This is an automated email from the ASF dual-hosted git repository. bhaisaab pushed a commit to branch debian9-systemvmtemplate in repository https://gitbox.apache.org/repos/asf/cloudstack.git
commit 76ae9bb40ae9182c6b914f70b81c540330c664af Author: Rohit Yadav <[email protected]> AuthorDate: Fri Nov 24 18:59:20 2017 +0530 refactor individual setup scripts Signed-off-by: Rohit Yadav <[email protected]> --- .../debian/config/etc/init.d/cloud-early-config | 243 +++-------------- .../debian/config/opt/cloud/bin/setup/common.sh | 287 +++++++++++++++++---- .../config/opt/cloud/bin/setup/consoleproxy.sh | 26 +- .../debian/config/opt/cloud/bin/setup/dhcpsrvr.sh | 19 ++ .../debian/config/opt/cloud/bin/setup/elbvm.sh | 17 ++ .../debian/config/opt/cloud/bin/setup/ilbvm.sh | 17 ++ .../config/opt/cloud/bin/setup/patchsystemvm.sh | 217 ++-------------- .../debian/config/opt/cloud/bin/setup/router.sh | 6 + .../config/opt/cloud/bin/setup/secstorage.sh | 25 +- .../debian/config/opt/cloud/bin/setup/vpcrouter.sh | 6 + 10 files changed, 412 insertions(+), 451 deletions(-) diff --git a/systemvm/patches/debian/config/etc/init.d/cloud-early-config b/systemvm/patches/debian/config/etc/init.d/cloud-early-config index a0c51b9..5c16c9f 100755 --- a/systemvm/patches/debian/config/etc/init.d/cloud-early-config +++ b/systemvm/patches/debian/config/etc/init.d/cloud-early-config @@ -27,6 +27,7 @@ #set -x #exec 3>&0 4>&1 > /var/log/test.log 2>&1 PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" +CMDLINE=/var/cache/cloud/cmdline # Clear boot up flag, it would be created by rc.local after boot up done rm -f /var/cache/cloud/boot_up_done @@ -35,13 +36,11 @@ rm -f /var/cache/cloud/boot_up_done . /lib/lsb/init-functions - log_it() { echo "$(date) $@" >> /var/log/cloud.log log_action_msg "$@" } - hypervisor() { [ -d /proc/xen ] && mount -t xenfs none /proc/xen [ -d /proc/xen ] && echo "xen-domU" && return 0 @@ -57,19 +56,33 @@ hypervisor() { echo "unknown" && return 1 } - config_guest() { - [ -f /usr/sbin/hv_kvp_daemon ] && /usr/sbin/hv_kvp_daemon + if [ "$HYPERVISOR" == "kvm" ] + then + # Configure hot-plug + sed -i -e "/acpiphp/d" /etc/modules + sed -i -e "/pci_hotplug/d" /etc/modules + echo acpiphp >> /etc/modules + echo pci_hotplug >> /etc/modules + # Configure serial console FIXME: remove during build we enable it? + #sed -i -e "/^serial.*/d" /boot/grub/grub.conf + #sed -i -e "/^terminal.*/d" /boot/grub/grub.conf + #sed -i -e "/^default.*/a\serial --unit=0 --speed=115200 --parity=no --stop=1" /boot/grub/grub.conf + #sed -i -e "/^serial.*/a\terminal --timeout=0 serial console" /boot/grub/grub.conf + #sed -i -e "s/\(^kernel.* ro\) \(console.*\)/\1 console=tty0 console=ttyS0,115200n8/" /boot/grub/grub.conf + sed -i -e "/^s0:2345:respawn.*/d" /etc/inittab + sed -i -e "/6:23:respawn/a\s0:2345:respawn:/sbin/getty -L 115200 ttyS0 vt102" /etc/inittab + fi [ ! -d /proc/xen ] && sed -i 's/^vc/#vc/' /etc/inittab && telinit q [ -d /proc/xen ] && sed -i 's/^#vc/vc/' /etc/inittab && telinit q + [ -f /usr/sbin/hv_kvp_daemon ] && /usr/sbin/hv_kvp_daemon } - get_boot_params() { case $HYPERVISOR in xen-domU|xen-hvm) - cat /proc/cmdline > /var/cache/cloud/cmdline - sed -i "s/%/ /g" /var/cache/cloud/cmdline + cat /proc/cmdline > $CMDLINE + sed -i "s/%/ /g" $CMDLINE ;; kvm) VPORT=$(find /dev/virtio-ports -type l -name '*.vport' 2>/dev/null|head -1) @@ -89,7 +102,7 @@ get_boot_params() { while read line; do if [[ $line == cmdline:* ]]; then cmd=${line//cmdline:/} - echo $cmd > /var/cache/cloud/cmdline + echo $cmd > $CMDLINE elif [[ $line == pubkey:* ]]; then pubkey=${line//pubkey:/} echo $pubkey > /var/cache/cloud/authorized_keys @@ -98,7 +111,7 @@ get_boot_params() { done < $VPORT # In case of reboot we do not send the boot args again. # So, no need to wait for them, as the boot args are already set at startup - if [ -s /var/cache/cloud/cmdline ] + if [ -s $CMDLINE ] then log_it "Found a non empty cmdline file. Will now exit the loop and proceed with configuration." break; @@ -109,20 +122,20 @@ get_boot_params() { chmod go-rwx /root/.ssh/authorized_keys ;; vmware) - vmtoolsd --cmd 'machine.id.get' > /var/cache/cloud/cmdline + vmtoolsd --cmd 'machine.id.get' > $CMDLINE ;; virtualpc|hyperv) # Hyper-V is recognized as virtualpc hypervisor type. Boot args are passed using KVP Daemon #waiting for the hv_kvp_daemon to start up #sleep need to fix the race condition of hv_kvp_daemon and cloud-early-config sleep 5 - cp -f /var/opt/hyperv/.kvp_pool_0 /var/cache/cloud/cmdline + cp -f /var/opt/hyperv/.kvp_pool_0 $CMDLINE cat /dev/null > /var/opt/hyperv/.kvp_pool_0 ;; virtualbox) # Virtualbox is used to test the virtual router # get the commandline from a dmistring (yes, hacky!) - dmidecode | grep cmdline | sed 's/^.*cmdline://' > /var/cache/cloud/cmdline + dmidecode | grep cmdline | sed 's/^.*cmdline://' > $CMDLINE RV=$? if [ $RV -ne 0 ] ; then log_it "Failed to get cmdline from a virtualbox dmi property" @@ -131,184 +144,21 @@ get_boot_params() { esac } - -parse_cmd_line() { - CMDLINE=$(cat /var/cache/cloud/cmdline) - TYPE="unknown" - BOOTPROTO="static" - DISABLE_RP_FILTER="false" - STORAGE_IP="" - STORAGE_NETMASK="" - STORAGE_CIDR="" - VM_PASSWORD="" - - CHEF_TMP_FILE=/tmp/cmdline.json - COMMA="\t" - echo -e "{\n\"type\": \"cmdline\"," > ${CHEF_TMP_FILE} - echo -e "\n\"cmd_line\": {" >> ${CHEF_TMP_FILE} - - for i in $CMDLINE +get_systemvm_type() { + for str in $(cat $CMDLINE) do - # search for foo=bar pattern and cut out foo - KEY=$(echo $i | cut -d= -f1) - VALUE=$(echo $i | cut -d= -f2) - echo -en ${COMMA} >> ${CHEF_TMP_FILE} - # Two lines so values do not accidently interpretted as escapes!! - echo -n \"${KEY}\"': '\"${VALUE}\" >> ${CHEF_TMP_FILE} - COMMA=",\n\t" + KEY=$(echo $str | cut -d= -f1) + VALUE=$(echo $str | cut -d= -f2) case $KEY in - disable_rp_filter) - export DISABLE_RP_FILTER=$VALUE - ;; - eth0ip) - export ETH0_IP=$VALUE - ;; - eth1ip) - export ETH1_IP=$VALUE - ;; - eth2ip) - export ETH2_IP=$VALUE - ;; - host) - export MGMT_HOST=$VALUE - ;; - gateway) - export GW=$VALUE - ;; - ip6gateway) - export IP6GW=$VALUE - ;; - eth0mask) - export ETH0_MASK=$VALUE - ;; - eth1mask) - export ETH1_MASK=$VALUE - ;; - eth2mask) - export ETH2_MASK=$VALUE - ;; - eth0ip6) - export ETH0_IP6=$VALUE - ;; - eth0ip6prelen) - export ETH0_IP6_PRELEN=$VALUE - ;; - internaldns1) - export internalNS1=$VALUE - ;; - internaldns2) - export internalNS2=$VALUE - ;; - dns1) - export NS1=$VALUE - ;; - dns2) - export NS2=$VALUE - ;; - ip6dns1) - export IP6_NS1=$VALUE - ;; - ip6dns2) - export IP6_NS2=$VALUE - ;; - domain) - export DOMAIN=$VALUE - ;; - dnssearchorder) - export DNS_SEARCH_ORDER=$VALUE - ;; - useextdns) - export USE_EXTERNAL_DNS=$VALUE - ;; - mgmtcidr) - export MGMTNET=$VALUE - ;; - localgw) - export LOCAL_GW=$VALUE - ;; - template) - export TEMPLATE=$VALUE - ;; - sshonguest) - export SSHONGUEST=$VALUE - ;; - name) - export NAME=$VALUE - ;; - dhcprange) - export DHCP_RANGE=$(echo $VALUE | tr ':' ',') - ;; - bootproto) - export BOOTPROTO=$VALUE - ;; type) - export TYPE=$VALUE - ;; - defaultroute) - export DEFAULTROUTE=$VALUE - ;; - redundant_router) - export RROUTER=$VALUE - ;; - guestgw) - export GUEST_GW=$VALUE - ;; - guestbrd) - export GUEST_BRD=$VALUE - ;; - guestcidrsize) - export GUEST_CIDR_SIZE=$VALUE - ;; - router_pr) - export ROUTER_PR=$VALUE - ;; - extra_pubnics) - export EXTRA_PUBNICS=$VALUE - ;; - nic_macs) - export NIC_MACS=$VALUE - ;; - mtu) - export MTU=$VALUE - ;; - storageip) - export STORAGE_IP=$VALUE - ;; - storagenetmask) - export STORAGE_NETMASK=$VALUE - ;; - storagecidr) - export STORAGE_CIDR=$VALUE - ;; - vmpassword) - export VM_PASSWORD=$VALUE - ;; - vpccidr) - export VPCCIDR=$VALUE - ;; - cidrsize) - export CIDR_SIZE=$VALUE - ;; - advert_int) - export ADVERT_INT=$VALUE - ;; - ntpserverlist) - export NTP_SERVER_LIST=$VALUE - ;; + export TYPE=$VALUE + ;; + *) + ;; esac done - echo -e "\n\t}\n}" >> ${CHEF_TMP_FILE} - if [ "$TYPE" != "unknown" ] - then - mv ${CHEF_TMP_FILE} /var/cache/cloud/cmd_line.json - fi - - [ $ETH0_IP ] && export LOCAL_ADDRS=$ETH0_IP - [ $ETH0_IP6 ] && export LOCAL_ADDRS=$ETH0_IP6 - [ $ETH0_IP ] && [ $ETH0_IP6 ] && export LOCAL_ADDRS="$ETH0_IP,$ETH0_IP6" } - patch() { local PATCH_MOUNT=/media/cdrom local patchfile=$PATCH_MOUNT/cloud-scripts.tgz @@ -345,34 +195,20 @@ patch() { tar xzf $patchfile -C / echo ${newmd5} > ${md5file} log_it "Patched scripts using $patchfile" - sync fi log_it "Patching cloud service" - /opt/cloud/bin/setup/patchsystemvm.sh $PATCH_MOUNT $HYPERVISOR $TYPE + /opt/cloud/bin/setup/patchsystemvm.sh $PATCH_MOUNT $TYPE umount $PATCH_MOUNT fi if [ -f /mnt/cmdline ]; then - cat /mnt/cmdline > /var/cache/cloud/cmdline - parse_cmd_line + cat /mnt/cmdline > $CMDLINE fi return 0 } - -change_password() { - # Randomize cloud password so only ssh login is allowed - echo "cloud:`openssl rand -base64 32`" | chpasswd - - if [ x"$VM_PASSWORD" != x"" ] - then - echo "root:$VM_PASSWORD" | chpasswd - fi -} - - start() { # Clear /tmp for file lock rm -f /tmp/*.lock @@ -384,9 +220,11 @@ start() { config_guest get_boot_params - parse_cmd_line + get_systemvm_type patch - change_password + sync + + log_it "Configuring systemvm type=$TYPE" if [ -f "/opt/cloud/bin/setup/$TYPE.sh" ]; then /opt/cloud/bin/setup/$TYPE.sh @@ -394,10 +232,11 @@ start() { /opt/cloud/bin/setup/default.sh fi + log_it "Finished setting up systemvm" + return 0 } - case "$1" in start) log_action_begin_msg "Executing cloud-early-config" diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/common.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/common.sh index 72be0ab..7f9cc71 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/setup/common.sh +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/common.sh @@ -20,13 +20,11 @@ PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" . /lib/lsb/init-functions - log_it() { echo "$(date) $@" >> /var/log/cloud.log log_action_msg "$@" } - init_interfaces_orderby_macs() { macs=( $(echo $1 | sed "s/|/ /g") ) total_nics=${#macs[@]} @@ -36,7 +34,7 @@ init_interfaces_orderby_macs() { echo -n "auto lo" > $interface_file for((i=0; i<total_nics; i++)) do - if [[ $i < 3 ]] + if [[ $i < 3 ]] then echo -n " eth$i" >> $interface_file fi @@ -50,11 +48,10 @@ EOF echo "" > $rule_file for((i=0; i < ${#macs[@]}; i++)) do - echo "SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", ATTR{address}==\"${macs[$i]}\", NAME=\"eth$i\"" >> $rule_file + echo "SUBSYSTEM==\"net\", ACTION==\"add\", DRIVERS==\"?*\", ATTR{address}==\"${macs[$i]}\", NAME=\"eth$i\"" >> $rule_file done } - init_interfaces() { if [ "$NIC_MACS" == "" ] then @@ -68,14 +65,13 @@ EOF fi } - setup_interface() { local intfnum=$1 local ip=$2 local mask=$3 local gw=$4 local force=$5 - local intf=eth${intfnum} + local intf=eth${intfnum} local bootproto="static" @@ -136,7 +132,6 @@ setup_interface() { fi } - setup_interface_ipv6() { sysctl net.ipv6.conf.all.disable_ipv6=0 sysctl net.ipv6.conf.all.forwarding=1 @@ -168,14 +163,12 @@ enable_fwding() { [ -f /etc/iptables/iptables.conf ] && sed -i "s/ENABLE_ROUTING=.*$/ENABLE_ROUTING=$enabled/" /etc/iptables/iptables.conf && return } - disable_rpfilter() { log_it "cloud: disable rp_filter" log_it "disable rpfilter" - sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf + sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf } - get_public_vif_list() { local vif_list="" for i in /sys/class/net/eth*; do @@ -185,33 +178,32 @@ get_public_vif_list() { vif_list="$vif_list $vif"; fi done - + echo $vif_list } - disable_rpfilter_domR() { log_it "cloud: Tuning rp_filter on public interfaces" - + VIF_LIST=$(get_public_vif_list) log_it "rpfilter public interfaces : $VIF_LIST" if [ "$DISABLE_RP_FILTER" == "true" ] then log_it "cloud: disable rp_filter on public interfaces" - sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf + sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 0/" /etc/sysctl.conf echo "0" > /proc/sys/net/ipv4/conf/default/rp_filter for vif in $VIF_LIST; do log_it "cloud: disable rp_filter on public interface: $vif" - sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 0/" /etc/sysctl.conf + sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 0/" /etc/sysctl.conf echo "0" > /proc/sys/net/ipv4/conf/$vif/rp_filter done else log_it "cloud: enable rp_filter on public interfaces" - sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 1/" /etc/sysctl.conf + sed -i "s/net.ipv4.conf.default.rp_filter.*$/net.ipv4.conf.default.rp_filter = 1/" /etc/sysctl.conf echo "1" > /proc/sys/net/ipv4/conf/default/rp_filter for vif in $VIF_LIST; do log_it "cloud: enable rp_filter on public interface: $vif" - sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 1/" /etc/sysctl.conf + sed -i "s/net.ipv4.conf.$vif.rp_filter.*$/net.ipv4.conf.$vif.rp_filter = 1/" /etc/sysctl.conf echo "1" > /proc/sys/net/ipv4/conf/$vif/rp_filter done fi @@ -221,7 +213,6 @@ disable_rpfilter_domR() { echo "1" > /proc/sys/net/ipv4/conf/lo/rp_filter } - enable_irqbalance() { local enabled=$1 local proc=0 @@ -237,7 +228,6 @@ enable_irqbalance() { [ -f $cfg ] && sed -i "s/ENABLED=.*$/ENABLED=$enabled/" $cfg && return } - enable_vpc_rpsrfs() { local enable=$1 if [ $enable -eq 0 ] @@ -250,7 +240,6 @@ enable_vpc_rpsrfs() { return 0 } - enable_rpsrfs() { local enable=$1 @@ -291,7 +280,6 @@ enable_rpsrfs() { echo 256 > /sys/class/net/eth2/queues/rx-0/rps_flow_cnt } - setup_common() { init_interfaces $1 $2 $3 if [ -n "$ETH0_IP" ] @@ -307,11 +295,11 @@ setup_common() { then setup_interface "2" $ETH2_IP $ETH2_MASK $GW fi - + echo $NAME > /etc/hostname echo 'AVAHI_DAEMON_DETECT_LOCAL=0' > /etc/default/avahi-daemon hostnamectl set-hostname $NAME - + #Nameserver sed -i -e "/^nameserver.*$/d" /etc/resolv.conf # remove previous entries sed -i -e "/^nameserver.*$/d" /etc/dnsmasq-resolv.conf # remove previous entries @@ -320,7 +308,7 @@ setup_common() { echo "nameserver $internalNS1" > /etc/dnsmasq-resolv.conf echo "nameserver $internalNS1" > /etc/resolv.conf fi - + if [ -n "$internalNS2" ] then echo "nameserver $internalNS2" >> /etc/dnsmasq-resolv.conf @@ -331,7 +319,7 @@ setup_common() { echo "nameserver $NS1" >> /etc/dnsmasq-resolv.conf echo "nameserver $NS1" >> /etc/resolv.conf fi - + if [ -n "$NS2" ] then echo "nameserver $NS2" >> /etc/dnsmasq-resolv.conf @@ -366,7 +354,7 @@ setup_common() { ip route add default via $GW dev $gwdev fi - + # a hacking way to activate vSwitch under VMware ping -n -c 3 $GW & sleep 3 @@ -381,16 +369,14 @@ setup_common() { ping -n -c 3 $MGMT_GW & sleep 3 pkill ping - + fi - local hyp=$(hypervisor) - if [ "$hyp" == "vmware" ]; then + if [ "$HYPERVISOR" == "vmware" ]; then ntpq -p &> /dev/null || vmware-toolbox-cmd timesync enable fi } - setup_dnsmasq() { log_it "Setting up dnsmasq" @@ -404,7 +390,7 @@ setup_dnsmasq() { #get the template cp /etc/dnsmasq.conf.tmpl /etc/dnsmasq.conf - + if [ -n "$DOMAIN" ] then #send domain name to dhcp clients @@ -414,17 +400,17 @@ setup_dnsmasq() { #answer all local domain queries sed -i -e "s/^[#]*local=.*$/local=\/$DOMAIN\//" /etc/dnsmasq.conf fi - + if [ -n "$DNS_SEARCH_ORDER" ] then sed -i -e "/^[#]*dhcp-option.*=119.*$/d" /etc/dnsmasq.conf echo "dhcp-option-force=119,$DNS_SEARCH_ORDER" >> /etc/dnsmasq.conf # set the domain search order as a space seprated list for option 15 DNS_SEARCH_ORDER=$(echo $DNS_SEARCH_ORDER | sed 's/,/ /g') - #send domain name to dhcp clients + #send domain name to dhcp clients sed -i s/[#]*dhcp-option=15.*$/dhcp-option=15,\""$DNS_SEARCH_ORDER"\"/ /etc/dnsmasq.conf fi - + if [ $DHCP_RANGE ] then sed -i -e "s/^dhcp-range_ip4=.*$/dhcp-range=$DHCP_RANGE,static/" /etc/dnsmasq.conf @@ -479,8 +465,8 @@ setup_dnsmasq() { NS6=${NS6%?} [ $ETH0_IP ] && echo "dhcp-option=6,$NS" >> /etc/dnsmasq.conf [ $ETH0_IP6 ] && echo "dhcp-option=option6:dns-server,$NS6" >> /etc/dnsmasq.conf -#adding the name data-server to the /etc/hosts for allowing the access to user-data service and ssh-key reset in every subnet. -#removing the existing entires to avoid duplicates on restarts. + #adding the name data-server to the /etc/hosts for allowing the access to user-data service and ssh-key reset in every subnet. + #removing the existing entires to avoid duplicates on restarts. sed -i '/data-server/d' /etc/hosts if [ -n "$ETH0_IP" ] then @@ -490,7 +476,7 @@ setup_dnsmasq() { then echo "$ETH0_IP6 data-server" >> /etc/hosts fi -#add the dhcp-client-update only if dnsmasq version is 2.6 and above + #add the dhcp-client-update only if dnsmasq version is 2.6 and above dnsmasqVersion=$(dnsmasq -v | grep version -m 1 | grep -o "[[:digit:]]\.[[:digit:]]") major=$(echo "$dnsmasqVersion" | cut -d '.' -f 1) minor=$(echo "$dnsmasqVersion" | cut -d '.' -f 2) @@ -511,7 +497,6 @@ setup_dnsmasq() { fi } - setup_sshd(){ local ip=$1 local eth=$2 @@ -521,7 +506,6 @@ setup_sshd(){ systemctl restart sshd } - setup_vpc_apache2() { log_it "Setting up apache web server for VPC" systemctl disable apache2 @@ -529,7 +513,6 @@ setup_vpc_apache2() { setup_apache2_common } - clean_ipalias_config() { # Old rm -f /etc/apache2/conf.d/ports.*.meta-data.conf @@ -550,7 +533,6 @@ clean_ipalias_config() { rm -rf /etc/failure_config } - setup_apache2_common() { sed -i 's/^Include ports.conf.*/# CS: Done by Python CsApp config\n#Include ports.conf/g' /etc/apache2/apache2.conf [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerTokens .*/ServerTokens Prod/g" /etc/apache2/conf.d/security @@ -562,7 +544,6 @@ setup_apache2_common() { echo "Options -Indexes" > /var/www/html/.htaccess } - setup_apache2() { log_it "Setting up apache web server" clean_ipalias_config @@ -570,7 +551,6 @@ setup_apache2() { local ip=$1 } - setup_aesni() { if [ `grep aes /proc/cpuinfo | wc -l` -gt 0 ] then @@ -578,7 +558,6 @@ setup_aesni() { fi } - setup_storage_network() { if [ x"$STORAGE_IP" == "x" -o x"$STORAGE_NETMASK" == "x" ] then @@ -595,7 +574,6 @@ setup_storage_network() { log_it "Successfully setup storage network with STORAGE_IP:$STORAGE_IP, STORAGE_NETMASK:$STORAGE_NETMASK, STORAGE_CIDR:$STORAGE_CIDR" } - setup_system_rfc1918_internal() { public_ip=`getPublicIp` echo "$public_ip" | grep -E "^((127\.)|(10\.)|(172\.1[6-9]\.)|(172\.2[0-9]\.)|(172\.3[0-1]\.)|(192\.168\.))" @@ -612,14 +590,12 @@ setup_system_rfc1918_internal() { fi } - getPublicIp() { public_ip=$ETH2_IP [ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH1_IP echo $public_ip } - setup_ntp() { log_it "Setting up NTP" NTP_CONF_FILE="/etc/ntp.conf" @@ -640,3 +616,218 @@ setup_ntp() { log_it "NTP configuration file not found" fi } + +routing_svcs() { + grep "redundant_router=1" /var/cache/cloud/cmdline > /dev/null + RROUTER=$? + systemctl disable --now cloud + systemctl disable --now haproxy + systemctl disable --now nfs-common + systemctl disable --now portmap + systemctl enable --now ssh + echo "ssh haproxy apache2" > /var/cache/cloud/enabled_svcs + echo "cloud nfs-common portmap" > /var/cache/cloud/disabled_svcs + if [ $RROUTER -eq 0 ] + then + systemctl disable --now cloud-passwd-srvr + systemctl disable --now dnsmasq + systemctl enable --now conntrackd + systemctl enable --now keepalived + systemctl enable --now postinit + echo "keepalived conntrackd postinit" >> /var/cache/cloud/enabled_svcs + echo "dnsmasq cloud-passwd-srvr" >> /var/cache/cloud/disabled_svcs + else + systemctl disable --now conntrackd + systemctl disable --now keepalived + systemctl enable --now cloud-passwd-srvr + systemctl enable --now dnsmasq + echo "dnsmasq cloud-passwd-srvr " >> /var/cache/cloud/enabled_svcs + echo "keepalived conntrackd " >> /var/cache/cloud/disabled_svcs + fi +} + +parse_cmd_line() { + CMDLINE=$(cat /var/cache/cloud/cmdline) + TYPE="unknown" + BOOTPROTO="static" + DISABLE_RP_FILTER="false" + STORAGE_IP="" + STORAGE_NETMASK="" + STORAGE_CIDR="" + VM_PASSWORD="" + + CHEF_TMP_FILE=/tmp/cmdline.json + COMMA="\t" + echo -e "{\n\"type\": \"cmdline\"," > ${CHEF_TMP_FILE} + echo -e "\n\"cmd_line\": {" >> ${CHEF_TMP_FILE} + + for i in $CMDLINE + do + # search for foo=bar pattern and cut out foo + KEY=$(echo $i | cut -d= -f1) + VALUE=$(echo $i | cut -d= -f2) + echo -en ${COMMA} >> ${CHEF_TMP_FILE} + # Two lines so values do not accidently interpretted as escapes!! + echo -n \"${KEY}\"': '\"${VALUE}\" >> ${CHEF_TMP_FILE} + COMMA=",\n\t" + case $KEY in + disable_rp_filter) + export DISABLE_RP_FILTER=$VALUE + ;; + eth0ip) + export ETH0_IP=$VALUE + ;; + eth1ip) + export ETH1_IP=$VALUE + ;; + eth2ip) + export ETH2_IP=$VALUE + ;; + host) + export MGMT_HOST=$VALUE + ;; + gateway) + export GW=$VALUE + ;; + ip6gateway) + export IP6GW=$VALUE + ;; + eth0mask) + export ETH0_MASK=$VALUE + ;; + eth1mask) + export ETH1_MASK=$VALUE + ;; + eth2mask) + export ETH2_MASK=$VALUE + ;; + eth0ip6) + export ETH0_IP6=$VALUE + ;; + eth0ip6prelen) + export ETH0_IP6_PRELEN=$VALUE + ;; + internaldns1) + export internalNS1=$VALUE + ;; + internaldns2) + export internalNS2=$VALUE + ;; + dns1) + export NS1=$VALUE + ;; + dns2) + export NS2=$VALUE + ;; + ip6dns1) + export IP6_NS1=$VALUE + ;; + ip6dns2) + export IP6_NS2=$VALUE + ;; + domain) + export DOMAIN=$VALUE + ;; + dnssearchorder) + export DNS_SEARCH_ORDER=$VALUE + ;; + useextdns) + export USE_EXTERNAL_DNS=$VALUE + ;; + mgmtcidr) + export MGMTNET=$VALUE + ;; + localgw) + export LOCAL_GW=$VALUE + ;; + template) + export TEMPLATE=$VALUE + ;; + sshonguest) + export SSHONGUEST=$VALUE + ;; + name) + export NAME=$VALUE + ;; + dhcprange) + export DHCP_RANGE=$(echo $VALUE | tr ':' ',') + ;; + bootproto) + export BOOTPROTO=$VALUE + ;; + type) + export TYPE=$VALUE + ;; + defaultroute) + export DEFAULTROUTE=$VALUE + ;; + redundant_router) + export RROUTER=$VALUE + ;; + guestgw) + export GUEST_GW=$VALUE + ;; + guestbrd) + export GUEST_BRD=$VALUE + ;; + guestcidrsize) + export GUEST_CIDR_SIZE=$VALUE + ;; + router_pr) + export ROUTER_PR=$VALUE + ;; + extra_pubnics) + export EXTRA_PUBNICS=$VALUE + ;; + nic_macs) + export NIC_MACS=$VALUE + ;; + mtu) + export MTU=$VALUE + ;; + storageip) + export STORAGE_IP=$VALUE + ;; + storagenetmask) + export STORAGE_NETMASK=$VALUE + ;; + storagecidr) + export STORAGE_CIDR=$VALUE + ;; + vmpassword) + export VM_PASSWORD=$VALUE + ;; + vpccidr) + export VPCCIDR=$VALUE + ;; + cidrsize) + export CIDR_SIZE=$VALUE + ;; + advert_int) + export ADVERT_INT=$VALUE + ;; + ntpserverlist) + export NTP_SERVER_LIST=$VALUE + ;; + esac + done + echo -e "\n\t}\n}" >> ${CHEF_TMP_FILE} + if [ "$TYPE" != "unknown" ] + then + mv ${CHEF_TMP_FILE} /var/cache/cloud/cmd_line.json + fi + + [ $ETH0_IP ] && export LOCAL_ADDRS=$ETH0_IP + [ $ETH0_IP6 ] && export LOCAL_ADDRS=$ETH0_IP6 + [ $ETH0_IP ] && [ $ETH0_IP6 ] && export LOCAL_ADDRS="$ETH0_IP,$ETH0_IP6" + + # Randomize cloud password so only ssh login is allowed + echo "cloud:`openssl rand -base64 32`" | chpasswd + + if [ x"$VM_PASSWORD" != x"" ] + then + echo "root:$VM_PASSWORD" | chpasswd + fi +} + +parse_cmd_line diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/consoleproxy.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/consoleproxy.sh index 00bd927..fb36335 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/setup/consoleproxy.sh +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/consoleproxy.sh @@ -18,10 +18,24 @@ . /opt/cloud/bin/setup/common.sh +consoleproxy_svcs() { + systemctl disable --now apache2 + systemctl disable --now cloud-passwd-srvr + systemctl disable --now conntrackd + systemctl disable --now dnsmasq + systemctl disable --now haproxy + systemctl disable --now keepalived + systemctl disable --now nfs-common + systemctl disable --now portmap + systemctl enable --now postinit + systemctl enable --now ssh + echo "cloud postinit ssh" > /var/cache/cloud/enabled_svcs + echo "cloud-passwd-srvr haproxy dnsmasq apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs + mkdir -p /var/log/cloud +} setup_console_proxy() { log_it "Setting up console proxy system vm" - local hyp=$HYPERVISOR setup_common eth0 eth1 eth2 setup_system_rfc1918_internal public_ip=`getPublicIp` @@ -29,18 +43,24 @@ setup_console_proxy() { echo "$public_ip $NAME" >> /etc/hosts cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules.v4 cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules + local hyp=$HYPERVISOR if [ "$hyp" == "vmware" ] || [ "$hyp" == "hyperv" ]; then setup_sshd $ETH1_IP "eth1" else setup_sshd $ETH0_IP "eth0" fi - systemctl enable cloud + systemctl enable --now cloud disable_rpfilter enable_fwding 0 enable_irqbalance 0 - systemctl disable nfs-common rm /etc/logrotate.d/cloud } +consoleproxy_svcs +if [ $? -gt 0 ] +then + log_it "Failed to execute consoleproxy_svcs" + exit 1 +fi setup_console_proxy diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/dhcpsrvr.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/dhcpsrvr.sh index a479216..47e9205 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/setup/dhcpsrvr.sh +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/dhcpsrvr.sh @@ -18,6 +18,19 @@ . /opt/cloud/bin/setup/common.sh +dhcpsrvr_svcs() { + systemctl disable --now cloud + systemctl disable --now conntrackd + systemctl disable --now haproxy + systemctl disable --now keepalived + systemctl disable --now nfs-common + systemctl disable --now portmap + systemctl enable --now cloud-passwd-srvr + systemctl enable --now dnsmasq + systemctl enable --now ssh + echo "ssh dnsmasq cloud-passwd-srvr apache2" > /var/cache/cloud/enabled_svcs + echo "cloud nfs-common haproxy portmap" > /var/cache/cloud/disabled_svcs +} setup_dhcpsrvr() { log_it "Setting up dhcp server system vm" @@ -58,3 +71,9 @@ setup_dhcpsrvr() { } setup_dhcpsrvr +dhcpsrvr_svcs +if [ $? -gt 0 ] +then + log_it "Failed to execute dhcpsrvr_svcs" + exit 1 +fi diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/elbvm.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/elbvm.sh index 762133f..3dd3519 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/setup/elbvm.sh +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/elbvm.sh @@ -18,6 +18,17 @@ . /opt/cloud/bin/setup/common.sh +elbvm_svcs() { + systemctl disable --now cloud + systemctl disable --now conntrackd + systemctl disable --now keepalived + systemctl disable --now nfs-common + systemctl disable --now portmap + systemctl enable --now haproxy + systemctl enable --now ssh + echo "ssh haproxy" > /var/cache/cloud/enabled_svcs + echo "cloud dnsmasq cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs +} setup_elbvm() { log_it "Setting up Elastic Load Balancer system vm" @@ -44,3 +55,9 @@ setup_elbvm() { } setup_elbvm +elbvm_svcs +if [ $? -gt 0 ] +then + log_it "Failed to execute elbvm svcs" + exit 1 +fi diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/ilbvm.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/ilbvm.sh index 48c1635..1169511 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/setup/ilbvm.sh +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/ilbvm.sh @@ -18,6 +18,17 @@ . /opt/cloud/bin/setup/common.sh +ilbvm_svcs() { + systemctl disable --now cloud + systemctl disable --now conntrackd + systemctl disable --now keepalived + systemctl disable --now nfs-common + systemctl disable --now portmap + systemctl enable --now haproxy + systemctl enable --now ssh + echo "ssh haproxy" > /var/cache/cloud/enabled_svcs + echo "cloud dnsmasq cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs +} setup_ilbvm() { log_it "Setting up Internal Load Balancer system vm" @@ -40,3 +51,9 @@ setup_ilbvm() { } setup_ilbvm +ilbvm_svcs +if [ $? -gt 0 ] +then + log_it "Failed to execute ilbvm svcs" + exit 1 +fi diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/patchsystemvm.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/patchsystemvm.sh index a7c4581..8f84133 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/setup/patchsystemvm.sh +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/patchsystemvm.sh @@ -20,7 +20,7 @@ logfile="/var/log/patchsystemvm.log" # To use existing console proxy .zip-based package file -patch_console_proxy() { +patch_systemvm() { local patchfile=$1 local backupfolder="/tmp/.conf.backup" if [ -f /usr/local/cloud/systemvm/conf/cloud.jks ]; then @@ -40,207 +40,34 @@ patch_console_proxy() { return 0 } -consoleproxy_svcs() { - systemctl enable cloud - systemctl enable postinit - systemctl disable cloud-passwd-srvr - systemctl disable haproxy - systemctl disable dnsmasq - systemctl enable ssh - systemctl disable apache2 - systemctl disable nfs-common - systemctl disable portmap - systemctl disable keepalived - systemctl disable conntrackd - echo "cloud postinit ssh" > /var/cache/cloud/enabled_svcs - echo "cloud-passwd-srvr haproxy dnsmasq apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs - mkdir -p /var/log/cloud -} - -secstorage_svcs() { - systemctl enable cloud on - systemctl enable postinit on - systemctl disable cloud-passwd-srvr - systemctl disable haproxy - systemctl disable dnsmasq - systemctl enable portmap - systemctl enable nfs-common - systemctl enable ssh - systemctl disable apache2 - systemctl disable keepalived - systemctl disable conntrackd - echo "cloud postinit ssh nfs-common portmap" > /var/cache/cloud/enabled_svcs - echo "cloud-passwd-srvr haproxy dnsmasq" > /var/cache/cloud/disabled_svcs - mkdir -p /var/log/cloud -} - -routing_svcs() { - grep "redundant_router=1" /var/cache/cloud/cmdline > /dev/null - RROUTER=$? - systemctl disable cloud - systemctl disable haproxy - systemctl enable ssh - systemctl disable nfs-common - systemctl disable portmap - echo "ssh haproxy apache2" > /var/cache/cloud/enabled_svcs - echo "cloud nfs-common portmap" > /var/cache/cloud/disabled_svcs - if [ $RROUTER -eq 0 ] - then - systemctl disable dnsmasq - systemctl disable cloud-passwd-srvr - systemctl enable keepalived - systemctl enable conntrackd - systemctl enable postinit - echo "keepalived conntrackd postinit" >> /var/cache/cloud/enabled_svcs - echo "dnsmasq cloud-passwd-srvr" >> /var/cache/cloud/disabled_svcs - else - systemctl enable dnsmasq - systemctl enable cloud-passwd-srvr - systemctl disable keepalived - systemctl disable conntrackd - echo "dnsmasq cloud-passwd-srvr " >> /var/cache/cloud/enabled_svcs - echo "keepalived conntrackd " >> /var/cache/cloud/disabled_svcs - fi -} - -dhcpsrvr_svcs() { - systemctl disable cloud - systemctl enable cloud-passwd-srvr - systemctl disable haproxy - systemctl enable dnsmasq - systemctl enable ssh - systemctl disable nfs-common - systemctl disable portmap - systemctl disable keepalived - systemctl disable conntrackd - echo "ssh dnsmasq cloud-passwd-srvr apache2" > /var/cache/cloud/enabled_svcs - echo "cloud nfs-common haproxy portmap" > /var/cache/cloud/disabled_svcs -} - -elbvm_svcs() { - systemctl disable cloud - systemctl disable haproxy - systemctl enable ssh - systemctl disable nfs-common - systemctl disable portmap - systemctl disable keepalived - systemctl disable conntrackd - echo "ssh haproxy" > /var/cache/cloud/enabled_svcs - echo "cloud dnsmasq cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs -} - - -ilbvm_svcs() { - systemctl disable cloud - systemctl enable haproxy - systemctl enable ssh - systemctl disable nfs-common - systemctl disable portmap - systemctl disable keepalived - systemctl disable conntrackd - echo "ssh haproxy" > /var/cache/cloud/enabled_svcs - echo "cloud dnsmasq cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs -} - -enable_pcihotplug() { - sed -i -e "/acpiphp/d" /etc/modules - sed -i -e "/pci_hotplug/d" /etc/modules - echo acpiphp >> /etc/modules - echo pci_hotplug >> /etc/modules -} - -enable_serial_console() { - #sed -i -e "/^serial.*/d" /boot/grub/grub.conf - #sed -i -e "/^terminal.*/d" /boot/grub/grub.conf - #sed -i -e "/^default.*/a\serial --unit=0 --speed=115200 --parity=no --stop=1" /boot/grub/grub.conf - #sed -i -e "/^serial.*/a\terminal --timeout=0 serial console" /boot/grub/grub.conf - #sed -i -e "s/\(^kernel.* ro\) \(console.*\)/\1 console=tty0 console=ttyS0,115200n8/" /boot/grub/grub.conf - sed -i -e "/^s0:2345:respawn.*/d" /etc/inittab - sed -i -e "/6:23:respawn/a\s0:2345:respawn:/sbin/getty -L 115200 ttyS0 vt102" /etc/inittab -} - +CMDLINE=/var/cache/cloud/cmdline PATCH_MOUNT=$1 -Hypervisor=$2 -TYPE=$3 - +TYPE=$2 + +for str in $(cat $CMDLINE) + do + KEY=$(echo $str | cut -d= -f1) + VALUE=$(echo $str | cut -d= -f2) + case $KEY in + type) + TYPE=$VALUE + ;; + *) + ;; + esac +done + +echo "Patching systemvm for cloud service with mount=$PATCH_MOUNT for type=$TYPE" >> $logfile + +rm -f /root/.rnd echo "" > /root/.ssh/known_hosts if [ "$TYPE" == "consoleproxy" ] || [ "$TYPE" == "secstorage" ] && [ -f ${PATCH_MOUNT}/systemvm.zip ] then - patch_console_proxy ${PATCH_MOUNT}/systemvm.zip + patch_systemvm ${PATCH_MOUNT}/systemvm.zip if [ $? -gt 0 ] then printf "Failed to apply patch systemvm\n" >$logfile - exit 5 + exit 1 fi fi - - -if [ "$Hypervisor" == "kvm" ] -then - enable_pcihotplug - enable_serial_console -fi - -if [ "$TYPE" == "router" ] || [ "$TYPE" == "vpcrouter" ] -then - routing_svcs - if [ $? -gt 0 ] - then - printf "Failed to execute routing_svcs\n" >$logfile - exit 6 - fi -fi - -if [ "$TYPE" == "dhcpsrvr" ] -then - dhcpsrvr_svcs - if [ $? -gt 0 ] - then - printf "Failed to execute dhcpsrvr_svcs\n" >$logfile - exit 6 - fi -fi - - -if [ "$TYPE" == "consoleproxy" ] -then - consoleproxy_svcs - if [ $? -gt 0 ] - then - printf "Failed to execute consoleproxy_svcs\n" >$logfile - exit 7 - fi -fi - -if [ "$TYPE" == "secstorage" ] -then - secstorage_svcs - if [ $? -gt 0 ] - then - printf "Failed to execute secstorage_svcs\n" >$logfile - exit 8 - fi -fi - -if [ "$TYPE" == "elbvm" ] -then - elbvm_svcs - if [ $? -gt 0 ] - then - printf "Failed to execute elbvm svcs\n" >$logfile - exit 9 - fi -fi - -if [ "$TYPE" == "ilbvm" ] -then - ilbvm_svcs - if [ $? -gt 0 ] - then - printf "Failed to execute ilbvm svcs\n" >$logfile - exit 9 - fi -fi - -exit $? diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/router.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/router.sh index ae64232..e66b9e2 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/setup/router.sh +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/router.sh @@ -109,3 +109,9 @@ setup_router() { } setup_router +routing_svcs +if [ $? -gt 0 ] +then + log_it "Failed to execute routing_svcs" + exit 1 +fi diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/secstorage.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/secstorage.sh index 7cd6a6a..482cd94 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/setup/secstorage.sh +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/secstorage.sh @@ -18,6 +18,20 @@ . /opt/cloud/bin/setup/common.sh +secstorage_svcs() { + systemctl disable --now cloud-passwd-srvr + systemctl disable --now conntrackd + systemctl disable --now dnsmasq + systemctl disable --now haproxy + systemctl disable --now keepalived + systemctl enable --now nfs-common + systemctl enable --now portmap + systemctl enable --now postinit + systemctl enable --now ssh + echo "cloud postinit ssh nfs-common portmap" > /var/cache/cloud/enabled_svcs + echo "cloud-passwd-srvr haproxy dnsmasq" > /var/cache/cloud/disabled_svcs + mkdir -p /var/log/cloud +} setup_secstorage() { log_it "Setting up secondary storage system vm" @@ -63,12 +77,17 @@ CORS disable_rpfilter enable_fwding 0 - systemctl disable haproxy dnsmasq cloud-passwd-srvr - systemctl enable cloud apache2 - systemctl restart cloud apache2 + + systemctl enable --now cloud apache2 enable_irqbalance 0 rm /etc/logrotate.d/cloud setup_ntp } +secstorage_svcs +if [ $? -gt 0 ] +then + log_it "Failed to execute secstorage_svcs" + exit 1 +fi setup_secstorage diff --git a/systemvm/patches/debian/config/opt/cloud/bin/setup/vpcrouter.sh b/systemvm/patches/debian/config/opt/cloud/bin/setup/vpcrouter.sh index 85d1a09..4c909f5 100755 --- a/systemvm/patches/debian/config/opt/cloud/bin/setup/vpcrouter.sh +++ b/systemvm/patches/debian/config/opt/cloud/bin/setup/vpcrouter.sh @@ -123,3 +123,9 @@ EOF } setup_vpcrouter +routing_svcs +if [ $? -gt 0 ] +then + log_it "Failed to execute routing_svcs" + exit 1 +fi -- To stop receiving notification emails like this one, please contact "[email protected]" <[email protected]>.
