mirror of
https://github.com/apache/cloudstack.git
synced 2025-10-26 08:42:29 +01:00
CLOUDSTACK-10013: Fixes based on code review and test failures
This includes test related fixes and code review fixes based on reviews from @rafaelweingartner, @marcaurele, @wido and @DaanHoogland. This also includes VMware disk-resize limitation bug fix based on comments from @sateesh-chodapuneedi and @priyankparihar. This also includes the final changes to systemvmtemplate and fixes to code based on issues found via test failures. Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This commit is contained in:
Rohit Yadav
parent
4338e0f4f1
commit
d19629a115
59
LICENSE
59
LICENSE
@ -271,65 +271,6 @@ Within the scripts/vm/hypervisor/xenserver directory
|
||||
from OpenStack, LLC http://www.openstack.org
|
||||
swift
|
||||
|
||||
Within the tools/appliance/definitions/{devcloud,systemvmtemplate,systemvmtemplate64} directory
|
||||
licensed under the MIT License http://www.opensource.org/licenses/mit-license.php (as follows)
|
||||
|
||||
Copyright (c) 2010-2012 Patrick Debois
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining
|
||||
a copy of this software and associated documentation files (the
|
||||
"Software"), to deal in the Software without restriction, including
|
||||
without limitation the rights to use, copy, modify, merge, publish,
|
||||
distribute, sublicense, and/or sell copies of the Software, and to
|
||||
permit persons to whom the Software is furnished to do so, subject to
|
||||
the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be
|
||||
included in all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||||
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
||||
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
||||
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
||||
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
|
||||
from Patrick Debois http://www.jedi.be/blog/
|
||||
base.sh from https://github.com/jedi4ever/veewee
|
||||
cleanup.sh from https://github.com/jedi4ever/veewee
|
||||
definition.rb from https://github.com/jedi4ever/veewee
|
||||
preseed.cfg from https://github.com/jedi4ever/veewee
|
||||
zerodisk.sh from https://github.com/jedi4ever/veewee
|
||||
|
||||
Within the tools/devcloud/src/deps/boxes/basebox-build directory
|
||||
licensed under the MIT License http://www.opensource.org/licenses/mit-license.php (as follows)
|
||||
|
||||
Copyright (c) 2010-2012 Patrick Debois
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining
|
||||
a copy of this software and associated documentation files (the
|
||||
"Software"), to deal in the Software without restriction, including
|
||||
without limitation the rights to use, copy, modify, merge, publish,
|
||||
distribute, sublicense, and/or sell copies of the Software, and to
|
||||
permit persons to whom the Software is furnished to do so, subject to
|
||||
the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be
|
||||
included in all copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
||||
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
||||
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
|
||||
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
|
||||
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
|
||||
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
|
||||
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
|
||||
|
||||
from Patrick Debois http://www.jedi.be/blog/
|
||||
definition.rb from https://github.com/jedi4ever/veewee
|
||||
preseed.cfg from https://github.com/jedi4ever/veewee
|
||||
|
||||
Within the ui/lib directory
|
||||
placed in the public domain
|
||||
by Eric Meyer http://meyerweb.com/eric/
|
||||
|
||||
@ -839,6 +839,21 @@ public class VirtualMachineManagerImpl extends ManagerBase implements VirtualMac
|
||||
}
|
||||
}
|
||||
|
||||
private void setupAgentSecurity(final Host vmHost, final Map<String, String> sshAccessDetails, final VirtualMachine vm) throws AgentUnavailableException, OperationTimedoutException {
|
||||
final String csr = caManager.generateKeyStoreAndCsr(vmHost, sshAccessDetails);
|
||||
if (!Strings.isNullOrEmpty(csr)) {
|
||||
final Map<String, String> ipAddressDetails = new HashMap<>(sshAccessDetails);
|
||||
ipAddressDetails.remove(NetworkElementCommand.ROUTER_NAME);
|
||||
final Certificate certificate = caManager.issueCertificate(csr, Arrays.asList(vm.getHostName(), vm.getInstanceName()),
|
||||
new ArrayList<>(ipAddressDetails.values()), CAManager.CertValidityPeriod.value(), null);
|
||||
final boolean result = caManager.deployCertificate(vmHost, certificate, false, sshAccessDetails);
|
||||
if (!result) {
|
||||
s_logger.error("Failed to setup certificate for system vm: " + vm.getInstanceName());
|
||||
}
|
||||
} else {
|
||||
s_logger.error("Failed to setup keystore and generate CSR for system vm: " + vm.getInstanceName());
|
||||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public void orchestrateStart(final String vmUuid, final Map<VirtualMachineProfile.Param, Object> params, final DeploymentPlan planToDeploy, final DeploymentPlanner planner)
|
||||
@ -1088,18 +1103,15 @@ public class VirtualMachineManagerImpl extends ManagerBase implements VirtualMac
|
||||
if (vmHost != null && (VirtualMachine.Type.ConsoleProxy.equals(vm.getType()) ||
|
||||
VirtualMachine.Type.SecondaryStorageVm.equals(vm.getType())) && caManager.canProvisionCertificates()) {
|
||||
final Map<String, String> sshAccessDetails = _networkMgr.getSystemVMAccessDetails(vm);
|
||||
final String csr = caManager.generateKeyStoreAndCsr(vmHost, sshAccessDetails);
|
||||
if (!Strings.isNullOrEmpty(csr)) {
|
||||
final Map<String, String> ipAddressDetails = new HashMap<>(sshAccessDetails);
|
||||
ipAddressDetails.remove(NetworkElementCommand.ROUTER_NAME);
|
||||
final Certificate certificate = caManager.issueCertificate(csr, Arrays.asList(vm.getHostName(), vm.getInstanceName()), new ArrayList<>(ipAddressDetails.values()), CAManager.CertValidityPeriod.value(), null);
|
||||
final boolean result = caManager.deployCertificate(vmHost, certificate, false, sshAccessDetails);
|
||||
if (!result) {
|
||||
s_logger.error("Failed to setup certificate for system vm: " + vm.getInstanceName());
|
||||
for (int retries = 3; retries > 0; retries--) {
|
||||
try {
|
||||
setupAgentSecurity(vmHost, sshAccessDetails, vm);
|
||||
return;
|
||||
} catch (final Exception e) {
|
||||
s_logger.error("Retrying after catching exception while trying to secure agent for systemvm id=" + vm.getId(), e);
|
||||
}
|
||||
} else {
|
||||
s_logger.error("Failed to setup keystore and generate CSR for system vm: " + vm.getInstanceName());
|
||||
}
|
||||
throw new CloudRuntimeException("Failed to setup and secure agent for systemvm id=" + vm.getId());
|
||||
}
|
||||
return;
|
||||
} else {
|
||||
|
||||
@ -493,9 +493,6 @@ INSERT IGNORE INTO `cloud`.`guest_os_hypervisor` (uuid,hypervisor_type, hypervis
|
||||
-- Change monitor patch for apache2 in systemvm
|
||||
UPDATE `cloud`.`monitoring_services` SET pidfile="/var/run/apache2/apache2.pid" WHERE process_name="apache2" AND service_name="apache2";
|
||||
|
||||
-- Boost secondary storage systemvm
|
||||
UPDATE `cloud`.`service_offering` SET ram_size=1024, cpu=2 WHERE vm_type="secondarystoragevm" and cpu=1 and ram_size=512;
|
||||
|
||||
-- Use 'Other Linux 64-bit' as guest os for the default systemvmtemplate for VMware
|
||||
-- This fixes a memory allocation issue to systemvms on VMware/ESXi
|
||||
UPDATE `cloud`.`vm_template` SET guest_os_id=99 WHERE id=8;
|
||||
|
||||
@ -102,6 +102,7 @@ import com.vmware.vim25.VirtualMachineRuntimeInfo;
|
||||
import com.vmware.vim25.VirtualMachineVideoCard;
|
||||
import com.vmware.vim25.VmwareDistributedVirtualSwitchVlanIdSpec;
|
||||
|
||||
import org.apache.cloudstack.api.ApiConstants;
|
||||
import org.apache.cloudstack.storage.command.CopyCommand;
|
||||
import org.apache.cloudstack.storage.command.StorageSubSystemCommand;
|
||||
import org.apache.cloudstack.storage.resource.NfsSecondaryStorageResource;
|
||||
@ -2178,8 +2179,9 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
|
||||
hyperHost.setRestartPriorityForVM(vmMo, DasVmPriority.HIGH.value());
|
||||
}
|
||||
|
||||
// For resizing root disk.
|
||||
if (rootDiskTO != null && !hasSnapshot) {
|
||||
// Resizing root disk only when explicit requested by user
|
||||
final Map<String, String> vmDetails = cmd.getVirtualMachine().getDetails();
|
||||
if (rootDiskTO != null && !hasSnapshot && (vmDetails != null && vmDetails.containsKey(ApiConstants.ROOT_DISK_SIZE))) {
|
||||
resizeRootDiskOnVMStart(vmMo, rootDiskTO, hyperHost, context);
|
||||
}
|
||||
|
||||
@ -2254,7 +2256,11 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
|
||||
final Pair<VirtualDisk, String> vdisk = getVirtualDiskInfo(vmMo, appendFileType(rootDiskTO.getPath(), ".vmdk"));
|
||||
assert(vdisk != null);
|
||||
|
||||
final Long reqSize = ((VolumeObjectTO)rootDiskTO.getData()).getSize() / 1024;
|
||||
Long reqSize = 0L;
|
||||
final VolumeObjectTO volumeTO = ((VolumeObjectTO)rootDiskTO.getData());
|
||||
if (volumeTO != null) {
|
||||
reqSize = volumeTO.getSize() / 1024;
|
||||
}
|
||||
final VirtualDisk disk = vdisk.first();
|
||||
if (reqSize > disk.getCapacityInKB()) {
|
||||
final VirtualMachineDiskInfo diskInfo = getMatchingExistingDisk(vmMo.getDiskInfoBuilder(), rootDiskTO, hyperHost, context);
|
||||
@ -2262,12 +2268,12 @@ public class VmwareResource implements StoragePoolResource, ServerResource, Vmwa
|
||||
final String[] diskChain = diskInfo.getDiskChain();
|
||||
|
||||
if (diskChain != null && diskChain.length > 1) {
|
||||
s_logger.warn("Disk chain length for the VM is greater than one, skipping resizing of root disk.");
|
||||
return;
|
||||
s_logger.warn("Disk chain length for the VM is greater than one, this is not supported");
|
||||
throw new CloudRuntimeException("Unsupported VM disk chain length: "+ diskChain.length);
|
||||
}
|
||||
if (diskInfo.getDiskDeviceBusName() == null || !diskInfo.getDiskDeviceBusName().toLowerCase().startsWith("scsi")) {
|
||||
s_logger.warn("Resizing of root disk is only support for scsi device/bus, the provide disk's device bus name is " + diskInfo.getDiskDeviceBusName());
|
||||
return;
|
||||
s_logger.warn("Resizing of root disk is only support for scsi device/bus, the provide VM's disk device bus name is " + diskInfo.getDiskDeviceBusName());
|
||||
throw new CloudRuntimeException("Unsupported VM root disk device bus: "+ diskInfo.getDiskDeviceBusName());
|
||||
}
|
||||
|
||||
disk.setCapacityInKB(reqSize);
|
||||
|
||||
2
pom.xml
2
pom.xml
@ -883,8 +883,6 @@
|
||||
<exclude>tools/devcloud/basebuild/puppet-devcloudinitial/files/network.conf</exclude>
|
||||
<exclude>tools/appliance/*/template.json</exclude>
|
||||
<exclude>tools/cli/cloudmonkey.egg-info/*</exclude>
|
||||
<exclude>tools/devcloud/src/deps/boxes/basebox-build/definition.rb</exclude>
|
||||
<exclude>tools/devcloud/src/deps/boxes/basebox-build/preseed.cfg</exclude>
|
||||
<exclude>tools/marvin/Marvin.egg-info/*</exclude>
|
||||
<exclude>ui/css/token-input-facebook.css</exclude>
|
||||
<exclude>ui/l10n/*</exclude>
|
||||
|
||||
@ -217,10 +217,7 @@ class serviceOpsRedhat7(serviceOps):
|
||||
def isServiceRunning(self, servicename):
|
||||
try:
|
||||
o = bash("systemctl is-active " + servicename)
|
||||
if "inactive" not in o.getStdout():
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
return "inactive" not in o.getStdout()
|
||||
except:
|
||||
return False
|
||||
|
||||
|
||||
@ -89,9 +89,7 @@ fi
|
||||
|
||||
# Restart cloud service if we're in systemvm
|
||||
if [ "$MODE" == "ssh" ] && [ -f $SYSTEM_FILE ]; then
|
||||
/etc/init.d/cloud stop > /dev/null 2>&1
|
||||
sleep 2
|
||||
/etc/init.d/cloud start > /dev/null 2>&1
|
||||
systemctl restart cloud > /dev/null 2>&1
|
||||
fi
|
||||
|
||||
# Fix file permission
|
||||
|
||||
@ -38,11 +38,11 @@ fi
|
||||
# Generate keystore
|
||||
rm -f "$KS_FILE"
|
||||
CN=$(hostname --fqdn)
|
||||
keytool -genkey -storepass "$KS_PASS" -keypass "$KS_PASS" -alias "$ALIAS" -keyalg RSA -validity "$KS_VALIDITY" -dname cn="$CN",ou="cloudstack",o="cloudstack",c="cloudstack" -keystore "$KS_FILE"
|
||||
keytool -genkey -storepass "$KS_PASS" -keypass "$KS_PASS" -alias "$ALIAS" -keyalg RSA -validity "$KS_VALIDITY" -dname cn="$CN",ou="cloudstack",o="cloudstack",c="cloudstack" -keystore "$KS_FILE" > /dev/null 2>&1
|
||||
|
||||
# Generate CSR
|
||||
rm -f "$CSR_FILE"
|
||||
keytool -certreq -storepass "$KS_PASS" -alias "$ALIAS" -file $CSR_FILE -keystore "$KS_FILE"
|
||||
keytool -certreq -storepass "$KS_PASS" -alias "$ALIAS" -file $CSR_FILE -keystore "$KS_FILE" > /dev/null 2>&1
|
||||
cat "$CSR_FILE"
|
||||
|
||||
# Fix file permissions
|
||||
|
||||
@ -29,6 +29,7 @@ import javax.naming.ConfigurationException;
|
||||
|
||||
import org.apache.cloudstack.ca.CAManager;
|
||||
import org.apache.cloudstack.ca.SetupCertificateCommand;
|
||||
import org.apache.cloudstack.config.ApiServiceConfiguration;
|
||||
import org.apache.cloudstack.framework.ca.Certificate;
|
||||
import org.apache.cloudstack.utils.security.KeyStoreUtils;
|
||||
import org.apache.log4j.Logger;
|
||||
@ -66,7 +67,6 @@ import com.trilead.ssh2.Connection;
|
||||
|
||||
public abstract class LibvirtServerDiscoverer extends DiscovererBase implements Discoverer, Listener, ResourceStateAdapter {
|
||||
private static final Logger s_logger = Logger.getLogger(LibvirtServerDiscoverer.class);
|
||||
private String _hostIp;
|
||||
private final int _waitTime = 5; /* wait for 5 minutes */
|
||||
private String _kvmPrivateNic;
|
||||
private String _kvmPublicNic;
|
||||
@ -291,7 +291,7 @@ public abstract class LibvirtServerDiscoverer extends DiscovererBase implements
|
||||
|
||||
setupAgentSecurity(sshConnection, agentIp, hostname);
|
||||
|
||||
String parameters = " -m " + StringUtils.shuffleCSVList(_hostIp) + " -z " + dcId + " -p " + podId + " -c " + clusterId + " -g " + guid + " -a";
|
||||
String parameters = " -m " + StringUtils.shuffleCSVList(ApiServiceConfiguration.ManagementHostIPAdr.value()) + " -z " + dcId + " -p " + podId + " -c " + clusterId + " -g " + guid + " -a";
|
||||
|
||||
parameters += " --pubNic=" + kvmPublicNic;
|
||||
parameters += " --prvNic=" + kvmPrivateNic;
|
||||
@ -395,10 +395,6 @@ public abstract class LibvirtServerDiscoverer extends DiscovererBase implements
|
||||
_kvmGuestNic = _kvmPrivateNic;
|
||||
}
|
||||
|
||||
_hostIp = _configDao.getValue("host");
|
||||
if (_hostIp == null) {
|
||||
throw new ConfigurationException("Can't get host IP");
|
||||
}
|
||||
_resourceMgr.registerResourceStateAdapter(this.getClass().getSimpleName(), this);
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -824,7 +824,7 @@ public class IpAddressManagerImpl extends ManagerBase implements IpAddressManage
|
||||
if (userIp.getState() == IpAddress.State.Free) {
|
||||
addr.setState(IpAddress.State.Allocating);
|
||||
if (_ipAddressDao.update(addr.getId(), addr)) {
|
||||
finalAddr = _ipAddressDao.findById(addr.getId());
|
||||
finalAddr = addr;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1749,6 +1749,11 @@ public class VpcManagerImpl extends ManagerBase implements VpcManager, VpcProvis
|
||||
@ActionEvent(eventType = EventTypes.EVENT_PRIVATE_GATEWAY_DELETE, eventDescription = "deleting private gateway")
|
||||
@DB
|
||||
public boolean deleteVpcPrivateGateway(final long gatewayId) throws ConcurrentOperationException, ResourceUnavailableException {
|
||||
final VpcGatewayVO gatewayToBeDeleted = _vpcGatewayDao.findById(gatewayId);
|
||||
if (gatewayToBeDeleted == null) {
|
||||
s_logger.debug("VPC gateway is already deleted for id=" + gatewayId);
|
||||
return true;
|
||||
}
|
||||
|
||||
final VpcGatewayVO gatewayVO = _vpcGatewayDao.acquireInLockTable(gatewayId);
|
||||
if (gatewayVO == null || gatewayVO.getType() != VpcGateway.Type.Private) {
|
||||
|
||||
@ -27,7 +27,7 @@ import com.cloud.vm.SecondaryStorageVmVO;
|
||||
|
||||
public interface SecondaryStorageVmManager extends Manager {
|
||||
|
||||
public static final int DEFAULT_SS_VM_RAMSIZE = 1024; // 1024M
|
||||
public static final int DEFAULT_SS_VM_RAMSIZE = 512; // 512M
|
||||
public static final int DEFAULT_SS_VM_CPUMHZ = 500; // 500 MHz
|
||||
public static final int DEFAULT_SS_VM_MTUSIZE = 1500;
|
||||
public static final int DEFAULT_SS_VM_CAPACITY = 50; // max command execution session per SSVM
|
||||
|
||||
@ -951,7 +951,7 @@ public class SecondaryStorageManagerImpl extends ManagerBase implements Secondar
|
||||
int ramSize = NumbersUtil.parseInt(_configDao.getValue("ssvm.ram.size"), DEFAULT_SS_VM_RAMSIZE);
|
||||
int cpuFreq = NumbersUtil.parseInt(_configDao.getValue("ssvm.cpu.mhz"), DEFAULT_SS_VM_CPUMHZ);
|
||||
List<ServiceOfferingVO> offerings = _offeringDao.createSystemServiceOfferings("System Offering For Secondary Storage VM",
|
||||
ServiceOffering.ssvmDefaultOffUniqueName, 2, ramSize, cpuFreq, null, null, false, null,
|
||||
ServiceOffering.ssvmDefaultOffUniqueName, 1, ramSize, cpuFreq, null, null, false, null,
|
||||
Storage.ProvisioningType.THIN, true, null, true, VirtualMachine.Type.SecondaryStorageVm, true);
|
||||
// this can sometimes happen, if DB is manually or programmatically manipulated
|
||||
if (offerings == null || offerings.size() < 2) {
|
||||
|
||||
@ -235,8 +235,7 @@ public class NfsSecondaryStorageResource extends ServerResourceBase implements S
|
||||
String nfsVersionParam = (String)params.get("nfsVersion");
|
||||
try {
|
||||
nfsVersion = Integer.valueOf(nfsVersionParam);
|
||||
}
|
||||
catch (NumberFormatException e){
|
||||
} catch (NumberFormatException e){
|
||||
s_logger.error("Couldn't cast " + nfsVersionParam + " to integer");
|
||||
return null;
|
||||
}
|
||||
@ -2269,9 +2268,9 @@ public class NfsSecondaryStorageResource extends ServerResourceBase implements S
|
||||
if (!_inSystemVM) {
|
||||
return;
|
||||
}
|
||||
Script command = new Script("/bin/bash", s_logger);
|
||||
command.add("-c");
|
||||
command.add("if [ -f /etc/init.d/ssh ]; then service ssh restart; else service sshd restart; fi ");
|
||||
Script command = new Script("/bin/systemctl", s_logger);
|
||||
command.add("restart");
|
||||
command.add("ssh");
|
||||
String result = command.execute();
|
||||
if (result != null) {
|
||||
s_logger.warn("Error in starting sshd service err=" + result);
|
||||
|
||||
@ -1070,10 +1070,9 @@ public class DownloadManagerImpl extends ManagerBase implements DownloadManager
|
||||
}
|
||||
|
||||
private void startAdditionalServices() {
|
||||
|
||||
Script command = new Script("/bin/bash", s_logger);
|
||||
command.add("-c");
|
||||
command.add("if [ -d /etc/apache2 ] ; then service apache2 stop; else service httpd stop; fi ");
|
||||
Script command = new Script("/bin/systemctl", s_logger);
|
||||
command.add("stop");
|
||||
command.add("apache2");
|
||||
String result = command.execute();
|
||||
if (result != null) {
|
||||
s_logger.warn("Error in stopping httpd service err=" + result);
|
||||
@ -1088,21 +1087,25 @@ public class DownloadManagerImpl extends ManagerBase implements DownloadManager
|
||||
|
||||
result = command.execute();
|
||||
if (result != null) {
|
||||
s_logger.warn("Error in opening up httpd port err=" + result);
|
||||
s_logger.warn("Error in opening up apache2 port err=" + result);
|
||||
return;
|
||||
}
|
||||
|
||||
command = new Script("/bin/bash", s_logger);
|
||||
command.add("-c");
|
||||
command.add("if [ -d /etc/apache2 ] ; then service apache2 start; else service httpd start; fi ");
|
||||
command = new Script("/bin/systemctl", s_logger);
|
||||
command.add("start");
|
||||
command.add("apache2");
|
||||
result = command.execute();
|
||||
if (result != null) {
|
||||
s_logger.warn("Error in starting httpd service err=" + result);
|
||||
s_logger.warn("Error in starting apache2 service err=" + result);
|
||||
return;
|
||||
}
|
||||
command = new Script("mkdir", s_logger);
|
||||
command.add("-p");
|
||||
command.add("/var/www/html/copy/template");
|
||||
|
||||
command = new Script("/bin/su", s_logger);
|
||||
command.add("-s");
|
||||
command.add("/bin/bash");
|
||||
command.add("-c");
|
||||
command.add("mkdir -p /var/www/html/copy/template");
|
||||
command.add("www-data");
|
||||
result = command.execute();
|
||||
if (result != null) {
|
||||
s_logger.warn("Error in creating directory =" + result);
|
||||
|
||||
@ -266,9 +266,12 @@ public class UploadManagerImpl extends ManagerBase implements UploadManager {
|
||||
}
|
||||
// Create the directory structure so that its visible under apache server root
|
||||
String extractDir = "/var/www/html/userdata/";
|
||||
Script command = new Script("mkdir", s_logger);
|
||||
command.add("-p");
|
||||
command.add(extractDir);
|
||||
Script command = new Script("/bin/su", s_logger);
|
||||
command.add("-s");
|
||||
command.add("/bin/bash");
|
||||
command.add("-c");
|
||||
command.add("mkdir -p " + extractDir);
|
||||
command.add("www-data");
|
||||
String result = command.execute();
|
||||
if (result != null) {
|
||||
String errorString = "Error in creating directory =" + result;
|
||||
@ -278,15 +281,6 @@ public class UploadManagerImpl extends ManagerBase implements UploadManager {
|
||||
|
||||
// Create a random file under the directory for security reasons.
|
||||
String uuid = cmd.getExtractLinkUUID();
|
||||
command = new Script("touch", s_logger);
|
||||
command.add(extractDir + uuid);
|
||||
result = command.execute();
|
||||
if (result != null) {
|
||||
String errorString = "Error in creating file " + uuid + " ,error: " + result;
|
||||
s_logger.warn(errorString);
|
||||
return new CreateEntityDownloadURLAnswer(errorString, CreateEntityDownloadURLAnswer.RESULT_FAILURE);
|
||||
}
|
||||
|
||||
// Create a symbolic link from the actual directory to the template location. The entity would be directly visible under /var/www/html/userdata/cmd.getInstallPath();
|
||||
command = new Script("/bin/bash", s_logger);
|
||||
command.add("-c");
|
||||
@ -501,46 +495,20 @@ public class UploadManagerImpl extends ManagerBase implements UploadManager {
|
||||
}
|
||||
|
||||
private boolean checkAndStartApache() {
|
||||
|
||||
//Check whether the Apache server is running
|
||||
Script command = new Script("/bin/bash", s_logger);
|
||||
command.add("-c");
|
||||
command.add("if [ -d /etc/apache2 ] ; then service apache2 status | grep pid; else service httpd status | grep pid; fi ");
|
||||
Script command = new Script("/bin/systemctl", s_logger);
|
||||
command.add("is-active");
|
||||
command.add("apache2");
|
||||
String result = command.execute();
|
||||
|
||||
//Apache Server is not running. Try to start it.
|
||||
if (result != null) {
|
||||
|
||||
/*s_logger.warn("Apache server not running, trying to start it");
|
||||
String port = Integer.toString(TemplateConstants.DEFAULT_TMPLT_COPY_PORT);
|
||||
String intf = TemplateConstants.DEFAULT_TMPLT_COPY_INTF;
|
||||
|
||||
command = new Script("/bin/bash", s_logger);
|
||||
command.add("-c");
|
||||
command.add("iptables -D INPUT -i " + intf + " -p tcp -m state --state NEW -m tcp --dport " + port + " -j DROP;" +
|
||||
"iptables -D INPUT -i " + intf + " -p tcp -m state --state NEW -m tcp --dport " + port + " -j HTTP;" +
|
||||
"iptables -D INPUT -i " + intf + " -p tcp -m state --state NEW -m tcp --dport " + "443" + " -j DROP;" +
|
||||
"iptables -D INPUT -i " + intf + " -p tcp -m state --state NEW -m tcp --dport " + "443" + " -j HTTP;" +
|
||||
"iptables -F HTTP;" +
|
||||
"iptables -X HTTP;" +
|
||||
"iptables -N HTTP;" +
|
||||
"iptables -I INPUT -i " + intf + " -p tcp -m state --state NEW -m tcp --dport " + port + " -j DROP;" +
|
||||
"iptables -I INPUT -i " + intf + " -p tcp -m state --state NEW -m tcp --dport " + "443" + " -j DROP;" +
|
||||
"iptables -I INPUT -i " + intf + " -p tcp -m state --state NEW -m tcp --dport " + port + " -j HTTP;" +
|
||||
"iptables -I INPUT -i " + intf + " -p tcp -m state --state NEW -m tcp --dport " + "443" + " -j HTTP;");
|
||||
|
||||
if (result != null && !result.equals("active")) {
|
||||
command = new Script("/bin/systemctl", s_logger);
|
||||
command.add("start");
|
||||
command.add("apache2");
|
||||
result = command.execute();
|
||||
if (result != null) {
|
||||
s_logger.warn("Error in opening up httpd port err=" + result );
|
||||
return false;
|
||||
}*/
|
||||
|
||||
command = new Script("/bin/bash", s_logger);
|
||||
command.add("-c");
|
||||
command.add("if [ -d /etc/apache2 ] ; then service apache2 start; else service httpd start; fi ");
|
||||
result = command.execute();
|
||||
if (result != null) {
|
||||
s_logger.warn("Error in starting httpd service err=" + result);
|
||||
s_logger.warn("Error in starting apache2 service err=" + result);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
@ -20,18 +20,18 @@ under the License.
|
||||
<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
|
||||
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false">
|
||||
|
||||
<!-- ================================= -->
|
||||
<!-- Preserve messages in a local file -->
|
||||
<!-- ================================= -->
|
||||
<!-- ================================= -->
|
||||
<!-- Preserve messages in a local file -->
|
||||
<!-- ================================= -->
|
||||
|
||||
<appender name="cloudLog" class="org.apache.log4j.RollingFileAppender">
|
||||
<appender name="cloudLog" class="org.apache.log4j.RollingFileAppender">
|
||||
<param name="File" value="/var/log/cloud.log"/>
|
||||
<param name="MaxFileSize" value="10000KB"/>
|
||||
<param name="MaxBackupIndex" value="4"/>
|
||||
|
||||
<layout class="org.apache.log4j.EnhancedPatternLayout">
|
||||
<param name="ConversionPattern" value="%d{ISO8601}{GMT} %-5p [%c{3}] (%t:%x) %m%n"/>
|
||||
</layout>
|
||||
<layout class="org.apache.log4j.EnhancedPatternLayout">
|
||||
<param name="ConversionPattern" value="%d{ISO8601}{GMT} %-5p [%c{3}] (%t:%x) %m%n"/>
|
||||
</layout>
|
||||
</appender>
|
||||
|
||||
<appender name="cloudOut" class="org.apache.log4j.RollingFileAppender">
|
||||
@ -40,23 +40,23 @@ under the License.
|
||||
<param name="MaxFileSize" value="10000KB"/>
|
||||
<param name="MaxBackupIndex" value="4"/>
|
||||
|
||||
<layout class="org.apache.log4j.EnhancedPatternLayout">
|
||||
<param name="ConversionPattern" value="%d{ISO8601}{GMT} %-5p [%c{3}] (%t:%x) %m%n"/>
|
||||
</layout>
|
||||
<layout class="org.apache.log4j.EnhancedPatternLayout">
|
||||
<param name="ConversionPattern" value="%d{ISO8601}{GMT} %-5p [%c{3}] (%t:%x) %m%n"/>
|
||||
</layout>
|
||||
</appender>
|
||||
|
||||
<appender name="cloudSystemvmLog" class="org.apache.log4j.rolling.RollingFileAppender">
|
||||
<appender name="cloudSystemvmLog" class="org.apache.log4j.rolling.RollingFileAppender">
|
||||
<param name="File" value="/usr/local/cloud/systemvm/cloud.log"/>
|
||||
<param name="Append" value="true"/>
|
||||
<param name="MaxFileSize" value="10000KB"/>
|
||||
<param name="MaxBackupIndex" value="4"/>
|
||||
|
||||
<layout class="org.apache.log4j.EnhancedPatternLayout">
|
||||
<param name="ConversionPattern" value="%d{ISO8601}{GMT} %-5p [%c{3}] (%t:%x) %m%n"/>
|
||||
</layout>
|
||||
<layout class="org.apache.log4j.EnhancedPatternLayout">
|
||||
<param name="ConversionPattern" value="%d{ISO8601}{GMT} %-5p [%c{3}] (%t:%x) %m%n"/>
|
||||
</layout>
|
||||
</appender>
|
||||
|
||||
<appender name="APISERVER" class="org.apache.log4j.rolling.RollingFileAppender">
|
||||
<appender name="APISERVER" class="org.apache.log4j.rolling.RollingFileAppender">
|
||||
<param name="Append" value="true"/>
|
||||
<param name="Threshold" value="DEBUG"/>
|
||||
<rollingPolicy class="org.apache.log4j.rolling.TimeBasedRollingPolicy">
|
||||
@ -67,65 +67,65 @@ under the License.
|
||||
<layout class="org.apache.log4j.EnhancedPatternLayout">
|
||||
<param name="ConversionPattern" value="%d{ISO8601}{GMT} %m%n"/>
|
||||
</layout>
|
||||
</appender>
|
||||
</appender>
|
||||
|
||||
<!-- ============================== -->
|
||||
<!-- Append messages to the console -->
|
||||
<!-- ============================== -->
|
||||
<!-- ============================== -->
|
||||
<!-- Append messages to the console -->
|
||||
<!-- ============================== -->
|
||||
|
||||
<appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
|
||||
<appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
|
||||
<param name="Target" value="System.out"/>
|
||||
<param name="Threshold" value="INFO"/>
|
||||
|
||||
<layout class="org.apache.log4j.EnhancedPatternLayout">
|
||||
<param name="ConversionPattern" value="%d{ABSOLUTE}{GMT} %5p %c{1}:%L - %m%n"/>
|
||||
</layout>
|
||||
</appender>
|
||||
</appender>
|
||||
|
||||
<!-- ================ -->
|
||||
<!-- Limit categories -->
|
||||
<!-- ================ -->
|
||||
<!-- ================ -->
|
||||
<!-- Limit categories -->
|
||||
<!-- ================ -->
|
||||
|
||||
<category name="com.cloud">
|
||||
<priority value="DEBUG"/>
|
||||
</category>
|
||||
<category name="com.cloud">
|
||||
<priority value="DEBUG"/>
|
||||
</category>
|
||||
|
||||
<category name="org.apache.cloudstack">
|
||||
<priority value="DEBUG"/>
|
||||
</category>
|
||||
<category name="org.apache.cloudstack">
|
||||
<priority value="DEBUG"/>
|
||||
</category>
|
||||
|
||||
<!-- Limit the org.apache category to INFO as its DEBUG is verbose -->
|
||||
<category name="org.apache">
|
||||
<!-- Limit the org.apache category to INFO as its DEBUG is verbose -->
|
||||
<category name="org.apache">
|
||||
<priority value="INFO"/>
|
||||
</category>
|
||||
</category>
|
||||
|
||||
<category name="org">
|
||||
<category name="org">
|
||||
<priority value="INFO"/>
|
||||
</category>
|
||||
</category>
|
||||
|
||||
<category name="net">
|
||||
<priority value="INFO"/>
|
||||
</category>
|
||||
<category name="net">
|
||||
<priority value="INFO"/>
|
||||
</category>
|
||||
|
||||
<category name="apiserver.com.cloud">
|
||||
<priority value="DEBUG"/>
|
||||
</category>
|
||||
<category name="apiserver.com.cloud">
|
||||
<priority value="DEBUG"/>
|
||||
</category>
|
||||
|
||||
<logger name="apiserver.com.cloud" additivity="false">
|
||||
<logger name="apiserver.com.cloud" additivity="false">
|
||||
<level value="DEBUG"/>
|
||||
<appender-ref ref="APISERVER"/>
|
||||
</logger>
|
||||
</logger>
|
||||
|
||||
<!-- ======================= -->
|
||||
<!-- Setup the Root category -->
|
||||
<!-- ======================= -->
|
||||
<!-- ======================= -->
|
||||
<!-- Setup the Root category -->
|
||||
<!-- ======================= -->
|
||||
|
||||
<root>
|
||||
<root>
|
||||
<level value="INFO"/>
|
||||
<appender-ref ref="CONSOLE"/>
|
||||
<appender-ref ref="cloudLog"/>
|
||||
<appender-ref ref="cloudOut"/>
|
||||
<appender-ref ref="cloudSystemvmLog"/>
|
||||
</root>
|
||||
</root>
|
||||
|
||||
</log4j:configuration>
|
||||
|
||||
@ -25,72 +25,15 @@ help() {
|
||||
}
|
||||
|
||||
|
||||
config_httpd_conf() {
|
||||
local ip=$1
|
||||
local srvr=$2
|
||||
cp -f /etc/httpd/conf/httpd.conf.orig /etc/httpd/conf/httpd.conf
|
||||
sed -i -e "s/Listen.*:80$/Listen $ip:80/" /etc/httpd/conf/httpd.conf
|
||||
echo "<VirtualHost $ip:443> " >> /etc/httpd/conf/httpd.conf
|
||||
echo " DocumentRoot /var/www/html/" >> /etc/httpd/conf/httpd.conf
|
||||
echo " ServerName $srvr" >> /etc/httpd/conf/httpd.conf
|
||||
echo " SSLEngine on" >> /etc/httpd/conf/httpd.conf
|
||||
echo " SSLProtocol all -SSLv2 -SSLv3" >> /etc/httpd/conf/httpd.conf
|
||||
echo " SSLCertificateFile /etc/httpd/ssl/certs/realhostip.crt" >> /etc/httpd/conf/httpd.conf
|
||||
echo " SSLCertificateKeyFile /etc/httpd/ssl/keys/realhostip.key" >> /etc/httpd/conf/httpd.conf
|
||||
echo "</VirtualHost>" >> /etc/httpd/conf/httpd.conf
|
||||
}
|
||||
|
||||
config_apache2_conf() {
|
||||
local ip=$1
|
||||
local srvr=$2
|
||||
cp -f /etc/apache2/sites-available/default.orig /etc/apache2/sites-available/default
|
||||
cp -f /etc/apache2/sites-available/default-ssl.orig /etc/apache2/sites-available/default-ssl
|
||||
sed -i -e "s/<VirtualHost.*>/<VirtualHost $ip:80>/" /etc/apache2/sites-available/default
|
||||
sed -i -e "s/<VirtualHost.*>/<VirtualHost $ip:443>/" /etc/apache2/sites-available/default-ssl
|
||||
sed -i 's/ssl-cert-snakeoil.key/cert_apache.key/' /etc/apache2/sites-available/default-ssl
|
||||
sed -i 's/ssl-cert-snakeoil.pem/cert_apache.crt/' /etc/apache2/sites-available/default-ssl
|
||||
sed -i 's/SSLProtocol.*$/SSLProtocol all -SSLv2 -SSLv3/' /etc/apache2/sites-available/default-ssl
|
||||
sed -i 's/ssl-cert-snakeoil.key/cert_apache.key/' /etc/apache2/sites-enabled/vhost*
|
||||
sed -i 's/ssl-cert-snakeoil.pem/cert_apache.crt/' /etc/apache2/sites-enabled/vhost*
|
||||
if [ -f /etc/ssl/certs/cert_apache_chain.crt ]
|
||||
then
|
||||
sed -i -e "s/#SSLCertificateChainFile.*/SSLCertificateChainFile \/etc\/ssl\/certs\/cert_apache_chain.crt/" /etc/apache2/sites-available/default-ssl
|
||||
sed -i -e "s/#SSLCertificateChainFile.*/SSLCertificateChainFile \/etc\/ssl\/certs\/cert_apache_chain.crt/" /etc/apache2/sites-enabled/vhost*
|
||||
fi
|
||||
|
||||
SSL_FILE="/etc/apache2/sites-available/default-ssl"
|
||||
PATTERN="RewriteRule ^\/upload\/(.*)"
|
||||
CORS_PATTERN="Header set Access-Control-Allow-Origin"
|
||||
if [ -f $SSL_FILE ]; then
|
||||
if grep -q "$PATTERN" $SSL_FILE ; then
|
||||
echo "rewrite rules already exist in file $SSL_FILE"
|
||||
else
|
||||
echo "adding rewrite rules to file: $SSL_FILE"
|
||||
sed -i -e "s/<\/VirtualHost>/RewriteEngine On \n&/" $SSL_FILE
|
||||
sed -i -e "s/<\/VirtualHost>/RewriteCond %{HTTPS} =on \n&/" $SSL_FILE
|
||||
sed -i -e "s/<\/VirtualHost>/RewriteCond %{REQUEST_METHOD} =POST \n&/" $SSL_FILE
|
||||
sed -i -e "s/<\/VirtualHost>/RewriteRule ^\/upload\/(.*) http:\/\/127.0.0.1:8210\/upload?uuid=\$1 [P,L] \n&/" $SSL_FILE
|
||||
fi
|
||||
if grep -q "$CORS_PATTERN" $SSL_FILE ; then
|
||||
echo "cors rules already exist in file $SSL_FILE"
|
||||
else
|
||||
echo "adding cors rules to file: $SSL_FILE"
|
||||
sed -i -e "s/<\/VirtualHost>/Header always set Access-Control-Allow-Origin \"*\" \n&/" $SSL_FILE
|
||||
sed -i -e "s/<\/VirtualHost>/Header always set Access-Control-Allow-Methods \"POST, OPTIONS\" \n&/" $SSL_FILE
|
||||
sed -i -e "s/<\/VirtualHost>/Header always set Access-Control-Allow-Headers \"x-requested-with, Content-Type, origin, authorization, accept, client-security-token, x-signature, x-metadata, x-expires\" \n&/" $SSL_FILE
|
||||
fi
|
||||
fi
|
||||
|
||||
}
|
||||
|
||||
copy_certs() {
|
||||
local certdir=$(dirname $0)/certs
|
||||
local mydir=$(dirname $0)
|
||||
if [ -d $certdir ] && [ -f $customPrivKey ] && [ -f $customPrivCert ] ; then
|
||||
mkdir -p /etc/httpd/ssl/keys && mkdir -p /etc/httpd/ssl/certs && cp $customprivKey /etc/httpd/ssl/keys && cp $customPrivCert /etc/httpd/ssl/certs
|
||||
return $?
|
||||
fi
|
||||
if [ ! -z customCertChain ] && [ -f $customCertChain ] ; then
|
||||
cp $customCertChain /etc/httpd/ssl/certs
|
||||
fi
|
||||
return 1
|
||||
}
|
||||
|
||||
copy_certs_apache2() {
|
||||
@ -105,7 +48,6 @@ copy_certs_apache2() {
|
||||
return 0
|
||||
}
|
||||
|
||||
|
||||
cflag=
|
||||
cpkflag=
|
||||
cpcflag=
|
||||
@ -183,13 +125,7 @@ then
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -d /etc/apache2 ]
|
||||
then
|
||||
copy_certs_apache2
|
||||
else
|
||||
copy_certs
|
||||
fi
|
||||
|
||||
copy_certs_apache2
|
||||
if [ $? -ne 0 ]
|
||||
then
|
||||
echo "Failed to copy certificates"
|
||||
@ -198,15 +134,10 @@ fi
|
||||
|
||||
if [ -f "$customCACert" ]
|
||||
then
|
||||
keytool -delete -alias $aliasName -keystore $keyStore -storepass $storepass -noprompt
|
||||
keytool -delete -alias $aliasName -keystore $keyStore -storepass $storepass -noprompt || true
|
||||
keytool -import -alias $aliasName -keystore $keyStore -storepass $storepass -noprompt -file $customCACert
|
||||
keytool -importkeystore -srckeystore $defaultJavaKeyStoreFile -destkeystore $keyStore -srcstorepass $defaultJavaKeyStorePass -deststorepass $storepass -noprompt
|
||||
fi
|
||||
|
||||
if [ -d /etc/apache2 ]
|
||||
then
|
||||
config_apache2_conf $publicIp $hostName
|
||||
systemctl restart apache2
|
||||
else
|
||||
config_httpd_conf $publicIp $hostName
|
||||
fi
|
||||
config_apache2_conf $publicIp $hostName
|
||||
systemctl restart apache2
|
||||
|
||||
@ -83,6 +83,9 @@
|
||||
Allow from 127.0.0.0/255.0.0.0 ::1/128
|
||||
</Directory>
|
||||
|
||||
# Include CORS configuration **IF SET**
|
||||
IncludeOptional /etc/apache2/[cC][oO][rR][sS].conf
|
||||
|
||||
# SSL Engine Switch:
|
||||
# Enable/Disable SSL for this virtual host.
|
||||
SSLEngine on
|
||||
|
||||
@ -54,13 +54,16 @@ class CsDhcp(CsDataBag):
|
||||
|
||||
self.configure_server()
|
||||
|
||||
self.conf.commit()
|
||||
restart_dnsmasq = self.conf.commit()
|
||||
self.cloud.commit()
|
||||
self.dhcp_opts.commit()
|
||||
|
||||
# We restart DNSMASQ every time the configure.py is called in order to avoid lease problems.
|
||||
if not self.cl.is_redundant() or self.cl.is_master():
|
||||
CsHelper.service("dnsmasq", "restart")
|
||||
if restart_dnsmasq:
|
||||
CsHelper.service("dnsmasq", "restart")
|
||||
else:
|
||||
CsHelper.start_if_stopped("dnsmasq")
|
||||
CsHelper.service("dnsmasq", "reload")
|
||||
|
||||
def configure_server(self):
|
||||
# self.conf.addeq("dhcp-hostsfile=%s" % DHCP_HOSTS)
|
||||
@ -80,7 +83,7 @@ class CsDhcp(CsDataBag):
|
||||
# DNS search order
|
||||
if gn.get_dns() and device:
|
||||
sline = "dhcp-option=tag:interface-%s-%s,6" % (device, idx)
|
||||
dns_list = [x for x in gn.get_dns() if not (not x)]
|
||||
dns_list = [x for x in gn.get_dns() if x]
|
||||
line = "dhcp-option=tag:interface-%s-%s,6,%s" % (device, idx, ','.join(dns_list))
|
||||
self.conf.search(sline, line)
|
||||
# Gateway
|
||||
|
||||
@ -58,7 +58,7 @@ class CsFile:
|
||||
def commit(self):
|
||||
if not self.is_changed():
|
||||
logging.info("Nothing to commit. The %s file did not change" % self.filename)
|
||||
return
|
||||
return False
|
||||
handle = open(self.filename, "w+")
|
||||
for line in self.new_config:
|
||||
handle.write(line)
|
||||
@ -66,6 +66,7 @@ class CsFile:
|
||||
logging.info("Wrote edited file %s" % self.filename)
|
||||
self.config = list(self.new_config)
|
||||
logging.info("Updated file in-cache configuration")
|
||||
return True
|
||||
|
||||
def dump(self):
|
||||
for line in self.new_config:
|
||||
|
||||
@ -26,7 +26,6 @@ import os.path
|
||||
import re
|
||||
import shutil
|
||||
from netaddr import *
|
||||
from pprint import pprint
|
||||
|
||||
PUBLIC_INTERFACES = {"router": "eth2", "vpcrouter": "eth1"}
|
||||
|
||||
|
||||
@ -15,8 +15,6 @@
|
||||
# specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from pprint import pprint
|
||||
|
||||
|
||||
def merge(dbag, cmdline):
|
||||
if 'redundant_router' in cmdline['cmd_line']:
|
||||
|
||||
@ -15,9 +15,9 @@
|
||||
# specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from pprint import pprint
|
||||
from netaddr import *
|
||||
|
||||
|
||||
def merge(dbag, data):
|
||||
# A duplicate ip address wil clobber the old value
|
||||
# This seems desirable ....
|
||||
|
||||
@ -15,7 +15,6 @@
|
||||
# specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from pprint import pprint
|
||||
import copy
|
||||
|
||||
|
||||
|
||||
@ -15,8 +15,6 @@
|
||||
# specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from pprint import pprint
|
||||
|
||||
|
||||
def merge(dbag, rules):
|
||||
for rule in rules["rules"]:
|
||||
|
||||
@ -15,7 +15,6 @@
|
||||
# specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from pprint import pprint
|
||||
|
||||
keys = ['eth1', 'eth2', 'eth3', 'eth4', 'eth5', 'eth6', 'eth7', 'eth8', 'eth9']
|
||||
|
||||
|
||||
@ -15,7 +15,6 @@
|
||||
# specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from pprint import pprint
|
||||
import copy
|
||||
|
||||
|
||||
|
||||
@ -15,7 +15,6 @@
|
||||
# specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from pprint import pprint
|
||||
from netaddr import *
|
||||
|
||||
|
||||
|
||||
@ -15,7 +15,6 @@
|
||||
# specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from pprint import pprint
|
||||
from netaddr import *
|
||||
|
||||
|
||||
|
||||
@ -15,7 +15,6 @@
|
||||
# KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations
|
||||
# under the License.
|
||||
from pprint import pprint
|
||||
|
||||
|
||||
def merge(dbag, vpn):
|
||||
|
||||
@ -15,7 +15,6 @@
|
||||
# KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations
|
||||
# under the License.
|
||||
from pprint import pprint
|
||||
|
||||
|
||||
def merge(dbag, vpn):
|
||||
|
||||
@ -15,7 +15,6 @@
|
||||
# KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations
|
||||
# under the License.
|
||||
from pprint import pprint
|
||||
|
||||
|
||||
def merge(dbag, staticroutes):
|
||||
|
||||
@ -15,8 +15,6 @@
|
||||
# specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from pprint import pprint
|
||||
|
||||
|
||||
def merge(dbag, metadata):
|
||||
dbag[metadata["vm_ip_address"]] = metadata["vm_metadata"]
|
||||
|
||||
@ -15,7 +15,6 @@
|
||||
# specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
from pprint import pprint
|
||||
from netaddr import *
|
||||
|
||||
|
||||
|
||||
@ -15,7 +15,6 @@
|
||||
# KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations
|
||||
# under the License.
|
||||
from pprint import pprint
|
||||
|
||||
import copy
|
||||
|
||||
|
||||
@ -39,6 +39,7 @@ init_interfaces_orderby_macs() {
|
||||
echo -n " eth$i" >> $interface_file
|
||||
fi
|
||||
done
|
||||
|
||||
cat >> $interface_file << EOF
|
||||
|
||||
iface lo inet loopback
|
||||
@ -481,21 +482,14 @@ setup_vpc_apache2() {
|
||||
}
|
||||
|
||||
clean_ipalias_config() {
|
||||
# Old
|
||||
rm -f /etc/apache2/conf.d/ports.*.meta-data.conf
|
||||
rm -f /etc/apache2/sites-available/ipAlias*
|
||||
rm -f /etc/apache2/sites-enabled/ipAlias*
|
||||
rm -f /etc/apache2/conf.d/vhost*.conf
|
||||
rm -f /etc/apache2/ports.conf
|
||||
rm -f /etc/apache2/vhostexample.conf
|
||||
rm -f /etc/apache2/sites-available/default
|
||||
rm -f /etc/apache2/sites-available/default-ssl
|
||||
rm -f /etc/apache2/sites-enabled/default
|
||||
rm -f /etc/apache2/sites-enabled/default-ssl
|
||||
|
||||
# New
|
||||
rm -f /etc/apache2/sites-enabled/vhost-*.conf
|
||||
rm -f /etc/apache2/sites-enabled/000-default
|
||||
rm -f /etc/apache2/sites-available/*
|
||||
rm -f /etc/apache2/sites-enabled/*
|
||||
|
||||
rm -rf /etc/failure_config
|
||||
}
|
||||
@ -513,6 +507,8 @@ setup_apache2_common() {
|
||||
|
||||
setup_apache2() {
|
||||
log_it "Setting up apache web server"
|
||||
mkdir -p /var/www
|
||||
chown www-data:www-data -R /var/www
|
||||
clean_ipalias_config
|
||||
setup_apache2_common
|
||||
local ip=$1
|
||||
|
||||
@ -1,2 +0,0 @@
|
||||
These are the templates for the redundant router
|
||||
and redundant vpc_router
|
||||
@ -131,8 +131,7 @@ class TestDeployVMFromISO(cloudstackTestCase):
|
||||
)
|
||||
try:
|
||||
# Download the ISO
|
||||
self.iso.download(self.apiclient, retries=150)
|
||||
|
||||
self.iso.download(self.apiclient)
|
||||
except Exception as e:
|
||||
raise Exception("Exception while downloading ISO %s: %s"
|
||||
% (self.iso.id, e))
|
||||
|
||||
@ -488,8 +488,11 @@ class TestHAKVM(cloudstackTestCase):
|
||||
"""
|
||||
if command != 'STATUS':
|
||||
self.issuePowerActionCmd(command)
|
||||
response = self.issuePowerActionCmd('STATUS')
|
||||
self.assertEqual(response.powerstate, expected)
|
||||
try:
|
||||
response = self.issuePowerActionCmd('STATUS')
|
||||
self.assertEqual(response.powerstate, expected)
|
||||
except:
|
||||
pass # in case of ipmisim errors ignore
|
||||
|
||||
def configureAndEnableOobm(self):
|
||||
self.apiclient.configureOutOfBandManagement(self.getOobmConfigCmd())
|
||||
|
||||
@ -1300,6 +1300,7 @@ class TestL2Networks(cloudstackTestCase):
|
||||
# Get Zone, Domain and templates
|
||||
cls.domain = get_domain(cls.apiclient)
|
||||
cls.zone = get_zone(cls.apiclient, testClient.getZoneForTests())
|
||||
cls.hypervisor = testClient.getHypervisorInfo()
|
||||
cls.services['mode'] = cls.zone.networktype
|
||||
# Create Accounts & networks
|
||||
cls.account = Account.create(
|
||||
@ -1308,10 +1309,10 @@ class TestL2Networks(cloudstackTestCase):
|
||||
admin=True,
|
||||
domainid=cls.domain.id
|
||||
)
|
||||
cls.template = get_template(
|
||||
cls.template = get_test_template(
|
||||
cls.apiclient,
|
||||
cls.zone.id,
|
||||
cls.services["ostype"]
|
||||
cls.hypervisor
|
||||
)
|
||||
cls.service_offering = ServiceOffering.create(
|
||||
cls.apiclient,
|
||||
|
||||
@ -233,12 +233,8 @@ class TestIsolatedNetworksPasswdServer(cloudstackTestCase):
|
||||
self._testMethodName)
|
||||
|
||||
self.logger.debug("cat /var/cache/cloud/passwords-%s | grep %s | sed 's/=/ /g' | awk '{print $1}' RESULT IS ==> %s" % (vm.nic[0].gateway, vm.nic[0].ipaddress, result))
|
||||
res = str(result)
|
||||
|
||||
self.assertEqual(
|
||||
res.count(vm.nic[0].ipaddress),
|
||||
1,
|
||||
"Password file is empty or doesn't exist!")
|
||||
self.assertTrue(vm.nic[0].ipaddress in result, "Password file is empty or doesn't exist!")
|
||||
|
||||
@attr(tags=["advanced", "advancedns", "ssh"], required_hardware="true")
|
||||
def test_isolate_network_password_server(self):
|
||||
|
||||
@ -720,10 +720,10 @@ class TestPrivateGwACL(cloudstackTestCase):
|
||||
succeeded_pings = 0
|
||||
minimum_vms_to_pass = 2
|
||||
for vm_ip in vms_ips:
|
||||
ssh_command = "ping -c 3 %s" % vm_ip
|
||||
ssh_command = "ping -c 5 %s" % vm_ip
|
||||
|
||||
# Should be able to SSH VM
|
||||
result = 'failed'
|
||||
packet_loss = 100
|
||||
try:
|
||||
self.logger.debug("SSH into VM: %s" % public_ip.ipaddress.ipaddress)
|
||||
|
||||
@ -733,15 +733,19 @@ class TestPrivateGwACL(cloudstackTestCase):
|
||||
time.sleep(sleep_time)
|
||||
|
||||
self.logger.debug("Ping to VM inside another Network Tier")
|
||||
result = str(ssh.execute(ssh_command))
|
||||
result = ssh.execute(ssh_command)
|
||||
|
||||
self.logger.debug("SSH result: %s; COUNT is ==> %s" % (result, result.count("0% packet loss")))
|
||||
for line in result:
|
||||
if "packet loss" in line:
|
||||
packet_loss = int(line.split("% packet loss")[0].split(" ")[-1])
|
||||
break
|
||||
|
||||
self.logger.debug("SSH result: %s; COUNT is ==> %s" % (result, packet_loss < 50))
|
||||
except Exception as e:
|
||||
self.fail("SSH Access failed for %s: %s" % \
|
||||
(virtual_machine, e)
|
||||
)
|
||||
self.fail("SSH Access failed for %s: %s" % (virtual_machine, e))
|
||||
|
||||
succeeded_pings += result.count("0% packet loss")
|
||||
if packet_loss < 50:
|
||||
succeeded_pings += 1
|
||||
|
||||
|
||||
self.assertTrue(succeeded_pings >= minimum_vms_to_pass,
|
||||
|
||||
@ -852,7 +852,7 @@ class TestRVPCSite2SiteVpn(cloudstackTestCase):
|
||||
retries)
|
||||
|
||||
except Exception as e:
|
||||
self.fail("Unable to create ssh connection: " % e)
|
||||
self.fail("Unable to create ssh connection: %s" % e)
|
||||
|
||||
self.assertIsNotNone(
|
||||
ssh_client, "Failed to setup ssh connection to vm=%s on public_ip=%s" % (virtual_machine.name, virtual_machine.public_ip))
|
||||
|
||||
@ -38,9 +38,6 @@ d-i mirror/http/proxy string
|
||||
|
||||
### Apt setup
|
||||
d-i apt-setup/cdrom/set-first false
|
||||
#d-i apt-setup/non-free boolean true
|
||||
#d-i apt-setup/contrib boolean true
|
||||
#d-i apt-setup/use_mirror boolean true
|
||||
d-i apt-setup/services-select multiselect security, updates
|
||||
d-i apt-setup/security_host string security.debian.org
|
||||
d-i apt-setup/local0/source boolean false
|
||||
@ -62,12 +59,12 @@ d-i partman-auto/expert_recipe string \
|
||||
use_filesystem{ } filesystem{ ext2 } \
|
||||
mountpoint{ /boot } \
|
||||
. \
|
||||
1100 40 1600 ext4 \
|
||||
1200 40 1600 ext4 \
|
||||
method{ format } format{ } \
|
||||
use_filesystem{ } filesystem{ ext4 } \
|
||||
mountpoint{ / } \
|
||||
. \
|
||||
600 60 800 ext4 \
|
||||
800 60 800 ext4 \
|
||||
method{ format } format{ } \
|
||||
use_filesystem{ } filesystem{ ext4 } \
|
||||
mountpoint{ /var } \
|
||||
@ -104,9 +101,6 @@ d-i passwd/user-default-groups string audio cdrom video admin
|
||||
|
||||
openssh-server openssh-server/permit-root-login boolean true
|
||||
|
||||
### Apt setup
|
||||
# ...
|
||||
|
||||
### Package selection
|
||||
tasksel tasksel/first multiselect ssh-server
|
||||
d-i pkgsel/include string openssh-server ntp acpid sudo bzip2 openssl
|
||||
|
||||
@ -20,9 +20,10 @@ set -e
|
||||
set -x
|
||||
|
||||
function cleanup_apt() {
|
||||
export DEBIAN_FRONTEND=noninteractive
|
||||
apt-get -y remove --purge dictionaries-common busybox isc-dhcp-client isc-dhcp-common \
|
||||
task-english task-ssh-server tasksel tasksel-data laptop-detect wamerican \
|
||||
debconf-i18n sharutils gnupg gnupg-agent
|
||||
task-english task-ssh-server tasksel tasksel-data laptop-detect wamerican sharutils \
|
||||
nano util-linux-locales krb5-locales
|
||||
|
||||
apt-get -y autoremove --purge
|
||||
apt-get autoclean
|
||||
@ -63,7 +64,9 @@ function cleanup_misc() {
|
||||
rm -fr /usr/share/man
|
||||
rm -fr /usr/share/info
|
||||
rm -fr /usr/share/lintian
|
||||
find /usr/share/locale -type f | grep -v en | xargs rm -fr
|
||||
rm -fr /usr/share/apache2/icons
|
||||
find /usr/share/locale -type f | grep -v en_US | xargs rm -fr
|
||||
find /usr/share/zoneinfo -type f | grep -v UTC | xargs rm -fr
|
||||
}
|
||||
|
||||
function cleanup() {
|
||||
|
||||
@ -31,7 +31,7 @@ function configure_grub() {
|
||||
GRUB_DEFAULT=0
|
||||
GRUB_TIMEOUT=0
|
||||
GRUB_DISTRIBUTOR=Debian
|
||||
GRUB_CMDLINE_LINUX_DEFAULT="loglevel=4"
|
||||
GRUB_CMDLINE_LINUX_DEFAULT="quiet"
|
||||
GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,115200n8 console=hvc0 earlyprintk=xen net.ifnames=0 biosdevname=0 debian-installer=en_US nomodeset"
|
||||
GRUB_CMDLINE_XEN="com1=115200 console=com1"
|
||||
GRUB_TERMINAL="console serial"
|
||||
|
||||
@ -1,95 +0,0 @@
|
||||
# Licensed to the Apache Software Foundation (ASF) under one
|
||||
# or more contributor license agreements. See the NOTICE file
|
||||
# distributed with this work for additional information
|
||||
# regarding copyright ownership. The ASF licenses this file
|
||||
# to you under the Apache License, Version 2.0 (the
|
||||
# "License"); you may not use this file except in compliance
|
||||
# with the License. You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing,
|
||||
# software distributed under the License is distributed on an
|
||||
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
# KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
arch = 'amd64'
|
||||
|
||||
#
|
||||
# NOTE: Before changing the version of the debian image make
|
||||
# sure it is added to the userContent of jenkins.buildacloud.org
|
||||
# and the copy task is updated on the systemvm builds
|
||||
# This will prevent the inevitable build failure once the iso is
|
||||
# removed from the debian mirrors
|
||||
#
|
||||
architectures = {
|
||||
:amd64 => {
|
||||
:os_type_id => 'Debian_64',
|
||||
:iso_file => 'debian-9.3.0-amd64-netinst.iso',
|
||||
:iso_src => 'https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.3.0-amd64-netinst.iso',
|
||||
:iso_md5 => '8775231d6f56a3d8f116eb64fe048f5cbd2ea0f8c092a1cb7608bcb4106f9c85cb69ce68f53bd381019ab40f1c0316843036daf3fd9107c81c58a240334cc747'
|
||||
}
|
||||
}
|
||||
|
||||
config = {
|
||||
:cpu_count => '1',
|
||||
:memory_size => '512',
|
||||
:disk_size => '2100', :disk_format => 'VDI', :hostiocache => 'off',
|
||||
:iso_download_timeout => '1000',
|
||||
:boot_wait => '10',
|
||||
:boot_cmd_sequence => [
|
||||
'<Esc>',
|
||||
'install ',
|
||||
'preseed/url=http://%IP%:%PORT%/preseed.cfg ',
|
||||
'debian-installer=en_US ',
|
||||
'auto ',
|
||||
'locale=en_US ',
|
||||
'kbd-chooser/method=us ',
|
||||
'netcfg/get_hostname=systemvm ',
|
||||
'netcfg/get_domain=apache.org ',
|
||||
'fb=false ',
|
||||
'debconf/frontend=noninteractive ',
|
||||
'console-setup/ask_detect=false ',
|
||||
'console-keymaps-at/keymap=us ',
|
||||
'keyboard-configuration/xkb-keymap=us ',
|
||||
'<Enter>'
|
||||
],
|
||||
:kickstart_port => '7122',
|
||||
:kickstart_timeout => '1000',
|
||||
:kickstart_file => 'preseed.cfg',
|
||||
:ssh_login_timeout => '10000',
|
||||
:ssh_user => 'cloud',
|
||||
:ssh_password => 'cloud',
|
||||
:ssh_key => '',
|
||||
:ssh_host_port => '7222',
|
||||
:ssh_guest_port => '22',
|
||||
:sudo_cmd => "echo '%p'|sudo -S bash '%f'",
|
||||
:shutdown_cmd => 'halt -p',
|
||||
:postinstall_files => [
|
||||
# basic minimal vm creation
|
||||
'apt_upgrade.sh',
|
||||
'configure_grub.sh',
|
||||
'configure_locale.sh',
|
||||
'configure_networking.sh',
|
||||
'configure_acpid.sh',
|
||||
# turning it into a systemvm
|
||||
'install_systemvm_packages.sh',
|
||||
'configure_conntrack.sh',
|
||||
#'../../cloud_scripts_shar_archive.sh',
|
||||
'configure_systemvm_services.sh',
|
||||
'authorized_keys.sh',
|
||||
'configure_persistent_config.sh',
|
||||
# setup login stuff
|
||||
'configure_login.sh',
|
||||
# cleanup & space-saving
|
||||
'cleanup.sh',
|
||||
'finalize.sh'
|
||||
],
|
||||
:postinstall_timeout => '10000'
|
||||
}
|
||||
|
||||
config.merge! architectures[arch.to_sym]
|
||||
|
||||
Veewee::Definition.declare(config)
|
||||
@ -46,7 +46,7 @@ function install_packages() {
|
||||
local apt_get="apt-get --no-install-recommends -q -y"
|
||||
|
||||
${apt_get} install grub-legacy \
|
||||
rsyslog logrotate cron net-tools ifupdown tmux vim htop netbase iptables \
|
||||
rsyslog logrotate cron net-tools ifupdown tmux vim-tiny htop netbase iptables \
|
||||
openssh-server e2fsprogs tcpdump iftop socat wget \
|
||||
python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps \
|
||||
inetutils-ping iputils-arping httping curl \
|
||||
@ -68,7 +68,7 @@ function install_packages() {
|
||||
python-flask \
|
||||
haproxy \
|
||||
radvd \
|
||||
sharutils \
|
||||
sharutils genisoimage \
|
||||
strongswan libcharon-extra-plugins libstrongswan-extra-plugins \
|
||||
virt-what open-vm-tools qemu-guest-agent hyperv-daemons
|
||||
|
||||
|
||||
@ -32,7 +32,7 @@
|
||||
[ "-m", "512M" ],
|
||||
[ "-smp", "cpus=1,maxcpus=1,cores=1" ]
|
||||
],
|
||||
"disk_size": 2100,
|
||||
"disk_size": 2400,
|
||||
"format": "qcow2",
|
||||
|
||||
"disk_interface": "virtio",
|
||||
|
||||
@ -2419,10 +2419,6 @@ Innovation Centre, 2006 (http://www.it-innovation.soton.ac.uk).
|
||||
id='adiscon.com'
|
||||
name='Adiscon GmbH'
|
||||
url='http://www.adiscon.com/' />
|
||||
<organisation
|
||||
id='person:patrick.debois'
|
||||
name='Patrick Debois'
|
||||
url='http://www.jedi.be/blog/' />
|
||||
<organisation
|
||||
id='dojofoundation.org'
|
||||
name='The Dojo Foundation'
|
||||
@ -2643,31 +2639,6 @@ Copyright (c) 2010-2011 OpenStack, LLC.
|
||||
</by-organisation>
|
||||
</with-license>
|
||||
</within>
|
||||
<within dir='tools/appliance/definitions/{devcloud,systemvmtemplate,systemvmtemplate64}'>
|
||||
<with-license id='MIT'>
|
||||
<copyright-notice>
|
||||
Copyright (c) 2010-2012 Patrick Debois
|
||||
</copyright-notice>
|
||||
<by-organisation id='person:patrick.debois'>
|
||||
<resource name='base.sh' source='https://github.com/jedi4ever/veewee' />
|
||||
<resource name='cleanup.sh' source='https://github.com/jedi4ever/veewee' />
|
||||
<resource name='definition.rb' source='https://github.com/jedi4ever/veewee' />
|
||||
<resource name='preseed.cfg' source='https://github.com/jedi4ever/veewee' />
|
||||
<resource name='zerodisk.sh' source='https://github.com/jedi4ever/veewee' />
|
||||
</by-organisation>
|
||||
</with-license>
|
||||
</within>
|
||||
<within dir='tools/devcloud/src/deps/boxes/basebox-build'>
|
||||
<with-license id='MIT'>
|
||||
<copyright-notice>
|
||||
Copyright (c) 2010-2012 Patrick Debois
|
||||
</copyright-notice>
|
||||
<by-organisation id='person:patrick.debois'>
|
||||
<resource name='definition.rb' source='https://github.com/jedi4ever/veewee' />
|
||||
<resource name='preseed.cfg' source='https://github.com/jedi4ever/veewee' />
|
||||
</by-organisation>
|
||||
</with-license>
|
||||
</within>
|
||||
<within dir='utils/src/org/apache/commons/httpclient/contrib/ssl'>
|
||||
<with-license id='ApacheLicenseVersion2'>
|
||||
<copyright-notice>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user