You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ro...@apache.org on 2017/12/08 19:14:53 UTC
[cloudstack] 01/12: CLOUDSTACK-10013: Migrate systemvmtemplate to
Debian9
This is an automated email from the ASF dual-hosted git repository.
rohit pushed a commit to branch debian9-systemvmtemplate
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
commit 6edce0ff5137c2dd3cde259966123fe7ad607f7e
Author: Rohit Yadav <ro...@shapeblue.com>
AuthorDate: Sun Jul 23 18:01:35 2017 +0200
CLOUDSTACK-10013: Migrate systemvmtemplate to Debian9
SystemVM changes to work on Debian 9
- Migrate away from chkconfig to systemctl
- Remove xenstore-utils override deb pkg
- Fix runlevel in sysv scripts for systemd
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
---
systemvm/patches/debian/buildsystemvm.sh | 577 ---------------------
systemvm/patches/debian/config/etc/init.d/cloud | 10 +-
.../debian/config/etc/init.d/cloud-early-config | 23 +-
.../debian/config/etc/init.d/cloud-passwd-srvr | 10 +-
systemvm/patches/debian/config/etc/init.d/postinit | 6 +-
systemvm/patches/debian/config/etc/rc.local | 2 +-
systemvm/patches/debian/config/etc/ssh/sshd_config | 1 -
.../debian/config/opt/cloud/bin/patchsystemvm.sh | 128 ++---
tools/appliance/build.sh | 2 +-
.../definitions/systemvmtemplate/apt_upgrade.sh | 9 +-
.../systemvmtemplate/authorized_keys.sh | 1 +
.../definitions/systemvmtemplate/build_time.sh | 26 -
.../definitions/systemvmtemplate/cleanup.sh | 1 -
.../definitions/systemvmtemplate/configure_grub.sh | 6 +-
.../systemvmtemplate/configure_login.sh | 15 +-
.../systemvmtemplate/configure_networking.sh | 25 +-
.../configure_systemvm_services.sh | 94 +++-
.../definitions/systemvmtemplate/definition.rb | 36 +-
.../systemvmtemplate/install_systemvm_packages.sh | 32 +-
.../definitions/systemvmtemplate/preseed.cfg | 69 ++-
.../definitions/systemvmtemplate/zerodisk.sh | 9 +-
21 files changed, 267 insertions(+), 815 deletions(-)
diff --git a/systemvm/patches/debian/buildsystemvm.sh b/systemvm/patches/debian/buildsystemvm.sh
deleted file mode 100755
index a34b1dd..0000000
--- a/systemvm/patches/debian/buildsystemvm.sh
+++ /dev/null
@@ -1,577 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-echo "####################################################"
-echo " Note there is a new systemvm build script based on "
-echo " Veewee(Vagrant) under tools/appliance."
-echo "####################################################"
-
-set -e
-set -x
-
-IMAGENAME=systemvm
-LOCATION=/var/lib/images/systemvm
-PASSWORD=password
-#APT_PROXY=192.168.1.115:3142/
-APT_PROXY=
-HOSTNAME=systemvm
-SIZE=2000
-DEBIAN_MIRROR=ftp.us.debian.org/debian
-MINIMIZE=true
-CLOUDSTACK_RELEASE=4.0
-offset=4096
-baseimage() {
- mkdir -p $LOCATION
- #dd if=/dev/zero of=$IMAGELOC bs=1M count=$SIZE
- dd if=/dev/zero of=$IMAGELOC bs=1M seek=$((SIZE - 1)) count=1
- loopdev=$(losetup -f)
- losetup $loopdev $IMAGELOC
- parted $loopdev -s 'mklabel msdos'
- parted $loopdev -s 'mkpart primary ext3 4096B -1'
- sleep 2
- losetup -d $loopdev
- loopdev=$(losetup --show -o $offset -f $IMAGELOC )
- mkfs.ext3 -L ROOT $loopdev
- mkdir -p $MOUNTPOINT
- tune2fs -c 100 -i 0 $loopdev
- sleep 2
- losetup -d $loopdev
-
- mount -o loop,offset=$offset $IMAGELOC $MOUNTPOINT
-
- #debootstrap --variant=minbase --keyring=/usr/share/keyrings/debian-archive-keyring.gpg wheezy $MOUNTPOINT http://${APT_PROXY}${DEBIAN_MIRROR}
- debootstrap --variant=minbase --arch=i386 wheezy $MOUNTPOINT http://${APT_PROXY}${DEBIAN_MIRROR}
-}
-
-
-fixapt() {
- if [ "$APT_PROXY" != "" ]; then
- cat >> etc/apt/apt.conf.d/01proxy << EOF
-Acquire::http::Proxy "http://${APT_PROXY}";
-EOF
- fi
-
- cat > etc/apt/sources.list << EOF
-deb http://http.debian.net/debian/ wheezy main contrib non-free
-deb-src http://http.debian.net/debian/ wheezy main contrib non-free
-
-deb http://security.debian.org/ wheezy/updates main
-deb-src http://security.debian.org/ wheezy/updates main
-
-deb http://http.debian.net/debian/ wheezy-backports main
-deb-src http://http.debian.net/debian/ wheezy-backports main
-EOF
-
- cat >> etc/apt/apt.conf << EOF
-APT::Default-Release "stable";
-EOF
-
- cat >> etc/apt/preferences << EOF
-Package: *
-Pin: release o=Debian,a=stable
-Pin-Priority: 900
-EOF
-
- #apt-key exportall | chroot . apt-key add - &&
- chroot . apt-get update &&
- echo "Apt::Install-Recommends 0;" > etc/apt/apt.conf.d/local-recommends
-
- cat >> usr/sbin/policy-rc.d << EOF
-#!/bin/sh
-exit 101
-EOF
- chmod a+x usr/sbin/policy-rc.d
-
- cat >> etc/default/locale << EOF
-LANG=en_US.UTF-8
-LC_ALL=en_US.UTF-8
-EOF
-
- cat >> etc/locale.gen << EOF
-en_US.UTF-8 UTF-8
-EOF
-
- DEBIAN_FRONTEND=noninteractive
- DEBIAN_PRIORITY=critical
- export DEBIAN_FRONTEND DEBIAN_PRIORITY
- chroot . dpkg-reconfigure debconf --frontend=noninteractive
- chroot . apt-get -q -y install locales
-}
-
-network() {
-
- echo "$HOSTNAME" > etc/hostname &&
- cat > etc/hosts << EOF
-127.0.0.1 localhost
-# The following lines are desirable for IPv6 capable hosts
-::1 localhost ip6-localhost ip6-loopback
-fe00::0 ip6-localnet
-ff00::0 ip6-mcastprefix
-ff02::1 ip6-allnodes
-ff02::2 ip6-allrouters
-ff02::3 ip6-allhosts
-EOF
-
- cat >> etc/network/interfaces << EOF
-auto lo eth0
-iface lo inet loopback
-
-# The primary network interface
-iface eth0 inet static
-
-EOF
-}
-
-install_kernel() {
- DEBIAN_FRONTEND=noninteractive
- DEBIAN_PRIORITY=critical
- export DEBIAN_FRONTEND DEBIAN_PRIORITY
-
- chroot . apt-get -qq -y --force-yes install grub-legacy &&
- cp -av usr/lib/grub/i386-pc boot/grub
- #for some reason apt-get install grub does not install grub/stage1 etc
- #loopd=$(losetup -f --show $1)
- #grub-install $loopd --root-directory=$MOUNTPOINT
- #losetup -d $loopd
- grub << EOF &&
-device (hd0) $1
-root (hd0,0)
-setup (hd0)
-quit
-EOF
- # install a kernel image
- cat > etc/kernel-img.conf << EOF &&
-do_symlinks = yes
-link_in_boot = yes
-do_initrd = yes
-EOF
- touch /mnt/systemvm/boot/grub/default
- chroot . apt-get install -qq -y --force-yes linux-image-686-bigmem
- cat >> etc/kernel-img.conf << EOF
-postinst_hook = /usr/sbin/update-grub
-postrm_hook = /usr/sbin/update-grub
-EOF
-}
-
-
-fixgrub() {
- kern=$(basename $(ls boot/vmlinuz-*))
- ver=${kern#vmlinuz-}
- cat > boot/grub/menu.lst << EOF
-default 0
-timeout 2
-color cyan/blue white/blue
-
-### BEGIN AUTOMAGIC KERNELS LIST
-# kopt=root=LABEL=ROOT ro
-
-## ## End Default Options ##
-title Debian GNU/Linux, kernel $ver
-root (hd0,0)
-kernel /boot/$kern root=LABEL=ROOT ro console=tty0 xencons=ttyS0,115200 console=hvc0 quiet
-initrd /boot/initrd.img-$ver
-
-### END DEBIAN AUTOMAGIC KERNELS LIST
-EOF
- (cd boot/grub; ln -s menu.lst grub.conf)
-}
-
-fixinittab() {
- cat >> etc/inittab << EOF
-
-vc:2345:respawn:/sbin/getty 38400 hvc0
-EOF
-}
-
-fixfstab() {
- cat > etc/fstab << EOF
-# <file system> <mount point> <type> <options> <dump> <pass>
-proc /proc proc defaults 0 0
-LABEL=ROOT / ext3 errors=remount-ro,sync,noatime 0 1
-EOF
-}
-
-fixacpid() {
- mkdir -p etc/acpi/events
- cat >> etc/acpi/events/power << EOF
-event=button/power.*
-action=/usr/local/sbin/power.sh "%e"
-EOF
- cat >> usr/local/sbin/power.sh << EOF
-#!/bin/bash
-/sbin/poweroff
-EOF
- chmod a+x usr/local/sbin/power.sh
-}
-
-fixiptables() {
-cat >> etc/modules << EOF
-nf_conntrack
-nf_conntrack_ipv4
-EOF
-cat > etc/init.d/iptables-persistent << EOF
-#!/bin/sh
-### BEGIN INIT INFO
-# Provides: iptables
-# Required-Start: mountkernfs $local_fs
-# Required-Stop: $local_fs
-# Should-Start: cloud-early-config
-# Default-Start: S
-# Default-Stop:
-# Short-Description: Set up iptables rules
-### END INIT INFO
-
-PATH="/sbin:/bin:/usr/sbin:/usr/bin"
-
-# Include config file for iptables-persistent
-. /etc/iptables/iptables.conf
-
-case "\$1" in
-start)
- if [ -e /var/run/iptables ]; then
- echo "iptables is already started!"
- exit 1
- else
- touch /var/run/iptables
- fi
-
- if [ \$ENABLE_ROUTING -ne 0 ]; then
- # Enable Routing
- echo 1 > /proc/sys/net/ipv4/ip_forward
- fi
-
- # Load Modules
- modprobe -a \$MODULES
-
- # Load saved rules
- if [ -f /etc/iptables/rules ]; then
- iptables-restore </etc/iptables/rules
- fi
- ;;
-stop|force-stop)
- if [ ! -e /var/run/iptables ]; then
- echo "iptables is already stopped!"
- exit 1
- else
- rm /var/run/iptables
- fi
-
- if [ \$SAVE_NEW_RULES -ne 0 ]; then
- # Backup old rules
- cp /etc/iptables/rules /etc/iptables/rules.bak
- # Save new rules
- iptables-save >/etc/iptables/rules
- fi
-
- # Restore Default Policies
- iptables -P INPUT ACCEPT
- iptables -P FORWARD ACCEPT
- iptables -P OUTPUT ACCEPT
-
- # Flush rules on default tables
- iptables -F
- iptables -t nat -F
- iptables -t mangle -F
-
- # Unload previously loaded modules
- modprobe -r \$MODULES
-
- # Disable Routing if enabled
- if [ \$ENABLE_ROUTING -ne 0 ]; then
- # Disable Routing
- echo 0 > /proc/sys/net/ipv4/ip_forward
- fi
-
- ;;
-restart|force-reload)
- \$0 stop
- \$0 start
- ;;
-status)
- echo "Filter Rules:"
- echo "--------------"
- iptables -L -v
- echo ""
- echo "NAT Rules:"
- echo "-------------"
- iptables -t nat -L -v
- echo ""
- echo "Mangle Rules:"
- echo "----------------"
- iptables -t mangle -L -v
- ;;
-*)
- echo "Usage: \$0 {start|stop|force-stop|restart|force-reload|status}" >&2
- exit 1
- ;;
-esac
-
-exit 0
-EOF
- chmod a+x etc/init.d/iptables-persistent
-
-
- touch etc/iptables/iptables.conf
- cat > etc/iptables/iptables.conf << EOF
-# A basic config file for the /etc/init.d/iptable-persistent script
-
-# Should new manually added rules from command line be saved on reboot? Assign to a value different that 0 if you want this enabled.
-SAVE_NEW_RULES=0
-
-# Modules to load:
-MODULES="nf_nat_ftp nf_conntrack_ftp"
-
-# Enable Routing?
-ENABLE_ROUTING=1
-EOF
- chmod a+x etc/iptables/iptables.conf
-
-}
-
-vpn_config() {
- cp -r ${scriptdir}/vpn/* ./
-}
-
-#
-# IMPORTANT REMARK
-# Package intallation is no longer done via this script. We are not removing the code yet, but we want to
-# make sure that everybody willing to install/update packages should refer to the file:
-# ==> cloud-tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh
-#
-packages() {
- DEBIAN_FRONTEND=noninteractive
- DEBIAN_PRIORITY=critical
- DEBCONF_DB_OVERRIDE=’File{/root/config.dat}’
- export DEBIAN_FRONTEND DEBIAN_PRIORITY DEBCONF_DB_OVERRIDE
-
- #basic stuff
- chroot . apt-get --no-install-recommends -q -y --force-yes install rsyslog logrotate cron chkconfig insserv net-tools ifupdown vim-tiny netbase iptables openssh-server grub-legacy e2fsprogs dhcp3-client dnsmasq tcpdump socat wget python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps monit inetutils-ping iputils-arping httping dnsutils zip unzip ethtool uuid file iproute acpid iptables-persistent virt-what sudo
- #fix hostname in openssh-server generated keys
- sed -i "s/root@\(.*\)$/root@systemvm/g" etc/ssh/ssh_host_*.pub
-
- #sysstat
- chroot . echo 'sysstat sysstat/enable boolean true' | chroot . debconf-set-selections
- chroot . apt-get --no-install-recommends -q -y --force-yes install sysstat
- #apache
- chroot . apt-get --no-install-recommends -q -y --force-yes install apache2 ssl-cert
- #haproxy
- chroot . apt-get --no-install-recommends -q -y --force-yes install haproxy
- #dnsmasq
- chroot . apt-get --no-install-recommends -q -y --force-yes install dnsmasq
- #nfs client
- chroot . apt-get --no-install-recommends -q -y --force-yes install nfs-common
- #vpn stuff
- chroot . apt-get --no-install-recommends -q -y --force-yes install xl2tpd openswan bcrelay ppp ipsec-tools tdb-tools
- #vmware tools
- chroot . apt-get --no-install-recommends -q -y --force-yes install open-vm-tools
- #xenstore utils
- chroot . apt-get --no-install-recommends -q -y --force-yes install xenstore-utils libxenstore3.0
- #keepalived - install version 1.2.13 from wheezy backports
- chroot . apt-get --no-install-recommends -q -y --force-yes -t wheezy-backports install keepalived
- #conntrackd
- chroot . apt-get --no-install-recommends -q -y --force-yes install conntrackd ipvsadm libnetfilter-conntrack3 libnl1
- #ipcalc
- chroot . apt-get --no-install-recommends -q -y --force-yes install ipcalc
- #irqbalance from wheezy-backports
- chroot . apt-get --no-install-recommends -q -y --force-yes -t wheezy-backports install irqbalance
-
- echo "***** getting jre 7 *********"
- chroot . apt-get --no-install-recommends -q -y install openjdk-7-jre-headless
-}
-
-
-password() {
- chroot . echo "root:$PASSWORD" | chroot . chpasswd
-}
-
-apache2() {
- chroot . a2enmod ssl rewrite auth_basic auth_digest
- chroot . a2ensite default-ssl
- cp etc/apache2/sites-available/default etc/apache2/sites-available/default.orig
- cp etc/apache2/sites-available/default-ssl etc/apache2/sites-available/default-ssl.orig
-}
-
-services() {
- mkdir -p ./var/www/html
- mkdir -p ./opt/cloud/bin
- mkdir -p ./var/cache/cloud
- mkdir -p ./usr/share/cloud
- mkdir -p ./usr/local/cloud
- mkdir -p ./root/.ssh
- #Fix haproxy directory issue
- mkdir -p ./var/lib/haproxy
-
- /bin/cp -r ${scriptdir}/config/* ./
- chroot . chkconfig xl2tpd off
- chroot . chkconfig --add cloud-early-config
- chroot . chkconfig cloud-early-config on
- chroot . chkconfig --add iptables-persistent
- chroot . chkconfig iptables-persistent off
- chroot . chkconfig --force --add cloud-passwd-srvr
- chroot . chkconfig cloud-passwd-srvr off
- chroot . chkconfig --add cloud
- chroot . chkconfig cloud off
- chroot . chkconfig monit off
-}
-
-dhcp_fix() {
- #deal with virtio DHCP issue, copy and install customized kernel module and iptables
- mkdir -p tmp
- cp /tmp/systemvm/xt_CHECKSUM.ko lib/modules/2.6.32-5-686-bigmem/kernel/net/netfilter
- chroot . depmod -a 2.6.32-5-686-bigmem
- cp /tmp/systemvm/iptables_1.4.8-3local1checksum1_i386.deb tmp/
- chroot . dpkg -i tmp/iptables_1.4.8-3local1checksum1_i386.deb
- rm tmp/iptables_1.4.8-3local1checksum1_i386.deb
-}
-
-install_xs_tool() {
- #deal with virtio DHCP issue, copy and install customized kernel module and iptables
- mkdir -p tmp
- cp /tmp/systemvm/xe-guest-utilities_5.6.0-595_i386.deb tmp/
- chroot . dpkg -i tmp/xe-guest-utilities_5.6.0-595_i386.deb
- rm tmp/xe-guest-utilities_5.6.0-595_i386.deb
-}
-
-cleanup() {
- rm -f usr/sbin/policy-rc.d
- rm -f root/config.dat
- rm -f etc/apt/apt.conf.d/01proxy
-
- if [ "$MINIMIZE" == "true" ]
- then
- rm -rf var/cache/apt/*
- rm -rf var/lib/apt/*
- rm -rf usr/share/locale/[a-d]*
- rm -rf usr/share/locale/[f-z]*
- rm -rf usr/share/doc/*
- size=$(df $MOUNTPOINT | awk '{print $4}' | grep -v Available)
- dd if=/dev/zero of=$MOUNTPOINT/zeros.img bs=1M count=$((((size-150000)) / 1000))
- rm -f $MOUNTPOINT/zeros.img
- fi
-}
-
-signature() {
- (cd ${scriptdir}/config; tar cvf ${MOUNTPOINT}/usr/share/cloud/cloud-scripts.tar *)
- (cd ${scriptdir}/vpn; tar rvf ${MOUNTPOINT}/usr/share/cloud/cloud-scripts.tar *)
- gzip -c ${MOUNTPOINT}/usr/share/cloud/cloud-scripts.tar > ${MOUNTPOINT}/usr/share/cloud/cloud-scripts.tgz
- md5sum ${MOUNTPOINT}/usr/share/cloud/cloud-scripts.tgz |awk '{print $1}' > ${MOUNTPOINT}/var/cache/cloud/cloud-scripts-signature
- echo "Cloudstack Release $CLOUDSTACK_RELEASE $(date)" > ${MOUNTPOINT}/etc/cloudstack-release
-}
-
-#check grub version
-
-grub --version | grep "0.9" > /dev/null
-if [ $? -ne 0 ]
-then
- echo You need grub 0.9x\(grub-legacy\) to use this script!
- exit 1
-fi
-
-mkdir -p $IMAGENAME
-mkdir -p $LOCATION
-MOUNTPOINT=/mnt/$IMAGENAME/
-IMAGELOC=$LOCATION/$IMAGENAME.img
-scriptdir=$(dirname $PWD/$0)
-
-rm -rf /tmp/systemvm
-mkdir -p /tmp/systemvm
-#cp ./xt_CHECKSUM.ko /tmp/systemvm
-#cp ./iptables_1.4.8-3local1checksum1_i386.deb /tmp/systemvm
-#cp ./xe-guest-utilities_5.6.0-595_i386.deb /tmp/systemvm
-
-rm -f $IMAGELOC
-begin=$(date +%s)
-echo "*************INSTALLING BASEIMAGE********************"
-baseimage
-
-cp $scriptdir/config.dat $MOUNTPOINT/root/
-cd $MOUNTPOINT
-
-mount -o bind /proc $MOUNTPOINT/proc
-mount -o bind /dev $MOUNTPOINT/dev
-
-echo "*************CONFIGURING APT********************"
-fixapt
-echo "*************DONE CONFIGURING APT********************"
-
-echo "*************CONFIGURING NETWORK********************"
-network
-echo "*************DONE CONFIGURING NETWORK********************"
-
-echo "*************INSTALLING KERNEL********************"
-install_kernel $IMAGELOC
-echo "*************DONE INSTALLING KERNEL********************"
-
-echo "*************CONFIGURING GRUB********************"
-fixgrub $IMAGELOC
-echo "*************DONE CONFIGURING GRUB********************"
-
-
-echo "*************CONFIGURING INITTAB********************"
-fixinittab
-echo "*************DONE CONFIGURING INITTAB********************"
-
-echo "*************CONFIGURING FSTAB********************"
-fixfstab
-echo "*************DONE CONFIGURING FSTAB********************"
-
-echo "*************CONFIGURING ACPID********************"
-fixacpid
-echo "*************DONE CONFIGURING ACPID********************"
-
-echo "*************INSTALLING PACKAGES********************"
-packages
-echo "*************DONE INSTALLING PACKAGES********************"
-
-echo "*************CONFIGURING IPTABLES********************"
-fixiptables
-echo "*************DONE CONFIGURING IPTABLES********************"
-
-echo "*************CONFIGURING PASSWORD********************"
-password
-
-echo "*************CONFIGURING SERVICES********************"
-services
-
-echo "*************CONFIGURING APACHE********************"
-apache2
-
-echo "*************CONFIGURING VPN********************"
-vpn_config
-
-echo "*************FIX DHCP ISSUE********************"
-#dhcp_fix
-
-echo "*************INSTALL XS TOOLS********************"
-#install_xs_tool
-
-echo "*************CLEANING UP********************"
-cleanup
-
-echo "*************GENERATING SIGNATURE********************"
-signature
-
-cd $scriptdir
-
-umount $MOUNTPOINT/proc
-umount $MOUNTPOINT/dev
-umount $MOUNTPOINT
-fin=$(date +%s)
-t=$((fin-begin))
-echo "Finished building image $IMAGELOC in $t seconds"
-
diff --git a/systemvm/patches/debian/config/etc/init.d/cloud b/systemvm/patches/debian/config/etc/init.d/cloud
index f9a9915..9b3a63b 100755
--- a/systemvm/patches/debian/config/etc/init.d/cloud
+++ b/systemvm/patches/debian/config/etc/init.d/cloud
@@ -1,13 +1,11 @@
-#!/bin/bash
+#!/bin/bash
### BEGIN INIT INFO
# Provides: cloud
-# Required-Start: mountkernfs $local_fs cloud-early-config
+# Required-Start: $local_fs cloud-early-config
# Required-Stop: $local_fs
-# Should-Start:
-# Should-Stop:
-# Default-Start:
+# Default-Start: 3 4 5
# Default-Stop: 0 1 6
-# Short-Description: Start up the CloudStack cloud service
+# Short-Description: Start up the CloudStack cloud service
### END INIT INFO
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
diff --git a/systemvm/patches/debian/config/etc/init.d/cloud-early-config b/systemvm/patches/debian/config/etc/init.d/cloud-early-config
index 3bdebdb..1d3a890 100755
--- a/systemvm/patches/debian/config/etc/init.d/cloud-early-config
+++ b/systemvm/patches/debian/config/etc/init.d/cloud-early-config
@@ -1,10 +1,8 @@
#!/bin/bash
### BEGIN INIT INFO
# Provides: cloud-early-config
-# Required-Start: mountkernfs $local_fs
+# Required-Start: $local_fs
# Required-Stop: $local_fs
-# Should-Start:
-# Should-Stop:
# Default-Start: S
# Default-Stop: 0 6
# Short-Description: configure according to cmdline
@@ -38,6 +36,9 @@ mkdir -p /var/lib/haproxy
# Clear boot up flag, it would be created by rc.local after boot up done
rm -f /var/cache/cloud/boot_up_done
+# Randomize cloud password so only ssh login is allowed
+echo "cloud:`openssl rand -base64 32`" | chpasswd
+
[ -x /sbin/ifup ] || exit 0
. /lib/lsb/init-functions
@@ -807,7 +808,7 @@ setup_sshd(){
setup_vpc_apache2() {
log_it "Setting up apache web server for VPC"
- chkconfig apache2 off
+ systemctl disable apache2
clean_ipalias_config
setup_apache2_common
}
@@ -942,7 +943,7 @@ setup_router() {
disable_rpfilter_domR
enable_fwding 1
enable_rpsrfs 1
- chkconfig nfs-common off
+ systemctl disable nfs-common
cp /etc/iptables/iptables-router /etc/iptables/rules.v4
#for old templates
cp /etc/iptables/iptables-router /etc/iptables/rules
@@ -1083,7 +1084,7 @@ setup_dhcpsrvr() {
enable_svc cloud-passwd-srvr 1
enable_svc cloud 0
enable_fwding 0
- chkconfig nfs-common off
+ systemctl disable nfs-common
cp /etc/iptables/iptables-router /etc/iptables/rules.v4
cp /etc/iptables/iptables-router /etc/iptables/rules
@@ -1239,7 +1240,7 @@ setup_console_proxy() {
enable_svc dnsmasq 0
enable_svc cloud-passwd-srvr 0
enable_svc cloud 1
- chkconfig nfs-common off
+ systemctl disable nfs-common
rm /etc/logrotate.d/cloud
}
@@ -1267,8 +1268,8 @@ setup_elbvm() {
enable_svc dnsmasq 0
enable_svc cloud-passwd-srvr 0
enable_svc cloud 0
- chkconfig nfs-common off
- chkconfig portmap off
+ systemctl disable nfs-common
+ systemctl disable portmap
}
setup_ilbvm() {
@@ -1290,8 +1291,8 @@ setup_ilbvm() {
enable_svc dnsmasq 0
enable_svc cloud-passwd-srvr 0
enable_svc cloud 0
- chkconfig nfs-common off
- chkconfig portmap off
+ systemctl disable nfs-common
+ systemctl disable portmap
}
setup_default() {
diff --git a/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr b/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr
index 33b0ea3..c089e72 100755
--- a/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr
+++ b/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr
@@ -1,12 +1,10 @@
-#!/bin/bash
+#!/bin/bash
### BEGIN INIT INFO
# Provides: cloud-passwd-srvr
-# Required-Start: mountkernfs $local_fs cloud-early-config iptables-persistent
+# Required-Start: $local_fs cloud-early-config
# Required-Stop: $local_fs
-# Should-Start:
-# Should-Stop:
-# Default-Start:
-# Default-Stop: 0 6
+# Default-Start: 3 4 5
+# Default-Stop: 0 1 6
# Short-Description: Web server that sends passwords to User VMs
### END INIT INFO
# Licensed to the Apache Software Foundation (ASF) under one
diff --git a/systemvm/patches/debian/config/etc/init.d/postinit b/systemvm/patches/debian/config/etc/init.d/postinit
index 818959f..ddbcb08 100755
--- a/systemvm/patches/debian/config/etc/init.d/postinit
+++ b/systemvm/patches/debian/config/etc/init.d/postinit
@@ -1,13 +1,11 @@
#!/bin/bash -e
### BEGIN INIT INFO
# Provides: postinit
-# Required-Start: mountkernfs $local_fs cloud-early-config
+# Required-Start: $local_fs cloud-early-config
# Required-Stop: $local_fs
-# Should-Start:
-# Should-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
-# Short-Description: post-init
+# Short-Description: post-init
### END INIT INFO
# Licensed to the Apache Software Foundation (ASF) under one
diff --git a/systemvm/patches/debian/config/etc/rc.local b/systemvm/patches/debian/config/etc/rc.local
index 3b19218..c0b1939 100755
--- a/systemvm/patches/debian/config/etc/rc.local
+++ b/systemvm/patches/debian/config/etc/rc.local
@@ -1,4 +1,4 @@
-#/bin/bash
+#!/bin/bash
#Licensed to the Apache Software Foundation (ASF) under one
#or more contributor license agreements. See the NOTICE file
diff --git a/systemvm/patches/debian/config/etc/ssh/sshd_config b/systemvm/patches/debian/config/etc/ssh/sshd_config
index 6c64719..75f30cc 100644
--- a/systemvm/patches/debian/config/etc/ssh/sshd_config
+++ b/systemvm/patches/debian/config/etc/ssh/sshd_config
@@ -13,7 +13,6 @@
Port 3922
#AddressFamily any
#ListenAddress 0.0.0.0
-#ListenAddress ::
# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
diff --git a/systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh b/systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh
index 34450dc..81a1b14 100755
--- a/systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh
+++ b/systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh
@@ -40,34 +40,34 @@ patch_console_proxy() {
}
consoleproxy_svcs() {
- chkconfig cloud on
- chkconfig postinit on
- chkconfig cloud-passwd-srvr off
- chkconfig haproxy off ;
- chkconfig dnsmasq off
- chkconfig ssh on
- chkconfig apache2 off
- chkconfig nfs-common off
- chkconfig portmap off
- chkconfig keepalived off
- chkconfig conntrackd off
+ systemctl enable cloud
+ systemctl enable postinit
+ systemctl disable cloud-passwd-srvr
+ systemctl disable haproxy
+ systemctl disable dnsmasq
+ systemctl enable ssh
+ systemctl disable apache2
+ systemctl disable nfs-common
+ systemctl disable portmap
+ systemctl disable keepalived
+ systemctl disable conntrackd
echo "cloud postinit ssh" > /var/cache/cloud/enabled_svcs
echo "cloud-passwd-srvr haproxy dnsmasq apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs
mkdir -p /var/log/cloud
}
secstorage_svcs() {
- chkconfig cloud on
- chkconfig postinit on
- chkconfig cloud-passwd-srvr off
- chkconfig haproxy off ;
- chkconfig dnsmasq off
- chkconfig portmap on
- chkconfig nfs-common on
- chkconfig ssh on
- chkconfig apache2 off
- chkconfig keepalived off
- chkconfig conntrackd off
+ systemctl enable cloud on
+ systemctl enable postinit on
+ systemctl disable cloud-passwd-srvr
+ systemctl disable haproxy
+ systemctl disable dnsmasq
+ systemctl enable portmap
+ systemctl enable nfs-common
+ systemctl enable ssh
+ systemctl disable apache2
+ systemctl disable keepalived
+ systemctl disable conntrackd
echo "cloud postinit ssh nfs-common portmap" > /var/cache/cloud/enabled_svcs
echo "cloud-passwd-srvr haproxy dnsmasq" > /var/cache/cloud/disabled_svcs
mkdir -p /var/log/cloud
@@ -76,67 +76,67 @@ secstorage_svcs() {
routing_svcs() {
grep "redundant_router=1" /var/cache/cloud/cmdline > /dev/null
RROUTER=$?
- chkconfig cloud off
- chkconfig haproxy on ;
- chkconfig ssh on
- chkconfig nfs-common off
- chkconfig portmap off
+ systemctl disable cloud
+ systemctl disable haproxy
+ systemctl enable ssh
+ systemctl disable nfs-common
+ systemctl disable portmap
echo "ssh haproxy apache2" > /var/cache/cloud/enabled_svcs
echo "cloud nfs-common portmap" > /var/cache/cloud/disabled_svcs
if [ $RROUTER -eq 0 ]
then
- chkconfig dnsmasq off
- chkconfig cloud-passwd-srvr off
- chkconfig keepalived on
- chkconfig conntrackd on
- chkconfig postinit on
+ systemctl disable dnsmasq
+ systemctl disable cloud-passwd-srvr
+ systemctl enable keepalived
+ systemctl enable conntrackd
+ systemctl enable postinit
echo "keepalived conntrackd postinit" >> /var/cache/cloud/enabled_svcs
echo "dnsmasq cloud-passwd-srvr" >> /var/cache/cloud/disabled_svcs
else
- chkconfig dnsmasq on
- chkconfig cloud-passwd-srvr on
- chkconfig keepalived off
- chkconfig conntrackd off
+ systemctl enable dnsmasq
+ systemctl enable cloud-passwd-srvr
+ systemctl disable keepalived
+ systemctl disable conntrackd
echo "dnsmasq cloud-passwd-srvr " >> /var/cache/cloud/enabled_svcs
echo "keepalived conntrackd " >> /var/cache/cloud/disabled_svcs
fi
}
dhcpsrvr_svcs() {
- chkconfig cloud off
- chkconfig cloud-passwd-srvr on ;
- chkconfig haproxy off ;
- chkconfig dnsmasq on
- chkconfig ssh on
- chkconfig nfs-common off
- chkconfig portmap off
- chkconfig keepalived off
- chkconfig conntrackd off
+ systemctl disable cloud
+ systemctl enable cloud-passwd-srvr
+ systemctl disable haproxy
+ systemctl enable dnsmasq
+ systemctl enable ssh
+ systemctl disable nfs-common
+ systemctl disable portmap
+ systemctl disable keepalived
+ systemctl disable conntrackd
echo "ssh dnsmasq cloud-passwd-srvr apache2" > /var/cache/cloud/enabled_svcs
echo "cloud nfs-common haproxy portmap" > /var/cache/cloud/disabled_svcs
}
elbvm_svcs() {
- chkconfig cloud off
- chkconfig haproxy on ;
- chkconfig ssh on
- chkconfig nfs-common off
- chkconfig portmap off
- chkconfig keepalived off
- chkconfig conntrackd off
+ systemctl disable cloud
+ systemctl disable haproxy
+ systemctl enable ssh
+ systemctl disable nfs-common
+ systemctl disable portmap
+ systemctl disable keepalived
+ systemctl disable conntrackd
echo "ssh haproxy" > /var/cache/cloud/enabled_svcs
echo "cloud dnsmasq cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs
}
ilbvm_svcs() {
- chkconfig cloud off
- chkconfig haproxy on ;
- chkconfig ssh on
- chkconfig nfs-common off
- chkconfig portmap off
- chkconfig keepalived off
- chkconfig conntrackd off
+ systemctl disable cloud
+ systemctl enable haproxy
+ systemctl enable ssh
+ systemctl disable nfs-common
+ systemctl disable portmap
+ systemctl disable keepalived
+ systemctl disable conntrackd
echo "ssh haproxy" > /var/cache/cloud/enabled_svcs
echo "cloud dnsmasq cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs
}
@@ -149,11 +149,11 @@ enable_pcihotplug() {
}
enable_serial_console() {
- sed -i -e "/^serial.*/d" /boot/grub/grub.conf
- sed -i -e "/^terminal.*/d" /boot/grub/grub.conf
- sed -i -e "/^default.*/a\serial --unit=0 --speed=115200 --parity=no --stop=1" /boot/grub/grub.conf
- sed -i -e "/^serial.*/a\terminal --timeout=0 serial console" /boot/grub/grub.conf
- sed -i -e "s/\(^kernel.* ro\) \(console.*\)/\1 console=tty0 console=ttyS0,115200n8/" /boot/grub/grub.conf
+ #sed -i -e "/^serial.*/d" /boot/grub/grub.conf
+ #sed -i -e "/^terminal.*/d" /boot/grub/grub.conf
+ #sed -i -e "/^default.*/a\serial --unit=0 --speed=115200 --parity=no --stop=1" /boot/grub/grub.conf
+ #sed -i -e "/^serial.*/a\terminal --timeout=0 serial console" /boot/grub/grub.conf
+ #sed -i -e "s/\(^kernel.* ro\) \(console.*\)/\1 console=tty0 console=ttyS0,115200n8/" /boot/grub/grub.conf
sed -i -e "/^s0:2345:respawn.*/d" /etc/inittab
sed -i -e "/6:23:respawn/a\s0:2345:respawn:/sbin/getty -L 115200 ttyS0 vt102" /etc/inittab
}
diff --git a/tools/appliance/build.sh b/tools/appliance/build.sh
index 0b31cc1..45f4728 100755
--- a/tools/appliance/build.sh
+++ b/tools/appliance/build.sh
@@ -594,7 +594,7 @@ function main() {
add_on_exit veewee_destroy
veewee_build
save_mac_address
- veewee_halt
+ veewee_halt || true
retry 10 check_appliance_shutdown
retry 10 check_appliance_disk_ready
retry 10 remove_shares
diff --git a/tools/appliance/definitions/systemvmtemplate/apt_upgrade.sh b/tools/appliance/definitions/systemvmtemplate/apt_upgrade.sh
index f98c6b5..eb9b790 100644
--- a/tools/appliance/definitions/systemvmtemplate/apt_upgrade.sh
+++ b/tools/appliance/definitions/systemvmtemplate/apt_upgrade.sh
@@ -23,20 +23,23 @@ function add_backports() {
sed -i '/cdrom/d' /etc/apt/sources.list
sed -i '/deb-src/d' /etc/apt/sources.list
sed -i '/backports/d' /etc/apt/sources.list
- echo 'deb http://http.debian.net/debian wheezy-backports main' >> /etc/apt/sources.list
+ echo 'deb http://http.debian.net/debian stretch-backports main' >> /etc/apt/sources.list
}
function apt_upgrade() {
DEBIAN_FRONTEND=noninteractive
DEBIAN_PRIORITY=critical
+ # Setup sudo
+ echo 'cloud ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/cloud
+
add_backports
rm -fv /root/*.iso
apt-get -y autoremove
apt-get autoclean
- apt-get -q -y --force-yes update
- apt-get -q -y --force-yes upgrade
+ apt-get -q -y update
+ apt-get -q -y upgrade
df -h
}
diff --git a/tools/appliance/definitions/systemvmtemplate/authorized_keys.sh b/tools/appliance/definitions/systemvmtemplate/authorized_keys.sh
index 63da2f4..d185723 100644
--- a/tools/appliance/definitions/systemvmtemplate/authorized_keys.sh
+++ b/tools/appliance/definitions/systemvmtemplate/authorized_keys.sh
@@ -25,5 +25,6 @@ set -x
key='ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvFu3MLSPphFRBR1yM7nBukXWS9gPdAXfqq9cfC8ZqQN9ybi531aj44CybZ4BVT4kLfzbAs7+7nJeSIpPHxjv9XFqbxjIxoFeGYkj7s0RrJgtsEmvAAubZ3mYboUAYUivMgnJFLnv4VqyAbpjix6CfECUiU4ygwo24F3F6bAmhl4Vo1R5TSUdDIX876YePJTFtuVkLl4lu/+xw1QRWrgaSFosGICT37IKY7RjE79Ozb0GjNHyJPPgVAGkUVO4LawroL9dYOBlzdHpmqqA9Kc44oQBpvcU7s1+ezRTt7fZNnP7TG9ninZtrvnP4qmwAc4iUJ7N1bwh0mCblnoTfZ28hw== anthony@mobl-ant'
mkdir -p /root/.ssh
chmod 644 /root/.ssh
+#touch /root/.ssh/authorized_keys
echo ${key} > /root/.ssh/authorized_keys
chmod 600 /root/.ssh/authorized_keys
diff --git a/tools/appliance/definitions/systemvmtemplate/build_time.sh b/tools/appliance/definitions/systemvmtemplate/build_time.sh
deleted file mode 100644
index c25644b..0000000
--- a/tools/appliance/definitions/systemvmtemplate/build_time.sh
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/bash
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-set -e
-set -x
-
-function build_time() {
- date > /etc/vagrant_box_build_time
-}
-
-return 2>/dev/null || build_time
diff --git a/tools/appliance/definitions/systemvmtemplate/cleanup.sh b/tools/appliance/definitions/systemvmtemplate/cleanup.sh
index cd32d5b..67d6c23 100644
--- a/tools/appliance/definitions/systemvmtemplate/cleanup.sh
+++ b/tools/appliance/definitions/systemvmtemplate/cleanup.sh
@@ -20,7 +20,6 @@ set -e
set -x
function cleanup_apt() {
- #apt-get -y remove linux-headers-$(uname -r) build-essential
apt-get -y remove dictionaries-common busybox
apt-get -y autoremove
apt-get autoclean
diff --git a/tools/appliance/definitions/systemvmtemplate/configure_grub.sh b/tools/appliance/definitions/systemvmtemplate/configure_grub.sh
index 5b6a80a..ec40b7c 100644
--- a/tools/appliance/definitions/systemvmtemplate/configure_grub.sh
+++ b/tools/appliance/definitions/systemvmtemplate/configure_grub.sh
@@ -31,9 +31,13 @@ GRUB_DEFAULT=0
GRUB_TIMEOUT=0
GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian`
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
-GRUB_CMDLINE_LINUX="debian-installer=en_US"
+GRUB_CMDLINE_LINUX="console=tty1 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 debian-installer=en_US"
+GRUB_TERMINAL="console serial"
+GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"
+
EOF
+ grub-mkconfig -o /boot/grub/grub.cfg
update-grub
}
diff --git a/tools/appliance/definitions/systemvmtemplate/configure_login.sh b/tools/appliance/definitions/systemvmtemplate/configure_login.sh
index 36fccab..1735b81 100644
--- a/tools/appliance/definitions/systemvmtemplate/configure_login.sh
+++ b/tools/appliance/definitions/systemvmtemplate/configure_login.sh
@@ -23,11 +23,12 @@ function add_admin_group() {
groupadd -f -r admin
}
-function configure_cloud_user() {
+function configure_user() {
usermod -a -G admin cloud
mkdir -p /home/cloud/.ssh
chmod 700 /home/cloud/.ssh
echo "cloud:`openssl rand -base64 32`" | chpasswd
+ echo "root:password" | chpasswd
}
function configure_sudoers() {
@@ -42,7 +43,7 @@ root ALL=(ALL:ALL) ALL
#includedir /etc/sudoers.d
END
- echo 'cloud ALL=NOPASSWD:/bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount' > /etc/sudoers.d/cloud
+ echo 'cloud ALL=NOPASSWD:/bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount, /sbin/halt' > /etc/sudoers.d/cloud
}
# sshd_config is overwritten from cloud_scripts
@@ -58,8 +59,6 @@ END
#}
function configure_inittab() {
- grep "vc:2345:respawn:/sbin/getty" /etc/inittab && return
-
# Fix inittab
cat >> /etc/inittab << EOF
@@ -68,11 +67,13 @@ EOF
}
function configure_login() {
- add_admin_group
- configure_cloud_user
- configure_sudoers
# configure_sshd
configure_inittab
+ add_admin_group
+ configure_sudoers
+ configure_user
+ rm -fv /home/cloud/configure_login.sh
+ halt -p
}
return 2>/dev/null || configure_login
diff --git a/tools/appliance/definitions/systemvmtemplate/configure_networking.sh b/tools/appliance/definitions/systemvmtemplate/configure_networking.sh
index bddcd6c..2ebd3a2 100644
--- a/tools/appliance/definitions/systemvmtemplate/configure_networking.sh
+++ b/tools/appliance/definitions/systemvmtemplate/configure_networking.sh
@@ -21,13 +21,6 @@ set -x
HOSTNAME=systemvm
-# Adding a 2 sec delay to the interface up, to make the dhclient happy
-function set_interface_sleep() {
- grep "pre-up sleep 2" /etc/network/interfaces && return
-
- echo "pre-up sleep 2" >> /etc/network/interfaces
-}
-
function configure_resolv_conf() {
grep 8.8.8.8 /etc/resolv.conf && grep 8.8.4.4 /etc/resolv.conf && return
@@ -52,8 +45,24 @@ function configure_hostname() {
hostname $HOSTNAME
}
+function configure_interfaces() {
+ cat > /etc/network/interfaces << EOF
+source /etc/network/interfaces.d/*
+
+# The loopback network interface
+auto lo
+iface lo inet loopback
+
+# The primary network interface
+auto eth0
+iface eth0 inet dhcp
+pre-up sleep 2
+
+EOF
+}
+
function configure_networking() {
- set_interface_sleep
+ configure_interfaces
configure_resolv_conf
delete_dhcp_ip
configure_hostname
diff --git a/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh b/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh
index 60082e3..f3bd52a 100644
--- a/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh
+++ b/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh
@@ -19,15 +19,15 @@
set -e
set -x
-CLOUDSTACK_RELEASE=4.6.0
+CLOUDSTACK_RELEASE=4.11.0
function configure_apache2() {
# Enable ssl, rewrite and auth
a2enmod ssl rewrite auth_basic auth_digest
a2ensite default-ssl
# Backup stock apache configuration since we may modify it in Secondary Storage VM
- cp /etc/apache2/sites-available/default /etc/apache2/sites-available/default.orig
- cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/default-ssl.orig
+ cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/default.orig
+ cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.orig
sed -i 's/SSLProtocol all -SSLv2$/SSLProtocol all -SSLv2 -SSLv3/g' /etc/apache2/mods-available/ssl.conf
}
@@ -39,12 +39,76 @@ function install_cloud_scripts() {
/etc/init.d/{cloud,cloud-early-config,cloud-passwd-srvr,postinit} \
/etc/profile.d/cloud.sh
- chkconfig --add cloud-early-config
- chkconfig cloud-early-config on
- chkconfig --add cloud-passwd-srvr
- chkconfig cloud-passwd-srvr off
- chkconfig --add cloud
- chkconfig cloud off
+ cat > /lib/systemd/system/cloud-early-config.service << EOF
+[Unit]
+Description=cloud-early-config: configure according to cmdline
+DefaultDependencies=no
+After=local-fs.target apparmor.service systemd-sysctl.service systemd-modules-load.service
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+Type=oneshot
+ExecStart=/etc/init.d/cloud-early-config start
+ExecStop=/etc/init.d/cloud-early-config stop
+RemainAfterExit=true
+TimeoutStartSec=5min
+
+EOF
+
+ cat > /lib/systemd/system/cloud.service << EOF
+[Unit]
+Description=cloud: startup cloud service
+After=cloud-early-config.service network.target local-fs.target
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+Type=forking
+ExecStart=/etc/init.d/cloud start
+ExecStop=/etc/init.d/cloud stop
+RemainAfterExit=true
+TimeoutStartSec=5min
+EOF
+
+ cat > /lib/systemd/system/cloud-passwd-srvr.service << EOF
+[Unit]
+Description=cloud-passwd-srvr: cloud password server
+After=network.target local-fs.target
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+Type=forking
+ExecStart=/etc/init.d/cloud-passwd-srvr start
+ExecStop=/etc/init.d/cloud-passwd-srvr stop
+RemainAfterExit=true
+TimeoutStartSec=5min
+EOF
+
+ cat > /lib/systemd/system/postinit.service << EOF
+[Unit]
+Description=cloud post-init service
+After=cloud-early-config.service network.target local-fs.target
+
+[Install]
+WantedBy=multi-user.target
+
+[Service]
+Type=forking
+ExecStart=/etc/init.d/postinit start
+ExecStop=/etc/init.d/postinit stop
+RemainAfterExit=true
+TimeoutStartSec=5min
+EOF
+
+ systemctl daemon-reload
+ systemctl enable cloud-early-config
+ systemctl disable cloud-passwd-srvr
+ systemctl disable cloud
}
function do_signature() {
@@ -72,18 +136,20 @@ function configure_services() {
install_cloud_scripts
do_signature
- chkconfig xl2tpd off
+ systemctl daemon-reload
+ systemctl disable xl2tpd
# Disable services that slow down boot and are not used anyway
- chkconfig x11-common off
- chkconfig console-setup off
+ systemctl disable x11-common
+ systemctl disable console-setup
+ systemctl disable haproxy
# Hyperv kvp daemon - 64bit only
local arch=`dpkg --print-architecture`
if [ "${arch}" == "amd64" ]; then
- chkconfig hv_kvp_daemon off
+ systemctl disable hv_kvp_daemon
fi
- chkconfig radvd off
+ systemctl disable radvd
configure_apache2
configure_strongswan
diff --git a/tools/appliance/definitions/systemvmtemplate/definition.rb b/tools/appliance/definitions/systemvmtemplate/definition.rb
index e0c44e2..cea7bd2 100644
--- a/tools/appliance/definitions/systemvmtemplate/definition.rb
+++ b/tools/appliance/definitions/systemvmtemplate/definition.rb
@@ -15,7 +15,7 @@
# specific language governing permissions and limitations
# under the License.
-arch = ENV['VM_ARCH'] || 'i386'
+arch = 'amd64'
#
# NOTE: Before changing the version of the debian image make
@@ -25,25 +25,19 @@ arch = ENV['VM_ARCH'] || 'i386'
# removed from the debian mirrors
#
architectures = {
- :i386 => {
- :os_type_id => 'Debian',
- :iso_file => 'debian-7.11.0-i386-netinst.iso',
- :iso_src => 'http://cdimage.debian.org/cdimage/archive/7.11.0/i386/iso-cd/debian-7.11.0-i386-netinst.iso',
- :iso_md5 => '75055a694508f5b891038ec12d703c9e',
- },
:amd64 => {
:os_type_id => 'Debian_64',
- :iso_file => 'debian-7.11.0-amd64-netinst.iso',
- :iso_src => 'http://cdimage.debian.org/cdimage/archive/7.11.0/amd64/iso-cd/debian-7.11.0-amd64-netinst.iso',
- :iso_md5 => '096c1c18b44c269808bd815d58c53c8f'
+ :iso_file => 'debian-9.1.0-amd64-netinst.iso',
+ :iso_src => 'https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.1.0-amd64-netinst.iso',
+ :iso_md5 => 'ddd8f6542dae8baf410e90b9ae0fe986'
}
}
config = {
:cpu_count => '1',
- :memory_size => '256',
- :disk_size => '3200', :disk_format => 'VDI', :hostiocache => 'off',
- :iso_download_timeout => '1200',
+ :memory_size => '512',
+ :disk_size => '2000', :disk_format => 'VDI', :hostiocache => 'off',
+ :iso_download_timeout => '1000',
:boot_wait => '10',
:boot_cmd_sequence => [
'<Esc>',
@@ -63,11 +57,11 @@ config = {
'<Enter>'
],
:kickstart_port => '7122',
- :kickstart_timeout => '1200',
+ :kickstart_timeout => '1000',
:kickstart_file => 'preseed.cfg',
- :ssh_login_timeout => '1200',
- :ssh_user => 'root',
- :ssh_password => 'password',
+ :ssh_login_timeout => '10000',
+ :ssh_user => 'cloud',
+ :ssh_password => 'cloud',
:ssh_key => '',
:ssh_host_port => '7222',
:ssh_guest_port => '22',
@@ -75,11 +69,9 @@ config = {
:shutdown_cmd => 'halt -p',
:postinstall_files => [
# basic minimal vm creation
- 'build_time.sh',
'apt_upgrade.sh',
'configure_grub.sh',
'configure_locale.sh',
- 'configure_login.sh',
'configure_networking.sh',
'configure_acpid.sh',
# turning it into a systemvm
@@ -91,9 +83,11 @@ config = {
'configure_persistent_config.sh',
# cleanup & space-saving
'cleanup.sh',
- 'zerodisk.sh'
+ 'zerodisk.sh',
+ # setup login stuff
+ 'configure_login.sh'
],
- :postinstall_timeout => '1200'
+ :postinstall_timeout => '10000'
}
config.merge! architectures[arch.to_sym]
diff --git a/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh b/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh
index 9daa2d8..227f533 100644
--- a/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh
+++ b/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh
@@ -43,7 +43,7 @@ function install_packages() {
debconf_packages
install_vhd_util
- local apt_get="apt-get --no-install-recommends -q -y --force-yes"
+ local apt_get="apt-get --no-install-recommends -q -y"
#32 bit architecture support:: not required for 32 bit template
if [ "${arch}" != "i386" ]; then
@@ -53,8 +53,8 @@ function install_packages() {
fi
${apt_get} install \
- rsyslog logrotate cron chkconfig insserv net-tools ifupdown vim-tiny netbase iptables \
- openssh-server e2fsprogs dhcp3-client tcpdump socat wget \
+ rsyslog logrotate cron insserv net-tools ifupdown vim netbase iptables \
+ openssh-server e2fsprogs isc-dhcp-client tcpdump socat wget \
python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps \
inetutils-ping iputils-arping httping curl \
dnsutils zip unzip ethtool uuid file iproute acpid virt-what sudo \
@@ -67,19 +67,22 @@ function install_packages() {
xenstore-utils libxenstore3.0 \
conntrackd ipvsadm libnetfilter-conntrack3 libnl-3-200 libnl-genl-3-200 \
ipcalc \
+ openjdk-8-jre-headless \
ipset \
iptables-persistent \
libtcnative-1 libssl-dev libapr1-dev \
python-flask \
haproxy \
radvd \
- sharutils
+ sharutils \
+ keepalived irqbalance open-vm-tools qemu-guest-agent \
+ strongswan libcharon-extra-plugins libstrongswan-extra-plugins
- ${apt_get} -t wheezy-backports install keepalived irqbalance open-vm-tools qemu-guest-agent
- ${apt_get} -t wheezy-backports install strongswan libcharon-extra-plugins libstrongswan-extra-plugins
+ apt-get autoclean
+ apt-get clean
apt-get update
- apt-get -y --force-yes upgrade
+ apt-get -y upgrade
if [ "${arch}" == "amd64" ]; then
# Hyperv kvp daemon - 64bit only
@@ -87,22 +90,7 @@ function install_packages() {
wget http://people.apache.org/~rajeshbattala/hv-kvp-daemon_3.1_amd64.deb
dpkg -i hv-kvp-daemon_3.1_amd64.deb
rm -f hv-kvp-daemon_3.1_amd64.deb
- # XS tools
- wget --no-check-certificate https://raw.githubusercontent.com/rhtyd/cloudstack-nonoss/master/xe-guest-utilities_6.5.0_amd64.deb
- md5sum xe-guest-utilities_6.5.0_amd64.deb
- dpkg -i xe-guest-utilities_6.5.0_amd64.deb
- rm -f xe-guest-utilities_6.5.0_amd64.deb
fi
-
- # Install OpenJDK8 pkgs maintained by Azul
- apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0x219BD9C9
- echo 'deb http://repos.azulsystems.com/debian stable main' > /etc/apt/sources.list.d/zulu.list
- apt-get -y autoremove
- apt-get autoclean
- apt-get clean
- apt-get update
- ${apt_get} install zulu-8
- java -version
}
return 2>/dev/null || install_packages
diff --git a/tools/appliance/definitions/systemvmtemplate/preseed.cfg b/tools/appliance/definitions/systemvmtemplate/preseed.cfg
index 77402d7..6d56b76 100644
--- a/tools/appliance/definitions/systemvmtemplate/preseed.cfg
+++ b/tools/appliance/definitions/systemvmtemplate/preseed.cfg
@@ -17,22 +17,35 @@
### Localization
# Locale sets language and country.
-d-i debian-installer/locale string en_US
+d-i debian-installer/locale string en_US.UTF-8
# Keyboard selection.
-d-i console-keymaps-at/keymap select us
+d-i keyboard-configuration/xkb-keymap select us
### Network configuration
d-i netcfg/choose_interface select auto
d-i netcfg/get_hostname string systemvm
-d-i netcfg/get_domain string cloudstack.org
+d-i netcfg/get_domain string apache.org
+d-i netcfg/wireless_wep string
+
+d-i hw-detect/load_firmware boolean true
### Mirror settings
d-i mirror/country string manual
-d-i mirror/http/hostname string http.us.debian.org
+d-i mirror/http/hostname string http.debian.net
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string
+### Apt setup
+d-i apt-setup/cdrom/set-first false
+#d-i apt-setup/non-free boolean true
+#d-i apt-setup/contrib boolean true
+#d-i apt-setup/use_mirror boolean true
+d-i apt-setup/services-select multiselect security, updates
+d-i apt-setup/security_host string security.debian.org
+d-i apt-setup/local0/source boolean false
+d-i apt-setup/multiarch string i386
+
### Clock and time zone setup
d-i clock-setup/utc boolean true
d-i time/zone string UTC
@@ -44,51 +57,33 @@ d-i partman-auto/method string regular
d-i partman-auto/choose_recipe select atomic
d-i partman-auto/expert_recipe string \
boot-root :: \
- 80 50 160 ext4 \
+ 80 50 100 ext4 \
$primary{ } $bootable{ } \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /boot } \
. \
- 500 40 800 ext4 \
+ 1500 40 1600 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ / } \
. \
- 50 100 100 ext4 \
- method{ format } format{ } \
- use_filesystem{ } filesystem{ ext4 } \
- mountpoint{ /home } \
- . \
- 1000 60 1400 ext4 \
- method{ format } format{ } \
- use_filesystem{ } filesystem{ ext4 } \
- mountpoint{ /usr } \
- . \
- 200 40 300 ext4 \
- method{ format } format{ } \
- use_filesystem{ } filesystem{ ext4 } \
- mountpoint{ /opt } \
- . \
- 600 70 1200 ext4 \
- method{ format } format{ } \
- use_filesystem{ } filesystem{ ext4 } \
- mountpoint{ /var } \
- . \
- 400 50 500 ext4 \
+ 300 50 300 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /var/log } \
. \
- 100 90 200 ext4 \
+ 100 90 100 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /tmp } \
. \
- 256 100 1024 linux-swap \
+ 100 100 200 linux-swap \
method{ swap } format{ } \
.
-d-i partman/confirm_write_new_label boolean true
+
+d-i partman-md/confirm boolean true
+d-i partman-partitioning/confirm_write_new_label boolean true
d-i partman/choose_partition select finish
d-i partman/confirm boolean true
d-i partman/confirm_nooverwrite boolean true
@@ -97,10 +92,10 @@ d-i partman/confirm_nooverwrite boolean true
# ...
### Account setup
-d-i passwd/root-login boolean true
+d-i passwd/root-login boolean false
d-i passwd/root-password password password
d-i passwd/root-password-again password password
-d-i passwd/user-fullname string Cloud Stack
+d-i passwd/user-fullname string Cloud User
d-i passwd/username string cloud
d-i passwd/user-password password cloud
d-i passwd/user-password-again password cloud
@@ -108,12 +103,14 @@ d-i user-setup/encrypt-home boolean false
d-i user-setup/allow-password-weak boolean true
d-i passwd/user-default-groups string audio cdrom video admin
+#openssh-server openssh-server/permit-root-login boolean true
+
### Apt setup
# ...
### Package selection
tasksel tasksel/first multiselect ssh-server
-d-i pkgsel/include string openssh-server ntp acpid sudo bzip2 openssl
+d-i pkgsel/include string openssh-server ntp acpid sudo bzip2 openssl
# Allowed values: none, safe-upgrade, full-upgrade
d-i pkgsel/upgrade select none
@@ -121,12 +118,10 @@ popularity-contest popularity-contest/participate boolean false
### Boot loader installation
d-i grub-installer/only_debian boolean true
+d-i grub-installer/with_other_os boolean true
+d-i grub-installer/bootdev string default
d-i finish-install/reboot_in_progress note
-### Preseeding other packages
-libssl1.0.0 libssl1.0.0/restart-services string
-libssl1.0.0 libssl1.0.0/restart-failed error
-
#### Advanced options
# Prevent packaged version of VirtualBox Guest Additions being installed:
d-i preseed/early_command string sed -i \
diff --git a/tools/appliance/definitions/systemvmtemplate/zerodisk.sh b/tools/appliance/definitions/systemvmtemplate/zerodisk.sh
index d0cc131..7adea8a 100644
--- a/tools/appliance/definitions/systemvmtemplate/zerodisk.sh
+++ b/tools/appliance/definitions/systemvmtemplate/zerodisk.sh
@@ -22,9 +22,10 @@ set -x
# clean up stuff copied in by veewee
function cleanup_veewee() {
# this has to be here since it is the last file to run (and we remove ourselves)
- rm -fv /root/*.iso
- rm -fv /root/{apt_upgrade,authorized_keys,build_time,cleanup,install_systemvm_packages,zerodisk}.sh
- rm -fv /root/configure_{acpid,conntrack,grub,locale,login,networking,systemvm_services}.sh
+ cd /home/cloud
+ rm -fv *.iso
+ rm -fv {apt_upgrade,authorized_keys,cleanup,install_systemvm_packages,zerodisk}.sh
+ rm -fv configure_{acpid,conntrack,grub,locale,networking,persistent_config,systemvm_services}.sh /home/cloud/install_systemvm_packages.sh
rm -fv .veewee_version .veewee_params .vbox_version
}
@@ -32,7 +33,7 @@ function cleanup_veewee() {
function zero_disk() {
cleanup_veewee
- for path in / /boot /usr /var /var/log /opt /tmp /home
+ for path in / /boot /var/log /tmp
do
dd if=/dev/zero of=${path}/zero bs=1M || true
sync
--
To stop receiving notification emails like this one, please contact
"commits@cloudstack.apache.org" <co...@cloudstack.apache.org>.