CLOUDSTACK-1066: fixes

cloudstack-packages: fixes install_packages (diff -> diffutils),
                     use debconf-set-selections for iptables-persistent
preseed.cfg : change root password, use separate partitions for /usr /var /home
definition.rb: reset timeout to sane value
cleanup.sh, zerodisk.sh: move wipe of root directory to zerodisk

tools/appliance/definitions/systemvmtemplate/cleanup.sh

@@ -35,5 +35,3 @@ rm /lib/udev/rules.d/75-persistent-net-generator.rules
 echo "Adding a 2 sec delay to the interface up, to make the dhclient happy"
 echo "pre-up sleep 2" >> /etc/network/interfaces
 
-#clean up stuff copied in by veewee
-rm -f /root/*

tools/appliance/definitions/systemvmtemplate/cloudstack-packages.sh

@@ -17,6 +17,7 @@
 
 
 ROOTPW=password
+HOSTNAME=systemvm
 CLOUDSTACK_RELEASE=4.2.0
 
 
@@ -25,7 +26,10 @@ install_packages() {
   DEBIAN_PRIORITY=critical
 
   #basic stuff
-   apt-get --no-install-recommends -q -y --force-yes install rsyslog logrotate cron chkconfig insserv net-tools ifupdown vim-tiny netbase iptables openssh-server grub-legacy e2fsprogs dhcp3-client dnsmasq tcpdump socat wget  python bzip2 sed gawk diff grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps monit inetutils-ping iputils-arping httping dnsutils zip unzip ethtool uuid file iproute acpid iptables-persistent virt-what sudo
+   apt-get --no-install-recommends -q -y --force-yes install rsyslog logrotate cron chkconfig insserv net-tools ifupdown vim-tiny netbase iptables 
+   apt-get --no-install-recommends -q -y --force-yes install openssh-server grub-legacy e2fsprogs dhcp3-client dnsmasq tcpdump socat wget  
+   apt-get --no-install-recommends -q -y --force-yes install python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps monit inetutils-ping iputils-arping httping 
+   apt-get --no-install-recommends -q -y --force-yes install dnsutils zip unzip ethtool uuid file iproute acpid virt-what sudo 
 
   #sysstat
   echo 'sysstat sysstat/enable boolean true' | debconf-set-selections
@@ -38,22 +42,27 @@ install_packages() {
   apt-get --no-install-recommends -q -y --force-yes install dnsmasq
   #nfs client
   apt-get --no-install-recommends -q -y --force-yes install nfs-common
+
   #vpn stuff
   apt-get --no-install-recommends -q -y --force-yes install xl2tpd bcrelay ppp ipsec-tools tdb-tools
   echo "openswan openswan/install_x509_certificate boolean false" | debconf-set-selections
   echo "openswan openswan/install_x509_certificate seen true" | debconf-set-selections
-  chroot .  apt-get --no-install-recommends -q -y --force-yes install openswan
+  apt-get --no-install-recommends -q -y --force-yes install openswan
+
   #vmware tools
   apt-get --no-install-recommends -q -y --force-yes install open-vm-tools
   #xenstore utils
   apt-get --no-install-recommends -q -y --force-yes install xenstore-utils libxenstore3.0
-  #keepalived and conntrackd
+  #keepalived and conntrackd for redundant router
   apt-get --no-install-recommends -q -y --force-yes install keepalived conntrackd ipvsadm libnetfilter-conntrack3 libnl1
   #ipcalc
   apt-get --no-install-recommends -q -y --force-yes install ipcalc
   #java
   apt-get --no-install-recommends -q -y --force-yes install  default-jre-headless
 
+  echo "iptables-persistent iptables-persistent/autosave_v4 boolean true" | debconf-set-selections
+  echo "iptables-persistent iptables-persistent/autosave_v6 boolean true" | debconf-set-selections
+  apt-get --no-install-recommends -q -y --force-yes install iptables-persistent
 }
 
 accounts() {
@@ -61,8 +70,10 @@ accounts() {
   groupadd -r admin
   #create a 'cloud' user
   useradd -G admin cloud
-  echo "root:password" | chpasswd
+  echo "root:$PASSWORD" | chpasswd
-  echo "cloud:password" | chpasswd
+  #FIXME: create random password for cloud
+  #FIXME: disable password auth in sshd (final step, after veewee is done) 
+  #echo "cloud:password" | chpasswd
   sed -i -e '/Defaults\s\+env_reset/a Defaults\texempt_group=admin' /etc/sudoers
   sed -i -e 's/%admin ALL=(ALL) ALL/%admin ALL=NOPASSWD:ALL/g' /etc/sudoers
   
@@ -71,14 +82,62 @@ accounts() {
 
 }
 
+fix_nameserver() {
+  #replace /etc/resolv.conf also
+  cat > /etc/resolv.conf << EOF
+nameserver 8.8.8.8
+nameserver 4.4.4.4
+EOF
+
+}
+
 do_fixes() {
   #fix hostname in openssh-server generated keys
-  sed -i "s/root@\(.*\)$/root@systemvm/g" /etc/ssh/ssh_host_*.pub
+  sed -i "s/root@\(.*\)$/root@$HOSTNAME/g" /etc/ssh/ssh_host_*.pub
+  #fix hostname to override one provided by dhcp during vm build
+  echo "$HOSTNAME" > /etc/hostname
+  hostname $HOSTNAME
+  #delete entry in /etc/hosts derived from dhcp
+  sed -i '/127.0.1.1/d' /etc/hosts 
+
+  #fix_nameserver FIXME needed after veewee finishes
+}
+
+configure_apache2() {
+   #enable ssl, rewrite and auth
+   a2enmod ssl rewrite auth_basic auth_digest
+   a2ensite default-ssl
+   #backup stock apache configuration since we may modify it in Secondary Storage VM
+   cp /etc/apache2/sites-available/default /etc/apache2/sites-available/default.orig
+   cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/default-ssl.orig
+}
+
+services() {
+  mkdir -p /var/www/html
+  mkdir -p /opt/cloud/bin
+  mkdir -p /var/cache/cloud
+  mkdir -p /usr/share/cloud
+  mkdir -p /usr/local/cloud
+  mkdir -p /root/.ssh
+  #Fix haproxy directory issue
+  mkdir -p /var/lib/haproxy
+  
+  #FIXME: need a way to copy from git repo (perhaps wget from git-wip-us.apache.org?)
+  #/bin/cp -r ${scriptdir}/config/* ./
+  chkconfig xl2tpd off
+  #chkconfig --add cloud-early-config
+  #chkconfig cloud-early-config on
+  #chkconfig --add cloud-passwd-srvr 
+  #chkconfig cloud-passwd-srvr off
+  #chkconfig --add cloud
+  #chkconfig cloud off
+  chkconfig monit off
 }
 
 signature() {
   mkdir -p /var/cache/cloud/
   touch /var/cache/cloud/cloud-scripts-signature
+  #FIXME: signature should be generated from scripts package that can get updated
   echo "Cloudstack Release $CLOUDSTACK_RELEASE $(date)" > /etc/cloudstack-release
 }
 
@@ -87,4 +146,6 @@ install_packages
 echo "*************DONE INSTALLING PACKAGES********************"
 accounts
 do_fixes
+configure_apache2
+services
 signature

tools/appliance/definitions/systemvmtemplate/definition.rb

@@ -58,5 +58,5 @@ Veewee::Definition.declare({
     "cleanup.sh",
     "zerodisk.sh"
   ],
-  :postinstall_timeout => "100000"
+  :postinstall_timeout => "10000"
 })

tools/appliance/definitions/systemvmtemplate/preseed.cfg

@@ -58,8 +58,8 @@ d-i netcfg/choose_interface select auto
 # Any hostname and domain names assigned from dhcp take precedence over
 # values set here. However, setting the values still prevents the questions
 # from being shown, even if values come from dhcp.
-#d-i netcfg/get_hostname string vagrant
+d-i netcfg/get_hostname string systemvm
-d-i netcfg/get_domain string vagrantup.com
+d-i netcfg/get_domain string cloudstack.org
 
 # Disable that annoying WEP key dialog.
 d-i netcfg/wireless_wep string
@@ -137,7 +137,7 @@ d-i partman-auto-lvm/guided_size string max
 # - atomic: all files in one partition
 # - home:   separate /home partition
 # - multi:  separate /home, /usr, /var, and /tmp partitions
-d-i partman-auto/choose_recipe select atomic
+d-i partman-auto/choose_recipe select multi
 d-i partman/default_filesystem string ext3
 
 # Or provide a recipe of your own...
@@ -192,8 +192,8 @@ d-i passwd/root-login boolean true
 #d-i passwd/make-user boolean false
 
 # Root password, either in clear text
-d-i passwd/root-password password vagrant
+d-i passwd/root-password password password
-d-i passwd/root-password-again password vagrant
+d-i passwd/root-password-again password password
 # or encrypted using an MD5 hash.
 #d-i passwd/root-password-crypted password [MD5 hash]
 

tools/appliance/definitions/systemvmtemplate/zerodisk.sh

@@ -15,6 +15,9 @@
 # specific language governing permissions and limitations
 # under the License.
 
+#clean up stuff copied in by veewee
+rm -f /root/*
+
 # Zero out the free space to save space in the final image:
 dd if=/dev/zero of=/EMPTY bs=1M
 rm -f /EMPTY