apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Extract systemvm.iso using bsdtar (#3536)

Browse Source 
* Extract systemvm.iso using bsdtar if available.

Signed-off-by: Kai Takahashi <k-takahashi@creationline.com>

* New dependency for CentOS 7 and Debian: bsdtar

bsdtar can extract iso images without mounting.

Signed-off-by: Kai Takahashi <k-takahashi@creationline.com>

* Remove all 'mount' and 'umount' command call(s).

Signed-off-by: Kai Takahashi <k-takahashi@creationline.com>
This commit is contained in:
Kai Takahashi 2020-01-06 19:46:20 +09:00 committed by Andrija Panic
parent d868cd1d6a
commit 8a55c931e8
3 changed files with 19 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
debian/control vendored
View File

@ -9,7 +9,7 @@ Homepage: http://www.cloudstack.org/
Package: cloudstack-common Package: cloudstack-common
Architecture: all Architecture: all
Depends: ${misc:Depends}, ${python:Depends}, genisoimage, nfs-common Depends: ${misc:Depends}, ${python:Depends}, genisoimage, nfs-common, bsdtar
Conflicts: cloud-scripts, cloud-utils, cloud-system-iso, cloud-console-proxy, cloud-daemonize, cloud-deps, cloud-python, cloud-setup Conflicts: cloud-scripts, cloud-utils, cloud-system-iso, cloud-console-proxy, cloud-daemonize, cloud-deps, cloud-python, cloud-setup
Description: A common package which contains files which are shared by several CloudStack packages Description: A common package which contains files which are shared by several CloudStack packages

1
packaging/centos7/cloud.spec
View File

@ -90,6 +90,7 @@ Requires: python
Requires: python3 Requires: python3
Requires: python-argparse Requires: python-argparse
Requires: python-netaddr Requires: python-netaddr
Requires: bsdtar
Group: System Environment/Libraries Group: System Environment/Libraries
%description common %description common
The Apache CloudStack files shared between agent and management server The Apache CloudStack files shared between agent and management server

43
scripts/vm/systemvm/injectkeys.sh
View File

@ -30,35 +30,31 @@ TMPDIR=${TMP}/cloud/systemvm
umask 022 umask 022
clean_up() { clean_up() {
$SUDO umount $MOUNTPATH rm -rf --preserve-root $MOUNTPATH
}
backup_iso() {
$SUDO cp -b ${systemvmpath} ${systemvmpath}.bak
} }
inject_into_iso() { inject_into_iso() {
local isofile=${systemvmpath} local isofile=${systemvmpath}
local newpubkey=$2 local newpubkey=$2
local backup=${isofile}.bak
local tmpiso=${TMP}/$1 local tmpiso=${TMP}/$1
mkdir -p $MOUNTPATH mkdir -p $MOUNTPATH
[ ! -f $isofile ] && echo "$(basename $0): Could not find systemvm iso patch file $isofile" && return 1 [ ! -f $isofile ] && echo "$(basename $0): Could not find systemvm iso patch file $isofile" && return 1
$SUDO mount -o loop $isofile $MOUNTPATH bsdtar -C $MOUNTPATH -xf $isofile
[ $? -ne 0 ] && echo "$(basename $0): Failed to mount original iso $isofile" && clean_up && return 1 [ $? -ne 0 ] && echo "$(basename $0): Failed to extract original iso $isofile" && clean_up && return 1
diff -q $MOUNTPATH/authorized_keys $newpubkey &> /dev/null && clean_up && return 0 diff -q $MOUNTPATH/authorized_keys $newpubkey &> /dev/null && clean_up && return 0
$SUDO cp -b $isofile $backup backup_iso
[ $? -ne 0 ] && echo "$(basename $0): Failed to backup original iso $isofile" && clean_up && return 1 [ $? -ne 0 ] && echo "$(basename $0): Failed to backup original iso $isofile" && clean_up && return 1
rm -rf $TMPDIR $SUDO cp $newpubkey $MOUNTPATH/authorized_keys
mkdir -p $TMPDIR
[ ! -d $TMPDIR ] && echo "$(basename $0): Could not find/create temporary dir $TMPDIR" && clean_up && return 1
$SUDO cp -fr $MOUNTPATH/* $TMPDIR/
[ $? -ne 0 ] && echo "$(basename $0): Failed to copy from original iso $isofile" && clean_up && return 1
$SUDO cp $newpubkey $TMPDIR/authorized_keys
[ $? -ne 0 ] && echo "$(basename $0): Failed to copy key $newpubkey from original iso to new iso " && clean_up && return 1 [ $? -ne 0 ] && echo "$(basename $0): Failed to copy key $newpubkey from original iso to new iso " && clean_up && return 1
mkisofs -quiet -r -o $tmpiso $TMPDIR mkisofs -quiet -r -o $tmpiso $MOUNTPATH
[ $? -ne 0 ] && echo "$(basename $0): Failed to create new iso $tmpiso from $TMPDIR" && clean_up && return 1 [ $? -ne 0 ] && echo "$(basename $0): Failed to create new iso $tmpiso from $MOUNTPATH" && clean_up && return 1
$SUDO umount $MOUNTPATH
[ $? -ne 0 ] && echo "$(basename $0): Failed to unmount old iso from $MOUNTPATH" && return 1
$SUDO cp -f $tmpiso $isofile $SUDO cp -f $tmpiso $isofile
[ $? -ne 0 ] && echo "$(basename $0): Failed to overwrite old iso $isofile with $tmpiso" && return 1 [ $? -ne 0 ] && echo "$(basename $0): Failed to overwrite old iso $isofile with $tmpiso" && return 1
rm -rf $TMPDIR clean_up
} }
copy_priv_key() { copy_priv_key() {
@ -74,7 +70,7 @@ then
SUDO="sudo -n " SUDO="sudo -n "
fi fi
$SUDO mkdir -p $MOUNTPATH mkdir -p $MOUNTPATH
[ $# -ne 3 ] && echo "Usage: $(basename $0) <new public key file> <new private key file> <systemvm iso path>" && exit 3 [ $# -ne 3 ] && echo "Usage: $(basename $0) <new public key file> <new private key file> <systemvm iso path>" && exit 3
newpubkey=$1 newpubkey=$1
@ -85,17 +81,8 @@ systemvmpath=$3
command -v mkisofs > /dev/null || (echo "$(basename $0): mkisofs not found, please install or ensure PATH is accurate" ; exit 4) command -v mkisofs > /dev/null || (echo "$(basename $0): mkisofs not found, please install or ensure PATH is accurate" ; exit 4)
# if running into Docker as unprivileges, skip ssh verification as iso cannot be mounted due to missing loop device. if [ ! -x "$(command -v bsdtar)" ]; then
if [ -f /.dockerenv ]; then echo "bsdtar is unavailable. Skipping ssh key insertion in systemvm.iso"
if [ -e /dev/loop0 ]; then
# it's a docker instance with privileges.
inject_into_iso systemvm.iso $newpubkey
[ $? -ne 0 ] && exit 5
copy_priv_key $newprivkey
else
# this mean it's a docker instance, ssh key cannot be verify.
echo "We run inside Docker, skipping ssh key insertion in systemvm.iso"
fi
else else
inject_into_iso systemvm.iso $newpubkey inject_into_iso systemvm.iso $newpubkey
[ $? -ne 0 ] && exit 5 [ $? -ne 0 ] && exit 5