mirror of
				https://github.com/apache/cloudstack.git
				synced 2025-10-26 01:32:18 +02:00 
			
		
		
		
	This is a regression of #9900 prior to this PR ``` 2025-06-05 12:28:53,992 DEBUG [cloud.agent.Agent] (AgentRequest-Handler-1:[]) (logid:) Processing command: com.cloud.agent.api.PatchSystemVmCommand 2025-06-05 12:29:25,959 DEBUG [resource.wrapper.LibvirtPatchSystemVmCommandWrapper] (AgentRequest-Handler-1:[]) (logid:) Patch result of systemVM s-368-VM: /root 2025-06-05 12:29:25,961 WARN [resource.wrapper.LibvirtPatchSystemVmCommandWrapper] (AgentRequest-Handler-1:[]) (logid:) Failed to get the latest script version 2025-06-05 12:29:25,962 DEBUG [cloud.agent.Agent] (AgentRequest-Handler-1:[]) (logid:) Seq 2-7450361158554357406: { Ans: , MgmtId: 32986204472275, via: 2, Ver: v1, Flags: 10, [{"com.cloud.agent.api.PatchSystemVmAnswer":{"templateVersion":"Cloudstack Release 4.20.1 Wed May 14 05:22:13 PM UTC 2025","scriptsVersion":"5ebc6ded1a3880732363c1cdbbd54cfb ``` with this PR ``` 2025-06-05 12:42:46,219 DEBUG [cloud.agent.Agent] (AgentRequest-Handler-2:[]) (logid:) Request:Seq 2-7450361158554357463: { Cmd , MgmtId: 32986204472275, via: 2, Ver: v1, Flags: 100011, [{"com.cloud.agent.api.PatchSystemVmCommand":{"forced":"true","accessDetails":{"router.ip":"169.254.151.188","router.name":"s-368-VM"},"wait":"0","bypassHostMaintenance":"false"}}] } 2025-06-05 12:42:46,220 DEBUG [cloud.agent.Agent] (AgentRequest-Handler-2:[]) (logid:) Processing command: com.cloud.agent.api.PatchSystemVmCommand 2025-06-05 12:43:18,083 DEBUG [resource.wrapper.LibvirtPatchSystemVmCommandWrapper] (AgentRequest-Handler-2:[]) (logid:) Patch result of systemVM s-368-VM: /root 2025-06-05 12:43:18,083 DEBUG [cloud.agent.Agent] (AgentRequest-Handler-2:[]) (logid:) Seq 2-7450361158554357463: { Ans: , MgmtId: 32986204472275, via: 2, Ver: v1, Flags: 10, [{"com.cloud.agent.api.PatchSystemVmAnswer":{"templateVersion":"Cloudstack Release 4.20.1 Wed May 14 05:22:13 PM UTC 2025","scriptsVersion":"5ebc6ded1a3880732363c1cdbbd54cfb","result":"true","details":"Successfully patched systemVM s-368-VM ","wait":"0","bypassHostMaintenance":"false"}}] } ```
		
			
				
	
	
		
			153 lines
		
	
	
		
			5.0 KiB
		
	
	
	
		
			Bash
		
	
	
	
	
	
			
		
		
	
	
			153 lines
		
	
	
		
			5.0 KiB
		
	
	
	
		
			Bash
		
	
	
	
	
	
| #!/bin/bash
 | |
| # Licensed to the Apache Software Foundation (ASF) under one
 | |
| # or more contributor license agreements.  See the NOTICE file
 | |
| # distributed with this work for additional information
 | |
| # regarding copyright ownership.  The ASF licenses this file
 | |
| # to you under the Apache License, Version 2.0 (the
 | |
| # "License"); you may not use this file except in compliance
 | |
| # with the License.  You may obtain a copy of the License at
 | |
| #
 | |
| #   http://www.apache.org/licenses/LICENSE-2.0
 | |
| #
 | |
| # Unless required by applicable law or agreed to in writing,
 | |
| # software distributed under the License is distributed on an
 | |
| # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 | |
| # KIND, either express or implied.  See the License for the
 | |
| # specific language governing permissions and limitations
 | |
| # under the License.
 | |
| 
 | |
| PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
 | |
| backupfolder=/var/cache/cloud/bkpup_live_patch
 | |
| logfile="/var/log/livepatchsystemvm.log"
 | |
| newpath="/var/cache/cloud/"
 | |
| CMDLINE=/var/cache/cloud/cmdline
 | |
| md5file=/var/cache/cloud/cloud-scripts-signature
 | |
| svcfile=/var/cache/cloud/enabled_svcs
 | |
| TYPE=$(grep -Po 'type=\K[a-zA-Z]*' $CMDLINE)
 | |
| patchfailed=0
 | |
| backuprestored=0
 | |
| 
 | |
| backup_old_package() {
 | |
|   mkdir -p $backupfolder
 | |
|   if [ -d /usr/local/cloud/systemvm/conf/ ]; then
 | |
|     echo "Backing up keystore file and certificates" > $logfile 2>&1
 | |
|     mkdir -p $backupfolder/conf
 | |
|     cp -r /usr/local/cloud/systemvm/conf/* $backupfolder/conf
 | |
|   fi
 | |
|   if [ -d /usr/local/cloud/systemvm/ ]; then
 | |
|     echo "Backing up agent package" >> $logfile 2>&1
 | |
|     cd /usr/local/cloud/systemvm/
 | |
|     zip -r $backupfolder/agent.zip * >> $logfile 2>&1 2>&1
 | |
|     cd -
 | |
|   fi
 | |
|   cp $md5file $backupfolder
 | |
|   echo "Backing up cloud-scripts file" >> $logfile 2>&1
 | |
|   tar -zcvf $backupfolder/cloud-scripts.tgz /etc/ /var/ /opt/ /root/  >> $logfile 2>&1
 | |
| }
 | |
| 
 | |
| restore_backup() {
 | |
|   echo "Restoring cloud scripts" >> $logfile 2>&1
 | |
|   tar -xvf $backupfolder/cloud-scripts.tar -C / >> $logfile 2>&1
 | |
|   echo "Restoring agent package" >> $logfile 2>&1
 | |
|   if [ -f $backupfolder/agent.zip ]; then
 | |
|     unzip $backupfolder/agent.zip -d /usr/local/cloud/systemvm/ >> $logfile 2>&1
 | |
|     echo "Restore keystore file and certificates" >> $logfile 2>&1
 | |
|     mkdir -p "/usr/local/cloud/systemvm/conf/"
 | |
|     cp -r $backupfolder/conf/* /usr/local/cloud/systemvm/conf/
 | |
|   fi
 | |
|   backuprestored=1
 | |
|   restart_services
 | |
|   cp $backupfolder/cloud-scripts-signature $md5file
 | |
| }
 | |
| 
 | |
| update_checksum() {
 | |
|   newmd5=$(md5sum $1 | awk '{print $1}')
 | |
|   echo "checksum: " ${newmd5} >> $logfile 2>&1
 | |
|   echo ${newmd5} > ${md5file}
 | |
| }
 | |
| 
 | |
| restart_services() {
 | |
|   systemctl daemon-reload
 | |
|   while IFS= read -r line
 | |
|     do
 | |
|       for svc in ${line}; do
 | |
|         systemctl is-active --quiet "$svc"
 | |
|         if [ $? -eq 0 ]; then
 | |
|           systemctl restart "$svc"
 | |
|           systemctl is-active --quiet "$svc"
 | |
|           if [ $? -gt 0 ]; then
 | |
|             echo "Failed to start "$svc" service. Patch Failed. Retrying again" >> $logfile 2>&1
 | |
|             if [ $backuprestored == 0 ]; then
 | |
|               restore_backup
 | |
|             fi
 | |
|             patchfailed=1
 | |
|             break
 | |
|           fi
 | |
|         fi
 | |
|       done
 | |
|       if [ $patchfailed == 1 ]; then
 | |
|         return
 | |
|       fi
 | |
|     done < "$svcfile"
 | |
|     if [ "$TYPE" == "consoleproxy" ]; then
 | |
|       vncport=8080
 | |
|       if [ -f /root/vncport ]
 | |
|       then
 | |
|         vncport=`cat /root/vncport`
 | |
|         log_it "vncport read: ${vncport}"
 | |
|       fi
 | |
|       iptables -A INPUT -i eth2 -p tcp -m state --state NEW -m tcp --dport $vncport -j ACCEPT
 | |
|     fi
 | |
| }
 | |
| 
 | |
| cleanup_systemVM() {
 | |
|   rm -rf $backupfolder
 | |
|   mv "$newpath"cloud-scripts.tgz /usr/share/cloud/cloud-scripts.tgz
 | |
|   rm -rf "$newpath""agent.zip" "$newpath""patch-sysvms.sh"
 | |
|   if [ "$TYPE" != "consoleproxy" ] && [ "$TYPE" != "secstorage" ]; then
 | |
|     rm -rf /usr/local/cloud/systemvm/
 | |
|   fi
 | |
| }
 | |
| 
 | |
| patch_systemvm() {
 | |
|   rm -rf /usr/local/cloud/systemvm
 | |
| 
 | |
|   echo "All" | unzip $newpath/agent.zip -d /usr/local/cloud/systemvm >> $logfile 2>&1
 | |
|   mkdir -p /usr/local/cloud/systemvm
 | |
|   find /usr/local/cloud/systemvm/ -name \*.sh | xargs chmod 555
 | |
| 
 | |
|   echo "Extracting cloud scripts" >> $logfile 2>&1
 | |
|   tar -xvf $newpath/cloud-scripts.tgz -C / >> $logfile 2>&1
 | |
| 
 | |
|   if [ -f $backupfolder/conf/cloud.jks ]; then
 | |
|     cp -r $backupfolder/conf/* /usr/local/cloud/systemvm/conf/
 | |
|     echo "Restored keystore file and certs using backup" >> $logfile 2>&1
 | |
|   fi
 | |
| 
 | |
|   if [ "$TYPE" = "consoleproxy" ] || [ "$TYPE" = "secstorage" ]; then
 | |
|     # Import global cacerts into 'cloud' service's keystore
 | |
|     keytool -importkeystore -srckeystore /etc/ssl/certs/java/cacerts -destkeystore /usr/local/cloud/systemvm/certs/realhostip.keystore -srcstorepass changeit -deststorepass vmops.com -noprompt 2>/dev/null || true
 | |
|   fi
 | |
| 
 | |
|   update_checksum $newpath/cloud-scripts.tgz
 | |
| 
 | |
|   if [ -f /opt/cloud/bin/setup/patch.sh ];then
 | |
|     . /opt/cloud/bin/setup/patch.sh && patch_system_vm
 | |
|   fi
 | |
| 
 | |
|   if [ "$TYPE" == "consoleproxy" ] || [ "$TYPE" == "secstorage" ] || [[ "$TYPE" == *router ]]; then
 | |
|     restart_services
 | |
|   fi
 | |
| }
 | |
| 
 | |
| 
 | |
| backup_old_package
 | |
| patch_systemvm
 | |
| cleanup_systemVM
 | |
| 
 | |
| if [ $patchfailed == 0 ]; then
 | |
|   echo "version:$(cat ${md5file}) "
 | |
| fi
 | |
| 
 | |
| exit $patchfailed
 |