This is an automated email from the ASF dual-hosted git repository. rohit pushed a commit to branch debian9-systemvmtemplate in repository https://gitbox.apache.org/repos/asf/cloudstack.git
commit d8ad2228d7db6099883e32d9dd5269439f70e770 Author: Rohit Yadav <rohit.ya...@shapeblue.com> AuthorDate: Sun Jul 23 18:01:35 2017 +0200 CLOUDSTACK-10013: Migrate systemvmtemplate to Debian9 SystemVM changes to work on Debian 9 - Migrate away from chkconfig to systemctl - Remove xenstore-utils override deb pkg - Fix runlevel in sysv scripts for systemd Signed-off-by: Rohit Yadav <rohit.ya...@shapeblue.com> --- systemvm/patches/debian/buildsystemvm.sh | 577 --------------------- systemvm/patches/debian/config/etc/init.d/cloud | 10 +- .../debian/config/etc/init.d/cloud-early-config | 23 +- .../debian/config/etc/init.d/cloud-passwd-srvr | 10 +- systemvm/patches/debian/config/etc/init.d/postinit | 6 +- systemvm/patches/debian/config/etc/rc.local | 2 +- systemvm/patches/debian/config/etc/ssh/sshd_config | 1 - .../debian/config/opt/cloud/bin/patchsystemvm.sh | 128 ++--- tools/appliance/build.sh | 2 +- .../definitions/systemvmtemplate/apt_upgrade.sh | 9 +- .../systemvmtemplate/authorized_keys.sh | 1 + .../definitions/systemvmtemplate/build_time.sh | 26 - .../definitions/systemvmtemplate/cleanup.sh | 1 - .../definitions/systemvmtemplate/configure_grub.sh | 6 +- .../systemvmtemplate/configure_login.sh | 15 +- .../systemvmtemplate/configure_networking.sh | 25 +- .../configure_systemvm_services.sh | 94 +++- .../definitions/systemvmtemplate/definition.rb | 36 +- .../systemvmtemplate/install_systemvm_packages.sh | 32 +- .../definitions/systemvmtemplate/preseed.cfg | 69 ++- .../definitions/systemvmtemplate/zerodisk.sh | 9 +- 21 files changed, 267 insertions(+), 815 deletions(-) diff --git a/systemvm/patches/debian/buildsystemvm.sh b/systemvm/patches/debian/buildsystemvm.sh deleted file mode 100755 index a34b1dd..0000000 --- a/systemvm/patches/debian/buildsystemvm.sh +++ /dev/null @@ -1,577 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -echo "####################################################" -echo " Note there is a new systemvm build script based on " -echo " Veewee(Vagrant) under tools/appliance." -echo "####################################################" - -set -e -set -x - -IMAGENAME=systemvm -LOCATION=/var/lib/images/systemvm -PASSWORD=password -#APT_PROXY=192.168.1.115:3142/ -APT_PROXY= -HOSTNAME=systemvm -SIZE=2000 -DEBIAN_MIRROR=ftp.us.debian.org/debian -MINIMIZE=true -CLOUDSTACK_RELEASE=4.0 -offset=4096 -baseimage() { - mkdir -p $LOCATION - #dd if=/dev/zero of=$IMAGELOC bs=1M count=$SIZE - dd if=/dev/zero of=$IMAGELOC bs=1M seek=$((SIZE - 1)) count=1 - loopdev=$(losetup -f) - losetup $loopdev $IMAGELOC - parted $loopdev -s 'mklabel msdos' - parted $loopdev -s 'mkpart primary ext3 4096B -1' - sleep 2 - losetup -d $loopdev - loopdev=$(losetup --show -o $offset -f $IMAGELOC ) - mkfs.ext3 -L ROOT $loopdev - mkdir -p $MOUNTPOINT - tune2fs -c 100 -i 0 $loopdev - sleep 2 - losetup -d $loopdev - - mount -o loop,offset=$offset $IMAGELOC $MOUNTPOINT - - #debootstrap --variant=minbase --keyring=/usr/share/keyrings/debian-archive-keyring.gpg wheezy $MOUNTPOINT http://${APT_PROXY}${DEBIAN_MIRROR} - debootstrap --variant=minbase --arch=i386 wheezy $MOUNTPOINT http://${APT_PROXY}${DEBIAN_MIRROR} -} - - -fixapt() { - if [ "$APT_PROXY" != "" ]; then - cat >> etc/apt/apt.conf.d/01proxy << EOF -Acquire::http::Proxy "http://${APT_PROXY}"; -EOF - fi - - cat > etc/apt/sources.list << EOF -deb http://http.debian.net/debian/ wheezy main contrib non-free -deb-src http://http.debian.net/debian/ wheezy main contrib non-free - -deb http://security.debian.org/ wheezy/updates main -deb-src http://security.debian.org/ wheezy/updates main - -deb http://http.debian.net/debian/ wheezy-backports main -deb-src http://http.debian.net/debian/ wheezy-backports main -EOF - - cat >> etc/apt/apt.conf << EOF -APT::Default-Release "stable"; -EOF - - cat >> etc/apt/preferences << EOF -Package: * -Pin: release o=Debian,a=stable -Pin-Priority: 900 -EOF - - #apt-key exportall | chroot . apt-key add - && - chroot . apt-get update && - echo "Apt::Install-Recommends 0;" > etc/apt/apt.conf.d/local-recommends - - cat >> usr/sbin/policy-rc.d << EOF -#!/bin/sh -exit 101 -EOF - chmod a+x usr/sbin/policy-rc.d - - cat >> etc/default/locale << EOF -LANG=en_US.UTF-8 -LC_ALL=en_US.UTF-8 -EOF - - cat >> etc/locale.gen << EOF -en_US.UTF-8 UTF-8 -EOF - - DEBIAN_FRONTEND=noninteractive - DEBIAN_PRIORITY=critical - export DEBIAN_FRONTEND DEBIAN_PRIORITY - chroot . dpkg-reconfigure debconf --frontend=noninteractive - chroot . apt-get -q -y install locales -} - -network() { - - echo "$HOSTNAME" > etc/hostname && - cat > etc/hosts << EOF -127.0.0.1 localhost -# The following lines are desirable for IPv6 capable hosts -::1 localhost ip6-localhost ip6-loopback -fe00::0 ip6-localnet -ff00::0 ip6-mcastprefix -ff02::1 ip6-allnodes -ff02::2 ip6-allrouters -ff02::3 ip6-allhosts -EOF - - cat >> etc/network/interfaces << EOF -auto lo eth0 -iface lo inet loopback - -# The primary network interface -iface eth0 inet static - -EOF -} - -install_kernel() { - DEBIAN_FRONTEND=noninteractive - DEBIAN_PRIORITY=critical - export DEBIAN_FRONTEND DEBIAN_PRIORITY - - chroot . apt-get -qq -y --force-yes install grub-legacy && - cp -av usr/lib/grub/i386-pc boot/grub - #for some reason apt-get install grub does not install grub/stage1 etc - #loopd=$(losetup -f --show $1) - #grub-install $loopd --root-directory=$MOUNTPOINT - #losetup -d $loopd - grub << EOF && -device (hd0) $1 -root (hd0,0) -setup (hd0) -quit -EOF - # install a kernel image - cat > etc/kernel-img.conf << EOF && -do_symlinks = yes -link_in_boot = yes -do_initrd = yes -EOF - touch /mnt/systemvm/boot/grub/default - chroot . apt-get install -qq -y --force-yes linux-image-686-bigmem - cat >> etc/kernel-img.conf << EOF -postinst_hook = /usr/sbin/update-grub -postrm_hook = /usr/sbin/update-grub -EOF -} - - -fixgrub() { - kern=$(basename $(ls boot/vmlinuz-*)) - ver=${kern#vmlinuz-} - cat > boot/grub/menu.lst << EOF -default 0 -timeout 2 -color cyan/blue white/blue - -### BEGIN AUTOMAGIC KERNELS LIST -# kopt=root=LABEL=ROOT ro - -## ## End Default Options ## -title Debian GNU/Linux, kernel $ver -root (hd0,0) -kernel /boot/$kern root=LABEL=ROOT ro console=tty0 xencons=ttyS0,115200 console=hvc0 quiet -initrd /boot/initrd.img-$ver - -### END DEBIAN AUTOMAGIC KERNELS LIST -EOF - (cd boot/grub; ln -s menu.lst grub.conf) -} - -fixinittab() { - cat >> etc/inittab << EOF - -vc:2345:respawn:/sbin/getty 38400 hvc0 -EOF -} - -fixfstab() { - cat > etc/fstab << EOF -# <file system> <mount point> <type> <options> <dump> <pass> -proc /proc proc defaults 0 0 -LABEL=ROOT / ext3 errors=remount-ro,sync,noatime 0 1 -EOF -} - -fixacpid() { - mkdir -p etc/acpi/events - cat >> etc/acpi/events/power << EOF -event=button/power.* -action=/usr/local/sbin/power.sh "%e" -EOF - cat >> usr/local/sbin/power.sh << EOF -#!/bin/bash -/sbin/poweroff -EOF - chmod a+x usr/local/sbin/power.sh -} - -fixiptables() { -cat >> etc/modules << EOF -nf_conntrack -nf_conntrack_ipv4 -EOF -cat > etc/init.d/iptables-persistent << EOF -#!/bin/sh -### BEGIN INIT INFO -# Provides: iptables -# Required-Start: mountkernfs $local_fs -# Required-Stop: $local_fs -# Should-Start: cloud-early-config -# Default-Start: S -# Default-Stop: -# Short-Description: Set up iptables rules -### END INIT INFO - -PATH="/sbin:/bin:/usr/sbin:/usr/bin" - -# Include config file for iptables-persistent -. /etc/iptables/iptables.conf - -case "\$1" in -start) - if [ -e /var/run/iptables ]; then - echo "iptables is already started!" - exit 1 - else - touch /var/run/iptables - fi - - if [ \$ENABLE_ROUTING -ne 0 ]; then - # Enable Routing - echo 1 > /proc/sys/net/ipv4/ip_forward - fi - - # Load Modules - modprobe -a \$MODULES - - # Load saved rules - if [ -f /etc/iptables/rules ]; then - iptables-restore </etc/iptables/rules - fi - ;; -stop|force-stop) - if [ ! -e /var/run/iptables ]; then - echo "iptables is already stopped!" - exit 1 - else - rm /var/run/iptables - fi - - if [ \$SAVE_NEW_RULES -ne 0 ]; then - # Backup old rules - cp /etc/iptables/rules /etc/iptables/rules.bak - # Save new rules - iptables-save >/etc/iptables/rules - fi - - # Restore Default Policies - iptables -P INPUT ACCEPT - iptables -P FORWARD ACCEPT - iptables -P OUTPUT ACCEPT - - # Flush rules on default tables - iptables -F - iptables -t nat -F - iptables -t mangle -F - - # Unload previously loaded modules - modprobe -r \$MODULES - - # Disable Routing if enabled - if [ \$ENABLE_ROUTING -ne 0 ]; then - # Disable Routing - echo 0 > /proc/sys/net/ipv4/ip_forward - fi - - ;; -restart|force-reload) - \$0 stop - \$0 start - ;; -status) - echo "Filter Rules:" - echo "--------------" - iptables -L -v - echo "" - echo "NAT Rules:" - echo "-------------" - iptables -t nat -L -v - echo "" - echo "Mangle Rules:" - echo "----------------" - iptables -t mangle -L -v - ;; -*) - echo "Usage: \$0 {start|stop|force-stop|restart|force-reload|status}" >&2 - exit 1 - ;; -esac - -exit 0 -EOF - chmod a+x etc/init.d/iptables-persistent - - - touch etc/iptables/iptables.conf - cat > etc/iptables/iptables.conf << EOF -# A basic config file for the /etc/init.d/iptable-persistent script - -# Should new manually added rules from command line be saved on reboot? Assign to a value different that 0 if you want this enabled. -SAVE_NEW_RULES=0 - -# Modules to load: -MODULES="nf_nat_ftp nf_conntrack_ftp" - -# Enable Routing? -ENABLE_ROUTING=1 -EOF - chmod a+x etc/iptables/iptables.conf - -} - -vpn_config() { - cp -r ${scriptdir}/vpn/* ./ -} - -# -# IMPORTANT REMARK -# Package intallation is no longer done via this script. We are not removing the code yet, but we want to -# make sure that everybody willing to install/update packages should refer to the file: -# ==> cloud-tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh -# -packages() { - DEBIAN_FRONTEND=noninteractive - DEBIAN_PRIORITY=critical - DEBCONF_DB_OVERRIDE=’File{/root/config.dat}’ - export DEBIAN_FRONTEND DEBIAN_PRIORITY DEBCONF_DB_OVERRIDE - - #basic stuff - chroot . apt-get --no-install-recommends -q -y --force-yes install rsyslog logrotate cron chkconfig insserv net-tools ifupdown vim-tiny netbase iptables openssh-server grub-legacy e2fsprogs dhcp3-client dnsmasq tcpdump socat wget python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps monit inetutils-ping iputils-arping httping dnsutils zip unzip ethtool uuid file iproute acpid iptables-persistent virt-what sudo - #fix hostname in openssh-server generated keys - sed -i "s/root@\(.*\)$/root@systemvm/g" etc/ssh/ssh_host_*.pub - - #sysstat - chroot . echo 'sysstat sysstat/enable boolean true' | chroot . debconf-set-selections - chroot . apt-get --no-install-recommends -q -y --force-yes install sysstat - #apache - chroot . apt-get --no-install-recommends -q -y --force-yes install apache2 ssl-cert - #haproxy - chroot . apt-get --no-install-recommends -q -y --force-yes install haproxy - #dnsmasq - chroot . apt-get --no-install-recommends -q -y --force-yes install dnsmasq - #nfs client - chroot . apt-get --no-install-recommends -q -y --force-yes install nfs-common - #vpn stuff - chroot . apt-get --no-install-recommends -q -y --force-yes install xl2tpd openswan bcrelay ppp ipsec-tools tdb-tools - #vmware tools - chroot . apt-get --no-install-recommends -q -y --force-yes install open-vm-tools - #xenstore utils - chroot . apt-get --no-install-recommends -q -y --force-yes install xenstore-utils libxenstore3.0 - #keepalived - install version 1.2.13 from wheezy backports - chroot . apt-get --no-install-recommends -q -y --force-yes -t wheezy-backports install keepalived - #conntrackd - chroot . apt-get --no-install-recommends -q -y --force-yes install conntrackd ipvsadm libnetfilter-conntrack3 libnl1 - #ipcalc - chroot . apt-get --no-install-recommends -q -y --force-yes install ipcalc - #irqbalance from wheezy-backports - chroot . apt-get --no-install-recommends -q -y --force-yes -t wheezy-backports install irqbalance - - echo "***** getting jre 7 *********" - chroot . apt-get --no-install-recommends -q -y install openjdk-7-jre-headless -} - - -password() { - chroot . echo "root:$PASSWORD" | chroot . chpasswd -} - -apache2() { - chroot . a2enmod ssl rewrite auth_basic auth_digest - chroot . a2ensite default-ssl - cp etc/apache2/sites-available/default etc/apache2/sites-available/default.orig - cp etc/apache2/sites-available/default-ssl etc/apache2/sites-available/default-ssl.orig -} - -services() { - mkdir -p ./var/www/html - mkdir -p ./opt/cloud/bin - mkdir -p ./var/cache/cloud - mkdir -p ./usr/share/cloud - mkdir -p ./usr/local/cloud - mkdir -p ./root/.ssh - #Fix haproxy directory issue - mkdir -p ./var/lib/haproxy - - /bin/cp -r ${scriptdir}/config/* ./ - chroot . chkconfig xl2tpd off - chroot . chkconfig --add cloud-early-config - chroot . chkconfig cloud-early-config on - chroot . chkconfig --add iptables-persistent - chroot . chkconfig iptables-persistent off - chroot . chkconfig --force --add cloud-passwd-srvr - chroot . chkconfig cloud-passwd-srvr off - chroot . chkconfig --add cloud - chroot . chkconfig cloud off - chroot . chkconfig monit off -} - -dhcp_fix() { - #deal with virtio DHCP issue, copy and install customized kernel module and iptables - mkdir -p tmp - cp /tmp/systemvm/xt_CHECKSUM.ko lib/modules/2.6.32-5-686-bigmem/kernel/net/netfilter - chroot . depmod -a 2.6.32-5-686-bigmem - cp /tmp/systemvm/iptables_1.4.8-3local1checksum1_i386.deb tmp/ - chroot . dpkg -i tmp/iptables_1.4.8-3local1checksum1_i386.deb - rm tmp/iptables_1.4.8-3local1checksum1_i386.deb -} - -install_xs_tool() { - #deal with virtio DHCP issue, copy and install customized kernel module and iptables - mkdir -p tmp - cp /tmp/systemvm/xe-guest-utilities_5.6.0-595_i386.deb tmp/ - chroot . dpkg -i tmp/xe-guest-utilities_5.6.0-595_i386.deb - rm tmp/xe-guest-utilities_5.6.0-595_i386.deb -} - -cleanup() { - rm -f usr/sbin/policy-rc.d - rm -f root/config.dat - rm -f etc/apt/apt.conf.d/01proxy - - if [ "$MINIMIZE" == "true" ] - then - rm -rf var/cache/apt/* - rm -rf var/lib/apt/* - rm -rf usr/share/locale/[a-d]* - rm -rf usr/share/locale/[f-z]* - rm -rf usr/share/doc/* - size=$(df $MOUNTPOINT | awk '{print $4}' | grep -v Available) - dd if=/dev/zero of=$MOUNTPOINT/zeros.img bs=1M count=$((((size-150000)) / 1000)) - rm -f $MOUNTPOINT/zeros.img - fi -} - -signature() { - (cd ${scriptdir}/config; tar cvf ${MOUNTPOINT}/usr/share/cloud/cloud-scripts.tar *) - (cd ${scriptdir}/vpn; tar rvf ${MOUNTPOINT}/usr/share/cloud/cloud-scripts.tar *) - gzip -c ${MOUNTPOINT}/usr/share/cloud/cloud-scripts.tar > ${MOUNTPOINT}/usr/share/cloud/cloud-scripts.tgz - md5sum ${MOUNTPOINT}/usr/share/cloud/cloud-scripts.tgz |awk '{print $1}' > ${MOUNTPOINT}/var/cache/cloud/cloud-scripts-signature - echo "Cloudstack Release $CLOUDSTACK_RELEASE $(date)" > ${MOUNTPOINT}/etc/cloudstack-release -} - -#check grub version - -grub --version | grep "0.9" > /dev/null -if [ $? -ne 0 ] -then - echo You need grub 0.9x\(grub-legacy\) to use this script! - exit 1 -fi - -mkdir -p $IMAGENAME -mkdir -p $LOCATION -MOUNTPOINT=/mnt/$IMAGENAME/ -IMAGELOC=$LOCATION/$IMAGENAME.img -scriptdir=$(dirname $PWD/$0) - -rm -rf /tmp/systemvm -mkdir -p /tmp/systemvm -#cp ./xt_CHECKSUM.ko /tmp/systemvm -#cp ./iptables_1.4.8-3local1checksum1_i386.deb /tmp/systemvm -#cp ./xe-guest-utilities_5.6.0-595_i386.deb /tmp/systemvm - -rm -f $IMAGELOC -begin=$(date +%s) -echo "*************INSTALLING BASEIMAGE********************" -baseimage - -cp $scriptdir/config.dat $MOUNTPOINT/root/ -cd $MOUNTPOINT - -mount -o bind /proc $MOUNTPOINT/proc -mount -o bind /dev $MOUNTPOINT/dev - -echo "*************CONFIGURING APT********************" -fixapt -echo "*************DONE CONFIGURING APT********************" - -echo "*************CONFIGURING NETWORK********************" -network -echo "*************DONE CONFIGURING NETWORK********************" - -echo "*************INSTALLING KERNEL********************" -install_kernel $IMAGELOC -echo "*************DONE INSTALLING KERNEL********************" - -echo "*************CONFIGURING GRUB********************" -fixgrub $IMAGELOC -echo "*************DONE CONFIGURING GRUB********************" - - -echo "*************CONFIGURING INITTAB********************" -fixinittab -echo "*************DONE CONFIGURING INITTAB********************" - -echo "*************CONFIGURING FSTAB********************" -fixfstab -echo "*************DONE CONFIGURING FSTAB********************" - -echo "*************CONFIGURING ACPID********************" -fixacpid -echo "*************DONE CONFIGURING ACPID********************" - -echo "*************INSTALLING PACKAGES********************" -packages -echo "*************DONE INSTALLING PACKAGES********************" - -echo "*************CONFIGURING IPTABLES********************" -fixiptables -echo "*************DONE CONFIGURING IPTABLES********************" - -echo "*************CONFIGURING PASSWORD********************" -password - -echo "*************CONFIGURING SERVICES********************" -services - -echo "*************CONFIGURING APACHE********************" -apache2 - -echo "*************CONFIGURING VPN********************" -vpn_config - -echo "*************FIX DHCP ISSUE********************" -#dhcp_fix - -echo "*************INSTALL XS TOOLS********************" -#install_xs_tool - -echo "*************CLEANING UP********************" -cleanup - -echo "*************GENERATING SIGNATURE********************" -signature - -cd $scriptdir - -umount $MOUNTPOINT/proc -umount $MOUNTPOINT/dev -umount $MOUNTPOINT -fin=$(date +%s) -t=$((fin-begin)) -echo "Finished building image $IMAGELOC in $t seconds" - diff --git a/systemvm/patches/debian/config/etc/init.d/cloud b/systemvm/patches/debian/config/etc/init.d/cloud index f9a9915..9b3a63b 100755 --- a/systemvm/patches/debian/config/etc/init.d/cloud +++ b/systemvm/patches/debian/config/etc/init.d/cloud @@ -1,13 +1,11 @@ -#!/bin/bash +#!/bin/bash ### BEGIN INIT INFO # Provides: cloud -# Required-Start: mountkernfs $local_fs cloud-early-config +# Required-Start: $local_fs cloud-early-config # Required-Stop: $local_fs -# Should-Start: -# Should-Stop: -# Default-Start: +# Default-Start: 3 4 5 # Default-Stop: 0 1 6 -# Short-Description: Start up the CloudStack cloud service +# Short-Description: Start up the CloudStack cloud service ### END INIT INFO # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file diff --git a/systemvm/patches/debian/config/etc/init.d/cloud-early-config b/systemvm/patches/debian/config/etc/init.d/cloud-early-config index 3bdebdb..1d3a890 100755 --- a/systemvm/patches/debian/config/etc/init.d/cloud-early-config +++ b/systemvm/patches/debian/config/etc/init.d/cloud-early-config @@ -1,10 +1,8 @@ #!/bin/bash ### BEGIN INIT INFO # Provides: cloud-early-config -# Required-Start: mountkernfs $local_fs +# Required-Start: $local_fs # Required-Stop: $local_fs -# Should-Start: -# Should-Stop: # Default-Start: S # Default-Stop: 0 6 # Short-Description: configure according to cmdline @@ -38,6 +36,9 @@ mkdir -p /var/lib/haproxy # Clear boot up flag, it would be created by rc.local after boot up done rm -f /var/cache/cloud/boot_up_done +# Randomize cloud password so only ssh login is allowed +echo "cloud:`openssl rand -base64 32`" | chpasswd + [ -x /sbin/ifup ] || exit 0 . /lib/lsb/init-functions @@ -807,7 +808,7 @@ setup_sshd(){ setup_vpc_apache2() { log_it "Setting up apache web server for VPC" - chkconfig apache2 off + systemctl disable apache2 clean_ipalias_config setup_apache2_common } @@ -942,7 +943,7 @@ setup_router() { disable_rpfilter_domR enable_fwding 1 enable_rpsrfs 1 - chkconfig nfs-common off + systemctl disable nfs-common cp /etc/iptables/iptables-router /etc/iptables/rules.v4 #for old templates cp /etc/iptables/iptables-router /etc/iptables/rules @@ -1083,7 +1084,7 @@ setup_dhcpsrvr() { enable_svc cloud-passwd-srvr 1 enable_svc cloud 0 enable_fwding 0 - chkconfig nfs-common off + systemctl disable nfs-common cp /etc/iptables/iptables-router /etc/iptables/rules.v4 cp /etc/iptables/iptables-router /etc/iptables/rules @@ -1239,7 +1240,7 @@ setup_console_proxy() { enable_svc dnsmasq 0 enable_svc cloud-passwd-srvr 0 enable_svc cloud 1 - chkconfig nfs-common off + systemctl disable nfs-common rm /etc/logrotate.d/cloud } @@ -1267,8 +1268,8 @@ setup_elbvm() { enable_svc dnsmasq 0 enable_svc cloud-passwd-srvr 0 enable_svc cloud 0 - chkconfig nfs-common off - chkconfig portmap off + systemctl disable nfs-common + systemctl disable portmap } setup_ilbvm() { @@ -1290,8 +1291,8 @@ setup_ilbvm() { enable_svc dnsmasq 0 enable_svc cloud-passwd-srvr 0 enable_svc cloud 0 - chkconfig nfs-common off - chkconfig portmap off + systemctl disable nfs-common + systemctl disable portmap } setup_default() { diff --git a/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr b/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr index 33b0ea3..c089e72 100755 --- a/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr +++ b/systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr @@ -1,12 +1,10 @@ -#!/bin/bash +#!/bin/bash ### BEGIN INIT INFO # Provides: cloud-passwd-srvr -# Required-Start: mountkernfs $local_fs cloud-early-config iptables-persistent +# Required-Start: $local_fs cloud-early-config # Required-Stop: $local_fs -# Should-Start: -# Should-Stop: -# Default-Start: -# Default-Stop: 0 6 +# Default-Start: 3 4 5 +# Default-Stop: 0 1 6 # Short-Description: Web server that sends passwords to User VMs ### END INIT INFO # Licensed to the Apache Software Foundation (ASF) under one diff --git a/systemvm/patches/debian/config/etc/init.d/postinit b/systemvm/patches/debian/config/etc/init.d/postinit index 818959f..ddbcb08 100755 --- a/systemvm/patches/debian/config/etc/init.d/postinit +++ b/systemvm/patches/debian/config/etc/init.d/postinit @@ -1,13 +1,11 @@ #!/bin/bash -e ### BEGIN INIT INFO # Provides: postinit -# Required-Start: mountkernfs $local_fs cloud-early-config +# Required-Start: $local_fs cloud-early-config # Required-Stop: $local_fs -# Should-Start: -# Should-Stop: # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 -# Short-Description: post-init +# Short-Description: post-init ### END INIT INFO # Licensed to the Apache Software Foundation (ASF) under one diff --git a/systemvm/patches/debian/config/etc/rc.local b/systemvm/patches/debian/config/etc/rc.local index 3b19218..c0b1939 100755 --- a/systemvm/patches/debian/config/etc/rc.local +++ b/systemvm/patches/debian/config/etc/rc.local @@ -1,4 +1,4 @@ -#/bin/bash +#!/bin/bash #Licensed to the Apache Software Foundation (ASF) under one #or more contributor license agreements. See the NOTICE file diff --git a/systemvm/patches/debian/config/etc/ssh/sshd_config b/systemvm/patches/debian/config/etc/ssh/sshd_config index 6c64719..75f30cc 100644 --- a/systemvm/patches/debian/config/etc/ssh/sshd_config +++ b/systemvm/patches/debian/config/etc/ssh/sshd_config @@ -13,7 +13,6 @@ Port 3922 #AddressFamily any #ListenAddress 0.0.0.0 -#ListenAddress :: # Disable legacy (protocol version 1) support in the server for new # installations. In future the default will change to require explicit diff --git a/systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh b/systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh index 34450dc..81a1b14 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh +++ b/systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh @@ -40,34 +40,34 @@ patch_console_proxy() { } consoleproxy_svcs() { - chkconfig cloud on - chkconfig postinit on - chkconfig cloud-passwd-srvr off - chkconfig haproxy off ; - chkconfig dnsmasq off - chkconfig ssh on - chkconfig apache2 off - chkconfig nfs-common off - chkconfig portmap off - chkconfig keepalived off - chkconfig conntrackd off + systemctl enable cloud + systemctl enable postinit + systemctl disable cloud-passwd-srvr + systemctl disable haproxy + systemctl disable dnsmasq + systemctl enable ssh + systemctl disable apache2 + systemctl disable nfs-common + systemctl disable portmap + systemctl disable keepalived + systemctl disable conntrackd echo "cloud postinit ssh" > /var/cache/cloud/enabled_svcs echo "cloud-passwd-srvr haproxy dnsmasq apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs mkdir -p /var/log/cloud } secstorage_svcs() { - chkconfig cloud on - chkconfig postinit on - chkconfig cloud-passwd-srvr off - chkconfig haproxy off ; - chkconfig dnsmasq off - chkconfig portmap on - chkconfig nfs-common on - chkconfig ssh on - chkconfig apache2 off - chkconfig keepalived off - chkconfig conntrackd off + systemctl enable cloud on + systemctl enable postinit on + systemctl disable cloud-passwd-srvr + systemctl disable haproxy + systemctl disable dnsmasq + systemctl enable portmap + systemctl enable nfs-common + systemctl enable ssh + systemctl disable apache2 + systemctl disable keepalived + systemctl disable conntrackd echo "cloud postinit ssh nfs-common portmap" > /var/cache/cloud/enabled_svcs echo "cloud-passwd-srvr haproxy dnsmasq" > /var/cache/cloud/disabled_svcs mkdir -p /var/log/cloud @@ -76,67 +76,67 @@ secstorage_svcs() { routing_svcs() { grep "redundant_router=1" /var/cache/cloud/cmdline > /dev/null RROUTER=$? - chkconfig cloud off - chkconfig haproxy on ; - chkconfig ssh on - chkconfig nfs-common off - chkconfig portmap off + systemctl disable cloud + systemctl disable haproxy + systemctl enable ssh + systemctl disable nfs-common + systemctl disable portmap echo "ssh haproxy apache2" > /var/cache/cloud/enabled_svcs echo "cloud nfs-common portmap" > /var/cache/cloud/disabled_svcs if [ $RROUTER -eq 0 ] then - chkconfig dnsmasq off - chkconfig cloud-passwd-srvr off - chkconfig keepalived on - chkconfig conntrackd on - chkconfig postinit on + systemctl disable dnsmasq + systemctl disable cloud-passwd-srvr + systemctl enable keepalived + systemctl enable conntrackd + systemctl enable postinit echo "keepalived conntrackd postinit" >> /var/cache/cloud/enabled_svcs echo "dnsmasq cloud-passwd-srvr" >> /var/cache/cloud/disabled_svcs else - chkconfig dnsmasq on - chkconfig cloud-passwd-srvr on - chkconfig keepalived off - chkconfig conntrackd off + systemctl enable dnsmasq + systemctl enable cloud-passwd-srvr + systemctl disable keepalived + systemctl disable conntrackd echo "dnsmasq cloud-passwd-srvr " >> /var/cache/cloud/enabled_svcs echo "keepalived conntrackd " >> /var/cache/cloud/disabled_svcs fi } dhcpsrvr_svcs() { - chkconfig cloud off - chkconfig cloud-passwd-srvr on ; - chkconfig haproxy off ; - chkconfig dnsmasq on - chkconfig ssh on - chkconfig nfs-common off - chkconfig portmap off - chkconfig keepalived off - chkconfig conntrackd off + systemctl disable cloud + systemctl enable cloud-passwd-srvr + systemctl disable haproxy + systemctl enable dnsmasq + systemctl enable ssh + systemctl disable nfs-common + systemctl disable portmap + systemctl disable keepalived + systemctl disable conntrackd echo "ssh dnsmasq cloud-passwd-srvr apache2" > /var/cache/cloud/enabled_svcs echo "cloud nfs-common haproxy portmap" > /var/cache/cloud/disabled_svcs } elbvm_svcs() { - chkconfig cloud off - chkconfig haproxy on ; - chkconfig ssh on - chkconfig nfs-common off - chkconfig portmap off - chkconfig keepalived off - chkconfig conntrackd off + systemctl disable cloud + systemctl disable haproxy + systemctl enable ssh + systemctl disable nfs-common + systemctl disable portmap + systemctl disable keepalived + systemctl disable conntrackd echo "ssh haproxy" > /var/cache/cloud/enabled_svcs echo "cloud dnsmasq cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs } ilbvm_svcs() { - chkconfig cloud off - chkconfig haproxy on ; - chkconfig ssh on - chkconfig nfs-common off - chkconfig portmap off - chkconfig keepalived off - chkconfig conntrackd off + systemctl disable cloud + systemctl enable haproxy + systemctl enable ssh + systemctl disable nfs-common + systemctl disable portmap + systemctl disable keepalived + systemctl disable conntrackd echo "ssh haproxy" > /var/cache/cloud/enabled_svcs echo "cloud dnsmasq cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs } @@ -149,11 +149,11 @@ enable_pcihotplug() { } enable_serial_console() { - sed -i -e "/^serial.*/d" /boot/grub/grub.conf - sed -i -e "/^terminal.*/d" /boot/grub/grub.conf - sed -i -e "/^default.*/a\serial --unit=0 --speed=115200 --parity=no --stop=1" /boot/grub/grub.conf - sed -i -e "/^serial.*/a\terminal --timeout=0 serial console" /boot/grub/grub.conf - sed -i -e "s/\(^kernel.* ro\) \(console.*\)/\1 console=tty0 console=ttyS0,115200n8/" /boot/grub/grub.conf + #sed -i -e "/^serial.*/d" /boot/grub/grub.conf + #sed -i -e "/^terminal.*/d" /boot/grub/grub.conf + #sed -i -e "/^default.*/a\serial --unit=0 --speed=115200 --parity=no --stop=1" /boot/grub/grub.conf + #sed -i -e "/^serial.*/a\terminal --timeout=0 serial console" /boot/grub/grub.conf + #sed -i -e "s/\(^kernel.* ro\) \(console.*\)/\1 console=tty0 console=ttyS0,115200n8/" /boot/grub/grub.conf sed -i -e "/^s0:2345:respawn.*/d" /etc/inittab sed -i -e "/6:23:respawn/a\s0:2345:respawn:/sbin/getty -L 115200 ttyS0 vt102" /etc/inittab } diff --git a/tools/appliance/build.sh b/tools/appliance/build.sh index 0b31cc1..45f4728 100755 --- a/tools/appliance/build.sh +++ b/tools/appliance/build.sh @@ -594,7 +594,7 @@ function main() { add_on_exit veewee_destroy veewee_build save_mac_address - veewee_halt + veewee_halt || true retry 10 check_appliance_shutdown retry 10 check_appliance_disk_ready retry 10 remove_shares diff --git a/tools/appliance/definitions/systemvmtemplate/apt_upgrade.sh b/tools/appliance/definitions/systemvmtemplate/apt_upgrade.sh index f98c6b5..eb9b790 100644 --- a/tools/appliance/definitions/systemvmtemplate/apt_upgrade.sh +++ b/tools/appliance/definitions/systemvmtemplate/apt_upgrade.sh @@ -23,20 +23,23 @@ function add_backports() { sed -i '/cdrom/d' /etc/apt/sources.list sed -i '/deb-src/d' /etc/apt/sources.list sed -i '/backports/d' /etc/apt/sources.list - echo 'deb http://http.debian.net/debian wheezy-backports main' >> /etc/apt/sources.list + echo 'deb http://http.debian.net/debian stretch-backports main' >> /etc/apt/sources.list } function apt_upgrade() { DEBIAN_FRONTEND=noninteractive DEBIAN_PRIORITY=critical + # Setup sudo + echo 'cloud ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/cloud + add_backports rm -fv /root/*.iso apt-get -y autoremove apt-get autoclean - apt-get -q -y --force-yes update - apt-get -q -y --force-yes upgrade + apt-get -q -y update + apt-get -q -y upgrade df -h } diff --git a/tools/appliance/definitions/systemvmtemplate/authorized_keys.sh b/tools/appliance/definitions/systemvmtemplate/authorized_keys.sh index 63da2f4..d185723 100644 --- a/tools/appliance/definitions/systemvmtemplate/authorized_keys.sh +++ b/tools/appliance/definitions/systemvmtemplate/authorized_keys.sh @@ -25,5 +25,6 @@ set -x key='ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvFu3MLSPphFRBR1yM7nBukXWS9gPdAXfqq9cfC8ZqQN9ybi531aj44CybZ4BVT4kLfzbAs7+7nJeSIpPHxjv9XFqbxjIxoFeGYkj7s0RrJgtsEmvAAubZ3mYboUAYUivMgnJFLnv4VqyAbpjix6CfECUiU4ygwo24F3F6bAmhl4Vo1R5TSUdDIX876YePJTFtuVkLl4lu/+xw1QRWrgaSFosGICT37IKY7RjE79Ozb0GjNHyJPPgVAGkUVO4LawroL9dYOBlzdHpmqqA9Kc44oQBpvcU7s1+ezRTt7fZNnP7TG9ninZtrvnP4qmwAc4iUJ7N1bwh0mCblnoTfZ28hw== anthony@mobl-ant' mkdir -p /root/.ssh chmod 644 /root/.ssh +#touch /root/.ssh/authorized_keys echo ${key} > /root/.ssh/authorized_keys chmod 600 /root/.ssh/authorized_keys diff --git a/tools/appliance/definitions/systemvmtemplate/build_time.sh b/tools/appliance/definitions/systemvmtemplate/build_time.sh deleted file mode 100644 index c25644b..0000000 --- a/tools/appliance/definitions/systemvmtemplate/build_time.sh +++ /dev/null @@ -1,26 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -set -e -set -x - -function build_time() { - date > /etc/vagrant_box_build_time -} - -return 2>/dev/null || build_time diff --git a/tools/appliance/definitions/systemvmtemplate/cleanup.sh b/tools/appliance/definitions/systemvmtemplate/cleanup.sh index cd32d5b..67d6c23 100644 --- a/tools/appliance/definitions/systemvmtemplate/cleanup.sh +++ b/tools/appliance/definitions/systemvmtemplate/cleanup.sh @@ -20,7 +20,6 @@ set -e set -x function cleanup_apt() { - #apt-get -y remove linux-headers-$(uname -r) build-essential apt-get -y remove dictionaries-common busybox apt-get -y autoremove apt-get autoclean diff --git a/tools/appliance/definitions/systemvmtemplate/configure_grub.sh b/tools/appliance/definitions/systemvmtemplate/configure_grub.sh index 5b6a80a..ec40b7c 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_grub.sh +++ b/tools/appliance/definitions/systemvmtemplate/configure_grub.sh @@ -31,9 +31,13 @@ GRUB_DEFAULT=0 GRUB_TIMEOUT=0 GRUB_DISTRIBUTOR=`lsb_release -i -s 2> /dev/null || echo Debian` GRUB_CMDLINE_LINUX_DEFAULT="quiet" -GRUB_CMDLINE_LINUX="debian-installer=en_US" +GRUB_CMDLINE_LINUX="console=tty1 console=ttyS0,115200n8 net.ifnames=0 biosdevname=0 debian-installer=en_US" +GRUB_TERMINAL="console serial" +GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1" + EOF + grub-mkconfig -o /boot/grub/grub.cfg update-grub } diff --git a/tools/appliance/definitions/systemvmtemplate/configure_login.sh b/tools/appliance/definitions/systemvmtemplate/configure_login.sh index 36fccab..1735b81 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_login.sh +++ b/tools/appliance/definitions/systemvmtemplate/configure_login.sh @@ -23,11 +23,12 @@ function add_admin_group() { groupadd -f -r admin } -function configure_cloud_user() { +function configure_user() { usermod -a -G admin cloud mkdir -p /home/cloud/.ssh chmod 700 /home/cloud/.ssh echo "cloud:`openssl rand -base64 32`" | chpasswd + echo "root:password" | chpasswd } function configure_sudoers() { @@ -42,7 +43,7 @@ root ALL=(ALL:ALL) ALL #includedir /etc/sudoers.d END - echo 'cloud ALL=NOPASSWD:/bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount' > /etc/sudoers.d/cloud + echo 'cloud ALL=NOPASSWD:/bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount, /sbin/halt' > /etc/sudoers.d/cloud } # sshd_config is overwritten from cloud_scripts @@ -58,8 +59,6 @@ END #} function configure_inittab() { - grep "vc:2345:respawn:/sbin/getty" /etc/inittab && return - # Fix inittab cat >> /etc/inittab << EOF @@ -68,11 +67,13 @@ EOF } function configure_login() { - add_admin_group - configure_cloud_user - configure_sudoers # configure_sshd configure_inittab + add_admin_group + configure_sudoers + configure_user + rm -fv /home/cloud/configure_login.sh + halt -p } return 2>/dev/null || configure_login diff --git a/tools/appliance/definitions/systemvmtemplate/configure_networking.sh b/tools/appliance/definitions/systemvmtemplate/configure_networking.sh index bddcd6c..2ebd3a2 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_networking.sh +++ b/tools/appliance/definitions/systemvmtemplate/configure_networking.sh @@ -21,13 +21,6 @@ set -x HOSTNAME=systemvm -# Adding a 2 sec delay to the interface up, to make the dhclient happy -function set_interface_sleep() { - grep "pre-up sleep 2" /etc/network/interfaces && return - - echo "pre-up sleep 2" >> /etc/network/interfaces -} - function configure_resolv_conf() { grep 8.8.8.8 /etc/resolv.conf && grep 8.8.4.4 /etc/resolv.conf && return @@ -52,8 +45,24 @@ function configure_hostname() { hostname $HOSTNAME } +function configure_interfaces() { + cat > /etc/network/interfaces << EOF +source /etc/network/interfaces.d/* + +# The loopback network interface +auto lo +iface lo inet loopback + +# The primary network interface +auto eth0 +iface eth0 inet dhcp +pre-up sleep 2 + +EOF +} + function configure_networking() { - set_interface_sleep + configure_interfaces configure_resolv_conf delete_dhcp_ip configure_hostname diff --git a/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh b/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh index 60082e3..f3bd52a 100644 --- a/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh +++ b/tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh @@ -19,15 +19,15 @@ set -e set -x -CLOUDSTACK_RELEASE=4.6.0 +CLOUDSTACK_RELEASE=4.11.0 function configure_apache2() { # Enable ssl, rewrite and auth a2enmod ssl rewrite auth_basic auth_digest a2ensite default-ssl # Backup stock apache configuration since we may modify it in Secondary Storage VM - cp /etc/apache2/sites-available/default /etc/apache2/sites-available/default.orig - cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/default-ssl.orig + cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/default.orig + cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.orig sed -i 's/SSLProtocol all -SSLv2$/SSLProtocol all -SSLv2 -SSLv3/g' /etc/apache2/mods-available/ssl.conf } @@ -39,12 +39,76 @@ function install_cloud_scripts() { /etc/init.d/{cloud,cloud-early-config,cloud-passwd-srvr,postinit} \ /etc/profile.d/cloud.sh - chkconfig --add cloud-early-config - chkconfig cloud-early-config on - chkconfig --add cloud-passwd-srvr - chkconfig cloud-passwd-srvr off - chkconfig --add cloud - chkconfig cloud off + cat > /lib/systemd/system/cloud-early-config.service << EOF +[Unit] +Description=cloud-early-config: configure according to cmdline +DefaultDependencies=no +After=local-fs.target apparmor.service systemd-sysctl.service systemd-modules-load.service + +[Install] +WantedBy=multi-user.target + +[Service] +Type=oneshot +ExecStart=/etc/init.d/cloud-early-config start +ExecStop=/etc/init.d/cloud-early-config stop +RemainAfterExit=true +TimeoutStartSec=5min + +EOF + + cat > /lib/systemd/system/cloud.service << EOF +[Unit] +Description=cloud: startup cloud service +After=cloud-early-config.service network.target local-fs.target + +[Install] +WantedBy=multi-user.target + +[Service] +Type=forking +ExecStart=/etc/init.d/cloud start +ExecStop=/etc/init.d/cloud stop +RemainAfterExit=true +TimeoutStartSec=5min +EOF + + cat > /lib/systemd/system/cloud-passwd-srvr.service << EOF +[Unit] +Description=cloud-passwd-srvr: cloud password server +After=network.target local-fs.target + +[Install] +WantedBy=multi-user.target + +[Service] +Type=forking +ExecStart=/etc/init.d/cloud-passwd-srvr start +ExecStop=/etc/init.d/cloud-passwd-srvr stop +RemainAfterExit=true +TimeoutStartSec=5min +EOF + + cat > /lib/systemd/system/postinit.service << EOF +[Unit] +Description=cloud post-init service +After=cloud-early-config.service network.target local-fs.target + +[Install] +WantedBy=multi-user.target + +[Service] +Type=forking +ExecStart=/etc/init.d/postinit start +ExecStop=/etc/init.d/postinit stop +RemainAfterExit=true +TimeoutStartSec=5min +EOF + + systemctl daemon-reload + systemctl enable cloud-early-config + systemctl disable cloud-passwd-srvr + systemctl disable cloud } function do_signature() { @@ -72,18 +136,20 @@ function configure_services() { install_cloud_scripts do_signature - chkconfig xl2tpd off + systemctl daemon-reload + systemctl disable xl2tpd # Disable services that slow down boot and are not used anyway - chkconfig x11-common off - chkconfig console-setup off + systemctl disable x11-common + systemctl disable console-setup + systemctl disable haproxy # Hyperv kvp daemon - 64bit only local arch=`dpkg --print-architecture` if [ "${arch}" == "amd64" ]; then - chkconfig hv_kvp_daemon off + systemctl disable hv_kvp_daemon fi - chkconfig radvd off + systemctl disable radvd configure_apache2 configure_strongswan diff --git a/tools/appliance/definitions/systemvmtemplate/definition.rb b/tools/appliance/definitions/systemvmtemplate/definition.rb index e0c44e2..cea7bd2 100644 --- a/tools/appliance/definitions/systemvmtemplate/definition.rb +++ b/tools/appliance/definitions/systemvmtemplate/definition.rb @@ -15,7 +15,7 @@ # specific language governing permissions and limitations # under the License. -arch = ENV['VM_ARCH'] || 'i386' +arch = 'amd64' # # NOTE: Before changing the version of the debian image make @@ -25,25 +25,19 @@ arch = ENV['VM_ARCH'] || 'i386' # removed from the debian mirrors # architectures = { - :i386 => { - :os_type_id => 'Debian', - :iso_file => 'debian-7.11.0-i386-netinst.iso', - :iso_src => 'http://cdimage.debian.org/cdimage/archive/7.11.0/i386/iso-cd/debian-7.11.0-i386-netinst.iso', - :iso_md5 => '75055a694508f5b891038ec12d703c9e', - }, :amd64 => { :os_type_id => 'Debian_64', - :iso_file => 'debian-7.11.0-amd64-netinst.iso', - :iso_src => 'http://cdimage.debian.org/cdimage/archive/7.11.0/amd64/iso-cd/debian-7.11.0-amd64-netinst.iso', - :iso_md5 => '096c1c18b44c269808bd815d58c53c8f' + :iso_file => 'debian-9.1.0-amd64-netinst.iso', + :iso_src => 'https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.1.0-amd64-netinst.iso', + :iso_md5 => 'ddd8f6542dae8baf410e90b9ae0fe986' } } config = { :cpu_count => '1', - :memory_size => '256', - :disk_size => '3200', :disk_format => 'VDI', :hostiocache => 'off', - :iso_download_timeout => '1200', + :memory_size => '512', + :disk_size => '2000', :disk_format => 'VDI', :hostiocache => 'off', + :iso_download_timeout => '1000', :boot_wait => '10', :boot_cmd_sequence => [ '<Esc>', @@ -63,11 +57,11 @@ config = { '<Enter>' ], :kickstart_port => '7122', - :kickstart_timeout => '1200', + :kickstart_timeout => '1000', :kickstart_file => 'preseed.cfg', - :ssh_login_timeout => '1200', - :ssh_user => 'root', - :ssh_password => 'password', + :ssh_login_timeout => '10000', + :ssh_user => 'cloud', + :ssh_password => 'cloud', :ssh_key => '', :ssh_host_port => '7222', :ssh_guest_port => '22', @@ -75,11 +69,9 @@ config = { :shutdown_cmd => 'halt -p', :postinstall_files => [ # basic minimal vm creation - 'build_time.sh', 'apt_upgrade.sh', 'configure_grub.sh', 'configure_locale.sh', - 'configure_login.sh', 'configure_networking.sh', 'configure_acpid.sh', # turning it into a systemvm @@ -91,9 +83,11 @@ config = { 'configure_persistent_config.sh', # cleanup & space-saving 'cleanup.sh', - 'zerodisk.sh' + 'zerodisk.sh', + # setup login stuff + 'configure_login.sh' ], - :postinstall_timeout => '1200' + :postinstall_timeout => '10000' } config.merge! architectures[arch.to_sym] diff --git a/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh b/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh index 9daa2d8..227f533 100644 --- a/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh +++ b/tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh @@ -43,7 +43,7 @@ function install_packages() { debconf_packages install_vhd_util - local apt_get="apt-get --no-install-recommends -q -y --force-yes" + local apt_get="apt-get --no-install-recommends -q -y" #32 bit architecture support:: not required for 32 bit template if [ "${arch}" != "i386" ]; then @@ -53,8 +53,8 @@ function install_packages() { fi ${apt_get} install \ - rsyslog logrotate cron chkconfig insserv net-tools ifupdown vim-tiny netbase iptables \ - openssh-server e2fsprogs dhcp3-client tcpdump socat wget \ + rsyslog logrotate cron insserv net-tools ifupdown vim netbase iptables \ + openssh-server e2fsprogs isc-dhcp-client tcpdump socat wget \ python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps \ inetutils-ping iputils-arping httping curl \ dnsutils zip unzip ethtool uuid file iproute acpid virt-what sudo \ @@ -67,19 +67,22 @@ function install_packages() { xenstore-utils libxenstore3.0 \ conntrackd ipvsadm libnetfilter-conntrack3 libnl-3-200 libnl-genl-3-200 \ ipcalc \ + openjdk-8-jre-headless \ ipset \ iptables-persistent \ libtcnative-1 libssl-dev libapr1-dev \ python-flask \ haproxy \ radvd \ - sharutils + sharutils \ + keepalived irqbalance open-vm-tools qemu-guest-agent \ + strongswan libcharon-extra-plugins libstrongswan-extra-plugins - ${apt_get} -t wheezy-backports install keepalived irqbalance open-vm-tools qemu-guest-agent - ${apt_get} -t wheezy-backports install strongswan libcharon-extra-plugins libstrongswan-extra-plugins + apt-get autoclean + apt-get clean apt-get update - apt-get -y --force-yes upgrade + apt-get -y upgrade if [ "${arch}" == "amd64" ]; then # Hyperv kvp daemon - 64bit only @@ -87,22 +90,7 @@ function install_packages() { wget http://people.apache.org/~rajeshbattala/hv-kvp-daemon_3.1_amd64.deb dpkg -i hv-kvp-daemon_3.1_amd64.deb rm -f hv-kvp-daemon_3.1_amd64.deb - # XS tools - wget --no-check-certificate https://raw.githubusercontent.com/rhtyd/cloudstack-nonoss/master/xe-guest-utilities_6.5.0_amd64.deb - md5sum xe-guest-utilities_6.5.0_amd64.deb - dpkg -i xe-guest-utilities_6.5.0_amd64.deb - rm -f xe-guest-utilities_6.5.0_amd64.deb fi - - # Install OpenJDK8 pkgs maintained by Azul - apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0x219BD9C9 - echo 'deb http://repos.azulsystems.com/debian stable main' > /etc/apt/sources.list.d/zulu.list - apt-get -y autoremove - apt-get autoclean - apt-get clean - apt-get update - ${apt_get} install zulu-8 - java -version } return 2>/dev/null || install_packages diff --git a/tools/appliance/definitions/systemvmtemplate/preseed.cfg b/tools/appliance/definitions/systemvmtemplate/preseed.cfg index 77402d7..6d56b76 100644 --- a/tools/appliance/definitions/systemvmtemplate/preseed.cfg +++ b/tools/appliance/definitions/systemvmtemplate/preseed.cfg @@ -17,22 +17,35 @@ ### Localization # Locale sets language and country. -d-i debian-installer/locale string en_US +d-i debian-installer/locale string en_US.UTF-8 # Keyboard selection. -d-i console-keymaps-at/keymap select us +d-i keyboard-configuration/xkb-keymap select us ### Network configuration d-i netcfg/choose_interface select auto d-i netcfg/get_hostname string systemvm -d-i netcfg/get_domain string cloudstack.org +d-i netcfg/get_domain string apache.org +d-i netcfg/wireless_wep string + +d-i hw-detect/load_firmware boolean true ### Mirror settings d-i mirror/country string manual -d-i mirror/http/hostname string http.us.debian.org +d-i mirror/http/hostname string http.debian.net d-i mirror/http/directory string /debian d-i mirror/http/proxy string +### Apt setup +d-i apt-setup/cdrom/set-first false +#d-i apt-setup/non-free boolean true +#d-i apt-setup/contrib boolean true +#d-i apt-setup/use_mirror boolean true +d-i apt-setup/services-select multiselect security, updates +d-i apt-setup/security_host string security.debian.org +d-i apt-setup/local0/source boolean false +d-i apt-setup/multiarch string i386 + ### Clock and time zone setup d-i clock-setup/utc boolean true d-i time/zone string UTC @@ -44,51 +57,33 @@ d-i partman-auto/method string regular d-i partman-auto/choose_recipe select atomic d-i partman-auto/expert_recipe string \ boot-root :: \ - 80 50 160 ext4 \ + 80 50 100 ext4 \ $primary{ } $bootable{ } \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /boot } \ . \ - 500 40 800 ext4 \ + 1500 40 1600 ext4 \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ / } \ . \ - 50 100 100 ext4 \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /home } \ - . \ - 1000 60 1400 ext4 \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /usr } \ - . \ - 200 40 300 ext4 \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /opt } \ - . \ - 600 70 1200 ext4 \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /var } \ - . \ - 400 50 500 ext4 \ + 300 50 300 ext4 \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /var/log } \ . \ - 100 90 200 ext4 \ + 100 90 100 ext4 \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ /tmp } \ . \ - 256 100 1024 linux-swap \ + 100 100 200 linux-swap \ method{ swap } format{ } \ . -d-i partman/confirm_write_new_label boolean true + +d-i partman-md/confirm boolean true +d-i partman-partitioning/confirm_write_new_label boolean true d-i partman/choose_partition select finish d-i partman/confirm boolean true d-i partman/confirm_nooverwrite boolean true @@ -97,10 +92,10 @@ d-i partman/confirm_nooverwrite boolean true # ... ### Account setup -d-i passwd/root-login boolean true +d-i passwd/root-login boolean false d-i passwd/root-password password password d-i passwd/root-password-again password password -d-i passwd/user-fullname string Cloud Stack +d-i passwd/user-fullname string Cloud User d-i passwd/username string cloud d-i passwd/user-password password cloud d-i passwd/user-password-again password cloud @@ -108,12 +103,14 @@ d-i user-setup/encrypt-home boolean false d-i user-setup/allow-password-weak boolean true d-i passwd/user-default-groups string audio cdrom video admin +#openssh-server openssh-server/permit-root-login boolean true + ### Apt setup # ... ### Package selection tasksel tasksel/first multiselect ssh-server -d-i pkgsel/include string openssh-server ntp acpid sudo bzip2 openssl +d-i pkgsel/include string openssh-server ntp acpid sudo bzip2 openssl # Allowed values: none, safe-upgrade, full-upgrade d-i pkgsel/upgrade select none @@ -121,12 +118,10 @@ popularity-contest popularity-contest/participate boolean false ### Boot loader installation d-i grub-installer/only_debian boolean true +d-i grub-installer/with_other_os boolean true +d-i grub-installer/bootdev string default d-i finish-install/reboot_in_progress note -### Preseeding other packages -libssl1.0.0 libssl1.0.0/restart-services string -libssl1.0.0 libssl1.0.0/restart-failed error - #### Advanced options # Prevent packaged version of VirtualBox Guest Additions being installed: d-i preseed/early_command string sed -i \ diff --git a/tools/appliance/definitions/systemvmtemplate/zerodisk.sh b/tools/appliance/definitions/systemvmtemplate/zerodisk.sh index d0cc131..7adea8a 100644 --- a/tools/appliance/definitions/systemvmtemplate/zerodisk.sh +++ b/tools/appliance/definitions/systemvmtemplate/zerodisk.sh @@ -22,9 +22,10 @@ set -x # clean up stuff copied in by veewee function cleanup_veewee() { # this has to be here since it is the last file to run (and we remove ourselves) - rm -fv /root/*.iso - rm -fv /root/{apt_upgrade,authorized_keys,build_time,cleanup,install_systemvm_packages,zerodisk}.sh - rm -fv /root/configure_{acpid,conntrack,grub,locale,login,networking,systemvm_services}.sh + cd /home/cloud + rm -fv *.iso + rm -fv {apt_upgrade,authorized_keys,cleanup,install_systemvm_packages,zerodisk}.sh + rm -fv configure_{acpid,conntrack,grub,locale,networking,persistent_config,systemvm_services}.sh /home/cloud/install_systemvm_packages.sh rm -fv .veewee_version .veewee_params .vbox_version } @@ -32,7 +33,7 @@ function cleanup_veewee() { function zero_disk() { cleanup_veewee - for path in / /boot /usr /var /var/log /opt /tmp /home + for path in / /boot /var/log /tmp do dd if=/dev/zero of=${path}/zero bs=1M || true sync -- To stop receiving notification emails like this one, please contact "commits@cloudstack.apache.org" <commits@cloudstack.apache.org>.