SysVM: Cleanup and removal of old (and dangerous) config files

* ports.conf * default & default-ssl sites * SSL config in httpd.conf * deprecated & dead setup_redundant_router in cloud-early-config
alokhom · Jun 7, 2016 · 58bdb44 · 58bdb44
1 parent 72e8308
commit 58bdb44
Show file tree

Hide file tree

Showing 10 changed files with 15 additions and 338 deletions.
diff --git a/LICENSE b/LICENSE
@@ -221,9 +221,6 @@ Within the patches/systemvm/debian/config/etc/apache2 directory
     Copyright (c) 2012 The Apache Software Foundation
         from The Apache Software Foundation  http://www.apache.org/ 
             httpd.conf 
-            ports.conf 
-            sites-available/default 
-            sites-available/default-ssl 
             vhost.template
 
 Within the patches/systemvm/debian/config/etc/ssh/ directory

diff --git a/pom.xml b/pom.xml
@@ -892,9 +892,6 @@
               <exclude>systemvm/patches/debian/systemvm.vmx</exclude>
               <exclude>systemvm/patches/debian/config/root/.ssh/authorized_keys</exclude>
               <exclude>systemvm/patches/debian/config/etc/apache2/httpd.conf</exclude>
-              <exclude>systemvm/patches/debian/config/etc/apache2/ports.conf</exclude>
-              <exclude>systemvm/patches/debian/config/etc/apache2/sites-available/default</exclude>
-              <exclude>systemvm/patches/debian/config/etc/apache2/sites-available/default-ssl</exclude>
               <exclude>systemvm/patches/debian/config/etc/apache2/vhost.template</exclude>
               <exclude>systemvm/patches/debian/config/etc/dnsmasq.conf.tmpl</exclude>
               <exclude>systemvm/patches/debian/config/etc/vpcdnsmasq.conf</exclude>

diff --git a/systemvm/patches/debian/config/etc/apache2/httpd.conf b/systemvm/patches/debian/config/etc/apache2/httpd.conf
@@ -1,3 +1 @@
-SSLProtocol             all -SSLv2 -SSLv3
-SSLCipherSuite          ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
-SSLHonorCipherOrder     on
+# Empty
diff --git a/systemvm/patches/debian/config/etc/apache2/ports.conf b/systemvm/patches/debian/config/etc/apache2/ports.conf
diff --git a/systemvm/patches/debian/config/etc/apache2/sites-available/default b/systemvm/patches/debian/config/etc/apache2/sites-available/default
diff --git a/systemvm/patches/debian/config/etc/apache2/sites-available/default-ssl b/systemvm/patches/debian/config/etc/apache2/sites-available/default-ssl
diff --git a/systemvm/patches/debian/config/etc/init.d/cloud-early-config b/systemvm/patches/debian/config/etc/init.d/cloud-early-config
@@ -808,22 +808,23 @@ setup_vpc_apache2() {
 
 
 clean_ipalias_config() {
-# Old
-rm -f /etc/apache2/conf.d/ports.*.meta-data.conf
-rm -f /etc/apache2/sites-available/ipAlias*
-rm -f /etc/apache2/sites-enabled/ipAlias*
-rm -f /etc/apache2/conf.d/vhost*.conf
-
-# New
-rm -f /etc/apache2/sites-enabled/vhost-*.conf
-rm -f /etc/apache2/ports.conf
-rm -f /etc/apache2/sites-available/default
-rm -f /etc/apache2/sites-available/default-ssl
-
-rm -rf /etc/failure_config
+  # Old
+  rm -f /etc/apache2/conf.d/ports.*.meta-data.conf
+  rm -f /etc/apache2/sites-available/ipAlias*
+  rm -f /etc/apache2/sites-enabled/ipAlias*
+  rm -f /etc/apache2/conf.d/vhost*.conf
+  rm -f /etc/apache2/ports.conf
+  rm -f /etc/apache2/sites-available/default
+  rm -f /etc/apache2/sites-available/default-ssl
+
+  # New
+  rm -f /etc/apache2/sites-enabled/vhost-*.conf
+
+  rm -rf /etc/failure_config
 }
 
 setup_apache2_common() {
+  sed -i 's/^Include ports.conf.*/# CS: Done by Python CsApp config\n#Include ports.conf/g' /etc/apache2/apache2.conf
   [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerTokens .*/ServerTokens Prod/g" /etc/apache2/conf.d/security
   [ -f /etc/apache2/conf.d/security ] && sed -i -e "s/^ServerSignature .*/ServerSignature Off/g" /etc/apache2/conf.d/security
 
@@ -847,74 +848,6 @@ setup_apache2() {
   # [ -f /etc/apache2/ports.conf ] && sed -i -e "s/NameVirtualHost .*:80/NameVirtualHost $ip:80/g" /etc/apache2/ports.conf
 }
 
-setup_redundant_router() {
-    rrouter_bin_path="/ramdisk/rrouter"
-    rrouter_log="/ramdisk/rrouter/keepalived.log"
-    rrouter_bin_path_str="\/ramdisk\/rrouter"
-    rrouter_log_str="\/ramdisk\/rrouter\/keepalived.log"
-    mkdir -p /ramdisk
-    mount tmpfs /ramdisk -t tmpfs
-    mkdir -p /ramdisk/rrouter
-    ip route delete default
-    cp /root/redundant_router/keepalived.conf.templ /etc/keepalived/keepalived.conf
-    cp /root/redundant_router/conntrackd.conf.templ /etc/conntrackd/conntrackd.conf
-    cp /root/redundant_router/enable_pubip.sh.templ $rrouter_bin_path/enable_pubip.sh
-    cp /root/redundant_router/master.sh.templ $rrouter_bin_path/master.sh
-    cp /root/redundant_router/backup.sh.templ $rrouter_bin_path/backup.sh
-    cp /root/redundant_router/fault.sh.templ $rrouter_bin_path/fault.sh
-    cp /root/redundant_router/primary-backup.sh.templ $rrouter_bin_path/primary-backup.sh
-    cp /root/redundant_router/heartbeat.sh.templ $rrouter_bin_path/heartbeat.sh
-    cp /root/redundant_router/check_heartbeat.sh.templ $rrouter_bin_path/check_heartbeat.sh
-    cp /root/redundant_router/arping_gateways.sh.templ $rrouter_bin_path/arping_gateways.sh
-    cp /root/redundant_router/check_bumpup.sh $rrouter_bin_path/
-    cp /root/redundant_router/disable_pubip.sh $rrouter_bin_path/
-    cp /root/redundant_router/checkrouter.sh.templ /opt/cloud/bin/checkrouter.sh
-    cp /root/redundant_router/services.sh $rrouter_bin_path/
-    sed -i "s/\[ROUTER_ID\]/$NAME/g" /etc/keepalived/keepalived.conf
-    sed -i "s/\[ROUTER_IP\]/$GUEST_GW\/$GUEST_CIDR_SIZE/g" /etc/keepalived/keepalived.conf
-    sed -i "s/\[BOARDCAST\]/$GUEST_BRD/g" /etc/keepalived/keepalived.conf
-    sed -i "s/\[PRIORITY\]/$ROUTER_PR/g" /etc/keepalived/keepalived.conf
-    sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" /etc/keepalived/keepalived.conf
-    sed -i "s/\[DELTA\]/2/g" /etc/keepalived/keepalived.conf
-    sed -i "s/\[LINK_IF\]/eth0/g" /etc/conntrackd/conntrackd.conf
-    sed -i "s/\[LINK_IP\]/$ETH0_IP/g" /etc/conntrackd/conntrackd.conf
-    sed -i "s/\[IGNORE_IP1\]/$GUEST_GW/g" /etc/conntrackd/conntrackd.conf
-    sed -i "s/\[IGNORE_IP2\]/$ETH0_IP/g" /etc/conntrackd/conntrackd.conf
-    sed -i "s/\[IGNORE_IP3\]/$ETH1_IP/g" /etc/conntrackd/conntrackd.conf
-    sed -i "s/\[ETH2IP\]/$ETH2_IP/g" $rrouter_bin_path/enable_pubip.sh
-    sed -i "s/\[ETH2MASK\]/$ETH2_MASK/g" $rrouter_bin_path/enable_pubip.sh
-    sed -i "s/\[GATEWAY\]/$GW/g" $rrouter_bin_path/enable_pubip.sh
-    sed -i "s/\[GATEWAY\]/$GW/g" $rrouter_bin_path/master.sh
-
-    sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/master.sh
-    sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/backup.sh
-    sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/fault.sh
-    sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/heartbeat.sh
-    sed -i "s/\[RROUTER_BIN_PATH\]/$rrouter_bin_path_str/g" $rrouter_bin_path/check_heartbeat.sh
-    sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/master.sh
-    sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/backup.sh
-    sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/fault.sh
-    sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/primary-backup.sh
-    sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/check_heartbeat.sh
-    sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" $rrouter_bin_path/arping_gateways.sh
-    sed -i "s/\[RROUTER_LOG\]/$rrouter_log_str/g" /opt/cloud/bin/checkrouter.sh
-
-    if [ $ADVERT_INT ]
-    then
-        sed -i "s/advert_int 1/advert_int $ADVERT_INT/g" /etc/keepalived/keepalived.conf
-    fi
-
-    chmod a+x $rrouter_bin_path/*.sh
-
-    sed -i "s/--exec\ \$DAEMON;/--exec\ \$DAEMON\ --\ --vrrp;/g" /etc/init.d/keepalived
-    crontab -l|grep "check_heartbeat.sh"
-    if [ $? -ne 0 ]
-    then
-        (crontab -l; echo -e "SHELL=/bin/bash\nPATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin\n*/1 * * * * $rrouter_bin_path/check_heartbeat.sh 2>&1 > /dev/null") | crontab
-    fi
-    load_modules
-}
-
 setup_aesni() {
   if [ `grep aes /proc/cpuinfo | wc -l` -gt 0 ]
   then

diff --git a/tools/whisker/LICENSE b/tools/whisker/LICENSE
@@ -2771,9 +2771,6 @@ Within the patches/systemvm/debian/config/etc/apache2 directory
     Copyright (c) 2012 The Apache Software Foundation
         from The Apache Software Foundation  http://www.apache.org/ 
             httpd.conf 
-            ports.conf 
-            sites-available/default 
-            sites-available/default-ssl 
             vhost.template
 
 Within the patches/systemvm/debian/config/etc/ssh/ directory

diff --git a/tools/whisker/descriptor-for-packaging.xml b/tools/whisker/descriptor-for-packaging.xml
@@ -2459,10 +2459,7 @@ Copyright (c) 2012 The Apache Software Foundation
             </copyright-notice>
             <by-organisation id='apache.org.2'>
                 <resource name='httpd.conf' />
-                <resource name='ports.conf' />
                 <resource name='vhost.template' />
-                <resource name='sites-available/default' />
-                <resource name='sites-available/default-ssl' />
             </by-organisation>
         </with-license>
     </within>