopback # The primary network interface auto eth0 iface eth0 inet dhcp -pre-up sleep 2 EOF } diff --git a/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh b/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh index 138646563b5..791f2ead984 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh +++ b/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh @@ -36,14 +36,19 @@ function install_cloud_scripts() { rsync -av ./cloud_scripts/ / chmod +x /opt/cloud/bin/* \ /root/{clearUsageRules.sh,reconfigLB.sh,monitorServices.py} \ - /etc/init.d/{cloud-early-config,cloud-passwd-srvr,postinit} \ + /etc/init.d/{cloud-early-config,cloud-passwd-srvr} \ /etc/profile.d/cloud.sh cat > /etc/systemd/system/cloud-early-config.service << EOF [Unit] -Description=cloud-early-config: configure according to cmdline +Description=cloud-early-config: configures systemvm using cmdline DefaultDependencies=no -After=local-fs.target apparmor.service systemd-sysctl.service systemd-modules-load.service + +Before=network-pre.target +Wants=network-pre.target + +Requires=local-fs.target +After=local-fs.target [Install] WantedBy=multi-user.target @@ -85,30 +90,14 @@ WantedBy=multi-user.target Type=forking ExecStart=/etc/init.d/cloud-passwd-srvr start ExecStop=/etc/init.d/cloud-passwd-srvr stop -RemainAfterExit=true -TimeoutStartSec=5min -EOF - - cat > /etc/systemd/system/postinit.service << EOF -[Unit] -Description=cloud post-init service -After=cloud-early-config.service network.target local-fs.target - -[Install] -WantedBy=multi-user.target - -[Service] -Type=forking -ExecStart=/etc/init.d/postinit start -ExecStop=/etc/init.d/postinit stop -RemainAfterExit=true -TimeoutStartSec=5min +Restart=always +RestartSec=5 EOF systemctl daemon-reload systemctl enable cloud-early-config - systemctl disable cloud-passwd-srvr systemctl disable cloud + systemctl disable cloud-passwd-srvr } function do_signature() { @@ -130,6 +119,9 @@ function configure_services() { mkdir -p /usr/share/cloud mkdir -p /usr/local/cloud + # Fix dnsmasq directory issue + mkdir -p /opt/tftpboot + # Fix haproxy directory issue mkdir -p /var/lib/haproxy @@ -137,21 +129,21 @@ function configure_services() { do_signature systemctl daemon-reload - systemctl disable xl2tpd + systemctl disable apt-daily.service + systemctl disable apt-daily.timer + systemctl disable apt-daily-upgrade.timer # Disable services that slow down boot and are not used anyway - systemctl disable x11-common - systemctl disable console-setup - systemctl disable haproxy systemctl disable apache2 + systemctl disable conntrackd + systemctl disable console-setup systemctl disable dnsmasq - - # Hyperv kvp daemon - 64bit only - local arch=`dpkg --print-architecture` - if [ "${arch}" == "amd64" ]; then - systemctl disable hv_kvp_daemon - fi + systemctl disable haproxy + systemctl disable keepalived systemctl disable radvd + systemctl disable strongswan + systemctl disable x11-common + systemctl disable xl2tpd configure_apache2 configure_strongswan diff --git a/tools/appliance/definitions/systemvmtemplate/definition.rb b/tools/appliance/definitions/systemvmtemplate/definition.rb index cea7bd2082b..33c8e8bd02a 100644 --- a/tools/appliance/definitions/systemvmtemplate/definition.rb +++ b/tools/appliance/definitions/systemvmtemplate/definition.rb @@ -27,9 +27,9 @@ arch = 'amd64' architectures = { :amd64 => { :os_type_id => 'Debian_64', - :iso_file => 'debian-9.1.0-amd64-netinst.iso', - :iso_src => 'https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.1.0-amd64-netinst.iso', - :iso_md5 => 'ddd8f6542dae8baf410e90b9ae0fe986' + :iso_file => 'debian-9.2.1-amd64-netinst.iso', + :iso_src => 'https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.2.1-amd64-netinst.iso', + :iso_sha512 => 'ebfe25dc593967e39349b205480b0ec0103ef4a0468c602f4857e13d06d407bfe876162399e0e8d4dea5675953dc37ab585316f307ccf9f4440124b4f719df04' } } diff --git a/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh b/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh index 227f533489e..2cceb989a25 100644 --- a/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh +++ b/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh @@ -22,7 +22,7 @@ set -x function install_vhd_util() { [[ -f /bin/vhd-util ]] && return - wget --no-check-certificate http://download.cloudstack.org/tools/vhd-util -O /bin/vhd-util + wget --no-check-certificate https://github.com/rhtyd/cloudstack-nonoss/raw/master/vhd-util -O /bin/vhd-util chmod a+x /bin/vhd-util } @@ -52,12 +52,12 @@ function install_packages() { ${apt_get} install links:i386 libuuid1:i386 libc6:i386 fi - ${apt_get} install \ - rsyslog logrotate cron insserv net-tools ifupdown vim netbase iptables \ - openssh-server e2fsprogs isc-dhcp-client tcpdump socat wget \ + ${apt_get} install grub-legacy \ + rsyslog logrotate cron net-tools ifupdown vim tmux netbase iptables \ + openssh-server e2fsprogs tcpdump socat wget \ python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps \ inetutils-ping iputils-arping httping curl \ - dnsutils zip unzip ethtool uuid file iproute acpid virt-what sudo \ + dnsutils zip unzip ethtool uuid file iproute acpid sudo \ sysstat python-netaddr \ apache2 ssl-cert \ dnsmasq dnsmasq-utils \ @@ -65,7 +65,9 @@ function install_packages() { samba-common cifs-utils \ xl2tpd bcrelay ppp ipsec-tools tdb-tools \ xenstore-utils libxenstore3.0 \ - conntrackd ipvsadm libnetfilter-conntrack3 libnl-3-200 libnl-genl-3-200 \ + ipvsadm conntrackd libnetfilter-conntrack3 \ + keepalived irqbalance \ + libnl-3-200 libnl-genl-3-200 \ ipcalc \ openjdk-8-jre-headless \ ipset \ @@ -75,22 +77,19 @@ function install_packages() { haproxy \ radvd \ sharutils \ - keepalived irqbalance open-vm-tools qemu-guest-agent \ - strongswan libcharon-extra-plugins libstrongswan-extra-plugins + strongswan libcharon-extra-plugins libstrongswan-extra-plugins \ + virt-what open-vm-tools qemu-guest-agent hyperv-daemons + + # Install xenserver guest utilities as debian repos don't have it + wget https://mirrors.kernel.org/ubuntu/pool/universe/x/xe-guest-utilities/xe-guest-utilities_7.4.0-0ubuntu1_amd64.deb + dpkg -i xe-guest-utilities_7.4.0-0ubuntu1_amd64.deb + rm -f xe-guest-utilities_7.4.0-0ubuntu1_amd64.deb apt-get autoclean apt-get clean apt-get update apt-get -y upgrade - - if [ "${arch}" == "amd64" ]; then - # Hyperv kvp daemon - 64bit only - # Download the hv kvp daemon - wget http://people.apache.org/~rajeshbattala/hv-kvp-daemon_3.1_amd64.deb - dpkg -i hv-kvp-daemon_3.1_amd64.deb - rm -f hv-kvp-daemon_3.1_amd64.deb - fi } return 2>/dev/null || install_packages diff --git a/tools/appliance/definitions/systemvmtemplate/preseed.cfg b/tools/appliance/definitions/systemvmtemplate/preseed.cfg index 6d56b76df05..99bd6eb04ab 100644 --- a/tools/appliance/definitions/systemvmtemplate/preseed.cfg +++ b/tools/appliance/definitions/systemvmtemplate/preseed.cfg @@ -57,10 +57,10 @@ d-i partman-auto/method string regular d-i partman-auto/choose_recipe select atomic d-i partman-auto/expert_recipe string \ boot-root :: \ - 80 50 100 ext4 \ + 80 50 100 ext2 \ $primary{ } $bootable{ } \ method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ + use_filesystem{ } filesystem{ ext2 } \ mountpoint{ /boot } \ . \ 1500 40 1600 ext4 \ diff --git a/tools/appliance/definitions/systemvmtemplate/zerodisk.sh b/tools/appliance/definitions/systemvmtemplate/zerodisk.sh index 7adea8a438b..d002316d658 100644 --- a/tools/appliance/definitions/systemvmtemplate/zerodisk.sh +++ b/tools/appliance/definitions/systemvmtemplate/zerodisk.sh @@ -39,6 +39,11 @@ function zero_disk() { sync rm -f ${path}/zero done + + for partition in $(blkid -o list | grep ext | awk '{print $1}') + do + tune2fs -m0 $partition + done } return 2>/dev/null || zero_disk diff --git a/utils/src/main/java/com/cloud/utils/ReflectUtil.java b/utils/src/main/java/com/cloud/utils/ReflectUtil.java index c8ae954b7d3..1d31093e0c8 100644 --- a/utils/src/main/java/com/cloud/utils/ReflectUtil.java +++ b/utils/src/main/java/com/cloud/utils/ReflectUtil.java @@ -29,6 +29,8 @@ import java.beans.PropertyDescriptor; import java.lang.annotation.Annotation; import java.lang.reflect.Field; import java.lang.reflect.InvocationTargetException; +import java.net.URL; +import java.net.URLClassLoader; import java.util.ArrayList; import java.util.Collections; import java.util.HashSet; @@ -210,4 +212,23 @@ public class ReflectUtil { } } + /** + * Finds and returns class loader based on the provided module/jar name + * @param name + * @return returns ClassLoader + */ + public static ClassLoader getClassLoaderForName(final String name) { + final URL[] urls = ((URLClassLoader) (Thread.currentThread().getContextClassLoader())).getURLs(); + final List searchUrls = new ArrayList<>(); + for (final URL url: urls) { + if (url.toString().contains(name)) { + if (s_logger.isDebugEnabled()) { + s_logger.debug("Search URL: " + url.toString()); + } + searchUrls.add(url); + } + } + return new URLClassLoader(searchUrls.toArray(new URL[searchUrls.size()])); + } + } diff --git a/utils/src/main/java/com/cloud/utils/nio/Link.java b/utils/src/main/java/com/cloud/utils/nio/Link.java index 7848d5330a3..8f1b811d585 100644 --- a/utils/src/main/java/com/cloud/utils/nio/Link.java +++ b/utils/src/main/java/com/cloud/utils/nio/Link.java @@ -503,7 +503,7 @@ public class Link { s_logger.error(String.format("SSL error caught during unwrap data: %s, for local address=%s, remote address=%s. The client may have invalid ca-certificates.", sslException.getMessage(), socketChannel.getLocalAddress(), socketChannel.getRemoteAddress())); sslEngine.closeOutbound(); - return true; + return false; } switch (result.getStatus()) { case OK: @@ -545,7 +545,7 @@ public class Link { s_logger.error(String.format("SSL error caught during wrap data: %s, for local address=%s, remote address=%s.", sslException.getMessage(), socketChannel.getLocalAddress(), socketChannel.getRemoteAddress())); sslEngine.closeOutbound(); - return true; + return false; } switch (result.getStatus()) { case OK :