mirror of
https://github.com/apache/cloudstack.git
synced 2025-10-26 08:42:29 +01:00
830f3061bc
* Support for live patching systemVMs and deprecating systemVM.iso. Includes: - fix systemVM template version - Include agent.zip, cloud-scripts.tgz to the commons package - Support for live-patching systemVMs - CPVM, SSVM, Routers - Fix Unit test - Remove systemvm.iso dependency * The following commit: - refactors logic added to support SystemVM deployment on KVM - Adds support to copy specific files (required for patching) to the hosts on Xenserver - Modifies vmops method - createFileInDomr to take cleanup param - Adds configuratble sleep param to CitrixResourceBase::connect() used to verify if telnet to specifc port is possible (if sleep is 0, then default to _sleep = 10000ms) - Adds Command/Answer for patch systemVMs on XenServer/Xcp * - Support to patch SystemVMs - VMWare - Remove attaching systemvm.iso to systemVMs - Modify / Refactor VMware start command to copy patch related files to the systemvms - cleanup * Commit comprises of: - remove docker from systemvm template - use containerd as container runtime - update create-k8s-binaries script to use ctr for all docker operations - Update userdata sent to the k8s nodes - update cksnode script, run during patching of the cks/k8s nodes * Add ssh to k8s nodes details in the Access tab on the UI * test * Refactor ca/cert patching logic * Commit comprises of the following changes: - Use restart network/VPC API to patch routers - use livePatch API support patching of only cpvm/ssvm - add timeout to the keystore setup/import script * remove all references of systemvm.iso * Fix keystore-cert-import invocation + refactor cert timeout in CP/SS VMs * fix script timeout * Refactor cert patching for systemVMs + update keystore-cert-import script + patch-sysvms script + remove patchSysvmCommand from networkelementcommand * remove commented code + change core user to cloud for cks nodes * Update ownership of ssh directory * NEED TO DISCUSS - add on the fly template conversion as an ExecStartPre action (systemd) * Add UI changes + move changes from patch file to runcmd * test: validate performance for template modification during seeding * create vms folder in cloudstack-commons directory - debian rules * remove logic for on the fly template convert + update k8s test * fix syntax issue - causing issue with shared network tests * Code cleanup * refactor patching logic - certs * move logic of fixing rootdiskcontroller from upgrade to kubernetes service * add livepatch option to restart network & vpc * smooth upgrade of cks clusters * Support for live patching systemVMs and deprecating systemVM.iso. Includes: - fix systemVM template version - Include agent.zip, cloud-scripts.tgz to the commons package - Support for live-patching systemVMs - CPVM, SSVM, Routers - Fix Unit test - Remove systemvm.iso dependency * The following commit: - refactors logic added to support SystemVM deployment on KVM - Adds support to copy specific files (required for patching) to the hosts on Xenserver - Modifies vmops method - createFileInDomr to take cleanup param - Adds configuratble sleep param to CitrixResourceBase::connect() used to verify if telnet to specifc port is possible (if sleep is 0, then default to _sleep = 10000ms) - Adds Command/Answer for patch systemVMs on XenServer/Xcp * - Support to patch SystemVMs - VMWare - Remove attaching systemvm.iso to systemVMs - Modify / Refactor VMware start command to copy patch related files to the systemvms - cleanup * Commit comprises of: - remove docker from systemvm template - use containerd as container runtime - update create-k8s-binaries script to use ctr for all docker operations - Update userdata sent to the k8s nodes - update cksnode script, run during patching of the cks/k8s nodes * Add ssh to k8s nodes details in the Access tab on the UI * test * Refactor ca/cert patching logic * Commit comprises of the following changes: - Use restart network/VPC API to patch routers - use livePatch API support patching of only cpvm/ssvm - add timeout to the keystore setup/import script * remove all references of systemvm.iso * Fix keystore-cert-import invocation + refactor cert timeout in CP/SS VMs * fix script timeout * Refactor cert patching for systemVMs + update keystore-cert-import script + patch-sysvms script + remove patchSysvmCommand from networkelementcommand * remove commented code + change core user to cloud for cks nodes * Update ownership of ssh directory * NEED TO DISCUSS - add on the fly template conversion as an ExecStartPre action (systemd) * Add UI changes + move changes from patch file to runcmd * test: validate performance for template modification during seeding * create vms folder in cloudstack-commons directory - debian rules * remove logic for on the fly template convert + update k8s test * fix syntax issue - causing issue with shared network tests * Code cleanup * add cgroup config for containerd * add systemd config for kubelet * add additional info during image registry config * address comments * add temp links of download.cloudstack.org * address part of the comments * address comments * update containerd config - as version has upgraded to 1.5 from 1.4.12 in 4.17.0 * address comments - simplify * fix vue3 related icon changes * allow network commands when router template version is lower but is patched * add internal LB to the list of routers to be patched on network restart with live patch * add unit tests for API param validations and new helper utilities - file scp & checksum validations * perform patching only for non-user i.e., system VMs * add test to validate params * remove unused import * add column to domain_router to display software version and support networkrestart with livePatch from router view * Requires upgrade column to consider package (cloud-scripts) checksum to identify if true/false * use router software version instead of checksum * show N/A if no software version reported i.e., in upgraded envs * fix deb failure * update pom to official links of systemVM template
102 lines
3.1 KiB
Bash
Executable File
102 lines
3.1 KiB
Bash
Executable File
#!/bin/bash
|
|
# Licensed to the Apache Software Foundation (ASF) under one
|
|
# or more contributor license agreements. See the NOTICE file
|
|
# distributed with this work for additional information
|
|
# regarding copyright ownership. The ASF licenses this file
|
|
# to you under the Apache License, Version 2.0 (the
|
|
# "License"); you may not use this file except in compliance
|
|
# with the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing,
|
|
# software distributed under the License is distributed on an
|
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
# KIND, either express or implied. See the License for the
|
|
# specific language governing permissions and limitations
|
|
# under the License.
|
|
|
|
. /opt/cloud/bin/setup/common.sh
|
|
|
|
check_reboot_vmware() {
|
|
if [ "$HYPERVISOR" != "vmware" ]; then
|
|
return
|
|
fi
|
|
|
|
if [ -n "$MGMTNET" ]; then
|
|
MGMT_GW=$(echo $MGMTNET | awk -F "." '{print $1"."$2"."$3".1"}')
|
|
if ping -n -c 1 -W 3 $MGMT_GW &> /dev/null; then
|
|
log_it "Management gateway pingable, skipping VR reboot"
|
|
return
|
|
fi
|
|
fi
|
|
|
|
log_it "Management gateway not pingable, rebooting VR"
|
|
sync
|
|
reboot
|
|
}
|
|
|
|
setup_router() {
|
|
# To save router public interface and gw ip information
|
|
touch /var/cache/cloud/ifaceGwIp
|
|
|
|
oldmd5=
|
|
[ -f "/etc/udev/rules.d/70-persistent-net.rules" ] && oldmd5=$(md5sum "/etc/udev/rules.d/70-persistent-net.rules" | awk '{print $1}')
|
|
|
|
log_it "Checking udev NIC assignment order changes"
|
|
if [ "$NIC_MACS" != "" ]
|
|
then
|
|
init_interfaces_orderby_macs "$NIC_MACS" "/tmp/interfaces" "/tmp/udev-rules"
|
|
newmd5=$(md5sum "/tmp/udev-rules" | awk '{print $1}')
|
|
rm /tmp/interfaces
|
|
rm /tmp/udev-rules
|
|
|
|
if [ "$oldmd5" != "$newmd5" ]
|
|
then
|
|
log_it "Reloading udev for new udev NIC assignment"
|
|
udevadm control --reload-rules && udevadm trigger
|
|
check_reboot_vmware
|
|
fi
|
|
fi
|
|
|
|
setup_aesni
|
|
setup_dnsmasq
|
|
setup_apache2 $ETH0_IP
|
|
|
|
sed -i /$NAME/d /etc/hosts
|
|
echo "$ETH0_IP $NAME" >> /etc/hosts
|
|
|
|
enable_irqbalance 1
|
|
disable_rpfilter_domR
|
|
enable_fwding 1
|
|
enable_rpsrfs 1
|
|
enable_passive_ftp 1
|
|
|
|
# Only allow DNS service for current network
|
|
sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
|
|
sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
|
|
|
|
# Setup hourly logrotate
|
|
if [ -f /etc/cron.daily/logrotate ]; then
|
|
mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1
|
|
fi
|
|
|
|
# Setup hourly lograte in systemd timer
|
|
sed -i 's/OnCalendar=daily/OnCalendar=hourly/g' /usr/lib/systemd/system/logrotate.timer
|
|
sed -i 's/AccuracySec=12h/AccuracySec=5m/g' /usr/lib/systemd/system/logrotate.timer
|
|
|
|
# reload daemon
|
|
/usr/bin/systemctl daemon-reload
|
|
|
|
# Load modules to support NAT traversal in VR
|
|
modprobe nf_nat_pptp
|
|
}
|
|
|
|
routing_svcs
|
|
if [ $? -gt 0 ]
|
|
then
|
|
log_it "Failed to execute routing_svcs"
|
|
exit 1
|
|
fi
|
|
setup_router
|