cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhais...@apache.org
Subject [cloudstack] branch debian9-systemvmtemplate updated: Fix double-patching, apply iptables rules on non-VR systemvms
Date Mon, 04 Dec 2017 18:18:40 GMT
This is an automated email from the ASF dual-hosted git repository.

bhaisaab pushed a commit to branch debian9-systemvmtemplate
in repository https://gitbox.apache.org/repos/asf/cloudstack.git


The following commit(s) were added to refs/heads/debian9-systemvmtemplate by this push:
     new 40e2b8a  Fix double-patching, apply iptables rules on non-VR systemvms
40e2b8a is described below

commit 40e2b8abda865fcdccf7a92a0b089cd4de877b42
Author: Rohit Yadav <rohit.yadav@shapeblue.com>
AuthorDate: Mon Dec 4 23:43:15 2017 +0530

    Fix double-patching, apply iptables rules on non-VR systemvms
    
    Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
---
 .../patches/debian/etc/init.d/cloud-early-config   |  9 ++--
 systemvm/patches/debian/etc/issue                  |  7 ++-
 systemvm/patches/debian/etc/rc.local               | 60 +++++++---------------
 systemvm/patches/debian/opt/cloud/bin/configure.py |  4 +-
 .../patches/debian/opt/cloud/bin/cs/CsRedundant.py |  1 -
 .../patches/debian/opt/cloud/bin/setup/common.sh   | 10 +++-
 .../debian/opt/cloud/bin/setup/consoleproxy.sh     |  1 -
 .../patches/debian/opt/cloud/bin/setup/dhcpsrvr.sh |  3 --
 .../patches/debian/opt/cloud/bin/setup/elbvm.sh    |  1 -
 .../patches/debian/opt/cloud/bin/setup/ilbvm.sh    |  1 -
 .../patches/debian/opt/cloud/bin/setup/postinit.sh | 23 ++++++++-
 .../patches/debian/opt/cloud/bin/setup/router.sh   |  4 --
 .../debian/opt/cloud/bin/setup/secstorage.sh       |  1 -
 .../debian/opt/cloud/bin/setup/vpcrouter.sh        |  1 -
 14 files changed, 58 insertions(+), 68 deletions(-)

diff --git a/systemvm/patches/debian/etc/init.d/cloud-early-config b/systemvm/patches/debian/etc/init.d/cloud-early-config
index 5e3f7b6..327ae76 100755
--- a/systemvm/patches/debian/etc/init.d/cloud-early-config
+++ b/systemvm/patches/debian/etc/init.d/cloud-early-config
@@ -30,6 +30,7 @@ PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
 CMDLINE=/var/cache/cloud/cmdline
 
 # Clear boot up flag, it would be created by rc.local after boot up done
+mkdir -p /var/cache/cloud
 rm -f /var/cache/cloud/boot_up_done
 
 [ -x /sbin/ifup ] || exit 0
@@ -62,12 +63,6 @@ config_guest() {
     # Configure hot-plug
     modprobe acpiphp || true
     modprobe pci_hotplug || true
-    # Configure serial console FIXME: remove during build we enable it?
-    #sed -i -e "/^serial.*/d" /boot/grub/grub.conf
-    #sed -i -e "/^terminal.*/d" /boot/grub/grub.conf
-    #sed -i -e "/^default.*/a\serial --unit=0 --speed=115200 --parity=no --stop=1" /boot/grub/grub.conf
-    #sed -i -e "/^serial.*/a\terminal --timeout=0 serial console" /boot/grub/grub.conf
-    #sed -i -e "s/\(^kernel.* ro\) \(console.*\)/\1 console=tty0 console=ttyS0,115200n8/"
/boot/grub/grub.conf
     sed -i -e "/^s0:2345:respawn.*/d" /etc/inittab
     sed -i -e "/6:23:respawn/a\s0:2345:respawn:/sbin/getty -L 115200 ttyS0 vt102" /etc/inittab
   fi
@@ -195,6 +190,8 @@ patch() {
 
       log_it "Patching cloud service"
       /opt/cloud/bin/setup/patchsystemvm.sh $PATCH_MOUNT $TYPE
+
+      rm -f /var/cache/cloud/patched
     fi
 
     [ -f $privkey ] && cp -f $privkey /root/.ssh/ && chmod go-rwx /root/.ssh/authorized_keys
diff --git a/systemvm/patches/debian/etc/issue b/systemvm/patches/debian/etc/issue
index aa32be1..94e8f84 100644
--- a/systemvm/patches/debian/etc/issue
+++ b/systemvm/patches/debian/etc/issue
@@ -1,5 +1,4 @@
-   _ `.o/*  Apache CloudStack
-  (  )#     dev@cloudstack.apache.org
- (___(_)    https://cloudstack.apache.org
+   __?.o/  Apache CloudStack SystemVM 4.11
+  (  )#    https://cloudstack.apache.org
+ (___(_)   \s \r \n \l
 
-CloudStack SystemVM 4.11 \n \l
diff --git a/systemvm/patches/debian/etc/rc.local b/systemvm/patches/debian/etc/rc.local
index 895c120..94c6466 100755
--- a/systemvm/patches/debian/etc/rc.local
+++ b/systemvm/patches/debian/etc/rc.local
@@ -1,45 +1,43 @@
 #!/bin/bash
-
-#Licensed to the Apache Software Foundation (ASF) under one
-#or more contributor license agreements.  See the NOTICE file
-#distributed with this work for additional information
-#regarding copyright ownership.  The ASF licenses this file
-#to you under the Apache License, Version 2.0 (the
-#"License"); you may not use this file except in compliance
-#with the License.  You may obtain a copy of the License at
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
 #
-#  http://www.apache.org/licenses/LICENSE-2.0
+#   http://www.apache.org/licenses/LICENSE-2.0
 #
-#Unless required by applicable law or agreed to in writing,
-#software distributed under the License is distributed on an
-#"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-#KIND, either express or implied.  See the License for the
-#specific language governing permissions and limitations
-#under the License.
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
 
 [ ! -f /var/cache/cloud/enabled_svcs ] && touch /var/cache/cloud/enabled_svcs
 for svc in $(cat /var/cache/cloud/enabled_svcs)
 do
    logger -t cloud "Starting $svc"
-   systemctl enable --now $svc
+   systemctl enable --no-block --now $svc
 done
 
 [ ! -f /var/cache/cloud/disabled_svcs ] && touch /var/cache/cloud/disabled_svcs
 for svc in $(cat /var/cache/cloud/disabled_svcs)
 do
    logger -t cloud "Stopping $svc"
-   systemctl disable --now $svc
+   systemctl disable --no-block --now $svc
 done
 
-
-#Restore the persistent iptables nat, rules and filters for IPv4 and IPv6 if they exist
-ipv4="/etc/iptables/router_rules.v4"
+# Restore the persistent iptables nat, rules and filters for IPv4 and IPv6 if they exist
+ipv4="/etc/iptables/rules.v4"
 if [ -e $ipv4 ]
 then
    iptables-restore < $ipv4
 fi
 
-ipv6="/etc/iptables/router_rules.v6"
+ipv6="/etc/iptables/rules.v6"
 if [ -e $ipv6 ]
 then
    iptables-restore < $ipv6
@@ -47,23 +45,3 @@ fi
 
 date > /var/cache/cloud/boot_up_done
 logger -t cloud "Boot up process done"
-
-CMDLINE=/var/cache/cloud/cmdline
-for str in $(cat $CMDLINE)
-  do
-    KEY=$(echo $str | cut -d= -f1)
-    VALUE=$(echo $str | cut -d= -f2)
-    case $KEY in
-      type)
-        export TYPE=$VALUE
-        ;;
-      *)
-        ;;
-    esac
-done
-
-if [ "$TYPE" == "router" ]
-then
-    python /opt/cloud/bin/baremetal-vr.py &
-    logger -t cloud "Started baremetal-vr service"
-fi
diff --git a/systemvm/patches/debian/opt/cloud/bin/configure.py b/systemvm/patches/debian/opt/cloud/bin/configure.py
index 7e8db9b..95f0015 100755
--- a/systemvm/patches/debian/opt/cloud/bin/configure.py
+++ b/systemvm/patches/debian/opt/cloud/bin/configure.py
@@ -978,8 +978,8 @@ class IpTablesExecutor:
         logging.debug("Configuring iptables rules done ...saving rules")
 
         # Save iptables configuration - will be loaded on reboot by the iptables-restore
that is configured on /etc/rc.local
-        CsHelper.save_iptables("iptables-save", "/etc/iptables/router_rules.v4")
-        CsHelper.save_iptables("ip6tables-save", "/etc/iptables/router_rules.v6")
+        CsHelper.save_iptables("iptables-save", "/etc/iptables/rules.v4")
+        CsHelper.save_iptables("ip6tables-save", "/etc/iptables/rules.v6")
 
 
 def main(argv):
diff --git a/systemvm/patches/debian/opt/cloud/bin/cs/CsRedundant.py b/systemvm/patches/debian/opt/cloud/bin/cs/CsRedundant.py
index d3acb44..2575e0b 100755
--- a/systemvm/patches/debian/opt/cloud/bin/cs/CsRedundant.py
+++ b/systemvm/patches/debian/opt/cloud/bin/cs/CsRedundant.py
@@ -77,7 +77,6 @@ class CsRedundant(object):
         CsHelper.service("keepalived", "stop")
 
     def _redundant_on(self):
-        return
         guest = self.address.get_guest_if()
 
         # No redundancy if there is no guest network
diff --git a/systemvm/patches/debian/opt/cloud/bin/setup/common.sh b/systemvm/patches/debian/opt/cloud/bin/setup/common.sh
index 4fc883d..0951a29 100755
--- a/systemvm/patches/debian/opt/cloud/bin/setup/common.sh
+++ b/systemvm/patches/debian/opt/cloud/bin/setup/common.sh
@@ -471,7 +471,6 @@ setup_sshd(){
   local eth=$2
   [ -f /etc/ssh/sshd_config ] && sed -i -e "s/^[#]*ListenAddress.*$/ListenAddress
$ip/" /etc/ssh/sshd_config
   sed -i "/3922/s/eth./$eth/" /etc/iptables/rules.v4
-  sed -i "/3922/s/eth./$eth/" /etc/iptables/rules
 }
 
 setup_vpc_apache2() {
@@ -848,4 +847,13 @@ parse_cmd_line() {
   fi
 }
 
+check_patching_required() {
+  if [ -f /var/cache/cloud/patched ]
+  then
+    log_it "SystemVM's patching has been already done, exiting..."
+    exit 0
+  fi
+}
+
 parse_cmd_line
+check_patching_required
diff --git a/systemvm/patches/debian/opt/cloud/bin/setup/consoleproxy.sh b/systemvm/patches/debian/opt/cloud/bin/setup/consoleproxy.sh
index ad23381..a3b2797 100755
--- a/systemvm/patches/debian/opt/cloud/bin/setup/consoleproxy.sh
+++ b/systemvm/patches/debian/opt/cloud/bin/setup/consoleproxy.sh
@@ -36,7 +36,6 @@ setup_console_proxy() {
 
   log_it "Applying iptables rules"
   cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules.v4
-  cp /etc/iptables/iptables-consoleproxy /etc/iptables/rules
 
   log_it "Configuring sshd"
   local hyp=$HYPERVISOR
diff --git a/systemvm/patches/debian/opt/cloud/bin/setup/dhcpsrvr.sh b/systemvm/patches/debian/opt/cloud/bin/setup/dhcpsrvr.sh
index d9a9c1a..467bb56 100755
--- a/systemvm/patches/debian/opt/cloud/bin/setup/dhcpsrvr.sh
+++ b/systemvm/patches/debian/opt/cloud/bin/setup/dhcpsrvr.sh
@@ -37,13 +37,10 @@ setup_dhcpsrvr() {
   enable_fwding 0
 
   cp /etc/iptables/iptables-router /etc/iptables/rules.v4
-  cp /etc/iptables/iptables-router /etc/iptables/rules
 
   #Only allow DNS service for current network
   sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m
udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
-  sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m
udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
   sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m
tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
-  sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m
tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
 
   if [ "$SSHONGUEST" == "true" ]
   then
diff --git a/systemvm/patches/debian/opt/cloud/bin/setup/elbvm.sh b/systemvm/patches/debian/opt/cloud/bin/setup/elbvm.sh
index fbae405..600fb0d 100755
--- a/systemvm/patches/debian/opt/cloud/bin/setup/elbvm.sh
+++ b/systemvm/patches/debian/opt/cloud/bin/setup/elbvm.sh
@@ -32,7 +32,6 @@ setup_elbvm() {
   echo "$public_ip $NAME" >> /etc/hosts
 
   cp /etc/iptables/iptables-elbvm /etc/iptables/rules.v4
-  cp /etc/iptables/iptables-elbvm /etc/iptables/rules
   if [ "$SSHONGUEST" == "true" ]
   then
     setup_sshd $ETH0_IP "eth0"
diff --git a/systemvm/patches/debian/opt/cloud/bin/setup/ilbvm.sh b/systemvm/patches/debian/opt/cloud/bin/setup/ilbvm.sh
index 809be09..58a711c 100755
--- a/systemvm/patches/debian/opt/cloud/bin/setup/ilbvm.sh
+++ b/systemvm/patches/debian/opt/cloud/bin/setup/ilbvm.sh
@@ -32,7 +32,6 @@ setup_ilbvm() {
   echo "$ETH0_IP $NAME" >> /etc/hosts
 
   cp /etc/iptables/iptables-ilbvm /etc/iptables/rules.v4
-  cp /etc/iptables/iptables-ilbvm /etc/iptables/rules
   setup_sshd $ETH1_IP "eth1"
 
   enable_fwding 0
diff --git a/systemvm/patches/debian/opt/cloud/bin/setup/postinit.sh b/systemvm/patches/debian/opt/cloud/bin/setup/postinit.sh
index 8149d2d..a4ac6e1 100755
--- a/systemvm/patches/debian/opt/cloud/bin/setup/postinit.sh
+++ b/systemvm/patches/debian/opt/cloud/bin/setup/postinit.sh
@@ -18,7 +18,19 @@
 
 # This scripts before ssh.service but after cloud-early-config
 
-. /opt/cloud/bin/setup/common.sh
+CMDLINE=/var/cache/cloud/cmdline
+for str in $(cat $CMDLINE)
+  do
+    KEY=$(echo $str | cut -d= -f1)
+    VALUE=$(echo $str | cut -d= -f2)
+    case $KEY in
+      type)
+        export TYPE=$VALUE
+        ;;
+      *)
+        ;;
+    esac
+done
 
 if [ "$TYPE" == "router" ] || [ "$TYPE" == "vpcrouter" ] || [ "$TYPE" == "dhcpsrvr" ]
 then
@@ -28,3 +40,12 @@ then
       logger -t cloud "Updated config: cmd_line.json"
   fi
 fi
+
+if [ "$TYPE" == "router" ]
+then
+    python /opt/cloud/bin/baremetal-vr.py &
+    logger -t cloud "Started baremetal-vr service"
+fi
+
+date > /var/cache/cloud/patched
+logger -t cloud "SystemVM patching process done"
diff --git a/systemvm/patches/debian/opt/cloud/bin/setup/router.sh b/systemvm/patches/debian/opt/cloud/bin/setup/router.sh
index d9fadfe..3bd4224 100755
--- a/systemvm/patches/debian/opt/cloud/bin/setup/router.sh
+++ b/systemvm/patches/debian/opt/cloud/bin/setup/router.sh
@@ -83,15 +83,11 @@ setup_router() {
   enable_fwding 1
   enable_rpsrfs 1
   cp /etc/iptables/iptables-router /etc/iptables/rules.v4
-  #for old templates
-  cp /etc/iptables/iptables-router /etc/iptables/rules
   setup_sshd $ETH1_IP "eth1"
 
   #Only allow DNS service for current network
   sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m
udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
-  sed -i "s/-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p udp -m
udp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
   sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m
tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules.v4
-  sed -i "s/-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT/-A INPUT -i eth0 -p tcp -m
tcp --dport 53 -s $DHCP_RANGE\/$CIDR_SIZE -j ACCEPT/g" /etc/iptables/rules
 
   #setup hourly logrotate
   mv -n /etc/cron.daily/logrotate /etc/cron.hourly 2>&1
diff --git a/systemvm/patches/debian/opt/cloud/bin/setup/secstorage.sh b/systemvm/patches/debian/opt/cloud/bin/setup/secstorage.sh
index 5cdc4bb..b890d77 100755
--- a/systemvm/patches/debian/opt/cloud/bin/setup/secstorage.sh
+++ b/systemvm/patches/debian/opt/cloud/bin/setup/secstorage.sh
@@ -39,7 +39,6 @@ setup_secstorage() {
 
   log_it "Applying iptables rules"
   cp /etc/iptables/iptables-secstorage /etc/iptables/rules.v4
-  cp /etc/iptables/iptables-secstorage /etc/iptables/rules
 
   log_it "Configuring sshd"
   local hyp=$HYPERVISOR
diff --git a/systemvm/patches/debian/opt/cloud/bin/setup/vpcrouter.sh b/systemvm/patches/debian/opt/cloud/bin/setup/vpcrouter.sh
index bd1181f..5ed09c7 100755
--- a/systemvm/patches/debian/opt/cloud/bin/setup/vpcrouter.sh
+++ b/systemvm/patches/debian/opt/cloud/bin/setup/vpcrouter.sh
@@ -93,7 +93,6 @@ EOF
   disable_rpfilter
   enable_fwding 1
   cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules.v4
-  cp /etc/iptables/iptables-vpcrouter /etc/iptables/rules
   setup_sshd $ETH0_IP "eth0"
   cp /etc/vpcdnsmasq.conf /etc/dnsmasq.conf
   cp /etc/cloud-nic.rules /etc/udev/rules.d/cloud-nic.rules

-- 
To stop receiving notification emails like this one, please contact
['"commits@cloudstack.apache.org" <commits@cloudstack.apache.org>'].

Mime
View raw message