From 5516f74fcefa7b67fa56e1a10d78c1369993c191 Mon Sep 17 00:00:00 2001
From: Abhishek Kumar <abhishek.mrt22@gmail.com>
Date: Mon, 12 Dec 2022 17:41:54 +0530
Subject: [PATCH] systemvm: fix management route (#6921)

Fixes #6873
When the management server is in a different subnet than the pod in which a VPC VR is deployed, an ip route must be added just after creation of eth0 to allow the connectivity between the VR and the management server.

Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com>
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Co-authored-by: Rohit Yadav <rohit.yadav@shapeblue.com>
---
 pom.xml                                       |  2 +-
 systemvm/debian/opt/cloud/bin/setup/common.sh | 19 +++++++++++++++++++
 systemvm/debian/opt/cloud/bin/setup/init.sh   |  1 +
 .../debian/opt/cloud/bin/setup/vpcrouter.sh   | 10 +---------
 tools/appliance/README.md                     |  2 +-
 .../scripts/configure_systemvm_services.sh    |  6 +++---
 .../appliance/systemvmtemplate/template.json  |  6 +++---
 7 files changed, 29 insertions(+), 17 deletions(-)

diff --git a/pom.xml b/pom.xml
index b4a1673436b..3d3ba78a86b 100644
--- a/pom.xml
+++ b/pom.xml
@@ -49,7 +49,7 @@
         <!-- keep in alphabetic order -->
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
         <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
-        <project.systemvm.template.version>4.17.0.0</project.systemvm.template.version>
+        <project.systemvm.template.version>4.17.2.0</project.systemvm.template.version>
         <sonar.organization>apache</sonar.organization>
         <sonar.host.url>https://sonarcloud.io</sonar.host.url>
 
diff --git a/systemvm/debian/opt/cloud/bin/setup/common.sh b/systemvm/debian/opt/cloud/bin/setup/common.sh
index 18a78311aee..7b1694c0c21 100755
--- a/systemvm/debian/opt/cloud/bin/setup/common.sh
+++ b/systemvm/debian/opt/cloud/bin/setup/common.sh
@@ -576,6 +576,25 @@ setup_vpc_apache2() {
   setup_apache2_common
 }
 
+setup_vpc_mgmt_route() {
+  log_it "Set up route for management network: $MGMTNET via local gateway: $LOCAL_GW for device eth$1 for hypervisor: $HYPERVISOR"
+  if [ -n "$MGMTNET"  -a -n "$LOCAL_GW" ]
+  then
+    mgmt_route_rule="$MGMTNET via $LOCAL_GW dev eth${1}"
+    if [ "$HYPERVISOR" == "vmware" ] || [ "$HYPERVISOR" == "hyperv" ];
+    then
+      exist=`sudo ip route show $mgmt_route_rule | wc -l`
+      if [ $exist -eq 0 ]
+      then
+          log_it "Add route for management network via local gateway, hypervisor: $HYPERVISOR, rule: $mgmt_route_rule"
+          sudo ip route add $mgmt_route_rule
+          # workaround to activate vSwitch under VMware
+          timeout 3 ping -n -c 3 $LOCAL_GW || true
+      fi
+    fi
+  fi
+}
+
 clean_ipalias_config() {
   rm -f /etc/apache2/conf.d/ports.*.meta-data.conf
   rm -f /etc/apache2/sites-available/ipAlias*
diff --git a/systemvm/debian/opt/cloud/bin/setup/init.sh b/systemvm/debian/opt/cloud/bin/setup/init.sh
index 4795acf9cc3..436b8349336 100644
--- a/systemvm/debian/opt/cloud/bin/setup/init.sh
+++ b/systemvm/debian/opt/cloud/bin/setup/init.sh
@@ -190,6 +190,7 @@ setup_interface_sshd() {
   elif [ "$TYPE" == "vpcrouter" ]; then
     init_interfaces "eth0"
     setup_interface "0" $ETH0_IP $ETH0_MASK $GW
+    setup_vpc_mgmt_route "0"
     setup_sshd $ETH0_IP "eth0"
 
   elif [ "$TYPE" == "ilbvm" ]; then
diff --git a/systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh b/systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh
index 7b224d9c73f..097fecde80d 100755
--- a/systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh
+++ b/systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh
@@ -54,15 +54,7 @@ setup_vpcrouter() {
     echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf
     echo "nameserver $NS2" >> /etc/resolv.conf
   fi
-  if [ -n "$MGMTNET"  -a -n "$LOCAL_GW" ]
-  then
-     if [ "$HYPERVISOR" == "vmware" ] || [ "$HYPERVISOR" == "hyperv" ];
-     then
-         ip route add $MGMTNET via $LOCAL_GW dev eth0
-         # workaround to activate vSwitch under VMware
-         timeout 3 ping -n -c 3 $LOCAL_GW || true
-     fi
-  fi
+  setup_vpc_mgmt_route "0"
 
   ip route delete default
   # create route table for static route
diff --git a/tools/appliance/README.md b/tools/appliance/README.md
index 6d8370fdfa4..09f6fc0221d 100644
--- a/tools/appliance/README.md
+++ b/tools/appliance/README.md
@@ -26,7 +26,7 @@ CentOS based built-in user VM template.
 # Setting up Tools and Environment
 
 - Install packer and latest KVM, qemu on a Linux machine
-- Install tools for exporting appliances: qemu-img, ovftool, faketime
+- Install tools for exporting appliances: qemu-img, ovftool, faketime, sharutils
 - Build and install `vhd-util` as described in build.sh or use pre-built
   binaries at:
 
diff --git a/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh b/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh
index 115d340fe84..d40cbb89537 100644
--- a/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh
+++ b/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh
@@ -19,7 +19,7 @@
 set -e
 set -x
 
-CLOUDSTACK_RELEASE=4.17.0
+CLOUDSTACK_RELEASE=4.17.2
 
 function configure_apache2() {
    # Enable ssl, rewrite and auth
@@ -50,10 +50,10 @@ function configure_cacerts() {
   CDIR=$(pwd)
   cd /tmp
   # Add LetsEncrypt ca-cert
-  wget https://letsencrypt.org/certs/lets-encrypt-r3.der
   wget https://letsencrypt.org/certs/isrgrootx1.der
-  keytool -trustcacerts -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -importcert -alias letsencryptauthorityr3 -file lets-encrypt-r3.der
+  wget https://letsencrypt.org/certs/lets-encrypt-r3.der
   keytool -trustcacerts -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -importcert -alias letsencryptauthorityx1 -file isrgrootx1.der
+  keytool -trustcacerts -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -importcert -alias letsencryptauthorityr3 -file lets-encrypt-r3.der
   rm -f lets-encrypt-r3.der isrgrootx1.der
   cd $CDIR
 }
diff --git a/tools/appliance/systemvmtemplate/template.json b/tools/appliance/systemvmtemplate/template.json
index 960f24a75ff..4ce996b416d 100644
--- a/tools/appliance/systemvmtemplate/template.json
+++ b/tools/appliance/systemvmtemplate/template.json
@@ -23,12 +23,12 @@
       ],
       "boot_wait": "5s",
       "disk_interface": "virtio",
-      "disk_size": "4000M",
+      "disk_size": "5000M",
       "format": "qcow2",
       "headless": true,
       "http_directory": "http",
-      "iso_checksum": "sha512:2810f894afab9ac2631ddd097599761c1481b85e629d6a3197fe1488713af048d37241eb85def681ba86e62b406dd9b891ee1ae7915416335b6bb000d57c1e53",
-      "iso_url": "https://cdimage.debian.org/debian-cd/11.3.0/amd64/iso-cd/debian-11.3.0-amd64-netinst.iso",
+      "iso_checksum": "sha512:6a6607a05d57b7c62558e9c462fe5c6c04b9cfad2ce160c3e9140aa4617ab73aff7f5f745dfe51bbbe7b33c9b0e219a022ad682d6c327de0e53e40f079abf66a",
+      "iso_url": "https://cdimage.debian.org/debian-cd/11.5.0/amd64/iso-cd/debian-11.5.0-amd64-netinst.iso",
       "net_device": "virtio-net",
       "output_directory": "../dist",
       "qemuargs": [