systemvm: fix management route (#6921)

Fixes #6873 When the management server is in a different subnet than the pod in which a VPC VR is deployed, an ip route must be added just after creation of eth0 to allow the connectivity between the VR and the management server. Signed-off-by: Abhishek Kumar <abhishek.mrt22@gmail.com> Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com> Co-authored-by: Rohit Yadav <rohit.yadav@shapeblue.com>
2025-10-26 08:42:29 +01:00 · 2022-12-12 17:41:54 +05:30 · 2022-12-12 17:41:54 +05:30 · 5516f74fce
commit 5516f74fce
parent 4de66f9855
7 changed files with 29 additions and 17 deletions
--- a/pom.xml
+++ b/pom.xml
@ -49,7 +49,7 @@
        <!-- keep in alphabetic order -->
        <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
        <project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
-        <project.systemvm.template.version>4.17.0.0</project.systemvm.template.version>
+        <project.systemvm.template.version>4.17.2.0</project.systemvm.template.version>
        <sonar.organization>apache</sonar.organization>
        <sonar.host.url>https://sonarcloud.io</sonar.host.url>

--- a/systemvm/debian/opt/cloud/bin/setup/common.sh
+++ b/systemvm/debian/opt/cloud/bin/setup/common.sh
@ -576,6 +576,25 @@ setup_vpc_apache2() {
  setup_apache2_common
 }

+setup_vpc_mgmt_route() {
+  log_it "Set up route for management network: $MGMTNET via local gateway: $LOCAL_GW for device eth$1 for hypervisor: $HYPERVISOR"
+  if [ -n "$MGMTNET"  -a -n "$LOCAL_GW" ]
+  then
+    mgmt_route_rule="$MGMTNET via $LOCAL_GW dev eth${1}"
+    if [ "$HYPERVISOR" == "vmware" ] || [ "$HYPERVISOR" == "hyperv" ];
+    then
+      exist=`sudo ip route show $mgmt_route_rule | wc -l`
+      if [ $exist -eq 0 ]
+      then
+          log_it "Add route for management network via local gateway, hypervisor: $HYPERVISOR, rule: $mgmt_route_rule"
+          sudo ip route add $mgmt_route_rule
+          # workaround to activate vSwitch under VMware
+          timeout 3 ping -n -c 3 $LOCAL_GW || true
+      fi
+    fi
+  fi
+}
+
 clean_ipalias_config() {
  rm -f /etc/apache2/conf.d/ports.*.meta-data.conf
  rm -f /etc/apache2/sites-available/ipAlias*
--- a/systemvm/debian/opt/cloud/bin/setup/init.sh
+++ b/systemvm/debian/opt/cloud/bin/setup/init.sh
@ -190,6 +190,7 @@ setup_interface_sshd() {
  elif [ "$TYPE" == "vpcrouter" ]; then
    init_interfaces "eth0"
    setup_interface "0" $ETH0_IP $ETH0_MASK $GW
+    setup_vpc_mgmt_route "0"
    setup_sshd $ETH0_IP "eth0"

  elif [ "$TYPE" == "ilbvm" ]; then
--- a/systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh
+++ b/systemvm/debian/opt/cloud/bin/setup/vpcrouter.sh
@ -54,15 +54,7 @@ setup_vpcrouter() {
    echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf
    echo "nameserver $NS2" >> /etc/resolv.conf
  fi
-  if [ -n "$MGMTNET"  -a -n "$LOCAL_GW" ]
-  then
-     if [ "$HYPERVISOR" == "vmware" ] || [ "$HYPERVISOR" == "hyperv" ];
-     then
-         ip route add $MGMTNET via $LOCAL_GW dev eth0
-         # workaround to activate vSwitch under VMware
-         timeout 3 ping -n -c 3 $LOCAL_GW || true
-     fi
-  fi
+  setup_vpc_mgmt_route "0"

  ip route delete default
  # create route table for static route
--- a/tools/appliance/README.md
+++ b/tools/appliance/README.md
@ -26,7 +26,7 @@ CentOS based built-in user VM template.
 # Setting up Tools and Environment

 - Install packer and latest KVM, qemu on a Linux machine
- Install tools for exporting appliances: qemu-img, ovftool, faketime
+- Install tools for exporting appliances: qemu-img, ovftool, faketime, sharutils
 - Build and install `vhd-util` as described in build.sh or use pre-built
  binaries at:

--- a/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh
+++ b/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh
@ -19,7 +19,7 @@
 set -e
 set -x

-CLOUDSTACK_RELEASE=4.17.0
+CLOUDSTACK_RELEASE=4.17.2

 function configure_apache2() {
   # Enable ssl, rewrite and auth
@ -50,10 +50,10 @@ function configure_cacerts() {
  CDIR=$(pwd)
  cd /tmp
  # Add LetsEncrypt ca-cert
-  wget https://letsencrypt.org/certs/lets-encrypt-r3.der
  wget https://letsencrypt.org/certs/isrgrootx1.der
-  keytool -trustcacerts -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -importcert -alias letsencryptauthorityr3 -file lets-encrypt-r3.der
+  wget https://letsencrypt.org/certs/lets-encrypt-r3.der
  keytool -trustcacerts -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -importcert -alias letsencryptauthorityx1 -file isrgrootx1.der
+  keytool -trustcacerts -keystore /etc/ssl/certs/java/cacerts -storepass changeit -noprompt -importcert -alias letsencryptauthorityr3 -file lets-encrypt-r3.der
  rm -f lets-encrypt-r3.der isrgrootx1.der
  cd $CDIR
 }
--- a/tools/appliance/systemvmtemplate/template.json
+++ b/tools/appliance/systemvmtemplate/template.json
@ -23,12 +23,12 @@
      ],
      "boot_wait": "5s",
      "disk_interface": "virtio",
-      "disk_size": "4000M",
+      "disk_size": "5000M",
      "format": "qcow2",
      "headless": true,
      "http_directory": "http",
-      "iso_checksum": "sha512:2810f894afab9ac2631ddd097599761c1481b85e629d6a3197fe1488713af048d37241eb85def681ba86e62b406dd9b891ee1ae7915416335b6bb000d57c1e53",
-      "iso_url": "https://cdimage.debian.org/debian-cd/11.3.0/amd64/iso-cd/debian-11.3.0-amd64-netinst.iso",
+      "iso_checksum": "sha512:6a6607a05d57b7c62558e9c462fe5c6c04b9cfad2ce160c3e9140aa4617ab73aff7f5f745dfe51bbbe7b33c9b0e219a022ad682d6c327de0e53e40f079abf66a",
+      "iso_url": "https://cdimage.debian.org/debian-cd/11.5.0/amd64/iso-cd/debian-11.5.0-amd64-netinst.iso",
      "net_device": "virtio-net",
      "output_directory": "../dist",
      "qemuargs": [