diff --git a/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41400to41500.java b/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41400to41500.java index e88bf6b81452..13c67d9d6fa0 100644 --- a/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41400to41500.java +++ b/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41400to41500.java @@ -103,12 +103,12 @@ private void updateSystemVmTemplates(final Connection conn) { final Map NewTemplateNameList = new HashMap() { { - put(Hypervisor.HypervisorType.KVM, "systemvm-kvm-4.14.0"); - put(Hypervisor.HypervisorType.VMware, "systemvm-vmware-4.14.0"); - put(Hypervisor.HypervisorType.XenServer, "systemvm-xenserver-4.14.0"); - put(Hypervisor.HypervisorType.Hyperv, "systemvm-hyperv-4.14.0"); - put(Hypervisor.HypervisorType.LXC, "systemvm-lxc-4.14.0"); - put(Hypervisor.HypervisorType.Ovm3, "systemvm-ovm3-4.14.0"); + put(Hypervisor.HypervisorType.KVM, "systemvm-kvm-4.15.0"); + put(Hypervisor.HypervisorType.VMware, "systemvm-vmware-4.15.0"); + put(Hypervisor.HypervisorType.XenServer, "systemvm-xenserver-4.15.0"); + put(Hypervisor.HypervisorType.Hyperv, "systemvm-hyperv-4.15.0"); + put(Hypervisor.HypervisorType.LXC, "systemvm-lxc-4.15.0"); + put(Hypervisor.HypervisorType.Ovm3, "systemvm-ovm3-4.15.0"); } }; @@ -125,30 +125,30 @@ private void updateSystemVmTemplates(final Connection conn) { final Map newTemplateUrl = new HashMap() { { - put(Hypervisor.HypervisorType.KVM, "https://download.cloudstack.org/systemvm/4.14/systemvmtemplate-4.14.0-kvm.qcow2.bz2"); - put(Hypervisor.HypervisorType.VMware, "https://download.cloudstack.org/systemvm/4.14/systemvmtemplate-4.14.0-vmware.ova"); - put(Hypervisor.HypervisorType.XenServer, "https://download.cloudstack.org/systemvm/4.14/systemvmtemplate-4.14.0-xen.vhd.bz2"); - put(Hypervisor.HypervisorType.Hyperv, "https://download.cloudstack.org/systemvm/4.14/systemvmtemplate-4.14.0-hyperv.vhd.zip"); - put(Hypervisor.HypervisorType.LXC, "https://download.cloudstack.org/systemvm/4.14/systemvmtemplate-4.14.0-kvm.qcow2.bz2"); - put(Hypervisor.HypervisorType.Ovm3, "https://download.cloudstack.org/systemvm/4.14/systemvmtemplate-4.14.0-ovm.raw.bz2"); + put(Hypervisor.HypervisorType.KVM, "https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.0-kvm.qcow2.bz2"); + put(Hypervisor.HypervisorType.VMware, "https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.0-vmware.ova"); + put(Hypervisor.HypervisorType.XenServer, "https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.0-xen.vhd.bz2"); + put(Hypervisor.HypervisorType.Hyperv, "https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.0-hyperv.vhd.zip"); + put(Hypervisor.HypervisorType.LXC, "https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.0-kvm.qcow2.bz2"); + put(Hypervisor.HypervisorType.Ovm3, "https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.0-ovm.raw.bz2"); } }; final Map newTemplateChecksum = new HashMap() { { - put(Hypervisor.HypervisorType.KVM, "d15ed159be32151b07e3211caf9cb802"); - put(Hypervisor.HypervisorType.XenServer, "fcaf1abc9aa62e7ed75f62b3092a01a2"); - put(Hypervisor.HypervisorType.VMware, "eb39f8b5a556dfc93c6be23ae45f34e1"); - put(Hypervisor.HypervisorType.Hyperv, "b4e91c14958e0fca9470695b0be05f99"); - put(Hypervisor.HypervisorType.LXC, "d15ed159be32151b07e3211caf9cb802"); - put(Hypervisor.HypervisorType.Ovm3, "1f97f4beb30af8cda886f1e977514704"); + put(Hypervisor.HypervisorType.KVM, "81b3e48bb934784a13555a43c5ef5ffb"); + put(Hypervisor.HypervisorType.XenServer, "1b178a5dbdbe090555515340144c6017"); + put(Hypervisor.HypervisorType.VMware, "e6a88e518c57d6f36c096c4204c3417f"); + put(Hypervisor.HypervisorType.Hyperv, "5c94da45337cf3e1910dcbe084d4b9ad"); + put(Hypervisor.HypervisorType.LXC, "81b3e48bb934784a13555a43c5ef5ffb"); + put(Hypervisor.HypervisorType.Ovm3, "875c5c65455fc06c4a012394410db375"); } }; for (final Map.Entry hypervisorAndTemplateName : NewTemplateNameList.entrySet()) { LOG.debug("Updating " + hypervisorAndTemplateName.getKey() + " System Vms"); try (PreparedStatement pstmt = conn.prepareStatement("select id from `cloud`.`vm_template` where name = ? and removed is null order by id desc limit 1")) { - // Get 4.11 systemvm template id for corresponding hypervisor + // Get systemvm template id for corresponding hypervisor long templateId = -1; pstmt.setString(1, hypervisorAndTemplateName.getValue()); try (ResultSet rs = pstmt.executeQuery()) { @@ -198,12 +198,12 @@ private void updateSystemVmTemplates(final Connection conn) { // Change value of global configuration parameter // minreq.sysvmtemplate.version for the ACS version try (PreparedStatement update_pstmt = conn.prepareStatement("UPDATE `cloud`.`configuration` SET value = ? WHERE name = ?");) { - update_pstmt.setString(1, "4.14.0"); + update_pstmt.setString(1, "4.15.0"); update_pstmt.setString(2, "minreq.sysvmtemplate.version"); update_pstmt.executeUpdate(); } catch (final SQLException e) { - LOG.error("updateSystemVmTemplates:Exception while setting 'minreq.sysvmtemplate.version' to 4.14.0: " + e.getMessage()); - throw new CloudRuntimeException("updateSystemVmTemplates:Exception while setting 'minreq.sysvmtemplate.version' to 4.14.0", e); + LOG.error("updateSystemVmTemplates:Exception while setting 'minreq.sysvmtemplate.version' to 4.15.0: " + e.getMessage()); + throw new CloudRuntimeException("updateSystemVmTemplates:Exception while setting 'minreq.sysvmtemplate.version' to 4.15.0", e); } } else { if (hypervisorsListInUse.contains(hypervisorAndTemplateName.getKey())) { diff --git a/systemvm/debian/etc/apache2/vhost.template b/systemvm/debian/etc/apache2/vhost.template index 0226bb44eee7..e9301042ca87 100644 --- a/systemvm/debian/etc/apache2/vhost.template +++ b/systemvm/debian/etc/apache2/vhost.template @@ -90,7 +90,7 @@ # Enable/Disable SSL for this virtual host. SSLEngine on SSLProtocol TLSv1.2 - SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA + SSLCipherSuite @SECLEVEL=1:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA SSLHonorCipherOrder on # A self-signed (snakeoil) certificate can be created by installing diff --git a/tools/appliance/systemvmtemplate/http/preseed.cfg b/tools/appliance/systemvmtemplate/http/preseed.cfg index aa63f0e69966..ce51f746c300 100644 --- a/tools/appliance/systemvmtemplate/http/preseed.cfg +++ b/tools/appliance/systemvmtemplate/http/preseed.cfg @@ -18,8 +18,10 @@ ### Localization # Locale sets language and country. d-i debian-installer/locale string en_US.UTF-8 +d-i debian-installer/country string IN # Keyboard selection. +d-i keymap select us d-i keyboard-configuration/xkb-keymap select us ### Network configuration @@ -32,7 +34,7 @@ d-i hw-detect/load_firmware boolean true ### Mirror settings d-i mirror/country string manual -d-i mirror/http/hostname string http.debian.net +d-i mirror/http/hostname string deb.debian.org d-i mirror/http/directory string /debian d-i mirror/http/proxy string @@ -60,21 +62,11 @@ d-i partman-auto/expert_recipe string \ use_filesystem{ } filesystem{ ext2 } \ mountpoint{ /boot } \ . \ - 1175 40 1200 ext4 \ + 2240 40 2500 ext4 \ method{ format } format{ } \ use_filesystem{ } filesystem{ ext4 } \ mountpoint{ / } \ . \ - 480 50 700 ext4 \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /var } \ - . \ - 80 90 100 ext4 \ - method{ format } format{ } \ - use_filesystem{ } filesystem{ ext4 } \ - mountpoint{ /tmp } \ - . \ 256 1000 256 linux-swap \ method{ swap } format{ } \ . @@ -100,24 +92,18 @@ d-i user-setup/encrypt-home boolean false d-i user-setup/allow-password-weak boolean true d-i passwd/user-default-groups string audio cdrom video admin -openssh-server openssh-server/permit-root-login boolean true - ### Package selection tasksel tasksel/first multiselect ssh-server d-i pkgsel/include string openssh-server ntp acpid sudo bzip2 openssl # Allowed values: none, safe-upgrade, full-upgrade d-i pkgsel/upgrade select full-upgrade +d-i pkgsel/update-policy select none popularity-contest popularity-contest/participate boolean false ### Boot loader installation d-i grub-installer/only_debian boolean true -d-i grub-installer/with_other_os boolean true d-i grub-installer/bootdev string default d-i finish-install/reboot_in_progress note #### Advanced options -# Prevent packaged version of VirtualBox Guest Additions being installed: -d-i preseed/early_command string sed -i \ - '/in-target/idiscover(){/sbin/discover|grep -v VirtualBox;}' \ - /usr/lib/pre-pkgsel.d/20install-hwpackages diff --git a/tools/appliance/systemvmtemplate/scripts/apt_upgrade.sh b/tools/appliance/systemvmtemplate/scripts/apt_upgrade.sh index cedbb1c10b4c..ea75c2d8bf2c 100644 --- a/tools/appliance/systemvmtemplate/scripts/apt_upgrade.sh +++ b/tools/appliance/systemvmtemplate/scripts/apt_upgrade.sh @@ -36,8 +36,8 @@ function add_backports() { sed -i '/deb-src/d' /etc/apt/sources.list sed -i '/backports/d' /etc/apt/sources.list sed -i '/security/d' /etc/apt/sources.list - echo 'deb http://http.debian.net/debian stretch-backports main' >> /etc/apt/sources.list - echo 'deb http://security.debian.org/debian-security stretch/updates main' >> /etc/apt/sources.list + echo 'deb http://http.debian.net/debian buster-backports main' >> /etc/apt/sources.list + echo 'deb http://security.debian.org/debian-security buster/updates main' >> /etc/apt/sources.list } function apt_upgrade() { diff --git a/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh b/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh index 7349298c1ef6..4e8605d4caf1 100644 --- a/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh +++ b/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh @@ -19,7 +19,7 @@ set -e set -x -CLOUDSTACK_RELEASE=4.14.0 +CLOUDSTACK_RELEASE=4.15.0 function configure_apache2() { # Enable ssl, rewrite and auth @@ -41,7 +41,7 @@ function configure_issue() { __?.o/ Apache CloudStack SystemVM $CLOUDSTACK_RELEASE ( )# https://cloudstack.apache.org - (___(_) Debian GNU/Linux 9.12 \n \l + (___(_) Debian GNU/Linux 10 \n \l EOF } diff --git a/tools/appliance/systemvmtemplate/scripts/install_systemvm_packages.sh b/tools/appliance/systemvmtemplate/scripts/install_systemvm_packages.sh index 1f18b2527342..2e788f3ced59 100644 --- a/tools/appliance/systemvmtemplate/scripts/install_systemvm_packages.sh +++ b/tools/appliance/systemvmtemplate/scripts/install_systemvm_packages.sh @@ -41,26 +41,26 @@ function install_packages() { local arch=`dpkg --print-architecture` debconf_packages - install_vhd_util local apt_get="apt-get --no-install-recommends -q -y" ${apt_get} install grub-legacy \ - rsyslog logrotate cron net-tools ifupdown tmux vim-tiny htop netbase iptables \ - openssh-server e2fsprogs tcpdump iftop socat wget \ - python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps \ + rsyslog logrotate cron net-tools ifupdown tmux vim-tiny htop netbase iptables nftables \ + openssh-server e2fsprogs tcpdump iftop socat wget coreutils systemd \ + python python3 bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps \ inetutils-ping iputils-arping httping curl \ - dnsutils zip unzip ethtool uuid file iproute acpid sudo \ + dnsutils zip unzip ethtool uuid file iproute2 acpid sudo \ sysstat python-netaddr \ apache2 ssl-cert \ dnsmasq dnsmasq-utils \ nfs-common \ samba-common cifs-utils \ - xl2tpd bcrelay ppp ipsec-tools tdb-tools \ + xl2tpd bcrelay ppp tdb-tools \ xenstore-utils libxenstore3.0 \ ipvsadm conntrackd libnetfilter-conntrack3 \ keepalived irqbalance \ ipcalc \ + openjdk-11-jre-headless \ ipset \ iptables-persistent \ libtcnative-1 libssl-dev libapr1-dev \ @@ -69,11 +69,9 @@ function install_packages() { haveged \ radvd \ sharutils genisoimage aria2 \ - strongswan libcharon-extra-plugins libstrongswan-extra-plugins \ + strongswan libcharon-extra-plugins libstrongswan-extra-plugins strongswan-charon strongswan-starter \ virt-what open-vm-tools qemu-guest-agent hyperv-daemons - apt-get -q -y -t stretch-backports install nftables openjdk-11-jre-headless - apt-get -y autoremove --purge apt-get clean apt-get autoclean @@ -87,6 +85,7 @@ function install_packages() { ${apt_get} install libuuid1:i386 libc6:i386 fi + install_vhd_util # Install xenserver guest utilities as debian repos don't have it wget https://mirrors.kernel.org/ubuntu/pool/main/x/xe-guest-utilities/xe-guest-utilities_7.10.0-0ubuntu1_amd64.deb dpkg -i xe-guest-utilities_7.10.0-0ubuntu1_amd64.deb diff --git a/tools/appliance/systemvmtemplate/template.json b/tools/appliance/systemvmtemplate/template.json index 1397b6c090ca..0fa9fb15a893 100644 --- a/tools/appliance/systemvmtemplate/template.json +++ b/tools/appliance/systemvmtemplate/template.json @@ -4,7 +4,7 @@ "provisioners": [ { "type": "shell", - "execute_command": "echo 'cloud'|sudo -S bash '{{.Path}}'", + "execute_command": "echo 'cloud' | sudo -u root -S bash {{.Path}}", "scripts": [ "scripts/apt_upgrade.sh", "scripts/configure_grub.sh", @@ -13,11 +13,11 @@ "scripts/configure_acpid.sh", "scripts/install_systemvm_packages.sh", "scripts/configure_conntrack.sh", - "../cloud_scripts_shar_archive.sh", - "scripts/configure_systemvm_services.sh", "scripts/authorized_keys.sh", "scripts/configure_persistent_config.sh", "scripts/configure_login.sh", + "../cloud_scripts_shar_archive.sh", + "scripts/configure_systemvm_services.sh", "scripts/cleanup.sh", "scripts/finalize.sh" ] @@ -29,50 +29,39 @@ "accelerator": "kvm", "headless": true, "qemuargs": [ - [ "-m", "512M" ], - [ "-smp", "cpus=1,maxcpus=1,cores=1" ] + [ "-m", "500M" ], + [ "-smp", "1" ] ], - "disk_size": 2000, "format": "qcow2", - + "disk_size": 2500, "disk_interface": "virtio", "net_device": "virtio-net", - - "iso_url": "https://cdimage.debian.org/cdimage/archive/9.12.0/amd64/iso-cd/debian-9.12.0-amd64-netinst.iso", - "iso_checksum": "af81de39678db1f814be4ce1b7b64b891f6f59926d6f835842c4b52b462ac7e78c45b5efd8273c196d64ba0b2dd1a0aabfb97c6e4f10702ee11a72e07aec9d67", + "iso_url": "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-10.4.0-amd64-netinst.iso", + "iso_checksum": "ec69e4bfceca56222e6e81766bf235596171afe19d47c20120783c1644f72dc605d341714751341051518b0b322d6c84e9de997815e0c74f525c66f9d9eb4295", "iso_checksum_type": "sha512", - - "vm_name": "systemvmtemplate", "output_directory": "../dist", - "http_directory": "http", - "http_port_min": 10082, - "http_port_max": 10089, - - "ssh_host_port_min": 2222, - "ssh_host_port_max": 2229, - + "vm_name": "systemvmtemplate", "ssh_username": "cloud", "ssh_password": "cloud", - "ssh_port": 22, "ssh_wait_timeout": "30m", - - "boot_wait": "10s", + "boot_wait": "5s", "boot_command": [ "", "install ", - " preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg ", - " debian-installer=en_US ", - " auto ", - " locale=en_US ", - " kbd-chooser/method=us ", - " netcfg/get_hostname=systemvm ", - " netcfg/get_domain=apache.org ", - " fb=false ", - " debconf/frontend=noninteractive ", - " console-setup/ask_detect=false ", - " console-keymaps-at/keymap=us ", - " keyboard-configuration/xkb-keymap=us ", + "preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg ", + "debian-installer=en_US.UTF-8 ", + "auto ", + "language=en locale=en_US.UTF-8 ", + "kbd-chooser/method=us ", + "keyboard-configuration/xkb-keymap=us ", + "netcfg/get_hostname=systemvm ", + "netcfg/get_domain=apache.org ", + "country=IN keymap=us ", + "fb=false ", + "debconf/frontend=noninteractive ", + "console-setup/ask_detect=false ", + "console-keymaps-at/keymap=us ", "" ],