You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ro...@apache.org on 2017/12/08 19:14:55 UTC
[cloudstack] 03/12: CLOUDSTACK-10013: Debian9 SystemVM appliance
improvements
This is an automated email from the ASF dual-hosted git repository.
rohit pushed a commit to branch debian9-systemvmtemplate
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
commit 3c54ce7c84b2cc24612ac84b01649f921fbf1eb2
Author: Rohit Yadav <ro...@shapeblue.com>
AuthorDate: Fri Nov 17 14:53:57 2017 +0530
CLOUDSTACK-10013: Debian9 SystemVM appliance improvements
- Refactor cloud-early-config and make appliance specific scripts
- Make patching work without requiring restart of appliance and remove
postinit script
- Migrate to systemd, speedup booting/loading
- Takes about 5-15s to boot on KVM, and 10-30seconds for VMware and XenServer
- Appliance boots and works on KVM, VMware, XenServer and HyperV
- Update Debian9 ISO url with sha512 checksum
- Speedup console proxy service launch
- Enable additional kernel modules
- Remove unknown ssh key
- Update vhd-util URL as previous URL was down
- Enable sshd by default
- Use hostnamectl to add hostname
- Disable services by default
- Use existing log4j xml, patching not necessary by cloud-early-config
- Several minor fixes and file refactorings, removed dead code/files
- Removes inserv
- Fix dnsmasq config syntax
- Fix haproxy config syntax
- Fix smoke tests and improve performance
- Fix apache pid file path in cloud.monitoring per the new template
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
---
.../consoleproxy/ConsoleProxyResource.java | 21 +-
.../src/com/cloud/network/HAProxyConfigurator.java | 16 +-
.../virtualnetwork/VirtualRoutingResourceTest.java | 8 +-
.../src/com/cloud/consoleproxy/ConsoleProxy.java | 41 +-
setup/db/db/schema-41000to41100.sql | 3 +
systemvm/conf/log4j-cloud.xml | 95 +-
.../debian/config/etc/apache2/vhost.template | 7 -
.../debian/config/etc/default/cloud-passwd-srvr | 19 -
.../patches/debian/config/etc/haproxy/haproxy.cfg | 3 +-
.../debian/config/etc/init.d/cloud-early-config | 1541 ++------------------
.../debian/config/etc/init.d/cloud-passwd-srvr | 4 -
systemvm/patches/debian/config/etc/init.d/postinit | 176 ---
systemvm/patches/debian/config/etc/rc.local | 56 +-
systemvm/patches/debian/config/etc/sysctl.conf | 1 -
.../debian/config/opt/cloud/bin/configure.py | 4 +-
.../debian/config/opt/cloud/bin/cs/CsApp.py | 1 -
.../debian/config/opt/cloud/bin/cs/CsDhcp.py | 4 +-
.../debian/config/opt/cloud/bin/cs/CsHelper.py | 6 +-
.../patches/debian/config/opt/cloud/bin/dnsmasq.sh | 4 +-
.../debian/config/opt/cloud/bin/edithosts.sh | 2 +-
.../debian/config/opt/cloud/bin/ipsectunnel.sh | 62 +-
.../debian/config/opt/cloud/bin/passwd_server_ip | 4 +-
.../debian/config/opt/cloud/bin/patchsystemvm.sh | 262 ----
.../debian/config/opt/cloud/bin/setup/common.sh | 862 +++++++++++
.../config/opt/cloud/bin/setup/consoleproxy.sh | 61 +
.../cloud => opt/cloud/bin/setup/default.sh} | 14 +-
.../debian/config/opt/cloud/bin/setup/dhcpsrvr.sh | 62 +
.../debian/config/opt/cloud/bin/setup/elbvm.sh | 53 +
.../debian/config/opt/cloud/bin/setup/ilbvm.sh | 46 +-
.../config/opt/cloud/bin/setup/patchsystemvm.sh | 57 +
.../debian/config/opt/cloud/bin/setup/router.sh | 106 ++
.../config/opt/cloud/bin/setup/secstorage.sh | 90 ++
.../debian/config/opt/cloud/bin/setup/vpcrouter.sh | 129 ++
.../opt/cloud/templates/check_heartbeat.sh.templ | 6 +-
.../debian/config/root/.ssh/authorized_keys | 2 +-
systemvm/scripts/_run.sh | 24 +-
systemvm/scripts/config_ssl.sh | 1 -
systemvm/scripts/run.sh | 4 -
systemvm/systemvm-descriptor.xml | 6 +-
.../integration/component/test_browse_templates.py | 6 +-
test/integration/component/test_browse_volumes.py | 6 +-
test/integration/component/test_security_groups.py | 4 +-
test/integration/smoke/test_list_ids_parameter.py | 70 +-
test/integration/smoke/test_loadbalance.py | 15 +-
test/integration/smoke/test_router_dns.py | 2 +-
test/integration/smoke/test_router_dnsservice.py | 16 +-
test/integration/smoke/test_routers.py | 18 +-
test/integration/smoke/test_ssvm.py | 237 +--
.../systemvmtemplate/authorized_keys.sh | 7 +-
.../definitions/systemvmtemplate/cleanup.sh | 13 +-
.../systemvmtemplate/configure_conntrack.sh | 3 +
.../definitions/systemvmtemplate/configure_grub.sh | 8 +-
.../systemvmtemplate/configure_login.sh | 1 +
.../systemvmtemplate/configure_networking.sh | 1 -
.../configure_systemvm_services.sh | 56 +-
.../definitions/systemvmtemplate/definition.rb | 6 +-
.../systemvmtemplate/install_systemvm_packages.sh | 31 +-
.../definitions/systemvmtemplate/preseed.cfg | 4 +-
.../definitions/systemvmtemplate/zerodisk.sh | 5 +
.../src/main/java/com/cloud/utils/ReflectUtil.java | 21 +
utils/src/main/java/com/cloud/utils/nio/Link.java | 4 +-
61 files changed, 1987 insertions(+), 2410 deletions(-)
diff --git a/agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java b/agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java
index 1fed3be..24e8257 100644
--- a/agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java
+++ b/agent/src/com/cloud/agent/resource/consoleproxy/ConsoleProxyResource.java
@@ -59,6 +59,7 @@ import com.cloud.host.Host.Type;
import com.cloud.resource.ServerResource;
import com.cloud.resource.ServerResourceBase;
import com.cloud.utils.NumbersUtil;
+import com.cloud.utils.ReflectUtil;
import com.cloud.utils.net.NetUtils;
import com.cloud.utils.script.Script;
import com.google.gson.Gson;
@@ -315,20 +316,19 @@ public class ConsoleProxyResource extends ServerResourceBase implements ServerRe
private void launchConsoleProxy(final byte[] ksBits, final String ksPassword, final String encryptorPassword) {
final Object resource = this;
+ s_logger.info("Building class loader for com.cloud.consoleproxy.ConsoleProxy");
+ final ClassLoader loader = ReflectUtil.getClassLoaderForName("console-proxy");
if (_consoleProxyMain == null) {
+ s_logger.info("Running com.cloud.consoleproxy.ConsoleProxy with encryptor password=" + encryptorPassword);
_consoleProxyMain = new Thread(new ManagedContextRunnable() {
@Override
protected void runInContext() {
try {
- Class<?> consoleProxyClazz = Class.forName("com.cloud.consoleproxy.ConsoleProxy");
+ Class<?> consoleProxyClazz = loader.loadClass("com.cloud.consoleproxy.ConsoleProxy");
try {
- s_logger.info("Invoke setEncryptorPassword(), ecnryptorPassword: " + encryptorPassword);
- Method methodSetup = consoleProxyClazz.getMethod("setEncryptorPassword", String.class);
- methodSetup.invoke(null, encryptorPassword);
-
s_logger.info("Invoke startWithContext()");
- Method method = consoleProxyClazz.getMethod("startWithContext", Properties.class, Object.class, byte[].class, String.class);
- method.invoke(null, _properties, resource, ksBits, ksPassword);
+ Method method = consoleProxyClazz.getMethod("startWithContext", Properties.class, Object.class, byte[].class, String.class, String.class);
+ method.invoke(null, _properties, resource, ksBits, ksPassword, encryptorPassword);
} catch (SecurityException e) {
s_logger.error("Unable to launch console proxy due to SecurityException", e);
System.exit(ExitStatus.Error.value());
@@ -357,7 +357,7 @@ public class ConsoleProxyResource extends ServerResourceBase implements ServerRe
s_logger.info("com.cloud.consoleproxy.ConsoleProxy is already running");
try {
- Class<?> consoleProxyClazz = Class.forName("com.cloud.consoleproxy.ConsoleProxy");
+ Class<?> consoleProxyClazz = loader.loadClass("com.cloud.consoleproxy.ConsoleProxy");
Method methodSetup = consoleProxyClazz.getMethod("setEncryptorPassword", String.class);
methodSetup.invoke(null, encryptorPassword);
} catch (SecurityException e) {
@@ -441,6 +441,11 @@ public class ConsoleProxyResource extends ServerResourceBase implements ServerRe
}
@Override
+ public boolean stop() {
+ return true;
+ }
+
+ @Override
public void setName(String name) {
}
diff --git a/core/src/com/cloud/network/HAProxyConfigurator.java b/core/src/com/cloud/network/HAProxyConfigurator.java
index d3db0db..3b5f23f 100644
--- a/core/src/com/cloud/network/HAProxyConfigurator.java
+++ b/core/src/com/cloud/network/HAProxyConfigurator.java
@@ -48,7 +48,7 @@ public class HAProxyConfigurator implements LoadBalancerConfigurator {
private static String[] defaultsSection = {"defaults", "\tlog global", "\tmode tcp", "\toption dontlognull", "\tretries 3", "\toption redispatch",
"\toption forwardfor", "\toption forceclose", "\ttimeout connect 5000", "\ttimeout client 50000", "\ttimeout server 50000"};
- private static String[] defaultListen = {"listen vmops 0.0.0.0:9", "\toption transparent"};
+ private static String[] defaultListen = {"listen vmops", "\tbind 0.0.0.0:9", "\toption transparent"};
@Override
public String[] generateConfiguration(final List<PortForwardingRuleTO> fwRules) {
@@ -100,7 +100,10 @@ public class HAProxyConfigurator implements LoadBalancerConfigurator {
final List<String> result = new ArrayList<String>();
// add line like this: "listen 65_37_141_30-80 65.37.141.30:80"
StringBuilder sb = new StringBuilder();
- sb.append("listen ").append(poolName).append(" ").append(publicIP).append(":").append(publicPort);
+ sb.append("listen ").append(poolName);
+ result.add(sb.toString());
+ sb = new StringBuilder();
+ sb.append("\tbind ").append(publicIP).append(":").append(publicPort);
result.add(sb.toString());
sb = new StringBuilder();
// FIXME sb.append("\t").append("balance ").append(algorithm);
@@ -474,9 +477,12 @@ public class HAProxyConfigurator implements LoadBalancerConfigurator {
final String algorithm = lbTO.getAlgorithm();
final List<String> result = new ArrayList<String>();
- // add line like this: "listen 65_37_141_30-80 65.37.141.30:80"
+ // add line like this: "listen 65_37_141_30-80\n\tbind 65.37.141.30:80"
+ sb = new StringBuilder();
+ sb.append("listen ").append(poolName);
+ result.add(sb.toString());
sb = new StringBuilder();
- sb.append("listen ").append(poolName).append(" ").append(publicIP).append(":").append(publicPort);
+ sb.append("\tbind ").append(publicIP).append(":").append(publicPort);
result.add(sb.toString());
sb = new StringBuilder();
sb.append("\t").append("balance ").append(algorithm);
@@ -552,7 +558,7 @@ public class HAProxyConfigurator implements LoadBalancerConfigurator {
}
private String generateStatsRule(final LoadBalancerConfigCommand lbCmd, final String ruleName, final String statsIp) {
- final StringBuilder rule = new StringBuilder("\nlisten ").append(ruleName).append(" ").append(statsIp).append(":").append(lbCmd.lbStatsPort);
+ final StringBuilder rule = new StringBuilder("\nlisten ").append(ruleName).append("\n\tbind ").append(statsIp).append(":").append(lbCmd.lbStatsPort);
// TODO DH: write test for this in both cases
if (!lbCmd.keepAliveEnabled) {
s_logger.info("Haproxy mode http enabled");
diff --git a/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java b/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java
index 6405037..200f266 100644
--- a/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java
+++ b/core/test/com/cloud/agent/resource/virtualnetwork/VirtualRoutingResourceTest.java
@@ -834,7 +834,8 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer {
"\ttimeout client 50000\n" +
"\ttimeout server 50000\n" +
"\n" +
- "listen stats_on_guest 10.1.10.2:8081\n" +
+ "listen stats_on_guest\n" +
+ "\tbind 10.1.10.2:8081\n" +
"\tmode http\n" +
"\toption httpclose\n" +
"\tstats enable\n" +
@@ -843,7 +844,8 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer {
"\tstats auth admin1:AdMiN123\n" +
"\n" +
"\t \n" +
- "listen 64_10_1_10-80 64.10.1.10:80\n" +
+ "listen 64_10_1_10-80\n" +
+ "\tbind 64.10.1.10:80\n" +
"\tbalance algo\n" +
"\tserver 64_10_1_10-80_0 10.1.10.2:80 check\n" +
"\tmode http\n" +
@@ -917,4 +919,4 @@ public class VirtualRoutingResourceTest implements VirtualRouterDeployer {
assertTrue(args.startsWith("-c /var/cache/cloud/VR-"));
assertTrue(args.endsWith(".cfg"));
}
-}
\ No newline at end of file
+}
diff --git a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxy.java b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxy.java
index 863f0bf..f0c3c4e 100644
--- a/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxy.java
+++ b/services/console-proxy/server/src/com/cloud/consoleproxy/ConsoleProxy.java
@@ -26,21 +26,18 @@ import java.lang.reflect.Method;
import java.net.InetSocketAddress;
import java.net.URISyntaxException;
import java.net.URL;
-import java.security.NoSuchAlgorithmException;
-import java.security.SecureRandom;
import java.util.Hashtable;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.Executor;
-import org.apache.commons.codec.binary.Base64;
import org.apache.log4j.xml.DOMConfigurator;
-import com.google.gson.Gson;
-import com.sun.net.httpserver.HttpServer;
-
import com.cloud.consoleproxy.util.Logger;
import com.cloud.utils.PropertiesUtil;
+import com.cloud.utils.ReflectUtil;
+import com.google.gson.Gson;
+import com.sun.net.httpserver.HttpServer;
/**
*
@@ -74,25 +71,11 @@ public class ConsoleProxy {
static String factoryClzName;
static boolean standaloneStart = false;
- static String encryptorPassword = genDefaultEncryptorPassword();
-
- private static String genDefaultEncryptorPassword() {
- try {
- SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
-
- byte[] randomBytes = new byte[16];
- random.nextBytes(randomBytes);
- return Base64.encodeBase64String(randomBytes);
- } catch (NoSuchAlgorithmException e) {
- s_logger.error("Unexpected exception ", e);
- assert (false);
- }
-
- return "Dummy";
- }
+ static String encryptorPassword = "Dummy";
private static void configLog4j() {
- URL configUrl = System.class.getResource("/conf/log4j-cloud.xml");
+ final ClassLoader loader = ReflectUtil.getClassLoaderForName("conf");
+ URL configUrl = loader.getResource("/conf/log4j-cloud.xml");
if (configUrl == null)
configUrl = ClassLoader.getSystemResource("log4j-cloud.xml");
@@ -249,23 +232,25 @@ public class ConsoleProxy {
}
}
- public static void startWithContext(Properties conf, Object context, byte[] ksBits, String ksPassword) {
+ public static void startWithContext(Properties conf, Object context, byte[] ksBits, String ksPassword, String password) {
+ setEncryptorPassword(password);
+ configLog4j();
+ Logger.setFactory(new ConsoleProxyLoggerFactory());
s_logger.info("Start console proxy with context");
+
if (conf != null) {
for (Object key : conf.keySet()) {
s_logger.info("Context property " + (String)key + ": " + conf.getProperty((String)key));
}
}
- configLog4j();
- Logger.setFactory(new ConsoleProxyLoggerFactory());
-
// Using reflection to setup private/secure communication channel towards management server
ConsoleProxy.context = context;
ConsoleProxy.ksBits = ksBits;
ConsoleProxy.ksPassword = ksPassword;
try {
- Class<?> contextClazz = Class.forName("com.cloud.agent.resource.consoleproxy.ConsoleProxyResource");
+ final ClassLoader loader = ReflectUtil.getClassLoaderForName("agent");
+ Class<?> contextClazz = loader.loadClass("com.cloud.agent.resource.consoleproxy.ConsoleProxyResource");
authMethod = contextClazz.getDeclaredMethod("authenticateConsoleAccess", String.class, String.class, String.class, String.class, String.class, Boolean.class);
reportMethod = contextClazz.getDeclaredMethod("reportLoadInfo", String.class);
ensureRouteMethod = contextClazz.getDeclaredMethod("ensureRoute", String.class);
diff --git a/setup/db/db/schema-41000to41100.sql b/setup/db/db/schema-41000to41100.sql
index 0b099d6..5cb0348 100644
--- a/setup/db/db/schema-41000to41100.sql
+++ b/setup/db/db/schema-41000to41100.sql
@@ -460,3 +460,6 @@ CREATE TABLE `cloud`.`nic_extra_dhcp_options` (
PRIMARY KEY (`id`),
CONSTRAINT `fk_nic_extra_dhcp_options_nic_id` FOREIGN KEY (`nic_id`) REFERENCES `nics`(`id`) ON DELETE CASCADE
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+-- Change monitor patch for apache2 in systemvm
+UPDATE `cloud`.`monitoring_services` SET pidfile="/var/run/apache2/apache2.pid" WHERE process_name="apache2" AND service_name="apache2";
diff --git a/systemvm/conf/log4j-cloud.xml b/systemvm/conf/log4j-cloud.xml
index 9c26bf4..b32bb57 100644
--- a/systemvm/conf/log4j-cloud.xml
+++ b/systemvm/conf/log4j-cloud.xml
@@ -18,37 +18,67 @@ specific language governing permissions and limitations
under the License.
-->
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
-
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false">
<!-- ================================= -->
<!-- Preserve messages in a local file -->
<!-- ================================= -->
- <!-- A time/date based rolling appender -->
- <appender name="FILE" class="org.apache.log4j.DailyRollingFileAppender">
- <param name="File" value="${log.home}systemvm.log"/>
+ <appender name="FILE1" class="org.apache.log4j.RollingFileAppender">
+ <param name="File" value="/var/log/cloud.log"/>
+ <param name="MaxFileSize" value="10000KB"/>
+ <param name="MaxBackupIndex" value="4"/>
+
+ <layout class="org.apache.log4j.EnhancedPatternLayout">
+ <param name="ConversionPattern" value="%d{ISO8601}{GMT} %-5p [%c{3}] (%t:%x) %m%n"/>
+ </layout>
+ </appender>
+
+ <appender name="FILE2" class="org.apache.log4j.RollingFileAppender">
+ <param name="File" value="/var/log/cloud/cloud.out"/>
+ <param name="Append" value="true"/>
+ <param name="MaxFileSize" value="10000KB"/>
+ <param name="MaxBackupIndex" value="4"/>
+
+ <layout class="org.apache.log4j.EnhancedPatternLayout">
+ <param name="ConversionPattern" value="%d{ISO8601}{GMT} %-5p [%c{3}] (%t:%x) %m%n"/>
+ </layout>
+ </appender>
+
+ <appender name="FILE3" class="org.apache.log4j.rolling.RollingFileAppender">
+ <param name="File" value="/usr/local/cloud/systemvm/cloud.log"/>
+ <param name="Append" value="true"/>
+ <param name="MaxFileSize" value="10000KB"/>
+ <param name="MaxBackupIndex" value="4"/>
+
+ <layout class="org.apache.log4j.EnhancedPatternLayout">
+ <param name="ConversionPattern" value="%d{ISO8601}{GMT} %-5p [%c{3}] (%t:%x) %m%n"/>
+ </layout>
+ </appender>
+
+ <appender name="APISERVER" class="org.apache.log4j.rolling.RollingFileAppender">
<param name="Append" value="true"/>
<param name="Threshold" value="DEBUG"/>
+ <rollingPolicy class="org.apache.log4j.rolling.TimeBasedRollingPolicy">
+ <param name="FileNamePattern" value="/var/log/cloud/api-server.log.%d{yyyy-MM-dd}{GMT}.gz"/>
+ <param name="ActiveFileName" value="/var/log/cloud/api-server.log"/>
+ </rollingPolicy>
- <!-- Rollover at midnight each day -->
- <param name="DatePattern" value="'.'yyyy-MM-dd"/>
-
- <layout class="org.apache.log4j.PatternLayout">
- <param name="ConversionPattern" value="%d %-5p [%c{3}] (%t:%x) %m%n"/>
+ <layout class="org.apache.log4j.EnhancedPatternLayout">
+ <param name="ConversionPattern" value="%d{ISO8601}{GMT} %m%n"/>
</layout>
</appender>
-
+
<!-- ============================== -->
<!-- Append messages to the console -->
<!-- ============================== -->
<appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
<param name="Target" value="System.out"/>
- <param name="Threshold" value="WARN"/>
+ <param name="Threshold" value="INFO"/>
- <layout class="org.apache.log4j.PatternLayout">
- <param name="ConversionPattern" value="%d{ABSOLUTE} %5p %c{1}:%L - %m%n"/>
+ <layout class="org.apache.log4j.EnhancedPatternLayout">
+ <param name="ConversionPattern" value="%d{ABSOLUTE}{GMT} %5p %c{1}:%L - %m%n"/>
</layout>
</appender>
@@ -56,26 +86,14 @@ under the License.
<!-- Limit categories -->
<!-- ================ -->
- <category name="com.cloud.console.ConsoleCanvas">
- <priority value="WARN"/>
- </category>
-
- <category name="com.cloud.consoleproxy.ConsoleProxyAjaxImageHandler">
- <priority value="WARN"/>
- </category>
-
- <category name="com.cloud.consoleproxy.ConsoleProxyViewer">
- <priority value="WARN"/>
- </category>
-
- <category name="com.cloud.consoleproxy">
- <priority value="INFO"/>
+ <category name="com.cloud">
+ <priority value="DEBUG"/>
</category>
- <category name="com.cloud">
+ <category name="org.apache.cloudstack">
<priority value="DEBUG"/>
</category>
-
+
<!-- Limit the org.apache category to INFO as its DEBUG is verbose -->
<category name="org.apache">
<priority value="INFO"/>
@@ -84,20 +102,19 @@ under the License.
<category name="org">
<priority value="INFO"/>
</category>
-
+
<category name="net">
<priority value="INFO"/>
</category>
- <!-- Limit the com.amazonaws category to INFO as its DEBUG is verbose -->
- <category name="com.amazonaws">
- <priority value="INFO"/>
+ <category name="apiserver.com.cloud">
+ <priority value="DEBUG"/>
</category>
- <!-- Limit the httpclient.wire category to INFO as its DEBUG is verbose -->
- <category name="httpclient.wire">
- <priority value="INFO"/>
- </category>
+ <logger name="apiserver.com.cloud" additivity="false">
+ <level value="DEBUG"/>
+ <appender-ref ref="APISERVER"/>
+ </logger>
<!-- ======================= -->
<!-- Setup the Root category -->
@@ -106,7 +123,9 @@ under the License.
<root>
<level value="INFO"/>
<appender-ref ref="CONSOLE"/>
- <appender-ref ref="FILE"/>
+ <appender-ref ref="FILE1"/>
+ <appender-ref ref="FILE2"/>
+ <appender-ref ref="FILE3"/>
</root>
</log4j:configuration>
diff --git a/systemvm/patches/debian/config/etc/apache2/vhost.template b/systemvm/patches/debian/config/etc/apache2/vhost.template
index 043a286..7b89c3b 100644
--- a/systemvm/patches/debian/config/etc/apache2/vhost.template
+++ b/systemvm/patches/debian/config/etc/apache2/vhost.template
@@ -83,9 +83,6 @@
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
- # Include CORS configuration **IF SET**
- Include /etc/apache2/[cC][oO][rR][sS].conf
-
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
@@ -228,12 +225,8 @@
# README.Debian.gz
Listen 10.1.1.1:80
-NameVirtualHost 10.1.1.1:80
<IfModule mod_ssl.c>
- # If you add NameVirtualHost *:443 here, you will also have to change
- # the VirtualHost statement in /etc/apache2/sites-available/default-ssl
- # to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
Listen 10.1.1.1:443
diff --git a/systemvm/patches/debian/config/etc/default/cloud-passwd-srvr b/systemvm/patches/debian/config/etc/default/cloud-passwd-srvr
deleted file mode 100644
index 0b85c63..0000000
--- a/systemvm/patches/debian/config/etc/default/cloud-passwd-srvr
+++ /dev/null
@@ -1,19 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-#set ENABLED to 1 if you want the init script to start the password server
-ENABLED=0
diff --git a/systemvm/patches/debian/config/etc/haproxy/haproxy.cfg b/systemvm/patches/debian/config/etc/haproxy/haproxy.cfg
index 94737ac..0adbfc6 100644
--- a/systemvm/patches/debian/config/etc/haproxy/haproxy.cfg
+++ b/systemvm/patches/debian/config/etc/haproxy/haproxy.cfg
@@ -22,5 +22,6 @@ defaults
timeout server 50000
-listen cloud-default 0.0.0.0:35999
+listen cloud-default
+ bind 0.0.0.0:35999
option transparent
diff --git a/systemvm/patches/debian/config/etc/init.d/cloud-early-config b/systemvm/patches/debian/config/etc/init.d/cloud-early-config
index 6eaed91..9964f90 100755
--- a/systemvm/patches/debian/config/etc/init.d/cloud-early-config
+++ b/systemvm/patches/debian/config/etc/init.d/cloud-early-config
@@ -5,7 +5,7 @@
# Required-Stop: $local_fs
# Default-Start: S
# Default-Stop: 0 6
-# Short-Description: configure according to cmdline
+# Short-Description: configures systemvm using cmdline
### END INIT INFO
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
@@ -24,21 +24,14 @@
# specific language governing permissions and limitations
# under the License.
-PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
#set -x
#exec 3>&0 4>&1 > /var/log/test.log 2>&1
-#start hv_kvp daemon
-[ -f /usr/sbin/hv_kvp_daemon ] && /usr/sbin/hv_kvp_daemon
-
-# Fix haproxy directory issue
-mkdir -p /var/lib/haproxy
+PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
+CMDLINE=/var/cache/cloud/cmdline
# Clear boot up flag, it would be created by rc.local after boot up done
rm -f /var/cache/cloud/boot_up_done
-# Randomize cloud password so only ssh login is allowed
-echo "cloud:`openssl rand -base64 32`" | chpasswd
-
[ -x /sbin/ifup ] || exit 0
. /lib/lsb/init-functions
@@ -48,71 +41,45 @@ log_it() {
log_action_msg "$@"
}
-init_interfaces_orderby_macs() {
- macs=( $(echo $1 | sed "s/|/ /g") )
- total_nics=${#macs[@]}
- interface_file=${2:-"/etc/network/interfaces"}
- rule_file=${3:-"/etc/udev/rules.d/70-persistent-net.rules"}
-
- echo -n "auto lo" > $interface_file
- for((i=0; i<total_nics; i++))
- do
- if [[ $i < 3 ]]
- then
- echo -n " eth$i" >> $interface_file
- fi
- done
- cat >> $interface_file << EOF
-
-iface lo inet loopback
-
-EOF
-
- echo "" > $rule_file
- for((i=0; i < ${#macs[@]}; i++))
- do
- echo "SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", ATTR{address}==\"${macs[$i]}\", NAME=\"eth$i\"" >> $rule_file
- done
-}
-
-init_interfaces() {
- if [ "$NIC_MACS" == "" ]
- then
- cat > /etc/network/interfaces << EOF
-auto lo $1 $2 $3
-iface lo inet loopback
-
-EOF
- else
- init_interfaces_orderby_macs "$NIC_MACS"
- fi
-}
-
hypervisor() {
- [ -d /proc/xen ] && mount -t xenfs none /proc/xen
- [ -d /proc/xen ] && echo "xen-domU" && return 0
-
local try=$([ -x /usr/sbin/virt-what ] && virt-what | tail -1)
[ "$try" != "" ] && echo $try && return 0
- vmware-checkvm &> /dev/null && echo "vmware" && return 0
-
grep -q QEMU /proc/cpuinfo && echo "kvm" && return 0
grep -q QEMU /var/log/messages && echo "kvm" && return 0
+ [ -d /proc/xen ] && mount -t xenfs none /proc/xen
+ [ -d /proc/xen ] && echo "xen-domU" && return 0
+
+ vmware-checkvm &> /dev/null && echo "vmware" && return 0
+
echo "unknown" && return 1
+}
+config_guest() {
+ if [ "$HYPERVISOR" == "kvm" ]
+ then
+ # Configure hot-plug
+ modprobe acpiphp || true
+ modprobe pci_hotplug || true
+ # Configure serial console FIXME: remove during build we enable it?
+ #sed -i -e "/^serial.*/d" /boot/grub/grub.conf
+ #sed -i -e "/^terminal.*/d" /boot/grub/grub.conf
+ #sed -i -e "/^default.*/a\serial --unit=0 --speed=115200 --parity=no --stop=1" /boot/grub/grub.conf
+ #sed -i -e "/^serial.*/a\terminal --timeout=0 serial console" /boot/grub/grub.conf
+ #sed -i -e "s/\(^kernel.* ro\) \(console.*\)/\1 console=tty0 console=ttyS0,115200n8/" /boot/grub/grub.conf
+ sed -i -e "/^s0:2345:respawn.*/d" /etc/inittab
+ sed -i -e "/6:23:respawn/a\s0:2345:respawn:/sbin/getty -L 115200 ttyS0 vt102" /etc/inittab
+ fi
+ [ ! -d /proc/xen ] && sed -i 's/^vc/#vc/' /etc/inittab && telinit q
+ [ -d /proc/xen ] && sed -i 's/^#vc/vc/' /etc/inittab && telinit q
}
get_boot_params() {
- local EXTRA_MOUNT=/media/extra
- local hyp=$(hypervisor)
- [ $? -ne 0 ] && log_it "Failed to detect hypervisor type, bailing out of early init" && exit 10
-
- case $hyp in
+ case $HYPERVISOR in
xen-domU|xen-hvm)
- cat /proc/cmdline > /var/cache/cloud/cmdline
- sed -i "s/%/ /g" /var/cache/cloud/cmdline
+ cat /proc/cmdline > $CMDLINE
+ sed -i "s/%/ /g" $CMDLINE
;;
kvm)
VPORT=$(find /dev/virtio-ports -type l -name '*.vport' 2>/dev/null|head -1)
@@ -125,66 +92,79 @@ get_boot_params() {
log_it "${VPORT} not loaded, perhaps guest kernel is too old." && exit 2
fi
- local factor=2
- local progress=1
- for i in {1..5}
- do
- while read line; do
- if [[ $line == cmdline:* ]]; then
- cmd=${line//cmdline:/}
- echo $cmd > /var/cache/cloud/cmdline
- elif [[ $line == pubkey:* ]]; then
- pubkey=${line//pubkey:/}
- echo $pubkey > /var/cache/cloud/authorized_keys
- echo $pubkey > /root/.ssh/authorized_keys
+ local factor=2
+ local progress=1
+ for i in {1..5}
+ do
+ while read line; do
+ if [[ $line == cmdline:* ]]; then
+ cmd=${line//cmdline:/}
+ echo $cmd > $CMDLINE
+ elif [[ $line == pubkey:* ]]; then
+ pubkey=${line//pubkey:/}
+ echo $pubkey > /var/cache/cloud/authorized_keys
+ echo $pubkey > /root/.ssh/authorized_keys
fi
- done < $VPORT
- # In case of reboot we do not send the boot args again.
- # So, no need to wait for them, as the boot args are already set at startup
- if [ -s /var/cache/cloud/cmdline ]
- then
+ done < $VPORT
+ # In case of reboot we do not send the boot args again.
+ # So, no need to wait for them, as the boot args are already set at startup
+ if [ -s $CMDLINE ]
+ then
log_it "Found a non empty cmdline file. Will now exit the loop and proceed with configuration."
break;
fi
sleep ${progress}s
progress=$[ progress * factor ]
- done
+ done
chmod go-rwx /root/.ssh/authorized_keys
;;
vmware)
- vmtoolsd --cmd 'machine.id.get' > /var/cache/cloud/cmdline
+ vmtoolsd --cmd 'machine.id.get' > $CMDLINE
;;
virtualpc|hyperv)
# Hyper-V is recognized as virtualpc hypervisor type. Boot args are passed using KVP Daemon
#waiting for the hv_kvp_daemon to start up
#sleep need to fix the race condition of hv_kvp_daemon and cloud-early-config
+ [ -f /usr/sbin/hv_kvp_daemon ] && /usr/sbin/hv_kvp_daemon
sleep 5
- cp -f /var/opt/hyperv/.kvp_pool_0 /var/cache/cloud/cmdline
+ cp -f /var/opt/hyperv/.kvp_pool_0 $CMDLINE
cat /dev/null > /var/opt/hyperv/.kvp_pool_0
;;
virtualbox)
# Virtualbox is used to test the virtual router
# get the commandline from a dmistring (yes, hacky!)
- dmidecode | grep cmdline | sed 's/^.*cmdline://' > /var/cache/cloud/cmdline
+ dmidecode | grep cmdline | sed 's/^.*cmdline://' > $CMDLINE
RV=$?
if [ $RV -ne 0 ] ; then
log_it "Failed to get cmdline from a virtualbox dmi property"
fi
;;
esac
+}
+get_systemvm_type() {
+ for str in $(cat $CMDLINE)
+ do
+ KEY=$(echo $str | cut -d= -f1)
+ VALUE=$(echo $str | cut -d= -f2)
+ case $KEY in
+ type)
+ export TYPE=$VALUE
+ ;;
+ *)
+ ;;
+ esac
+ done
}
patch() {
local PATCH_MOUNT=/media/cdrom
local patchfile=$PATCH_MOUNT/cloud-scripts.tgz
- local md5file=/var/cache/cloud/cloud-scripts-signature
local privkey=$PATCH_MOUNT/authorized_keys
- local shouldpatch=false
+ local md5file=/var/cache/cloud/cloud-scripts-signature
local cdrom_dev=
mkdir -p $PATCH_MOUNT
-
if [ -e /dev/xvdd ]; then
cdrom_dev=/dev/xvdd
elif [ -e /dev/cdrom ]; then
@@ -196,1370 +176,101 @@ patch() {
elif [ -e /dev/cdrom3 ]; then
cdrom_dev=/dev/cdrom3
fi
+
[ -f /var/cache/cloud/authorized_keys ] && privkey=/var/cache/cloud/authorized_keys
if [ -n "$cdrom_dev" ]; then
mount -o ro $cdrom_dev $PATCH_MOUNT
- [ -f $privkey ] && cp -f $privkey /root/.ssh/ && chmod go-rwx /root/.ssh/authorized_keys
local oldmd5=
[ -f ${md5file} ] && oldmd5=$(cat ${md5file})
local newmd5=
[ -f ${patchfile} ] && newmd5=$(md5sum ${patchfile} | awk '{print $1}')
-
- if [ "$oldmd5" != "$newmd5" ] && [ -f ${patchfile} ] && [ "$newmd5" != "" ]
+
+ log_it "Scripts checksum detected: oldmd5=$oldmd5 newmd5=$newmd5"
+ if [ "$oldmd5" != "$newmd5" ] && [ -f ${patchfile} ] && [ "$newmd5" != "" ]
then
- shouldpatch=true
- log_it "Patching scripts oldmd5=$oldmd5 newmd5=$newmd5"
tar xzf $patchfile -C /
echo ${newmd5} > ${md5file}
+ log_it "Patched scripts using $patchfile"
fi
- log_it "Patching cloud service"
- hyperVisor=$(hypervisor)
- /opt/cloud/bin/patchsystemvm.sh $PATCH_MOUNT $hyperVisor
- umount $PATCH_MOUNT
-
- if [ "$shouldpatch" == "true" ]
- then
- log_it "Rebooting system since we patched init scripts"
- sync
- sleep 2
- reboot
- fi
- fi
- if [ -f /mnt/cmdline ]; then
- cat /mnt/cmdline > /var/cache/cloud/cmdline
- fi
- return 0
-}
-
-patch_log4j() {
-log_it "Updating log4j-cloud.xml"
-mkdir -p /usr/local/cloud/systemvm/conf
-cat << "EOF" > /usr/local/cloud/systemvm/conf/temp.xml
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
-
-<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false">
-
- <!-- ================================= -->
- <!-- Preserve messages in a local file -->
- <!-- ================================= -->
-
- <appender name="FILE1" class="org.apache.log4j.RollingFileAppender">
- <param name="File" value="/var/log/cloud.log"/>
- <param name="MaxFileSize" value="10000KB"/>
- <param name="MaxBackupIndex" value="4"/>
-
- <layout class="org.apache.log4j.EnhancedPatternLayout">
- <param name="ConversionPattern" value="%d{ISO8601}{GMT} %-5p [%c{3}] (%t:%x) %m%n"/>
- </layout>
- </appender>
-
- <appender name="FILE2" class="org.apache.log4j.RollingFileAppender">
- <param name="File" value="/var/log/cloud/cloud.out"/>
- <param name="Append" value="true"/>
- <param name="MaxFileSize" value="10000KB"/>
- <param name="MaxBackupIndex" value="4"/>
-
- <layout class="org.apache.log4j.EnhancedPatternLayout">
- <param name="ConversionPattern" value="%d{ISO8601}{GMT} %-5p [%c{3}] (%t:%x) %m%n"/>
- </layout>
- </appender>
-
- <appender name="FILE3" class="org.apache.log4j.rolling.RollingFileAppender">
- <param name="File" value="/usr/local/cloud/systemvm/cloud.log"/>
- <param name="Append" value="true"/>
- <param name="MaxFileSize" value="10000KB"/>
- <param name="MaxBackupIndex" value="4"/>
-
- <layout class="org.apache.log4j.EnhancedPatternLayout">
- <param name="ConversionPattern" value="%d{ISO8601}{GMT} %-5p [%c{3}] (%t:%x) %m%n"/>
- </layout>
- </appender>
-
- <appender name="APISERVER" class="org.apache.log4j.rolling.RollingFileAppender">
- <param name="Append" value="true"/>
- <param name="Threshold" value="DEBUG"/>
- <rollingPolicy class="org.apache.log4j.rolling.TimeBasedRollingPolicy">
- <param name="FileNamePattern" value="/var/log/cloud/api-server.log.%d{yyyy-MM-dd}{GMT}.gz"/>
- <param name="ActiveFileName" value="/var/log/cloud/api-server.log"/>
- </rollingPolicy>
-
- <layout class="org.apache.log4j.EnhancedPatternLayout">
- <param name="ConversionPattern" value="%d{ISO8601}{GMT} %m%n"/>
- </layout>
- </appender>
-
- <!-- ============================== -->
- <!-- Append messages to the console -->
- <!-- ============================== -->
-
- <appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
- <param name="Target" value="System.out"/>
- <param name="Threshold" value="INFO"/>
-
- <layout class="org.apache.log4j.EnhancedPatternLayout">
- <param name="ConversionPattern" value="%d{ABSOLUTE}{GMT} %5p %c{1}:%L - %m%n"/>
- </layout>
- </appender>
-
- <!-- ================ -->
- <!-- Limit categories -->
- <!-- ================ -->
-
- <category name="com.cloud">
- <priority value="DEBUG"/>
- </category>
-
- <!-- Limit the org.apache category to INFO as its DEBUG is verbose -->
- <category name="org.apache">
- <priority value="INFO"/>
- </category>
-
- <category name="org">
- <priority value="INFO"/>
- </category>
-
- <category name="net">
- <priority value="INFO"/>
- </category>
-
- <category name="apiserver.com.cloud">
- <priority value="DEBUG"/>
- </category>
-
- <logger name="apiserver.com.cloud" additivity="false">
- <level value="DEBUG"/>
- <appender-ref ref="APISERVER"/>
- </logger>
-
- <!-- ======================= -->
- <!-- Setup the Root category -->
- <!-- ======================= -->
-
- <root>
- <level value="INFO"/>
- <appender-ref ref="CONSOLE"/>
- <appender-ref ref="FILE1"/>
- <appender-ref ref="FILE2"/>
- <appender-ref ref="FILE3"/>
- </root>
-
-</log4j:configuration>
-EOF
-mv /usr/local/cloud/systemvm/conf/temp.xml /usr/local/cloud/systemvm/conf/log4j-cloud.xml
-}
-
-setup_interface() {
- local intfnum=$1
- local ip=$2
- local mask=$3
- local gw=$4
- local force=$5
- local intf=eth${intfnum}
- local bootproto="static"
-
-
- if [ "$BOOTPROTO" == "dhcp" ]
- then
- if [ "$intfnum" != "0" ]
- then
- bootproto="dhcp"
- fi
- fi
-
- if [ "$ip" != "0.0.0.0" -a "$ip" != "" -o "$force" == "force" ]
- then
- echo "iface $intf inet $bootproto" >> /etc/network/interfaces
- if [ "$bootproto" == "static" ]
- then
- echo " address $ip " >> /etc/network/interfaces
- echo " netmask $mask" >> /etc/network/interfaces
- fi
- fi
-
- if [ "$ip" == "0.0.0.0" -o "$ip" == "" ]
- then
- ifconfig $intf down
- fi
-
- if [ "$force" == "force" ]
- then
- ifdown $intf
- else
- ifdown $intf
- if [ "$RROUTER" != "1" -o "$1" != "2" ]
- then
- ifup $intf
- timer=0
- log_it "checking that $intf has IP "
- while true
- do
- ip=$(ifconfig $intf | grep "inet addr:" | awk '{print $2}' | awk -F: '{print $2}')
- if [ -z $ip ]
- then
- sleep 1;
- #waiting for the interface to setup with ip
- log_it "waiting for $intf interface setup with ip timer=$timer"
- else
- break
- fi
-
- if [ $timer -gt 15 ]
- then
- log_it "interface $intf is not set up with ip... exiting";
- break
- fi
-
- timer=`expr $timer + 1`
- done
- fi
- fi
-}
-
-setup_interface_ipv6() {
- sysctl net.ipv6.conf.all.disable_ipv6=0
- sysctl net.ipv6.conf.all.forwarding=1
- sysctl net.ipv6.conf.all.accept_ra=1
-
- sed -i "s/net.ipv6.conf.all.disable_ipv6 =.*$/net.ipv6.conf.all.disable_ipv6 = 0/" /etc/sysctl.conf
- sed -i "s/net.ipv6.conf.all.forwarding =.*$/net.ipv6.conf.all.forwarding = 1/" /etc/sysctl.conf
- sed -i "s/net.ipv6.conf.all.accept_ra =.*$/net.ipv6.conf.all.accept_ra = 1/" /etc/sysctl.conf
-
- local intfnum=$1
- local ipv6="$2"
- local prelen="$3"
- local intf=eth${intfnum}
-
- echo "iface $intf inet6 static" >> /etc/network/interfaces
- echo " address $ipv6 " >> /etc/network/interfaces
- echo " netmask $prelen" >> /etc/network/interfaces
- echo " accept_ra 1" >> /etc/network/interfaces
- ifdown $intf
- ifup $intf
-}
-
-enable_fwding() {
- local enabled=$1
- log_it "cloud: enable_fwding = $1"
- log_it "enable_fwding = $1"
- echo "$1" > /proc/sys/net/ipv4/ip_forward
- [ -f /etc/iptables/iptables.conf ] && sed -i "s/ENABLE_ROUTING=.*$/ENABLE_ROUTING=$enabled/" /etc/iptables/iptables.conf && return
-}
-
-disable_rpfilter() {
- log_it "cloud: disable rp_filter"
- log_it "disable rpfilter"
- sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf
-}
-
-get_public_vif_list() {
- local vif_list=""
- for i in /sys/class/net/eth*; do
- vif=$(basename $i);
- if [ "$vif" != "eth0" ] && [ "$vif" != "eth1" ]
- then
- vif_list="$vif_list $vif";
- fi
- done
-
- echo $vif_list
-}
-
-disable_rpfilter_domR() {
- log_it "cloud: Tuning rp_filter on public interfaces"
-
- VIF_LIST=$(get_public_vif_list)
- log_it "rpfilter public interfaces : $VIF_LIST"
- if [ "$DISABLE_RP_FILTER" == "true" ]
- then
- log_it "cloud: disable rp_filter on public interfaces"
- sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf
- echo "0" > /proc/sys/net/ipv4/conf/default/rp_filter
- for vif in $VIF_LIST; do
- log_it "cloud: disable rp_filter on public interface: $vif"
- sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 0/" /etc/sysctl.conf
- echo "0" > /proc/sys/net/ipv4/conf/$vif/rp_filter
- done
- else
- log_it "cloud: enable rp_filter on public interfaces"
- sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 1/" /etc/sysctl.conf
- echo "1" > /proc/sys/net/ipv4/conf/default/rp_filter
- for vif in $VIF_LIST; do
- log_it "cloud: enable rp_filter on public interface: $vif"
- sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 1/" /etc/sysctl.conf
- echo "1" > /proc/sys/net/ipv4/conf/$vif/rp_filter
- done
- fi
- log_it "cloud: Enabling rp_filter on Non-public interfaces(eth0,eth1,lo)"
- echo "1" > /proc/sys/net/ipv4/conf/eth0/rp_filter
- echo "1" > /proc/sys/net/ipv4/conf/eth1/rp_filter
- echo "1" > /proc/sys/net/ipv4/conf/lo/rp_filter
-}
-
-enable_irqbalance() {
- local enabled=$1
- local proc=0
-
- proc=$(cat /proc/cpuinfo | grep "processor" | wc -l)
- if [ $proc -le 1 ] && [ $enabled -eq 1 ]
- then
- enabled=0
- fi
-
- log_it "Processors = $proc Enable service ${svc} = $enabled"
- local cfg=/etc/default/irqbalance
- [ -f $cfg ] && sed -i "s/ENABLED=.*$/ENABLED=$enabled/" $cfg && return
-}
-
-disable_hvc() {
- [ ! -d /proc/xen ] && sed -i 's/^vc/#vc/' /etc/inittab && telinit q
- [ -d /proc/xen ] && sed -i 's/^#vc/vc/' /etc/inittab && telinit q
-}
-
-enable_vpc_rpsrfs() {
- local enable=$1
- if [ $enable -eq 0 ]
- then
- echo 0 > /etc/rpsrfsenable
- else
- echo 1 > /etc/rpsrfsenable
- fi
-
- return 0
-}
-
-enable_rpsrfs() {
- local enable=$1
-
- if [ $enable -eq 0 ]
- then
- echo 0 > /etc/rpsrfsenable
- return 0
- fi
-
- if [ ! -f /sys/class/net/eth0/queues/rx-0/rps_cpus ]
- then
- echo "rps is not enabled in the kernel"
- echo 0 > /etc/rpsrfsenable
- return 0
- fi
-
- proc=$(cat /proc/cpuinfo | grep "processor" | wc -l)
- if [ $proc -le 1 ]
- then
- echo 0 > /etc/rpsrfsenable
- return 0;
- fi
-
- echo 1 > /etc/rpsrfsenable
- num=1
- num=$(($num<<$proc))
- num=$(($num-1));
- echo $num;
- hex=$(printf "%x\n" $num)
- echo $hex;
- #enable rps
- echo $hex > /sys/class/net/eth0/queues/rx-0/rps_cpus
- echo $hex > /sys/class/net/eth2/queues/rx-0/rps_cpus
-
- #enble rfs
- echo 256 > /proc/sys/net/core/rps_sock_flow_entries
- echo 256 > /sys/class/net/eth0/queues/rx-0/rps_flow_cnt
- echo 256 > /sys/class/net/eth2/queues/rx-0/rps_flow_cnt
-}
-
-setup_common() {
- init_interfaces $1 $2 $3
- if [ -n "$ETH0_IP" ]
- then
- setup_interface "0" $ETH0_IP $ETH0_MASK $GW
- fi
- if [ -n "$ETH0_IP6" ]
- then
- setup_interface_ipv6 "0" $ETH0_IP6 $ETH0_IP6_PRELEN
- fi
- setup_interface "1" $ETH1_IP $ETH1_MASK $GW
- if [ -n "$ETH2_IP" ]
- then
- setup_interface "2" $ETH2_IP $ETH2_MASK $GW
- fi
-
- echo $NAME > /etc/hostname
- echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon
- hostname $NAME
-
- #Nameserver
- sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries
- sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries
- if [ -n "$internalNS1" ]
- then
- echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf
- echo "nameserver $internalNS1" > /etc/resolv.conf
- fi
-
- if [ -n "$internalNS2" ]
- then
- echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf
- echo "nameserver $internalNS2" >> /etc/resolv.conf
- fi
- if [ -n "$NS1" ]
- then
- echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf
- echo "nameserver $NS1" >> /etc/resolv.conf
- fi
-
- if [ -n "$NS2" ]
- then
- echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf
- echo "nameserver $NS2" >> /etc/resolv.conf
- fi
-
- if [ -n "$IP6_NS1" ]
- then
- echo "nameserver $IP6_NS1" >> /etc/dnsmasq-resolv.conf
- echo "nameserver $IP6_NS1" >> /etc/resolv.conf
- fi
- if [ -n "$IP6_NS2" ]
- then
- echo "nameserver $IP6_NS2" >> /etc/dnsmasq-resolv.conf
- echo "nameserver $IP6_NS2" >> /etc/resolv.conf
- fi
-
- if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ]
- then
- ip route add $MGMTNET via $LOCAL_GW dev eth1
- fi
-
- ip route delete default
- if [ "$RROUTER" != "1" ]
- then
- gwdev=$3
- if [ -z "$gwdev" ]
- then
- gwdev="eth0"
- fi
-
- ip route add default via $GW dev $gwdev
- fi
-
- # a hacking way to activate vSwitch under VMware
- ping -n -c 3 $GW &
- sleep 3
- pkill ping
- if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ]
- then
- ping -n -c 3 $LOCAL_GW &
- sleep 3
- pkill ping
- #This code is added to address ARP issue by pinging MGMT_GW
- MGMT_GW=$(echo $MGMTNET | awk -F "." '{print $1"."$2"."$3".1"}')
- ping -n -c 3 $MGMT_GW &
- sleep 3
- pkill ping
-
- fi
-
- local hyp=$(hypervisor)
- if [ "$hyp" == "vmware" ]; then
- ntpq -p &> /dev/null || vmware-toolbox-cmd timesync enable
- fi
-}
+ log_it "Patching cloud service"
+ /opt/cloud/bin/setup/patchsystemvm.sh $PATCH_MOUNT $TYPE
-setup_dnsmasq() {
- log_it "Setting up dnsmasq"
-
- touch /etc/dhcpopts.txt
-
- [ -z $DHCP_RANGE ] && [ $ETH0_IP ] && DHCP_RANGE=$ETH0_IP
- [ $ETH0_IP6 ] && DHCP_RANGE_IP6=$ETH0_IP6
- [ -z $DOMAIN ] && DOMAIN="cloudnine.internal"
- #removing the dnsmasq multiple ranges config file.
- rm /etc/dnsmasq.d/multiple_ranges.conf
-
- #get the template
- cp /etc/dnsmasq.conf.tmpl /etc/dnsmasq.conf
-
- if [ -n "$DOMAIN" ]
- then
- #send domain name to dhcp clients
- sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\"$DOMAIN\"/ /etc/dnsmasq.conf
- #DNS server will append $DOMAIN to local queries
- sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf
- #answer all local domain queries
- sed -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf
- fi
-
- if [ -n "$DNS_SEARCH_ORDER" ]
- then
- sed -i -e "/^[#]*dhcp-option.*=119.*$/d" /etc/dnsmasq.conf
- echo "dhcp-option-force=119,$DNS_SEARCH_ORDER" >> /etc/dnsmasq.conf
- # set the domain search order as a space seprated list for option 15
- DNS_SEARCH_ORDER=$(echo $DNS_SEARCH_ORDER | sed 's/,/ /g')
- #send domain name to dhcp clients
- sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\""$DNS_SEARCH_ORDER"\"/ /etc/dnsmasq.conf
- fi
-
- if [ $DHCP_RANGE ]
- then
- sed -i -e "s/^dhcp-range_ip4=.*$/dhcp-range=$DHCP_RANGE,static/" /etc/dnsmasq.conf
- else
- sed -i -e "s/^dhcp-range_ip4=.*$//" /etc/dnsmasq.conf
- fi
- if [ $DHCP_RANGE_IP6 ]
- then
- sed -i -e "s/^dhcp-range_ip6=.*$/dhcp-range=$DHCP_RANGE_IP6,static/" /etc/dnsmasq.conf
- # For nondefault6 tagged host, don't send dns-server information
- sed -i /nondefault6/d /etc/dnsmasq.conf
- echo "dhcp-option=nondefault6,option6:dns-server" >> /etc/dnsmasq.conf
- else
- sed -i -e "s/^dhcp-range_ip6=.*$//" /etc/dnsmasq.conf
- fi
-
- if [ "$RROUTER" == "1" ]
- then
- DEFAULT_GW=$GUEST_GW
- INTERNAL_DNS=$GUEST_GW
- else
- if [ "$TYPE" == "dhcpsrvr" ]
- then
- DEFAULT_GW=$GW
- else
- DEFAULT_GW=$ETH0_IP
- fi
- INTERNAL_DNS=$ETH0_IP
- fi
- sed -i -e "/^[#]*dhcp-option=option:router.*$/d" /etc/dnsmasq.conf
- [ $DEFAULT_GW ] && echo "dhcp-option=option:router,$DEFAULT_GW" >> /etc/dnsmasq.conf
-
- [ $ETH0_IP ] && [ $NS1 ] && NS="$NS1,"
- [ $ETH0_IP ] && [ $NS2 ] && NS="$NS$NS2,"
- [ $ETH0_IP6 ] && [ $IP6_NS1 ] && NS6="[$IP6_NS1],"
- [ $ETH0_IP6 ] && [ $IP6_NS2 ] && NS6="$NS6[$IP6_NS2],"
- #for now set up ourself as the dns server as well
- sed -i -e "/^[#]*dhcp-option=6,.*$/d" /etc/dnsmasq.conf
- sed -i -e "/^[#]*dhcp-option=option6:dns-server,.*$/d" /etc/dnsmasq.conf
- if [ "$USE_EXTERNAL_DNS" != "true" ]
- then
- [ $ETH0_IP ] && NS="$INTERNAL_DNS,$NS"
- [ $ETH0_IP6 ] && NS6="[::],$NS6"
- # enable dns
- sed -i -e "/^[#]*port=.*$/d" /etc/dnsmasq.conf
- else
- # disable dns
- sed -i -e "/^[#]*port=.*$/d" /etc/dnsmasq.conf
- echo "port=0" >> /etc/dnsmasq.conf
- fi
- NS=${NS%?}
- NS6=${NS6%?}
- [ $ETH0_IP ] && echo "dhcp-option=6,$NS" >> /etc/dnsmasq.conf
- [ $ETH0_IP6 ] && echo "dhcp-option=option6:dns-server,$NS6" >> /etc/dnsmasq.conf
-#adding the name data-server to the /etc/hosts for allowing the access to user-data service and ssh-key reset in every subnet.
-#removing the existing entires to avoid duplicates on restarts.
- sed -i '/data-server/d' /etc/hosts
- if [ -n "$ETH0_IP" ]
- then
- echo "$ETH0_IP data-server" >> /etc/hosts
- fi
- if [ -n "$ETH0_IP6" ]
- then
- echo "$ETH0_IP6 data-server" >> /etc/hosts
- fi
-#add the dhcp-client-update only if dnsmasq version is 2.6 and above
- dnsmasqVersion=$(dnsmasq -v | grep version -m 1 | grep -o "[[:digit:]]\.[[:digit:]]")
- major=$(echo "$dnsmasqVersion" | cut -d '.' -f 1)
- minor=$(echo "$dnsmasqVersion" | cut -d '.' -f 2)
- if [ "$major" -eq '2' -a "$minor" -ge '6' ] || [ "$major" -gt '2' ]
- then
- sed -i -e "/^dhcp-client-update/d" /etc/dnsmasq.conf
- echo 'dhcp-client-update' >> /etc/dnsmasq.conf
- fi
-
- command -v dhcp_release > /dev/null 2>&1
- no_dhcp_release=$?
- if [ $no_dhcp_release -eq 0 -a -z "$ETH0_IP6" ]
- then
- echo 1 > /var/cache/cloud/dnsmasq_managed_lease
- sed -i -e "/^leasefile-ro/d" /etc/dnsmasq.conf
- else
- echo 0 > /var/cache/cloud/dnsmasq_managed_lease
- fi
-}
-
-setup_sshd(){
- local ip=$1
- local eth=$2
- [ -f /etc/ssh/sshd_config ] && sed -i -e "s/^[#]*ListenAddress.*$/ListenAddress $ip/" /etc/ssh/sshd_config
- sed -i "/3922/s/eth./$eth/" /etc/iptables/rules.v4
- sed -i "/3922/s/eth./$eth/" /etc/iptables/rules
- systemctl restart sshd
-}
-
-
-setup_vpc_apache2() {
- log_it "Setting up apache web server for VPC"
- systemctl disable apache2
- clean_ipalias_config
- setup_apache2_common
-}
-
-
-clean_ipalias_config() {
- # Old
- rm -f /etc/apache2/conf.d/ports.*.meta-data.conf
- rm -f /etc/apache2/sites-available/ipAlias*
- rm -f /etc/apache2/sites-enabled/ipAlias*
- rm -f /etc/apache2/conf.d/vhost*.conf
- rm -f /etc/apache2/ports.conf
- rm -f /etc/apache2/vhostexample.conf
- rm -f /etc/apache2/sites-available/default
- rm -f /etc/apache2/sites-available/default-ssl
- rm -f /etc/apache2/sites-enabled/default
- rm -f /etc/apache2/sites-enabled/default-ssl
-
- # New
- rm -f /etc/apache2/sites-enabled/vhost-*.conf
- rm -f /etc/apache2/sites-enabled/000-default
-
- rm -rf /etc/failure_config
-}
-
-setup_apache2_common() {
- sed -i 's/^Include ports.conf.*/# CS: Done by Python CsApp config\n#Include ports.conf/g' /etc/apache2/apache2.conf
- [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerTokens .*/ServerTokens Prod/g" /etc/apache2/conf.d/security
- [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerSignature .*/ServerSignature Off/g" /etc/apache2/conf.d/security
-
- # Disable listing of http://SSVM-IP/icons folder for security issue. see article http://www.i-lateral.com/tutorials/disabling-the-icons-folder-on-an-ubuntu-web-server/
- [ -f /etc/apache2/mods-available/alias.conf ] && sed -i s/"Options Indexes MultiViews"/"Options -Indexes MultiViews"/ /etc/apache2/mods-available/alias.conf
-
- echo "Options -Indexes" > /var/www/html/.htaccess
-}
-
-setup_apache2() {
- log_it "Setting up apache web server"
- clean_ipalias_config
- setup_apache2_common
- local ip=$1
-
- # Deprecated, functionality moved to Cs Python code
- # [ -f /etc/apache2/sites-available/default ] && sed -i -e "s/<VirtualHost.*>/<VirtualHost $ip:80>/" /etc/apache2/sites-available/default
- # [ -f /etc/apache2/sites-available/default-ssl ] && sed -i -e "s/<VirtualHost.*>/<VirtualHost $ip:443>/" /etc/apache2/sites-available/default-ssl
- # [ -f /etc/apache2/ports.conf ] && sed -i -e "s/Listen .*:80/Listen $ip:80/g" /etc/apache2/ports.conf
- # [ -f /etc/apache2/ports.conf ] && sed -i -e "s/Listen .*:443/Listen $ip:443/g" /etc/apache2/ports.conf
- # [ -f /etc/apache2/ports.conf ] && sed -i -e "s/NameVirtualHost .*:80/NameVirtualHost $ip:80/g" /etc/apache2/ports.conf
-}
-
-setup_aesni() {
- if [ `grep aes /proc/cpuinfo | wc -l` -gt 0 ]
- then
- modprobe aesni_intel
- fi
-}
-
-load_modules() {
-
- #load nf modules for ftp
- modprobe nf_nat_ftp
- modprobe nf_conntrack_ftp
-}
-
-setup_router() {
- log_it "Setting up virtual router system vm"
-
- #To save router public interface and gw ip information
- touch /var/cache/cloud/ifaceGwIp
-
- oldmd5=
- [ -f "/etc/udev/rules.d/70-persistent-net.rules" ] && oldmd5=$(md5sum "/etc/udev/rules.d/70-persistent-net.rules" | awk '{print $1}')
-
- if [ -n "$ETH2_IP" ]
- then
- setup_common eth0 eth1 eth2
-
- if [ -n "$EXTRA_PUBNICS" ]
- then
- for((i = 3; i < 3 + $EXTRA_PUBNICS; i++))
- do
- setup_interface "$i" "0.0.0.0" "255.255.255.255" $GW "force"
- done
- fi
- else
- setup_common eth0 eth1
- if [ -n "$EXTRA_PUBNICS" ]
- then
- for((i = 2; i < 2 + $EXTRA_PUBNICS; i++))
- do
- setup_interface "$i" "0.0.0.0" "255.255.255.255" $GW "force"
- done
- fi
- fi
-
- # Moved to Cs Python code
- #if [ -n "$ETH2_IP" -a "$RROUTER" == "1" ]
- #then
- #setup_redundant_router
- #fi
-
- log_it "Checking udev NIC assignment order changes"
- if [ "$NIC_MACS" != "" ]
- then
- init_interfaces_orderby_macs "$NIC_MACS" "/tmp/interfaces" "/tmp/udev-rules"
- newmd5=$(md5sum "/tmp/udev-rules" | awk '{print $1}')
- rm /tmp/interfaces
- rm /tmp/udev-rules
-
- if [ "$oldmd5" != "$newmd5" ]
- then
- log_it "udev NIC assignment requires reboot to take effect"
- sync
- sleep 2
- reboot
- fi
- fi
-
- setup_aesni
- setup_dnsmasq
- setup_apache2 $ETH0_IP
-
- sed -i /gateway/d /etc/hosts
- echo "$ETH0_IP $NAME" >> /etc/hosts
-
-
- systemctl enable dnsmasq haproxy cloud-passwd-srvr
- systemctl restart dnsmasq haproxy cloud-passwd-srvr
- enable_irqbalance 1
- disable_rpfilter_domR
- enable_fwding 1
- enable_rpsrfs 1
- systemctl disable nfs-common
- cp /etc/iptables/iptables-router /etc/iptables/rules.v4
-#for old templates
- cp /etc/iptables/iptables-router /etc/iptables/rules
- setup_sshd $ETH1_IP "eth1"
- load_modules
-
- #Only allow DNS service for current network
- sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
- sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
- sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
- sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
-
- #setup hourly logrotate
- mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1
-
-}
-
-
-
-setup_vpcrouter() {
- log_it "Setting up VPC virtual router system vm"
-
- if [ -f /etc/hosts ]; then
- grep -q $NAME /etc/hosts || echo "127.0.0.1 $NAME" >> /etc/hosts;
- fi
-
- cat > /etc/network/interfaces << EOF
-auto lo eth0
-iface lo inet loopback
-EOF
- setup_interface "0" $ETH0_IP $ETH0_MASK $GW
-
- echo $NAME > /etc/hostname
- echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon
- hostname $NAME
-
- #Nameserver
- sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries
- sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries
- if [ -n "$internalNS1" ]
- then
- echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf
- echo "nameserver $internalNS1" > /etc/resolv.conf
- fi
-
- if [ -n "$internalNS2" ]
- then
- echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf
- echo "nameserver $internalNS2" >> /etc/resolv.conf
- fi
- if [ -n "$NS1" ]
- then
- echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf
- echo "nameserver $NS1" >> /etc/resolv.conf
- fi
-
- if [ -n "$NS2" ]
- then
- echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf
- echo "nameserver $NS2" >> /etc/resolv.conf
- fi
- if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ]
- then
- if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ];
- then
- ip route add $MGMTNET via $LOCAL_GW dev eth0
-
- # a hacking way to activate vSwitch under VMware
- ping -n -c 3 $LOCAL_GW &
- sleep 3
- pkill ping
- fi
- fi
-
- ip route delete default
- # create route table for static route
-
- sudo echo "252 static_route" >> /etc/iproute2/rt_tables 2>/dev/null
- sudo echo "251 static_route_back" >> /etc/iproute2/rt_tables 2>/dev/null
- sudo ip rule add from $VPCCIDR table static_route 2>/dev/null
- sudo ip rule add from $VPCCIDR table static_route_back 2>/dev/null
-
- setup_vpc_apache2
-
- systemctl enable dnsmasq haproxy cloud-passwd-srvr
- enable_irqbalance 1
- enable_vpc_rpsrfs 1
- disable_rpfilter
- enable_fwding 1
- cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules.v4
- cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules
- setup_sshd $ETH0_IP "eth0"
- cp /etc/vpcdnsmasq.conf /etc/dnsmasq.conf
- cp /etc/cloud-nic.rules /etc/udev/rules.d/cloud-nic.rules
- echo "" > /etc/dnsmasq.d/dhcphosts.txt
- echo "dhcp-hostsfile=/etc/dhcphosts.txt" > /etc/dnsmasq.d/cloud.conf
-
- [ -z $DOMAIN ] && DOMAIN="cloudnine.internal"
- #DNS server will append $DOMAIN to local queries
- sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf
- #answer all local domain queries
- sed -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf
-
- command -v dhcp_release > /dev/null 2>&1
- no_dhcp_release=$?
- if [ $no_dhcp_release -eq 0 ]
- then
- echo 1 > /var/cache/cloud/dnsmasq_managed_lease
- sed -i -e "/^leasefile-ro/d" /etc/dnsmasq.conf
- else
- echo 0 > /var/cache/cloud/dnsmasq_managed_lease
- fi
- load_modules
-
- systemctl restart dnsmasq haproxy cloud-passwd-srvr
-
- #setup hourly logrotate
- mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1
-
-}
-
-
-
-setup_dhcpsrvr() {
- log_it "Setting up dhcp server system vm"
- setup_common eth0 eth1
- setup_dnsmasq
- setup_apache2 $ETH0_IP
-
- sed -i /gateway/d /etc/hosts
- [ $ETH0_IP ] && echo "$ETH0_IP $NAME" >> /etc/hosts
- [ $ETH0_IP6 ] && echo "$ETH0_IP6 $NAME" >> /etc/hosts
-
- systemctl enable dnsmasq cloud-passwd-srvr
- systemctl restart dnsmasq cloud-passwd-srvr
- enable_irqbalance 0
- enable_fwding 0
- systemctl disable nfs-common
-
- cp /etc/iptables/iptables-router /etc/iptables/rules.v4
- cp /etc/iptables/iptables-router /etc/iptables/rules
-
- #Only allow DNS service for current network
- sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
- sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
- sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
- sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
-
- if [ "$SSHONGUEST" == "true" ]
- then
- setup_sshd $ETH0_IP "eth0"
- else
- setup_sshd $ETH1_IP "eth1"
- fi
-}
-
-setup_storage_network() {
- if [ x"$STORAGE_IP" == "x" -o x"$STORAGE_NETMASK" == "x" ]
- then
- log_it "Incompleted parameters STORAGE_IP:$STORAGE_IP, STORAGE_NETMASK:$STORAGE_NETMASK, STORAGE_CIDR:$STORAGE_CIDR. Cannot setup storage network"
- return
- fi
-
- echo "" >> /etc/network/interfaces
- echo "auto eth3" >> /etc/network/interfaces
-
- setup_interface "3" "$STORAGE_IP" "$STORAGE_NETMASK"
- [ -n "$MTU" ] && ifconfig eth3 mtu $MTU && echo " mtu $MTU" >> /etc/network/interfaces
- #ip route add "$STORAGE_CIDR" via "$STORAGE_IP"
- log_it "Successfully setup storage network with STORAGE_IP:$STORAGE_IP, STORAGE_NETMASK:$STORAGE_NETMASK, STORAGE_CIDR:$STORAGE_CIDR"
-}
-
-setup_system_rfc1918_internal() {
- public_ip=`getPublicIp`
- echo "$public_ip" | grep -E "^((127\.)|(10\.)|(172\.1[6-9]\.)|(172\.2[0-9]\.)|(172\.3[0-1]\.)|(192\.168\.))"
- if [ "$?" == "0" ]; then
- log_it "Not setting up route of RFC1918 space to $LOCAL_GW befause $public_ip is RFC1918."
- else
- log_it "Setting up route of RFC1918 space to $LOCAL_GW"
- # Setup general route for RFC 1918 space, as otherwise it will be sent to
- # the public gateway and not work
- # More specific routes that may be set have preference over this generic route.
- ip route add 10.0.0.0/8 via $LOCAL_GW
- ip route add 172.16.0.0/12 via $LOCAL_GW
- ip route add 192.168.0.0/16 via $LOCAL_GW
- fi
-}
-
-getPublicIp() {
- public_ip=$ETH2_IP
- [ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH1_IP
- echo $public_ip
-}
-
-setup_ntp() {
- log_it "Setting up NTP"
- NTP_CONF_FILE="/etc/ntp.conf"
- if [ -f $NTP_CONF_FILE ]
- then
- IFS=',' read -a server_list <<< "$NTP_SERVER_LIST"
- for (( iterator=${#server_list[@]}-1 ; iterator>=0 ; iterator-- ))
- do
- server=$(echo ${server_list[iterator]} | tr -d '\r')
- PATTERN="server $server"
- if grep -q "^$PATTERN$" $NTP_CONF_FILE ; then
- sed -i "/^$PATTERN$/d" $NTP_CONF_FILE
- fi
- sed -i "0,/^server/s//$PATTERN\nserver/" $NTP_CONF_FILE
- done
- systemctl restart ntp
- else
- log_it "NTP configuration file not found"
- fi
-}
-
-setup_secstorage() {
- log_it "Setting up secondary storage system vm"
- sysctl vm.min_free_kbytes=8192
- local hyp=$1
- setup_common eth0 eth1 eth2
- setup_storage_network
- setup_system_rfc1918_internal
- sed -i /gateway/d /etc/hosts
- public_ip=`getPublicIp`
- echo "$public_ip $NAME" >> /etc/hosts
-
- cp /etc/iptables/iptables-secstorage /etc/iptables/rules.v4
- cp /etc/iptables/iptables-secstorage /etc/iptables/rules
- if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ]; then
- setup_sshd $ETH1_IP "eth1"
- else
- setup_sshd $ETH0_IP "eth0"
- fi
- setup_apache2 $ETH2_IP
-
- # Deprecated, should move to Cs Python all of it
- sed -e "s/<VirtualHost .*:80>/<VirtualHost $ETH2_IP:80>/" \
- -e "s/<VirtualHost .*:443>/<VirtualHost $ETH2_IP:443>/" \
- -e "s/Listen .*:80/Listen $ETH2_IP:80/g" \
- -e "s/Listen .*:443/Listen $ETH2_IP:443/g" \
- -e "s/NameVirtualHost .*:80/NameVirtualHost $ETH2_IP:80/g" /etc/apache2/vhost.template > /etc/apache2/sites-enabled/vhost-${ETH2_IP}.conf
-
- log_it "setting up apache2 for post upload of volume/template"
- a2enmod proxy
- a2enmod proxy_http
- a2enmod headers
-
- cat >/etc/apache2/cors.conf <<CORS
-RewriteEngine On
-RewriteCond %{HTTPS} =on
-RewriteCond %{REQUEST_METHOD} =POST
-RewriteRule ^/upload/(.*) http://127.0.0.1:8210/upload?uuid=\$1 [P,L]
-Header always set Access-Control-Allow-Origin "*"
-Header always set Access-Control-Allow-Methods "POST, OPTIONS"
-Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token, x-signature, x-metadata, x-expires"
-CORS
-
- disable_rpfilter
- enable_fwding 0
- systemctl disable haproxy dnsmasq cloud-passwd-srvr
- systemctl enable cloud apache2
- systemctl restart cloud apache2
- enable_irqbalance 0
- rm /etc/logrotate.d/cloud
- setup_ntp
-}
-
-setup_console_proxy() {
- log_it "Setting up console proxy system vm"
- local hyp=$1
- setup_common eth0 eth1 eth2
- setup_system_rfc1918_internal
- public_ip=`getPublicIp`
- sed -i /gateway/d /etc/hosts
- echo "$public_ip $NAME" >> /etc/hosts
- cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules.v4
- cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules
- if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ]; then
- setup_sshd $ETH1_IP "eth1"
- else
- setup_sshd $ETH0_IP "eth0"
+ [ -f $privkey ] && cp -f $privkey /root/.ssh/ && chmod go-rwx /root/.ssh/authorized_keys
+ umount $PATCH_MOUNT
fi
- systemctl enable cloud
- disable_rpfilter
- enable_fwding 0
- enable_irqbalance 0
- systemctl disable nfs-common
- rm /etc/logrotate.d/cloud
-}
-
-setup_elbvm() {
- log_it "Setting up Elastic Load Balancer system vm"
- local hyp=$1
- setup_common eth0 eth1
- sed -i /gateway/d /etc/hosts
- public_ip=$ETH2_IP
- [ "$ETH2_IP" == "0.0.0.0" ] || [ "$ETH2_IP" == "" ] && public_ip=$ETH0_IP
- echo "$public_ip $NAME" >> /etc/hosts
-
- cp /etc/iptables/iptables-elbvm /etc/iptables/rules.v4
- cp /etc/iptables/iptables-elbvm /etc/iptables/rules
- if [ "$SSHONGUEST" == "true" ]
- then
- setup_sshd $ETH0_IP "eth0"
- else
- setup_sshd $ETH1_IP "eth1"
+ if [ -f /mnt/cmdline ]; then
+ cat /mnt/cmdline > $CMDLINE
fi
-
- enable_fwding 0
- enable_irqbalance 0
- systemctl disable nfs-common
- systemctl disable portmap
-}
-
-setup_ilbvm() {
- log_it "Setting up Internal Load Balancer system vm"
- local hyp=$1
- setup_common eth0 eth1
- #eth0 = guest network, eth1=control network
-
- sed -i /$NAME/d /etc/hosts
- echo "$ETH0_IP $NAME" >> /etc/hosts
- cp /etc/iptables/iptables-ilbvm /etc/iptables/rules.v4
- cp /etc/iptables/iptables-ilbvm /etc/iptables/rules
- setup_sshd $ETH1_IP "eth1"
-
- enable_fwding 0
- systemctl enable haproxy
- enable_irqbalance 1
- systemctl disable nfs-common
- systemctl disable portmap
-}
-
-setup_default() {
- cat > /etc/network/interfaces << EOF
-auto lo
-iface lo inet loopback
-EOF
- cp -f /etc/iptables/rt_tables_init /etc/iproute2/rt_tables
-}
-
-change_password() {
- if [ x"$VM_PASSWORD" != x"" ]
- then
- echo "root:$VM_PASSWORD" | chpasswd
- fi
+ return 0
}
start() {
# Clear /tmp for file lock
rm -f /tmp/*.lock
rm -f /tmp/rrouter_bumped
- local hyp=$(hypervisor)
+ rm -f /root/.rnd
+ echo "" > /root/.ssh/known_hosts
+
+ export HYPERVISOR=$(hypervisor)
[ $? -ne 0 ] && log_it "Failed to detect hypervisor type, bailing out of early init" && exit 10
- log_it "Detected that we are running inside $hyp guest"
+ log_it "Detected that we are running inside $HYPERVISOR"
+
+ config_guest
get_boot_params
+ get_systemvm_type
patch
- patch_log4j
- parse_cmd_line
- change_password
- case $TYPE in
- router)
- [ "$NAME" == "" ] && NAME=router
- setup_router
- if [ -x /opt/cloud/bin/update_config.py ]
- then
- /opt/cloud/bin/update_config.py cmd_line.json
- fi
- ;;
- vpcrouter)
- [ "$NAME" == "" ] && NAME=vpcrouter
- setup_vpcrouter
- if [ -x /opt/cloud/bin/update_config.py ]
- then
- /opt/cloud/bin/update_config.py cmd_line.json
- fi
- ;;
- dhcpsrvr)
- [ "$NAME" == "" ] && NAME=dhcpsrvr
- setup_dhcpsrvr
- if [ -x /opt/cloud/bin/update_config.py ]
- then
- /opt/cloud/bin/update_config.py cmd_line.json
- fi
- ;;
- secstorage)
- [ "$NAME" == "" ] && NAME=secstorage
- setup_secstorage $hyp;
- ;;
- consoleproxy)
- [ "$NAME" == "" ] && NAME=consoleproxy
- setup_console_proxy $hyp;
- ;;
- elbvm)
- [ "$NAME" == "" ] && NAME=elb
- setup_elbvm
- ;;
- ilbvm)
- [ "$NAME" == "" ] && NAME=ilb
- setup_ilbvm
- ;;
- unknown)
- [ "$NAME" == "" ] && NAME=systemvm
- setup_default;
- ;;
- esac
- if [ "$hyp" == "hyperv" ]; then
- # eject the systemvm.iso
- eject
- fi
- return 0
-}
+ sync
+ sysctl -p
-disable_hvc
+ log_it "Configuring systemvm type=$TYPE"
-parse_cmd_line() {
-CMDLINE=$(cat /var/cache/cloud/cmdline)
-TYPE="unknown"
-BOOTPROTO="static"
-DISABLE_RP_FILTER="false"
-STORAGE_IP=""
-STORAGE_NETMASK=""
-STORAGE_CIDR=""
-VM_PASSWORD=""
+ if [ -f "/opt/cloud/bin/setup/$TYPE.sh" ]; then
+ /opt/cloud/bin/setup/$TYPE.sh
+ else
+ /opt/cloud/bin/setup/default.sh
+ fi
-CHEF_TMP_FILE=/tmp/cmdline.json
-COMMA="\t"
-echo -e "{\n\"type\": \"cmdline\"," > ${CHEF_TMP_FILE}
-echo -e "\n\"cmd_line\": {" >> ${CHEF_TMP_FILE}
+ log_it "Finished setting up systemvm"
-for i in $CMDLINE
- do
- # search for foo=bar pattern and cut out foo
- KEY=$(echo $i | cut -d= -f1)
- VALUE=$(echo $i | cut -d= -f2)
- echo -en ${COMMA} >> ${CHEF_TMP_FILE}
- # Two lines so values do not accidently interpretted as escapes!!
- echo -n \"${KEY}\"': '\"${VALUE}\" >> ${CHEF_TMP_FILE}
- COMMA=",\n\t"
- case $KEY in
- disable_rp_filter)
- DISABLE_RP_FILTER=$VALUE
- ;;
- eth0ip)
- ETH0_IP=$VALUE
- ;;
- eth1ip)
- ETH1_IP=$VALUE
- ;;
- eth2ip)
- ETH2_IP=$VALUE
- ;;
- host)
- MGMT_HOST=$VALUE
- ;;
- gateway)
- GW=$VALUE
- ;;
- ip6gateway)
- IP6GW=$VALUE
- ;;
- eth0mask)
- ETH0_MASK=$VALUE
- ;;
- eth1mask)
- ETH1_MASK=$VALUE
- ;;
- eth2mask)
- ETH2_MASK=$VALUE
- ;;
- eth0ip6)
- ETH0_IP6=$VALUE
- ;;
- eth0ip6prelen)
- ETH0_IP6_PRELEN=$VALUE
- ;;
- internaldns1)
- internalNS1=$VALUE
- ;;
- internaldns2)
- internalNS2=$VALUE
- ;;
- dns1)
- NS1=$VALUE
- ;;
- dns2)
- NS2=$VALUE
- ;;
- ip6dns1)
- IP6_NS1=$VALUE
- ;;
- ip6dns2)
- IP6_NS2=$VALUE
- ;;
- domain)
- DOMAIN=$VALUE
- ;;
- dnssearchorder)
- DNS_SEARCH_ORDER=$VALUE
- ;;
- useextdns)
- USE_EXTERNAL_DNS=$VALUE
- ;;
- mgmtcidr)
- MGMTNET=$VALUE
- ;;
- localgw)
- LOCAL_GW=$VALUE
- ;;
- template)
- TEMPLATE=$VALUE
- ;;
- sshonguest)
- SSHONGUEST=$VALUE
- ;;
- name)
- NAME=$VALUE
- ;;
- dhcprange)
- DHCP_RANGE=$(echo $VALUE | tr ':' ',')
- ;;
- bootproto)
- BOOTPROTO=$VALUE
- ;;
- type)
- TYPE=$VALUE
- ;;
- defaultroute)
- DEFAULTROUTE=$VALUE
- ;;
- redundant_router)
- RROUTER=$VALUE
- ;;
- guestgw)
- GUEST_GW=$VALUE
- ;;
- guestbrd)
- GUEST_BRD=$VALUE
- ;;
- guestcidrsize)
- GUEST_CIDR_SIZE=$VALUE
- ;;
- router_pr)
- ROUTER_PR=$VALUE
- ;;
- extra_pubnics)
- EXTRA_PUBNICS=$VALUE
- ;;
- nic_macs)
- NIC_MACS=$VALUE
- ;;
- mtu)
- MTU=$VALUE
- ;;
- storageip)
- STORAGE_IP=$VALUE
- ;;
- storagenetmask)
- STORAGE_NETMASK=$VALUE
- ;;
- storagecidr)
- STORAGE_CIDR=$VALUE
- ;;
- vmpassword)
- VM_PASSWORD=$VALUE
- ;;
- vpccidr)
- VPCCIDR=$VALUE
- ;;
- cidrsize)
- CIDR_SIZE=$VALUE
- ;;
- advert_int)
- ADVERT_INT=$VALUE
- ;;
- ntpserverlist)
- NTP_SERVER_LIST=$VALUE
- ;;
- esac
-done
-echo -e "\n\t}\n}" >> ${CHEF_TMP_FILE}
-if [ "$TYPE" != "unknown" ]
-then
- mv ${CHEF_TMP_FILE} /var/cache/cloud/cmd_line.json
-fi
-
-[ $ETH0_IP ] && LOCAL_ADDRS=$ETH0_IP
-[ $ETH0_IP6 ] && LOCAL_ADDRS=$ETH0_IP6
-[ $ETH0_IP ] && [ $ETH0_IP6 ] && LOCAL_ADDRS="$ETH0_IP,$ETH0_IP6"
+ return 0
}
case "$1" in
-start)
-
- log_action_begin_msg "Executing cloud-early-config"
- log_it "Executing cloud-early-config"
- if start; then
- log_action_end_msg $?
- else
- log_action_end_msg $?
- fi
- ;;
-
-stop)
- log_action_begin_msg "Stopping cloud-early-config"
- #Override old system's interface setting
- setup_default;
- log_action_end_msg 0
- ;;
-
-force-reload|restart)
-
- log_warning_msg "Running $0 is deprecated because it may not enable again some interfaces"
- log_action_begin_msg "Executing cloud-early-config"
- if start; then
- log_action_end_msg $?
- else
- log_action_end_msg $?
- fi
- ;;
+ start)
+ log_action_begin_msg "Executing cloud-early-config"
+ log_it "Executing cloud-early-config"
+ if start; then
+ log_action_end_msg $?
+ else
+ log_action_end_msg $?
+ fi
+ ;;
+
+ stop)
+ log_action_begin_msg "Stopping cloud-early-config"
+ #Override old system's interface setting
+ setup_default;
+ log_action_end_msg 0
+ ;;
+
+ force-reload|restart)
+ log_warning_msg "Running $0 is deprecated because it may not enable again some interfaces"
+ log_action_begin_msg "Executing cloud-early-config"
+ if start; then
+ log_action_end_msg $?
+ else
+ log_action_end_msg $?
+ fi
+ ;;
-*)
- echo "Usage: /etc/init.d/cloud-early-config {start|stop}"
- exit 1
- ;;
+ *)
+ echo "Usage: /etc/init.d/cloud-early-config {start|stop}"
+ exit 1
+ ;;
esac
exit 0
diff --git a/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr b/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr
index c089e72..05e2f37 100755
--- a/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr
+++ b/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr
@@ -24,9 +24,6 @@
# specific language governing permissions and limitations
# under the License.
-ENABLED=0
-[ -e /etc/default/cloud-passwd-srvr ] && . /etc/default/cloud-passwd-srvr
-
add_iptables_rules()
{
#Delete any old iptables rule for port 8080 on eth0
@@ -72,7 +69,6 @@ remove_iptables_rules()
}
start() {
- [ "$ENABLED" != 0 ] || exit 0
pid=$(getpid)
[ "$pid" != "" ] && echo "Password server is already running (pid=$pid)" && return 0
add_iptables_rules
diff --git a/systemvm/patches/debian/config/etc/init.d/postinit b/systemvm/patches/debian/config/etc/init.d/postinit
deleted file mode 100755
index ddbcb08..0000000
--- a/systemvm/patches/debian/config/etc/init.d/postinit
+++ /dev/null
@@ -1,176 +0,0 @@
-#!/bin/bash -e
-### BEGIN INIT INFO
-# Provides: postinit
-# Required-Start: $local_fs cloud-early-config
-# Required-Stop: $local_fs
-# Default-Start: 2 3 4 5
-# Default-Stop: 0 1 6
-# Short-Description: post-init
-### END INIT INFO
-
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-replace_in_file() {
- local filename=$1
- local keyname=$2
- local value=$3
- sed -i /$keyname=/d $filename
- echo "$keyname=$value" >> $filename
- return $?
-}
-
-setup_secstorage() {
- public_ip=$ETH2_IP
- sed -i /$NAME/d /etc/hosts
- echo "$public_ip $NAME" >> /etc/hosts
- [ -f /etc/httpd/conf/httpd.conf ] && sed -i -e "s/^Listen.*:80$/Listen $public_ip:80/" /etc/httpd/conf/httpd.conf
- [ -f /etc/httpd/conf/httpd.conf ] && sed -i -e "s/^Listen.*:443$/Listen $public_ip:443/" /etc/httpd/conf/httpd.conf
-}
-
-setup_console_proxy() {
- public_ip=$ETH2_IP
- sed -i /$NAME/d /etc/hosts
- echo "$public_ip $NAME" >> /etc/hosts
-}
-
-setup_redundant_router() {
- if [ "$RROUTER" != "1" ]
- then
- return 1
- fi
- rrouter_bin_path="/ramdisk/rrouter"
- eth2mac=`ip link show eth2 | awk '/ether/ {print $2}'`
- sed -i "s/\[ETH2MAC\]/$eth2mac/g" $rrouter_bin_path/enable_pubip.sh
-}
-
-start() {
- case $TYPE in
- secstorage)
- [ "$NAME" == "" ] && NAME=secstorage
- setup_secstorage;
- ;;
- consoleproxy)
- [ "$NAME" == "" ] && NAME=consoleproxy
- setup_console_proxy;
- ;;
- router)
- [ "$NAME" == "" ] && NAME=router
- setup_redundant_router;
- ;;
-
- esac
-}
-
-stop() {
- echo ""
-}
-
-status() {
- echo ""
-}
-
-CMDLINE=$(cat /var/cache/cloud/cmdline)
-TYPE="router"
-BOOTPROTO="static"
-
-for i in $CMDLINE
- do
- # search for foo=bar pattern and cut out foo
- KEY=$(echo $i | cut -d= -f1)
- VALUE=$(echo $i | cut -d= -f2)
- case $KEY in
- eth0ip)
- ETH0_IP=$VALUE
- ;;
- eth1ip)
- ETH1_IP=$VALUE
- ;;
- eth2ip)
- ETH2_IP=$VALUE
- ;;
- gateway)
- GW=$VALUE
- ;;
- eth0mask)
- ETH0_MASK=$VALUE
- ;;
- eth1mask)
- ETH1_MASK=$VALUE
- ;;
- eth2mask)
- ETH2_MASK=$VALUE
- ;;
- dns1)
- NS1=$VALUE
- ;;
- dns2)
- NS2=$VALUE
- ;;
- domain)
- DOMAIN=$VALUE
- ;;
- mgmtcidr)
- MGMTNET=$VALUE
- ;;
- localgw)
- LOCAL_GW=$VALUE
- ;;
- template)
- TEMPLATE=$VALUE
- ;;
- name)
- NAME=$VALUE
- ;;
- dhcprange)
- DHCP_RANGE=$(echo $VALUE | tr ':' ',')
- ;;
- bootproto)
- BOOTPROTO=$VALUE
- ;;
- type)
- TYPE=$VALUE
- ;;
- redundant_router)
- RROUTER=$VALUE
- ;;
- esac
-done
-
-if [ "$BOOTPROTO" == "static" -a "$RROUTER" != "1" ]
-then
- exit 0
-fi
-
-ETH1_IP=$(ifconfig eth1|grep 'inet addr:'|cut -d : -f 2|cut -d \ -f 1)
-ETH2_IP=$(ifconfig eth2|grep 'inet addr:'|cut -d : -f 2|cut -d \ -f 1)
-
-
-case "$1" in
- start) start
- ;;
- stop) stop
- ;;
- status) status
- ;;
- restart) stop
- start
- ;;
- *) echo "Usage: $0 {start|stop|status|restart}"
- exit 1
- ;;
-esac
diff --git a/systemvm/patches/debian/config/etc/rc.local b/systemvm/patches/debian/config/etc/rc.local
index c0b1939..bb4e251 100755
--- a/systemvm/patches/debian/config/etc/rc.local
+++ b/systemvm/patches/debian/config/etc/rc.local
@@ -18,47 +18,61 @@
#under the License.
[ ! -f /var/cache/cloud/enabled_svcs ] && touch /var/cache/cloud/enabled_svcs
-for svc in $(cat /var/cache/cloud/enabled_svcs)
+for svc in $(cat /var/cache/cloud/enabled_svcs)
do
logger -t cloud "Starting $svc"
- service $svc start
+ systemctl enable --now $svc
done
[ ! -f /var/cache/cloud/disabled_svcs ] && touch /var/cache/cloud/disabled_svcs
-for svc in $(cat /var/cache/cloud/disabled_svcs)
+for svc in $(cat /var/cache/cloud/disabled_svcs)
do
logger -t cloud "Stopping $svc"
- service $svc stop
+ systemctl disable --now $svc
done
-CMDLINE=$(cat /var/cache/cloud/cmdline)
-router=$(echo "$CMDLINE" | grep -o type=router)
-vpcrouter=$(echo "$CMDLINE" | grep -o type=vpcrouter)
-if [ "$router" != "" ] || [ "$vpcrouter" != "" ]
+#Restore the persistent iptables nat, rules and filters for IPv4 and IPv6 if they exist
+ipv4="/etc/iptables/router_rules.v4"
+if [ -e $ipv4 ]
then
- echo 1000000 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
- echo 1000000 > /proc/sys/net/netfilter/nf_conntrack_max
- echo 1000000 > /proc/sys/net/nf_conntrack_max
+ iptables-restore < $ipv4
fi
-if [ "$router" != "" ]
+ipv6="/etc/iptables/router_rules.v6"
+if [ -e $ipv6 ]
then
- python /opt/cloud/bin/baremetal-vr.py &
+ iptables-restore < $ipv6
fi
date > /var/cache/cloud/boot_up_done
logger -t cloud "Boot up process done"
-#Restore the persistent iptables nat, rules and filters for IPv4 and IPv6 if they exist
-ipv4="/etc/iptables/router_rules.v4"
-if [ -e $ipv4 ]
+CMDLINE=/var/cache/cloud/cmdline
+for str in $(cat $CMDLINE)
+ do
+ KEY=$(echo $str | cut -d= -f1)
+ VALUE=$(echo $str | cut -d= -f2)
+ case $KEY in
+ type)
+ export TYPE=$VALUE
+ ;;
+ *)
+ ;;
+ esac
+done
+
+if [ "$TYPE" == "router" ]
then
- iptables-restore < $ipv4
+ python /opt/cloud/bin/baremetal-vr.py &
+ logger -t cloud "Started baremetal-vr service"
fi
-ipv6="/etc/iptables/router_rules.v6"
-if [ -e $ipv6 ]
+if [ "$TYPE" == "router" ] || [ "$TYPE" == "vpcrouter" ] || [ "$TYPE" == "dhcpsrvr" ]
then
- iptables-restore < $ipv6
-fi
\ No newline at end of file
+ if [ -x /opt/cloud/bin/update_config.py ]
+ then
+ /opt/cloud/bin/update_config.py cmd_line.json
+ logger -t cloud "Updated config: cmd_line.json"
+ fi
+fi
diff --git a/systemvm/patches/debian/config/etc/sysctl.conf b/systemvm/patches/debian/config/etc/sysctl.conf
index b8a8fe0..91baa5d 100644
--- a/systemvm/patches/debian/config/etc/sysctl.conf
+++ b/systemvm/patches/debian/config/etc/sysctl.conf
@@ -48,7 +48,6 @@ net.ipv4.tcp_syncookies = 1
# disable tcp time stamps
net.ipv4.tcp_timestamps = 0
-net.ipv4.netfilter.ip_conntrack_max = 1000000
net.ipv4.tcp_tw_reuse = 1
net.ipv4.tcp_max_tw_buckets = 1000000
net.core.somaxconn = 65535
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/configure.py b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
index bc5349a..68d1c26 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/configure.py
@@ -678,13 +678,13 @@ class CsRemoteAccessVpn(CsDataBag):
self.remoteaccessvpn_iptables(public_ip, self.dbag[public_ip])
CsHelper.execute("ipsec update")
- CsHelper.execute("service xl2tpd start")
+ CsHelper.execute("systemctl start xl2tpd")
CsHelper.execute("ipsec rereadsecrets")
else:
logging.debug("Disabling remote access vpn .....")
#disable remote access vpn
CsHelper.execute("ipsec down L2TP-PSK")
- CsHelper.execute("service xl2tpd stop")
+ CsHelper.execute("systemctl stop xl2tpd")
def configure_l2tpIpsec(self, left, obj):
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py
index 9762e04..496a0e7 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsApp.py
@@ -49,7 +49,6 @@ class CsApache(CsApp):
file.search("<VirtualHost.*:443>", "\t<VirtualHost %s:443>" % (self.ip))
file.search("Listen .*:80", "Listen %s:80" % (self.ip))
file.search("Listen .*:443", "Listen %s:443" % (self.ip))
- file.search("NameVirtualHost .*:80", "NameVirtualHost %s:80" % (self.ip))
file.search("ServerName.*", "\tServerName %s.%s" % (self.config.cl.get_type(), self.config.get_domain()))
if file.is_changed():
file.commit()
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py
index da9e616..b645679 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsDhcp.py
@@ -70,8 +70,8 @@ class CsDhcp(CsDataBag):
continue
device = i['dev']
ip = i['ip'].split('/')[0]
- sline = "dhcp-range=interface:%s,set:interface-%s-%s" % (device, device, idx)
- line = "dhcp-range=interface:%s,set:interface-%s-%s,%s,static" % (device, device, idx, ip)
+ sline = "dhcp-range=set:interface-%s-%s" % (device, idx)
+ line = "dhcp-range=set:interface-%s-%s,%s,static" % (device, idx, ip)
self.conf.search(sline, line)
gn = CsGuestNetwork(device, self.config)
sline = "dhcp-option=tag:interface-%s-%s,15" % (device, idx)
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py
index d0e512e..7ff32ee 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py
+++ b/systemvm/patches/debian/config/opt/cloud/bin/cs/CsHelper.py
@@ -212,14 +212,14 @@ def execute2(command):
def service(name, op):
- execute("service %s %s" % (name, op))
+ execute("systemctl %s %s" % (op, name))
logging.info("Service %s %s" % (name, op))
def start_if_stopped(name):
- ret = execute2("service %s status" % name)
+ ret = execute2("systemctl is-active %s" % name)
if ret.returncode:
- execute2("service %s start" % name)
+ execute2("systemctl start %s" % name)
def hup_dnsmasq(name, user):
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/dnsmasq.sh b/systemvm/patches/debian/config/opt/cloud/bin/dnsmasq.sh
index 8fae25c..11c0ffe 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/dnsmasq.sh
+++ b/systemvm/patches/debian/config/opt/cloud/bin/dnsmasq.sh
@@ -111,7 +111,7 @@ echo -e "$dns_option" >> "$DHCP_CONFIG"
#restart the dnsmasq
-service dnsmasq restart
+systemctl restart dnsmasq
result=$?
if [ "$result" -ne "0" ]
then
@@ -122,7 +122,7 @@ then
cp "$DHCP_CONFIG_MAIN" "$DHCP_FAILURE_CONFIG_MAIN"
cp "$DHCP_CONFIG_BAK" "$DHCP_CONFIG"
cp "$DHCP_CONFIG_MAIN_BAK" "$DHCP_CONFIG_MAIN"
- service dnsmasq restart
+ systemctl restart dnsmasq
unlock_exit $result $lock $locked
fi
rm "$DHCP_CONFIG_BAK"
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/edithosts.sh b/systemvm/patches/debian/config/opt/cloud/bin/edithosts.sh
index f0d9c00..ab3f539 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/edithosts.sh
+++ b/systemvm/patches/debian/config/opt/cloud/bin/edithosts.sh
@@ -215,7 +215,7 @@ then
then
kill -HUP $pid
else
- service dnsmasq restart
+ systemctl restart dnsmasq
fi
else
if [ $no_redundant -eq 1 ]
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/ipsectunnel.sh b/systemvm/patches/debian/config/opt/cloud/bin/ipsectunnel.sh
index e0af6a2..20caec5 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/ipsectunnel.sh
+++ b/systemvm/patches/debian/config/opt/cloud/bin/ipsectunnel.sh
@@ -29,15 +29,15 @@ usage() {
#set -x
start_ipsec() {
- service ipsec status > /dev/null
+ systemctl is-active ipsec > /dev/null
if [ $? -ne 0 ]
then
- service ipsec start > /dev/null
+ systemctl start ipsec > /dev/null
#Wait until ipsec started, 5 seconds at most
for i in {1..5}
do
logger -t cloud "$(basename $0): waiting ipsec start..."
- service ipsec status > /dev/null
+ systemctl is-active ipsec > /dev/null
result=$?
if [ $result -eq 0 ]
then
@@ -46,7 +46,7 @@ start_ipsec() {
sleep 1
done
fi
- service ipsec status > /dev/null
+ systemctl is-active ipsec > /dev/null
return $?
}
@@ -139,36 +139,36 @@ ipsec_tunnel_add() {
check_and_enable_iptables
- sudo echo "conn vpn-$rightpeer" > $vpnconffile &&
- sudo echo " left=$leftpeer" >> $vpnconffile &&
- sudo echo " leftsubnet=$leftnet" >> $vpnconffile &&
- sudo echo " leftnexthop=$leftnexthop" >> $vpnconffile &&
- sudo echo " right=$rightpeer" >> $vpnconffile &&
- sudo echo " rightsubnets={$rightnets}" >> $vpnconffile &&
- sudo echo " type=tunnel" >> $vpnconffile &&
- sudo echo " authby=secret" >> $vpnconffile &&
- sudo echo " keyexchange=ike" >> $vpnconffile &&
- sudo echo " ike=$ikepolicy" >> $vpnconffile &&
- sudo echo " ikelifetime=${ikelifetime}s" >> $vpnconffile &&
- sudo echo " esp=$esppolicy" >> $vpnconffile &&
- sudo echo " salifetime=${esplifetime}s" >> $vpnconffile &&
- sudo echo " pfs=$pfs" >> $vpnconffile &&
- sudo echo " keyingtries=2" >> $vpnconffile &&
- sudo echo " auto=start" >> $vpnconffile &&
- sudo echo "$leftpeer $rightpeer: PSK \"$secret\"" > $vpnsecretsfile &&
- sudo chmod 0400 $vpnsecretsfile
+ sudo echo "conn vpn-$rightpeer" > $vpnconffile &&
+ sudo echo " left=$leftpeer" >> $vpnconffile &&
+ sudo echo " leftsubnet=$leftnet" >> $vpnconffile &&
+ sudo echo " leftnexthop=$leftnexthop" >> $vpnconffile &&
+ sudo echo " right=$rightpeer" >> $vpnconffile &&
+ sudo echo " rightsubnets={$rightnets}" >> $vpnconffile &&
+ sudo echo " type=tunnel" >> $vpnconffile &&
+ sudo echo " authby=secret" >> $vpnconffile &&
+ sudo echo " keyexchange=ike" >> $vpnconffile &&
+ sudo echo " ike=$ikepolicy" >> $vpnconffile &&
+ sudo echo " ikelifetime=${ikelifetime}s" >> $vpnconffile &&
+ sudo echo " esp=$esppolicy" >> $vpnconffile &&
+ sudo echo " salifetime=${esplifetime}s" >> $vpnconffile &&
+ sudo echo " pfs=$pfs" >> $vpnconffile &&
+ sudo echo " keyingtries=2" >> $vpnconffile &&
+ sudo echo " auto=start" >> $vpnconffile &&
+ sudo echo "$leftpeer $rightpeer: PSK \"$secret\"" > $vpnsecretsfile &&
+ sudo chmod 0400 $vpnsecretsfile
- if [ $dpd -ne 0 ]
- then
- sudo echo " dpddelay=30" >> $vpnconffile &&
- sudo echo " dpdtimeout=120" >> $vpnconffile &&
- sudo echo " dpdaction=restart" >> $vpnconffile
- fi
+ if [ $dpd -ne 0 ]
+ then
+ sudo echo " dpddelay=30" >> $vpnconffile &&
+ sudo echo " dpdtimeout=120" >> $vpnconffile &&
+ sudo echo " dpdaction=restart" >> $vpnconffile
+ fi
- enable_iptables_subnets
+ enable_iptables_subnets
- sudo ipsec auto --rereadall
- sudo ipsec auto --add vpn-$rightpeer
+ sudo ipsec auto --rereadall
+ sudo ipsec auto --add vpn-$rightpeer
logger -t cloud "$(basename $0): done ipsec tunnel entry for right peer=$rightpeer right networks=$rightnets"
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip b/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip
index 5e15a19..ce21b53 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip
+++ b/systemvm/patches/debian/config/opt/cloud/bin/passwd_server_ip
@@ -16,9 +16,8 @@
# specific language governing permissions and limitations
# under the License.
-. /etc/default/cloud-passwd-srvr
addr=$1;
-while [ "$ENABLED" == "1" ]
+while true
do
python /opt/cloud/bin/passwd_server_ip.py $addr >/dev/null 2>/dev/null
rc=$?
@@ -27,5 +26,4 @@ do
logger -t cloud "Password server failed with error code $rc. Restarting it..."
sleep 3
fi
- . /etc/default/cloud-passwd-srvr
done
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh b/systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh
deleted file mode 100755
index 81a1b14..0000000
--- a/systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh
+++ /dev/null
@@ -1,262 +0,0 @@
-#/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-#set -x
-logfile="/var/log/patchsystemvm.log"
-# To use existing console proxy .zip-based package file
-patch_console_proxy() {
- local patchfile=$1
- local backupfolder="/tmp/.conf.backup"
- if [ -f /usr/local/cloud/systemvm/conf/cloud.jks ]; then
- rm -fr $backupfolder
- mkdir -p $backupfolder
- cp -r /usr/local/cloud/systemvm/conf/* $backupfolder/
- fi
- rm /usr/local/cloud/systemvm -rf
- mkdir -p /usr/local/cloud/systemvm
- echo "All" | unzip $patchfile -d /usr/local/cloud/systemvm >$logfile 2>&1
- find /usr/local/cloud/systemvm/ -name \*.sh | xargs chmod 555
- if [ -f $backupfolder/cloud.jks ]; then
- cp -r $backupfolder/* /usr/local/cloud/systemvm/conf/
- echo "Restored keystore file and certs using backup" >> $logfile
- fi
- rm -fr $backupfolder
- return 0
-}
-
-consoleproxy_svcs() {
- systemctl enable cloud
- systemctl enable postinit
- systemctl disable cloud-passwd-srvr
- systemctl disable haproxy
- systemctl disable dnsmasq
- systemctl enable ssh
- systemctl disable apache2
- systemctl disable nfs-common
- systemctl disable portmap
- systemctl disable keepalived
- systemctl disable conntrackd
- echo "cloud postinit ssh" > /var/cache/cloud/enabled_svcs
- echo "cloud-passwd-srvr haproxy dnsmasq apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs
- mkdir -p /var/log/cloud
-}
-
-secstorage_svcs() {
- systemctl enable cloud on
- systemctl enable postinit on
- systemctl disable cloud-passwd-srvr
- systemctl disable haproxy
- systemctl disable dnsmasq
- systemctl enable portmap
- systemctl enable nfs-common
- systemctl enable ssh
- systemctl disable apache2
- systemctl disable keepalived
- systemctl disable conntrackd
- echo "cloud postinit ssh nfs-common portmap" > /var/cache/cloud/enabled_svcs
- echo "cloud-passwd-srvr haproxy dnsmasq" > /var/cache/cloud/disabled_svcs
- mkdir -p /var/log/cloud
-}
-
-routing_svcs() {
- grep "redundant_router=1" /var/cache/cloud/cmdline > /dev/null
- RROUTER=$?
- systemctl disable cloud
- systemctl disable haproxy
- systemctl enable ssh
- systemctl disable nfs-common
- systemctl disable portmap
- echo "ssh haproxy apache2" > /var/cache/cloud/enabled_svcs
- echo "cloud nfs-common portmap" > /var/cache/cloud/disabled_svcs
- if [ $RROUTER -eq 0 ]
- then
- systemctl disable dnsmasq
- systemctl disable cloud-passwd-srvr
- systemctl enable keepalived
- systemctl enable conntrackd
- systemctl enable postinit
- echo "keepalived conntrackd postinit" >> /var/cache/cloud/enabled_svcs
- echo "dnsmasq cloud-passwd-srvr" >> /var/cache/cloud/disabled_svcs
- else
- systemctl enable dnsmasq
- systemctl enable cloud-passwd-srvr
- systemctl disable keepalived
- systemctl disable conntrackd
- echo "dnsmasq cloud-passwd-srvr " >> /var/cache/cloud/enabled_svcs
- echo "keepalived conntrackd " >> /var/cache/cloud/disabled_svcs
- fi
-}
-
-dhcpsrvr_svcs() {
- systemctl disable cloud
- systemctl enable cloud-passwd-srvr
- systemctl disable haproxy
- systemctl enable dnsmasq
- systemctl enable ssh
- systemctl disable nfs-common
- systemctl disable portmap
- systemctl disable keepalived
- systemctl disable conntrackd
- echo "ssh dnsmasq cloud-passwd-srvr apache2" > /var/cache/cloud/enabled_svcs
- echo "cloud nfs-common haproxy portmap" > /var/cache/cloud/disabled_svcs
-}
-
-elbvm_svcs() {
- systemctl disable cloud
- systemctl disable haproxy
- systemctl enable ssh
- systemctl disable nfs-common
- systemctl disable portmap
- systemctl disable keepalived
- systemctl disable conntrackd
- echo "ssh haproxy" > /var/cache/cloud/enabled_svcs
- echo "cloud dnsmasq cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs
-}
-
-
-ilbvm_svcs() {
- systemctl disable cloud
- systemctl enable haproxy
- systemctl enable ssh
- systemctl disable nfs-common
- systemctl disable portmap
- systemctl disable keepalived
- systemctl disable conntrackd
- echo "ssh haproxy" > /var/cache/cloud/enabled_svcs
- echo "cloud dnsmasq cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs
-}
-
-enable_pcihotplug() {
- sed -i -e "/acpiphp/d" /etc/modules
- sed -i -e "/pci_hotplug/d" /etc/modules
- echo acpiphp >> /etc/modules
- echo pci_hotplug >> /etc/modules
-}
-
-enable_serial_console() {
- #sed -i -e "/^serial.*/d" /boot/grub/grub.conf
- #sed -i -e "/^terminal.*/d" /boot/grub/grub.conf
- #sed -i -e "/^default.*/a\serial --unit=0 --speed=115200 --parity=no --stop=1" /boot/grub/grub.conf
- #sed -i -e "/^serial.*/a\terminal --timeout=0 serial console" /boot/grub/grub.conf
- #sed -i -e "s/\(^kernel.* ro\) \(console.*\)/\1 console=tty0 console=ttyS0,115200n8/" /boot/grub/grub.conf
- sed -i -e "/^s0:2345:respawn.*/d" /etc/inittab
- sed -i -e "/6:23:respawn/a\s0:2345:respawn:/sbin/getty -L 115200 ttyS0 vt102" /etc/inittab
-}
-
-
-CMDLINE=$(cat /var/cache/cloud/cmdline)
-TYPE="router"
-PATCH_MOUNT=$1
-Hypervisor=$2
-
-for i in $CMDLINE
- do
- # search for foo=bar pattern and cut out foo
- KEY=$(echo $i | cut -d= -f1)
- VALUE=$(echo $i | cut -d= -f2)
- case $KEY in
- type)
- TYPE=$VALUE
- ;;
- *)
- ;;
- esac
-done
-
-if [ "$TYPE" == "consoleproxy" ] || [ "$TYPE" == "secstorage" ] && [ -f ${PATCH_MOUNT}/systemvm.zip ]
-then
- patch_console_proxy ${PATCH_MOUNT}/systemvm.zip
- if [ $? -gt 0 ]
- then
- printf "Failed to apply patch systemvm\n" >$logfile
- exit 5
- fi
-fi
-
-
-#empty known hosts
-echo "" > /root/.ssh/known_hosts
-
-if [ "$Hypervisor" == "kvm" ]
-then
- enable_pcihotplug
- enable_serial_console
-fi
-
-if [ "$TYPE" == "router" ] || [ "$TYPE" == "vpcrouter" ]
-then
- routing_svcs
- if [ $? -gt 0 ]
- then
- printf "Failed to execute routing_svcs\n" >$logfile
- exit 6
- fi
-fi
-
-if [ "$TYPE" == "dhcpsrvr" ]
-then
- dhcpsrvr_svcs
- if [ $? -gt 0 ]
- then
- printf "Failed to execute dhcpsrvr_svcs\n" >$logfile
- exit 6
- fi
-fi
-
-
-if [ "$TYPE" == "consoleproxy" ]
-then
- consoleproxy_svcs
- if [ $? -gt 0 ]
- then
- printf "Failed to execute consoleproxy_svcs\n" >$logfile
- exit 7
- fi
-fi
-
-if [ "$TYPE" == "secstorage" ]
-then
- secstorage_svcs
- if [ $? -gt 0 ]
- then
- printf "Failed to execute secstorage_svcs\n" >$logfile
- exit 8
- fi
-fi
-
-if [ "$TYPE" == "elbvm" ]
-then
- elbvm_svcs
- if [ $? -gt 0 ]
- then
- printf "Failed to execute elbvm svcs\n" >$logfile
- exit 9
- fi
-fi
-
-if [ "$TYPE" == "ilbvm" ]
-then
- ilbvm_svcs
- if [ $? -gt 0 ]
- then
- printf "Failed to execute ilbvm svcs\n" >$logfile
- exit 9
- fi
-fi
-
-exit $?
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/common.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/common.sh
new file mode 100755
index 0000000..3b766ef
--- /dev/null
+++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/common.sh
@@ -0,0 +1,862 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
+
+. /lib/lsb/init-functions
+
+log_it() {
+ echo "$(date) $@" >> /var/log/cloud.log
+ log_action_msg "$@"
+}
+
+init_interfaces_orderby_macs() {
+ macs=( $(echo $1 | sed "s/|/ /g") )
+ total_nics=${#macs[@]}
+ interface_file=${2:-"/etc/network/interfaces"}
+ rule_file=${3:-"/etc/udev/rules.d/70-persistent-net.rules"}
+
+ echo -n "auto lo" > $interface_file
+ for((i=0; i<total_nics; i++))
+ do
+ if [[ $i < 3 ]]
+ then
+ echo -n " eth$i" >> $interface_file
+ fi
+ done
+ cat >> $interface_file << EOF
+
+iface lo inet loopback
+
+EOF
+
+ echo "" > $rule_file
+ for((i=0; i < ${#macs[@]}; i++))
+ do
+ echo "SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", ATTR{address}==\"${macs[$i]}\", NAME=\"eth$i\"" >> $rule_file
+ done
+}
+
+init_interfaces() {
+ if [ "$NIC_MACS" == "" ]
+ then
+ cat > /etc/network/interfaces << EOF
+auto lo $1 $2 $3
+iface lo inet loopback
+
+EOF
+ else
+ init_interfaces_orderby_macs "$NIC_MACS"
+ fi
+}
+
+setup_interface() {
+ local intfnum=$1
+ local ip=$2
+ local mask=$3
+ local gw=$4
+ local force=$5
+ local intf=eth${intfnum}
+ local bootproto="static"
+
+ if [ "$BOOTPROTO" == "dhcp" ]
+ then
+ if [ "$intfnum" != "0" ]
+ then
+ bootproto="dhcp"
+ fi
+ fi
+
+ if [ "$ip" != "0.0.0.0" -a "$ip" != "" -o "$force" == "force" ]
+ then
+ echo "iface $intf inet $bootproto" >> /etc/network/interfaces
+ if [ "$bootproto" == "static" ]
+ then
+ echo " address $ip " >> /etc/network/interfaces
+ echo " netmask $mask" >> /etc/network/interfaces
+ fi
+ fi
+
+ if [ "$ip" == "0.0.0.0" -o "$ip" == "" ]
+ then
+ ifconfig $intf down
+ fi
+
+ if [ "$force" == "force" ]
+ then
+ ifdown $intf
+ else
+ ifdown $intf
+ if [ "$RROUTER" != "1" -o "$1" != "2" ]
+ then
+ ifup $intf
+ fi
+ fi
+}
+
+setup_interface_ipv6() {
+ sysctl net.ipv6.conf.all.disable_ipv6=0
+ sysctl net.ipv6.conf.all.forwarding=1
+ sysctl net.ipv6.conf.all.accept_ra=1
+
+ sed -i "s/net.ipv6.conf.all.disable_ipv6 =.*$/net.ipv6.conf.all.disable_ipv6 = 0/" /etc/sysctl.conf
+ sed -i "s/net.ipv6.conf.all.forwarding =.*$/net.ipv6.conf.all.forwarding = 1/" /etc/sysctl.conf
+ sed -i "s/net.ipv6.conf.all.accept_ra =.*$/net.ipv6.conf.all.accept_ra = 1/" /etc/sysctl.conf
+
+ local intfnum=$1
+ local ipv6="$2"
+ local prelen="$3"
+ local intf=eth${intfnum}
+
+ echo "iface $intf inet6 static" >> /etc/network/interfaces
+ echo " address $ipv6 " >> /etc/network/interfaces
+ echo " netmask $prelen" >> /etc/network/interfaces
+ echo " accept_ra 1" >> /etc/network/interfaces
+ ifdown $intf
+ ifup $intf
+}
+
+
+enable_fwding() {
+ local enabled=$1
+ log_it "cloud: enable_fwding = $1"
+ log_it "enable_fwding = $1"
+ echo "$1" > /proc/sys/net/ipv4/ip_forward
+ [ -f /etc/iptables/iptables.conf ] && sed -i "s/ENABLE_ROUTING=.*$/ENABLE_ROUTING=$enabled/" /etc/iptables/iptables.conf && return
+}
+
+disable_rpfilter() {
+ log_it "cloud: disable rp_filter"
+ log_it "disable rpfilter"
+ sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf
+}
+
+get_public_vif_list() {
+ local vif_list=""
+ for i in /sys/class/net/eth*; do
+ vif=$(basename $i);
+ if [ "$vif" != "eth0" ] && [ "$vif" != "eth1" ]
+ then
+ vif_list="$vif_list $vif";
+ fi
+ done
+
+ echo $vif_list
+}
+
+disable_rpfilter_domR() {
+ log_it "cloud: Tuning rp_filter on public interfaces"
+
+ VIF_LIST=$(get_public_vif_list)
+ log_it "rpfilter public interfaces : $VIF_LIST"
+ if [ "$DISABLE_RP_FILTER" == "true" ]
+ then
+ log_it "cloud: disable rp_filter on public interfaces"
+ sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf
+ echo "0" > /proc/sys/net/ipv4/conf/default/rp_filter
+ for vif in $VIF_LIST; do
+ log_it "cloud: disable rp_filter on public interface: $vif"
+ sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 0/" /etc/sysctl.conf
+ echo "0" > /proc/sys/net/ipv4/conf/$vif/rp_filter
+ done
+ else
+ log_it "cloud: enable rp_filter on public interfaces"
+ sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 1/" /etc/sysctl.conf
+ echo "1" > /proc/sys/net/ipv4/conf/default/rp_filter
+ for vif in $VIF_LIST; do
+ log_it "cloud: enable rp_filter on public interface: $vif"
+ sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 1/" /etc/sysctl.conf
+ echo "1" > /proc/sys/net/ipv4/conf/$vif/rp_filter
+ done
+ fi
+ log_it "cloud: Enabling rp_filter on Non-public interfaces(eth0,eth1,lo)"
+ echo "1" > /proc/sys/net/ipv4/conf/eth0/rp_filter
+ echo "1" > /proc/sys/net/ipv4/conf/eth1/rp_filter
+ echo "1" > /proc/sys/net/ipv4/conf/lo/rp_filter
+}
+
+enable_irqbalance() {
+ local enabled=$1
+ local proc=0
+
+ proc=$(cat /proc/cpuinfo | grep "processor" | wc -l)
+ if [ $proc -le 1 ] && [ $enabled -eq 1 ]
+ then
+ enabled=0
+ fi
+
+ log_it "Processors = $proc Enable service ${svc} = $enabled"
+ local cfg=/etc/default/irqbalance
+ [ -f $cfg ] && sed -i "s/ENABLED=.*$/ENABLED=$enabled/" $cfg && return
+}
+
+enable_vpc_rpsrfs() {
+ local enable=$1
+ if [ $enable -eq 0 ]
+ then
+ echo 0 > /etc/rpsrfsenable
+ else
+ echo 1 > /etc/rpsrfsenable
+ fi
+
+ return 0
+}
+
+enable_rpsrfs() {
+ local enable=$1
+
+ if [ $enable -eq 0 ]
+ then
+ echo 0 > /etc/rpsrfsenable
+ return 0
+ fi
+
+ if [ ! -f /sys/class/net/eth0/queues/rx-0/rps_cpus ]
+ then
+ echo "rps is not enabled in the kernel"
+ echo 0 > /etc/rpsrfsenable
+ return 0
+ fi
+
+ proc=$(cat /proc/cpuinfo | grep "processor" | wc -l)
+ if [ $proc -le 1 ]
+ then
+ echo 0 > /etc/rpsrfsenable
+ return 0;
+ fi
+
+ echo 1 > /etc/rpsrfsenable
+ num=1
+ num=$(($num<<$proc))
+ num=$(($num-1));
+ echo $num;
+ hex=$(printf "%x\n" $num)
+ echo $hex;
+ #enable rps
+ echo $hex > /sys/class/net/eth0/queues/rx-0/rps_cpus
+ echo $hex > /sys/class/net/eth2/queues/rx-0/rps_cpus
+
+ #enble rfs
+ echo 256 > /proc/sys/net/core/rps_sock_flow_entries
+ echo 256 > /sys/class/net/eth0/queues/rx-0/rps_flow_cnt
+ echo 256 > /sys/class/net/eth2/queues/rx-0/rps_flow_cnt
+}
+
+setup_common() {
+ init_interfaces $1 $2 $3
+ if [ -n "$ETH0_IP" ]
+ then
+ setup_interface "0" $ETH0_IP $ETH0_MASK $GW
+ fi
+ if [ -n "$ETH0_IP6" ]
+ then
+ setup_interface_ipv6 "0" $ETH0_IP6 $ETH0_IP6_PRELEN
+ fi
+ setup_interface "1" $ETH1_IP $ETH1_MASK $GW
+ if [ -n "$ETH2_IP" ]
+ then
+ setup_interface "2" $ETH2_IP $ETH2_MASK $GW
+ fi
+
+ echo $NAME > /etc/hostname
+ echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon
+ hostnamectl set-hostname $NAME
+
+ #Nameserver
+ sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries
+ sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries
+ if [ -n "$internalNS1" ]
+ then
+ echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf
+ echo "nameserver $internalNS1" > /etc/resolv.conf
+ fi
+
+ if [ -n "$internalNS2" ]
+ then
+ echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf
+ echo "nameserver $internalNS2" >> /etc/resolv.conf
+ fi
+ if [ -n "$NS1" ]
+ then
+ echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf
+ echo "nameserver $NS1" >> /etc/resolv.conf
+ fi
+
+ if [ -n "$NS2" ]
+ then
+ echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf
+ echo "nameserver $NS2" >> /etc/resolv.conf
+ fi
+
+ if [ -n "$IP6_NS1" ]
+ then
+ echo "nameserver $IP6_NS1" >> /etc/dnsmasq-resolv.conf
+ echo "nameserver $IP6_NS1" >> /etc/resolv.conf
+ fi
+ if [ -n "$IP6_NS2" ]
+ then
+ echo "nameserver $IP6_NS2" >> /etc/dnsmasq-resolv.conf
+ echo "nameserver $IP6_NS2" >> /etc/resolv.conf
+ fi
+
+ if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ]
+ then
+ ip route add $MGMTNET via $LOCAL_GW dev eth1
+ fi
+
+ ip route delete default
+ if [ "$RROUTER" != "1" ]
+ then
+ gwdev=$3
+ if [ -z "$gwdev" ]
+ then
+ gwdev="eth0"
+ fi
+
+ ip route add default via $GW dev $gwdev
+ fi
+
+ # a hacking way to activate vSwitch under VMware
+ ping -n -c 3 $GW &
+ if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ]
+ then
+ ping -n -c 3 $LOCAL_GW &
+ #This code is added to address ARP issue by pinging MGMT_GW
+ MGMT_GW=$(echo $MGMTNET | awk -F "." '{print $1"."$2"."$3".1"}')
+ ping -n -c 3 $MGMT_GW &
+ fi
+
+ if [ "$HYPERVISOR" == "vmware" ]; then
+ ntpq -p &> /dev/null || vmware-toolbox-cmd timesync enable
+ fi
+}
+
+setup_dnsmasq() {
+ log_it "Setting up dnsmasq"
+
+ touch /etc/dhcpopts.txt
+
+ [ -z $DHCP_RANGE ] && [ $ETH0_IP ] && DHCP_RANGE=$ETH0_IP
+ [ $ETH0_IP6 ] && DHCP_RANGE_IP6=$ETH0_IP6
+ [ -z $DOMAIN ] && DOMAIN="cloudnine.internal"
+ #removing the dnsmasq multiple ranges config file.
+ rm /etc/dnsmasq.d/multiple_ranges.conf
+
+ #get the template
+ cp /etc/dnsmasq.conf.tmpl /etc/dnsmasq.conf
+
+ if [ -n "$DOMAIN" ]
+ then
+ #send domain name to dhcp clients
+ sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\"$DOMAIN\"/ /etc/dnsmasq.conf
+ #DNS server will append $DOMAIN to local queries
+ sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf
+ #answer all local domain queries
+ sed -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf
+ fi
+
+ if [ -n "$DNS_SEARCH_ORDER" ]
+ then
+ sed -i -e "/^[#]*dhcp-option.*=119.*$/d" /etc/dnsmasq.conf
+ echo "dhcp-option-force=119,$DNS_SEARCH_ORDER" >> /etc/dnsmasq.conf
+ # set the domain search order as a space seprated list for option 15
+ DNS_SEARCH_ORDER=$(echo $DNS_SEARCH_ORDER | sed 's/,/ /g')
+ #send domain name to dhcp clients
+ sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\""$DNS_SEARCH_ORDER"\"/ /etc/dnsmasq.conf
+ fi
+
+ if [ $DHCP_RANGE ]
+ then
+ sed -i -e "s/^dhcp-range_ip4=.*$/dhcp-range=$DHCP_RANGE,static/" /etc/dnsmasq.conf
+ else
+ sed -i -e "s/^dhcp-range_ip4=.*$//" /etc/dnsmasq.conf
+ fi
+ if [ $DHCP_RANGE_IP6 ]
+ then
+ sed -i -e "s/^dhcp-range_ip6=.*$/dhcp-range=$DHCP_RANGE_IP6,static/" /etc/dnsmasq.conf
+ # For nondefault6 tagged host, don't send dns-server information
+ sed -i /nondefault6/d /etc/dnsmasq.conf
+ echo "dhcp-option=nondefault6,option6:dns-server" >> /etc/dnsmasq.conf
+ else
+ sed -i -e "s/^dhcp-range_ip6=.*$//" /etc/dnsmasq.conf
+ fi
+
+ if [ "$RROUTER" == "1" ]
+ then
+ DEFAULT_GW=$GUEST_GW
+ INTERNAL_DNS=$GUEST_GW
+ else
+ if [ "$TYPE" == "dhcpsrvr" ]
+ then
+ DEFAULT_GW=$GW
+ else
+ DEFAULT_GW=$ETH0_IP
+ fi
+ INTERNAL_DNS=$ETH0_IP
+ fi
+ sed -i -e "/^[#]*dhcp-option=option:router.*$/d" /etc/dnsmasq.conf
+ [ $DEFAULT_GW ] && echo "dhcp-option=option:router,$DEFAULT_GW" >> /etc/dnsmasq.conf
+
+ [ $ETH0_IP ] && [ $NS1 ] && NS="$NS1,"
+ [ $ETH0_IP ] && [ $NS2 ] && NS="$NS$NS2,"
+ [ $ETH0_IP6 ] && [ $IP6_NS1 ] && NS6="[$IP6_NS1],"
+ [ $ETH0_IP6 ] && [ $IP6_NS2 ] && NS6="$NS6[$IP6_NS2],"
+ #for now set up ourself as the dns server as well
+ sed -i -e "/^[#]*dhcp-option=6,.*$/d" /etc/dnsmasq.conf
+ sed -i -e "/^[#]*dhcp-option=option6:dns-server,.*$/d" /etc/dnsmasq.conf
+ if [ "$USE_EXTERNAL_DNS" != "true" ]
+ then
+ [ $ETH0_IP ] && NS="$INTERNAL_DNS,$NS"
+ [ $ETH0_IP6 ] && NS6="[::],$NS6"
+ # enable dns
+ sed -i -e "/^[#]*port=.*$/d" /etc/dnsmasq.conf
+ else
+ # disable dns
+ sed -i -e "/^[#]*port=.*$/d" /etc/dnsmasq.conf
+ echo "port=0" >> /etc/dnsmasq.conf
+ fi
+ NS=${NS%?}
+ NS6=${NS6%?}
+ [ $ETH0_IP ] && echo "dhcp-option=6,$NS" >> /etc/dnsmasq.conf
+ [ $ETH0_IP6 ] && echo "dhcp-option=option6:dns-server,$NS6" >> /etc/dnsmasq.conf
+ #adding the name data-server to the /etc/hosts for allowing the access to user-data service and ssh-key reset in every subnet.
+ #removing the existing entires to avoid duplicates on restarts.
+ sed -i '/data-server/d' /etc/hosts
+ if [ -n "$ETH0_IP" ]
+ then
+ echo "$ETH0_IP data-server" >> /etc/hosts
+ fi
+ if [ -n "$ETH0_IP6" ]
+ then
+ echo "$ETH0_IP6 data-server" >> /etc/hosts
+ fi
+ #add the dhcp-client-update only if dnsmasq version is 2.6 and above
+ dnsmasqVersion=$(dnsmasq -v | grep version -m 1 | grep -o "[[:digit:]]\.[[:digit:]]")
+ major=$(echo "$dnsmasqVersion" | cut -d '.' -f 1)
+ minor=$(echo "$dnsmasqVersion" | cut -d '.' -f 2)
+ if [ "$major" -eq '2' -a "$minor" -ge '6' ] || [ "$major" -gt '2' ]
+ then
+ sed -i -e "/^dhcp-client-update/d" /etc/dnsmasq.conf
+ echo 'dhcp-client-update' >> /etc/dnsmasq.conf
+ fi
+
+ command -v dhcp_release > /dev/null 2>&1
+ no_dhcp_release=$?
+ if [ $no_dhcp_release -eq 0 -a -z "$ETH0_IP6" ]
+ then
+ echo 1 > /var/cache/cloud/dnsmasq_managed_lease
+ sed -i -e "/^leasefile-ro/d" /etc/dnsmasq.conf
+ else
+ echo 0 > /var/cache/cloud/dnsmasq_managed_lease
+ fi
+}
+
+setup_sshd(){
+ local ip=$1
+ local eth=$2
+ [ -f /etc/ssh/sshd_config ] && sed -i -e "s/^[#]*ListenAddress.*$/ListenAddress $ip/" /etc/ssh/sshd_config
+ sed -i "/3922/s/eth./$eth/" /etc/iptables/rules.v4
+ sed -i "/3922/s/eth./$eth/" /etc/iptables/rules
+}
+
+setup_vpc_apache2() {
+ log_it "Setting up apache web server for VPC"
+ systemctl disable apache2
+ clean_ipalias_config
+ setup_apache2_common
+}
+
+clean_ipalias_config() {
+ # Old
+ rm -f /etc/apache2/conf.d/ports.*.meta-data.conf
+ rm -f /etc/apache2/sites-available/ipAlias*
+ rm -f /etc/apache2/sites-enabled/ipAlias*
+ rm -f /etc/apache2/conf.d/vhost*.conf
+ rm -f /etc/apache2/ports.conf
+ rm -f /etc/apache2/vhostexample.conf
+ rm -f /etc/apache2/sites-available/default
+ rm -f /etc/apache2/sites-available/default-ssl
+ rm -f /etc/apache2/sites-enabled/default
+ rm -f /etc/apache2/sites-enabled/default-ssl
+
+ # New
+ rm -f /etc/apache2/sites-enabled/vhost-*.conf
+ rm -f /etc/apache2/sites-enabled/000-default
+
+ rm -rf /etc/failure_config
+}
+
+setup_apache2_common() {
+ sed -i 's/^Include ports.conf.*/# CS: Done by Python CsApp config\n#Include ports.conf/g' /etc/apache2/apache2.conf
+ [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerTokens .*/ServerTokens Prod/g" /etc/apache2/conf.d/security
+ [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerSignature .*/ServerSignature Off/g" /etc/apache2/conf.d/security
+
+ # Disable listing of http://SSVM-IP/icons folder for security issue. see article http://www.i-lateral.com/tutorials/disabling-the-icons-folder-on-an-ubuntu-web-server/
+ [ -f /etc/apache2/mods-available/alias.conf ] && sed -i s/"Options Indexes MultiViews"/"Options -Indexes MultiViews"/ /etc/apache2/mods-available/alias.conf
+
+ echo "Options -Indexes" > /var/www/html/.htaccess
+}
+
+setup_apache2() {
+ log_it "Setting up apache web server"
+ clean_ipalias_config
+ setup_apache2_common
+ local ip=$1
+}
+
+setup_aesni() {
+ if [ `grep aes /proc/cpuinfo | wc -l` -gt 0 ]
+ then
+ modprobe aesni_intel
+ fi
+}
+
+setup_storage_network() {
+ if [ x"$STORAGE_IP" == "x" -o x"$STORAGE_NETMASK" == "x" ]
+ then
+ log_it "Incompleted parameters STORAGE_IP:$STORAGE_IP, STORAGE_NETMASK:$STORAGE_NETMASK, STORAGE_CIDR:$STORAGE_CIDR. Cannot setup storage network"
+ return
+ fi
+
+ echo "" >> /etc/network/interfaces
+ echo "auto eth3" >> /etc/network/interfaces
+
+ setup_interface "3" "$STORAGE_IP" "$STORAGE_NETMASK"
+ [ -n "$MTU" ] && ifconfig eth3 mtu $MTU && echo " mtu $MTU" >> /etc/network/interfaces
+ #ip route add "$STORAGE_CIDR" via "$STORAGE_IP"
+ log_it "Successfully setup storage network with STORAGE_IP:$STORAGE_IP, STORAGE_NETMASK:$STORAGE_NETMASK, STORAGE_CIDR:$STORAGE_CIDR"
+}
+
+setup_system_rfc1918_internal() {
+ public_ip=`getPublicIp`
+ echo "$public_ip" | grep -E "^((127\.)|(10\.)|(172\.1[6-9]\.)|(172\.2[0-9]\.)|(172\.3[0-1]\.)|(192\.168\.))"
+ if [ "$?" == "0" ]; then
+ log_it "Not setting up route of RFC1918 space to $LOCAL_GW befause $public_ip is RFC1918."
+ else
+ log_it "Setting up route of RFC1918 space to $LOCAL_GW"
+ # Setup general route for RFC 1918 space, as otherwise it will be sent to
+ # the public gateway and not work
+ # More specific routes that may be set have preference over this generic route.
+ ip route add 10.0.0.0/8 via $LOCAL_GW
+ ip route add 172.16.0.0/12 via $LOCAL_GW
+ ip route add 192.168.0.0/16 via $LOCAL_GW
+ fi
+}
+
+getPublicIp() {
+ public_ip=$ETH2_IP
+ [ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH1_IP
+ echo $public_ip
+}
+
+setup_ntp() {
+ log_it "Setting up NTP"
+ NTP_CONF_FILE="/etc/ntp.conf"
+ if [ -f $NTP_CONF_FILE ]
+ then
+ IFS=',' read -a server_list <<< "$NTP_SERVER_LIST"
+ for (( iterator=${#server_list[@]}-1 ; iterator>=0 ; iterator-- ))
+ do
+ server=$(echo ${server_list[iterator]} | tr -d '\r')
+ PATTERN="server $server"
+ if grep -q "^$PATTERN$" $NTP_CONF_FILE ; then
+ sed -i "/^$PATTERN$/d" $NTP_CONF_FILE
+ fi
+ sed -i "0,/^server/s//$PATTERN\nserver/" $NTP_CONF_FILE
+ done
+ systemctl enable ntp
+ else
+ log_it "NTP configuration file not found"
+ fi
+}
+
+routing_svcs() {
+ systemctl disable --now cloud
+ systemctl disable --now nfs-common
+ systemctl disable --now portmap
+ systemctl enable apache2
+ systemctl enable haproxy
+ systemctl enable ssh
+ echo "ssh haproxy apache2" > /var/cache/cloud/enabled_svcs
+ echo "cloud nfs-common portmap" > /var/cache/cloud/disabled_svcs
+ if [ $RROUTER -eq 1 ]
+ then
+ systemctl disable --now cloud-passwd-srvr
+ systemctl disable --now dnsmasq
+ systemctl enable conntrackd
+ systemctl enable keepalived
+ echo "keepalived conntrackd" >> /var/cache/cloud/enabled_svcs
+ echo "dnsmasq cloud-passwd-srvr" >> /var/cache/cloud/disabled_svcs
+ else
+ systemctl disable --now conntrackd
+ systemctl disable --now keepalived
+ systemctl enable cloud-passwd-srvr
+ systemctl enable dnsmasq
+ echo "dnsmasq cloud-passwd-srvr " >> /var/cache/cloud/enabled_svcs
+ echo "keepalived conntrackd " >> /var/cache/cloud/disabled_svcs
+ fi
+}
+
+setup_redundant_router() {
+ rrouter_bin_path="/ramdisk/rrouter"
+ rrouter_log="/ramdisk/rrouter/keepalived.log"
+ rrouter_bin_path_str="\/ramdisk\/rrouter"
+ rrouter_log_str="\/ramdisk\/rrouter\/keepalived.log"
+ mkdir -p /ramdisk
+ mount tmpfs /ramdisk -t tmpfs
+ mkdir -p /ramdisk/rrouter
+ ip route delete default
+ cp /root/redundant_router/keepalived.conf.templ /etc/keepalived/keepalived.conf
+ cp /root/redundant_router/conntrackd.conf.templ /etc/conntrackd/conntrackd.conf
+ cp /root/redundant_router/enable_pubip.sh.templ $rrouter_bin_path/enable_pubip.sh
+ cp /root/redundant_router/master.sh.templ $rrouter_bin_path/master.sh
+ cp /root/redundant_router/backup.sh.templ $rrouter_bin_path/backup.sh
+ cp /root/redundant_router/fault.sh.templ $rrouter_bin_path/fault.sh
+ cp /root/redundant_router/primary-backup.sh.templ $rrouter_bin_path/primary-backup.sh
+ cp /root/redundant_router/heartbeat.sh.templ $rrouter_bin_path/heartbeat.sh
+ cp /root/redundant_router/check_heartbeat.sh.templ $rrouter_bin_path/check_heartbeat.sh
+ cp /root/redundant_router/arping_gateways.sh.templ $rrouter_bin_path/arping_gateways.sh
+ cp /root/redundant_router/check_bumpup.sh $rrouter_bin_path/
+ cp /root/redundant_router/disable_pubip.sh $rrouter_bin_path/
+ cp /root/redundant_router/checkrouter.sh.templ /opt/cloud/bin/checkrouter.sh
+ cp /root/redundant_router/services.sh $rrouter_bin_path/
+ sed -i "s/\[ROUTER_ID\]/$NAME/g" /etc/keepalived/keepalived.conf
+ sed -i "s/\[ROUTER_IP\]/$GUEST_GW\/$GUEST_CIDR_SIZE/g" /etc/keepalived/keepalived.conf
+ sed -i "s/\[BOARDCAST\]/$GUEST_BRD/g" /etc/keepalived/keepalived.conf
+ sed -i "s/\[PRIORITY\]/$ROUTER_PR/g" /etc/keepalived/keepalived.conf
+ sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" /etc/keepalived/keepalived.conf
+ sed -i "s/\[DELTA\]/2/g" /etc/keepalived/keepalived.conf
+ sed -i "s/\[LINK_IF\]/eth0/g" /etc/conntrackd/conntrackd.conf
+ sed -i "s/\[LINK_IP\]/$ETH0_IP/g" /etc/conntrackd/conntrackd.conf
+ sed -i "s/\[IGNORE_IP1\]/$GUEST_GW/g" /etc/conntrackd/conntrackd.conf
+ sed -i "s/\[IGNORE_IP2\]/$ETH0_IP/g" /etc/conntrackd/conntrackd.conf
+ sed -i "s/\[IGNORE_IP3\]/$ETH1_IP/g" /etc/conntrackd/conntrackd.conf
+ sed -i "s/\[ETH2IP\]/$ETH2_IP/g" $rrouter_bin_path/enable_pubip.sh
+ sed -i "s/\[ETH2MASK\]/$ETH2_MASK/g" $rrouter_bin_path/enable_pubip.sh
+ sed -i "s/\[GATEWAY\]/$GW/g" $rrouter_bin_path/enable_pubip.sh
+ sed -i "s/\[GATEWAY\]/$GW/g" $rrouter_bin_path/master.sh
+ sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/master.sh
+ sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/backup.sh
+ sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/fault.sh
+ sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/heartbeat.sh
+ sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/check_heartbeat.sh
+ sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/master.sh
+ sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/backup.sh
+ sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/fault.sh
+ sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/primary-backup.sh
+ sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/check_heartbeat.sh
+ sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/arping_gateways.sh
+ sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" /opt/cloud/bin/checkrouter.sh
+ if [ $ADVERT_INT ]
+ then
+ sed -i "s/advert_int 1/advert_int $ADVERT_INT/g" /etc/keepalived/keepalived.conf
+ fi
+ chmod a+x $rrouter_bin_path/*.sh
+ sed -i "s/--exec\ \$DAEMON;/--exec\ \$DAEMON\ --\ --vrrp;/g" /etc/init.d/keepalived
+ crontab -l|grep "check_heartbeat.sh"
+ if [ $? -ne 0 ]
+ then
+ (crontab -l; echo -e "SHELL=/bin/bash\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n*/1 * * * * $rrouter_bin_path/check_heartbeat.sh 2>&1 > /dev/null") | crontab
+ fi
+}
+
+parse_cmd_line() {
+ CMDLINE=$(cat /var/cache/cloud/cmdline)
+ TYPE="unknown"
+ BOOTPROTO="static"
+ DISABLE_RP_FILTER="false"
+ STORAGE_IP=""
+ STORAGE_NETMASK=""
+ STORAGE_CIDR=""
+ VM_PASSWORD=""
+
+ CHEF_TMP_FILE=/tmp/cmdline.json
+ COMMA="\t"
+ echo -e "{\n\"type\": \"cmdline\"," > ${CHEF_TMP_FILE}
+ echo -e "\"cmd_line\": {" >> ${CHEF_TMP_FILE}
+
+ for i in $CMDLINE
+ do
+ # search for foo=bar pattern and cut out foo
+ KEY=$(echo $i | cut -d= -f1)
+ VALUE=$(echo $i | cut -d= -f2)
+ echo -en ${COMMA} >> ${CHEF_TMP_FILE}
+ # Two lines so values do not accidently interpretted as escapes!!
+ echo -n \"${KEY}\"': '\"${VALUE}\" >> ${CHEF_TMP_FILE}
+ COMMA=",\n\t"
+ case $KEY in
+ disable_rp_filter)
+ export DISABLE_RP_FILTER=$VALUE
+ ;;
+ eth0ip)
+ export ETH0_IP=$VALUE
+ ;;
+ eth1ip)
+ export ETH1_IP=$VALUE
+ ;;
+ eth2ip)
+ export ETH2_IP=$VALUE
+ ;;
+ host)
+ export MGMT_HOST=$VALUE
+ ;;
+ gateway)
+ export GW=$VALUE
+ ;;
+ ip6gateway)
+ export IP6GW=$VALUE
+ ;;
+ eth0mask)
+ export ETH0_MASK=$VALUE
+ ;;
+ eth1mask)
+ export ETH1_MASK=$VALUE
+ ;;
+ eth2mask)
+ export ETH2_MASK=$VALUE
+ ;;
+ eth0ip6)
+ export ETH0_IP6=$VALUE
+ ;;
+ eth0ip6prelen)
+ export ETH0_IP6_PRELEN=$VALUE
+ ;;
+ internaldns1)
+ export internalNS1=$VALUE
+ ;;
+ internaldns2)
+ export internalNS2=$VALUE
+ ;;
+ dns1)
+ export NS1=$VALUE
+ ;;
+ dns2)
+ export NS2=$VALUE
+ ;;
+ ip6dns1)
+ export IP6_NS1=$VALUE
+ ;;
+ ip6dns2)
+ export IP6_NS2=$VALUE
+ ;;
+ domain)
+ export DOMAIN=$VALUE
+ ;;
+ dnssearchorder)
+ export DNS_SEARCH_ORDER=$VALUE
+ ;;
+ useextdns)
+ export USE_EXTERNAL_DNS=$VALUE
+ ;;
+ mgmtcidr)
+ export MGMTNET=$VALUE
+ ;;
+ localgw)
+ export LOCAL_GW=$VALUE
+ ;;
+ template)
+ export TEMPLATE=$VALUE
+ ;;
+ sshonguest)
+ export SSHONGUEST=$VALUE
+ ;;
+ name)
+ export NAME=$VALUE
+ ;;
+ dhcprange)
+ export DHCP_RANGE=$(echo $VALUE | tr ':' ',')
+ ;;
+ bootproto)
+ export BOOTPROTO=$VALUE
+ ;;
+ type)
+ export TYPE=$VALUE
+ ;;
+ defaultroute)
+ export DEFAULTROUTE=$VALUE
+ ;;
+ redundant_router)
+ export RROUTER=$VALUE
+ ;;
+ guestgw)
+ export GUEST_GW=$VALUE
+ ;;
+ guestbrd)
+ export GUEST_BRD=$VALUE
+ ;;
+ guestcidrsize)
+ export GUEST_CIDR_SIZE=$VALUE
+ ;;
+ router_pr)
+ export ROUTER_PR=$VALUE
+ ;;
+ extra_pubnics)
+ export EXTRA_PUBNICS=$VALUE
+ ;;
+ nic_macs)
+ export NIC_MACS=$VALUE
+ ;;
+ mtu)
+ export MTU=$VALUE
+ ;;
+ storageip)
+ export STORAGE_IP=$VALUE
+ ;;
+ storagenetmask)
+ export STORAGE_NETMASK=$VALUE
+ ;;
+ storagecidr)
+ export STORAGE_CIDR=$VALUE
+ ;;
+ vmpassword)
+ export VM_PASSWORD=$VALUE
+ ;;
+ vpccidr)
+ export VPCCIDR=$VALUE
+ ;;
+ cidrsize)
+ export CIDR_SIZE=$VALUE
+ ;;
+ advert_int)
+ export ADVERT_INT=$VALUE
+ ;;
+ ntpserverlist)
+ export NTP_SERVER_LIST=$VALUE
+ ;;
+ esac
+ done
+ echo -e "\n\t}\n}" >> ${CHEF_TMP_FILE}
+ if [ "$TYPE" != "unknown" ]
+ then
+ mv ${CHEF_TMP_FILE} /var/cache/cloud/cmd_line.json
+ fi
+
+ [ $ETH0_IP ] && export LOCAL_ADDRS=$ETH0_IP
+ [ $ETH0_IP6 ] && export LOCAL_ADDRS=$ETH0_IP6
+ [ $ETH0_IP ] && [ $ETH0_IP6 ] && export LOCAL_ADDRS="$ETH0_IP,$ETH0_IP6"
+
+ # Randomize cloud password so only ssh login is allowed
+ echo "cloud:`openssl rand -base64 32`" | chpasswd
+
+ if [ x"$VM_PASSWORD" != x"" ]
+ then
+ echo "root:$VM_PASSWORD" | chpasswd
+ fi
+}
+
+parse_cmd_line
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/consoleproxy.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/consoleproxy.sh
new file mode 100755
index 0000000..36c1fa4
--- /dev/null
+++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/consoleproxy.sh
@@ -0,0 +1,61 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+. /opt/cloud/bin/setup/common.sh
+
+consoleproxy_svcs() {
+ echo "cloud ssh" > /var/cache/cloud/enabled_svcs
+ echo "cloud-passwd-srvr haproxy dnsmasq apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs
+ mkdir -p /var/log/cloud
+}
+
+setup_console_proxy() {
+ log_it "Setting up console proxy system vm"
+ setup_common eth0 eth1 eth2
+ setup_system_rfc1918_internal
+
+ log_it "Setting up entry in hosts"
+ sed -i /$NAME/d /etc/hosts
+ public_ip=`getPublicIp`
+ echo "$public_ip $NAME" >> /etc/hosts
+
+ log_it "Applying iptables rules"
+ cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules.v4
+ cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules
+
+ log_it "Configuring sshd"
+ local hyp=$HYPERVISOR
+ if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ]; then
+ setup_sshd $ETH1_IP "eth1"
+ else
+ setup_sshd $ETH0_IP "eth0"
+ fi
+
+ disable_rpfilter
+ enable_fwding 0
+ enable_irqbalance 0
+ rm -f /etc/logrotate.d/cloud
+}
+
+consoleproxy_svcs
+if [ $? -gt 0 ]
+then
+ log_it "Failed to execute consoleproxy_svcs"
+ exit 1
+fi
+setup_console_proxy
diff --git a/systemvm/patches/debian/config/etc/default/cloud b/systemvm/patches/debian/config/opt/cloud/bin/setup/default.sh
old mode 100644
new mode 100755
similarity index 78%
rename from systemvm/patches/debian/config/etc/default/cloud
rename to systemvm/patches/debian/config/opt/cloud/bin/setup/default.sh
index 0b85c63..4272e64
--- a/systemvm/patches/debian/config/etc/default/cloud
+++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/default.sh
@@ -1,3 +1,4 @@
+#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
@@ -15,5 +16,14 @@
# specific language governing permissions and limitations
# under the License.
-#set ENABLED to 1 if you want the init script to start the password server
-ENABLED=0
+. /opt/cloud/bin/setup/common.sh
+
+setup_default() {
+ cat > /etc/network/interfaces << EOF
+auto lo
+iface lo inet loopback
+EOF
+ cp -f /etc/iptables/rt_tables_init /etc/iproute2/rt_tables
+}
+
+setup_default
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/dhcpsrvr.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/dhcpsrvr.sh
new file mode 100755
index 0000000..1e28ab4
--- /dev/null
+++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/dhcpsrvr.sh
@@ -0,0 +1,62 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+. /opt/cloud/bin/setup/common.sh
+
+dhcpsrvr_svcs() {
+ echo "ssh dnsmasq cloud-passwd-srvr apache2" > /var/cache/cloud/enabled_svcs
+ echo "cloud nfs-common conntrackd keepalived haproxy portmap" > /var/cache/cloud/disabled_svcs
+}
+
+setup_dhcpsrvr() {
+ log_it "Setting up dhcp server system vm"
+ setup_common eth0 eth1
+ setup_dnsmasq
+ setup_apache2 $ETH0_IP
+
+ sed -i /$NAME/d /etc/hosts
+ [ $ETH0_IP ] && echo "$ETH0_IP $NAME" >> /etc/hosts
+ [ $ETH0_IP6 ] && echo "$ETH0_IP6 $NAME" >> /etc/hosts
+
+ enable_irqbalance 0
+ enable_fwding 0
+
+ cp /etc/iptables/iptables-router /etc/iptables/rules.v4
+ cp /etc/iptables/iptables-router /etc/iptables/rules
+
+ #Only allow DNS service for current network
+ sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
+ sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
+ sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
+ sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
+
+ if [ "$SSHONGUEST" == "true" ]
+ then
+ setup_sshd $ETH0_IP "eth0"
+ else
+ setup_sshd $ETH1_IP "eth1"
+ fi
+}
+
+dhcpsrvr_svcs
+if [ $? -gt 0 ]
+then
+ log_it "Failed to execute dhcpsrvr_svcs"
+ exit 1
+fi
+setup_dhcpsrvr
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/elbvm.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/elbvm.sh
new file mode 100755
index 0000000..23a2607
--- /dev/null
+++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/elbvm.sh
@@ -0,0 +1,53 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+. /opt/cloud/bin/setup/common.sh
+
+elbvm_svcs() {
+ echo "ssh haproxy" > /var/cache/cloud/enabled_svcs
+ echo "cloud dnsmasq conntrackd keepalived cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs
+}
+
+setup_elbvm() {
+ log_it "Setting up Elastic Load Balancer system vm"
+ setup_common eth0 eth1
+ sed -i /$NAME/d /etc/hosts
+ public_ip=$ETH2_IP
+ [ "$ETH2_IP" == "0.0.0.0" ] || [ "$ETH2_IP" == "" ] && public_ip=$ETH0_IP
+ echo "$public_ip $NAME" >> /etc/hosts
+
+ cp /etc/iptables/iptables-elbvm /etc/iptables/rules.v4
+ cp /etc/iptables/iptables-elbvm /etc/iptables/rules
+ if [ "$SSHONGUEST" == "true" ]
+ then
+ setup_sshd $ETH0_IP "eth0"
+ else
+ setup_sshd $ETH1_IP "eth1"
+ fi
+
+ enable_fwding 0
+ enable_irqbalance 0
+}
+
+elbvm_svcs
+if [ $? -gt 0 ]
+then
+ log_it "Failed to execute elbvm svcs"
+ exit 1
+fi
+setup_elbvm
diff --git a/tools/appliance/definitions/systemvmtemplate/cleanup.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/ilbvm.sh
old mode 100644
new mode 100755
similarity index 53%
copy from tools/appliance/definitions/systemvmtemplate/cleanup.sh
copy to systemvm/patches/debian/config/opt/cloud/bin/setup/ilbvm.sh
index 67d6c23..4cd599f
--- a/tools/appliance/definitions/systemvmtemplate/cleanup.sh
+++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/ilbvm.sh
@@ -16,33 +16,33 @@
# specific language governing permissions and limitations
# under the License.
-set -e
-set -x
+. /opt/cloud/bin/setup/common.sh
-function cleanup_apt() {
- apt-get -y remove dictionaries-common busybox
- apt-get -y autoremove
- apt-get autoclean
- apt-get clean
+ilbvm_svcs() {
+ echo "ssh haproxy" > /var/cache/cloud/enabled_svcs
+ echo "cloud dnsmasq conntrackd keepalived cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs
}
-# Removing leftover leases and persistent rules
-function cleanup_dhcp() {
- rm -f /var/lib/dhcp/*
-}
+setup_ilbvm() {
+ log_it "Setting up Internal Load Balancer system vm"
+ setup_common eth0 eth1
+ #eth0 = guest network, eth1=control network
-# Make sure Udev doesn't block our network
-function cleanup_dev() {
- echo "cleaning up udev rules"
- rm -f /etc/udev/rules.d/70-persistent-net.rules
- rm -rf /dev/.udev/
- rm -f /lib/udev/rules.d/75-persistent-net-generator.rules
-}
+ sed -i /$NAME/d /etc/hosts
+ echo "$ETH0_IP $NAME" >> /etc/hosts
+
+ cp /etc/iptables/iptables-ilbvm /etc/iptables/rules.v4
+ cp /etc/iptables/iptables-ilbvm /etc/iptables/rules
+ setup_sshd $ETH1_IP "eth1"
-function cleanup() {
- cleanup_apt
- cleanup_dhcp
- cleanup_dev
+ enable_fwding 0
+ enable_irqbalance 1
}
-return 2>/dev/null || cleanup
+ilbvm_svcs
+if [ $? -gt 0 ]
+then
+ log_it "Failed to execute ilbvm svcs"
+ exit 1
+fi
+setup_ilbvm
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/patchsystemvm.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/patchsystemvm.sh
new file mode 100755
index 0000000..43c3c92
--- /dev/null
+++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/patchsystemvm.sh
@@ -0,0 +1,57 @@
+#/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+#set -x
+logfile="/var/log/patchsystemvm.log"
+
+# To use existing console proxy .zip-based package file
+patch_systemvm() {
+ local patchfile=$1
+ local backupfolder="/tmp/.conf.backup"
+ if [ -f /usr/local/cloud/systemvm/conf/cloud.jks ]; then
+ rm -fr $backupfolder
+ mkdir -p $backupfolder
+ cp -r /usr/local/cloud/systemvm/conf/* $backupfolder/
+ fi
+ rm /usr/local/cloud/systemvm -rf
+ mkdir -p /usr/local/cloud/systemvm
+ echo "All" | unzip $patchfile -d /usr/local/cloud/systemvm >$logfile 2>&1
+ find /usr/local/cloud/systemvm/ -name \*.sh | xargs chmod 555
+ if [ -f $backupfolder/cloud.jks ]; then
+ cp -r $backupfolder/* /usr/local/cloud/systemvm/conf/
+ echo "Restored keystore file and certs using backup" >> $logfile
+ fi
+ rm -fr $backupfolder
+ return 0
+}
+
+CMDLINE=/var/cache/cloud/cmdline
+PATCH_MOUNT=$1
+TYPE=$2
+
+echo "Patching systemvm for cloud service with mount=$PATCH_MOUNT for type=$TYPE" >> $logfile
+
+if [ "$TYPE" == "consoleproxy" ] || [ "$TYPE" == "secstorage" ] && [ -f ${PATCH_MOUNT}/systemvm.zip ]
+then
+ patch_systemvm ${PATCH_MOUNT}/systemvm.zip
+ if [ $? -gt 0 ]
+ then
+ echo "Failed to apply patch systemvm\n" >> $logfile
+ exit 1
+ fi
+fi
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/router.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/router.sh
new file mode 100755
index 0000000..d9fadfe
--- /dev/null
+++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/router.sh
@@ -0,0 +1,106 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+. /opt/cloud/bin/setup/common.sh
+
+setup_router() {
+ log_it "Setting up virtual router system vm"
+
+ #To save router public interface and gw ip information
+ touch /var/cache/cloud/ifaceGwIp
+
+ oldmd5=
+ [ -f "/etc/udev/rules.d/70-persistent-net.rules" ] && oldmd5=$(md5sum "/etc/udev/rules.d/70-persistent-net.rules" | awk '{print $1}')
+
+ if [ -n "$ETH2_IP" ]
+ then
+ setup_common eth0 eth1 eth2
+
+ if [ -n "$EXTRA_PUBNICS" ]
+ then
+ for((i = 3; i < 3 + $EXTRA_PUBNICS; i++))
+ do
+ setup_interface "$i" "0.0.0.0" "255.255.255.255" $GW "force"
+ done
+ fi
+ else
+ setup_common eth0 eth1
+ if [ -n "$EXTRA_PUBNICS" ]
+ then
+ for((i = 2; i < 2 + $EXTRA_PUBNICS; i++))
+ do
+ setup_interface "$i" "0.0.0.0" "255.255.255.255" $GW "force"
+ done
+ fi
+ fi
+
+ if [ -n "$ETH2_IP" -a "$RROUTER" == "1" ]
+ then
+ setup_redundant_router
+ fi
+
+ log_it "Checking udev NIC assignment order changes"
+ if [ "$NIC_MACS" != "" ]
+ then
+ init_interfaces_orderby_macs "$NIC_MACS" "/tmp/interfaces" "/tmp/udev-rules"
+ newmd5=$(md5sum "/tmp/udev-rules" | awk '{print $1}')
+ rm /tmp/interfaces
+ rm /tmp/udev-rules
+
+ if [ "$oldmd5" != "$newmd5" ]
+ then
+ log_it "udev NIC assignment requires reboot to take effect"
+ sync
+ sleep 2
+ reboot
+ fi
+ fi
+
+ setup_aesni
+ setup_dnsmasq
+ setup_apache2 $ETH0_IP
+
+ sed -i /$NAME/d /etc/hosts
+ echo "$ETH0_IP $NAME" >> /etc/hosts
+
+ enable_irqbalance 1
+ disable_rpfilter_domR
+ enable_fwding 1
+ enable_rpsrfs 1
+ cp /etc/iptables/iptables-router /etc/iptables/rules.v4
+ #for old templates
+ cp /etc/iptables/iptables-router /etc/iptables/rules
+ setup_sshd $ETH1_IP "eth1"
+
+ #Only allow DNS service for current network
+ sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
+ sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
+ sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
+ sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
+
+ #setup hourly logrotate
+ mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1
+}
+
+routing_svcs
+if [ $? -gt 0 ]
+then
+ log_it "Failed to execute routing_svcs"
+ exit 1
+fi
+setup_router
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/secstorage.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/secstorage.sh
new file mode 100755
index 0000000..327353c
--- /dev/null
+++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/secstorage.sh
@@ -0,0 +1,90 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+. /opt/cloud/bin/setup/common.sh
+
+secstorage_svcs() {
+ echo "apache2 cloud ssh nfs-common portmap" > /var/cache/cloud/enabled_svcs
+ echo "cloud-passwd-srvr conntrackd keepalived haproxy dnsmasq" > /var/cache/cloud/disabled_svcs
+ mkdir -p /var/log/cloud
+}
+
+setup_secstorage() {
+ log_it "Setting up secondary storage system vm"
+ sysctl vm.min_free_kbytes=8192
+
+ setup_common eth0 eth1 eth2
+ setup_storage_network
+ setup_system_rfc1918_internal
+
+ log_it "Setting up entry in hosts"
+ sed -i /$NAME/d /etc/hosts
+ public_ip=`getPublicIp`
+ echo "$public_ip $NAME" >> /etc/hosts
+
+ log_it "Applying iptables rules"
+ cp /etc/iptables/iptables-secstorage /etc/iptables/rules.v4
+ cp /etc/iptables/iptables-secstorage /etc/iptables/rules
+
+ log_it "Configuring sshd"
+ local hyp=$HYPERVISOR
+ if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ]; then
+ setup_sshd $ETH1_IP "eth1"
+ else
+ setup_sshd $ETH0_IP "eth0"
+ fi
+
+ log_it "Configuring apache2"
+ setup_apache2 $ETH2_IP
+
+ # Deprecated, should move to Cs Python all of it
+ sed -e "s/<VirtualHost .*:80>/<VirtualHost $ETH2_IP:80>/" \
+ -e "s/<VirtualHost .*:443>/<VirtualHost $ETH2_IP:443>/" \
+ -e "s/Listen .*:80/Listen $ETH2_IP:80/g" \
+ -e "s/Listen .*:443/Listen $ETH2_IP:443/g" /etc/apache2/vhost.template > /etc/apache2/sites-enabled/vhost-${ETH2_IP}.conf
+
+ log_it "Setting up apache2 for post upload of volume/template"
+ a2enmod proxy
+ a2enmod proxy_http
+ a2enmod headers
+
+ cat >/etc/apache2/cors.conf <<CORS
+RewriteEngine On
+RewriteCond %{HTTPS} =on
+RewriteCond %{REQUEST_METHOD} =POST
+RewriteRule ^/upload/(.*) http://127.0.0.1:8210/upload?uuid=\$1 [P,L]
+Header always set Access-Control-Allow-Origin "*"
+Header always set Access-Control-Allow-Methods "POST, OPTIONS"
+Header always set Access-Control-Allow-Headers "x-requested-with, Content-Type, origin, authorization, accept, client-security-token, x-signature, x-metadata, x-expires"
+CORS
+
+ disable_rpfilter
+ enable_fwding 0
+ enable_irqbalance 0
+ setup_ntp
+
+ rm -f /etc/logrotate.d/cloud
+}
+
+secstorage_svcs
+if [ $? -gt 0 ]
+then
+ log_it "Failed to execute secstorage_svcs"
+ exit 1
+fi
+setup_secstorage
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/vpcrouter.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/vpcrouter.sh
new file mode 100755
index 0000000..bd1181f
--- /dev/null
+++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/vpcrouter.sh
@@ -0,0 +1,129 @@
+#!/bin/bash
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+. /opt/cloud/bin/setup/common.sh
+
+setup_vpcrouter() {
+ log_it "Setting up VPC virtual router system vm"
+
+ if [ -f /etc/hosts ]; then
+ grep -q $NAME /etc/hosts || echo "127.0.0.1 $NAME" >> /etc/hosts;
+ fi
+
+ cat > /etc/network/interfaces << EOF
+auto lo eth0
+iface lo inet loopback
+EOF
+ setup_interface "0" $ETH0_IP $ETH0_MASK $GW
+
+ echo $NAME > /etc/hostname
+ echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon
+ hostnamectl set-hostname $NAME
+
+ #Nameserver
+ sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries
+ sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries
+ if [ -n "$internalNS1" ]
+ then
+ echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf
+ echo "nameserver $internalNS1" > /etc/resolv.conf
+ fi
+
+ if [ -n "$internalNS2" ]
+ then
+ echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf
+ echo "nameserver $internalNS2" >> /etc/resolv.conf
+ fi
+ if [ -n "$NS1" ]
+ then
+ echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf
+ echo "nameserver $NS1" >> /etc/resolv.conf
+ fi
+
+ if [ -n "$NS2" ]
+ then
+ echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf
+ echo "nameserver $NS2" >> /etc/resolv.conf
+ fi
+ if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ]
+ then
+ if [ "$HYPERVISOR" == "vmware" ] || [ "$HYPERVISOR" == "hyperv" ];
+ then
+ ip route add $MGMTNET via $LOCAL_GW dev eth0
+
+ # a hacking way to activate vSwitch under VMware
+ ping -n -c 3 $LOCAL_GW &
+ sleep 3
+ pkill ping
+ fi
+ fi
+
+ if [ "$RROUTER" == "1" ]
+ then
+ setup_redundant_router
+ fi
+
+ ip route delete default
+ # create route table for static route
+
+ sudo echo "252 static_route" >> /etc/iproute2/rt_tables 2>/dev/null
+ sudo echo "251 static_route_back" >> /etc/iproute2/rt_tables 2>/dev/null
+ sudo ip rule add from $VPCCIDR table static_route 2>/dev/null
+ sudo ip rule add from $VPCCIDR table static_route_back 2>/dev/null
+
+ setup_vpc_apache2
+
+ enable_irqbalance 1
+ enable_vpc_rpsrfs 1
+ disable_rpfilter
+ enable_fwding 1
+ cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules.v4
+ cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules
+ setup_sshd $ETH0_IP "eth0"
+ cp /etc/vpcdnsmasq.conf /etc/dnsmasq.conf
+ cp /etc/cloud-nic.rules /etc/udev/rules.d/cloud-nic.rules
+ echo "" > /etc/dnsmasq.d/dhcphosts.txt
+ echo "dhcp-hostsfile=/etc/dhcphosts.txt" > /etc/dnsmasq.d/cloud.conf
+
+ [ -z $DOMAIN ] && DOMAIN="cloudnine.internal"
+ #DNS server will append $DOMAIN to local queries
+ sed -r -i s/^[#]?domain=.*$/domain=$DOMAIN/ /etc/dnsmasq.conf
+ #answer all local domain queries
+ sed -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf
+
+ command -v dhcp_release > /dev/null 2>&1
+ no_dhcp_release=$?
+ if [ $no_dhcp_release -eq 0 ]
+ then
+ echo 1 > /var/cache/cloud/dnsmasq_managed_lease
+ sed -i -e "/^leasefile-ro/d" /etc/dnsmasq.conf
+ else
+ echo 0 > /var/cache/cloud/dnsmasq_managed_lease
+ fi
+
+ #setup hourly logrotate
+ mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1
+}
+
+routing_svcs
+if [ $? -gt 0 ]
+then
+ log_it "Failed to execute routing_svcs"
+ exit 1
+fi
+setup_vpcrouter
diff --git a/systemvm/patches/debian/config/opt/cloud/templates/check_heartbeat.sh.templ b/systemvm/patches/debian/config/opt/cloud/templates/check_heartbeat.sh.templ
index 6a0d8a9..a9cbf30 100755
--- a/systemvm/patches/debian/config/opt/cloud/templates/check_heartbeat.sh.templ
+++ b/systemvm/patches/debian/config/opt/cloud/templates/check_heartbeat.sh.templ
@@ -47,9 +47,9 @@ then
if [ $s -gt 2 ]
then
echo Keepalived process is dead! >> $ROUTER_LOG
- service keepalived stop >> $ROUTER_LOG 2>&1
- service conntrackd stop >> $ROUTER_LOG 2>&1
-
+ systemctl stop keepalived >> $ROUTER_LOG 2>&1
+ systemctl stop conntrackd >> $ROUTER_LOG 2>&1
+
#Set fault so we have the same effect as a KeepaliveD fault.
python /opt/cloud/bin/master.py --fault
diff --git a/systemvm/patches/debian/config/root/.ssh/authorized_keys b/systemvm/patches/debian/config/root/.ssh/authorized_keys
index 7286760..c09f637 100644
--- a/systemvm/patches/debian/config/root/.ssh/authorized_keys
+++ b/systemvm/patches/debian/config/root/.ssh/authorized_keys
@@ -1 +1 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvFu3MLSPphFRBR1yM7nBukXWS9gPdAXfqq9cfC8ZqQN9ybi531aj44CybZ4BVT4kLfzbAs7+7nJeSIpPHxjv9XFqbxjIxoFeGYkj7s0RrJgtsEmvAAubZ3mYboUAYUivMgnJFLnv4VqyAbpjix6CfECUiU4ygwo24F3F6bAmhl4Vo1R5TSUdDIX876YePJTFtuVkLl4lu/+xw1QRWrgaSFosGICT37IKY7RjE79Ozb0GjNHyJPPgVAGkUVO4LawroL9dYOBlzdHpmqqA9Kc44oQBpvcU7s1+ezRTt7fZNnP7TG9ninZtrvnP4qmwAc4iUJ7N1bwh0mCblnoTfZ28hw== anthony@mobl-ant
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2RIE3hgSAD8zULuyE7KDW9EKh2oVbNGY7iSL/VI5xHLISKh4e8ksTshWjlGBtrUCnuzR7y2BUxZ65RI8XkB1fEDxcOU4/0lVPvJYDSsGveXoOgpLwOtKRoGLgjFUGzBQlj2s6YaYQxoNTqtBVkDIH6ekPNq0Q38hRrFcsVIk1sFo5ejuvFxt2wx6APcFIQtHSNezEDO0GVUScDU1N1YEMMv1PU3M/SrcezkXrGl/efF3kWtY9L5xm7sojHMCCqsI38r8ogof67F7JdWRXM6Nl3VzkdCBzWGcyAl+cYfjzgOiBGXyAyYBk8qqzJjKwUOtdjfRvCyowA/0xBwMW1T7PQ==
diff --git a/systemvm/scripts/_run.sh b/systemvm/scripts/_run.sh
index 6d77002..96cc88b 100755
--- a/systemvm/scripts/_run.sh
+++ b/systemvm/scripts/_run.sh
@@ -16,24 +16,16 @@
# specific language governing permissions and limitations
# under the License.
+# run.sh runs the cloud service
+#set -x
+# make sure we delete the old files from the original template
+rm -f console-proxy.jar
+rm -f console-common.jar
+rm -f conf/cloud.properties
-
+CP="./:./conf:$(ls *.jar | tr '\n' ':' | sed s'/.$//')"
-#run.sh runs the console proxy.
-
-# make sure we delete the old files from the original template
-rm console-proxy.jar
-rm console-common.jar
-rm conf/cloud.properties
-
-set -x
-
-CP=./:./conf
-for file in *.jar
-do
- CP=${CP}:$file
-done
keyvalues=
LOGHOME=/var/log/cloud/
@@ -50,7 +42,7 @@ for i in $CMDLINE
keyvalues="${keyvalues} $KEY=$VALUE"
esac
done
-
+
tot_mem_k=$(cat /proc/meminfo | grep MemTotal | awk '{print $2}')
let "tot_mem_m=tot_mem_k>>10"
let "eightypcnt=$tot_mem_m*8/10"
diff --git a/systemvm/scripts/config_ssl.sh b/systemvm/scripts/config_ssl.sh
index 8635887..931c1a5 100755
--- a/systemvm/scripts/config_ssl.sh
+++ b/systemvm/scripts/config_ssl.sh
@@ -49,7 +49,6 @@ config_apache2_conf() {
sed -i -e "s/<VirtualHost.*>/<VirtualHost $ip:443>/" /etc/apache2/sites-available/default-ssl
sed -i -e "s/Listen .*:80/Listen $ip:80/g" /etc/apache2/ports.conf
sed -i -e "s/Listen .*:443/Listen $ip:443/g" /etc/apache2/ports.conf
- sed -i -e "s/NameVirtualHost .*:80/NameVirtualHost $ip:80/g" /etc/apache2/ports.conf
sed -i 's/ssl-cert-snakeoil.key/cert_apache.key/' /etc/apache2/sites-available/default-ssl
sed -i 's/ssl-cert-snakeoil.pem/cert_apache.crt/' /etc/apache2/sites-available/default-ssl
sed -i 's/SSLProtocol.*$/SSLProtocol all -SSLv2 -SSLv3/' /etc/apache2/sites-available/default-ssl
diff --git a/systemvm/scripts/run.sh b/systemvm/scripts/run.sh
index 1e12f12..7923a34 100755
--- a/systemvm/scripts/run.sh
+++ b/systemvm/scripts/run.sh
@@ -16,10 +16,6 @@
# specific language governing permissions and limitations
# under the License.
-
-
-
-
#_run.sh runs the agent client.
# set -x
diff --git a/systemvm/systemvm-descriptor.xml b/systemvm/systemvm-descriptor.xml
index eec916e..ce5ae4b 100644
--- a/systemvm/systemvm-descriptor.xml
+++ b/systemvm/systemvm-descriptor.xml
@@ -58,8 +58,8 @@
<fileMode>555</fileMode>
<includes>
<include>log4j-cloud.xml</include>
- <include>consoleproxy.properties</include>
- <include>agent.properties</include>
+ <include>consoleproxy.properties</include>
+ <include>agent.properties</include>
</includes>
</fileSet>
<fileSet>
@@ -69,7 +69,7 @@
<fileMode>555</fileMode>
<includes>
<include>*.jpg</include>
- <include>*.gif</include>
+ <include>*.gif</include>
<include>*.png</include>
<include>*.cur</include>
</includes>
diff --git a/test/integration/component/test_browse_templates.py b/test/integration/component/test_browse_templates.py
index 445fae8..0875d01 100644
--- a/test/integration/component/test_browse_templates.py
+++ b/test/integration/component/test_browse_templates.py
@@ -856,7 +856,7 @@ class TestBrowseUploadVolume(cloudstackTestCase):
self.apiclient.connection.user,
self.apiclient.connection.passwd,
ssvm.privateip,
- "service cloud status",
+ "systemctl is-active cloud",
hypervisor=self.hypervisor
)
else:
@@ -868,7 +868,7 @@ class TestBrowseUploadVolume(cloudstackTestCase):
host.user,
host.passwd,
ssvm.linklocalip,
- "service cloud status"
+ "systemctl is-active cloud"
)
except KeyError:
self.skipTest("Marvin configuration has no host credentials to check router services")
@@ -876,7 +876,7 @@ class TestBrowseUploadVolume(cloudstackTestCase):
self.debug("Cloud Process status: %s" % res)
# Apache CloudStack service (type=secstorage) is running: process id: 2346
self.assertEqual(
- res.count("is running"),
+ res.count("active"),
1,
"Check cloud service is running or not"
)
diff --git a/test/integration/component/test_browse_volumes.py b/test/integration/component/test_browse_volumes.py
index 390d0ab..08a41b4 100644
--- a/test/integration/component/test_browse_volumes.py
+++ b/test/integration/component/test_browse_volumes.py
@@ -1288,7 +1288,7 @@ class TestBrowseUploadVolume(cloudstackTestCase):
self.apiclient.connection.user,
self.apiclient.connection.passwd,
ssvm.privateip,
- "service cloud status",
+ "systemctl is-active cloud",
hypervisor=self.hypervisor
)
else:
@@ -1300,7 +1300,7 @@ class TestBrowseUploadVolume(cloudstackTestCase):
host.user,
host.passwd,
ssvm.linklocalip,
- "service cloud status"
+ "systemctl is-active cloud"
)
except KeyError:
self.skipTest("Marvin configuration has no host credentials to check router services")
@@ -1308,7 +1308,7 @@ class TestBrowseUploadVolume(cloudstackTestCase):
self.debug("Cloud Process status: %s" % res)
# Apache CloudStack service (type=secstorage) is running: process id: 2346
self.assertEqual(
- res.count("is running"),
+ res.count("active"),
1,
"Check cloud service is running or not"
)
diff --git a/test/integration/component/test_security_groups.py b/test/integration/component/test_security_groups.py
index b3620be..f95bd74 100755
--- a/test/integration/component/test_security_groups.py
+++ b/test/integration/component/test_security_groups.py
@@ -767,13 +767,13 @@ class TestDhcpOnlyRouter(cloudstackTestCase):
self.testdata['configurableData']['host']["username"],
self.testdata['configurableData']['host']["password"],
router.linklocalip,
- "service dnsmasq status"
+ "systemctl is-active dnsmasq"
)
res = str(result)
self.debug("Dnsmasq process status: %s" % res)
self.assertEqual(
- res.count("running"),
+ res.count("active"),
1,
"Check dnsmasq service is running or not"
)
diff --git a/test/integration/smoke/test_list_ids_parameter.py b/test/integration/smoke/test_list_ids_parameter.py
index f679aed..cc45ce3 100755
--- a/test/integration/smoke/test_list_ids_parameter.py
+++ b/test/integration/smoke/test_list_ids_parameter.py
@@ -105,20 +105,20 @@ class TestListIdsParams(cloudstackTestCase):
mode=cls.services["mode"]
)
- #Take 3 VM1 Snapshots
- #PLEASE UNCOMMENT ONCE VM SNAPSHOT DELAY BUG AFTER VM CREATION IS FIXED
- """cls.vmsnapshot_1 = VmSnapshot.create(
- cls.apiclient,
- cls.virtual_machine_1.id
- )
- cls.vmsnapshot_2 = VmSnapshot.create(
- cls.apiclient,
- cls.virtual_machine_1.id
- )
- cls.vmsnapshot_3 = VmSnapshot.create(
- cls.apiclient,
- cls.virtual_machine_1.id
- )"""
+# Take 3 VM1 Snapshots
+# PLEASE UNCOMMENT ONCE VM SNAPSHOT DELAY BUG AFTER VM CREATION IS FIXED
+# cls.vmsnapshot_1 = VmSnapshot.create(
+# cls.apiclient,
+# cls.virtual_machine_1.id
+# )
+# cls.vmsnapshot_2 = VmSnapshot.create(
+# cls.apiclient,
+# cls.virtual_machine_1.id
+# )
+# cls.vmsnapshot_3 = VmSnapshot.create(
+# cls.apiclient,
+# cls.virtual_machine_1.id
+# )
#Stop VMs
cls.virtual_machine_1.stop(cls.apiclient)
@@ -229,7 +229,7 @@ class TestListIdsParams(cloudstackTestCase):
3,
"ListVolumes response expected 3 Volumes, received %s" % len(list_volume_response)
)
-
+
@attr(tags = ["advanced", "advancedns", "smoke", "basic"], required_hardware="false")
def test_02_list_templates(self):
"""Test listing Templates using 'ids' parameter
@@ -273,23 +273,23 @@ class TestListIdsParams(cloudstackTestCase):
"ListSnapshots response expected 3 Snapshots, received %s" % len(list_snapshot_response)
)
- #PLEASE UNCOMMENT ONCE VM SNAPSHOT DELAY BUG AFTER VM CREATION IS FIXED
- #@attr(tags = ["advanced", "advancedns", "smoke", "basic"], required_hardware="false")
- #def test_04_list_vm_snapshots(self):
- """Test listing VMSnapshots using 'vmsnapshotids' parameter
- """
- """list_vm_snapshot_response = VmSnapshot.list(
- self.apiclient,
- vmsnapshotids=[self.vmsnapshot_1.id, self.vmsnapshot_2.id, self.vmsnapshot_3.id],
- listall=True
- )
- self.assertEqual(
- isinstance(list_vm_snapshot_response, list),
- True,
- "ListVMSnapshots response was not a valid list"
- )
- self.assertEqual(
- len(list_vm_snapshot_response),
- 3,
- "ListVMSnapshots response expected 3 VMSnapshots, received %s" % len(list_vm_snapshot_response)
- )"""
+# PLEASE UNCOMMENT ONCE VM SNAPSHOT DELAY BUG AFTER VM CREATION IS FIXED
+# @attr(tags = ["advanced", "advancedns", "smoke", "basic"], required_hardware="false")
+# def test_04_list_vm_snapshots(self):
+# """Test listing VMSnapshots using 'vmsnapshotids' parameter
+# """
+# list_vm_snapshot_response = VmSnapshot.list(
+# self.apiclient,
+# vmsnapshotids=[self.vmsnapshot_1.id, self.vmsnapshot_2.id, self.vmsnapshot_3.id],
+# listall=True
+# )
+# self.assertEqual(
+# isinstance(list_vm_snapshot_response, list),
+# True,
+# "ListVMSnapshots response was not a valid list"
+# )
+# self.assertEqual(
+# len(list_vm_snapshot_response),
+# 3,
+# "ListVMSnapshots response expected 3 VMSnapshots, received %s" % len(list_vm_snapshot_response)
+# )
diff --git a/test/integration/smoke/test_loadbalance.py b/test/integration/smoke/test_loadbalance.py
index 7ca5cf8..8e958a9 100644
--- a/test/integration/smoke/test_loadbalance.py
+++ b/test/integration/smoke/test_loadbalance.py
@@ -120,29 +120,30 @@ class TestLoadBalance(cloudstackTestCase):
cleanup_resources(cls.apiclient, cls._cleanup)
return
- def try_ssh(self, ip_addr, unameCmd):
+ def try_ssh(self, ip_addr, unameCmd, firstAttempt=False):
try:
self.debug(
"SSH into VM (IPaddress: %s) & NAT Rule (Public IP: %s)" %
(self.vm_1.ipaddress, ip_addr)
)
- # If Round Robin Algorithm is chosen,
+ retries = 3
+ if firstAttempt:
+ retries = 30
+ # If Round Robin Algorithm is chosen,
# each ssh command should alternate between VMs
-
ssh_1 = SshClient(
ip_addr,
self.services['lbrule']["publicport"],
self.vm_1.username,
self.vm_1.password,
- retries=10
+ retries=retries
)
unameCmd.append(ssh_1.execute("uname")[0])
self.debug(unameCmd)
except Exception as e:
self.fail("%s: SSH failed for VM with IP Address: %s" %
(e, ip_addr))
- time.sleep(10)
- return
+ time.sleep(5)
@attr(tags = ["advanced", "advancedns", "smoke"], required_hardware="true")
def test_01_create_lb_rule_src_nat(self):
@@ -256,7 +257,7 @@ class TestLoadBalance(cloudstackTestCase):
unameResults = []
- self.try_ssh(src_nat_ip_addr.ipaddress, unameResults)
+ self.try_ssh(src_nat_ip_addr.ipaddress, unameResults, True)
self.try_ssh(src_nat_ip_addr.ipaddress, unameResults)
self.try_ssh(src_nat_ip_addr.ipaddress, unameResults)
self.try_ssh(src_nat_ip_addr.ipaddress, unameResults)
diff --git a/test/integration/smoke/test_router_dns.py b/test/integration/smoke/test_router_dns.py
index ef77224..9b4ca7e 100644
--- a/test/integration/smoke/test_router_dns.py
+++ b/test/integration/smoke/test_router_dns.py
@@ -256,7 +256,7 @@ class TestRouterDns(cloudstackTestCase):
result = None
try:
self.logger.debug("SSH into guest VM with IP: %s" % nat_rule1.ipaddress)
- ssh = self.vm.get_ssh_client(ipaddress=nat_rule1.ipaddress, port=self.services['natrule1']["publicport"], retries=8)
+ ssh = self.vm.get_ssh_client(ipaddress=nat_rule1.ipaddress, port=self.services['natrule1']["publicport"], retries=15)
result = str(ssh.execute("nslookup google.com"))
except Exception as e:
self.fail("Failed to SSH into VM - %s due to exception: %s" % (nat_rule1.ipaddress, e))
diff --git a/test/integration/smoke/test_router_dnsservice.py b/test/integration/smoke/test_router_dnsservice.py
index 436d9e4..ffadec7 100644
--- a/test/integration/smoke/test_router_dnsservice.py
+++ b/test/integration/smoke/test_router_dnsservice.py
@@ -92,8 +92,8 @@ class TestRouterDnsService(cloudstackTestCase):
zoneid=cls.zone.id)
cls.logger.debug("Creating guest VM for Account %s using offering %s" % (cls.account.name, cls.service_offering.id))
- cls.services["virtual_machine"]["displayname"] = VM1_NAME;
- cls.services["virtual_machine"]["name"] = VM1_NAME;
+ cls.services["virtual_machine"]["displayname"] = VM1_NAME
+ cls.services["virtual_machine"]["name"] = VM1_NAME
cls.vm1 = VirtualMachine.create(cls.api_client,
cls.services["virtual_machine"],
templateid=cls.template.id,
@@ -102,10 +102,10 @@ class TestRouterDnsService(cloudstackTestCase):
serviceofferingid=cls.service_offering.id,
networkids=[str(cls.network.id)])
cls.vm1.password = "password"
- cls.logger.debug("Created VM named %s" % VM1_NAME);
-
- cls.services["virtual_machine"]["displayname"] = VM2_NAME;
- cls.services["virtual_machine"]["name"] = VM2_NAME;
+ cls.logger.debug("Created VM named %s" % VM1_NAME)
+
+ cls.services["virtual_machine"]["displayname"] = VM2_NAME
+ cls.services["virtual_machine"]["name"] = VM2_NAME
cls.vm2 = VirtualMachine.create(cls.api_client,
cls.services["virtual_machine"],
templateid=cls.template.id,
@@ -114,7 +114,7 @@ class TestRouterDnsService(cloudstackTestCase):
serviceofferingid=cls.service_offering.id,
networkids=[str(cls.network.id)])
cls.vm2.password = "password"
- cls.logger.debug("Created VM named %s" % VM2_NAME);
+ cls.logger.debug("Created VM named %s" % VM2_NAME)
cls.services["natrule1"] = {
"privateport": 22,
@@ -256,7 +256,7 @@ class TestRouterDnsService(cloudstackTestCase):
result1 = None
try:
self.logger.debug("SSH into guest VM with IP: %s" % nat_rule1.ipaddress)
- ssh = self.vm1.get_ssh_client(ipaddress=nat_rule1.ipaddress, port=self.services['natrule1']["publicport"], retries=8)
+ ssh = self.vm1.get_ssh_client(ipaddress=nat_rule1.ipaddress, port=self.services['natrule1']["publicport"], retries=15)
result1 = str(ssh.execute("nslookup %s" % VM1_NAME))
self.logger.debug("nslookup %s: %s " % (VM1_NAME, result1))
result2 = str(ssh.execute("nslookup %s" % VM2_NAME))
diff --git a/test/integration/smoke/test_routers.py b/test/integration/smoke/test_routers.py
index c6aa496..070841e 100644
--- a/test/integration/smoke/test_routers.py
+++ b/test/integration/smoke/test_routers.py
@@ -171,7 +171,7 @@ class TestRouterServices(cloudstackTestCase):
self.apiclient.connection.user,
self.apiclient.connection.passwd,
router.linklocalip,
- "service dnsmasq status",
+ "systemctl is-active dnsmasq",
hypervisor=self.hypervisor
)
else:
@@ -184,7 +184,7 @@ class TestRouterServices(cloudstackTestCase):
host.user,
host.passwd,
router.linklocalip,
- "service dnsmasq status"
+ "systemctl is-active dnsmasq"
)
except KeyError:
@@ -195,7 +195,7 @@ class TestRouterServices(cloudstackTestCase):
self.debug("Dnsmasq process status: %s" % res)
self.assertEqual(
- res.count("running"),
+ res.count("active"),
1,
"Check dnsmasq service is running or not"
)
@@ -251,7 +251,7 @@ class TestRouterServices(cloudstackTestCase):
self.apiclient.connection.user,
self.apiclient.connection.passwd,
router.linklocalip,
- "service dnsmasq status",
+ "systemctl is-active dnsmasq",
hypervisor=self.hypervisor
)
else:
@@ -264,7 +264,7 @@ class TestRouterServices(cloudstackTestCase):
host.user,
host.passwd,
router.linklocalip,
- "service dnsmasq status"
+ "systemctl is-active dnsmasq"
)
except KeyError:
self.skipTest(
@@ -273,7 +273,7 @@ class TestRouterServices(cloudstackTestCase):
res = str(result)
self.debug("Dnsmasq process status: %s" % res)
self.assertEqual(
- res.count("running"),
+ res.count("active"),
1,
"Check dnsmasq service is running or not"
)
@@ -285,7 +285,7 @@ class TestRouterServices(cloudstackTestCase):
self.apiclient.connection.user,
self.apiclient.connection.passwd,
router.linklocalip,
- "service haproxy status",
+ "systemctl is-active haproxy",
hypervisor=self.hypervisor
)
else:
@@ -298,7 +298,7 @@ class TestRouterServices(cloudstackTestCase):
host.user,
host.passwd,
router.linklocalip,
- "service haproxy status"
+ "systemctl is-active haproxy"
)
except KeyError:
self.skipTest(
@@ -306,7 +306,7 @@ class TestRouterServices(cloudstackTestCase):
to check router services")
res = str(result)
self.assertEqual(
- res.count("running"),
+ res.count("active"),
1,
"Check haproxy service is running or not"
)
diff --git a/test/integration/smoke/test_ssvm.py b/test/integration/smoke/test_ssvm.py
index 616f8b3..41db1ab 100644
--- a/test/integration/smoke/test_ssvm.py
+++ b/test/integration/smoke/test_ssvm.py
@@ -44,7 +44,7 @@ _multiprocess_shared_ = True
class TestSSVMs(cloudstackTestCase):
def setUp(self):
- test_case = super(TestSSVMs, self)
+ test_case = super(TestSSVMs, self)
self.apiclient = self.testClient.getApiClient()
self.hypervisor = self.testClient.getHypervisorInfo()
self.cleanup = []
@@ -57,40 +57,52 @@ class TestSSVMs(cloudstackTestCase):
self.logger.setLevel(logging.DEBUG)
self.logger.addHandler(self.stream_handler)
- # Default sleep is set to 90 seconds, which is too long if the SSVM takes up to 2min to start.
- # Second sleep in the loop will waste test time.
- self.services["sleep"] = 30
- # Default value is 120 seconds. That's just too much.
- self.services["configurableData"]["systemVmDelay"] = 60
-
- return
-
def tearDown(self):
try:
- # Clean up, terminate the created templates
cleanup_resources(self.apiclient, self.cleanup)
-
except Exception as e:
raise Exception("Warning: Exception during cleanup : %s" % e)
- return
def waitForSystemVMAgent(self, vmname):
- timeout = 120
-
- while True:
+ def checkRunningAgent():
list_host_response = list_hosts(
self.apiclient,
name=vmname
)
+ if isinstance(list_host_response, list):
+ return list_host_response[0].state == 'Up', None
+ return False, None
- if list_host_response and list_host_response[0].state == 'Up':
- break
+ res, _ = wait_until(3, self.services["sleep"], checkRunningAgent)
+ if not res:
+ raise Exception("Failed to wait for SSVM agent to be Up")
+
+ def checkForRunningSystemVM(self, ssvm, ssvm_type=None):
+ if not ssvm:
+ return None
+
+ def checkRunningState():
+ if not ssvm_type:
+ response = list_ssvms(
+ self.apiclient,
+ id=ssvm.id
+ )
+ else:
+ response = list_ssvms(
+ self.apiclient,
+ zoneid=self.zone.id,
+ systemvmtype=ssvm_type
+ )
- if timeout == 0:
- raise Exception("Timed out waiting for SSVM agent to be Up")
+ if isinstance(response, list):
+ ssvm_response = response[0]
+ return ssvm_response.state == 'Running', ssvm_response
+ return False, None
- time.sleep(1)
- timeout = timeout - 1
+ res, ssvm_response = wait_until(3, self.services["sleep"], checkRunningState)
+ if not res:
+ self.fail("Failed to reach systemvm state to Running")
+ return ssvm_response
@attr(
tags=[
@@ -228,7 +240,6 @@ class TestSSVMs(cloudstackTestCase):
zone_response[0].dns2,
"Check DNS2 with that of corresponding zone"
)
- return
@attr(
tags=[
@@ -360,7 +371,6 @@ class TestSSVMs(cloudstackTestCase):
zone_response[0].dns2,
"Check DNS2 with that of corresponding zone"
)
- return
@attr(
tags=[
@@ -459,7 +469,7 @@ class TestSSVMs(cloudstackTestCase):
self.apiclient.connection.user,
self.apiclient.connection.passwd,
ssvm.privateip,
- "service cloud status",
+ "systemctl is-active cloud",
hypervisor=self.hypervisor
)
else:
@@ -472,7 +482,7 @@ class TestSSVMs(cloudstackTestCase):
host.user,
host.passwd,
ssvm.linklocalip,
- "service cloud status"
+ "systemctl is-active cloud"
)
except KeyError:
self.skipTest(
@@ -482,11 +492,11 @@ class TestSSVMs(cloudstackTestCase):
self.debug("Cloud Process status: %s" % res)
# Apache CloudStack service (type=secstorage) is running: process id: 2346
self.assertEqual(
- res.count("is running"),
+ res.count("active"),
1,
"Check cloud service is running or not"
)
-
+
linklocal_ip = None
# Check status of cloud service
if self.hypervisor.lower() in ('vmware', 'hyperv'):
@@ -526,8 +536,6 @@ class TestSSVMs(cloudstackTestCase):
res,
"The cached Link Local should be the same as the current Link Local IP, but they are different! Current ==> %s; Cached ==> %s " % (linklocal_ip, res)
)
-
- return
@attr(
tags=[
@@ -595,7 +603,7 @@ class TestSSVMs(cloudstackTestCase):
self.apiclient.connection.user,
self.apiclient.connection.passwd,
cpvm.privateip,
- "service cloud status",
+ "systemctl is-active cloud",
hypervisor=self.hypervisor
)
else:
@@ -608,7 +616,7 @@ class TestSSVMs(cloudstackTestCase):
host.user,
host.passwd,
cpvm.linklocalip,
- "service cloud status"
+ "systemctl is-active cloud"
)
except KeyError:
self.skipTest(
@@ -617,7 +625,7 @@ class TestSSVMs(cloudstackTestCase):
res = str(result)
self.debug("Cloud Process status: %s" % res)
self.assertEqual(
- res.count("is running"),
+ res.count("active"),
1,
"Check cloud service is running or not"
)
@@ -662,8 +670,6 @@ class TestSSVMs(cloudstackTestCase):
"The cached Link Local should be the same as the current Link Local IP, but they are different! Current ==> %s; Cached ==> %s " % (linklocal_ip, res)
)
- return
-
@attr(
tags=[
"advanced",
@@ -711,45 +717,21 @@ class TestSSVMs(cloudstackTestCase):
cmd.id = ssvm.id
self.apiclient.stopSystemVm(cmd)
- timeout = self.services["timeout"]
- while True:
- list_ssvm_response = list_ssvms(
- self.apiclient,
- id=ssvm.id
- )
- if isinstance(list_ssvm_response, list):
- if list_ssvm_response[0].state == 'Running':
- break
- if timeout == 0:
- raise Exception("List SSVM call failed!")
-
- time.sleep(self.services["sleep"])
- timeout = timeout - 1
-
- self.assertEqual(
- isinstance(list_ssvm_response, list),
- True,
- "Check list response returns a valid list"
- )
- ssvm_response = list_ssvm_response[0]
+ ssvm_response = self.checkForRunningSystemVM(ssvm)
self.debug("SSVM state after debug: %s" % ssvm_response.state)
self.assertEqual(
ssvm_response.state,
'Running',
"Check whether SSVM is running or not"
)
+
# Wait for the agent to be up
self.waitForSystemVMAgent(ssvm_response.name)
# Call above tests to ensure SSVM is properly running
self.test_01_list_sec_storage_vm()
- # Wait for some time before running diagnostic scripts on SSVM
- # as it may take some time to start all service properly
- time.sleep(int(self.services["configurableData"]["systemVmDelay"]))
-
self.test_03_ssvm_internals()
- return
@attr(
tags=[
@@ -798,23 +780,7 @@ class TestSSVMs(cloudstackTestCase):
cmd.id = cpvm.id
self.apiclient.stopSystemVm(cmd)
- timeout = 120
- while True:
- list_cpvm_response = list_ssvms(
- self.apiclient,
- id=cpvm.id
- )
- if isinstance(list_cpvm_response, list):
- if list_cpvm_response[0].state == 'Running':
- break
- if timeout == 0:
- raise Exception("List CPVM call failed!")
-
- time.sleep(1)
- timeout = timeout - 1
-
- cpvm_response = list_cpvm_response[0]
-
+ cpvm_response = self.checkForRunningSystemVM(cpvm)
self.debug("CPVM state after debug: %s" % cpvm_response.state)
self.assertEqual(
@@ -829,12 +795,7 @@ class TestSSVMs(cloudstackTestCase):
# Call above tests to ensure CPVM is properly running
self.test_02_list_cpvm_vm()
- # Wait for some time before running diagnostic scripts on SSVM
- # as it may take some time to start all service properly
- time.sleep(int(self.services["configurableData"]["systemVmDelay"]))
-
self.test_04_cpvm_internals()
- return
@attr(
tags=[
@@ -887,22 +848,7 @@ class TestSSVMs(cloudstackTestCase):
cmd.id = ssvm_response.id
self.apiclient.rebootSystemVm(cmd)
- timeout = self.services["timeout"]
- while True:
- list_ssvm_response = list_ssvms(
- self.apiclient,
- id=ssvm_response.id
- )
- if isinstance(list_ssvm_response, list):
- if list_ssvm_response[0].state == 'Running':
- break
- if timeout == 0:
- raise Exception("List SSVM call failed!")
-
- time.sleep(self.services["sleep"])
- timeout = timeout - 1
-
- ssvm_response = list_ssvm_response[0]
+ ssvm_response = self.checkForRunningSystemVM(ssvm_response)
self.debug("SSVM State: %s" % ssvm_response.state)
self.assertEqual(
'Running',
@@ -921,13 +867,8 @@ class TestSSVMs(cloudstackTestCase):
# Wait for the agent to be up
self.waitForSystemVMAgent(ssvm_response.name)
- # Wait for some time before running diagnostic scripts on SSVM
- # as it may take some time to start all service properly
- time.sleep(int(self.services["configurableData"]["systemVmDelay"]))
-
# Call to verify cloud process is running
self.test_03_ssvm_internals()
- return
@attr(
tags=[
@@ -979,23 +920,7 @@ class TestSSVMs(cloudstackTestCase):
cmd.id = cpvm_response.id
self.apiclient.rebootSystemVm(cmd)
- timeout = self.services["timeout"]
- while True:
- list_cpvm_response = list_ssvms(
- self.apiclient,
- id=cpvm_response.id
- )
- if isinstance(list_cpvm_response, list):
- if list_cpvm_response[0].state == 'Running':
- break
- if timeout == 0:
- raise Exception("List CPVM call failed!")
-
- time.sleep(self.services["sleep"])
- timeout = timeout - 1
-
- cpvm_response = list_cpvm_response[0]
-
+ cpvm_response = self.checkForRunningSystemVM(cpvm_response)
self.debug("CPVM state: %s" % cpvm_response.state)
self.assertEqual(
'Running',
@@ -1010,17 +935,12 @@ class TestSSVMs(cloudstackTestCase):
)
# Private IP Address of System VMs are allowed to change after reboot - CLOUDSTACK-7745
-
+
# Wait for the agent to be up
self.waitForSystemVMAgent(cpvm_response.name)
- # Wait for some time before running diagnostic scripts on SSVM
- # as it may take some time to start all service properly
- time.sleep(int(self.services["configurableData"]["systemVmDelay"]))
-
# Call to verify cloud process is running
self.test_04_cpvm_internals()
- return
@attr(
tags=[
@@ -1061,23 +981,7 @@ class TestSSVMs(cloudstackTestCase):
cmd.id = ssvm_response.id
self.apiclient.destroySystemVm(cmd)
- timeout = self.services["timeout"]
- while True:
- list_ssvm_response = list_ssvms(
- self.apiclient,
- zoneid=self.zone.id,
- systemvmtype='secondarystoragevm'
- )
- if isinstance(list_ssvm_response, list):
- if list_ssvm_response[0].state == 'Running':
- break
- if timeout == 0:
- raise Exception("List SSVM call failed!")
-
- time.sleep(self.services["sleep"])
- timeout = timeout - 1
-
- ssvm_response = list_ssvm_response[0]
+ ssvm_response = self.checkForRunningSystemVM(ssvm_response, 'secondarystoragevm')
# Verify Name, Public IP, Private IP and Link local IP
# for newly created SSVM
@@ -1107,13 +1011,8 @@ class TestSSVMs(cloudstackTestCase):
# Wait for the agent to be up
self.waitForSystemVMAgent(ssvm_response.name)
- # Wait for some time before running diagnostic scripts on SSVM
- # as it may take some time to start all service properly
- time.sleep(int(self.services["configurableData"]["systemVmDelay"]))
-
# Call to verify cloud process is running
self.test_03_ssvm_internals()
- return
@attr(
tags=[
@@ -1153,23 +1052,7 @@ class TestSSVMs(cloudstackTestCase):
cmd.id = cpvm_response.id
self.apiclient.destroySystemVm(cmd)
- timeout = self.services["timeout"]
- while True:
- list_cpvm_response = list_ssvms(
- self.apiclient,
- systemvmtype='consoleproxy',
- zoneid=self.zone.id
- )
- if isinstance(list_cpvm_response, list):
- if list_cpvm_response[0].state == 'Running':
- break
- if timeout == 0:
- raise Exception("List CPVM call failed!")
-
- time.sleep(self.services["sleep"])
- timeout = timeout - 1
-
- cpvm_response = list_cpvm_response[0]
+ cpvm_response = self.checkForRunningSystemVM(cpvm_response, 'consoleproxy')
# Verify Name, Public IP, Private IP and Link local IP
# for newly created CPVM
@@ -1199,13 +1082,8 @@ class TestSSVMs(cloudstackTestCase):
# Wait for the agent to be up
self.waitForSystemVMAgent(cpvm_response.name)
- # Wait for some time before running diagnostic scripts on SSVM
- # as it may take some time to start all service properly
- time.sleep(int(self.services["configurableData"]["systemVmDelay"]))
-
# Call to verify cloud process is running
self.test_04_cpvm_internals()
- return
@attr(
tags=[
@@ -1300,22 +1178,7 @@ class TestSSVMs(cloudstackTestCase):
cmd.id = ssvm.id
self.apiclient.stopSystemVm(cmd)
- def checkForRunningSSVM():
- new_list_ssvm_response = list_ssvms(
- self.apiclient,
- id=ssvm.id
- )
- if isinstance(new_list_ssvm_response, list):
- return new_list_ssvm_response[0].state == 'Running', None
-
- res, _ = wait_until(self.services["sleep"], self.services["timeout"], checkForRunningSSVM)
- if not res:
- self.fail("List SSVM call failed!")
-
- new_list_ssvm_response = list_ssvms(
- self.apiclient,
- id=ssvm.id
- )
+ new_list_ssvm_response = self.checkForRunningSystemVM(ssvm)
self.assertNotEqual(
new_list_ssvm_response,
@@ -1363,5 +1226,3 @@ class TestSSVMs(cloudstackTestCase):
int(nfs_version),
"Check mounted NFS version to be the same as provided"
)
-
- return
diff --git a/tools/appliance/definitions/systemvmtemplate/authorized_keys.sh b/tools/appliance/definitions/systemvmtemplate/authorized_keys.sh
index d185723..721e04d 100644
--- a/tools/appliance/definitions/systemvmtemplate/authorized_keys.sh
+++ b/tools/appliance/definitions/systemvmtemplate/authorized_keys.sh
@@ -16,15 +16,10 @@
# specific language governing permissions and limitations
# under the License.
-# override this file during build to inject /root/.ssh/authorized_keys
-
set -e
set -x
-# the key that we have in ../patches/debian/config/root/.ssh/authorized_keys for some reason
-key='ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvFu3MLSPphFRBR1yM7nBukXWS9gPdAXfqq9cfC8ZqQN9ybi531aj44CybZ4BVT4kLfzbAs7+7nJeSIpPHxjv9XFqbxjIxoFeGYkj7s0RrJgtsEmvAAubZ3mYboUAYUivMgnJFLnv4VqyAbpjix6CfECUiU4ygwo24F3F6bAmhl4Vo1R5TSUdDIX876YePJTFtuVkLl4lu/+xw1QRWrgaSFosGICT37IKY7RjE79Ozb0GjNHyJPPgVAGkUVO4LawroL9dYOBlzdHpmqqA9Kc44oQBpvcU7s1+ezRTt7fZNnP7TG9ninZtrvnP4qmwAc4iUJ7N1bwh0mCblnoTfZ28hw== anthony@mobl-ant'
mkdir -p /root/.ssh
chmod 644 /root/.ssh
-#touch /root/.ssh/authorized_keys
-echo ${key} > /root/.ssh/authorized_keys
+touch /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
diff --git a/tools/appliance/definitions/systemvmtemplate/cleanup.sh b/tools/appliance/definitions/systemvmtemplate/cleanup.sh
index 67d6c23..444cc94 100644
--- a/tools/appliance/definitions/systemvmtemplate/cleanup.sh
+++ b/tools/appliance/definitions/systemvmtemplate/cleanup.sh
@@ -20,7 +20,7 @@ set -e
set -x
function cleanup_apt() {
- apt-get -y remove dictionaries-common busybox
+ apt-get -y remove dictionaries-common busybox isc-dhcp-client isc-dhcp-common
apt-get -y autoremove
apt-get autoclean
apt-get clean
@@ -39,10 +39,21 @@ function cleanup_dev() {
rm -f /lib/udev/rules.d/75-persistent-net-generator.rules
}
+function cleanup_misc() {
+ rm -fr /home/cloud/cloud_scripts*
+ rm -f /root/.rnd
+ rm -f /var/www/html/index.html
+ rm -f /var/log/*.log
+ rm -f /var/log/apache2/*
+ rm -f /var/log/messages
+ rm -f /var/log/syslog
+}
+
function cleanup() {
cleanup_apt
cleanup_dhcp
cleanup_dev
+ cleanup_misc
}
return 2>/dev/null || cleanup
diff --git a/tools/appliance/definitions/systemvmtemplate/configure_conntrack.sh b/tools/appliance/definitions/systemvmtemplate/configure_conntrack.sh
index c898afc..7202717 100644
--- a/tools/appliance/definitions/systemvmtemplate/configure_conntrack.sh
+++ b/tools/appliance/definitions/systemvmtemplate/configure_conntrack.sh
@@ -38,6 +38,9 @@ nf_conntrack_ipv4
nf_conntrack_ipv6
nf_conntrack
nf_conntrack_ftp
+nf_conntrack_pptp
+nf_conntrack_proto_gre
+nf_nat_tftp
nf_nat_ftp
EOF
}
diff --git a/tools/appliance/definitions/systemvmtemplate/configure_grub.sh b/tools/appliance/definitions/systemvmtemplate/configure_grub.sh
index ec40b7c..eb2692e 100644
--- a/tools/appliance/definitions/systemvmtemplate/configure_grub.sh
+++ b/tools/appliance/definitions/systemvmtemplate/configure_grub.sh
@@ -19,19 +19,17 @@
set -e
set -x
-# Remove 5s grub timeout to speed up booting
function configure_grub() {
- grep GRUB_TIMEOUT=0 /etc/default/grub && return
-
cat <<EOF > /etc/default/grub
# If you change this file, run 'update-grub' afterwards to update
# /boot/grub/grub.cfg.
GRUB_DEFAULT=0
GRUB_TIMEOUT=0
-GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
+GRUB_DISTRIBUTOR=Debian
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
-GRUB_CMDLINE_LINUX="console=tty1 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 debian-installer=en_US"
+GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8 console=hvc0 earlyprintk=xen net.ifnames=0 biosdevname=0 debian-installer=en_US"
+GRUB_CMDLINE_XEN="com1=115200 console=com1"
GRUB_TERMINAL="console serial"
GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
diff --git a/tools/appliance/definitions/systemvmtemplate/configure_login.sh b/tools/appliance/definitions/systemvmtemplate/configure_login.sh
index 1735b81..d5f80b1 100644
--- a/tools/appliance/definitions/systemvmtemplate/configure_login.sh
+++ b/tools/appliance/definitions/systemvmtemplate/configure_login.sh
@@ -73,6 +73,7 @@ function configure_login() {
configure_sudoers
configure_user
rm -fv /home/cloud/configure_login.sh
+ sync
halt -p
}
diff --git a/tools/appliance/definitions/systemvmtemplate/configure_networking.sh b/tools/appliance/definitions/systemvmtemplate/configure_networking.sh
index 2ebd3a2..ab68cdf 100644
--- a/tools/appliance/definitions/systemvmtemplate/configure_networking.sh
+++ b/tools/appliance/definitions/systemvmtemplate/configure_networking.sh
@@ -56,7 +56,6 @@ iface lo inet loopback
# The primary network interface
auto eth0
iface eth0 inet dhcp
-pre-up sleep 2
EOF
}
diff --git a/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh b/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh
index 1386465..791f2ea 100644
--- a/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh
+++ b/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh
@@ -36,14 +36,19 @@ function install_cloud_scripts() {
rsync -av ./cloud_scripts/ /
chmod +x /opt/cloud/bin/* \
/root/{clearUsageRules.sh,reconfigLB.sh,monitorServices.py} \
- /etc/init.d/{cloud-early-config,cloud-passwd-srvr,postinit} \
+ /etc/init.d/{cloud-early-config,cloud-passwd-srvr} \
/etc/profile.d/cloud.sh
cat > /etc/systemd/system/cloud-early-config.service << EOF
[Unit]
-Description=cloud-early-config: configure according to cmdline
+Description=cloud-early-config: configures systemvm using cmdline
DefaultDependencies=no
-After=local-fs.target apparmor.service systemd-sysctl.service systemd-modules-load.service
+
+Before=network-pre.target
+Wants=network-pre.target
+
+Requires=local-fs.target
+After=local-fs.target
[Install]
WantedBy=multi-user.target
@@ -85,30 +90,14 @@ WantedBy=multi-user.target
Type=forking
ExecStart=/etc/init.d/cloud-passwd-srvr start
ExecStop=/etc/init.d/cloud-passwd-srvr stop
-RemainAfterExit=true
-TimeoutStartSec=5min
-EOF
-
- cat > /etc/systemd/system/postinit.service << EOF
-[Unit]
-Description=cloud post-init service
-After=cloud-early-config.service network.target local-fs.target
-
-[Install]
-WantedBy=multi-user.target
-
-[Service]
-Type=forking
-ExecStart=/etc/init.d/postinit start
-ExecStop=/etc/init.d/postinit stop
-RemainAfterExit=true
-TimeoutStartSec=5min
+Restart=always
+RestartSec=5
EOF
systemctl daemon-reload
systemctl enable cloud-early-config
- systemctl disable cloud-passwd-srvr
systemctl disable cloud
+ systemctl disable cloud-passwd-srvr
}
function do_signature() {
@@ -130,6 +119,9 @@ function configure_services() {
mkdir -p /usr/share/cloud
mkdir -p /usr/local/cloud
+ # Fix dnsmasq directory issue
+ mkdir -p /opt/tftpboot
+
# Fix haproxy directory issue
mkdir -p /var/lib/haproxy
@@ -137,21 +129,21 @@ function configure_services() {
do_signature
systemctl daemon-reload
- systemctl disable xl2tpd
+ systemctl disable apt-daily.service
+ systemctl disable apt-daily.timer
+ systemctl disable apt-daily-upgrade.timer
# Disable services that slow down boot and are not used anyway
- systemctl disable x11-common
- systemctl disable console-setup
- systemctl disable haproxy
systemctl disable apache2
+ systemctl disable conntrackd
+ systemctl disable console-setup
systemctl disable dnsmasq
-
- # Hyperv kvp daemon - 64bit only
- local arch=`dpkg --print-architecture`
- if [ "${arch}" == "amd64" ]; then
- systemctl disable hv_kvp_daemon
- fi
+ systemctl disable haproxy
+ systemctl disable keepalived
systemctl disable radvd
+ systemctl disable strongswan
+ systemctl disable x11-common
+ systemctl disable xl2tpd
configure_apache2
configure_strongswan
diff --git a/tools/appliance/definitions/systemvmtemplate/definition.rb b/tools/appliance/definitions/systemvmtemplate/definition.rb
index cea7bd2..33c8e8b 100644
--- a/tools/appliance/definitions/systemvmtemplate/definition.rb
+++ b/tools/appliance/definitions/systemvmtemplate/definition.rb
@@ -27,9 +27,9 @@ arch = 'amd64'
architectures = {
:amd64 => {
:os_type_id => 'Debian_64',
- :iso_file => 'debian-9.1.0-amd64-netinst.iso',
- :iso_src => 'https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.1.0-amd64-netinst.iso',
- :iso_md5 => 'ddd8f6542dae8baf410e90b9ae0fe986'
+ :iso_file => 'debian-9.2.1-amd64-netinst.iso',
+ :iso_src => 'https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.2.1-amd64-netinst.iso',
+ :iso_sha512 => 'ebfe25dc593967e39349b205480b0ec0103ef4a0468c602f4857e13d06d407bfe876162399e0e8d4dea5675953dc37ab585316f307ccf9f4440124b4f719df04'
}
}
diff --git a/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh b/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh
index 227f533..2cceb98 100644
--- a/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh
+++ b/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh
@@ -22,7 +22,7 @@ set -x
function install_vhd_util() {
[[ -f /bin/vhd-util ]] && return
- wget --no-check-certificate http://download.cloudstack.org/tools/vhd-util -O /bin/vhd-util
+ wget --no-check-certificate https://github.com/rhtyd/cloudstack-nonoss/raw/master/vhd-util -O /bin/vhd-util
chmod a+x /bin/vhd-util
}
@@ -52,12 +52,12 @@ function install_packages() {
${apt_get} install links:i386 libuuid1:i386 libc6:i386
fi
- ${apt_get} install \
- rsyslog logrotate cron insserv net-tools ifupdown vim netbase iptables \
- openssh-server e2fsprogs isc-dhcp-client tcpdump socat wget \
+ ${apt_get} install grub-legacy \
+ rsyslog logrotate cron net-tools ifupdown vim tmux netbase iptables \
+ openssh-server e2fsprogs tcpdump socat wget \
python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps \
inetutils-ping iputils-arping httping curl \
- dnsutils zip unzip ethtool uuid file iproute acpid virt-what sudo \
+ dnsutils zip unzip ethtool uuid file iproute acpid sudo \
sysstat python-netaddr \
apache2 ssl-cert \
dnsmasq dnsmasq-utils \
@@ -65,7 +65,9 @@ function install_packages() {
samba-common cifs-utils \
xl2tpd bcrelay ppp ipsec-tools tdb-tools \
xenstore-utils libxenstore3.0 \
- conntrackd ipvsadm libnetfilter-conntrack3 libnl-3-200 libnl-genl-3-200 \
+ ipvsadm conntrackd libnetfilter-conntrack3 \
+ keepalived irqbalance \
+ libnl-3-200 libnl-genl-3-200 \
ipcalc \
openjdk-8-jre-headless \
ipset \
@@ -75,22 +77,19 @@ function install_packages() {
haproxy \
radvd \
sharutils \
- keepalived irqbalance open-vm-tools qemu-guest-agent \
- strongswan libcharon-extra-plugins libstrongswan-extra-plugins
+ strongswan libcharon-extra-plugins libstrongswan-extra-plugins \
+ virt-what open-vm-tools qemu-guest-agent hyperv-daemons
+
+ # Install xenserver guest utilities as debian repos don't have it
+ wget https://mirrors.kernel.org/ubuntu/pool/universe/x/xe-guest-utilities/xe-guest-utilities_7.4.0-0ubuntu1_amd64.deb
+ dpkg -i xe-guest-utilities_7.4.0-0ubuntu1_amd64.deb
+ rm -f xe-guest-utilities_7.4.0-0ubuntu1_amd64.deb
apt-get autoclean
apt-get clean
apt-get update
apt-get -y upgrade
-
- if [ "${arch}" == "amd64" ]; then
- # Hyperv kvp daemon - 64bit only
- # Download the hv kvp daemon
- wget http://people.apache.org/~rajeshbattala/hv-kvp-daemon_3.1_amd64.deb
- dpkg -i hv-kvp-daemon_3.1_amd64.deb
- rm -f hv-kvp-daemon_3.1_amd64.deb
- fi
}
return 2>/dev/null || install_packages
diff --git a/tools/appliance/definitions/systemvmtemplate/preseed.cfg b/tools/appliance/definitions/systemvmtemplate/preseed.cfg
index 6d56b76..99bd6eb 100644
--- a/tools/appliance/definitions/systemvmtemplate/preseed.cfg
+++ b/tools/appliance/definitions/systemvmtemplate/preseed.cfg
@@ -57,10 +57,10 @@ d-i partman-auto/method string regular
d-i partman-auto/choose_recipe select atomic
d-i partman-auto/expert_recipe string \
boot-root :: \
- 80 50 100 ext4 \
+ 80 50 100 ext2 \
$primary{ } $bootable{ } \
method{ format } format{ } \
- use_filesystem{ } filesystem{ ext4 } \
+ use_filesystem{ } filesystem{ ext2 } \
mountpoint{ /boot } \
. \
1500 40 1600 ext4 \
diff --git a/tools/appliance/definitions/systemvmtemplate/zerodisk.sh b/tools/appliance/definitions/systemvmtemplate/zerodisk.sh
index 7adea8a..d002316 100644
--- a/tools/appliance/definitions/systemvmtemplate/zerodisk.sh
+++ b/tools/appliance/definitions/systemvmtemplate/zerodisk.sh
@@ -39,6 +39,11 @@ function zero_disk() {
sync
rm -f ${path}/zero
done
+
+ for partition in $(blkid -o list | grep ext | awk '{print $1}')
+ do
+ tune2fs -m0 $partition
+ done
}
return 2>/dev/null || zero_disk
diff --git a/utils/src/main/java/com/cloud/utils/ReflectUtil.java b/utils/src/main/java/com/cloud/utils/ReflectUtil.java
index c8ae954..1d31093 100644
--- a/utils/src/main/java/com/cloud/utils/ReflectUtil.java
+++ b/utils/src/main/java/com/cloud/utils/ReflectUtil.java
@@ -29,6 +29,8 @@ import java.beans.PropertyDescriptor;
import java.lang.annotation.Annotation;
import java.lang.reflect.Field;
import java.lang.reflect.InvocationTargetException;
+import java.net.URL;
+import java.net.URLClassLoader;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashSet;
@@ -210,4 +212,23 @@ public class ReflectUtil {
}
}
+ /**
+ * Finds and returns class loader based on the provided module/jar name
+ * @param name
+ * @return returns ClassLoader
+ */
+ public static ClassLoader getClassLoaderForName(final String name) {
+ final URL[] urls = ((URLClassLoader) (Thread.currentThread().getContextClassLoader())).getURLs();
+ final List<URL> searchUrls = new ArrayList<>();
+ for (final URL url: urls) {
+ if (url.toString().contains(name)) {
+ if (s_logger.isDebugEnabled()) {
+ s_logger.debug("Search URL: " + url.toString());
+ }
+ searchUrls.add(url);
+ }
+ }
+ return new URLClassLoader(searchUrls.toArray(new URL[searchUrls.size()]));
+ }
+
}
diff --git a/utils/src/main/java/com/cloud/utils/nio/Link.java b/utils/src/main/java/com/cloud/utils/nio/Link.java
index 7848d53..8f1b811 100644
--- a/utils/src/main/java/com/cloud/utils/nio/Link.java
+++ b/utils/src/main/java/com/cloud/utils/nio/Link.java
@@ -503,7 +503,7 @@ public class Link {
s_logger.error(String.format("SSL error caught during unwrap data: %s, for local address=%s, remote address=%s. The client may have invalid ca-certificates.",
sslException.getMessage(), socketChannel.getLocalAddress(), socketChannel.getRemoteAddress()));
sslEngine.closeOutbound();
- return true;
+ return false;
}
switch (result.getStatus()) {
case OK:
@@ -545,7 +545,7 @@ public class Link {
s_logger.error(String.format("SSL error caught during wrap data: %s, for local address=%s, remote address=%s.",
sslException.getMessage(), socketChannel.getLocalAddress(), socketChannel.getRemoteAddress()));
sslEngine.closeOutbound();
- return true;
+ return false;
}
switch (result.getStatus()) {
case OK :
--
To stop receiving notification emails like this one, please contact
"commits@cloudstack.apache.org" <co...@cloudstack.apache.org>.