mirror of
				https://github.com/apache/cloudstack.git
				synced 2025-10-26 08:42:29 +01:00 
			
		
		
		
	CLOUDSTACK-10013: Fixes based on code review and test failures
This includes test related fixes and code review fixes based on reviews from @rafaelweingartner, @marcaurele, @wido and @DaanHoogland. This also includes VMware disk-resize limitation bug fix based on comments from @sateesh-chodapuneedi and @priyankparihar. This also includes the final changes to systemvmtemplate and fixes to code based on issues found via test failures. Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This commit is contained in:
		
							parent
							
								
									4338e0f4f1
								
							
						
					
					
						commit
						d19629a115
					
				
							
								
								
									
										59
									
								
								LICENSE
									
									
									
									
									
								
							
							
						
						
									
										59
									
								
								LICENSE
									
									
									
									
									
								
							| @ -271,65 +271,6 @@ Within the scripts/vm/hypervisor/xenserver directory | ||||
|         from OpenStack, LLC  http://www.openstack.org  | ||||
|             swift  | ||||
| 
 | ||||
| Within the tools/appliance/definitions/{devcloud,systemvmtemplate,systemvmtemplate64} directory | ||||
|     licensed under the MIT License http://www.opensource.org/licenses/mit-license.php  (as follows) | ||||
| 
 | ||||
|             Copyright (c) 2010-2012 Patrick Debois  | ||||
|              | ||||
|             Permission is hereby granted, free  of charge, to any person obtaining | ||||
|             a  copy  of this  software  and  associated  documentation files  (the | ||||
|             "Software"), to  deal in  the Software without  restriction, including | ||||
|             without limitation  the rights to  use, copy, modify,  merge, publish, | ||||
|             distribute,  sublicense, and/or sell  copies of  the Software,  and to | ||||
|             permit persons to whom the Software  is furnished to do so, subject to | ||||
|             the following conditions: | ||||
|              | ||||
|             The  above  copyright  notice  and  this permission  notice  shall  be | ||||
|             included in all copies or substantial portions of the Software. | ||||
|              | ||||
|             THE  SOFTWARE IS  PROVIDED  "AS  IS", WITHOUT  WARRANTY  OF ANY  KIND, | ||||
|             EXPRESS OR  IMPLIED, INCLUDING  BUT NOT LIMITED  TO THE  WARRANTIES OF | ||||
|             MERCHANTABILITY,    FITNESS    FOR    A   PARTICULAR    PURPOSE    AND | ||||
|             NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE | ||||
|             LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION | ||||
|             OF CONTRACT, TORT OR OTHERWISE,  ARISING FROM, OUT OF OR IN CONNECTION | ||||
|             WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. | ||||
|                          | ||||
|         from Patrick Debois  http://www.jedi.be/blog/  | ||||
|             base.sh  from https://github.com/jedi4ever/veewee | ||||
|             cleanup.sh  from https://github.com/jedi4ever/veewee | ||||
|             definition.rb  from https://github.com/jedi4ever/veewee | ||||
|             preseed.cfg  from https://github.com/jedi4ever/veewee | ||||
|             zerodisk.sh  from https://github.com/jedi4ever/veewee | ||||
| 
 | ||||
| Within the tools/devcloud/src/deps/boxes/basebox-build directory | ||||
|     licensed under the MIT License http://www.opensource.org/licenses/mit-license.php  (as follows) | ||||
| 
 | ||||
|             Copyright (c) 2010-2012 Patrick Debois  | ||||
|              | ||||
|             Permission is hereby granted, free  of charge, to any person obtaining | ||||
|             a  copy  of this  software  and  associated  documentation files  (the | ||||
|             "Software"), to  deal in  the Software without  restriction, including | ||||
|             without limitation  the rights to  use, copy, modify,  merge, publish, | ||||
|             distribute,  sublicense, and/or sell  copies of  the Software,  and to | ||||
|             permit persons to whom the Software  is furnished to do so, subject to | ||||
|             the following conditions: | ||||
|              | ||||
|             The  above  copyright  notice  and  this permission  notice  shall  be | ||||
|             included in all copies or substantial portions of the Software. | ||||
|              | ||||
|             THE  SOFTWARE IS  PROVIDED  "AS  IS", WITHOUT  WARRANTY  OF ANY  KIND, | ||||
|             EXPRESS OR  IMPLIED, INCLUDING  BUT NOT LIMITED  TO THE  WARRANTIES OF | ||||
|             MERCHANTABILITY,    FITNESS    FOR    A   PARTICULAR    PURPOSE    AND | ||||
|             NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE | ||||
|             LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION | ||||
|             OF CONTRACT, TORT OR OTHERWISE,  ARISING FROM, OUT OF OR IN CONNECTION | ||||
|             WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. | ||||
|                          | ||||
|         from Patrick Debois  http://www.jedi.be/blog/  | ||||
|             definition.rb  from https://github.com/jedi4ever/veewee | ||||
|             preseed.cfg  from https://github.com/jedi4ever/veewee | ||||
| 
 | ||||
| Within the ui/lib directory | ||||
|     placed in the public domain | ||||
|         by Eric Meyer  http://meyerweb.com/eric/  | ||||
|  | ||||
| @ -839,6 +839,21 @@ public class VirtualMachineManagerImpl extends ManagerBase implements VirtualMac | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     private void setupAgentSecurity(final Host vmHost, final Map<String, String> sshAccessDetails, final VirtualMachine vm) throws AgentUnavailableException, OperationTimedoutException { | ||||
|         final String csr = caManager.generateKeyStoreAndCsr(vmHost, sshAccessDetails); | ||||
|         if (!Strings.isNullOrEmpty(csr)) { | ||||
|             final Map<String, String> ipAddressDetails = new HashMap<>(sshAccessDetails); | ||||
|             ipAddressDetails.remove(NetworkElementCommand.ROUTER_NAME); | ||||
|             final Certificate certificate = caManager.issueCertificate(csr, Arrays.asList(vm.getHostName(), vm.getInstanceName()), | ||||
|                     new ArrayList<>(ipAddressDetails.values()), CAManager.CertValidityPeriod.value(), null); | ||||
|             final boolean result = caManager.deployCertificate(vmHost, certificate, false, sshAccessDetails); | ||||
|             if (!result) { | ||||
|                 s_logger.error("Failed to setup certificate for system vm: " + vm.getInstanceName()); | ||||
|             } | ||||
|         } else { | ||||
|             s_logger.error("Failed to setup keystore and generate CSR for system vm: " + vm.getInstanceName()); | ||||
|         } | ||||
|     } | ||||
| 
 | ||||
|     @Override | ||||
|     public void orchestrateStart(final String vmUuid, final Map<VirtualMachineProfile.Param, Object> params, final DeploymentPlan planToDeploy, final DeploymentPlanner planner) | ||||
| @ -1088,18 +1103,15 @@ public class VirtualMachineManagerImpl extends ManagerBase implements VirtualMac | ||||
|                             if (vmHost != null && (VirtualMachine.Type.ConsoleProxy.equals(vm.getType()) || | ||||
|                                     VirtualMachine.Type.SecondaryStorageVm.equals(vm.getType())) && caManager.canProvisionCertificates()) { | ||||
|                                 final Map<String, String> sshAccessDetails = _networkMgr.getSystemVMAccessDetails(vm); | ||||
|                                 final String csr = caManager.generateKeyStoreAndCsr(vmHost, sshAccessDetails); | ||||
|                                 if (!Strings.isNullOrEmpty(csr)) { | ||||
|                                     final Map<String, String> ipAddressDetails = new HashMap<>(sshAccessDetails); | ||||
|                                     ipAddressDetails.remove(NetworkElementCommand.ROUTER_NAME); | ||||
|                                     final Certificate certificate = caManager.issueCertificate(csr, Arrays.asList(vm.getHostName(), vm.getInstanceName()), new ArrayList<>(ipAddressDetails.values()), CAManager.CertValidityPeriod.value(), null); | ||||
|                                     final boolean result = caManager.deployCertificate(vmHost, certificate, false, sshAccessDetails); | ||||
|                                     if (!result) { | ||||
|                                         s_logger.error("Failed to setup certificate for system vm: " + vm.getInstanceName()); | ||||
|                                 for (int retries = 3; retries > 0; retries--) { | ||||
|                                     try { | ||||
|                                         setupAgentSecurity(vmHost, sshAccessDetails, vm); | ||||
|                                         return; | ||||
|                                     } catch (final Exception e) { | ||||
|                                         s_logger.error("Retrying after catching exception while trying to secure agent for systemvm id=" + vm.getId(), e); | ||||
|                                     } | ||||
|                                 } else { | ||||
|                                     s_logger.error("Failed to setup keystore and generate CSR for system vm: " + vm.getInstanceName()); | ||||
|                                 } | ||||
|                                 throw new CloudRuntimeException("Failed to setup and secure agent for systemvm id=" + vm.getId()); | ||||
|                             } | ||||
|                             return; | ||||
|                         } else { | ||||
|  | ||||
| @ -493,9 +493,6 @@ INSERT IGNORE INTO `cloud`.`guest_os_hypervisor` (uuid,hypervisor_type, hypervis | ||||
| -- Change monitor patch for apache2 in systemvm | ||||
| UPDATE `cloud`.`monitoring_services` SET pidfile="/var/run/apache2/apache2.pid" WHERE process_name="apache2" AND service_name="apache2"; | ||||
| 
 | ||||
| -- Boost secondary storage systemvm | ||||
| UPDATE `cloud`.`service_offering` SET ram_size=1024, cpu=2 WHERE vm_type="secondarystoragevm" and cpu=1 and ram_size=512; | ||||
| 
 | ||||
| -- Use 'Other Linux 64-bit' as guest os for the default systemvmtemplate for VMware | ||||
| -- This fixes a memory allocation issue to systemvms on VMware/ESXi | ||||
| UPDATE `cloud`.`vm_template` SET guest_os_id=99 WHERE id=8; | ||||
|  | ||||
| @ -102,6 +102,7 @@ import com.vmware.vim25.VirtualMachineRuntimeInfo; | ||||
| import com.vmware.vim25.VirtualMachineVideoCard; | ||||
| import com.vmware.vim25.VmwareDistributedVirtualSwitchVlanIdSpec; | ||||
| 
 | ||||
| import org.apache.cloudstack.api.ApiConstants; | ||||
| import org.apache.cloudstack.storage.command.CopyCommand; | ||||
| import org.apache.cloudstack.storage.command.StorageSubSystemCommand; | ||||
| import org.apache.cloudstack.storage.resource.NfsSecondaryStorageResource; | ||||
| @ -2178,8 +2179,9 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa | ||||
|                 hyperHost.setRestartPriorityForVM(vmMo, DasVmPriority.HIGH.value()); | ||||
|             } | ||||
| 
 | ||||
|             // For resizing root disk. | ||||
|             if (rootDiskTO != null && !hasSnapshot) { | ||||
|             // Resizing root disk only when explicit requested by user | ||||
|             final Map<String, String> vmDetails = cmd.getVirtualMachine().getDetails(); | ||||
|             if (rootDiskTO != null && !hasSnapshot && (vmDetails != null && vmDetails.containsKey(ApiConstants.ROOT_DISK_SIZE))) { | ||||
|                 resizeRootDiskOnVMStart(vmMo, rootDiskTO, hyperHost, context); | ||||
|             } | ||||
| 
 | ||||
| @ -2254,7 +2256,11 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa | ||||
|         final Pair<VirtualDisk, String> vdisk = getVirtualDiskInfo(vmMo, appendFileType(rootDiskTO.getPath(), ".vmdk")); | ||||
|         assert(vdisk != null); | ||||
| 
 | ||||
|         final Long reqSize = ((VolumeObjectTO)rootDiskTO.getData()).getSize() / 1024; | ||||
|         Long reqSize = 0L; | ||||
|         final VolumeObjectTO volumeTO = ((VolumeObjectTO)rootDiskTO.getData()); | ||||
|         if (volumeTO != null) { | ||||
|             reqSize = volumeTO.getSize() / 1024; | ||||
|         } | ||||
|         final VirtualDisk disk = vdisk.first(); | ||||
|         if (reqSize > disk.getCapacityInKB()) { | ||||
|             final VirtualMachineDiskInfo diskInfo = getMatchingExistingDisk(vmMo.getDiskInfoBuilder(), rootDiskTO, hyperHost, context); | ||||
| @ -2262,12 +2268,12 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa | ||||
|             final String[] diskChain = diskInfo.getDiskChain(); | ||||
| 
 | ||||
|             if (diskChain != null && diskChain.length > 1) { | ||||
|                 s_logger.warn("Disk chain length for the VM is greater than one, skipping resizing of root disk."); | ||||
|                 return; | ||||
|                 s_logger.warn("Disk chain length for the VM is greater than one, this is not supported"); | ||||
|                 throw new CloudRuntimeException("Unsupported VM disk chain length: "+ diskChain.length); | ||||
|             } | ||||
|             if (diskInfo.getDiskDeviceBusName() == null || !diskInfo.getDiskDeviceBusName().toLowerCase().startsWith("scsi")) { | ||||
|                 s_logger.warn("Resizing of root disk is only support for scsi device/bus, the provide disk's device bus name is " + diskInfo.getDiskDeviceBusName()); | ||||
|                 return; | ||||
|                 s_logger.warn("Resizing of root disk is only support for scsi device/bus, the provide VM's disk device bus name is " + diskInfo.getDiskDeviceBusName()); | ||||
|                 throw new CloudRuntimeException("Unsupported VM root disk device bus: "+ diskInfo.getDiskDeviceBusName()); | ||||
|             } | ||||
| 
 | ||||
|             disk.setCapacityInKB(reqSize); | ||||
|  | ||||
							
								
								
									
										2
									
								
								pom.xml
									
									
									
									
									
								
							
							
						
						
									
										2
									
								
								pom.xml
									
									
									
									
									
								
							| @ -883,8 +883,6 @@ | ||||
|               <exclude>tools/devcloud/basebuild/puppet-devcloudinitial/files/network.conf</exclude> | ||||
|               <exclude>tools/appliance/*/template.json</exclude> | ||||
|               <exclude>tools/cli/cloudmonkey.egg-info/*</exclude> | ||||
|               <exclude>tools/devcloud/src/deps/boxes/basebox-build/definition.rb</exclude> | ||||
|               <exclude>tools/devcloud/src/deps/boxes/basebox-build/preseed.cfg</exclude> | ||||
|               <exclude>tools/marvin/Marvin.egg-info/*</exclude> | ||||
|               <exclude>ui/css/token-input-facebook.css</exclude> | ||||
|               <exclude>ui/l10n/*</exclude> | ||||
|  | ||||
| @ -217,10 +217,7 @@ class serviceOpsRedhat7(serviceOps): | ||||
|     def isServiceRunning(self, servicename): | ||||
|         try: | ||||
|             o = bash("systemctl is-active " + servicename) | ||||
|             if "inactive" not in o.getStdout(): | ||||
|                 return True | ||||
|             else: | ||||
|                 return False | ||||
|             return "inactive" not in o.getStdout() | ||||
|         except: | ||||
|             return False | ||||
| 
 | ||||
|  | ||||
| @ -89,9 +89,7 @@ fi | ||||
| 
 | ||||
| # Restart cloud service if we're in systemvm | ||||
| if [ "$MODE" == "ssh" ] && [ -f $SYSTEM_FILE ]; then | ||||
|     /etc/init.d/cloud stop > /dev/null 2>&1 | ||||
|     sleep 2 | ||||
|     /etc/init.d/cloud start > /dev/null 2>&1 | ||||
|     systemctl restart cloud > /dev/null 2>&1 | ||||
| fi | ||||
| 
 | ||||
| # Fix file permission | ||||
|  | ||||
| @ -38,11 +38,11 @@ fi | ||||
| # Generate keystore | ||||
| rm -f "$KS_FILE" | ||||
| CN=$(hostname --fqdn) | ||||
| keytool -genkey -storepass "$KS_PASS" -keypass "$KS_PASS" -alias "$ALIAS" -keyalg RSA -validity "$KS_VALIDITY" -dname cn="$CN",ou="cloudstack",o="cloudstack",c="cloudstack" -keystore "$KS_FILE" | ||||
| keytool -genkey -storepass "$KS_PASS" -keypass "$KS_PASS" -alias "$ALIAS" -keyalg RSA -validity "$KS_VALIDITY" -dname cn="$CN",ou="cloudstack",o="cloudstack",c="cloudstack" -keystore "$KS_FILE" > /dev/null 2>&1 | ||||
| 
 | ||||
| # Generate CSR | ||||
| rm -f "$CSR_FILE" | ||||
| keytool -certreq -storepass "$KS_PASS" -alias "$ALIAS" -file $CSR_FILE -keystore "$KS_FILE" | ||||
| keytool -certreq -storepass "$KS_PASS" -alias "$ALIAS" -file $CSR_FILE -keystore "$KS_FILE" > /dev/null 2>&1 | ||||
| cat "$CSR_FILE" | ||||
| 
 | ||||
| # Fix file permissions | ||||
|  | ||||
| @ -29,6 +29,7 @@ import javax.naming.ConfigurationException; | ||||
| 
 | ||||
| import org.apache.cloudstack.ca.CAManager; | ||||
| import org.apache.cloudstack.ca.SetupCertificateCommand; | ||||
| import org.apache.cloudstack.config.ApiServiceConfiguration; | ||||
| import org.apache.cloudstack.framework.ca.Certificate; | ||||
| import org.apache.cloudstack.utils.security.KeyStoreUtils; | ||||
| import org.apache.log4j.Logger; | ||||
| @ -66,7 +67,6 @@ import com.trilead.ssh2.Connection; | ||||
| 
 | ||||
| public abstract class LibvirtServerDiscoverer extends DiscovererBase implements Discoverer, Listener, ResourceStateAdapter { | ||||
|     private static final Logger s_logger = Logger.getLogger(LibvirtServerDiscoverer.class); | ||||
|     private String _hostIp; | ||||
|     private final int _waitTime = 5; /* wait for 5 minutes */ | ||||
|     private String _kvmPrivateNic; | ||||
|     private String _kvmPublicNic; | ||||
| @ -291,7 +291,7 @@ public abstract class LibvirtServerDiscoverer extends DiscovererBase implements | ||||
| 
 | ||||
|             setupAgentSecurity(sshConnection, agentIp, hostname); | ||||
| 
 | ||||
|             String parameters = " -m " + StringUtils.shuffleCSVList(_hostIp) + " -z " + dcId + " -p " + podId + " -c " + clusterId + " -g " + guid + " -a"; | ||||
|             String parameters = " -m " + StringUtils.shuffleCSVList(ApiServiceConfiguration.ManagementHostIPAdr.value()) + " -z " + dcId + " -p " + podId + " -c " + clusterId + " -g " + guid + " -a"; | ||||
| 
 | ||||
|             parameters += " --pubNic=" + kvmPublicNic; | ||||
|             parameters += " --prvNic=" + kvmPrivateNic; | ||||
| @ -395,10 +395,6 @@ public abstract class LibvirtServerDiscoverer extends DiscovererBase implements | ||||
|             _kvmGuestNic = _kvmPrivateNic; | ||||
|         } | ||||
| 
 | ||||
|         _hostIp = _configDao.getValue("host"); | ||||
|         if (_hostIp == null) { | ||||
|             throw new ConfigurationException("Can't get host IP"); | ||||
|         } | ||||
|         _resourceMgr.registerResourceStateAdapter(this.getClass().getSimpleName(), this); | ||||
|         return true; | ||||
|     } | ||||
|  | ||||
| @ -824,7 +824,7 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage | ||||
|                         if (userIp.getState() == IpAddress.State.Free) { | ||||
|                             addr.setState(IpAddress.State.Allocating); | ||||
|                             if (_ipAddressDao.update(addr.getId(), addr)) { | ||||
|                                 finalAddr = _ipAddressDao.findById(addr.getId()); | ||||
|                                 finalAddr = addr; | ||||
|                                 break; | ||||
|                             } | ||||
|                         } | ||||
|  | ||||
| @ -1749,6 +1749,11 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis | ||||
|     @ActionEvent(eventType = EventTypes.EVENT_PRIVATE_GATEWAY_DELETE, eventDescription = "deleting private gateway") | ||||
|     @DB | ||||
|     public boolean deleteVpcPrivateGateway(final long gatewayId) throws ConcurrentOperationException, ResourceUnavailableException { | ||||
|         final VpcGatewayVO gatewayToBeDeleted = _vpcGatewayDao.findById(gatewayId); | ||||
|         if (gatewayToBeDeleted == null) { | ||||
|             s_logger.debug("VPC gateway is already deleted for id=" + gatewayId); | ||||
|             return true; | ||||
|         } | ||||
| 
 | ||||
|         final VpcGatewayVO gatewayVO = _vpcGatewayDao.acquireInLockTable(gatewayId); | ||||
|         if (gatewayVO == null || gatewayVO.getType() != VpcGateway.Type.Private) { | ||||
|  | ||||
| @ -27,7 +27,7 @@ import com.cloud.vm.SecondaryStorageVmVO; | ||||
| 
 | ||||
| public interface SecondaryStorageVmManager extends Manager { | ||||
| 
 | ||||
|     public static final int DEFAULT_SS_VM_RAMSIZE = 1024;           // 1024M | ||||
|     public static final int DEFAULT_SS_VM_RAMSIZE = 512;            // 512M | ||||
|     public static final int DEFAULT_SS_VM_CPUMHZ = 500;             // 500 MHz | ||||
|     public static final int DEFAULT_SS_VM_MTUSIZE = 1500; | ||||
|     public static final int DEFAULT_SS_VM_CAPACITY = 50;            // max command execution session per SSVM | ||||
|  | ||||
| @ -951,7 +951,7 @@ public class SecondaryStorageManagerImpl extends ManagerBase implements Secondar | ||||
|             int ramSize = NumbersUtil.parseInt(_configDao.getValue("ssvm.ram.size"), DEFAULT_SS_VM_RAMSIZE); | ||||
|             int cpuFreq = NumbersUtil.parseInt(_configDao.getValue("ssvm.cpu.mhz"), DEFAULT_SS_VM_CPUMHZ); | ||||
|             List<ServiceOfferingVO> offerings = _offeringDao.createSystemServiceOfferings("System Offering For Secondary Storage VM", | ||||
|                     ServiceOffering.ssvmDefaultOffUniqueName, 2, ramSize, cpuFreq, null, null, false, null, | ||||
|                     ServiceOffering.ssvmDefaultOffUniqueName, 1, ramSize, cpuFreq, null, null, false, null, | ||||
|                     Storage.ProvisioningType.THIN, true, null, true, VirtualMachine.Type.SecondaryStorageVm, true); | ||||
|             // this can sometimes happen, if DB is manually or programmatically manipulated | ||||
|             if (offerings == null || offerings.size() < 2) { | ||||
|  | ||||
| @ -235,8 +235,7 @@ public class NfsSecondaryStorageResource extends ServerResourceBase implements S | ||||
|             String nfsVersionParam = (String)params.get("nfsVersion"); | ||||
|             try { | ||||
|                 nfsVersion = Integer.valueOf(nfsVersionParam); | ||||
|             } | ||||
|             catch (NumberFormatException e){ | ||||
|             } catch (NumberFormatException e){ | ||||
|                 s_logger.error("Couldn't cast " + nfsVersionParam + " to integer"); | ||||
|                 return null; | ||||
|             } | ||||
| @ -2269,9 +2268,9 @@ public class NfsSecondaryStorageResource extends ServerResourceBase implements S | ||||
|         if (!_inSystemVM) { | ||||
|             return; | ||||
|         } | ||||
|         Script command = new Script("/bin/bash", s_logger); | ||||
|         command.add("-c"); | ||||
|         command.add("if [ -f /etc/init.d/ssh ]; then service ssh restart; else service sshd restart; fi "); | ||||
|         Script command = new Script("/bin/systemctl", s_logger); | ||||
|         command.add("restart"); | ||||
|         command.add("ssh"); | ||||
|         String result = command.execute(); | ||||
|         if (result != null) { | ||||
|             s_logger.warn("Error in starting sshd service err=" + result); | ||||
|  | ||||
| @ -1070,10 +1070,9 @@ public class DownloadManagerImpl extends ManagerBase implements DownloadManager | ||||
|     } | ||||
| 
 | ||||
|     private void startAdditionalServices() { | ||||
| 
 | ||||
|         Script command = new Script("/bin/bash", s_logger); | ||||
|         command.add("-c"); | ||||
|         command.add("if [ -d /etc/apache2 ] ; then service apache2 stop; else service httpd stop; fi "); | ||||
|         Script command = new Script("/bin/systemctl", s_logger); | ||||
|         command.add("stop"); | ||||
|         command.add("apache2"); | ||||
|         String result = command.execute(); | ||||
|         if (result != null) { | ||||
|             s_logger.warn("Error in stopping httpd service err=" + result); | ||||
| @ -1088,21 +1087,25 @@ public class DownloadManagerImpl extends ManagerBase implements DownloadManager | ||||
| 
 | ||||
|         result = command.execute(); | ||||
|         if (result != null) { | ||||
|             s_logger.warn("Error in opening up httpd port err=" + result); | ||||
|             s_logger.warn("Error in opening up apache2 port err=" + result); | ||||
|             return; | ||||
|         } | ||||
| 
 | ||||
|         command = new Script("/bin/bash", s_logger); | ||||
|         command.add("-c"); | ||||
|         command.add("if [ -d /etc/apache2 ] ; then service apache2 start; else service httpd start; fi "); | ||||
|         command = new Script("/bin/systemctl", s_logger); | ||||
|         command.add("start"); | ||||
|         command.add("apache2"); | ||||
|         result = command.execute(); | ||||
|         if (result != null) { | ||||
|             s_logger.warn("Error in starting httpd service err=" + result); | ||||
|             s_logger.warn("Error in starting apache2 service err=" + result); | ||||
|             return; | ||||
|         } | ||||
|         command = new Script("mkdir", s_logger); | ||||
|         command.add("-p"); | ||||
|         command.add("/var/www/html/copy/template"); | ||||
| 
 | ||||
|         command = new Script("/bin/su", s_logger); | ||||
|         command.add("-s"); | ||||
|         command.add("/bin/bash"); | ||||
|         command.add("-c"); | ||||
|         command.add("mkdir -p /var/www/html/copy/template"); | ||||
|         command.add("www-data"); | ||||
|         result = command.execute(); | ||||
|         if (result != null) { | ||||
|             s_logger.warn("Error in creating directory =" + result); | ||||
|  | ||||
| @ -266,9 +266,12 @@ public class UploadManagerImpl extends ManagerBase implements UploadManager { | ||||
|         } | ||||
|         // Create the directory structure so that its visible under apache server root | ||||
|         String extractDir = "/var/www/html/userdata/"; | ||||
|         Script command = new Script("mkdir", s_logger); | ||||
|         command.add("-p"); | ||||
|         command.add(extractDir); | ||||
|         Script command = new Script("/bin/su", s_logger); | ||||
|         command.add("-s"); | ||||
|         command.add("/bin/bash"); | ||||
|         command.add("-c"); | ||||
|         command.add("mkdir -p " + extractDir); | ||||
|         command.add("www-data"); | ||||
|         String result = command.execute(); | ||||
|         if (result != null) { | ||||
|             String errorString = "Error in creating directory =" + result; | ||||
| @ -278,15 +281,6 @@ public class UploadManagerImpl extends ManagerBase implements UploadManager { | ||||
| 
 | ||||
|         // Create a random file under the directory for security reasons. | ||||
|         String uuid = cmd.getExtractLinkUUID(); | ||||
|         command = new Script("touch", s_logger); | ||||
|         command.add(extractDir + uuid); | ||||
|         result = command.execute(); | ||||
|         if (result != null) { | ||||
|             String errorString = "Error in creating file " + uuid + " ,error: " + result; | ||||
|             s_logger.warn(errorString); | ||||
|             return new CreateEntityDownloadURLAnswer(errorString, CreateEntityDownloadURLAnswer.RESULT_FAILURE); | ||||
|         } | ||||
| 
 | ||||
|         // Create a symbolic link from the actual directory to the template location. The entity would be directly visible under /var/www/html/userdata/cmd.getInstallPath(); | ||||
|         command = new Script("/bin/bash", s_logger); | ||||
|         command.add("-c"); | ||||
| @ -501,46 +495,20 @@ public class UploadManagerImpl extends ManagerBase implements UploadManager { | ||||
|     } | ||||
| 
 | ||||
|     private boolean checkAndStartApache() { | ||||
| 
 | ||||
|         //Check whether the Apache server is running | ||||
|         Script command = new Script("/bin/bash", s_logger); | ||||
|         command.add("-c"); | ||||
|         command.add("if [ -d /etc/apache2 ] ; then service apache2 status | grep pid; else service httpd status | grep pid; fi "); | ||||
|         Script command = new Script("/bin/systemctl", s_logger); | ||||
|         command.add("is-active"); | ||||
|         command.add("apache2"); | ||||
|         String result = command.execute(); | ||||
| 
 | ||||
|         //Apache Server is not running. Try to start it. | ||||
|         if (result != null) { | ||||
| 
 | ||||
|             /*s_logger.warn("Apache server not running, trying to start it"); | ||||
|             String port = Integer.toString(TemplateConstants.DEFAULT_TMPLT_COPY_PORT); | ||||
|             String intf = TemplateConstants.DEFAULT_TMPLT_COPY_INTF; | ||||
| 
 | ||||
|             command = new Script("/bin/bash", s_logger); | ||||
|             command.add("-c"); | ||||
|             command.add("iptables -D INPUT -i " + intf + " -p tcp -m state --state NEW -m tcp --dport " + port + " -j DROP;" + | ||||
|                         "iptables -D INPUT -i " + intf + " -p tcp -m state --state NEW -m tcp --dport " + port + " -j HTTP;" + | ||||
|                         "iptables -D INPUT -i " + intf + " -p tcp -m state --state NEW -m tcp --dport " + "443" + " -j DROP;" + | ||||
|                         "iptables -D INPUT -i " + intf + " -p tcp -m state --state NEW -m tcp --dport " + "443" + " -j HTTP;" + | ||||
|                         "iptables -F HTTP;" + | ||||
|                         "iptables -X HTTP;" + | ||||
|                         "iptables -N HTTP;" + | ||||
|                         "iptables -I INPUT -i " + intf + " -p tcp -m state --state NEW -m tcp --dport " + port + " -j DROP;" + | ||||
|                         "iptables -I INPUT -i " + intf + " -p tcp -m state --state NEW -m tcp --dport " + "443" + " -j DROP;" + | ||||
|                         "iptables -I INPUT -i " + intf + " -p tcp -m state --state NEW -m tcp --dport " + port + " -j HTTP;" + | ||||
|                         "iptables -I INPUT -i " + intf + " -p tcp -m state --state NEW -m tcp --dport " + "443" + " -j HTTP;"); | ||||
| 
 | ||||
|         if (result != null && !result.equals("active")) { | ||||
|             command = new Script("/bin/systemctl", s_logger); | ||||
|             command.add("start"); | ||||
|             command.add("apache2"); | ||||
|             result = command.execute(); | ||||
|             if (result != null) { | ||||
|                 s_logger.warn("Error in opening up httpd port err=" + result ); | ||||
|                 return false; | ||||
|             }*/ | ||||
| 
 | ||||
|             command = new Script("/bin/bash", s_logger); | ||||
|             command.add("-c"); | ||||
|             command.add("if [ -d /etc/apache2 ] ; then service apache2 start; else service httpd start; fi "); | ||||
|             result = command.execute(); | ||||
|             if (result != null) { | ||||
|                 s_logger.warn("Error in starting httpd service err=" + result); | ||||
|                 s_logger.warn("Error in starting apache2 service err=" + result); | ||||
|                 return false; | ||||
|             } | ||||
|         } | ||||
|  | ||||
| @ -25,72 +25,15 @@ help() { | ||||
| } | ||||
| 
 | ||||
| 
 | ||||
| config_httpd_conf() { | ||||
|   local ip=$1 | ||||
|   local srvr=$2 | ||||
|   cp -f /etc/httpd/conf/httpd.conf.orig /etc/httpd/conf/httpd.conf | ||||
|   sed -i -e "s/Listen.*:80$/Listen $ip:80/" /etc/httpd/conf/httpd.conf | ||||
|   echo "<VirtualHost $ip:443> " >> /etc/httpd/conf/httpd.conf | ||||
|   echo "  DocumentRoot /var/www/html/" >> /etc/httpd/conf/httpd.conf | ||||
|   echo "  ServerName $srvr" >> /etc/httpd/conf/httpd.conf | ||||
|   echo "  SSLEngine on" >>  /etc/httpd/conf/httpd.conf | ||||
|   echo "  SSLProtocol all -SSLv2 -SSLv3" >>  /etc/httpd/conf/httpd.conf | ||||
|   echo "  SSLCertificateFile /etc/httpd/ssl/certs/realhostip.crt" >>  /etc/httpd/conf/httpd.conf | ||||
|   echo "  SSLCertificateKeyFile /etc/httpd/ssl/keys/realhostip.key" >> /etc/httpd/conf/httpd.conf | ||||
|   echo "</VirtualHost>" >> /etc/httpd/conf/httpd.conf | ||||
| } | ||||
| 
 | ||||
| config_apache2_conf() { | ||||
|   local ip=$1 | ||||
|   local srvr=$2 | ||||
|   cp -f /etc/apache2/sites-available/default.orig /etc/apache2/sites-available/default | ||||
|   cp -f /etc/apache2/sites-available/default-ssl.orig /etc/apache2/sites-available/default-ssl | ||||
|   sed -i -e "s/<VirtualHost.*>/<VirtualHost $ip:80>/" /etc/apache2/sites-available/default | ||||
|   sed -i -e "s/<VirtualHost.*>/<VirtualHost $ip:443>/" /etc/apache2/sites-available/default-ssl | ||||
|   sed -i  's/ssl-cert-snakeoil.key/cert_apache.key/' /etc/apache2/sites-available/default-ssl | ||||
|   sed -i  's/ssl-cert-snakeoil.pem/cert_apache.crt/' /etc/apache2/sites-available/default-ssl | ||||
|   sed -i  's/SSLProtocol.*$/SSLProtocol all -SSLv2 -SSLv3/' /etc/apache2/sites-available/default-ssl | ||||
|   sed -i  's/ssl-cert-snakeoil.key/cert_apache.key/' /etc/apache2/sites-enabled/vhost* | ||||
|   sed -i  's/ssl-cert-snakeoil.pem/cert_apache.crt/' /etc/apache2/sites-enabled/vhost* | ||||
|   if [ -f /etc/ssl/certs/cert_apache_chain.crt ] | ||||
|   then | ||||
|     sed -i -e "s/#SSLCertificateChainFile.*/SSLCertificateChainFile \/etc\/ssl\/certs\/cert_apache_chain.crt/" /etc/apache2/sites-available/default-ssl | ||||
|     sed -i -e "s/#SSLCertificateChainFile.*/SSLCertificateChainFile \/etc\/ssl\/certs\/cert_apache_chain.crt/" /etc/apache2/sites-enabled/vhost* | ||||
|   fi | ||||
| 
 | ||||
|   SSL_FILE="/etc/apache2/sites-available/default-ssl" | ||||
|   PATTERN="RewriteRule ^\/upload\/(.*)" | ||||
|   CORS_PATTERN="Header set Access-Control-Allow-Origin" | ||||
|   if [ -f $SSL_FILE ]; then | ||||
|     if grep -q "$PATTERN" $SSL_FILE ; then | ||||
|       echo "rewrite rules already exist in file $SSL_FILE" | ||||
|     else | ||||
|         echo "adding rewrite rules to file: $SSL_FILE" | ||||
|         sed -i -e "s/<\/VirtualHost>/RewriteEngine On \n&/" $SSL_FILE | ||||
|         sed -i -e "s/<\/VirtualHost>/RewriteCond %{HTTPS} =on \n&/" $SSL_FILE | ||||
|         sed -i -e "s/<\/VirtualHost>/RewriteCond %{REQUEST_METHOD} =POST \n&/" $SSL_FILE | ||||
|         sed -i -e "s/<\/VirtualHost>/RewriteRule ^\/upload\/(.*) http:\/\/127.0.0.1:8210\/upload?uuid=\$1 [P,L] \n&/" $SSL_FILE | ||||
|     fi | ||||
|     if grep -q "$CORS_PATTERN" $SSL_FILE ; then | ||||
|       echo "cors rules already exist in file $SSL_FILE" | ||||
|     else | ||||
|         echo "adding cors rules to file: $SSL_FILE" | ||||
|         sed -i -e "s/<\/VirtualHost>/Header always set Access-Control-Allow-Origin \"*\" \n&/" $SSL_FILE | ||||
|         sed -i -e "s/<\/VirtualHost>/Header always set Access-Control-Allow-Methods \"POST, OPTIONS\" \n&/" $SSL_FILE | ||||
|         sed -i -e "s/<\/VirtualHost>/Header always set Access-Control-Allow-Headers \"x-requested-with, Content-Type, origin, authorization, accept, client-security-token, x-signature, x-metadata, x-expires\" \n&/" $SSL_FILE | ||||
|     fi | ||||
|   fi | ||||
| 
 | ||||
| } | ||||
| 
 | ||||
| copy_certs() { | ||||
|   local certdir=$(dirname $0)/certs | ||||
|   local mydir=$(dirname $0) | ||||
|   if [ -d $certdir ] && [ -f $customPrivKey ] &&  [ -f $customPrivCert ] ; then | ||||
|        mkdir -p /etc/httpd/ssl/keys  &&  mkdir -p /etc/httpd/ssl/certs  &&  cp $customprivKey /etc/httpd/ssl/keys   &&  cp $customPrivCert /etc/httpd/ssl/certs | ||||
|       return $? | ||||
|   fi | ||||
|   if [ ! -z customCertChain ] && [ -f $customCertChain ] ; then | ||||
|      cp $customCertChain /etc/httpd/ssl/certs | ||||
|   fi | ||||
|   return 1 | ||||
| } | ||||
| 
 | ||||
| copy_certs_apache2() { | ||||
| @ -105,7 +48,6 @@ copy_certs_apache2() { | ||||
|   return 0 | ||||
| } | ||||
| 
 | ||||
| 
 | ||||
| cflag= | ||||
| cpkflag= | ||||
| cpcflag= | ||||
| @ -183,13 +125,7 @@ then | ||||
|   fi | ||||
| fi | ||||
| 
 | ||||
| if [ -d /etc/apache2 ] | ||||
| then | ||||
| copy_certs_apache2 | ||||
| else | ||||
|   copy_certs | ||||
| fi | ||||
| 
 | ||||
| if [ $? -ne 0 ] | ||||
| then | ||||
|   echo "Failed to copy certificates" | ||||
| @ -198,15 +134,10 @@ fi | ||||
| 
 | ||||
| if [ -f "$customCACert" ] | ||||
| then | ||||
|   keytool -delete -alias $aliasName -keystore $keyStore -storepass $storepass -noprompt | ||||
|   keytool -delete -alias $aliasName -keystore $keyStore -storepass $storepass -noprompt || true | ||||
|   keytool -import -alias $aliasName -keystore $keyStore -storepass $storepass -noprompt -file $customCACert | ||||
|   keytool -importkeystore -srckeystore $defaultJavaKeyStoreFile -destkeystore $keyStore -srcstorepass $defaultJavaKeyStorePass -deststorepass $storepass -noprompt | ||||
| fi | ||||
| 
 | ||||
| if [ -d /etc/apache2 ] | ||||
| then | ||||
| config_apache2_conf $publicIp $hostName | ||||
| systemctl restart apache2 | ||||
| else | ||||
|   config_httpd_conf $publicIp $hostName | ||||
| fi | ||||
|  | ||||
| @ -83,6 +83,9 @@ | ||||
| 		Allow from 127.0.0.0/255.0.0.0 ::1/128 | ||||
| 	</Directory> | ||||
| 
 | ||||
| 	# Include CORS configuration **IF SET** | ||||
| 	IncludeOptional /etc/apache2/[cC][oO][rR][sS].conf | ||||
| 
 | ||||
| 	#   SSL Engine Switch: | ||||
| 	#   Enable/Disable SSL for this virtual host. | ||||
| 	SSLEngine on | ||||
|  | ||||
| @ -54,13 +54,16 @@ class CsDhcp(CsDataBag): | ||||
| 
 | ||||
|         self.configure_server() | ||||
| 
 | ||||
|         self.conf.commit() | ||||
|         restart_dnsmasq = self.conf.commit() | ||||
|         self.cloud.commit() | ||||
|         self.dhcp_opts.commit() | ||||
| 
 | ||||
|         # We restart DNSMASQ every time the configure.py is called in order to avoid lease problems. | ||||
|         if not self.cl.is_redundant() or self.cl.is_master(): | ||||
|             if restart_dnsmasq: | ||||
|                 CsHelper.service("dnsmasq", "restart") | ||||
|             else: | ||||
|                 CsHelper.start_if_stopped("dnsmasq") | ||||
|                 CsHelper.service("dnsmasq", "reload") | ||||
| 
 | ||||
|     def configure_server(self): | ||||
|         # self.conf.addeq("dhcp-hostsfile=%s" % DHCP_HOSTS) | ||||
| @ -80,7 +83,7 @@ class CsDhcp(CsDataBag): | ||||
|             # DNS search order | ||||
|             if gn.get_dns() and device: | ||||
|                 sline = "dhcp-option=tag:interface-%s-%s,6" % (device, idx) | ||||
|                 dns_list = [x for x in gn.get_dns() if not (not x)] | ||||
|                 dns_list = [x for x in gn.get_dns() if x] | ||||
|                 line = "dhcp-option=tag:interface-%s-%s,6,%s" % (device, idx, ','.join(dns_list)) | ||||
|                 self.conf.search(sline, line) | ||||
|             # Gateway | ||||
|  | ||||
| @ -58,7 +58,7 @@ class CsFile: | ||||
|     def commit(self): | ||||
|         if not self.is_changed(): | ||||
|             logging.info("Nothing to commit. The %s file did not change" % self.filename) | ||||
|             return | ||||
|             return False | ||||
|         handle = open(self.filename, "w+") | ||||
|         for line in self.new_config: | ||||
|             handle.write(line) | ||||
| @ -66,6 +66,7 @@ class CsFile: | ||||
|         logging.info("Wrote edited file %s" % self.filename) | ||||
|         self.config = list(self.new_config) | ||||
|         logging.info("Updated file in-cache configuration") | ||||
|         return True | ||||
| 
 | ||||
|     def dump(self): | ||||
|         for line in self.new_config: | ||||
|  | ||||
| @ -26,7 +26,6 @@ import os.path | ||||
| import re | ||||
| import shutil | ||||
| from netaddr import * | ||||
| from pprint import pprint | ||||
| 
 | ||||
| PUBLIC_INTERFACES = {"router": "eth2", "vpcrouter": "eth1"} | ||||
| 
 | ||||
|  | ||||
| @ -15,8 +15,6 @@ | ||||
| # specific language governing permissions and limitations | ||||
| # under the License. | ||||
| 
 | ||||
| from pprint import pprint | ||||
| 
 | ||||
| 
 | ||||
| def merge(dbag, cmdline): | ||||
|     if 'redundant_router' in cmdline['cmd_line']: | ||||
|  | ||||
| @ -15,9 +15,9 @@ | ||||
| # specific language governing permissions and limitations | ||||
| # under the License. | ||||
| 
 | ||||
| from pprint import pprint | ||||
| from netaddr import * | ||||
| 
 | ||||
| 
 | ||||
| def merge(dbag, data): | ||||
|     # A duplicate ip address wil clobber the old value | ||||
|     # This seems desirable .... | ||||
|  | ||||
| @ -15,7 +15,6 @@ | ||||
| # specific language governing permissions and limitations | ||||
| # under the License. | ||||
| 
 | ||||
| from pprint import pprint | ||||
| import copy | ||||
| 
 | ||||
| 
 | ||||
|  | ||||
| @ -15,8 +15,6 @@ | ||||
| # specific language governing permissions and limitations | ||||
| # under the License. | ||||
| 
 | ||||
| from pprint import pprint | ||||
| 
 | ||||
| 
 | ||||
| def merge(dbag, rules): | ||||
|     for rule in rules["rules"]: | ||||
|  | ||||
| @ -15,7 +15,6 @@ | ||||
| # specific language governing permissions and limitations | ||||
| # under the License. | ||||
| 
 | ||||
| from pprint import pprint | ||||
| 
 | ||||
| keys = ['eth1', 'eth2', 'eth3', 'eth4', 'eth5', 'eth6', 'eth7', 'eth8', 'eth9'] | ||||
| 
 | ||||
|  | ||||
| @ -15,7 +15,6 @@ | ||||
| # specific language governing permissions and limitations | ||||
| # under the License. | ||||
| 
 | ||||
| from pprint import pprint | ||||
| import copy | ||||
| 
 | ||||
| 
 | ||||
|  | ||||
| @ -15,7 +15,6 @@ | ||||
| # specific language governing permissions and limitations | ||||
| # under the License. | ||||
| 
 | ||||
| from pprint import pprint | ||||
| from netaddr import * | ||||
| 
 | ||||
| 
 | ||||
|  | ||||
| @ -15,7 +15,6 @@ | ||||
| # specific language governing permissions and limitations | ||||
| # under the License. | ||||
| 
 | ||||
| from pprint import pprint | ||||
| from netaddr import * | ||||
| 
 | ||||
| 
 | ||||
|  | ||||
| @ -15,7 +15,6 @@ | ||||
| # KIND, either express or implied.  See the License for the | ||||
| # specific language governing permissions and limitations | ||||
| # under the License. | ||||
| from pprint import pprint | ||||
| 
 | ||||
| 
 | ||||
| def merge(dbag, vpn): | ||||
|  | ||||
| @ -15,7 +15,6 @@ | ||||
| # KIND, either express or implied.  See the License for the | ||||
| # specific language governing permissions and limitations | ||||
| # under the License. | ||||
| from pprint import pprint | ||||
| 
 | ||||
| 
 | ||||
| def merge(dbag, vpn): | ||||
|  | ||||
| @ -15,7 +15,6 @@ | ||||
| # KIND, either express or implied.  See the License for the | ||||
| # specific language governing permissions and limitations | ||||
| # under the License. | ||||
| from pprint import pprint | ||||
| 
 | ||||
| 
 | ||||
| def merge(dbag, staticroutes): | ||||
|  | ||||
| @ -15,8 +15,6 @@ | ||||
| # specific language governing permissions and limitations | ||||
| # under the License. | ||||
| 
 | ||||
| from pprint import pprint | ||||
| 
 | ||||
| 
 | ||||
| def merge(dbag, metadata): | ||||
|     dbag[metadata["vm_ip_address"]] = metadata["vm_metadata"] | ||||
|  | ||||
| @ -15,7 +15,6 @@ | ||||
| # specific language governing permissions and limitations | ||||
| # under the License. | ||||
| 
 | ||||
| from pprint import pprint | ||||
| from netaddr import * | ||||
| 
 | ||||
| 
 | ||||
|  | ||||
| @ -15,7 +15,6 @@ | ||||
| # KIND, either express or implied.  See the License for the | ||||
| # specific language governing permissions and limitations | ||||
| # under the License. | ||||
| from pprint import pprint | ||||
| 
 | ||||
| import copy | ||||
| 
 | ||||
|  | ||||
| @ -39,6 +39,7 @@ init_interfaces_orderby_macs() { | ||||
|            echo -n " eth$i" >> $interface_file | ||||
|         fi | ||||
|     done | ||||
| 
 | ||||
|     cat >> $interface_file << EOF | ||||
| 
 | ||||
| iface lo inet loopback | ||||
| @ -481,21 +482,14 @@ setup_vpc_apache2() { | ||||
| } | ||||
| 
 | ||||
| clean_ipalias_config() { | ||||
|   # Old | ||||
|   rm -f /etc/apache2/conf.d/ports.*.meta-data.conf | ||||
|   rm -f /etc/apache2/sites-available/ipAlias* | ||||
|   rm -f /etc/apache2/sites-enabled/ipAlias* | ||||
|   rm -f /etc/apache2/conf.d/vhost*.conf | ||||
|   rm -f /etc/apache2/ports.conf | ||||
|   rm -f /etc/apache2/vhostexample.conf | ||||
|   rm -f /etc/apache2/sites-available/default | ||||
|   rm -f /etc/apache2/sites-available/default-ssl | ||||
|   rm -f /etc/apache2/sites-enabled/default | ||||
|   rm -f /etc/apache2/sites-enabled/default-ssl | ||||
| 
 | ||||
|   # New | ||||
|   rm -f /etc/apache2/sites-enabled/vhost-*.conf | ||||
|   rm -f /etc/apache2/sites-enabled/000-default | ||||
|   rm -f /etc/apache2/sites-available/* | ||||
|   rm -f /etc/apache2/sites-enabled/* | ||||
| 
 | ||||
|   rm -rf /etc/failure_config | ||||
| } | ||||
| @ -513,6 +507,8 @@ setup_apache2_common() { | ||||
| 
 | ||||
| setup_apache2() { | ||||
|   log_it "Setting up apache web server" | ||||
|   mkdir -p /var/www | ||||
|   chown www-data:www-data -R /var/www | ||||
|   clean_ipalias_config | ||||
|   setup_apache2_common | ||||
|   local ip=$1 | ||||
|  | ||||
| @ -1,2 +0,0 @@ | ||||
| These are the templates for the redundant router | ||||
| and redundant vpc_router | ||||
| @ -131,8 +131,7 @@ class TestDeployVMFromISO(cloudstackTestCase): | ||||
|         ) | ||||
|         try: | ||||
|             # Download the ISO | ||||
|             self.iso.download(self.apiclient, retries=150) | ||||
| 
 | ||||
|             self.iso.download(self.apiclient) | ||||
|         except Exception as e: | ||||
|             raise Exception("Exception while downloading ISO %s: %s" | ||||
|                             % (self.iso.id, e)) | ||||
|  | ||||
| @ -488,8 +488,11 @@ class TestHAKVM(cloudstackTestCase): | ||||
|         """ | ||||
|         if command != 'STATUS': | ||||
|             self.issuePowerActionCmd(command) | ||||
|         try: | ||||
|             response = self.issuePowerActionCmd('STATUS') | ||||
|             self.assertEqual(response.powerstate, expected) | ||||
|         except: | ||||
|             pass  # in case of ipmisim errors ignore | ||||
| 
 | ||||
|     def configureAndEnableOobm(self): | ||||
|         self.apiclient.configureOutOfBandManagement(self.getOobmConfigCmd()) | ||||
|  | ||||
| @ -1300,6 +1300,7 @@ class TestL2Networks(cloudstackTestCase): | ||||
|         # Get Zone, Domain and templates | ||||
|         cls.domain = get_domain(cls.apiclient) | ||||
|         cls.zone = get_zone(cls.apiclient, testClient.getZoneForTests()) | ||||
|         cls.hypervisor = testClient.getHypervisorInfo() | ||||
|         cls.services['mode'] = cls.zone.networktype | ||||
|         # Create Accounts & networks | ||||
|         cls.account = Account.create( | ||||
| @ -1308,10 +1309,10 @@ class TestL2Networks(cloudstackTestCase): | ||||
|             admin=True, | ||||
|             domainid=cls.domain.id | ||||
|         ) | ||||
|         cls.template = get_template( | ||||
|         cls.template = get_test_template( | ||||
|             cls.apiclient, | ||||
|             cls.zone.id, | ||||
|             cls.services["ostype"] | ||||
|             cls.hypervisor | ||||
|         ) | ||||
|         cls.service_offering = ServiceOffering.create( | ||||
|             cls.apiclient, | ||||
|  | ||||
| @ -233,12 +233,8 @@ class TestIsolatedNetworksPasswdServer(cloudstackTestCase): | ||||
|                     self._testMethodName) | ||||
| 
 | ||||
|         self.logger.debug("cat /var/cache/cloud/passwords-%s | grep %s | sed 's/=/ /g' | awk '{print $1}' RESULT IS ==> %s" % (vm.nic[0].gateway, vm.nic[0].ipaddress, result)) | ||||
|         res = str(result) | ||||
| 
 | ||||
|         self.assertEqual( | ||||
|             res.count(vm.nic[0].ipaddress), | ||||
|             1, | ||||
|             "Password file is empty or doesn't exist!") | ||||
|         self.assertTrue(vm.nic[0].ipaddress in result, "Password file is empty or doesn't exist!") | ||||
| 
 | ||||
|     @attr(tags=["advanced", "advancedns", "ssh"], required_hardware="true") | ||||
|     def test_isolate_network_password_server(self): | ||||
|  | ||||
| @ -720,10 +720,10 @@ class TestPrivateGwACL(cloudstackTestCase): | ||||
|         succeeded_pings = 0 | ||||
|         minimum_vms_to_pass = 2 | ||||
|         for vm_ip in vms_ips: | ||||
|             ssh_command = "ping -c 3 %s" % vm_ip | ||||
|             ssh_command = "ping -c 5 %s" % vm_ip | ||||
| 
 | ||||
|             # Should be able to SSH VM | ||||
|             result = 'failed' | ||||
|             packet_loss = 100 | ||||
|             try: | ||||
|                 self.logger.debug("SSH into VM: %s" % public_ip.ipaddress.ipaddress) | ||||
| 
 | ||||
| @ -733,15 +733,19 @@ class TestPrivateGwACL(cloudstackTestCase): | ||||
|                 time.sleep(sleep_time) | ||||
| 
 | ||||
|                 self.logger.debug("Ping to VM inside another Network Tier") | ||||
|                 result = str(ssh.execute(ssh_command)) | ||||
|                 result = ssh.execute(ssh_command) | ||||
| 
 | ||||
|                 self.logger.debug("SSH result: %s; COUNT is ==> %s" % (result, result.count("0% packet loss"))) | ||||
|                 for line in result: | ||||
|                     if "packet loss" in line: | ||||
|                         packet_loss = int(line.split("% packet loss")[0].split(" ")[-1]) | ||||
|                         break | ||||
| 
 | ||||
|                 self.logger.debug("SSH result: %s; COUNT is ==> %s" % (result, packet_loss < 50)) | ||||
|             except Exception as e: | ||||
|                 self.fail("SSH Access failed for %s: %s" % \ | ||||
|                           (virtual_machine, e) | ||||
|                           ) | ||||
|                 self.fail("SSH Access failed for %s: %s" % (virtual_machine, e)) | ||||
| 
 | ||||
|             succeeded_pings += result.count("0% packet loss") | ||||
|             if packet_loss < 50: | ||||
|                 succeeded_pings += 1 | ||||
| 
 | ||||
| 
 | ||||
|         self.assertTrue(succeeded_pings >= minimum_vms_to_pass, | ||||
|  | ||||
| @ -852,7 +852,7 @@ class TestRVPCSite2SiteVpn(cloudstackTestCase): | ||||
|                 retries) | ||||
| 
 | ||||
|         except Exception as e: | ||||
|             self.fail("Unable to create ssh connection: " % e) | ||||
|             self.fail("Unable to create ssh connection: %s" % e) | ||||
| 
 | ||||
|         self.assertIsNotNone( | ||||
|             ssh_client, "Failed to setup ssh connection to vm=%s on public_ip=%s" % (virtual_machine.name, virtual_machine.public_ip)) | ||||
|  | ||||
| @ -38,9 +38,6 @@ d-i mirror/http/proxy string | ||||
| 
 | ||||
| ### Apt setup | ||||
| d-i apt-setup/cdrom/set-first false | ||||
| #d-i apt-setup/non-free boolean true | ||||
| #d-i apt-setup/contrib boolean true | ||||
| #d-i apt-setup/use_mirror boolean true | ||||
| d-i apt-setup/services-select multiselect security, updates | ||||
| d-i apt-setup/security_host string security.debian.org | ||||
| d-i apt-setup/local0/source boolean false | ||||
| @ -62,12 +59,12 @@ d-i partman-auto/expert_recipe string                         \ | ||||
|                       use_filesystem{ } filesystem{ ext2 }    \ | ||||
|                       mountpoint{ /boot }                     \ | ||||
|               .                                               \ | ||||
|               1100 40 1600 ext4                               \ | ||||
|               1200 40 1600 ext4                               \ | ||||
|                       method{ format } format{ }              \ | ||||
|                       use_filesystem{ } filesystem{ ext4 }    \ | ||||
|                       mountpoint{ / }                         \ | ||||
|               .                                               \ | ||||
|               600 60 800 ext4                                 \ | ||||
|               800 60 800 ext4                                 \ | ||||
|                       method{ format } format{ }              \ | ||||
|                       use_filesystem{ } filesystem{ ext4 }    \ | ||||
|                       mountpoint{ /var }                      \ | ||||
| @ -104,9 +101,6 @@ d-i passwd/user-default-groups string audio cdrom video admin | ||||
| 
 | ||||
| openssh-server  openssh-server/permit-root-login boolean true | ||||
| 
 | ||||
| ### Apt setup | ||||
| # ... | ||||
| 
 | ||||
| ### Package selection | ||||
| tasksel tasksel/first multiselect ssh-server | ||||
| d-i pkgsel/include string openssh-server ntp acpid sudo bzip2 openssl | ||||
|  | ||||
| @ -20,9 +20,10 @@ set -e | ||||
| set -x | ||||
| 
 | ||||
| function cleanup_apt() { | ||||
|   export DEBIAN_FRONTEND=noninteractive | ||||
|   apt-get -y remove --purge dictionaries-common busybox isc-dhcp-client isc-dhcp-common \ | ||||
|     task-english task-ssh-server tasksel tasksel-data laptop-detect wamerican \ | ||||
|     debconf-i18n sharutils gnupg gnupg-agent | ||||
|     task-english task-ssh-server tasksel tasksel-data laptop-detect wamerican sharutils \ | ||||
|     nano util-linux-locales krb5-locales | ||||
| 
 | ||||
|   apt-get -y autoremove --purge | ||||
|   apt-get autoclean | ||||
| @ -63,7 +64,9 @@ function cleanup_misc() { | ||||
|   rm -fr /usr/share/man | ||||
|   rm -fr /usr/share/info | ||||
|   rm -fr /usr/share/lintian | ||||
|   find /usr/share/locale -type f | grep -v en | xargs rm -fr | ||||
|   rm -fr /usr/share/apache2/icons | ||||
|   find /usr/share/locale -type f | grep -v en_US | xargs rm -fr | ||||
|   find /usr/share/zoneinfo -type f | grep -v UTC | xargs rm -fr | ||||
| } | ||||
| 
 | ||||
| function cleanup() { | ||||
|  | ||||
| @ -31,7 +31,7 @@ function configure_grub() { | ||||
| GRUB_DEFAULT=0 | ||||
| GRUB_TIMEOUT=0 | ||||
| GRUB_DISTRIBUTOR=Debian | ||||
| GRUB_CMDLINE_LINUX_DEFAULT="loglevel=4" | ||||
| GRUB_CMDLINE_LINUX_DEFAULT="quiet" | ||||
| GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8 console=hvc0 earlyprintk=xen net.ifnames=0 biosdevname=0 debian-installer=en_US nomodeset" | ||||
| GRUB_CMDLINE_XEN="com1=115200 console=com1" | ||||
| GRUB_TERMINAL="console serial" | ||||
|  | ||||
| @ -1,95 +0,0 @@ | ||||
| # Licensed to the Apache Software Foundation (ASF) under one | ||||
| # or more contributor license agreements.  See the NOTICE file | ||||
| # distributed with this work for additional information | ||||
| # regarding copyright ownership.  The ASF licenses this file | ||||
| # to you under the Apache License, Version 2.0 (the | ||||
| # "License"); you may not use this file except in compliance | ||||
| # with the License.  You may obtain a copy of the License at | ||||
| # | ||||
| #   http://www.apache.org/licenses/LICENSE-2.0 | ||||
| # | ||||
| # Unless required by applicable law or agreed to in writing, | ||||
| # software distributed under the License is distributed on an | ||||
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY | ||||
| # KIND, either express or implied.  See the License for the | ||||
| # specific language governing permissions and limitations | ||||
| # under the License. | ||||
| 
 | ||||
| arch = 'amd64' | ||||
| 
 | ||||
| # | ||||
| # NOTE: Before changing the version of the debian image make | ||||
| # sure it is added to the userContent of jenkins.buildacloud.org | ||||
| # and the copy task is updated on the systemvm builds | ||||
| # This will prevent the inevitable build failure once the iso is | ||||
| # removed from the debian mirrors | ||||
| # | ||||
| architectures = { | ||||
|     :amd64 => { | ||||
|         :os_type_id => 'Debian_64', | ||||
|         :iso_file => 'debian-9.3.0-amd64-netinst.iso', | ||||
|         :iso_src => 'https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.3.0-amd64-netinst.iso', | ||||
|         :iso_md5 => '8775231d6f56a3d8f116eb64fe048f5cbd2ea0f8c092a1cb7608bcb4106f9c85cb69ce68f53bd381019ab40f1c0316843036daf3fd9107c81c58a240334cc747' | ||||
|     } | ||||
| } | ||||
| 
 | ||||
| config = { | ||||
|     :cpu_count => '1', | ||||
|     :memory_size => '512', | ||||
|     :disk_size => '2100', :disk_format => 'VDI', :hostiocache => 'off', | ||||
|     :iso_download_timeout => '1000', | ||||
|     :boot_wait => '10', | ||||
|     :boot_cmd_sequence => [ | ||||
|         '<Esc>', | ||||
|         'install ', | ||||
|         'preseed/url=http://%IP%:%PORT%/preseed.cfg ', | ||||
|         'debian-installer=en_US ', | ||||
|         'auto ', | ||||
|         'locale=en_US ', | ||||
|         'kbd-chooser/method=us ', | ||||
|         'netcfg/get_hostname=systemvm ', | ||||
|         'netcfg/get_domain=apache.org ', | ||||
|         'fb=false ', | ||||
|         'debconf/frontend=noninteractive ', | ||||
|         'console-setup/ask_detect=false ', | ||||
|         'console-keymaps-at/keymap=us ', | ||||
|         'keyboard-configuration/xkb-keymap=us ', | ||||
|         '<Enter>' | ||||
|     ], | ||||
|     :kickstart_port => '7122', | ||||
|     :kickstart_timeout => '1000', | ||||
|     :kickstart_file => 'preseed.cfg', | ||||
|     :ssh_login_timeout => '10000', | ||||
|     :ssh_user => 'cloud', | ||||
|     :ssh_password => 'cloud', | ||||
|     :ssh_key => '', | ||||
|     :ssh_host_port => '7222', | ||||
|     :ssh_guest_port => '22', | ||||
|     :sudo_cmd => "echo '%p'|sudo -S bash '%f'", | ||||
|     :shutdown_cmd => 'halt -p', | ||||
|     :postinstall_files => [ | ||||
|         # basic minimal vm creation | ||||
|         'apt_upgrade.sh', | ||||
|         'configure_grub.sh', | ||||
|         'configure_locale.sh', | ||||
|         'configure_networking.sh', | ||||
|         'configure_acpid.sh', | ||||
|         # turning it into a systemvm | ||||
|         'install_systemvm_packages.sh', | ||||
|         'configure_conntrack.sh', | ||||
|         #'../../cloud_scripts_shar_archive.sh', | ||||
|         'configure_systemvm_services.sh', | ||||
|         'authorized_keys.sh', | ||||
|         'configure_persistent_config.sh', | ||||
|         # setup login stuff | ||||
|         'configure_login.sh', | ||||
|         # cleanup & space-saving | ||||
|         'cleanup.sh', | ||||
|         'finalize.sh' | ||||
|     ], | ||||
|     :postinstall_timeout => '10000' | ||||
| } | ||||
| 
 | ||||
| config.merge! architectures[arch.to_sym] | ||||
| 
 | ||||
| Veewee::Definition.declare(config) | ||||
| @ -46,7 +46,7 @@ function install_packages() { | ||||
|   local apt_get="apt-get --no-install-recommends -q -y" | ||||
| 
 | ||||
|   ${apt_get} install grub-legacy \ | ||||
|     rsyslog logrotate cron net-tools ifupdown tmux vim htop netbase iptables \ | ||||
|     rsyslog logrotate cron net-tools ifupdown tmux vim-tiny htop netbase iptables \ | ||||
|     openssh-server e2fsprogs tcpdump iftop socat wget \ | ||||
|     python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps \ | ||||
|     inetutils-ping iputils-arping httping curl \ | ||||
| @ -68,7 +68,7 @@ function install_packages() { | ||||
|     python-flask \ | ||||
|     haproxy \ | ||||
|     radvd \ | ||||
|     sharutils \ | ||||
|     sharutils genisoimage \ | ||||
|     strongswan libcharon-extra-plugins libstrongswan-extra-plugins \ | ||||
|     virt-what open-vm-tools qemu-guest-agent hyperv-daemons | ||||
| 
 | ||||
|  | ||||
| @ -32,7 +32,7 @@ | ||||
|         [ "-m", "512M" ], | ||||
|         [ "-smp", "cpus=1,maxcpus=1,cores=1" ] | ||||
|       ], | ||||
|       "disk_size": 2100, | ||||
|       "disk_size": 2400, | ||||
|       "format": "qcow2", | ||||
| 
 | ||||
|       "disk_interface": "virtio", | ||||
|  | ||||
| @ -2419,10 +2419,6 @@ Innovation Centre, 2006 (http://www.it-innovation.soton.ac.uk). | ||||
|             id='adiscon.com' | ||||
|             name='Adiscon GmbH' | ||||
|             url='http://www.adiscon.com/' /> | ||||
|         <organisation | ||||
|             id='person:patrick.debois' | ||||
|             name='Patrick Debois' | ||||
|             url='http://www.jedi.be/blog/' /> | ||||
|         <organisation | ||||
|         	id='dojofoundation.org' | ||||
|         	name='The Dojo Foundation' | ||||
| @ -2643,31 +2639,6 @@ Copyright (c) 2010-2011 OpenStack, LLC. | ||||
| 			</by-organisation> | ||||
| 		</with-license> | ||||
|     </within> | ||||
|     <within dir='tools/appliance/definitions/{devcloud,systemvmtemplate,systemvmtemplate64}'> | ||||
|         <with-license id='MIT'> | ||||
|             <copyright-notice> | ||||
| Copyright (c) 2010-2012 Patrick Debois | ||||
|             </copyright-notice> | ||||
|             <by-organisation id='person:patrick.debois'> | ||||
|                 <resource name='base.sh' source='https://github.com/jedi4ever/veewee' /> | ||||
|                 <resource name='cleanup.sh' source='https://github.com/jedi4ever/veewee' /> | ||||
|                 <resource name='definition.rb' source='https://github.com/jedi4ever/veewee' /> | ||||
|                 <resource name='preseed.cfg' source='https://github.com/jedi4ever/veewee' /> | ||||
|                 <resource name='zerodisk.sh' source='https://github.com/jedi4ever/veewee' /> | ||||
|             </by-organisation> | ||||
|         </with-license> | ||||
|     </within> | ||||
|     <within dir='tools/devcloud/src/deps/boxes/basebox-build'> | ||||
|         <with-license id='MIT'> | ||||
|             <copyright-notice> | ||||
| Copyright (c) 2010-2012 Patrick Debois | ||||
|             </copyright-notice> | ||||
|             <by-organisation id='person:patrick.debois'> | ||||
|                 <resource name='definition.rb' source='https://github.com/jedi4ever/veewee' /> | ||||
|                 <resource name='preseed.cfg' source='https://github.com/jedi4ever/veewee' /> | ||||
|             </by-organisation> | ||||
|         </with-license> | ||||
|     </within> | ||||
|     <within dir='utils/src/org/apache/commons/httpclient/contrib/ssl'> | ||||
|         <with-license id='ApacheLicenseVersion2'> | ||||
|             <copyright-notice> | ||||
|  | ||||
		Loading…
	
	
			
			x
			
			
		
	
		Reference in New Issue
	
	Block a user