From 3bd723ca069ac0fae1c88527e99ae3c0dd0f1d79 Mon Sep 17 00:00:00 2001
From: Pearl Dsilva <pearl1594@gmail.com>
Date: Fri, 29 Apr 2022 08:31:11 +0530
Subject: [PATCH] Change patch path during live patching of systemVMs  (#6328)

* Improve log when live patching fails

* change patching path from /tmp to /var/cache/clou

* add iptable rule for console proxy (novnc)

* temporary template paths

* revert pom xml to original paths
---
 .../wrapper/LibvirtPatchSystemVmCommandWrapper.java        | 4 ++--
 .../kvm/resource/wrapper/LibvirtStartCommandWrapper.java   | 3 ++-
 .../cloud/hypervisor/vmware/resource/VmwareResource.java   | 6 +++---
 .../wrapper/xenbase/CitrixPatchSystemVmCommandWrapper.java | 2 +-
 .../wrapper/xenbase/CitrixStartCommandWrapper.java         | 3 ++-
 scripts/vm/hypervisor/xenserver/vmops                      | 2 +-
 systemvm/debian/opt/cloud/bin/setup/bootstrap.sh           | 2 +-
 systemvm/debian/opt/cloud/bin/setup/cloud-early-config     | 6 +++---
 systemvm/patch-sysvms.sh                                   | 7 +++++--
 9 files changed, 20 insertions(+), 15 deletions(-)

diff --git a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtPatchSystemVmCommandWrapper.java b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtPatchSystemVmCommandWrapper.java
index 691d34fd709..104fd663292 100644
--- a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtPatchSystemVmCommandWrapper.java
+++ b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtPatchSystemVmCommandWrapper.java
@@ -69,9 +69,9 @@ public class LibvirtPatchSystemVmCommandWrapper extends CommandWrapper<PatchSyst
 
         Pair<Boolean, String> patchResult = null;
         try {
-            FileUtil.scpPatchFiles(controlIp, "/tmp/", sshPort, pemFile, serverResource.systemVmPatchFiles, LibvirtComputingResource.BASEPATH);
+            FileUtil.scpPatchFiles(controlIp, VRScripts.CONFIG_CACHE_LOCATION, sshPort, pemFile, serverResource.systemVmPatchFiles, LibvirtComputingResource.BASEPATH);
             patchResult = SshHelper.sshExecute(controlIp, sshPort, "root",
-                    pemFile, null, "/tmp/patch-sysvms.sh", 10000, 10000, 600000);
+                    pemFile, null, "/var/cache/cloud/patch-sysvms.sh", 10000, 10000, 600000);
         } catch (Exception e) {
             return new PatchSystemVmAnswer(cmd, e.getMessage());
         }
diff --git a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtStartCommandWrapper.java b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtStartCommandWrapper.java
index bdb86f061e9..7b69993f2e5 100644
--- a/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtStartCommandWrapper.java
+++ b/plugins/hypervisors/kvm/src/main/java/com/cloud/hypervisor/kvm/resource/wrapper/LibvirtStartCommandWrapper.java
@@ -22,6 +22,7 @@ package com.cloud.hypervisor.kvm.resource.wrapper;
 import java.io.File;
 import java.net.URISyntaxException;
 
+import com.cloud.agent.resource.virtualnetwork.VRScripts;
 import com.cloud.utils.FileUtil;
 import org.apache.log4j.Logger;
 import org.libvirt.Connect;
@@ -120,7 +121,7 @@ public final class LibvirtStartCommandWrapper extends CommandWrapper<StartComman
 
                     try {
                         File pemFile = new File(LibvirtComputingResource.SSHPRVKEYPATH);
-                        FileUtil.scpPatchFiles(controlIp, "/tmp/", Integer.parseInt(LibvirtComputingResource.DEFAULTDOMRSSHPORT), pemFile, LibvirtComputingResource.systemVmPatchFiles, LibvirtComputingResource.BASEPATH);
+                        FileUtil.scpPatchFiles(controlIp, VRScripts.CONFIG_CACHE_LOCATION, Integer.parseInt(LibvirtComputingResource.DEFAULTDOMRSSHPORT), pemFile, LibvirtComputingResource.systemVmPatchFiles, LibvirtComputingResource.BASEPATH);
                         if (!virtRouterResource.isSystemVMSetup(vmName, controlIp)) {
                             String errMsg = "Failed to patch systemVM";
                             s_logger.error(errMsg);
diff --git a/plugins/hypervisors/vmware/src/main/java/com/cloud/hypervisor/vmware/resource/VmwareResource.java b/plugins/hypervisors/vmware/src/main/java/com/cloud/hypervisor/vmware/resource/VmwareResource.java
index 2180152ab06..3b3ebd88ea8 100644
--- a/plugins/hypervisors/vmware/src/main/java/com/cloud/hypervisor/vmware/resource/VmwareResource.java
+++ b/plugins/hypervisors/vmware/src/main/java/com/cloud/hypervisor/vmware/resource/VmwareResource.java
@@ -664,7 +664,7 @@ public class VmwareResource extends ServerResourceBase implements StoragePoolRes
         ExecutionResult result;
         try {
             result = getSystemVmVersionAndChecksum(controlIp);
-            FileUtil.scpPatchFiles(controlIp, "/tmp/", DefaultDomRSshPort, pemFile, systemVmPatchFiles, BASEPATH);
+            FileUtil.scpPatchFiles(controlIp, VRScripts.CONFIG_CACHE_LOCATION, DefaultDomRSshPort, pemFile, systemVmPatchFiles, BASEPATH);
         } catch (CloudRuntimeException e) {
             return new PatchSystemVmAnswer(cmd, e.getMessage());
         }
@@ -687,7 +687,7 @@ public class VmwareResource extends ServerResourceBase implements StoragePoolRes
         Pair<Boolean, String> patchResult = null;
         try {
             patchResult = SshHelper.sshExecute(controlIp, DefaultDomRSshPort, "root",
-                    pemFile, null, "/tmp/patch-sysvms.sh", 10000, 10000, 600000);
+                    pemFile, null, "/var/cache/cloud/patch-sysvms.sh", 10000, 10000, 600000);
         } catch (Exception e) {
             return new PatchSystemVmAnswer(cmd, e.getMessage());
         }
@@ -2578,7 +2578,7 @@ public class VmwareResource extends ServerResourceBase implements StoragePoolRes
                 try {
                     String homeDir = System.getProperty("user.home");
                     File pemFile = new File(homeDir + "/.ssh/id_rsa");
-                    FileUtil.scpPatchFiles(controlIp, "/tmp/", DefaultDomRSshPort, pemFile, systemVmPatchFiles, BASEPATH);
+                    FileUtil.scpPatchFiles(controlIp, VRScripts.CONFIG_CACHE_LOCATION, DefaultDomRSshPort, pemFile, systemVmPatchFiles, BASEPATH);
                     if (!_vrResource.isSystemVMSetup(vmInternalCSName, controlIp)) {
                         String errMsg = "Failed to patch systemVM";
                         s_logger.error(errMsg);
diff --git a/plugins/hypervisors/xenserver/src/main/java/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixPatchSystemVmCommandWrapper.java b/plugins/hypervisors/xenserver/src/main/java/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixPatchSystemVmCommandWrapper.java
index 718daec7292..0f37bea15cb 100644
--- a/plugins/hypervisors/xenserver/src/main/java/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixPatchSystemVmCommandWrapper.java
+++ b/plugins/hypervisors/xenserver/src/main/java/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixPatchSystemVmCommandWrapper.java
@@ -68,7 +68,7 @@ public class CitrixPatchSystemVmCommandWrapper extends CommandWrapper<PatchSyste
 
         String patchResult = null;
         try {
-            serverResource.copyPatchFilesToVR(controlIp, "/tmp/");
+            serverResource.copyPatchFilesToVR(controlIp, VRScripts.CONFIG_CACHE_LOCATION);
             patchResult = serverResource.callHostPlugin(conn, "vmops", "runPatchScriptInDomr", "domrip", controlIp);
         } catch (Exception e) {
             return new PatchSystemVmAnswer(command, e.getMessage());
diff --git a/plugins/hypervisors/xenserver/src/main/java/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixStartCommandWrapper.java b/plugins/hypervisors/xenserver/src/main/java/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixStartCommandWrapper.java
index d1b5224f28f..7ba5387d1a3 100644
--- a/plugins/hypervisors/xenserver/src/main/java/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixStartCommandWrapper.java
+++ b/plugins/hypervisors/xenserver/src/main/java/com/cloud/hypervisor/xenserver/resource/wrapper/xenbase/CitrixStartCommandWrapper.java
@@ -25,6 +25,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.Set;
 
+import com.cloud.agent.resource.virtualnetwork.VRScripts;
 import com.cloud.agent.resource.virtualnetwork.VirtualRoutingResource;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.log4j.Logger;
@@ -197,7 +198,7 @@ public final class CitrixStartCommandWrapper extends CommandWrapper<StartCommand
                 }
 
                 try {
-                    citrixResourceBase.copyPatchFilesToVR(controlIp, "/tmp/");
+                    citrixResourceBase.copyPatchFilesToVR(controlIp, VRScripts.CONFIG_CACHE_LOCATION);
                     VirtualRoutingResource vrResource = citrixResourceBase.getVirtualRoutingResource();
                     if (!vrResource.isSystemVMSetup(vmName, controlIp)) {
                         String errMsg = "Failed to patch systemVM";
diff --git a/scripts/vm/hypervisor/xenserver/vmops b/scripts/vm/hypervisor/xenserver/vmops
index de5feb06d21..f1e3b288db6 100755
--- a/scripts/vm/hypervisor/xenserver/vmops
+++ b/scripts/vm/hypervisor/xenserver/vmops
@@ -254,7 +254,7 @@ def runPatchScriptInDomr(session, args):
     txt=""
     try:
         target = "root@" + domrip
-        txt = util.pread2(['ssh','-p','3922','-i','/root/.ssh/id_rsa.cloud', target, "/bin/bash","/tmp/patch-sysvms.sh"])
+        txt = util.pread2(['ssh','-p','3922','-i','/root/.ssh/id_rsa.cloud', target, "/bin/bash","/var/cache/cloud/patch-sysvms.sh"])
         txt = 'succ#' + txt
     except:
         logging.debug("failed to run patch script in systemVM with IP:  " + domrip)
diff --git a/systemvm/debian/opt/cloud/bin/setup/bootstrap.sh b/systemvm/debian/opt/cloud/bin/setup/bootstrap.sh
index 4720237543f..3670010c5e9 100755
--- a/systemvm/debian/opt/cloud/bin/setup/bootstrap.sh
+++ b/systemvm/debian/opt/cloud/bin/setup/bootstrap.sh
@@ -55,7 +55,7 @@ patch_systemvm() {
 }
 
 patch() {
-  local PATCH_MOUNT=/tmp/
+  local PATCH_MOUNT=/var/cache/cloud/
   local logfile="/var/log/patchsystemvm.log"
 
   if [ "$TYPE" == "consoleproxy" ] || [ "$TYPE" == "secstorage" ]  && [ -f ${PATCH_MOUNT}/agent.zip ] && [ -f /var/cache/cloud/patch.required ]
diff --git a/systemvm/debian/opt/cloud/bin/setup/cloud-early-config b/systemvm/debian/opt/cloud/bin/setup/cloud-early-config
index d76079b69e4..78191214635 100755
--- a/systemvm/debian/opt/cloud/bin/setup/cloud-early-config
+++ b/systemvm/debian/opt/cloud/bin/setup/cloud-early-config
@@ -41,7 +41,7 @@ validate_checksums() {
 }
 
 patch() {
-  local PATCH_MOUNT=/tmp
+  local PATCH_MOUNT=/var/cache/cloud
   local PATCH_SCRIPTS=cloud-scripts.tgz
   local oldpatchfile=/usr/share/cloud/$PATCH_SCRIPTS
   local patchfile=$PATCH_MOUNT/$PATCH_SCRIPTS
@@ -97,8 +97,8 @@ patch() {
 }
 
 cleanup() {
-  rm -rf /tmp/agent.zip
-  mv /tmp/cloud-scripts.tgz /usr/share/cloud/cloud-scripts.tgz
+  rm -rf /var/cache/cloud/agent.zip
+  mv /var/cache/cloud/cloud-scripts.tgz /usr/share/cloud/cloud-scripts.tgz
 }
 
 start() {
diff --git a/systemvm/patch-sysvms.sh b/systemvm/patch-sysvms.sh
index 62e0dd6f1a8..c2083369be7 100644
--- a/systemvm/patch-sysvms.sh
+++ b/systemvm/patch-sysvms.sh
@@ -17,9 +17,9 @@
 # under the License.
 
 PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
-backupfolder=/tmp/bkpup_live_patch
+backupfolder=/var/cache/cloud/bkpup_live_patch
 logfile="/var/log/livepatchsystemvm.log"
-newpath="/tmp/"
+newpath="/var/cache/cloud/"
 CMDLINE=/var/cache/cloud/cmdline
 md5file=/var/cache/cloud/cloud-scripts-signature
 svcfile=/var/cache/cloud/enabled_svcs
@@ -89,6 +89,9 @@ restart_services() {
         return
       fi
     done < "$svcfile"
+    if [ "$TYPE" == "consoleproxy" ]; then
+      iptables -A INPUT -i eth2 -p tcp -m state --state NEW -m tcp --dport 8080 -j ACCEPT
+    fi
 }
 
 cleanup_systemVM() {