You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by ro...@apache.org on 2020/06/09 02:51:13 UTC
[cloudstack] branch master updated: systemvmtemplate: move to using
Debian10 (#4104)
This is an automated email from the ASF dual-hosted git repository.
rohit pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/master by this push:
new 1e19ea5 systemvmtemplate: move to using Debian10 (#4104)
1e19ea5 is described below
commit 1e19ea5bdd4c38d6240031375472c66beb6653fb
Author: Rohit Yadav <ro...@shapeblue.com>
AuthorDate: Tue Jun 9 08:20:51 2020 +0530
systemvmtemplate: move to using Debian10 (#4104)
This upgrades the systemvmtemplate base to Debian 10 with openjdk-11 and a newer strongswan package.
Fixes #3654
Signed-off-by: Rohit Yadav <ro...@shapeblue.com>
---
.../com/cloud/upgrade/dao/Upgrade41400to41500.java | 44 ++++++++---------
systemvm/debian/etc/apache2/vhost.template | 2 +-
tools/appliance/systemvmtemplate/http/preseed.cfg | 24 ++-------
.../systemvmtemplate/scripts/apt_upgrade.sh | 4 +-
.../scripts/configure_systemvm_services.sh | 4 +-
.../scripts/install_systemvm_packages.sh | 17 +++----
tools/appliance/systemvmtemplate/template.json | 57 +++++++++-------------
7 files changed, 63 insertions(+), 89 deletions(-)
diff --git a/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41400to41500.java b/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41400to41500.java
index e88bf6b..13c67d9 100644
--- a/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41400to41500.java
+++ b/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41400to41500.java
@@ -103,12 +103,12 @@ public class Upgrade41400to41500 implements DbUpgrade {
final Map<Hypervisor.HypervisorType, String> NewTemplateNameList = new HashMap<Hypervisor.HypervisorType, String>() {
{
- put(Hypervisor.HypervisorType.KVM, "systemvm-kvm-4.14.0");
- put(Hypervisor.HypervisorType.VMware, "systemvm-vmware-4.14.0");
- put(Hypervisor.HypervisorType.XenServer, "systemvm-xenserver-4.14.0");
- put(Hypervisor.HypervisorType.Hyperv, "systemvm-hyperv-4.14.0");
- put(Hypervisor.HypervisorType.LXC, "systemvm-lxc-4.14.0");
- put(Hypervisor.HypervisorType.Ovm3, "systemvm-ovm3-4.14.0");
+ put(Hypervisor.HypervisorType.KVM, "systemvm-kvm-4.15.0");
+ put(Hypervisor.HypervisorType.VMware, "systemvm-vmware-4.15.0");
+ put(Hypervisor.HypervisorType.XenServer, "systemvm-xenserver-4.15.0");
+ put(Hypervisor.HypervisorType.Hyperv, "systemvm-hyperv-4.15.0");
+ put(Hypervisor.HypervisorType.LXC, "systemvm-lxc-4.15.0");
+ put(Hypervisor.HypervisorType.Ovm3, "systemvm-ovm3-4.15.0");
}
};
@@ -125,30 +125,30 @@ public class Upgrade41400to41500 implements DbUpgrade {
final Map<Hypervisor.HypervisorType, String> newTemplateUrl = new HashMap<Hypervisor.HypervisorType, String>() {
{
- put(Hypervisor.HypervisorType.KVM, "https://download.cloudstack.org/systemvm/4.14/systemvmtemplate-4.14.0-kvm.qcow2.bz2");
- put(Hypervisor.HypervisorType.VMware, "https://download.cloudstack.org/systemvm/4.14/systemvmtemplate-4.14.0-vmware.ova");
- put(Hypervisor.HypervisorType.XenServer, "https://download.cloudstack.org/systemvm/4.14/systemvmtemplate-4.14.0-xen.vhd.bz2");
- put(Hypervisor.HypervisorType.Hyperv, "https://download.cloudstack.org/systemvm/4.14/systemvmtemplate-4.14.0-hyperv.vhd.zip");
- put(Hypervisor.HypervisorType.LXC, "https://download.cloudstack.org/systemvm/4.14/systemvmtemplate-4.14.0-kvm.qcow2.bz2");
- put(Hypervisor.HypervisorType.Ovm3, "https://download.cloudstack.org/systemvm/4.14/systemvmtemplate-4.14.0-ovm.raw.bz2");
+ put(Hypervisor.HypervisorType.KVM, "https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.0-kvm.qcow2.bz2");
+ put(Hypervisor.HypervisorType.VMware, "https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.0-vmware.ova");
+ put(Hypervisor.HypervisorType.XenServer, "https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.0-xen.vhd.bz2");
+ put(Hypervisor.HypervisorType.Hyperv, "https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.0-hyperv.vhd.zip");
+ put(Hypervisor.HypervisorType.LXC, "https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.0-kvm.qcow2.bz2");
+ put(Hypervisor.HypervisorType.Ovm3, "https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.0-ovm.raw.bz2");
}
};
final Map<Hypervisor.HypervisorType, String> newTemplateChecksum = new HashMap<Hypervisor.HypervisorType, String>() {
{
- put(Hypervisor.HypervisorType.KVM, "d15ed159be32151b07e3211caf9cb802");
- put(Hypervisor.HypervisorType.XenServer, "fcaf1abc9aa62e7ed75f62b3092a01a2");
- put(Hypervisor.HypervisorType.VMware, "eb39f8b5a556dfc93c6be23ae45f34e1");
- put(Hypervisor.HypervisorType.Hyperv, "b4e91c14958e0fca9470695b0be05f99");
- put(Hypervisor.HypervisorType.LXC, "d15ed159be32151b07e3211caf9cb802");
- put(Hypervisor.HypervisorType.Ovm3, "1f97f4beb30af8cda886f1e977514704");
+ put(Hypervisor.HypervisorType.KVM, "81b3e48bb934784a13555a43c5ef5ffb");
+ put(Hypervisor.HypervisorType.XenServer, "1b178a5dbdbe090555515340144c6017");
+ put(Hypervisor.HypervisorType.VMware, "e6a88e518c57d6f36c096c4204c3417f");
+ put(Hypervisor.HypervisorType.Hyperv, "5c94da45337cf3e1910dcbe084d4b9ad");
+ put(Hypervisor.HypervisorType.LXC, "81b3e48bb934784a13555a43c5ef5ffb");
+ put(Hypervisor.HypervisorType.Ovm3, "875c5c65455fc06c4a012394410db375");
}
};
for (final Map.Entry<Hypervisor.HypervisorType, String> hypervisorAndTemplateName : NewTemplateNameList.entrySet()) {
LOG.debug("Updating " + hypervisorAndTemplateName.getKey() + " System Vms");
try (PreparedStatement pstmt = conn.prepareStatement("select id from `cloud`.`vm_template` where name = ? and removed is null order by id desc limit 1")) {
- // Get 4.11 systemvm template id for corresponding hypervisor
+ // Get systemvm template id for corresponding hypervisor
long templateId = -1;
pstmt.setString(1, hypervisorAndTemplateName.getValue());
try (ResultSet rs = pstmt.executeQuery()) {
@@ -198,12 +198,12 @@ public class Upgrade41400to41500 implements DbUpgrade {
// Change value of global configuration parameter
// minreq.sysvmtemplate.version for the ACS version
try (PreparedStatement update_pstmt = conn.prepareStatement("UPDATE `cloud`.`configuration` SET value = ? WHERE name = ?");) {
- update_pstmt.setString(1, "4.14.0");
+ update_pstmt.setString(1, "4.15.0");
update_pstmt.setString(2, "minreq.sysvmtemplate.version");
update_pstmt.executeUpdate();
} catch (final SQLException e) {
- LOG.error("updateSystemVmTemplates:Exception while setting 'minreq.sysvmtemplate.version' to 4.14.0: " + e.getMessage());
- throw new CloudRuntimeException("updateSystemVmTemplates:Exception while setting 'minreq.sysvmtemplate.version' to 4.14.0", e);
+ LOG.error("updateSystemVmTemplates:Exception while setting 'minreq.sysvmtemplate.version' to 4.15.0: " + e.getMessage());
+ throw new CloudRuntimeException("updateSystemVmTemplates:Exception while setting 'minreq.sysvmtemplate.version' to 4.15.0", e);
}
} else {
if (hypervisorsListInUse.contains(hypervisorAndTemplateName.getKey())) {
diff --git a/systemvm/debian/etc/apache2/vhost.template b/systemvm/debian/etc/apache2/vhost.template
index 0226bb4..e930104 100644
--- a/systemvm/debian/etc/apache2/vhost.template
+++ b/systemvm/debian/etc/apache2/vhost.template
@@ -90,7 +90,7 @@
# Enable/Disable SSL for this virtual host.
SSLEngine on
SSLProtocol TLSv1.2
- SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE- [...]
+ SSLCipherSuite @SECLEVEL=1:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES [...]
SSLHonorCipherOrder on
# A self-signed (snakeoil) certificate can be created by installing
diff --git a/tools/appliance/systemvmtemplate/http/preseed.cfg b/tools/appliance/systemvmtemplate/http/preseed.cfg
index aa63f0e..ce51f74 100644
--- a/tools/appliance/systemvmtemplate/http/preseed.cfg
+++ b/tools/appliance/systemvmtemplate/http/preseed.cfg
@@ -18,8 +18,10 @@
### Localization
# Locale sets language and country.
d-i debian-installer/locale string en_US.UTF-8
+d-i debian-installer/country string IN
# Keyboard selection.
+d-i keymap select us
d-i keyboard-configuration/xkb-keymap select us
### Network configuration
@@ -32,7 +34,7 @@ d-i hw-detect/load_firmware boolean true
### Mirror settings
d-i mirror/country string manual
-d-i mirror/http/hostname string http.debian.net
+d-i mirror/http/hostname string deb.debian.org
d-i mirror/http/directory string /debian
d-i mirror/http/proxy string
@@ -60,21 +62,11 @@ d-i partman-auto/expert_recipe string \
use_filesystem{ } filesystem{ ext2 } \
mountpoint{ /boot } \
. \
- 1175 40 1200 ext4 \
+ 2240 40 2500 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ / } \
. \
- 480 50 700 ext4 \
- method{ format } format{ } \
- use_filesystem{ } filesystem{ ext4 } \
- mountpoint{ /var } \
- . \
- 80 90 100 ext4 \
- method{ format } format{ } \
- use_filesystem{ } filesystem{ ext4 } \
- mountpoint{ /tmp } \
- . \
256 1000 256 linux-swap \
method{ swap } format{ } \
.
@@ -100,24 +92,18 @@ d-i user-setup/encrypt-home boolean false
d-i user-setup/allow-password-weak boolean true
d-i passwd/user-default-groups string audio cdrom video admin
-openssh-server openssh-server/permit-root-login boolean true
-
### Package selection
tasksel tasksel/first multiselect ssh-server
d-i pkgsel/include string openssh-server ntp acpid sudo bzip2 openssl
# Allowed values: none, safe-upgrade, full-upgrade
d-i pkgsel/upgrade select full-upgrade
+d-i pkgsel/update-policy select none
popularity-contest popularity-contest/participate boolean false
### Boot loader installation
d-i grub-installer/only_debian boolean true
-d-i grub-installer/with_other_os boolean true
d-i grub-installer/bootdev string default
d-i finish-install/reboot_in_progress note
#### Advanced options
-# Prevent packaged version of VirtualBox Guest Additions being installed:
-d-i preseed/early_command string sed -i \
- '/in-target/idiscover(){/sbin/discover|grep -v VirtualBox;}' \
- /usr/lib/pre-pkgsel.d/20install-hwpackages
diff --git a/tools/appliance/systemvmtemplate/scripts/apt_upgrade.sh b/tools/appliance/systemvmtemplate/scripts/apt_upgrade.sh
index cedbb1c..ea75c2d 100644
--- a/tools/appliance/systemvmtemplate/scripts/apt_upgrade.sh
+++ b/tools/appliance/systemvmtemplate/scripts/apt_upgrade.sh
@@ -36,8 +36,8 @@ function add_backports() {
sed -i '/deb-src/d' /etc/apt/sources.list
sed -i '/backports/d' /etc/apt/sources.list
sed -i '/security/d' /etc/apt/sources.list
- echo 'deb http://http.debian.net/debian stretch-backports main' >> /etc/apt/sources.list
- echo 'deb http://security.debian.org/debian-security stretch/updates main' >> /etc/apt/sources.list
+ echo 'deb http://http.debian.net/debian buster-backports main' >> /etc/apt/sources.list
+ echo 'deb http://security.debian.org/debian-security buster/updates main' >> /etc/apt/sources.list
}
function apt_upgrade() {
diff --git a/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh b/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh
index 7349298..4e8605d 100644
--- a/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh
+++ b/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh
@@ -19,7 +19,7 @@
set -e
set -x
-CLOUDSTACK_RELEASE=4.14.0
+CLOUDSTACK_RELEASE=4.15.0
function configure_apache2() {
# Enable ssl, rewrite and auth
@@ -41,7 +41,7 @@ function configure_issue() {
__?.o/ Apache CloudStack SystemVM $CLOUDSTACK_RELEASE
( )# https://cloudstack.apache.org
- (___(_) Debian GNU/Linux 9.12 \n \l
+ (___(_) Debian GNU/Linux 10 \n \l
EOF
}
diff --git a/tools/appliance/systemvmtemplate/scripts/install_systemvm_packages.sh b/tools/appliance/systemvmtemplate/scripts/install_systemvm_packages.sh
index 1f18b25..2e788f3 100644
--- a/tools/appliance/systemvmtemplate/scripts/install_systemvm_packages.sh
+++ b/tools/appliance/systemvmtemplate/scripts/install_systemvm_packages.sh
@@ -41,26 +41,26 @@ function install_packages() {
local arch=`dpkg --print-architecture`
debconf_packages
- install_vhd_util
local apt_get="apt-get --no-install-recommends -q -y"
${apt_get} install grub-legacy \
- rsyslog logrotate cron net-tools ifupdown tmux vim-tiny htop netbase iptables \
- openssh-server e2fsprogs tcpdump iftop socat wget \
- python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps \
+ rsyslog logrotate cron net-tools ifupdown tmux vim-tiny htop netbase iptables nftables \
+ openssh-server e2fsprogs tcpdump iftop socat wget coreutils systemd \
+ python python3 bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps \
inetutils-ping iputils-arping httping curl \
- dnsutils zip unzip ethtool uuid file iproute acpid sudo \
+ dnsutils zip unzip ethtool uuid file iproute2 acpid sudo \
sysstat python-netaddr \
apache2 ssl-cert \
dnsmasq dnsmasq-utils \
nfs-common \
samba-common cifs-utils \
- xl2tpd bcrelay ppp ipsec-tools tdb-tools \
+ xl2tpd bcrelay ppp tdb-tools \
xenstore-utils libxenstore3.0 \
ipvsadm conntrackd libnetfilter-conntrack3 \
keepalived irqbalance \
ipcalc \
+ openjdk-11-jre-headless \
ipset \
iptables-persistent \
libtcnative-1 libssl-dev libapr1-dev \
@@ -69,11 +69,9 @@ function install_packages() {
haveged \
radvd \
sharutils genisoimage aria2 \
- strongswan libcharon-extra-plugins libstrongswan-extra-plugins \
+ strongswan libcharon-extra-plugins libstrongswan-extra-plugins strongswan-charon strongswan-starter \
virt-what open-vm-tools qemu-guest-agent hyperv-daemons
- apt-get -q -y -t stretch-backports install nftables openjdk-11-jre-headless
-
apt-get -y autoremove --purge
apt-get clean
apt-get autoclean
@@ -87,6 +85,7 @@ function install_packages() {
${apt_get} install libuuid1:i386 libc6:i386
fi
+ install_vhd_util
# Install xenserver guest utilities as debian repos don't have it
wget https://mirrors.kernel.org/ubuntu/pool/main/x/xe-guest-utilities/xe-guest-utilities_7.10.0-0ubuntu1_amd64.deb
dpkg -i xe-guest-utilities_7.10.0-0ubuntu1_amd64.deb
diff --git a/tools/appliance/systemvmtemplate/template.json b/tools/appliance/systemvmtemplate/template.json
index 1397b6c..0fa9fb1 100644
--- a/tools/appliance/systemvmtemplate/template.json
+++ b/tools/appliance/systemvmtemplate/template.json
@@ -4,7 +4,7 @@
"provisioners": [
{
"type": "shell",
- "execute_command": "echo 'cloud'|sudo -S bash '{{.Path}}'",
+ "execute_command": "echo 'cloud' | sudo -u root -S bash {{.Path}}",
"scripts": [
"scripts/apt_upgrade.sh",
"scripts/configure_grub.sh",
@@ -13,11 +13,11 @@
"scripts/configure_acpid.sh",
"scripts/install_systemvm_packages.sh",
"scripts/configure_conntrack.sh",
- "../cloud_scripts_shar_archive.sh",
- "scripts/configure_systemvm_services.sh",
"scripts/authorized_keys.sh",
"scripts/configure_persistent_config.sh",
"scripts/configure_login.sh",
+ "../cloud_scripts_shar_archive.sh",
+ "scripts/configure_systemvm_services.sh",
"scripts/cleanup.sh",
"scripts/finalize.sh"
]
@@ -29,50 +29,39 @@
"accelerator": "kvm",
"headless": true,
"qemuargs": [
- [ "-m", "512M" ],
- [ "-smp", "cpus=1,maxcpus=1,cores=1" ]
+ [ "-m", "500M" ],
+ [ "-smp", "1" ]
],
- "disk_size": 2000,
"format": "qcow2",
-
+ "disk_size": 2500,
"disk_interface": "virtio",
"net_device": "virtio-net",
-
- "iso_url": "https://cdimage.debian.org/cdimage/archive/9.12.0/amd64/iso-cd/debian-9.12.0-amd64-netinst.iso",
- "iso_checksum": "af81de39678db1f814be4ce1b7b64b891f6f59926d6f835842c4b52b462ac7e78c45b5efd8273c196d64ba0b2dd1a0aabfb97c6e4f10702ee11a72e07aec9d67",
+ "iso_url": "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-10.4.0-amd64-netinst.iso",
+ "iso_checksum": "ec69e4bfceca56222e6e81766bf235596171afe19d47c20120783c1644f72dc605d341714751341051518b0b322d6c84e9de997815e0c74f525c66f9d9eb4295",
"iso_checksum_type": "sha512",
-
- "vm_name": "systemvmtemplate",
"output_directory": "../dist",
-
"http_directory": "http",
- "http_port_min": 10082,
- "http_port_max": 10089,
-
- "ssh_host_port_min": 2222,
- "ssh_host_port_max": 2229,
-
+ "vm_name": "systemvmtemplate",
"ssh_username": "cloud",
"ssh_password": "cloud",
- "ssh_port": 22,
"ssh_wait_timeout": "30m",
-
- "boot_wait": "10s",
+ "boot_wait": "5s",
"boot_command": [
"<esc><wait>",
"install <wait>",
- " preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg <wait>",
- " debian-installer=en_US <wait>",
- " auto <wait>",
- " locale=en_US <wait>",
- " kbd-chooser/method=us <wait>",
- " netcfg/get_hostname=systemvm <wait>",
- " netcfg/get_domain=apache.org <wait>",
- " fb=false <wait>",
- " debconf/frontend=noninteractive <wait>",
- " console-setup/ask_detect=false <wait>",
- " console-keymaps-at/keymap=us <wait>",
- " keyboard-configuration/xkb-keymap=us <wait>",
+ "preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg <wait>",
+ "debian-installer=en_US.UTF-8 <wait>",
+ "auto <wait>",
+ "language=en locale=en_US.UTF-8 <wait>",
+ "kbd-chooser/method=us <wait>",
+ "keyboard-configuration/xkb-keymap=us <wait>",
+ "netcfg/get_hostname=systemvm <wait>",
+ "netcfg/get_domain=apache.org <wait>",
+ "country=IN keymap=us <wait>",
+ "fb=false <wait>",
+ "debconf/frontend=noninteractive <wait>",
+ "console-setup/ask_detect=false <wait>",
+ "console-keymaps-at/keymap=us <wait>",
"<enter><wait>"
],