This is an automated email from the ASF dual-hosted git repository. rohit pushed a commit to branch 4.11 in repository https://gitbox.apache.org/repos/asf/cloudstack.git
The following commit(s) were added to refs/heads/4.11 by this push: new 0929866 server: ssh-keygen in PEM format and reduce main systemvm patching script (#3333) 0929866 is described below commit 09298669562032c6f112cf8d407009abc42f1135 Author: Rohit Yadav <rohit.ya...@shapeblue.com> AuthorDate: Thu May 23 18:08:00 2019 +0530 server: ssh-keygen in PEM format and reduce main systemvm patching script (#3333) On first startup, the management server creates and saves a random ssh keypair using ssh-keygen in the database. The command does not specify keys in PEM format which is not the default as generated by latest ssh-keygen tool. The systemvmtemplate always needs re-building whenever there is a change in the cloud-early-config file. This also tries to fix that by introducing a stage 2 bootstrap.sh where the changes specific to hypervisor detection etc are refactored/moved. The initial cloud-early-config only patches before the other scripts are called. Signed-off-by: Rohit Yadav <rohit.ya...@shapeblue.com> --- .travis.yml | 46 ++++--- .../kvm/resource/LibvirtComputingResource.java | 2 +- .../wrapper/LibvirtStartCommandWrapper.java | 11 +- .../com/cloud/server/ConfigurationServerImpl.java | 29 ++-- services/console-proxy-rdp/rdpconsole/pom.xml | 11 ++ .../bin/setup/{cloud-early-config => bootstrap.sh} | 114 ++++++---------- .../debian/opt/cloud/bin/setup/cloud-early-config | 147 ++------------------- .../debian/opt/cloud/bin/setup/patchsystemvm.sh | 63 --------- systemvm/debian/opt/cloud/bin/setup/router.sh | 4 +- systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh | 6 +- .../scripts/install_systemvm_packages.sh | 1 + 11 files changed, 115 insertions(+), 319 deletions(-) diff --git a/.travis.yml b/.travis.yml index 43f2bb2..49bbc33 100644 --- a/.travis.yml +++ b/.travis.yml @@ -99,28 +99,30 @@ env: smoke/test_volumes smoke/test_vpc_redundant smoke/test_vpc_router_nics - smoke/test_vpc_vpn - smoke/misc/test_deploy_vm + smoke/test_vpc_vpn" + + - TESTS="smoke/misc/test_deploy_vm smoke/misc/test_escalations_templates smoke/misc/test_vm_ha - smoke/misc/test_vm_sync" - - - TESTS="component/find_hosts_for_migration + smoke/misc/test_vm_sync + component/find_hosts_for_migration component/test_acl_isolatednetwork_delete component/test_acl_listsnapshot component/test_acl_listvm - component/test_acl_listvolume - component/test_acl_sharednetwork" - - - TESTS="component/test_allocation_states - component/test_acl_sharednetwork_deployVM-impersonation - component/test_affinity_groups_projects - component/test_cpu_domain_limits - component/test_cpu_limits" - - - TESTS="component/test_cpu_max_limits - component/test_cpu_project_limits - component/test_deploy_vm_userdata_multi_nic + component/test_acl_listvolume" + + - TESTS="component/test_acl_sharednetwork + component/test_acl_sharednetwork_deployVM-impersonation" + + - TESTS="component/test_affinity_groups_projects + component/test_allocation_states" + + - TESTS="component/test_cpu_domain_limits + component/test_cpu_limits + component/test_cpu_max_limits + component/test_cpu_project_limits" + + - TESTS="component/test_deploy_vm_userdata_multi_nic component/test_egress_fw_rules component/test_invalid_gw_nm component/test_ip_reservation @@ -129,16 +131,18 @@ env: - TESTS="component/test_memory_limits component/test_mm_domain_limits component/test_mm_max_limits - component/test_mm_project_limits - component/test_network_offering + component/test_mm_project_limits" + + - TESTS="component/test_network_offering component/test_non_contiguous_vlan component/test_persistent_networks" - TESTS="component/test_project_limits component/test_project_configs component/test_project_usage - component/test_project_resources - component/test_regions_accounts + component/test_project_resources" + + - TESTS="component/test_regions_accounts component/test_routers component/test_snapshots component/test_stopped_vm" diff --git a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java index f5f38ed..6b4ed39 100644 --- a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java +++ b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/LibvirtComputingResource.java @@ -1362,7 +1362,7 @@ public class LibvirtComputingResource extends ServerResourceBase implements Serv } public boolean passCmdLine(final String vmName, final String cmdLine) throws InternalErrorException { - final Script command = new Script(_patchScriptPath, 30 * 1000, s_logger); + final Script command = new Script(_patchScriptPath, 300 * 1000, s_logger); String result; command.add("-n", vmName); command.add("-c", cmdLine); diff --git a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtStartCommandWrapper.java b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtStartCommandWrapper.java index 18abb1c..e31401d 100644 --- a/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtStartCommandWrapper.java +++ b/plugins/hypervisors/kvm/src/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtStartCommandWrapper.java @@ -125,9 +125,14 @@ public final class LibvirtStartCommandWrapper extends CommandWrapper<StartComman // try to patch and SSH into the systemvm for up to 5 minutes for (int count = 0; count < 10; count++) { // wait and try passCmdLine for 30 seconds at most for CLOUDSTACK-2823 - libvirtComputingResource.passCmdLine(vmName, vmSpec.getBootArgs()); - // check router is up? - final VirtualRoutingResource virtRouterResource = libvirtComputingResource.getVirtRouterResource(); + if (libvirtComputingResource.passCmdLine(vmName, vmSpec.getBootArgs())) { + break; + } + } + + final VirtualRoutingResource virtRouterResource = libvirtComputingResource.getVirtRouterResource(); + // check if the router is up? + for (int count = 0; count < 60; count++) { final boolean result = virtRouterResource.connect(controlIp, 1, 5000); if (result) { break; diff --git a/server/src/com/cloud/server/ConfigurationServerImpl.java b/server/src/com/cloud/server/ConfigurationServerImpl.java index eb0dc90..df54873 100644 --- a/server/src/com/cloud/server/ConfigurationServerImpl.java +++ b/server/src/com/cloud/server/ConfigurationServerImpl.java @@ -16,13 +16,12 @@ // under the License. package com.cloud.server; -import java.io.DataInputStream; -import java.io.EOFException; import java.io.File; import java.io.FileInputStream; import java.io.FileNotFoundException; import java.io.FileOutputStream; import java.io.IOException; +import java.nio.file.Files; import java.security.NoSuchAlgorithmException; import java.sql.PreparedStatement; import java.sql.ResultSet; @@ -608,29 +607,23 @@ public class ConfigurationServerImpl extends ManagerBase implements Configuratio // FIXME: take a global database lock here for safety. boolean onWindows = isOnWindows(); if(!onWindows) { - Script.runSimpleBashScript("if [ -f " + privkeyfile + " ]; then rm -f " + privkeyfile + "; fi; ssh-keygen -t rsa -N '' -f " + privkeyfile + " -q"); + Script.runSimpleBashScript("if [ -f " + privkeyfile + " ]; then rm -f " + privkeyfile + "; fi; ssh-keygen -t rsa -m PEM -N '' -f " + privkeyfile + " -q 2>/dev/null || ssh-keygen -t rsa -N '' -f " + privkeyfile + " -q"); } - byte[] arr1 = new byte[4094]; // configuration table column value size - try (DataInputStream dis = new DataInputStream(new FileInputStream(privkeyfile))) { - dis.readFully(arr1); - } catch (EOFException e) { - s_logger.info("[ignored] eof reached"); - } catch (Exception e) { + final String privateKey; + final String publicKey; + try { + privateKey = new String(Files.readAllBytes(privkeyfile.toPath())); + } catch (IOException e) { s_logger.error("Cannot read the private key file", e); throw new CloudRuntimeException("Cannot read the private key file"); } - String privateKey = new String(arr1).trim(); - byte[] arr2 = new byte[4094]; // configuration table column value size - try (DataInputStream dis = new DataInputStream(new FileInputStream(pubkeyfile))) { - dis.readFully(arr2); - } catch (EOFException e) { - s_logger.info("[ignored] eof reached"); - } catch (Exception e) { - s_logger.warn("Cannot read the public key file", e); + try { + publicKey = new String(Files.readAllBytes(pubkeyfile.toPath())); + } catch (IOException e) { + s_logger.error("Cannot read the public key file", e); throw new CloudRuntimeException("Cannot read the public key file"); } - String publicKey = new String(arr2).trim(); final String insertSql1 = "INSERT INTO `cloud`.`configuration` (category, instance, component, name, value, description) " + diff --git a/services/console-proxy-rdp/rdpconsole/pom.xml b/services/console-proxy-rdp/rdpconsole/pom.xml index d8550a0..eaa99c5 100755 --- a/services/console-proxy-rdp/rdpconsole/pom.xml +++ b/services/console-proxy-rdp/rdpconsole/pom.xml @@ -52,6 +52,17 @@ <directory>${basedir}/src/test/resources</directory> </testResource> </testResources> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-surefire-plugin</artifactId> + <configuration> + <excludes> + <exclude>rdpclient/MockServerTest.java</exclude> + </excludes> + </configuration> + </plugin> + </plugins> </build> <dependencies> diff --git a/systemvm/debian/opt/cloud/bin/setup/cloud-early-config b/systemvm/debian/opt/cloud/bin/setup/bootstrap.sh similarity index 68% copy from systemvm/debian/opt/cloud/bin/setup/cloud-early-config copy to systemvm/debian/opt/cloud/bin/setup/bootstrap.sh index 6aa0314..0208b36 100755 --- a/systemvm/debian/opt/cloud/bin/setup/cloud-early-config +++ b/systemvm/debian/opt/cloud/bin/setup/bootstrap.sh @@ -16,17 +16,9 @@ # specific language governing permissions and limitations # under the License. -#set -x -#exec 3>&0 4>&1 > /var/log/test.log 2>&1 PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" CMDLINE=/var/cache/cloud/cmdline -# Clear boot up flag, it would be created by rc.local after boot up done -mkdir -p /var/cache/cloud -rm -f /var/cache/cloud/boot_up_done - -[ -x /sbin/ifup ] || exit 0 - . /lib/lsb/init-functions log_it() { @@ -90,11 +82,6 @@ get_boot_params() { sed -i "s/%/ /g" $CMDLINE ;; kvm) - # Use any old cmdline as backup only - if [ -s $CMDLINE ]; then - mv $CMDLINE $CMDLINE.old - log_it "Found a non-empty old cmdline file" - fi systemctl enable --now qemu-guest-agent # Wait for $CMDLINE file to be written by the qemu-guest-agent for i in {1..60}; do @@ -104,14 +91,8 @@ get_boot_params() { fi sleep 1 done - # Use any old cmdline only when new cmdline is not received - if [ -e $CMDLINE.old ]; then - if [ -s $CMDLINE ]; then - rm $CMDLINE.old - else - mv $CMDLINE.old $CMDLINE - log_it "Using old cmdline file, VM was perhaps rebooted." - fi + if [ ! -s $CMDLINE ]; then + log_it "Failed to receive the cmdline file via the qemu-guest-agent" fi ;; vmware) @@ -142,65 +123,57 @@ get_systemvm_type() { export TYPE=$(grep -Po 'type=\K[a-zA-Z]*' $CMDLINE) } -patch() { - local PATCH_MOUNT=/media/cdrom - local patchfile=$PATCH_MOUNT/cloud-scripts.tgz - local privkey=$PATCH_MOUNT/authorized_keys - local md5file=/var/cache/cloud/cloud-scripts-signature - local cdrom_dev= - mkdir -p $PATCH_MOUNT - - if [ -e /dev/xvdd ]; then - cdrom_dev=/dev/xvdd - elif [ -e /dev/cdrom ]; then - cdrom_dev=/dev/cdrom - elif [ -e /dev/cdrom1 ]; then - cdrom_dev=/dev/cdrom1 - elif [ -e /dev/cdrom2 ]; then - cdrom_dev=/dev/cdrom2 - elif [ -e /dev/cdrom3 ]; then - cdrom_dev=/dev/cdrom3 - fi - - [ -f /var/cache/cloud/authorized_keys ] && privkey=/var/cache/cloud/authorized_keys - if [ -n "$cdrom_dev" ]; then - mount -o ro $cdrom_dev $PATCH_MOUNT - local oldmd5= - [ -f ${md5file} ] && oldmd5=$(cat ${md5file}) - local newmd5= - [ -f ${patchfile} ] && newmd5=$(md5sum ${patchfile} | awk '{print $1}') +patch_systemvm() { + local patchfile=$1 + local backupfolder="/tmp/.conf.backup" + local logfile="/var/log/patchsystemvm.log" + if [ -f /usr/local/cloud/systemvm/conf/cloud.jks ]; then + rm -fr $backupfolder + mkdir -p $backupfolder + cp -r /usr/local/cloud/systemvm/conf/* $backupfolder/ + fi + rm /usr/local/cloud/systemvm -rf + mkdir -p /usr/local/cloud/systemvm + echo "All" | unzip $patchfile -d /usr/local/cloud/systemvm >$logfile 2>&1 + find /usr/local/cloud/systemvm/ -name \*.sh | xargs chmod 555 + if [ -f $backupfolder/cloud.jks ]; then + cp -r $backupfolder/* /usr/local/cloud/systemvm/conf/ + echo "Restored keystore file and certs using backup" >> $logfile + fi + rm -fr $backupfolder + # Import global cacerts into 'cloud' service's keystore + keytool -importkeystore -srckeystore /etc/ssl/certs/java/cacerts -destkeystore /usr/local/cloud/systemvm/certs/realhostip.keystore -srcstorepass changeit -deststorepass vmops.com -noprompt || true + return 0 +} - log_it "Scripts checksum detected: oldmd5=$oldmd5 newmd5=$newmd5" - if [ "$oldmd5" != "$newmd5" ] && [ -f ${patchfile} ] && [ "$newmd5" != "" ] +patch() { + local PATCH_MOUNT=/media/cdrom + local logfile="/var/log/patchsystemvm.log" + if [ "$TYPE" == "consoleproxy" ] || [ "$TYPE" == "secstorage" ] && [ -f ${PATCH_MOUNT}/agent.zip ] && [ -f /var/cache/cloud/patch.required ] + then + echo "Patching systemvm for cloud service with mount=$PATCH_MOUNT for type=$TYPE" >> $logfile + patch_systemvm ${PATCH_MOUNT}/agent.zip + if [ $? -gt 0 ] then - tar xzf $patchfile -C / - echo ${newmd5} > ${md5file} - log_it "Patched scripts using $patchfile" - - log_it "Patching cloud service" - /opt/cloud/bin/setup/patchsystemvm.sh $PATCH_MOUNT $TYPE + echo "Failed to apply patch systemvm\n" >> $logfile + exit 1 fi - - [ -f $privkey ] && cp -f $privkey /root/.ssh/ && chmod go-rwx /root/.ssh/authorized_keys - umount $PATCH_MOUNT fi + rm -f /var/cache/cloud/patch.required + chmod -x /etc/systemd/system/cloud*.service + systemctl daemon-reload + umount $PATCH_MOUNT || true + if [ -f /mnt/cmdline ]; then cat /mnt/cmdline > $CMDLINE fi - return 0 } -start() { - log_it "Executing cloud-early-config" - - # Clear /tmp for file lock - rm -f /tmp/*.lock - rm -f /tmp/rrouter_bumped - rm -f /root/.rnd - echo "" > /root/.ssh/known_hosts +bootstrap() { + log_it "Bootstrapping systemvm appliance" export HYPERVISOR=$(hypervisor) [ $? -ne 0 ] && log_it "Failed to detect hypervisor type, bailing out of early init" && exit 10 @@ -214,16 +187,13 @@ start() { sysctl -p log_it "Configuring systemvm type=$TYPE" - if [ -f "/opt/cloud/bin/setup/$TYPE.sh" ]; then /opt/cloud/bin/setup/$TYPE.sh else /opt/cloud/bin/setup/default.sh fi - log_it "Finished setting up systemvm" - exit 0 } -start +bootstrap diff --git a/systemvm/debian/opt/cloud/bin/setup/cloud-early-config b/systemvm/debian/opt/cloud/bin/setup/cloud-early-config index 6aa0314..02593a3 100755 --- a/systemvm/debian/opt/cloud/bin/setup/cloud-early-config +++ b/systemvm/debian/opt/cloud/bin/setup/cloud-early-config @@ -16,10 +16,7 @@ # specific language governing permissions and limitations # under the License. -#set -x -#exec 3>&0 4>&1 > /var/log/test.log 2>&1 PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" -CMDLINE=/var/cache/cloud/cmdline # Clear boot up flag, it would be created by rc.local after boot up done mkdir -p /var/cache/cloud @@ -34,114 +31,6 @@ log_it() { log_action_msg "$@" } -hypervisor() { - if [ -d /proc/xen ]; then - mount -t xenfs none /proc/xen - $(dmesg | grep -q "Xen HVM") - if [ $? -eq 0 ]; then # 1=PV,0=HVM - echo "xen-hvm" && return 0 - else - echo "xen-pv" && return 0 - fi - fi - - [ -x /usr/sbin/virt-what ] && local facts=( $(virt-what) ) - if [ "$facts" != "" ]; then - # Xen HVM is recognized as Hyperv when Viridian extensions are enabled - if [ "${facts[-1]}" == "xen-domU" ] && [ "${facts[0]}" == "hyperv" ]; then - echo "xen-hvm" && return 0 - else - echo ${facts[-1]} && return 0 - fi - fi - - grep -q QEMU /proc/cpuinfo && echo "kvm" && return 0 - grep -q QEMU /var/log/messages && echo "kvm" && return 0 - - vmware-checkvm &> /dev/null && echo "vmware" && return 0 - - echo "unknown" && return 1 -} - -config_guest() { - if [ "$HYPERVISOR" == "kvm" ] - then - # Configure hot-plug - modprobe acpiphp || true - modprobe pci_hotplug || true - sed -i -e "/^s0:2345:respawn.*/d" /etc/inittab - sed -i -e "/6:23:respawn/a\s0:2345:respawn:/sbin/getty -L 115200 ttyS0 vt102" /etc/inittab - fi - [ ! -d /proc/xen ] && sed -i 's/^vc/#vc/' /etc/inittab && telinit q - [ -d /proc/xen ] && sed -i 's/^#vc/vc/' /etc/inittab && telinit q -} - -get_boot_params() { - case $HYPERVISOR in - xen-pv|xen-domU) - cat /proc/cmdline > $CMDLINE - sed -i "s/%/ /g" $CMDLINE - ;; - xen-hvm) - if [ ! -f /usr/bin/xenstore-read ]; then - log_it "ERROR: xentools not installed, cannot found xenstore-read" && exit 5 - fi - /usr/bin/xenstore-read vm-data/cloudstack/init > $CMDLINE - sed -i "s/%/ /g" $CMDLINE - ;; - kvm) - # Use any old cmdline as backup only - if [ -s $CMDLINE ]; then - mv $CMDLINE $CMDLINE.old - log_it "Found a non-empty old cmdline file" - fi - systemctl enable --now qemu-guest-agent - # Wait for $CMDLINE file to be written by the qemu-guest-agent - for i in {1..60}; do - if [ -s $CMDLINE ]; then - log_it "Received a new non-empty cmdline file from qemu-guest-agent" - break - fi - sleep 1 - done - # Use any old cmdline only when new cmdline is not received - if [ -e $CMDLINE.old ]; then - if [ -s $CMDLINE ]; then - rm $CMDLINE.old - else - mv $CMDLINE.old $CMDLINE - log_it "Using old cmdline file, VM was perhaps rebooted." - fi - fi - ;; - vmware) - vmtoolsd --cmd 'machine.id.get' > $CMDLINE - ;; - virtualpc|hyperv) - # Hyper-V is recognized as virtualpc hypervisor type. Boot args are passed using KVP Daemon - #waiting for the hv_kvp_daemon to start up - #sleep need to fix the race condition of hv_kvp_daemon and cloud-early-config - [ -f /usr/sbin/hv_kvp_daemon ] && /usr/sbin/hv_kvp_daemon - sleep 5 - cp -f /var/opt/hyperv/.kvp_pool_0 $CMDLINE - cat /dev/null > /var/opt/hyperv/.kvp_pool_0 - ;; - virtualbox) - # Virtualbox is used to test the virtual router - # get the commandline from a dmistring (yes, hacky!) - dmidecode | grep cmdline | sed 's/^.*cmdline://' > $CMDLINE - RV=$? - if [ $RV -ne 0 ] ; then - log_it "Failed to get cmdline from a virtualbox dmi property" - fi - ;; - esac -} - -get_systemvm_type() { - export TYPE=$(grep -Po 'type=\K[a-zA-Z]*' $CMDLINE) -} - patch() { local PATCH_MOUNT=/media/cdrom local patchfile=$PATCH_MOUNT/cloud-scripts.tgz @@ -162,7 +51,9 @@ patch() { cdrom_dev=/dev/cdrom3 fi - [ -f /var/cache/cloud/authorized_keys ] && privkey=/var/cache/cloud/authorized_keys + if [ -f /var/cache/cloud/authorized_keys ]; then + privkey=/var/cache/cloud/authorized_keys + fi if [ -n "$cdrom_dev" ]; then mount -o ro $cdrom_dev $PATCH_MOUNT @@ -177,17 +68,13 @@ patch() { tar xzf $patchfile -C / echo ${newmd5} > ${md5file} log_it "Patched scripts using $patchfile" - - log_it "Patching cloud service" - /opt/cloud/bin/setup/patchsystemvm.sh $PATCH_MOUNT $TYPE + touch /var/cache/cloud/patch.required fi - [ -f $privkey ] && cp -f $privkey /root/.ssh/ && chmod go-rwx /root/.ssh/authorized_keys - umount $PATCH_MOUNT - fi - - if [ -f /mnt/cmdline ]; then - cat /mnt/cmdline > $CMDLINE + if [ -f $privkey ]; then + cp -f $privkey /root/.ssh/ + chmod go-rwx /root/.ssh/authorized_keys + fi fi return 0 @@ -202,27 +89,11 @@ start() { rm -f /root/.rnd echo "" > /root/.ssh/known_hosts - export HYPERVISOR=$(hypervisor) - [ $? -ne 0 ] && log_it "Failed to detect hypervisor type, bailing out of early init" && exit 10 - log_it "Detected that we are running inside $HYPERVISOR" - - config_guest - get_boot_params - get_systemvm_type patch sync - sysctl -p - - log_it "Configuring systemvm type=$TYPE" - - if [ -f "/opt/cloud/bin/setup/$TYPE.sh" ]; then - /opt/cloud/bin/setup/$TYPE.sh - else - /opt/cloud/bin/setup/default.sh - fi + /opt/cloud/bin/setup/bootstrap.sh log_it "Finished setting up systemvm" - exit 0 } diff --git a/systemvm/debian/opt/cloud/bin/setup/patchsystemvm.sh b/systemvm/debian/opt/cloud/bin/setup/patchsystemvm.sh deleted file mode 100755 index c0d6d81..0000000 --- a/systemvm/debian/opt/cloud/bin/setup/patchsystemvm.sh +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/bash -# Licensed to the Apache Software Foundation (ASF) under one -# or more contributor license agreements. See the NOTICE file -# distributed with this work for additional information -# regarding copyright ownership. The ASF licenses this file -# to you under the Apache License, Version 2.0 (the -# "License"); you may not use this file except in compliance -# with the License. You may obtain a copy of the License at -# -# http://www.apache.org/licenses/LICENSE-2.0 -# -# Unless required by applicable law or agreed to in writing, -# software distributed under the License is distributed on an -# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY -# KIND, either express or implied. See the License for the -# specific language governing permissions and limitations -# under the License. - -#set -x -logfile="/var/log/patchsystemvm.log" - -# To use existing console proxy .zip-based package file -patch_systemvm() { - local patchfile=$1 - local backupfolder="/tmp/.conf.backup" - if [ -f /usr/local/cloud/systemvm/conf/cloud.jks ]; then - rm -fr $backupfolder - mkdir -p $backupfolder - cp -r /usr/local/cloud/systemvm/conf/* $backupfolder/ - fi - rm /usr/local/cloud/systemvm -rf - mkdir -p /usr/local/cloud/systemvm - echo "All" | unzip $patchfile -d /usr/local/cloud/systemvm >$logfile 2>&1 - find /usr/local/cloud/systemvm/ -name \*.sh | xargs chmod 555 - if [ -f $backupfolder/cloud.jks ]; then - cp -r $backupfolder/* /usr/local/cloud/systemvm/conf/ - echo "Restored keystore file and certs using backup" >> $logfile - fi - rm -fr $backupfolder - # Import global cacerts into 'cloud' service's keystore - keytool -importkeystore -srckeystore /etc/ssl/certs/java/cacerts -destkeystore /usr/local/cloud/systemvm/certs/realhostip.keystore -srcstorepass changeit -deststorepass vmops.com -noprompt || true - return 0 -} - -CMDLINE=/var/cache/cloud/cmdline -PATCH_MOUNT=$1 -TYPE=$2 - -# Refresh and setup systemd -chmod -x /etc/systemd/system/cloud*.service -systemctl daemon-reload - -echo "Patching systemvm for cloud service with mount=$PATCH_MOUNT for type=$TYPE" >> $logfile - -if [ "$TYPE" == "consoleproxy" ] || [ "$TYPE" == "secstorage" ] && [ -f ${PATCH_MOUNT}/agent.zip ] -then - patch_systemvm ${PATCH_MOUNT}/agent.zip - if [ $? -gt 0 ] - then - echo "Failed to apply patch systemvm\n" >> $logfile - exit 1 - fi -fi diff --git a/systemvm/debian/opt/cloud/bin/setup/router.sh b/systemvm/debian/opt/cloud/bin/setup/router.sh index 6bb3b6f..e1fe8cd 100755 --- a/systemvm/debian/opt/cloud/bin/setup/router.sh +++ b/systemvm/debian/opt/cloud/bin/setup/router.sh @@ -96,7 +96,9 @@ setup_router() { sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4 # Setup hourly logrotate - mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1 + if [ -f /etc/cron.daily/logrotate ]; then + mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1 + fi } routing_svcs diff --git a/systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh b/systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh index af111ad..9e6cdb7 100755 --- a/systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh +++ b/systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh @@ -108,8 +108,10 @@ EOF echo 0 > /var/cache/cloud/dnsmasq_managed_lease fi - #setup hourly logrotate - mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1 + # Setup hourly logrotate + if [ -f /etc/cron.daily/logrotate ]; then + mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1 + fi } routing_svcs diff --git a/tools/appliance/systemvmtemplate/scripts/install_systemvm_packages.sh b/tools/appliance/systemvmtemplate/scripts/install_systemvm_packages.sh index 585b38d..c855341 100644 --- a/tools/appliance/systemvmtemplate/scripts/install_systemvm_packages.sh +++ b/tools/appliance/systemvmtemplate/scripts/install_systemvm_packages.sh @@ -67,6 +67,7 @@ function install_packages() { libtcnative-1 libssl-dev libapr1-dev \ python-flask \ haproxy \ + haveged \ radvd \ sharutils genisoimage aria2 \ strongswan libcharon-extra-plugins libstrongswan-extra-plugins \