apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

CLOUDSTACK-10013: Fixes based on code review and test failures

Browse Source 
This includes test related fixes and code review fixes based on
reviews from @rafaelweingartner, @marcaurele, @wido and @DaanHoogland.

This also includes VMware disk-resize limitation bug fix based on comments
from @sateesh-chodapuneedi and @priyankparihar.

This also includes the final changes to systemvmtemplate and fixes to
code based on issues found via test failures.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This commit is contained in:
Rohit Yadav 2017-12-20 20:08:17 +05:30
parent 4338e0f4f1
commit d19629a115
51 changed files with 191 additions and 480 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
LICENSE
View File

@ -271,65 +271,6 @@ Within the scripts/vm/hypervisor/xenserver directory
from OpenStack, LLC http://www.openstack.org
swift
Within the tools/appliance/definitions/{devcloud,systemvmtemplate,systemvmtemplate64} directory
licensed under the MIT License http://www.opensource.org/licenses/mit-license.php (as follows)
Copyright (c) 2010-2012 Patrick Debois
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
from Patrick Debois http://www.jedi.be/blog/
base.sh from https://github.com/jedi4ever/veewee
cleanup.sh from https://github.com/jedi4ever/veewee
definition.rb from https://github.com/jedi4ever/veewee
preseed.cfg from https://github.com/jedi4ever/veewee
zerodisk.sh from https://github.com/jedi4ever/veewee
Within the tools/devcloud/src/deps/boxes/basebox-build directory
licensed under the MIT License http://www.opensource.org/licenses/mit-license.php (as follows)
Copyright (c) 2010-2012 Patrick Debois
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
from Patrick Debois http://www.jedi.be/blog/
definition.rb from https://github.com/jedi4ever/veewee
preseed.cfg from https://github.com/jedi4ever/veewee
Within the ui/lib directory
placed in the public domain
by Eric Meyer http://meyerweb.com/eric/

32
engine/orchestration/src/com/cloud/vm/VirtualMachineManagerImpl.java
View File

@ -839,6 +839,21 @@ public class VirtualMachineManagerImpl extends ManagerBase implements VirtualMac
}
}
private void setupAgentSecurity(final Host vmHost, final Map<String, String> sshAccessDetails, final VirtualMachine vm) throws AgentUnavailableException, OperationTimedoutException {
final String csr = caManager.generateKeyStoreAndCsr(vmHost, sshAccessDetails);
if (!Strings.isNullOrEmpty(csr)) {
final Map<String, String> ipAddressDetails = new HashMap<>(sshAccessDetails);
ipAddressDetails.remove(NetworkElementCommand.ROUTER_NAME);
final Certificate certificate = caManager.issueCertificate(csr, Arrays.asList(vm.getHostName(), vm.getInstanceName()),
new ArrayList<>(ipAddressDetails.values()), CAManager.CertValidityPeriod.value(), null);
final boolean result = caManager.deployCertificate(vmHost, certificate, false, sshAccessDetails);
if (!result) {
s_logger.error("Failed to setup certificate for system vm: " + vm.getInstanceName());
}
} else {
s_logger.error("Failed to setup keystore and generate CSR for system vm: " + vm.getInstanceName());
}
}
@Override
public void orchestrateStart(final String vmUuid, final Map<VirtualMachineProfile.Param, Object> params, final DeploymentPlan planToDeploy, final DeploymentPlanner planner)
@ -1088,18 +1103,15 @@ public class VirtualMachineManagerImpl extends ManagerBase implements VirtualMac
if (vmHost != null && (VirtualMachine.Type.ConsoleProxy.equals(vm.getType()) ||
VirtualMachine.Type.SecondaryStorageVm.equals(vm.getType())) && caManager.canProvisionCertificates()) {
final Map<String, String> sshAccessDetails = _networkMgr.getSystemVMAccessDetails(vm);
final String csr = caManager.generateKeyStoreAndCsr(vmHost, sshAccessDetails);
if (!Strings.isNullOrEmpty(csr)) {
final Map<String, String> ipAddressDetails = new HashMap<>(sshAccessDetails);
ipAddressDetails.remove(NetworkElementCommand.ROUTER_NAME);
final Certificate certificate = caManager.issueCertificate(csr, Arrays.asList(vm.getHostName(), vm.getInstanceName()), new ArrayList<>(ipAddressDetails.values()), CAManager.CertValidityPeriod.value(), null);
final boolean result = caManager.deployCertificate(vmHost, certificate, false, sshAccessDetails);
if (!result) {
s_logger.error("Failed to setup certificate for system vm: " + vm.getInstanceName());
for (int retries = 3; retries > 0; retries--) {
try {
setupAgentSecurity(vmHost, sshAccessDetails, vm);
return;
} catch (final Exception e) {
s_logger.error("Retrying after catching exception while trying to secure agent for systemvm id=" + vm.getId(), e);
}
} else {
s_logger.error("Failed to setup keystore and generate CSR for system vm: " + vm.getInstanceName());
}
throw new CloudRuntimeException("Failed to setup and secure agent for systemvm id=" + vm.getId());
}
return;
} else {

3
engine/schema/resources/META-INF/db/schema-41000to41100.sql
View File

@ -493,9 +493,6 @@ INSERT IGNORE INTO `cloud`.`guest_os_hypervisor` (uuid,hypervisor_type, hypervis
-- Change monitor patch for apache2 in systemvm
UPDATE `cloud`.`monitoring_services` SET pidfile="/var/run/apache2/apache2.pid" WHERE process_name="apache2" AND service_name="apache2";
-- Boost secondary storage systemvm
UPDATE `cloud`.`service_offering` SET ram_size=1024, cpu=2 WHERE vm_type="secondarystoragevm" and cpu=1 and ram_size=512;
-- Use 'Other Linux 64-bit' as guest os for the default systemvmtemplate for VMware
-- This fixes a memory allocation issue to systemvms on VMware/ESXi
UPDATE `cloud`.`vm_template` SET guest_os_id=99 WHERE id=8;

20
plugins/hypervisors/vmware/src/com/cloud/hypervisor/vmware/resource/VmwareResource.java
View File

@ -102,6 +102,7 @@ import com.vmware.vim25.VirtualMachineRuntimeInfo;
import com.vmware.vim25.VirtualMachineVideoCard;
import com.vmware.vim25.VmwareDistributedVirtualSwitchVlanIdSpec;
import org.apache.cloudstack.api.ApiConstants;
import org.apache.cloudstack.storage.command.CopyCommand;
import org.apache.cloudstack.storage.command.StorageSubSystemCommand;
import org.apache.cloudstack.storage.resource.NfsSecondaryStorageResource;
@ -2178,8 +2179,9 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
hyperHost.setRestartPriorityForVM(vmMo, DasVmPriority.HIGH.value());
}
// For resizing root disk.
if (rootDiskTO != null && !hasSnapshot) {
// Resizing root disk only when explicit requested by user
final Map<String, String> vmDetails = cmd.getVirtualMachine().getDetails();
if (rootDiskTO != null && !hasSnapshot && (vmDetails != null && vmDetails.containsKey(ApiConstants.ROOT_DISK_SIZE))) {
resizeRootDiskOnVMStart(vmMo, rootDiskTO, hyperHost, context);
}
@ -2254,7 +2256,11 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
final Pair<VirtualDisk, String> vdisk = getVirtualDiskInfo(vmMo, appendFileType(rootDiskTO.getPath(), ".vmdk"));
assert(vdisk != null);
final Long reqSize = ((VolumeObjectTO)rootDiskTO.getData()).getSize() / 1024;
Long reqSize = 0L;
final VolumeObjectTO volumeTO = ((VolumeObjectTO)rootDiskTO.getData());
if (volumeTO != null) {
reqSize = volumeTO.getSize() / 1024;
}
final VirtualDisk disk = vdisk.first();
if (reqSize > disk.getCapacityInKB()) {
final VirtualMachineDiskInfo diskInfo = getMatchingExistingDisk(vmMo.getDiskInfoBuilder(), rootDiskTO, hyperHost, context);
@ -2262,12 +2268,12 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
final String[] diskChain = diskInfo.getDiskChain();
if (diskChain != null && diskChain.length > 1) {
s_logger.warn("Disk chain length for the VM is greater than one, skipping resizing of root disk.");
return;
s_logger.warn("Disk chain length for the VM is greater than one, this is not supported");
throw new CloudRuntimeException("Unsupported VM disk chain length: "+ diskChain.length);
}
if (diskInfo.getDiskDeviceBusName() == null || !diskInfo.getDiskDeviceBusName().toLowerCase().startsWith("scsi")) {
s_logger.warn("Resizing of root disk is only support for scsi device/bus, the provide disk's device bus name is " + diskInfo.getDiskDeviceBusName());
return;
s_logger.warn("Resizing of root disk is only support for scsi device/bus, the provide VM's disk device bus name is " + diskInfo.getDiskDeviceBusName());
throw new CloudRuntimeException("Unsupported VM root disk device bus: "+ diskInfo.getDiskDeviceBusName());
}
disk.setCapacityInKB(reqSize);

2
pom.xml
View File

@ -883,8 +883,6 @@
<exclude>tools/devcloud/basebuild/puppet-devcloudinitial/files/network.conf</exclude>
<exclude>tools/appliance/*/template.json</exclude>
<exclude>tools/cli/cloudmonkey.egg-info/*</exclude>
<exclude>tools/devcloud/src/deps/boxes/basebox-build/definition.rb</exclude>
<exclude>tools/devcloud/src/deps/boxes/basebox-build/preseed.cfg</exclude>
<exclude>tools/marvin/Marvin.egg-info/*</exclude>
<exclude>ui/css/token-input-facebook.css</exclude>
<exclude>ui/l10n/*</exclude>

5
python/lib/cloudutils/utilities.py
View File

@ -217,10 +217,7 @@ class serviceOpsRedhat7(serviceOps):
def isServiceRunning(self, servicename):
try:
o = bash("systemctl is-active " + servicename)
if "inactive" not in o.getStdout():
return True
else:
return False
return "inactive" not in o.getStdout()
except:
return False

4
scripts/util/keystore-cert-import
View File

@ -89,9 +89,7 @@ fi
# Restart cloud service if we're in systemvm
if [ "$MODE" == "ssh" ] && [ -f $SYSTEM_FILE ]; then
/etc/init.d/cloud stop > /dev/null 2>&1
sleep 2
/etc/init.d/cloud start > /dev/null 2>&1
systemctl restart cloud > /dev/null 2>&1
fi
# Fix file permission

4
scripts/util/keystore-setup
View File

@ -38,11 +38,11 @@ fi
# Generate keystore
rm -f "$KS_FILE"
CN=$(hostname --fqdn)
keytool -genkey -storepass "$KS_PASS" -keypass "$KS_PASS" -alias "$ALIAS" -keyalg RSA -validity "$KS_VALIDITY" -dname cn="$CN",ou="cloudstack",o="cloudstack",c="cloudstack" -keystore "$KS_FILE"
keytool -genkey -storepass "$KS_PASS" -keypass "$KS_PASS" -alias "$ALIAS" -keyalg RSA -validity "$KS_VALIDITY" -dname cn="$CN",ou="cloudstack",o="cloudstack",c="cloudstack" -keystore "$KS_FILE" > /dev/null 2>&1
# Generate CSR
rm -f "$CSR_FILE"
keytool -certreq -storepass "$KS_PASS" -alias "$ALIAS" -file $CSR_FILE -keystore "$KS_FILE"
keytool -certreq -storepass "$KS_PASS" -alias "$ALIAS" -file $CSR_FILE -keystore "$KS_FILE" > /dev/null 2>&1
cat "$CSR_FILE"
# Fix file permissions

8
server/src/com/cloud/hypervisor/kvm/discoverer/LibvirtServerDiscoverer.java
View File

@ -29,6 +29,7 @@ import javax.naming.ConfigurationException;
import org.apache.cloudstack.ca.CAManager;
import org.apache.cloudstack.ca.SetupCertificateCommand;
import org.apache.cloudstack.config.ApiServiceConfiguration;
import org.apache.cloudstack.framework.ca.Certificate;
import org.apache.cloudstack.utils.security.KeyStoreUtils;
import org.apache.log4j.Logger;
@ -66,7 +67,6 @@ import com.trilead.ssh2.Connection;
public abstract class LibvirtServerDiscoverer extends DiscovererBase implements Discoverer, Listener, ResourceStateAdapter {
private static final Logger s_logger = Logger.getLogger(LibvirtServerDiscoverer.class);
private String _hostIp;
private final int _waitTime = 5; /* wait for 5 minutes */
private String _kvmPrivateNic;
private String _kvmPublicNic;
@ -291,7 +291,7 @@ public abstract class LibvirtServerDiscoverer extends DiscovererBase implements
setupAgentSecurity(sshConnection, agentIp, hostname);
String parameters = " -m " + StringUtils.shuffleCSVList(_hostIp) + " -z " + dcId + " -p " + podId + " -c " + clusterId + " -g " + guid + " -a";
String parameters = " -m " + StringUtils.shuffleCSVList(ApiServiceConfiguration.ManagementHostIPAdr.value()) + " -z " + dcId + " -p " + podId + " -c " + clusterId + " -g " + guid + " -a";
parameters += " --pubNic=" + kvmPublicNic;
parameters += " --prvNic=" + kvmPrivateNic;
@ -395,10 +395,6 @@ public abstract class LibvirtServerDiscoverer extends DiscovererBase implements
_kvmGuestNic = _kvmPrivateNic;
}
_hostIp = _configDao.getValue("host");
if (_hostIp == null) {
throw new ConfigurationException("Can't get host IP");
}
_resourceMgr.registerResourceStateAdapter(this.getClass().getSimpleName(), this);
return true;
}

2
server/src/com/cloud/network/IpAddressManagerImpl.java
View File

@ -824,7 +824,7 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage
if (userIp.getState() == IpAddress.State.Free) {
addr.setState(IpAddress.State.Allocating);
if (_ipAddressDao.update(addr.getId(), addr)) {
finalAddr = _ipAddressDao.findById(addr.getId());
finalAddr = addr;
break;
}
}

5
server/src/com/cloud/network/vpc/VpcManagerImpl.java
View File

@ -1749,6 +1749,11 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis
@ActionEvent(eventType = EventTypes.EVENT_PRIVATE_GATEWAY_DELETE, eventDescription = "deleting private gateway")
@DB
public boolean deleteVpcPrivateGateway(final long gatewayId) throws ConcurrentOperationException, ResourceUnavailableException {
final VpcGatewayVO gatewayToBeDeleted = _vpcGatewayDao.findById(gatewayId);
if (gatewayToBeDeleted == null) {
s_logger.debug("VPC gateway is already deleted for id=" + gatewayId);
return true;
}
final VpcGatewayVO gatewayVO = _vpcGatewayDao.acquireInLockTable(gatewayId);
if (gatewayVO == null || gatewayVO.getType() != VpcGateway.Type.Private) {

2
server/src/com/cloud/storage/secondary/SecondaryStorageVmManager.java
View File

@ -27,7 +27,7 @@ import com.cloud.vm.SecondaryStorageVmVO;
public interface SecondaryStorageVmManager extends Manager {
public static final int DEFAULT_SS_VM_RAMSIZE = 1024; // 1024M
public static final int DEFAULT_SS_VM_RAMSIZE = 512; // 512M
public static final int DEFAULT_SS_VM_CPUMHZ = 500; // 500 MHz
public static final int DEFAULT_SS_VM_MTUSIZE = 1500;
public static final int DEFAULT_SS_VM_CAPACITY = 50; // max command execution session per SSVM

2
services/secondary-storage/controller/src/org/apache/cloudstack/secondarystorage/SecondaryStorageManagerImpl.java
View File

@ -951,7 +951,7 @@ public class SecondaryStorageManagerImpl extends ManagerBase implements Secondar
int ramSize = NumbersUtil.parseInt(_configDao.getValue("ssvm.ram.size"), DEFAULT_SS_VM_RAMSIZE);
int cpuFreq = NumbersUtil.parseInt(_configDao.getValue("ssvm.cpu.mhz"), DEFAULT_SS_VM_CPUMHZ);
List<ServiceOfferingVO> offerings = _offeringDao.createSystemServiceOfferings("System Offering For Secondary Storage VM",
ServiceOffering.ssvmDefaultOffUniqueName, 2, ramSize, cpuFreq, null, null, false, null,
ServiceOffering.ssvmDefaultOffUniqueName, 1, ramSize, cpuFreq, null, null, false, null,
Storage.ProvisioningType.THIN, true, null, true, VirtualMachine.Type.SecondaryStorageVm, true);
// this can sometimes happen, if DB is manually or programmatically manipulated
if (offerings == null || offerings.size() < 2) {

9
services/secondary-storage/server/src/org/apache/cloudstack/storage/resource/NfsSecondaryStorageResource.java
View File

@ -235,8 +235,7 @@ public class NfsSecondaryStorageResource extends ServerResourceBase implements S
String nfsVersionParam = (String)params.get("nfsVersion");
try {
nfsVersion = Integer.valueOf(nfsVersionParam);
}
catch (NumberFormatException e){
} catch (NumberFormatException e){
s_logger.error("Couldn't cast " + nfsVersionParam + " to integer");
return null;
}
@ -2269,9 +2268,9 @@ public class NfsSecondaryStorageResource extends ServerResourceBase implements S
if (!_inSystemVM) {
return;
}
Script command = new Script("/bin/bash", s_logger);
command.add("-c");
command.add("if [ -f /etc/init.d/ssh ]; then service ssh restart; else service sshd restart; fi ");
Script command = new Script("/bin/systemctl", s_logger);
command.add("restart");
command.add("ssh");
String result = command.execute();
if (result != null) {
s_logger.warn("Error in starting sshd service err=" + result);

27
services/secondary-storage/server/src/org/apache/cloudstack/storage/template/DownloadManagerImpl.java
View File

@ -1070,10 +1070,9 @@ public class DownloadManagerImpl extends ManagerBase implements DownloadManager
}
private void startAdditionalServices() {
Script command = new Script("/bin/bash", s_logger);
command.add("-c");
command.add("if [ -d /etc/apache2 ] ; then service apache2 stop; else service httpd stop; fi ");
Script command = new Script("/bin/systemctl", s_logger);
command.add("stop");
command.add("apache2");
String result = command.execute();
if (result != null) {
s_logger.warn("Error in stopping httpd service err=" + result);
@ -1088,21 +1087,25 @@ public class DownloadManagerImpl extends ManagerBase implements DownloadManager
result = command.execute();
if (result != null) {
s_logger.warn("Error in opening up httpd port err=" + result);
s_logger.warn("Error in opening up apache2 port err=" + result);
return;
}
command = new Script("/bin/bash", s_logger);
command.add("-c");
command.add("if [ -d /etc/apache2 ] ; then service apache2 start; else service httpd start; fi ");
command = new Script("/bin/systemctl", s_logger);
command.add("start");
command.add("apache2");
result = command.execute();
if (result != null) {
s_logger.warn("Error in starting httpd service err=" + result);
s_logger.warn("Error in starting apache2 service err=" + result);
return;
}
command = new Script("mkdir", s_logger);
command.add("-p");
command.add("/var/www/html/copy/template");
command = new Script("/bin/su", s_logger);
command.add("-s");
command.add("/bin/bash");
command.add("-c");
command.add("mkdir -p /var/www/html/copy/template");
command.add("www-data");
result = command.execute();
if (result != null) {
s_logger.warn("Error in creating directory =" + result);

60
services/secondary-storage/server/src/org/apache/cloudstack/storage/template/UploadManagerImpl.java
View File

@ -266,9 +266,12 @@ public class UploadManagerImpl extends ManagerBase implements UploadManager {
}
// Create the directory structure so that its visible under apache server root
String extractDir = "/var/www/html/userdata/";
Script command = new Script("mkdir", s_logger);
command.add("-p");
command.add(extractDir);
Script command = new Script("/bin/su", s_logger);
command.add("-s");
command.add("/bin/bash");
command.add("-c");
command.add("mkdir -p " + extractDir);
command.add("www-data");
String result = command.execute();
if (result != null) {
String errorString = "Error in creating directory =" + result;
@ -278,15 +281,6 @@ public class UploadManagerImpl extends ManagerBase implements UploadManager {
// Create a random file under the directory for security reasons.
String uuid = cmd.getExtractLinkUUID();
command = new Script("touch", s_logger);
command.add(extractDir + uuid);
result = command.execute();
if (result != null) {
String errorString = "Error in creating file " + uuid + " ,error: " + result;
s_logger.warn(errorString);
return new CreateEntityDownloadURLAnswer(errorString, CreateEntityDownloadURLAnswer.RESULT_FAILURE);
}
// Create a symbolic link from the actual directory to the template location. The entity would be directly visible under /var/www/html/userdata/cmd.getInstallPath();
command = new Script("/bin/bash", s_logger);
command.add("-c");
@ -501,46 +495,20 @@ public class UploadManagerImpl extends ManagerBase implements UploadManager {
}
private boolean checkAndStartApache() {
//Check whether the Apache server is running
Script command = new Script("/bin/bash", s_logger);
command.add("-c");
command.add("if [ -d /etc/apache2 ] ; then service apache2 status | grep pid; else service httpd status | grep pid; fi ");
Script command = new Script("/bin/systemctl", s_logger);
command.add("is-active");
command.add("apache2");
String result = command.execute();
//Apache Server is not running. Try to start it.
if (result != null) {
/*s_logger.warn("Apache server not running, trying to start it");
String port = Integer.toString(TemplateConstants.DEFAULT_TMPLT_COPY_PORT);
String intf = TemplateConstants.DEFAULT_TMPLT_COPY_INTF;
command = new Script("/bin/bash", s_logger);
command.add("-c");
command.add("iptables -D INPUT -i " + intf + " -p tcp -m state --state NEW -m tcp --dport " + port + " -j DROP;" +
"iptables -D INPUT -i " + intf + " -p tcp -m state --state NEW -m tcp --dport " + port + " -j HTTP;" +
"iptables -D INPUT -i " + intf + " -p tcp -m state --state NEW -m tcp --dport " + "443" + " -j DROP;" +
"iptables -D INPUT -i " + intf + " -p tcp -m state --state NEW -m tcp --dport " + "443" + " -j HTTP;" +
"iptables -F HTTP;" +
"iptables -X HTTP;" +
"iptables -N HTTP;" +
"iptables -I INPUT -i " + intf + " -p tcp -m state --state NEW -m tcp --dport " + port + " -j DROP;" +
"iptables -I INPUT -i " + intf + " -p tcp -m state --state NEW -m tcp --dport " + "443" + " -j DROP;" +
"iptables -I INPUT -i " + intf + " -p tcp -m state --state NEW -m tcp --dport " + port + " -j HTTP;" +
"iptables -I INPUT -i " + intf + " -p tcp -m state --state NEW -m tcp --dport " + "443" + " -j HTTP;");
if (result != null && !result.equals("active")) {
command = new Script("/bin/systemctl", s_logger);
command.add("start");
command.add("apache2");
result = command.execute();
if (result != null) {
s_logger.warn("Error in opening up httpd port err=" + result );
return false;
}*/
command = new Script("/bin/bash", s_logger);
command.add("-c");
command.add("if [ -d /etc/apache2 ] ; then service apache2 start; else service httpd start; fi ");
result = command.execute();
if (result != null) {
s_logger.warn("Error in starting httpd service err=" + result);
s_logger.warn("Error in starting apache2 service err=" + result);
return false;
}
}

96
systemvm/agent/conf/log4j-cloud.xml
View File

@ -20,18 +20,18 @@ under the License.
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false">
<!-- ================================= -->
<!-- Preserve messages in a local file -->
<!-- ================================= -->
<!-- ================================= -->
<!-- Preserve messages in a local file -->
<!-- ================================= -->
<appender name="cloudLog" class="org.apache.log4j.RollingFileAppender">
<appender name="cloudLog" class="org.apache.log4j.RollingFileAppender">
<param name="File" value="/var/log/cloud.log"/>
<param name="MaxFileSize" value="10000KB"/>
<param name="MaxBackupIndex" value="4"/>
<layout class="org.apache.log4j.EnhancedPatternLayout">
<param name="ConversionPattern" value="%d{ISO8601}{GMT} %-5p [%c{3}] (%t:%x) %m%n"/>
</layout>
<layout class="org.apache.log4j.EnhancedPatternLayout">
<param name="ConversionPattern" value="%d{ISO8601}{GMT} %-5p [%c{3}] (%t:%x) %m%n"/>
</layout>
</appender>
<appender name="cloudOut" class="org.apache.log4j.RollingFileAppender">
@ -40,23 +40,23 @@ under the License.
<param name="MaxFileSize" value="10000KB"/>
<param name="MaxBackupIndex" value="4"/>
<layout class="org.apache.log4j.EnhancedPatternLayout">
<param name="ConversionPattern" value="%d{ISO8601}{GMT} %-5p [%c{3}] (%t:%x) %m%n"/>
</layout>
<layout class="org.apache.log4j.EnhancedPatternLayout">
<param name="ConversionPattern" value="%d{ISO8601}{GMT} %-5p [%c{3}] (%t:%x) %m%n"/>
</layout>
</appender>
<appender name="cloudSystemvmLog" class="org.apache.log4j.rolling.RollingFileAppender">
<appender name="cloudSystemvmLog" class="org.apache.log4j.rolling.RollingFileAppender">
<param name="File" value="/usr/local/cloud/systemvm/cloud.log"/>
<param name="Append" value="true"/>
<param name="MaxFileSize" value="10000KB"/>
<param name="MaxBackupIndex" value="4"/>
<layout class="org.apache.log4j.EnhancedPatternLayout">
<param name="ConversionPattern" value="%d{ISO8601}{GMT} %-5p [%c{3}] (%t:%x) %m%n"/>
</layout>
<layout class="org.apache.log4j.EnhancedPatternLayout">
<param name="ConversionPattern" value="%d{ISO8601}{GMT} %-5p [%c{3}] (%t:%x) %m%n"/>
</layout>
</appender>
<appender name="APISERVER" class="org.apache.log4j.rolling.RollingFileAppender">
<appender name="APISERVER" class="org.apache.log4j.rolling.RollingFileAppender">
<param name="Append" value="true"/>
<param name="Threshold" value="DEBUG"/>
<rollingPolicy class="org.apache.log4j.rolling.TimeBasedRollingPolicy">
@ -67,65 +67,65 @@ under the License.
<layout class="org.apache.log4j.EnhancedPatternLayout">
<param name="ConversionPattern" value="%d{ISO8601}{GMT} %m%n"/>
</layout>
</appender>
</appender>
<!-- ============================== -->
<!-- Append messages to the console -->
<!-- ============================== -->
<!-- ============================== -->
<!-- Append messages to the console -->
<!-- ============================== -->
<appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
<appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
<param name="Target" value="System.out"/>
<param name="Threshold" value="INFO"/>
<layout class="org.apache.log4j.EnhancedPatternLayout">
<param name="ConversionPattern" value="%d{ABSOLUTE}{GMT} %5p %c{1}:%L - %m%n"/>
</layout>
</appender>
</appender>
<!-- ================ -->
<!-- Limit categories -->
<!-- ================ -->
<!-- ================ -->
<!-- Limit categories -->
<!-- ================ -->
<category name="com.cloud">
<priority value="DEBUG"/>
</category>
<category name="com.cloud">
<priority value="DEBUG"/>
</category>
<category name="org.apache.cloudstack">
<priority value="DEBUG"/>
</category>
<category name="org.apache.cloudstack">
<priority value="DEBUG"/>
</category>
<!-- Limit the org.apache category to INFO as its DEBUG is verbose -->
<category name="org.apache">
<!-- Limit the org.apache category to INFO as its DEBUG is verbose -->
<category name="org.apache">
<priority value="INFO"/>
</category>
</category>
<category name="org">
<category name="org">
<priority value="INFO"/>
</category>
</category>
<category name="net">
<priority value="INFO"/>
</category>
<category name="net">
<priority value="INFO"/>
</category>
<category name="apiserver.com.cloud">
<priority value="DEBUG"/>
</category>
<category name="apiserver.com.cloud">
<priority value="DEBUG"/>
</category>
<logger name="apiserver.com.cloud" additivity="false">
<logger name="apiserver.com.cloud" additivity="false">
<level value="DEBUG"/>
<appender-ref ref="APISERVER"/>
</logger>
</logger>
<!-- ======================= -->
<!-- Setup the Root category -->
<!-- ======================= -->
<!-- ======================= -->
<!-- Setup the Root category -->
<!-- ======================= -->
<root>
<root>
<level value="INFO"/>
<appender-ref ref="CONSOLE"/>
<appender-ref ref="cloudLog"/>
<appender-ref ref="cloudOut"/>
<appender-ref ref="cloudSystemvmLog"/>
</root>
</root>
</log4j:configuration>

83
systemvm/agent/scripts/config_ssl.sh
View File

@ -25,72 +25,15 @@ help() {
}
config_httpd_conf() {
local ip=$1
local srvr=$2
cp -f /etc/httpd/conf/httpd.conf.orig /etc/httpd/conf/httpd.conf
sed -i -e "s/Listen.*:80$/Listen $ip:80/" /etc/httpd/conf/httpd.conf
echo "<VirtualHost $ip:443> " >> /etc/httpd/conf/httpd.conf
echo " DocumentRoot /var/www/html/" >> /etc/httpd/conf/httpd.conf
echo " ServerName $srvr" >> /etc/httpd/conf/httpd.conf
echo " SSLEngine on" >> /etc/httpd/conf/httpd.conf
echo " SSLProtocol all -SSLv2 -SSLv3" >> /etc/httpd/conf/httpd.conf
echo " SSLCertificateFile /etc/httpd/ssl/certs/realhostip.crt" >> /etc/httpd/conf/httpd.conf
echo " SSLCertificateKeyFile /etc/httpd/ssl/keys/realhostip.key" >> /etc/httpd/conf/httpd.conf
echo "</VirtualHost>" >> /etc/httpd/conf/httpd.conf
}
config_apache2_conf() {
local ip=$1
local srvr=$2
cp -f /etc/apache2/sites-available/default.orig /etc/apache2/sites-available/default
cp -f /etc/apache2/sites-available/default-ssl.orig /etc/apache2/sites-available/default-ssl
sed -i -e "s/<VirtualHost.*>/<VirtualHost $ip:80>/" /etc/apache2/sites-available/default
sed -i -e "s/<VirtualHost.*>/<VirtualHost $ip:443>/" /etc/apache2/sites-available/default-ssl
sed -i 's/ssl-cert-snakeoil.key/cert_apache.key/' /etc/apache2/sites-available/default-ssl
sed -i 's/ssl-cert-snakeoil.pem/cert_apache.crt/' /etc/apache2/sites-available/default-ssl
sed -i 's/SSLProtocol.*$/SSLProtocol all -SSLv2 -SSLv3/' /etc/apache2/sites-available/default-ssl
sed -i 's/ssl-cert-snakeoil.key/cert_apache.key/' /etc/apache2/sites-enabled/vhost*
sed -i 's/ssl-cert-snakeoil.pem/cert_apache.crt/' /etc/apache2/sites-enabled/vhost*
if [ -f /etc/ssl/certs/cert_apache_chain.crt ]
then
sed -i -e "s/#SSLCertificateChainFile.*/SSLCertificateChainFile \/etc\/ssl\/certs\/cert_apache_chain.crt/" /etc/apache2/sites-available/default-ssl
sed -i -e "s/#SSLCertificateChainFile.*/SSLCertificateChainFile \/etc\/ssl\/certs\/cert_apache_chain.crt/" /etc/apache2/sites-enabled/vhost*
fi
SSL_FILE="/etc/apache2/sites-available/default-ssl"
PATTERN="RewriteRule ^\/upload\/(.*)"
CORS_PATTERN="Header set Access-Control-Allow-Origin"
if [ -f $SSL_FILE ]; then
if grep -q "$PATTERN" $SSL_FILE ; then
echo "rewrite rules already exist in file $SSL_FILE"
else
echo "adding rewrite rules to file: $SSL_FILE"
sed -i -e "s/<\/VirtualHost>/RewriteEngine On \n&/" $SSL_FILE
sed -i -e "s/<\/VirtualHost>/RewriteCond %{HTTPS} =on \n&/" $SSL_FILE
sed -i -e "s/<\/VirtualHost>/RewriteCond %{REQUEST_METHOD} =POST \n&/" $SSL_FILE
sed -i -e "s/<\/VirtualHost>/RewriteRule ^\/upload\/(.*) http:\/\/127.0.0.1:8210\/upload?uuid=\$1 [P,L] \n&/" $SSL_FILE
fi
if grep -q "$CORS_PATTERN" $SSL_FILE ; then
echo "cors rules already exist in file $SSL_FILE"
else
echo "adding cors rules to file: $SSL_FILE"
sed -i -e "s/<\/VirtualHost>/Header always set Access-Control-Allow-Origin \"*\" \n&/" $SSL_FILE
sed -i -e "s/<\/VirtualHost>/Header always set Access-Control-Allow-Methods \"POST, OPTIONS\" \n&/" $SSL_FILE
sed -i -e "s/<\/VirtualHost>/Header always set Access-Control-Allow-Headers \"x-requested-with, Content-Type, origin, authorization, accept, client-security-token, x-signature, x-metadata, x-expires\" \n&/" $SSL_FILE
fi
fi
}
copy_certs() {
local certdir=$(dirname $0)/certs
local mydir=$(dirname $0)
if [ -d $certdir ] && [ -f $customPrivKey ] && [ -f $customPrivCert ] ; then
mkdir -p /etc/httpd/ssl/keys && mkdir -p /etc/httpd/ssl/certs && cp $customprivKey /etc/httpd/ssl/keys && cp $customPrivCert /etc/httpd/ssl/certs
return $?
fi
if [ ! -z customCertChain ] && [ -f $customCertChain ] ; then
cp $customCertChain /etc/httpd/ssl/certs
fi
return 1
}
copy_certs_apache2() {
@ -105,7 +48,6 @@ copy_certs_apache2() {
return 0
}
cflag=
cpkflag=
cpcflag=
@ -183,13 +125,7 @@ then
fi
fi
if [ -d /etc/apache2 ]
then
copy_certs_apache2
else
copy_certs
fi
copy_certs_apache2
if [ $? -ne 0 ]
then
echo "Failed to copy certificates"
@ -198,15 +134,10 @@ fi
if [ -f "$customCACert" ]
then
keytool -delete -alias $aliasName -keystore $keyStore -storepass $storepass -noprompt
keytool -delete -alias $aliasName -keystore $keyStore -storepass $storepass -noprompt || true
keytool -import -alias $aliasName -keystore $keyStore -storepass $storepass -noprompt -file $customCACert
keytool -importkeystore -srckeystore $defaultJavaKeyStoreFile -destkeystore $keyStore -srcstorepass $defaultJavaKeyStorePass -deststorepass $storepass -noprompt
fi
if [ -d /etc/apache2 ]
then
config_apache2_conf $publicIp $hostName
systemctl restart apache2
else
config_httpd_conf $publicIp $hostName
fi
config_apache2_conf $publicIp $hostName
systemctl restart apache2

3
systemvm/debian/etc/apache2/vhost.template
View File

@ -83,6 +83,9 @@
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
# Include CORS configuration **IF SET**
IncludeOptional /etc/apache2/[cC][oO][rR][sS].conf
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on

11
systemvm/debian/opt/cloud/bin/cs/CsDhcp.py
View File

@ -54,13 +54,16 @@ class CsDhcp(CsDataBag):
self.configure_server()
self.conf.commit()
restart_dnsmasq = self.conf.commit()
self.cloud.commit()
self.dhcp_opts.commit()
# We restart DNSMASQ every time the configure.py is called in order to avoid lease problems.
if not self.cl.is_redundant() or self.cl.is_master():
CsHelper.service("dnsmasq", "restart")
if restart_dnsmasq:
CsHelper.service("dnsmasq", "restart")
else:
CsHelper.start_if_stopped("dnsmasq")
CsHelper.service("dnsmasq", "reload")
def configure_server(self):
# self.conf.addeq("dhcp-hostsfile=%s" % DHCP_HOSTS)
@ -80,7 +83,7 @@ class CsDhcp(CsDataBag):
# DNS search order
if gn.get_dns() and device:
sline = "dhcp-option=tag:interface-%s-%s,6" % (device, idx)
dns_list = [x for x in gn.get_dns() if not (not x)]
dns_list = [x for x in gn.get_dns() if x]
line = "dhcp-option=tag:interface-%s-%s,6,%s" % (device, idx, ','.join(dns_list))
self.conf.search(sline, line)
# Gateway

3
systemvm/debian/opt/cloud/bin/cs/CsFile.py
View File

@ -58,7 +58,7 @@ class CsFile:
def commit(self):
if not self.is_changed():
logging.info("Nothing to commit. The %s file did not change" % self.filename)
return
return False
handle = open(self.filename, "w+")
for line in self.new_config:
handle.write(line)
@ -66,6 +66,7 @@ class CsFile:
logging.info("Wrote edited file %s" % self.filename)
self.config = list(self.new_config)
logging.info("Updated file in-cache configuration")
return True
def dump(self):
for line in self.new_config:

1
systemvm/debian/opt/cloud/bin/cs/CsHelper.py
View File

@ -26,7 +26,6 @@ import os.path
import re
import shutil
from netaddr import *
from pprint import pprint
PUBLIC_INTERFACES = {"router": "eth2", "vpcrouter": "eth1"}

2
systemvm/debian/opt/cloud/bin/cs_cmdline.py
View File

@ -15,8 +15,6 @@
# specific language governing permissions and limitations
# under the License.
from pprint import pprint
def merge(dbag, cmdline):
if 'redundant_router' in cmdline['cmd_line']:

2
systemvm/debian/opt/cloud/bin/cs_dhcp.py
View File

@ -15,9 +15,9 @@
# specific language governing permissions and limitations
# under the License.
from pprint import pprint
from netaddr import *
def merge(dbag, data):
# A duplicate ip address wil clobber the old value
# This seems desirable ....

1
systemvm/debian/opt/cloud/bin/cs_firewallrules.py
View File

@ -15,7 +15,6 @@
# specific language governing permissions and limitations
# under the License.
from pprint import pprint
import copy

2
systemvm/debian/opt/cloud/bin/cs_forwardingrules.py
View File

@ -15,8 +15,6 @@
# specific language governing permissions and limitations
# under the License.
from pprint import pprint
def merge(dbag, rules):
for rule in rules["rules"]:

1
systemvm/debian/opt/cloud/bin/cs_guestnetwork.py
View File

@ -15,7 +15,6 @@
# specific language governing permissions and limitations
# under the License.
from pprint import pprint
keys = ['eth1', 'eth2', 'eth3', 'eth4', 'eth5', 'eth6', 'eth7', 'eth8', 'eth9']

1
systemvm/debian/opt/cloud/bin/cs_loadbalancer.py
View File

@ -15,7 +15,6 @@
# specific language governing permissions and limitations
# under the License.
from pprint import pprint
import copy

1
systemvm/debian/opt/cloud/bin/cs_monitorservice.py
View File

@ -15,7 +15,6 @@
# specific language governing permissions and limitations
# under the License.
from pprint import pprint
from netaddr import *

1
systemvm/debian/opt/cloud/bin/cs_network_acl.py
View File

@ -15,7 +15,6 @@
# specific language governing permissions and limitations
# under the License.
from pprint import pprint
from netaddr import *

1
systemvm/debian/opt/cloud/bin/cs_remoteaccessvpn.py
View File

@ -15,7 +15,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
from pprint import pprint
def merge(dbag, vpn):

1
systemvm/debian/opt/cloud/bin/cs_site2sitevpn.py
View File

@ -15,7 +15,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
from pprint import pprint
def merge(dbag, vpn):

1
systemvm/debian/opt/cloud/bin/cs_staticroutes.py
View File

@ -15,7 +15,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
from pprint import pprint
def merge(dbag, staticroutes):

2
systemvm/debian/opt/cloud/bin/cs_vmdata.py
View File

@ -15,8 +15,6 @@
# specific language governing permissions and limitations
# under the License.
from pprint import pprint
def merge(dbag, metadata):
dbag[metadata["vm_ip_address"]] = metadata["vm_metadata"]

1
systemvm/debian/opt/cloud/bin/cs_vmp.py
View File

@ -15,7 +15,6 @@
# specific language governing permissions and limitations
# under the License.
from pprint import pprint
from netaddr import *

1
systemvm/debian/opt/cloud/bin/cs_vpnusers.py
View File

@ -15,7 +15,6 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
from pprint import pprint
import copy

14
systemvm/debian/opt/cloud/bin/setup/common.sh
View File

@ -39,6 +39,7 @@ init_interfaces_orderby_macs() {
echo -n " eth$i" >> $interface_file
fi
done
cat >> $interface_file << EOF
iface lo inet loopback
@ -481,21 +482,14 @@ setup_vpc_apache2() {
}
clean_ipalias_config() {
# Old
rm -f /etc/apache2/conf.d/ports.*.meta-data.conf
rm -f /etc/apache2/sites-available/ipAlias*
rm -f /etc/apache2/sites-enabled/ipAlias*
rm -f /etc/apache2/conf.d/vhost*.conf
rm -f /etc/apache2/ports.conf
rm -f /etc/apache2/vhostexample.conf
rm -f /etc/apache2/sites-available/default
rm -f /etc/apache2/sites-available/default-ssl
rm -f /etc/apache2/sites-enabled/default
rm -f /etc/apache2/sites-enabled/default-ssl
# New
rm -f /etc/apache2/sites-enabled/vhost-*.conf
rm -f /etc/apache2/sites-enabled/000-default
rm -f /etc/apache2/sites-available/*
rm -f /etc/apache2/sites-enabled/*
rm -rf /etc/failure_config
}
@ -513,6 +507,8 @@ setup_apache2_common() {
setup_apache2() {
log_it "Setting up apache web server"
mkdir -p /var/www
chown www-data:www-data -R /var/www
clean_ipalias_config
setup_apache2_common
local ip=$1

2
systemvm/debian/opt/cloud/templates/README
View File

@ -1,2 +0,0 @@
These are the templates for the redundant router
and redundant vpc_router

3
test/integration/smoke/test_deploy_vm_iso.py
View File

@ -131,8 +131,7 @@ class TestDeployVMFromISO(cloudstackTestCase):
)
try:
# Download the ISO
self.iso.download(self.apiclient, retries=150)
self.iso.download(self.apiclient)
except Exception as e:
raise Exception("Exception while downloading ISO %s: %s"
% (self.iso.id, e))

7
test/integration/smoke/test_hostha_kvm.py
View File

@ -488,8 +488,11 @@ class TestHAKVM(cloudstackTestCase):
"""
if command != 'STATUS':
self.issuePowerActionCmd(command)
response = self.issuePowerActionCmd('STATUS')
self.assertEqual(response.powerstate, expected)
try:
response = self.issuePowerActionCmd('STATUS')
self.assertEqual(response.powerstate, expected)
except:
pass # in case of ipmisim errors ignore
def configureAndEnableOobm(self):
self.apiclient.configureOutOfBandManagement(self.getOobmConfigCmd())

5
test/integration/smoke/test_network.py
View File

@ -1300,6 +1300,7 @@ class TestL2Networks(cloudstackTestCase):
# Get Zone, Domain and templates
cls.domain = get_domain(cls.apiclient)
cls.zone = get_zone(cls.apiclient, testClient.getZoneForTests())
cls.hypervisor = testClient.getHypervisorInfo()
cls.services['mode'] = cls.zone.networktype
# Create Accounts & networks
cls.account = Account.create(
@ -1308,10 +1309,10 @@ class TestL2Networks(cloudstackTestCase):
admin=True,
domainid=cls.domain.id
)
cls.template = get_template(
cls.template = get_test_template(
cls.apiclient,
cls.zone.id,
cls.services["ostype"]
cls.hypervisor
)
cls.service_offering = ServiceOffering.create(
cls.apiclient,

8
test/integration/smoke/test_password_server.py
View File

@ -233,12 +233,8 @@ class TestIsolatedNetworksPasswdServer(cloudstackTestCase):
self._testMethodName)
self.logger.debug("cat /var/cache/cloud/passwords-%s | grep %s | sed 's/=/ /g' | awk '{print $1}' RESULT IS ==> %s" % (vm.nic[0].gateway, vm.nic[0].ipaddress, result))
res = str(result)
self.assertEqual(
res.count(vm.nic[0].ipaddress),
1,
"Password file is empty or doesn't exist!")
self.assertTrue(vm.nic[0].ipaddress in result, "Password file is empty or doesn't exist!")
@attr(tags=["advanced", "advancedns", "ssh"], required_hardware="true")
def test_isolate_network_password_server(self):

20
test/integration/smoke/test_privategw_acl.py
View File

@ -720,10 +720,10 @@ class TestPrivateGwACL(cloudstackTestCase):
succeeded_pings = 0
minimum_vms_to_pass = 2
for vm_ip in vms_ips:
ssh_command = "ping -c 3 %s" % vm_ip
ssh_command = "ping -c 5 %s" % vm_ip
# Should be able to SSH VM
result = 'failed'
packet_loss = 100
try:
self.logger.debug("SSH into VM: %s" % public_ip.ipaddress.ipaddress)
@ -733,15 +733,19 @@ class TestPrivateGwACL(cloudstackTestCase):
time.sleep(sleep_time)
self.logger.debug("Ping to VM inside another Network Tier")
result = str(ssh.execute(ssh_command))
result = ssh.execute(ssh_command)
self.logger.debug("SSH result: %s; COUNT is ==> %s" % (result, result.count("0% packet loss")))
for line in result:
if "packet loss" in line:
packet_loss = int(line.split("% packet loss")[0].split(" ")[-1])
break
self.logger.debug("SSH result: %s; COUNT is ==> %s" % (result, packet_loss < 50))
except Exception as e:
self.fail("SSH Access failed for %s: %s" % \
(virtual_machine, e)
)
self.fail("SSH Access failed for %s: %s" % (virtual_machine, e))
succeeded_pings += result.count("0% packet loss")
if packet_loss < 50:
succeeded_pings += 1
self.assertTrue(succeeded_pings >= minimum_vms_to_pass,

2
test/integration/smoke/test_vpc_vpn.py
View File

@ -852,7 +852,7 @@ class TestRVPCSite2SiteVpn(cloudstackTestCase):
retries)
except Exception as e:
self.fail("Unable to create ssh connection: " % e)
self.fail("Unable to create ssh connection: %s" % e)
self.assertIsNotNone(
ssh_client, "Failed to setup ssh connection to vm=%s on public_ip=%s" % (virtual_machine.name, virtual_machine.public_ip))

10
tools/appliance/systemvmtemplate/http/preseed.cfg
View File

@ -38,9 +38,6 @@ d-i mirror/http/proxy string
### Apt setup
d-i apt-setup/cdrom/set-first false
#d-i apt-setup/non-free boolean true
#d-i apt-setup/contrib boolean true
#d-i apt-setup/use_mirror boolean true
d-i apt-setup/services-select multiselect security, updates
d-i apt-setup/security_host string security.debian.org
d-i apt-setup/local0/source boolean false
@ -62,12 +59,12 @@ d-i partman-auto/expert_recipe string \
use_filesystem{ } filesystem{ ext2 } \
mountpoint{ /boot } \
. \
1100 40 1600 ext4 \
1200 40 1600 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ / } \
. \
600 60 800 ext4 \
800 60 800 ext4 \
method{ format } format{ } \
use_filesystem{ } filesystem{ ext4 } \
mountpoint{ /var } \
@ -104,9 +101,6 @@ d-i passwd/user-default-groups string audio cdrom video admin
openssh-server openssh-server/permit-root-login boolean true
### Apt setup
# ...
### Package selection
tasksel tasksel/first multiselect ssh-server
d-i pkgsel/include string openssh-server ntp acpid sudo bzip2 openssl

9
tools/appliance/systemvmtemplate/scripts/cleanup.sh
View File

@ -20,9 +20,10 @@ set -e
set -x
function cleanup_apt() {
export DEBIAN_FRONTEND=noninteractive
apt-get -y remove --purge dictionaries-common busybox isc-dhcp-client isc-dhcp-common \
task-english task-ssh-server tasksel tasksel-data laptop-detect wamerican \
debconf-i18n sharutils gnupg gnupg-agent
task-english task-ssh-server tasksel tasksel-data laptop-detect wamerican sharutils \
nano util-linux-locales krb5-locales
apt-get -y autoremove --purge
apt-get autoclean
@ -63,7 +64,9 @@ function cleanup_misc() {
rm -fr /usr/share/man
rm -fr /usr/share/info
rm -fr /usr/share/lintian
find /usr/share/locale -type f | grep -v en | xargs rm -fr
rm -fr /usr/share/apache2/icons
find /usr/share/locale -type f | grep -v en_US | xargs rm -fr
find /usr/share/zoneinfo -type f | grep -v UTC | xargs rm -fr
}
function cleanup() {

2
tools/appliance/systemvmtemplate/scripts/configure_grub.sh
View File

@ -31,7 +31,7 @@ function configure_grub() {
GRUB_DEFAULT=0
GRUB_TIMEOUT=0
GRUB_DISTRIBUTOR=Debian
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=4"
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8 console=hvc0 earlyprintk=xen net.ifnames=0 biosdevname=0 debian-installer=en_US nomodeset"
GRUB_CMDLINE_XEN="com1=115200 console=com1"
GRUB_TERMINAL="console serial"

95
tools/appliance/systemvmtemplate/scripts/definition.rb
View File

@ -1,95 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
arch = 'amd64'
#
# NOTE: Before changing the version of the debian image make
# sure it is added to the userContent of jenkins.buildacloud.org
# and the copy task is updated on the systemvm builds
# This will prevent the inevitable build failure once the iso is
# removed from the debian mirrors
#
architectures = {
:amd64 => {
:os_type_id => 'Debian_64',
:iso_file => 'debian-9.3.0-amd64-netinst.iso',
:iso_src => 'https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.3.0-amd64-netinst.iso',
:iso_md5 => '8775231d6f56a3d8f116eb64fe048f5cbd2ea0f8c092a1cb7608bcb4106f9c85cb69ce68f53bd381019ab40f1c0316843036daf3fd9107c81c58a240334cc747'
}
}
config = {
:cpu_count => '1',
:memory_size => '512',
:disk_size => '2100', :disk_format => 'VDI', :hostiocache => 'off',
:iso_download_timeout => '1000',
:boot_wait => '10',
:boot_cmd_sequence => [
'<Esc>',
'install ',
'preseed/url=http://%IP%:%PORT%/preseed.cfg ',
'debian-installer=en_US ',
'auto ',
'locale=en_US ',
'kbd-chooser/method=us ',
'netcfg/get_hostname=systemvm ',
'netcfg/get_domain=apache.org ',
'fb=false ',
'debconf/frontend=noninteractive ',
'console-setup/ask_detect=false ',
'console-keymaps-at/keymap=us ',
'keyboard-configuration/xkb-keymap=us ',
'<Enter>'
],
:kickstart_port => '7122',
:kickstart_timeout => '1000',
:kickstart_file => 'preseed.cfg',
:ssh_login_timeout => '10000',
:ssh_user => 'cloud',
:ssh_password => 'cloud',
:ssh_key => '',
:ssh_host_port => '7222',
:ssh_guest_port => '22',
:sudo_cmd => "echo '%p'|sudo -S bash '%f'",
:shutdown_cmd => 'halt -p',
:postinstall_files => [
# basic minimal vm creation
'apt_upgrade.sh',
'configure_grub.sh',
'configure_locale.sh',
'configure_networking.sh',
'configure_acpid.sh',
# turning it into a systemvm
'install_systemvm_packages.sh',
'configure_conntrack.sh',
#'../../cloud_scripts_shar_archive.sh',
'configure_systemvm_services.sh',
'authorized_keys.sh',
'configure_persistent_config.sh',
# setup login stuff
'configure_login.sh',
# cleanup & space-saving
'cleanup.sh',
'finalize.sh'
],
:postinstall_timeout => '10000'
}
config.merge! architectures[arch.to_sym]
Veewee::Definition.declare(config)

4
tools/appliance/systemvmtemplate/scripts/install_systemvm_packages.sh
View File

@ -46,7 +46,7 @@ function install_packages() {
local apt_get="apt-get --no-install-recommends -q -y"
${apt_get} install grub-legacy \
rsyslog logrotate cron net-tools ifupdown tmux vim htop netbase iptables \
rsyslog logrotate cron net-tools ifupdown tmux vim-tiny htop netbase iptables \
openssh-server e2fsprogs tcpdump iftop socat wget \
python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps \
inetutils-ping iputils-arping httping curl \
@ -68,7 +68,7 @@ function install_packages() {
python-flask \
haproxy \
radvd \
sharutils \
sharutils genisoimage \
strongswan libcharon-extra-plugins libstrongswan-extra-plugins \
virt-what open-vm-tools qemu-guest-agent hyperv-daemons

2
tools/appliance/systemvmtemplate/template.json
View File

@ -32,7 +32,7 @@
[ "-m", "512M" ],
[ "-smp", "cpus=1,maxcpus=1,cores=1" ]
],
"disk_size": 2100,
"disk_size": 2400,
"format": "qcow2",
"disk_interface": "virtio",

29
tools/whisker/descriptor.xml
View File

@ -2419,10 +2419,6 @@ Innovation Centre, 2006 (http://www.it-innovation.soton.ac.uk).
id='adiscon.com'
name='Adiscon GmbH'
url='http://www.adiscon.com/' />
<organisation
id='person:patrick.debois'
name='Patrick Debois'
url='http://www.jedi.be/blog/' />
<organisation
id='dojofoundation.org'
name='The Dojo Foundation'
@ -2643,31 +2639,6 @@ Copyright (c) 2010-2011 OpenStack, LLC.
</by-organisation>
</with-license>
</within>
<within dir='tools/appliance/definitions/{devcloud,systemvmtemplate,systemvmtemplate64}'>
<with-license id='MIT'>
<copyright-notice>
Copyright (c) 2010-2012 Patrick Debois
</copyright-notice>
<by-organisation id='person:patrick.debois'>
<resource name='base.sh' source='https://github.com/jedi4ever/veewee' />
<resource name='cleanup.sh' source='https://github.com/jedi4ever/veewee' />
<resource name='definition.rb' source='https://github.com/jedi4ever/veewee' />
<resource name='preseed.cfg' source='https://github.com/jedi4ever/veewee' />
<resource name='zerodisk.sh' source='https://github.com/jedi4ever/veewee' />
</by-organisation>
</with-license>
</within>
<within dir='tools/devcloud/src/deps/boxes/basebox-build'>
<with-license id='MIT'>
<copyright-notice>
Copyright (c) 2010-2012 Patrick Debois
</copyright-notice>
<by-organisation id='person:patrick.debois'>
<resource name='definition.rb' source='https://github.com/jedi4ever/veewee' />
<resource name='preseed.cfg' source='https://github.com/jedi4ever/veewee' />
</by-organisation>
</with-license>
</within>
<within dir='utils/src/org/apache/commons/httpclient/contrib/ssl'>
<with-license id='ApacheLicenseVersion2'>
<copyright-notice>