CLOUDSTACK-10013: Migrate to Debian9 for systemvmtemplate

WIP support for Debian9

Signed-off-by: Rohit Yadav <[email protected]>

Author: yadvr

tools/appliance/definitions/systemvmtemplate/apt_upgrade.sh

@@ -23,13 +23,16 @@ function add_backports() {
   sed -i '/cdrom/d' /etc/apt/sources.list
   sed -i '/deb-src/d' /etc/apt/sources.list
   sed -i '/backports/d' /etc/apt/sources.list
-  echo 'deb http://http.debian.net/debian wheezy-backports main' >> /etc/apt/sources.list
+  echo 'deb http://http.debian.net/debian stretch-backports main' >> /etc/apt/sources.list
 }
 
 function apt_upgrade() {
   DEBIAN_FRONTEND=noninteractive
   DEBIAN_PRIORITY=critical
 
+  # Setup sudo
+  echo 'cloud ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/cloud
+
   add_backports
 
   rm -fv /root/*.iso
@@ -38,6 +41,9 @@ function apt_upgrade() {
   apt-get -q -y --force-yes update
   apt-get -q -y --force-yes upgrade
 
+  apt-get -q -y --force-yes install linux-headers-$(uname -r) build-essential
+  apt-get -q -y --force-yes install zlib1g-dev libssl-dev libreadline-gplv2-dev curl unzip
+
   df -h
 }
 

tools/appliance/definitions/systemvmtemplate/authorized_keys.sh

@@ -21,9 +21,7 @@
 set -e
 set -x
 
-# the key that we have in ../patches/debian/config/root/.ssh/authorized_keys for some reason
-key='ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvFu3MLSPphFRBR1yM7nBukXWS9gPdAXfqq9cfC8ZqQN9ybi531aj44CybZ4BVT4kLfzbAs7+7nJeSIpPHxjv9XFqbxjIxoFeGYkj7s0RrJgtsEmvAAubZ3mYboUAYUivMgnJFLnv4VqyAbpjix6CfECUiU4ygwo24F3F6bAmhl4Vo1R5TSUdDIX876YePJTFtuVkLl4lu/+xw1QRWrgaSFosGICT37IKY7RjE79Ozb0GjNHyJPPgVAGkUVO4LawroL9dYOBlzdHpmqqA9Kc44oQBpvcU7s1+ezRTt7fZNnP7TG9ninZtrvnP4qmwAc4iUJ7N1bwh0mCblnoTfZ28hw== anthony@mobl-ant'
 mkdir -p /root/.ssh
 chmod 644 /root/.ssh
-echo ${key}  > /root/.ssh/authorized_keys
+touch /root/.ssh/authorized_keys
 chmod 600 /root/.ssh/authorized_keys

tools/appliance/definitions/systemvmtemplate/cleanup.sh

@@ -20,7 +20,7 @@ set -e
 set -x
 
 function cleanup_apt() {
-  #apt-get -y remove linux-headers-$(uname -r) build-essential
+  apt-get -y remove linux-headers-$(uname -r) build-essential
   apt-get -y remove dictionaries-common busybox
   apt-get -y autoremove
   apt-get autoclean

tools/appliance/definitions/systemvmtemplate/configure_login.sh

@@ -42,7 +42,7 @@ root	  ALL=(ALL:ALL) ALL
 
 #includedir /etc/sudoers.d
 END
-  echo 'cloud ALL=NOPASSWD:/bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount' > /etc/sudoers.d/cloud
+  echo 'cloud ALL=NOPASSWD:/bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount, /sbin/halt' > /etc/sudoers.d/cloud
 }
 
 # sshd_config is overwritten from cloud_scripts
@@ -58,7 +58,7 @@ END
 #}
 
 function configure_inittab() {
-  grep "vc:2345:respawn:/sbin/getty" /etc/inittab && return
+  #grep "vc:2345:respawn:/sbin/getty" /etc/inittab && return
 
   # Fix inittab
   cat >> /etc/inittab << EOF
@@ -68,11 +68,11 @@ EOF
 }
 
 function configure_login() {
-  add_admin_group
-  configure_cloud_user
-  configure_sudoers
   # configure_sshd
   configure_inittab
+  add_admin_group
+  configure_sudoers
+  configure_cloud_user
 }
 
 return 2>/dev/null || configure_login

tools/appliance/definitions/systemvmtemplate/configure_systemvm_services.sh

@@ -19,15 +19,15 @@
 set -e
 set -x
 
-CLOUDSTACK_RELEASE=4.6.0
+CLOUDSTACK_RELEASE=4.11.0
 
 function configure_apache2() {
    # Enable ssl, rewrite and auth
    a2enmod ssl rewrite auth_basic auth_digest
    a2ensite default-ssl
    # Backup stock apache configuration since we may modify it in Secondary Storage VM
-   cp /etc/apache2/sites-available/default /etc/apache2/sites-available/default.orig
-   cp /etc/apache2/sites-available/default-ssl /etc/apache2/sites-available/default-ssl.orig
+   cp /etc/apache2/sites-available/000-default.conf /etc/apache2/sites-available/default.orig
+   cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.orig
    sed -i 's/SSLProtocol all -SSLv2$/SSLProtocol all -SSLv2 -SSLv3/g' /etc/apache2/mods-available/ssl.conf
 }
 

tools/appliance/definitions/systemvmtemplate/definition.rb

@@ -15,7 +15,7 @@
 # specific language governing permissions and limitations
 # under the License.
 
-arch = ENV['VM_ARCH'] || 'i386'
+arch = 'amd64'
 
 #
 # NOTE: Before changing the version of the debian image make
@@ -25,25 +25,19 @@
 # removed from the debian mirrors
 #
 architectures = {
-    :i386 => {
-        :os_type_id => 'Debian',
-        :iso_file => 'debian-7.11.0-i386-netinst.iso',
-        :iso_src => 'http://cdimage.debian.org/cdimage/archive/7.11.0/i386/iso-cd/debian-7.11.0-i386-netinst.iso',
-        :iso_md5 => '75055a694508f5b891038ec12d703c9e',
-    },
     :amd64 => {
         :os_type_id => 'Debian_64',
-        :iso_file => 'debian-7.11.0-amd64-netinst.iso',
-        :iso_src => 'http://cdimage.debian.org/cdimage/archive/7.11.0/amd64/iso-cd/debian-7.11.0-amd64-netinst.iso',
-        :iso_md5 => '096c1c18b44c269808bd815d58c53c8f'
+        :iso_file => 'debian-9.1.0-amd64-netinst.iso',
+        :iso_src => 'https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-9.1.0-amd64-netinst.iso',
+        :iso_md5 => 'ddd8f6542dae8baf410e90b9ae0fe986'
     }
 }
 
 config = {
     :cpu_count => '1',
     :memory_size => '256',
-    :disk_size => '3200', :disk_format => 'VDI', :hostiocache => 'off',
-    :iso_download_timeout => '1200',
+    :disk_size => '4096', :disk_format => 'VDI', :hostiocache => 'off',
+    :iso_download_timeout => '1000',
     :boot_wait => '10',
     :boot_cmd_sequence => [
         '<Esc>',
@@ -63,23 +57,22 @@
         '<Enter>'
     ],
     :kickstart_port => '7122',
-    :kickstart_timeout => '1200',
+    :kickstart_timeout => '1000',
     :kickstart_file => 'preseed.cfg',
-    :ssh_login_timeout => '1200',
-    :ssh_user => 'root',
-    :ssh_password => 'password',
+    :ssh_login_timeout => '10000',
+    :ssh_user => 'cloud',
+    :ssh_password => 'cloud',
     :ssh_key => '',
     :ssh_host_port => '7222',
     :ssh_guest_port => '22',
     :sudo_cmd => "echo '%p'|sudo -S bash '%f'",
     :shutdown_cmd => 'halt -p',
     :postinstall_files => [
         # basic minimal vm creation
-        'build_time.sh',
+        #'build_time.sh',
         'apt_upgrade.sh',
         'configure_grub.sh',
         'configure_locale.sh',
-        'configure_login.sh',
         'configure_networking.sh',
         'configure_acpid.sh',
         # turning it into a systemvm
@@ -91,9 +84,11 @@
         'configure_persistent_config.sh',
         # cleanup & space-saving
         'cleanup.sh',
-        'zerodisk.sh'
+        'zerodisk.sh',
+        # setup login stuff
+        'configure_login.sh'
     ],
-    :postinstall_timeout => '1200'
+    :postinstall_timeout => '10000'
 }
 
 config.merge! architectures[arch.to_sym]

tools/appliance/definitions/systemvmtemplate/install_systemvm_packages.sh

@@ -54,7 +54,7 @@ function install_packages() {
 
   ${apt_get} install \
     rsyslog logrotate cron chkconfig insserv net-tools ifupdown vim-tiny netbase iptables \
-    openssh-server e2fsprogs dhcp3-client tcpdump socat wget \
+    openssh-server e2fsprogs isc-dhcp tcpdump socat wget \
     python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps \
     inetutils-ping iputils-arping httping  curl \
     dnsutils zip unzip ethtool uuid file iproute acpid virt-what sudo \
@@ -67,16 +67,16 @@ function install_packages() {
     xenstore-utils libxenstore3.0 \
     conntrackd ipvsadm libnetfilter-conntrack3 libnl-3-200 libnl-genl-3-200 \
     ipcalc \
+    openjdk-8-jre-headless \
     ipset \
     iptables-persistent \
     libtcnative-1 libssl-dev libapr1-dev \
     python-flask \
     haproxy \
     radvd \
-    sharutils
-
-  ${apt_get} -t wheezy-backports install keepalived irqbalance open-vm-tools qemu-guest-agent
-  ${apt_get} -t wheezy-backports install strongswan libcharon-extra-plugins libstrongswan-extra-plugins
+    sharutils \
+    keepalived irqbalance open-vm-tools qemu-guest-agent \
+    strongswan libcharon-extra-plugins libstrongswan-extra-plugins
 
   apt-get update
   apt-get -y --force-yes upgrade
@@ -93,16 +93,6 @@ function install_packages() {
     dpkg -i xe-guest-utilities_6.5.0_amd64.deb
     rm -f xe-guest-utilities_6.5.0_amd64.deb
   fi
-
-  # Install OpenJDK8 pkgs maintained by Azul
-  apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 0x219BD9C9
-  echo 'deb http://repos.azulsystems.com/debian stable main' > /etc/apt/sources.list.d/zulu.list
-  apt-get -y autoremove
-  apt-get autoclean
-  apt-get clean
-  apt-get update
-  ${apt_get} install zulu-8
-  java -version
 }
 
 return 2>/dev/null || install_packages

tools/appliance/definitions/systemvmtemplate/preseed.cfg

@@ -17,22 +17,35 @@
 
 ### Localization
 # Locale sets language and country.
-d-i debian-installer/locale string en_US
+d-i debian-installer/locale string en_US.UTF-8
 
 # Keyboard selection.
-d-i console-keymaps-at/keymap select us
+d-i keyboard-configuration/xkb-keymap select us
 
 ### Network configuration
 d-i netcfg/choose_interface select auto
 d-i netcfg/get_hostname string systemvm
-d-i netcfg/get_domain string cloudstack.org
+d-i netcfg/get_domain string apache.org
+d-i netcfg/wireless_wep string
+
+d-i hw-detect/load_firmware boolean true
 
 ### Mirror settings
 d-i mirror/country string manual
-d-i mirror/http/hostname string http.us.debian.org
+d-i mirror/http/hostname string http.debian.net
 d-i mirror/http/directory string /debian
 d-i mirror/http/proxy string
 
+### Apt setup
+d-i apt-setup/cdrom/set-first false
+#d-i apt-setup/non-free boolean true
+#d-i apt-setup/contrib boolean true
+#d-i apt-setup/use_mirror boolean true
+d-i apt-setup/services-select multiselect security, updates
+d-i apt-setup/security_host string security.debian.org
+d-i apt-setup/local0/source boolean false
+d-i apt-setup/multiarch string i386
+
 ### Clock and time zone setup
 d-i clock-setup/utc boolean true
 d-i time/zone string UTC
@@ -44,13 +57,13 @@ d-i partman-auto/method string regular
 d-i partman-auto/choose_recipe select atomic
 d-i partman-auto/expert_recipe string                         \
       boot-root ::                                            \
-              80 50 160 ext4                                  \
+              90 50 120 ext4                                  \
                       $primary{ } $bootable{ }                \
                       method{ format } format{ }              \
                       use_filesystem{ } filesystem{ ext4 }    \
                       mountpoint{ /boot }                     \
               .                                               \
-              500 40 800 ext4                                 \
+              450 40 500 ext4                                 \
                       method{ format } format{ }              \
                       use_filesystem{ } filesystem{ ext4 }    \
                       mountpoint{ / }                         \
@@ -60,7 +73,7 @@ d-i partman-auto/expert_recipe string                         \
                       use_filesystem{ } filesystem{ ext4 }    \
                       mountpoint{ /home }                     \
               .                                               \
-              1000 60 1400 ext4                                \
+              1000 60 1800 ext4                               \
                       method{ format } format{ }              \
                       use_filesystem{ } filesystem{ ext4 }    \
                       mountpoint{ /usr }                      \
@@ -70,12 +83,12 @@ d-i partman-auto/expert_recipe string                         \
                       use_filesystem{ } filesystem{ ext4 }    \
                       mountpoint{ /opt }                      \
               .                                               \
-              600 70 1200 ext4                                \
+              600 70 1600 ext4                                \
                       method{ format } format{ }              \
                       use_filesystem{ } filesystem{ ext4 }    \
                       mountpoint{ /var }                      \
               .                                               \
-              400 50 500 ext4                                 \
+              400 50 600 ext4                                 \
                       method{ format } format{ }              \
                       use_filesystem{ } filesystem{ ext4 }    \
                       mountpoint{ /var/log }                  \
@@ -88,7 +101,9 @@ d-i partman-auto/expert_recipe string                         \
               256 100 1024 linux-swap                         \
                       method{ swap } format{ }                \
               .
-d-i partman/confirm_write_new_label boolean true
+
+d-i partman-md/confirm boolean true
+d-i partman-partitioning/confirm_write_new_label boolean true
 d-i partman/choose_partition select finish
 d-i partman/confirm boolean true
 d-i partman/confirm_nooverwrite boolean true
@@ -97,36 +112,36 @@ d-i partman/confirm_nooverwrite boolean true
 # ...
 
 ### Account setup
-d-i passwd/root-login boolean true
+d-i passwd/root-login boolean false
 d-i passwd/root-password password password
 d-i passwd/root-password-again password password
-d-i passwd/user-fullname string Cloud Stack
+d-i passwd/user-fullname string CloudStack User
 d-i passwd/username string cloud
 d-i passwd/user-password password cloud
 d-i passwd/user-password-again password cloud
 d-i user-setup/encrypt-home boolean false
 d-i user-setup/allow-password-weak boolean true
 d-i passwd/user-default-groups string audio cdrom video admin
 
+#openssh-server  openssh-server/permit-root-login boolean true
+
 ### Apt setup
 # ...
 
 ### Package selection
 tasksel tasksel/first multiselect ssh-server
-d-i pkgsel/include string openssh-server ntp acpid  sudo bzip2 openssl
+d-i pkgsel/include string openssh-server ntp acpid sudo bzip2 openssl
 # Allowed values: none, safe-upgrade, full-upgrade
 d-i pkgsel/upgrade select none
 
 popularity-contest popularity-contest/participate boolean false
 
 ### Boot loader installation
 d-i grub-installer/only_debian boolean true
+d-i grub-installer/with_other_os boolean true
+d-i grub-installer/bootdev  string default
 d-i finish-install/reboot_in_progress note
 
-### Preseeding other packages
-libssl1.0.0     libssl1.0.0/restart-services    string
-libssl1.0.0     libssl1.0.0/restart-failed      error
-
 #### Advanced options
 # Prevent packaged version of VirtualBox Guest Additions being installed:
 d-i preseed/early_command string sed -i \