The default GC algorithm G1 that is enabled by default with Java11
serves well on multiprocessor machines with large amount of memory where
GC is probablistic with low pauses, where response time is more
important than throughput and GC is kept shorter.
The CloudStack management server is largely a multi-threaded server
application that handles and orchestrates several network requests, and
has the default max. heap size of only 2G that can be considered a
small/medium application from a heap size perspective. Perhaps a more
aggresive GC algorithm such as ParallelGC as used in Java8 and before
(that is previous CloudStack releases) would serve better for throughput
and cause more aggresive GC.
Reference: https://docs.oracle.com/en/java/javase/11/gctuning/available-collectors.html#GUID-13943556-F521-4287-AAAA-AE5DE68777CD
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This adds support for JDK11 in CloudStack 4.14+:
- Fixes code to build against JDK11
- Bump to Debian 9 systemvmtemplate with openjdk-11
- Fix Travis to run smoketests against openjdk-11
- Use maven provided jdk11 compatible mysql-connector-java
- Remove old agent init.d scripts
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
* Extract systemvm.iso using bsdtar if available.
Signed-off-by: Kai Takahashi <k-takahashi@creationline.com>
* New dependency for CentOS 7 and Debian: bsdtar
bsdtar can extract iso images without mounting.
Signed-off-by: Kai Takahashi <k-takahashi@creationline.com>
* Remove all 'mount' and 'umount' command call(s).
Signed-off-by: Kai Takahashi <k-takahashi@creationline.com>
Use iproute to get default network interface
This uses `ip route` than `route` without an explicit path (/bin, /sbin
etc.) to query the default network interface on the system.
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
* kvm/security_group: Make Security Group Python 3 compatible
This script only runs on the KVM Hypervisors and these all support
Python 3.
As Python 2 is deprecated at the end of 2019 we need to fix these
scripts to work under Python 3.
CentOS 7, 8 and Ubuntu 16.04 and 18.04 all have Python 3 installed
by default.
Ubuntu 20.04 will no longer have Python 2 installed and therefor
this script needs to be modified to work with Python 3.
Signed-off-by: Wido den Hollander <wido@widodh.nl>
* Add dependency of python3 in packaging/centos7/cloud.spec
- Removes CentOS6/el6 packaging (voting thread reference https://markmail.org/message/u3ka4hwn2lzwiero)
- Add upgrade path from 4.13 to 4.14
- Enable live storage migration support for KVM by default as el6 is deprecated
- PRs using live storage migration
#2997 KVM VM live migration with ROOT volume on file storage type
#2983 KVM live storage migration intra cluster from NFS source and destination
#2298 CLOUDSTACK-9620: Enhancements for managed storage
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Using this tool on a hypervisor admins can query KVM Instances running
on that hypervisor if they have the Qemu Guest Agent installed.
All System VMs have this and they can be queried.
For example:
$ cloudstack-guest-tool i-2-25-VM
This will print some information about network and filesystem status.
root@hv-138-a05-23:~# ./cloudstack-guest-tool s-11-VM --command info|jq
{
"network": [
{
"ip-addresses": [
{
"prefix": 8,
"ip-address": "127.0.0.1",
"ip-address-type": "ipv4"
}
],
"name": "lo",
"hardware-address": "00:00:00:00:00:00"
},
{
"ip-addresses": [
{
"prefix": 16,
"ip-address": "169.254.242.169",
"ip-address-type": "ipv4"
}
],
"name": "eth0",
"hardware-address": "0e:00:a9:fe:f2:a9"
},
...
...
"filesystem": [
{
"mountpoint": "/var",
"disk": [
{
"bus": 0,
"bus-type": "virtio",
"target": 0,
"unit": 0,
"pci-controller": {
"slot": 7,
"bus": 0,
"domain": 0,
"function": 0
}
}
],
"type": "ext4",
"name": "vda6"
},
Signed-off-by: Wido den Hollander <wido@widodh.nl>
This may slow down CI and release, but ensures that unit tests always
run as part of the packaging build process.
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
* systemd: fix services to allow TLS configurations via java.security.ciphers
This fixes the management server and systemd services to allow the
java.security.ciphers file to configure disabled TLS protocols and
algorithms. This also cleans up systemd service files for agent and
usage server.
This fixes#3140
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
* configure: fix travis failure due pycodestyle error
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This cleanups management server default file, the `cloud.jks` is no
longer created by the management server but instead created in-memory
by the root CA plugin on management server startup.
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Install CentOS 7 e.g. Build 1804 and Java build 1.8.0_181
if you inspect systemd in debug mode you will see some errors
1.
permission of the cloudstack-managment.service are not corretly set
2.
invalid classpath specified. it seems the string which is used will be divided... we now we use ${..} like the lines above ... confused
Install any additional plugin jars in the lib directory to be picked up
by the classpath builder, otherwise one has to manually add the jar
to /etc/default/cloudstack-management after installation. This fixes
the issue for `mysql-ha` plugin.
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
The idea is to create a property in /etc/defaults/cloudstack-agent that
can be enabled/disabled (uncommented/commented) to control the enabling
of Java remote debug in CloudStack's JVM.
This makes the agent logrotate config to `noreplace` so on upgrade
any changes to the file are not lost.
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
Ubuntu 14.04 will go EOL in April 2019. With a new CloudStack
release close to that date we can drop support for this Ubuntu
version and the master branch of CloudStack.
Ubuntu 16.04 (Xenial) and 18.04 (Bionic) both have systemd and
more recent Java versions which make it easier to run the CloudStack
KVM Agent on them.
In addition libvirt and Qemu are more up to date with features
which allow VMs to run better.
Yet to be implemented features in KVM can also leverage the newer
version of Qemu and libvirt without the need of taking older
version of them into account.
Signed-off-by: Wido den Hollander <wido@widodh.nl>
This is to fix the regression added in #2433. In this fix
we're going to fail the build early if --use-timestamp is
provided and working directory is *not* clean. And also
fail the build if something in the script has returned
non-zero value.
* packaging: use libuuid x86_64 package for cloudstack-common
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
* 64 bit links is packaged
* post scan filter to exclude libuuid.so.1
* Revert "packaging: use libuuid x86_64 package for cloudstack-common"
This reverts commit b3fb8957fe4e98c85949be2010f0316c89d535a9.
* post scan filter to exclude libuuid.so.1 (centos63)
* revert removal of 32 bit support for vhd-util libs
This introduces a new global setting `vm.configdrive.primarypool.enabled` to toggle creation/hosting of config drive iso files on primary storage, the default will be false causing them to be hosted on secondary storage. The current support is limited from hypervisor resource side and in current implementation limited to `KVM` only. The next big change is that config drive is created at a temporary location by management server and shipped to either KVM or SSVM agent via cmd-answer pattern, the data of which is not logged in logs. This saves us from adding genisoimage dependency on cloudstack-agent pkg.
The APIs to reset ssh public key, password and user-data (via update VM API) requires that VM should be shutdown. Therefore, in the refactoring I removed the case of updation of existing ISO. If there are objections I'll re-put the strategy to detach+attach new config iso as a way of updation. In the refactored implementation, the folder name is changed to lower-cased configdrive. And during VM start, migration or shutdown/removal if primary storage is enable for use, the KVM agent will handle cleanup tasks otherwise SSVM agent will handle them.
Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
This is to fix the regression added in #2433. In this fix
we're going to fail the build early if --use-timestamp is
provided and working directory is *not* clean.
Remove deprecated tomcat configuration file instead of moving it, since moving it prevented the 4.11 upgrade from overwriting it with the new jetty configurations. Also added systemctl daemon-reload to refresh daemon services so that management server can start up seamlessly after the upgrade.
Fixes#2537
The idea is to create a property in /etc/defaults/cloudstack-management that can be enabled/disabled (uncommented/commented) to control the enabling of Java remote debug in CloudStack's JVM.
