You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ro...@apache.org on 2022/12/12 12:12:02 UTC
[cloudstack] branch 4.17 updated: systemvm: fix management route (#6921)
This is an automated email from the ASF dual-hosted git repository.
rohit pushed a commit to branch 4.17
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/4.17 by this push:
new 5516f74fcef systemvm: fix management route (#6921)
5516f74fcef is described below
commit 5516f74fcefa7b67fa56e1a10d78c1369993c191
Author: Abhishek Kumar <ab...@gmail.com>
AuthorDate: Mon Dec 12 17:41:54 2022 +0530
systemvm: fix management route (#6921)
Fixes #6873
When the management server is in a different subnet than the pod in which a VPC VR is deployed, an ip route must be added just after creation of eth0 to allow the connectivity between the VR and the management server.
Signed-off-by: Abhishek Kumar <ab...@gmail.com>
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
Co-authored-by: Rohit Yadav <ro...@shapeblue.com>
---
pom.xml | 2 +-
systemvm/debian/opt/cloud/bin/setup/common.sh | 19 +++++++++++++++++++
systemvm/debian/opt/cloud/bin/setup/init.sh | 1 +
systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh | 10 +---------
tools/appliance/README.md | 2 +-
.../scripts/configure_systemvm_services.sh | 6 +++---
tools/appliance/systemvmtemplate/template.json | 6 +++---
7 files changed, 29 insertions(+), 17 deletions(-)
diff --git a/pom.xml b/pom.xml
index b4a1673436b..3d3ba78a86b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -49,7 +49,7 @@
<!-- keep in alphabetic order -->
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
- <project.systemvm.template.version>4.17.0.0</project.systemvm.template.version>
+ <project.systemvm.template.version>4.17.2.0</project.systemvm.template.version>
<sonar.organization>apache</sonar.organization>
<sonar.host.url>https://sonarcloud.io</sonar.host.url>
diff --git a/systemvm/debian/opt/cloud/bin/setup/common.sh b/systemvm/debian/opt/cloud/bin/setup/common.sh
index 18a78311aee..7b1694c0c21 100755
--- a/systemvm/debian/opt/cloud/bin/setup/common.sh
+++ b/systemvm/debian/opt/cloud/bin/setup/common.sh
@@ -576,6 +576,25 @@ setup_vpc_apache2() {
setup_apache2_common
}
+setup_vpc_mgmt_route() {
+ log_it "Set up route for management network: $MGMTNET via local gateway: $LOCAL_GW for device eth$1 for hypervisor: $HYPERVISOR"
+ if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ]
+ then
+ mgmt_route_rule="$MGMTNET via $LOCAL_GW dev eth${1}"
+ if [ "$HYPERVISOR" == "vmware" ] || [ "$HYPERVISOR" == "hyperv" ];
+ then
+ exist=`sudo ip route show $mgmt_route_rule | wc -l`
+ if [ $exist -eq 0 ]
+ then
+ log_it "Add route for management network via local gateway, hypervisor: $HYPERVISOR, rule: $mgmt_route_rule"
+ sudo ip route add $mgmt_route_rule
+ # workaround to activate vSwitch under VMware
+ timeout 3 ping -n -c 3 $LOCAL_GW || true
+ fi
+ fi
+ fi
+}
+
clean_ipalias_config() {
rm -f /etc/apache2/conf.d/ports.*.meta-data.conf
rm -f /etc/apache2/sites-available/ipAlias*
diff --git a/systemvm/debian/opt/cloud/bin/setup/init.sh b/systemvm/debian/opt/cloud/bin/setup/init.sh
index 4795acf9cc3..436b8349336 100644
--- a/systemvm/debian/opt/cloud/bin/setup/init.sh
+++ b/systemvm/debian/opt/cloud/bin/setup/init.sh
@@ -190,6 +190,7 @@ setup_interface_sshd() {
elif [ "$TYPE" == "vpcrouter" ]; then
init_interfaces "eth0"
setup_interface "0" $ETH0_IP $ETH0_MASK $GW
+ setup_vpc_mgmt_route "0"
setup_sshd $ETH0_IP "eth0"
elif [ "$TYPE" == "ilbvm" ]; then
diff --git a/systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh b/systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh
index 7b224d9c73f..097fecde80d 100755
--- a/systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh
+++ b/systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh
@@ -54,15 +54,7 @@ setup_vpcrouter() {
echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf
echo "nameserver $NS2" >> /etc/resolv.conf
fi
- if [ -n "$MGMTNET" -a -n "$LOCAL_GW" ]
- then
- if [ "$HYPERVISOR" == "vmware" ] || [ "$HYPERVISOR" == "hyperv" ];
- then
- ip route add $MGMTNET via $LOCAL_GW dev eth0
- # workaround to activate vSwitch under VMware
- timeout 3 ping -n -c 3 $LOCAL_GW || true
- fi
- fi
+ setup_vpc_mgmt_route "0"
ip route delete default
# create route table for static route
diff --git a/tools/appliance/README.md b/tools/appliance/README.md
index 6d8370fdfa4..09f6fc0221d 100644
--- a/tools/appliance/README.md
+++ b/tools/appliance/README.md
@@ -26,7 +26,7 @@ CentOS based built-in user VM template.
# Setting up Tools and Environment
- Install packer and latest KVM, qemu on a Linux machine
-- Install tools for exporting appliances: qemu-img, ovftool, faketime
+- Install tools for exporting appliances: qemu-img, ovftool, faketime, sharutils
- Build and install `vhd-util` as described in build.sh or use pre-built
binaries at:
diff --git a/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh b/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh
index 115d340fe84..d40cbb89537 100644
--- a/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh
+++ b/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh
@@ -19,7 +19,7 @@
set -e
set -x
-CLOUDSTACK_RELEASE=4.17.0
+CLOUDSTACK_RELEASE=4.17.2
function configure_apache2() {
# Enable ssl, rewrite and auth
@@ -50,10 +50,10 @@ function configure_cacerts() {
CDIR=$(pwd)
cd /tmp
# Add LetsEncrypt ca-cert
- wget https://letsencrypt.org/certs/lets-encrypt-r3.der
wget https://letsencrypt.org/certs/isrgrootx1.der
- keytool -trustcacerts -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -importcert -alias letsencryptauthorityr3 -file lets-encrypt-r3.der
+ wget https://letsencrypt.org/certs/lets-encrypt-r3.der
keytool -trustcacerts -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -importcert -alias letsencryptauthorityx1 -file isrgrootx1.der
+ keytool -trustcacerts -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -importcert -alias letsencryptauthorityr3 -file lets-encrypt-r3.der
rm -f lets-encrypt-r3.der isrgrootx1.der
cd $CDIR
}
diff --git a/tools/appliance/systemvmtemplate/template.json b/tools/appliance/systemvmtemplate/template.json
index 960f24a75ff..4ce996b416d 100644
--- a/tools/appliance/systemvmtemplate/template.json
+++ b/tools/appliance/systemvmtemplate/template.json
@@ -23,12 +23,12 @@
],
"boot_wait": "5s",
"disk_interface": "virtio",
- "disk_size": "4000M",
+ "disk_size": "5000M",
"format": "qcow2",
"headless": true,
"http_directory": "http",
- "iso_checksum": "sha512:2810f894afab9ac2631ddd097599761c1481b85e629d6a3197fe1488713af048d37241eb85def681ba86e62b406dd9b891ee1ae7915416335b6bb000d57c1e53",
- "iso_url": "https://cdimage.debian.org/debian-cd/11.3.0/amd64/iso-cd/debian-11.3.0-amd64-netinst.iso",
+ "iso_checksum": "sha512:6a6607a05d57b7c62558e9c462fe5c6c04b9cfad2ce160c3e9140aa4617ab73aff7f5f745dfe51bbbe7b33c9b0e219a022ad682d6c327de0e53e40f079abf66a",
+ "iso_url": "https://cdimage.debian.org/debian-cd/11.5.0/amd64/iso-cd/debian-11.5.0-amd64-netinst.iso",
"net_device": "virtio-net",
"output_directory": "../dist",
"qemuargs": [