apache · yadvr · Jun 9, 2020 · Jan 7, 2020 · Jan 7, 2020 · May 27, 2020
diff --git a/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41400to41500.java b/engine/schema/src/main/java/com/cloud/upgrade/dao/Upgrade41400to41500.java
@@ -103,12 +103,12 @@ private void updateSystemVmTemplates(final Connection conn) {

        final Map<Hypervisor.HypervisorType, String> NewTemplateNameList = new HashMap<Hypervisor.HypervisorType, String>() {
            {
-                put(Hypervisor.HypervisorType.KVM, "systemvm-kvm-4.14.0");
-                put(Hypervisor.HypervisorType.VMware, "systemvm-vmware-4.14.0");
-                put(Hypervisor.HypervisorType.XenServer, "systemvm-xenserver-4.14.0");
-                put(Hypervisor.HypervisorType.Hyperv, "systemvm-hyperv-4.14.0");
-                put(Hypervisor.HypervisorType.LXC, "systemvm-lxc-4.14.0");
-                put(Hypervisor.HypervisorType.Ovm3, "systemvm-ovm3-4.14.0");
+                put(Hypervisor.HypervisorType.KVM, "systemvm-kvm-4.15.0");
+                put(Hypervisor.HypervisorType.VMware, "systemvm-vmware-4.15.0");
+                put(Hypervisor.HypervisorType.XenServer, "systemvm-xenserver-4.15.0");
+                put(Hypervisor.HypervisorType.Hyperv, "systemvm-hyperv-4.15.0");
+                put(Hypervisor.HypervisorType.LXC, "systemvm-lxc-4.15.0");
+                put(Hypervisor.HypervisorType.Ovm3, "systemvm-ovm3-4.15.0");
            }
        };

@@ -125,30 +125,30 @@ private void updateSystemVmTemplates(final Connection conn) {

        final Map<Hypervisor.HypervisorType, String> newTemplateUrl = new HashMap<Hypervisor.HypervisorType, String>() {
            {
-                put(Hypervisor.HypervisorType.KVM, "https://download.cloudstack.org/systemvm/4.14/systemvmtemplate-4.14.0-kvm.qcow2.bz2");
-                put(Hypervisor.HypervisorType.VMware, "https://download.cloudstack.org/systemvm/4.14/systemvmtemplate-4.14.0-vmware.ova");
-                put(Hypervisor.HypervisorType.XenServer, "https://download.cloudstack.org/systemvm/4.14/systemvmtemplate-4.14.0-xen.vhd.bz2");
-                put(Hypervisor.HypervisorType.Hyperv, "https://download.cloudstack.org/systemvm/4.14/systemvmtemplate-4.14.0-hyperv.vhd.zip");
-                put(Hypervisor.HypervisorType.LXC, "https://download.cloudstack.org/systemvm/4.14/systemvmtemplate-4.14.0-kvm.qcow2.bz2");
-                put(Hypervisor.HypervisorType.Ovm3, "https://download.cloudstack.org/systemvm/4.14/systemvmtemplate-4.14.0-ovm.raw.bz2");
+                put(Hypervisor.HypervisorType.KVM, "https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.0-kvm.qcow2.bz2");
+                put(Hypervisor.HypervisorType.VMware, "https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.0-vmware.ova");
+                put(Hypervisor.HypervisorType.XenServer, "https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.0-xen.vhd.bz2");
+                put(Hypervisor.HypervisorType.Hyperv, "https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.0-hyperv.vhd.zip");
+                put(Hypervisor.HypervisorType.LXC, "https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.0-kvm.qcow2.bz2");
+                put(Hypervisor.HypervisorType.Ovm3, "https://download.cloudstack.org/systemvm/4.15/systemvmtemplate-4.15.0-ovm.raw.bz2");
            }
        };

        final Map<Hypervisor.HypervisorType, String> newTemplateChecksum = new HashMap<Hypervisor.HypervisorType, String>() {
            {
-                put(Hypervisor.HypervisorType.KVM, "d15ed159be32151b07e3211caf9cb802");
-                put(Hypervisor.HypervisorType.XenServer, "fcaf1abc9aa62e7ed75f62b3092a01a2");
-                put(Hypervisor.HypervisorType.VMware, "eb39f8b5a556dfc93c6be23ae45f34e1");
-                put(Hypervisor.HypervisorType.Hyperv, "b4e91c14958e0fca9470695b0be05f99");
-                put(Hypervisor.HypervisorType.LXC, "d15ed159be32151b07e3211caf9cb802");
-                put(Hypervisor.HypervisorType.Ovm3, "1f97f4beb30af8cda886f1e977514704");
+                put(Hypervisor.HypervisorType.KVM, "81b3e48bb934784a13555a43c5ef5ffb");
+                put(Hypervisor.HypervisorType.XenServer, "1b178a5dbdbe090555515340144c6017");
+                put(Hypervisor.HypervisorType.VMware, "e6a88e518c57d6f36c096c4204c3417f");
+                put(Hypervisor.HypervisorType.Hyperv, "5c94da45337cf3e1910dcbe084d4b9ad");
+                put(Hypervisor.HypervisorType.LXC, "81b3e48bb934784a13555a43c5ef5ffb");
+                put(Hypervisor.HypervisorType.Ovm3, "875c5c65455fc06c4a012394410db375");
            }
        };

        for (final Map.Entry<Hypervisor.HypervisorType, String> hypervisorAndTemplateName : NewTemplateNameList.entrySet()) {
            LOG.debug("Updating " + hypervisorAndTemplateName.getKey() + " System Vms");
            try (PreparedStatement pstmt = conn.prepareStatement("select id from `cloud`.`vm_template` where name = ? and removed is null order by id desc limit 1")) {
-                // Get 4.11 systemvm template id for corresponding hypervisor
+                // Get systemvm template id for corresponding hypervisor
                long templateId = -1;
                pstmt.setString(1, hypervisorAndTemplateName.getValue());
                try (ResultSet rs = pstmt.executeQuery()) {
@@ -198,12 +198,12 @@ private void updateSystemVmTemplates(final Connection conn) {
                    // Change value of global configuration parameter
                    // minreq.sysvmtemplate.version for the ACS version
                    try (PreparedStatement update_pstmt = conn.prepareStatement("UPDATE `cloud`.`configuration` SET value = ? WHERE name = ?");) {
-                        update_pstmt.setString(1, "4.14.0");
+                        update_pstmt.setString(1, "4.15.0");
                        update_pstmt.setString(2, "minreq.sysvmtemplate.version");
                        update_pstmt.executeUpdate();
                    } catch (final SQLException e) {
-                        LOG.error("updateSystemVmTemplates:Exception while setting 'minreq.sysvmtemplate.version' to 4.14.0: " + e.getMessage());
-                        throw new CloudRuntimeException("updateSystemVmTemplates:Exception while setting 'minreq.sysvmtemplate.version' to 4.14.0", e);
+                        LOG.error("updateSystemVmTemplates:Exception while setting 'minreq.sysvmtemplate.version' to 4.15.0: " + e.getMessage());
+                        throw new CloudRuntimeException("updateSystemVmTemplates:Exception while setting 'minreq.sysvmtemplate.version' to 4.15.0", e);
                    }
                } else {
                    if (hypervisorsListInUse.contains(hypervisorAndTemplateName.getKey())) {

diff --git a/systemvm/debian/etc/apache2/vhost.template b/systemvm/debian/etc/apache2/vhost.template
@@ -90,7 +90,7 @@
 	#   Enable/Disable SSL for this virtual host.
 	SSLEngine on
 	SSLProtocol TLSv1.2
-	SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
+	SSLCipherSuite @SECLEVEL=1:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
 	SSLHonorCipherOrder on

 	#   A self-signed (snakeoil) certificate can be created by installing

diff --git a/tools/appliance/systemvmtemplate/http/preseed.cfg b/tools/appliance/systemvmtemplate/http/preseed.cfg
@@ -18,8 +18,10 @@
 ### Localization
 # Locale sets language and country.
 d-i debian-installer/locale string en_US.UTF-8
+d-i debian-installer/country string IN

 # Keyboard selection.
+d-i keymap select us
 d-i keyboard-configuration/xkb-keymap select us

 ### Network configuration
@@ -32,7 +34,7 @@ d-i hw-detect/load_firmware boolean true

 ### Mirror settings
 d-i mirror/country string manual
-d-i mirror/http/hostname string http.debian.net
+d-i mirror/http/hostname string deb.debian.org
 d-i mirror/http/directory string /debian
 d-i mirror/http/proxy string

@@ -60,21 +62,11 @@ d-i partman-auto/expert_recipe string                         \
                      use_filesystem{ } filesystem{ ext2 }    \
                      mountpoint{ /boot }                     \
              .                                               \
-              1175 40 1200 ext4                               \
+              2240 40 2500 ext4                               \
                      method{ format } format{ }              \
                      use_filesystem{ } filesystem{ ext4 }    \
                      mountpoint{ / }                         \
              .                                               \
-              480 50 700 ext4                                 \
-                      method{ format } format{ }              \
-                      use_filesystem{ } filesystem{ ext4 }    \
-                      mountpoint{ /var }                      \
-              .                                               \
-              80 90 100 ext4                                  \
-                      method{ format } format{ }              \
-                      use_filesystem{ } filesystem{ ext4 }    \
-                      mountpoint{ /tmp }                      \
-              .                                               \
              256 1000 256 linux-swap                         \
                      method{ swap } format{ }                \
              .
@@ -100,24 +92,18 @@ d-i user-setup/encrypt-home boolean false
 d-i user-setup/allow-password-weak boolean true
 d-i passwd/user-default-groups string audio cdrom video admin

-openssh-server  openssh-server/permit-root-login boolean true
-
 ### Package selection
 tasksel tasksel/first multiselect ssh-server
 d-i pkgsel/include string openssh-server ntp acpid sudo bzip2 openssl
 # Allowed values: none, safe-upgrade, full-upgrade
 d-i pkgsel/upgrade select full-upgrade
+d-i pkgsel/update-policy select none

 popularity-contest popularity-contest/participate boolean false

 ### Boot loader installation
 d-i grub-installer/only_debian boolean true
-d-i grub-installer/with_other_os boolean true
 d-i grub-installer/bootdev  string default
 d-i finish-install/reboot_in_progress note

 #### Advanced options
-# Prevent packaged version of VirtualBox Guest Additions being installed:
-d-i preseed/early_command string sed -i \
-  '/in-target/idiscover(){/sbin/discover|grep -v VirtualBox;}' \
-  /usr/lib/pre-pkgsel.d/20install-hwpackages
diff --git a/tools/appliance/systemvmtemplate/scripts/apt_upgrade.sh b/tools/appliance/systemvmtemplate/scripts/apt_upgrade.sh
@@ -36,8 +36,8 @@ function add_backports() {
  sed -i '/deb-src/d' /etc/apt/sources.list
  sed -i '/backports/d' /etc/apt/sources.list
  sed -i '/security/d' /etc/apt/sources.list
-  echo 'deb http://http.debian.net/debian stretch-backports main' >> /etc/apt/sources.list
-  echo 'deb http://security.debian.org/debian-security stretch/updates main' >> /etc/apt/sources.list
+  echo 'deb http://http.debian.net/debian buster-backports main' >> /etc/apt/sources.list
+  echo 'deb http://security.debian.org/debian-security buster/updates main' >> /etc/apt/sources.list
 }

 function apt_upgrade() {

diff --git a/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh b/tools/appliance/systemvmtemplate/scripts/configure_systemvm_services.sh
@@ -19,7 +19,7 @@
 set -e
 set -x

-CLOUDSTACK_RELEASE=4.14.0
+CLOUDSTACK_RELEASE=4.15.0

 function configure_apache2() {
   # Enable ssl, rewrite and auth
@@ -41,7 +41,7 @@ function configure_issue() {

   __?.o/  Apache CloudStack SystemVM $CLOUDSTACK_RELEASE
  (  )#    https://cloudstack.apache.org
- (___(_)   Debian GNU/Linux 9.12 \n \l
+ (___(_)   Debian GNU/Linux 10 \n \l

 EOF
 }

diff --git a/tools/appliance/systemvmtemplate/scripts/install_systemvm_packages.sh b/tools/appliance/systemvmtemplate/scripts/install_systemvm_packages.sh
@@ -41,26 +41,26 @@ function install_packages() {
  local arch=`dpkg --print-architecture`

  debconf_packages
-  install_vhd_util

  local apt_get="apt-get --no-install-recommends -q -y"

  ${apt_get} install grub-legacy \
-    rsyslog logrotate cron net-tools ifupdown tmux vim-tiny htop netbase iptables \
-    openssh-server e2fsprogs tcpdump iftop socat wget \
-    python bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps \
+    rsyslog logrotate cron net-tools ifupdown tmux vim-tiny htop netbase iptables nftables \
+    openssh-server e2fsprogs tcpdump iftop socat wget coreutils systemd \
+    python python3 bzip2 sed gawk diffutils grep gzip less tar telnet ftp rsync traceroute psmisc lsof procps \
    inetutils-ping iputils-arping httping curl \
-    dnsutils zip unzip ethtool uuid file iproute acpid sudo \
+    dnsutils zip unzip ethtool uuid file iproute2 acpid sudo \
    sysstat python-netaddr \
    apache2 ssl-cert \
    dnsmasq dnsmasq-utils \
    nfs-common \
    samba-common cifs-utils \
-    xl2tpd bcrelay ppp ipsec-tools tdb-tools \
+    xl2tpd bcrelay ppp tdb-tools \
    xenstore-utils libxenstore3.0 \
    ipvsadm conntrackd libnetfilter-conntrack3 \
    keepalived irqbalance \
    ipcalc \
+    openjdk-11-jre-headless \
    ipset \
    iptables-persistent \
    libtcnative-1 libssl-dev libapr1-dev \
@@ -69,11 +69,9 @@ function install_packages() {
    haveged \
    radvd \
    sharutils genisoimage aria2 \
-    strongswan libcharon-extra-plugins libstrongswan-extra-plugins \
+    strongswan libcharon-extra-plugins libstrongswan-extra-plugins strongswan-charon strongswan-starter \
    virt-what open-vm-tools qemu-guest-agent hyperv-daemons

-  apt-get -q -y -t stretch-backports install nftables openjdk-11-jre-headless
-
  apt-get -y autoremove --purge
  apt-get clean
  apt-get autoclean
@@ -87,6 +85,7 @@ function install_packages() {
    ${apt_get} install libuuid1:i386 libc6:i386
  fi

+  install_vhd_util
  # Install xenserver guest utilities as debian repos don't have it
  wget https://mirrors.kernel.org/ubuntu/pool/main/x/xe-guest-utilities/xe-guest-utilities_7.10.0-0ubuntu1_amd64.deb
  dpkg -i xe-guest-utilities_7.10.0-0ubuntu1_amd64.deb

diff --git a/tools/appliance/systemvmtemplate/template.json b/tools/appliance/systemvmtemplate/template.json
@@ -4,7 +4,7 @@
  "provisioners": [
    {
      "type": "shell",
-      "execute_command": "echo 'cloud'|sudo -S bash '{{.Path}}'",
+      "execute_command": "echo 'cloud' | sudo -u root -S bash {{.Path}}",
      "scripts": [
        "scripts/apt_upgrade.sh",
        "scripts/configure_grub.sh",
@@ -13,11 +13,11 @@
        "scripts/configure_acpid.sh",
        "scripts/install_systemvm_packages.sh",
        "scripts/configure_conntrack.sh",
-        "../cloud_scripts_shar_archive.sh",
-        "scripts/configure_systemvm_services.sh",
        "scripts/authorized_keys.sh",
        "scripts/configure_persistent_config.sh",
        "scripts/configure_login.sh",
+        "../cloud_scripts_shar_archive.sh",
+        "scripts/configure_systemvm_services.sh",
        "scripts/cleanup.sh",
        "scripts/finalize.sh"
      ]
@@ -29,50 +29,39 @@
      "accelerator": "kvm",
      "headless": true,
      "qemuargs": [
-        [ "-m", "512M" ],
-        [ "-smp", "cpus=1,maxcpus=1,cores=1" ]
+        [ "-m", "500M" ],
+        [ "-smp", "1" ]
      ],
-      "disk_size": 2000,
      "format": "qcow2",
-
+      "disk_size": 2500,
      "disk_interface": "virtio",
      "net_device": "virtio-net",
-
-      "iso_url": "https://cdimage.debian.org/cdimage/archive/9.12.0/amd64/iso-cd/debian-9.12.0-amd64-netinst.iso",
-      "iso_checksum": "af81de39678db1f814be4ce1b7b64b891f6f59926d6f835842c4b52b462ac7e78c45b5efd8273c196d64ba0b2dd1a0aabfb97c6e4f10702ee11a72e07aec9d67",
+      "iso_url": "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-10.4.0-amd64-netinst.iso",
+      "iso_checksum": "ec69e4bfceca56222e6e81766bf235596171afe19d47c20120783c1644f72dc605d341714751341051518b0b322d6c84e9de997815e0c74f525c66f9d9eb4295",
      "iso_checksum_type": "sha512",
-
-      "vm_name": "systemvmtemplate",
      "output_directory": "../dist",
-
      "http_directory": "http",
-      "http_port_min": 10082,
-      "http_port_max": 10089,
-
-      "ssh_host_port_min": 2222,
-      "ssh_host_port_max": 2229,
-
+      "vm_name": "systemvmtemplate",
      "ssh_username": "cloud",
      "ssh_password": "cloud",
-      "ssh_port": 22,
      "ssh_wait_timeout": "30m",
-
-      "boot_wait": "10s",
+      "boot_wait": "5s",
      "boot_command": [
        "<esc><wait>",
        "install <wait>",
-        " preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg <wait>",
-        " debian-installer=en_US <wait>",
-        " auto <wait>",
-        " locale=en_US <wait>",
-        " kbd-chooser/method=us <wait>",
-        " netcfg/get_hostname=systemvm <wait>",
-        " netcfg/get_domain=apache.org <wait>",
-        " fb=false <wait>",
-        " debconf/frontend=noninteractive <wait>",
-        " console-setup/ask_detect=false <wait>",
-        " console-keymaps-at/keymap=us <wait>",
-        " keyboard-configuration/xkb-keymap=us <wait>",
+        "preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/preseed.cfg <wait>",
+        "debian-installer=en_US.UTF-8 <wait>",
+        "auto <wait>",
+        "language=en locale=en_US.UTF-8 <wait>",
+        "kbd-chooser/method=us <wait>",
+        "keyboard-configuration/xkb-keymap=us <wait>",
+        "netcfg/get_hostname=systemvm <wait>",
+        "netcfg/get_domain=apache.org <wait>",
+        "country=IN keymap=us <wait>",
+        "fb=false <wait>",
+        "debconf/frontend=noninteractive <wait>",
+        "console-setup/ask_detect=false <wait>",
+        "console-keymaps-at/keymap=us <wait>",
        "<enter><wait>"
      ],