apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

bug 11056: Add customized iptables and kernel modules to the system template

Browse Source 
The new kernel module xt_CHECKSUM.ko is based on [1], and back ported to 2.6.32
kernel. New iptables is based on adding a new extension from [2].

[1]https://lwn.net/Articles/396466/
[2]https://git.netfilter.org/cgi-bin/gitweb.cgi?p=iptables.git;a=commit;h=9d1b11102b53103c00b7fddf4658a4d2bdee1338

status 11056: resolved fixed
This commit is contained in:
Sheng Yang 2011-12-28 17:35:09 -08:00
parent 899f512a41
commit aeda3f3a1c
6 changed files with 29 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
patches/systemvm/debian/buildsystemvm.sh
View File

@ -31,7 +31,7 @@ HOSTNAME=systemvm
SIZE=2000 SIZE=2000
DEBIAN_MIRROR=ftp.us.debian.org/debian DEBIAN_MIRROR=ftp.us.debian.org/debian
MINIMIZE=true MINIMIZE=true
CLOUDSTACK_RELEASE=2.2 CLOUDSTACK_RELEASE=3.0
offset=4096 offset=4096
baseimage() { baseimage() {
mkdir -p $LOCATION mkdir -p $LOCATION
@ -382,6 +382,8 @@ packages() {
chroot . apt-get --no-install-recommends -q -y --force-yes install xenstore-utils libxenstore3.0 chroot . apt-get --no-install-recommends -q -y --force-yes install xenstore-utils libxenstore3.0
#keepalived and conntrackd #keepalived and conntrackd
chroot . apt-get --no-install-recommends -q -y --force-yes install keepalived conntrackd ipvsadm libnetfilter-conntrack3 libnl1 chroot . apt-get --no-install-recommends -q -y --force-yes install keepalived conntrackd ipvsadm libnetfilter-conntrack3 libnl1
#ipcalc
chroot . apt-get --no-install-recommends -q -y --force-yes install ipcalc
echo "***** getting sun jre 6*********" echo "***** getting sun jre 6*********"
chroot . echo 'sun-java6-bin shared/accepted-sun-dlj-v1-1 boolean true chroot . echo 'sun-java6-bin shared/accepted-sun-dlj-v1-1 boolean true
@ -391,7 +393,6 @@ packages() {
sun-java6-bin shared/present-sun-dlj-v1-1 note sun-java6-bin shared/present-sun-dlj-v1-1 note
sun-java6-jre shared/present-sun-dlj-v1-1 note ' | chroot . debconf-set-selections sun-java6-jre shared/present-sun-dlj-v1-1 note ' | chroot . debconf-set-selections
chroot . apt-get --no-install-recommends -q -y install sun-java6-jre chroot . apt-get --no-install-recommends -q -y install sun-java6-jre
} }
@ -427,6 +428,16 @@ services() {
chroot . chkconfig monit off chroot . chkconfig monit off
} }
dhcp_fix() {
#deal with virtio DHCP issue, copy and install customized kernel module and iptables
mkdir -p tmp
cp /tmp/systemvm/xt_CHECKSUM.ko lib/modules/2.6.32-5-686-bigmem/kernel/net/netfilter
chroot . depmod -a 2.6.32-5-686-bigmem
cp /tmp/systemvm/iptables_1.4.8-3local1checksum1_i386.deb tmp/
chroot . dpkg -i tmp/iptables_1.4.8-3local1checksum1_i386.deb
rm tmp/iptables_1.4.8-3local1checksum1_i386.deb
}
cleanup() { cleanup() {
rm -f usr/sbin/policy-rc.d rm -f usr/sbin/policy-rc.d
rm -f root/config.dat rm -f root/config.dat
@ -468,6 +479,11 @@ MOUNTPOINT=/mnt/$IMAGENAME/
IMAGELOC=$LOCATION/$IMAGENAME.img IMAGELOC=$LOCATION/$IMAGENAME.img
scriptdir=$(dirname $PWD/$0) scriptdir=$(dirname $PWD/$0)
rm -rf /tmp/systemvm
mkdir -p /tmp/systemvm
cp ./xt_CHECKSUM.ko /tmp/systemvm
cp ./iptables_1.4.8-3local1checksum1_i386.deb /tmp/systemvm
rm -f $IMAGELOC rm -f $IMAGELOC
begin=$(date +%s) begin=$(date +%s)
echo "*************INSTALLING BASEIMAGE********************" echo "*************INSTALLING BASEIMAGE********************"
@ -528,6 +544,9 @@ apache2
echo "*************CONFIGURING VPN********************" echo "*************CONFIGURING VPN********************"
vpn_config vpn_config
echo "*************FIX DHCP ISSUE********************"
dhcp_fix
echo "*************CLEANING UP********************" echo "*************CLEANING UP********************"
cleanup cleanup

9
patches/systemvm/debian/config/etc/iptables/iptables-router
View File

@ -23,4 +23,11 @@ COMMIT
-A FORWARD -i eth0 -o eth2 -j ACCEPT -A FORWARD -i eth0 -o eth2 -j ACCEPT
-A FORWARD -i eth2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT COMMIT
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -p udp --dport bootpc -j CHECKSUM --checksum-fill
COMMIT

24
patches/systemvm/debian/config/root/checkrouter.sh
View File

@ -1,24 +0,0 @@
#!/bin/bash
source /root/func.sh
lock="rrouter"
locked=$(getLockFile $lock)
if [ "$locked" != "1" ]
then
exit 1
fi
bumped="Bumped: NO"
if [ -e /tmp/rrouter_bumped ]
then
bumped="Bumped: YES"
fi
stat=`tail -n 1 /root/keepalived.log | grep "Status"`
if [ $? -eq 0 ]
then
echo "$stat&$bumped"
fi
unlock_exit $? $lock $locked

101
patches/systemvm/debian/config/root/edithosts.sh.orig
View File

@ -1,101 +0,0 @@
#!/usr/bin/env bash
#
# Copyright (C) 2010 Cloud.com, Inc. All rights reserved.
#
# This software is licensed under the GNU General Public License v3 or later.
#
# It is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
#
# edithosts.sh -- edit the dhcphosts file on the routing domain
# $1 : the mac address
# $2 : the associated ip address
# $3 : the hostname
source /root/func.sh
lock="biglock"
locked=$(getLockFile $lock)
if [ "$locked" != "1" ]
then
exit 1
fi
lock_rr="rrouter"
locked_rr=$(getLockFile $lock_rr)
if [ "$locked_rr" != "1" ]
then
exit 1
fi
grep "redundant_router=1" /var/cache/cloud/cmdline > /dev/null
no_redundant=$?
wait_for_dnsmasq () {
local _pid=$(pidof dnsmasq)
for i in 0 1 2 3 4 5 6 7 8 9 10
do
sleep 1
_pid=$(pidof dnsmasq)
[ "$_pid" != "" ] && break;
done
[ "$_pid" != "" ] && return 0;
logger -t cloud "edithosts: timed out waiting for dnsmasq to start"
return 1
}
logger -t cloud "edithosts: update $1 $2 $3 to hosts"
[ ! -f /etc/dhcphosts.txt ] && touch /etc/dhcphosts.txt
[ ! -f /var/lib/misc/dnsmasq.leases ] && touch /var/lib/misc/dnsmasq.leases
#delete any previous entries from the dhcp hosts file
sed -i /$1/d /etc/dhcphosts.txt
sed -i /$2,/d /etc/dhcphosts.txt
sed -i /$3,/d /etc/dhcphosts.txt
#put in the new entry
echo "$1,$2,$3,infinite" >>/etc/dhcphosts.txt
#delete leases to supplied mac and ip addresses
sed -i /$1/d /var/lib/misc/dnsmasq.leases
sed -i /"$2 "/d /var/lib/misc/dnsmasq.leases
sed -i /"$3 "/d /var/lib/misc/dnsmasq.leases
#put in the new entry
echo "0 $1 $2 $3 *" >> /var/lib/misc/dnsmasq.leases
#edit hosts file as well
sed -i /"$2 "/d /etc/hosts
sed -i /"$3"/d /etc/hosts
echo "$2 $3" >> /etc/hosts
# make dnsmasq re-read files
pid=$(pidof dnsmasq)
if [ "$pid" != "" ]
then
service dnsmasq restart
else
if [ $no_redundant -eq 1 ]
then
wait_for_dnsmasq
else
logger -t cloud "edithosts: skip wait dnsmasq due to redundant virtual router"
fi
fi
ret=$?
releaseLockFile $lock_rr $locked_rr
unlock_exit $ret $lock $locked

BIN
patches/systemvm/debian/iptables_1.4.8-3local1checksum1_i386.deb Normal file
View File

Binary file not shown.

BIN
patches/systemvm/debian/xt_CHECKSUM.ko Normal file
View File

Binary file not shown.