CLOUDSTACK-10013: Migrate systemvmtemplate to Debian9

  SystemVM changes to work on Debian 9
- Migrate away from chkconfig to systemctl
- Remove xenstore-utils override deb pkg
- Fix runlevel in sysv scripts for systemd

Signed-off-by: Rohit Yadav <[email protected]>

Author: yadvr

systemvm/patches/debian/buildsystemvm.sh

@@ -5,7 +5,7 @@
 # Required-Stop:     $local_fs
 # Should-Start:      
 # Should-Stop:       
-# Default-Start:     
+# Default-Start:     3 4 5
 # Default-Stop:      0 1 6
 # Short-Description: 	Start up the CloudStack cloud service
 ### END INIT INFO

systemvm/patches/debian/config/etc/init.d/cloud

@@ -38,6 +38,9 @@ mkdir -p /var/lib/haproxy
 # Clear boot up flag, it would be created by rc.local after boot up done
 rm -f /var/cache/cloud/boot_up_done
 
+# Randomize cloud password so only ssh login is allowed
+echo "cloud:`openssl rand -base64 32`" | chpasswd
+
 [ -x /sbin/ifup ] || exit 0
 
 . /lib/lsb/init-functions
@@ -807,7 +810,7 @@ setup_sshd(){
 
 setup_vpc_apache2() {
   log_it "Setting up apache web server for VPC"
-  chkconfig apache2 off
+  systemctl disable apache2
   clean_ipalias_config
   setup_apache2_common
 }
@@ -942,7 +945,7 @@ setup_router() {
   disable_rpfilter_domR
   enable_fwding 1
   enable_rpsrfs 1
-  chkconfig nfs-common off
+  systemctl disable nfs-common
   cp /etc/iptables/iptables-router /etc/iptables/rules.v4
 #for old templates
   cp /etc/iptables/iptables-router /etc/iptables/rules
@@ -1082,7 +1085,7 @@ setup_dhcpsrvr() {
   enable_svc cloud-passwd-srvr 1
   enable_svc cloud 0
   enable_fwding 0
-  chkconfig nfs-common off
+  systemctl disable nfs-common
 
   cp /etc/iptables/iptables-router /etc/iptables/rules.v4
   cp /etc/iptables/iptables-router /etc/iptables/rules
@@ -1238,7 +1241,7 @@ setup_console_proxy() {
   enable_svc dnsmasq 0
   enable_svc cloud-passwd-srvr 0
   enable_svc cloud 1
-  chkconfig nfs-common off
+  systemctl disable nfs-common
   rm /etc/logrotate.d/cloud
 }
 
@@ -1266,8 +1269,8 @@ setup_elbvm() {
   enable_svc dnsmasq 0
   enable_svc cloud-passwd-srvr 0
   enable_svc cloud 0
-  chkconfig nfs-common off
-  chkconfig portmap off
+  systemctl disable nfs-common
+  systemctl disable portmap
 }
 
 setup_ilbvm() {
@@ -1289,8 +1292,8 @@ setup_ilbvm() {
   enable_svc dnsmasq 0
   enable_svc cloud-passwd-srvr 0
   enable_svc cloud 0
-  chkconfig nfs-common off
-  chkconfig portmap off
+  systemctl disable nfs-common
+  systemctl disable portmap
 }
 
 setup_default() {

systemvm/patches/debian/config/etc/init.d/cloud-early-config

@@ -3,10 +3,10 @@
 # Provides:          cloud-passwd-srvr
 # Required-Start:    mountkernfs $local_fs cloud-early-config iptables-persistent
 # Required-Stop:     $local_fs
-# Should-Start:      
-# Should-Stop:       
-# Default-Start:     
-# Default-Stop:      0 6
+# Should-Start:
+# Should-Stop
+# Default-Start:     3 4 5
+# Default-Stop:      0 1 6
 # Short-Description: Web server that sends passwords to User VMs
 ### END INIT INFO
 # Licensed to the Apache Software Foundation (ASF) under one

systemvm/patches/debian/config/etc/init.d/cloud-passwd-srvr

@@ -33,34 +33,34 @@ patch_console_proxy() {
 }
 
 consoleproxy_svcs() {
-   chkconfig cloud on
-   chkconfig postinit on
-   chkconfig cloud-passwd-srvr off
-   chkconfig haproxy off ;
-   chkconfig dnsmasq off
-   chkconfig ssh on
-   chkconfig apache2 off
-   chkconfig nfs-common off
-   chkconfig portmap off
-   chkconfig keepalived off
-   chkconfig conntrackd off
+   systemctl enable cloud
+   systemctl enable postinit
+   systemctl disable cloud-passwd-srvr
+   systemctl disable haproxy
+   systemctl disable dnsmasq
+   systemctl enable ssh
+   systemctl disable apache2
+   systemctl disable nfs-common
+   systemctl disable portmap
+   systemctl disable keepalived
+   systemctl disable conntrackd
    echo "cloud postinit ssh" > /var/cache/cloud/enabled_svcs
    echo "cloud-passwd-srvr haproxy dnsmasq apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs
    mkdir -p /var/log/cloud
 }
 
 secstorage_svcs() {
-   chkconfig cloud on
-   chkconfig postinit on
-   chkconfig cloud-passwd-srvr off
-   chkconfig haproxy off ;
-   chkconfig dnsmasq off
-   chkconfig portmap on
-   chkconfig nfs-common on
-   chkconfig ssh on
-   chkconfig apache2 off
-   chkconfig keepalived off
-   chkconfig conntrackd off
+   systemctl enable cloud on
+   systemctl enable postinit on
+   systemctl disable cloud-passwd-srvr
+   systemctl disable haproxy
+   systemctl disable dnsmasq
+   systemctl enable portmap
+   systemctl enable nfs-common
+   systemctl enable ssh
+   systemctl disable apache2
+   systemctl disable keepalived
+   systemctl disable conntrackd
    echo "cloud postinit ssh nfs-common portmap" > /var/cache/cloud/enabled_svcs
    echo "cloud-passwd-srvr haproxy dnsmasq" > /var/cache/cloud/disabled_svcs
    mkdir -p /var/log/cloud
@@ -69,67 +69,67 @@ secstorage_svcs() {
 routing_svcs() {
    grep "redundant_router=1" /var/cache/cloud/cmdline > /dev/null
    RROUTER=$?
-   chkconfig cloud off
-   chkconfig haproxy on ; 
-   chkconfig ssh on
-   chkconfig nfs-common off
-   chkconfig portmap off
+   systemctl disable cloud
+   systemctl disable haproxy
+   systemctl enable ssh
+   systemctl disable nfs-common
+   systemctl disable portmap
    echo "ssh haproxy apache2" > /var/cache/cloud/enabled_svcs
    echo "cloud nfs-common portmap" > /var/cache/cloud/disabled_svcs
    if [ $RROUTER -eq 0 ]
    then
-       chkconfig dnsmasq off
-       chkconfig cloud-passwd-srvr off
-       chkconfig keepalived on
-       chkconfig conntrackd on
-       chkconfig postinit on
+       systemctl disable dnsmasq
+       systemctl disable cloud-passwd-srvr
+       systemctl enable keepalived
+       systemctl enable conntrackd
+       systemctl enable postinit
        echo "keepalived conntrackd postinit" >> /var/cache/cloud/enabled_svcs
        echo "dnsmasq cloud-passwd-srvr" >> /var/cache/cloud/disabled_svcs
    else
-       chkconfig dnsmasq on
-       chkconfig cloud-passwd-srvr on
-       chkconfig keepalived off
-       chkconfig conntrackd off
+       systemctl enable dnsmasq
+       systemctl enable cloud-passwd-srvr
+       systemctl disable keepalived
+       systemctl disable conntrackd
        echo "dnsmasq cloud-passwd-srvr " >> /var/cache/cloud/enabled_svcs
        echo "keepalived conntrackd " >> /var/cache/cloud/disabled_svcs
    fi
 }
 
 dhcpsrvr_svcs() {
-   chkconfig cloud off
-   chkconfig cloud-passwd-srvr on ; 
-   chkconfig haproxy off ; 
-   chkconfig dnsmasq on
-   chkconfig ssh on
-   chkconfig nfs-common off
-   chkconfig portmap off
-   chkconfig keepalived off
-   chkconfig conntrackd off
+   systemctl disable cloud
+   systemctl enable cloud-passwd-srvr
+   systemctl disable haproxy
+   systemctl enable dnsmasq
+   systemctl enable ssh
+   systemctl disable nfs-common
+   systemctl disable portmap
+   systemctl disable keepalived
+   systemctl disable conntrackd
    echo "ssh dnsmasq cloud-passwd-srvr apache2" > /var/cache/cloud/enabled_svcs
    echo "cloud nfs-common haproxy portmap" > /var/cache/cloud/disabled_svcs
 }
 
 elbvm_svcs() {
-   chkconfig cloud off
-   chkconfig haproxy on ; 
-   chkconfig ssh on
-   chkconfig nfs-common off
-   chkconfig portmap off
-   chkconfig keepalived off
-   chkconfig conntrackd off
+   systemctl disable cloud
+   systemctl disable haproxy
+   systemctl enable ssh
+   systemctl disable nfs-common
+   systemctl disable portmap
+   systemctl disable keepalived
+   systemctl disable conntrackd
    echo "ssh haproxy" > /var/cache/cloud/enabled_svcs
    echo "cloud dnsmasq cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs
 }
 
 
 ilbvm_svcs() {
-   chkconfig cloud off
-   chkconfig haproxy on ; 
-   chkconfig ssh on
-   chkconfig nfs-common off
-   chkconfig portmap off
-   chkconfig keepalived off
-   chkconfig conntrackd off
+   systemctl disable cloud
+   systemctl enable haproxy
+   systemctl enable ssh
+   systemctl disable nfs-common
+   systemctl disable portmap
+   systemctl disable keepalived
+   systemctl disable conntrackd
    echo "ssh haproxy" > /var/cache/cloud/enabled_svcs
    echo "cloud dnsmasq cloud-passwd-srvr apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs
 }

systemvm/patches/debian/config/opt/cloud/bin/patchsystemvm.sh

@@ -594,7 +594,7 @@ function main() {
   add_on_exit veewee_destroy
   veewee_build
   save_mac_address
-  veewee_halt
+  veewee_halt || true
   retry 10 check_appliance_shutdown
   retry 10 check_appliance_disk_ready
   retry 10 remove_shares

tools/appliance/build.sh

@@ -23,20 +23,23 @@ function add_backports() {
   sed -i '/cdrom/d' /etc/apt/sources.list
   sed -i '/deb-src/d' /etc/apt/sources.list
   sed -i '/backports/d' /etc/apt/sources.list
-  echo 'deb http://http.debian.net/debian wheezy-backports main' >> /etc/apt/sources.list
+  echo 'deb http://http.debian.net/debian stretch-backports main' >> /etc/apt/sources.list
 }
 
 function apt_upgrade() {
   DEBIAN_FRONTEND=noninteractive
   DEBIAN_PRIORITY=critical
 
+  # Setup sudo
+  echo 'cloud ALL=(ALL) NOPASSWD: ALL' > /etc/sudoers.d/cloud
+
   add_backports
 
   rm -fv /root/*.iso
   apt-get -y autoremove
   apt-get autoclean
-  apt-get -q -y --force-yes update
-  apt-get -q -y --force-yes upgrade
+  apt-get -q -y update
+  apt-get -q -y upgrade
 
   df -h
 }

tools/appliance/definitions/systemvmtemplate/apt_upgrade.sh

@@ -25,5 +25,6 @@ set -x
 key='ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAvFu3MLSPphFRBR1yM7nBukXWS9gPdAXfqq9cfC8ZqQN9ybi531aj44CybZ4BVT4kLfzbAs7+7nJeSIpPHxjv9XFqbxjIxoFeGYkj7s0RrJgtsEmvAAubZ3mYboUAYUivMgnJFLnv4VqyAbpjix6CfECUiU4ygwo24F3F6bAmhl4Vo1R5TSUdDIX876YePJTFtuVkLl4lu/+xw1QRWrgaSFosGICT37IKY7RjE79Ozb0GjNHyJPPgVAGkUVO4LawroL9dYOBlzdHpmqqA9Kc44oQBpvcU7s1+ezRTt7fZNnP7TG9ninZtrvnP4qmwAc4iUJ7N1bwh0mCblnoTfZ28hw== anthony@mobl-ant'
 mkdir -p /root/.ssh
 chmod 644 /root/.ssh
+#touch /root/.ssh/authorized_keys
 echo ${key}  > /root/.ssh/authorized_keys
 chmod 600 /root/.ssh/authorized_keys

tools/appliance/definitions/systemvmtemplate/authorized_keys.sh

@@ -20,7 +20,6 @@ set -e
 set -x
 
 function cleanup_apt() {
-  #apt-get -y remove linux-headers-$(uname -r) build-essential
   apt-get -y remove dictionaries-common busybox
   apt-get -y autoremove
   apt-get autoclean