84e496b4f9
This commit implements basic Security Grouping for KVM in Basic Networking. It does not implement full Security Grouping yet, but it does: - Prevent IP-Address source spoofing - Allow DHCPv6 clients, but disallow DHCPv6 servers - Disallow Instances to send out Router Advertisements The Security Grouping allows ICMPv6 packets as described by RFC4890 as they are essential for IPv6 connectivity. Following RFC4890 it allows: - Router Solicitations - Router Advertisements (incoming only) - Neighbor Advertisements - Neighbor Solicitations - Packet Too Big - Time Exceeded - Destination Unreachable - Parameter Problem - Echo Request ICMPv6 is a essential part of IPv6, without it connectivity will break or be very unreliable. For now it allows any UDP and TCP packet to be send in to the Instance which effectively opens up the firewall completely. Future commits will implement Security Grouping further which allows controlling UDP and TCP ports for IPv6 like can be done with IPv4. Regardless of the egress filtering (which can't be done yet) it will always allow outbound DNS to port 53 over UDP or TCP. Signed-off-by: Wido den Hollander <wido@widodh.nl>
CloudStack RPM and DEB packaging
This directory contains all the required scripts and tools needed to build RPM and DEB packages for Apache CloudStack.
These scripts are also used by the CloudStack team to build packages for the official release of CloudStack.
Requirements
The RPM and DEB packages have dependencies on versions of specific libraries. Due to these dependencies the following distributions and their versions are supported by the packages.
- CentOS / RHEL: 6 and 7
- Debian 7 (Wheezy) and 8 (Jessy) (untested!)
- Ubuntu: 14.04 (Trusty) and 16.04 (Xenial)
Building
Using the scripts in the packaging directory the RPM and DEB packages can be build.
DEB
If you simply want to build packages go to the root directory of your CloudStack source code and run:
dpkg-buildpackage
This will build packages for the current distribution version you are running. If you run this on a Ubuntu 16.04 system the packages will be tailored for Ubuntu 16.04 and will not install on Ubuntu 14.04.
Building cross-distribution
If you want to build packages for a different distribution run the build-deb.sh script. This will build packages with the current distribution as a suffix to the package names. E.g. cloudstack-agent_4.9.0~xenial_all.deb
Using a Docker image you can build packages for a distribution you are not running.
The following commands assume that the CloudStack source is present in /tmp/cloudstack on the system you are running these commands on.
docker run -ti -v /tmp:/src ubuntu:16.04 /bin/bash -c "apt-get update && apt-get install -y dpkg-dev python debhelper openjdk-8-jdk genisoimage python-mysql.connector maven lsb-release devscripts && /src/cloudstack/packaging/build-deb.sh"
docker run -ti -v /tmp:/src ubuntu:14.04 /bin/bash -c "apt-get update && apt-get install -y dpkg-dev python debhelper openjdk-7-jdk genisoimage python-mysql.connector maven lsb-release devscripts && /src/cloudstack/packaging/build-deb.sh"
The commands above will generate Ubuntu 14.04 and 16.04 packages which you will find in /tmp on your system after the build succeeds.
RPM
The package.sh script can be used to build RPM packages for CloudStack. In the packaging script you can run the following command:
./package.sh --pack oss --distribution centos7