Use userdata uuid instead of user data in global settings

Author: vishesh92

api/src/main/java/org/apache/cloudstack/userdata/UserDataManager.java

@@ -16,6 +16,7 @@
 // under the License.
 package org.apache.cloudstack.userdata;
 
+import com.cloud.template.VirtualMachineTemplate;
 import org.apache.cloudstack.api.BaseCmd;
 import org.apache.cloudstack.framework.config.ConfigKey;
 import org.apache.cloudstack.framework.config.Configurable;
@@ -29,4 +30,5 @@ public interface UserDataManager extends Manager, Configurable {
 
     String concatenateUserData(String userdata1, String userdata2, String userdataProvider);
     String validateUserData(String userData, BaseCmd.HTTPMethod httpmethod);
+    String getUserDataForSystemVms(String userDataUuid, VirtualMachineTemplate vmTemplate);
 }

engine/userdata/src/main/java/org/apache/cloudstack/userdata/UserDataManagerImpl.java

@@ -22,6 +22,11 @@
 import java.util.List;
 import java.util.Map;
 
+import com.cloud.domain.Domain;
+import com.cloud.template.VirtualMachineTemplate;
+import com.cloud.user.User;
+import com.cloud.user.UserDataVO;
+import com.cloud.user.dao.UserDataDao;
 import org.apache.cloudstack.api.BaseCmd;
 import org.apache.cloudstack.framework.config.ConfigKey;
 import org.apache.commons.codec.binary.Base64;
@@ -31,7 +36,12 @@
 import com.cloud.utils.component.ManagerBase;
 import com.cloud.utils.exception.CloudRuntimeException;
 
+import javax.inject.Inject;
+
 public class UserDataManagerImpl extends ManagerBase implements UserDataManager {
+    @Inject
+    UserDataDao userDataDao;
+
     private static final int MAX_USER_DATA_LENGTH_BYTES = 2048;
     private static final int MAX_HTTP_GET_LENGTH = 2 * MAX_USER_DATA_LENGTH_BYTES; // 4KB
     private static final int NUM_OF_2K_BLOCKS = 512;
@@ -118,6 +128,29 @@ public String validateUserData(String userData, BaseCmd.HTTPMethod httpmethod) {
         return Base64.encodeBase64String(decodedUserData);
     }
 
+    @Override
+    public String getUserDataForSystemVms(String userDataUuid, VirtualMachineTemplate vmTemplate) {
+        UserDataVO templateUserDataVo = userDataDao.findById(vmTemplate.getUserDataId());
+        UserDataVO userDataVo = userDataDao.findByUuid(userDataUuid);
+        String templateUserData = validateAndGetUserDataForSystemVm(templateUserDataVo);
+        String userData = validateAndGetUserDataForSystemVm(userDataVo);
+        if (templateUserData == null && userData == null) {
+            return null;
+        } else if (templateUserData != null && userData == null) {
+            return templateUserData;
+        } else if (userData != null && templateUserData == null) {
+            return userData;
+        }
+        return concatenateUserData(templateUserData, userData, null);
+    }
+
+    private String validateAndGetUserDataForSystemVm(UserDataVO userData) {
+        if (userData.getDomainId() == Domain.ROOT_DOMAIN && userData.getAccountId() == User.UID_ADMIN) {
+            return userData.getUserData();
+        }
+        return null;
+    }
+
     private byte[] validateAndDecodeByHTTPMethod(String userData, int maxHTTPLength, BaseCmd.HTTPMethod httpMethod) {
         byte[] decodedUserData = Base64.decodeBase64(userData.getBytes());
         if (decodedUserData == null || decodedUserData.length < 1) {

framework/config/src/main/java/org/apache/cloudstack/framework/config/ConfigKey.java

@@ -41,7 +41,6 @@ public class ConfigKey<T> {
     public static final String CATEGORY_ADVANCED = "Advanced";
     public static final String CATEGORY_ALERT = "Alert";
     public static final String CATEGORY_NETWORK = "Network";
-    public static final String CATEGORY_SECURE = "Secure";
     public static final String CATEGORY_SYSTEM = "System";
 
     // Configuration Groups to be used to define group for a config key

plugins/network-elements/elastic-loadbalancer/src/main/java/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java

@@ -36,6 +36,7 @@
 import org.apache.cloudstack.engine.orchestration.service.NetworkOrchestrationService;
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
 import org.apache.cloudstack.managed.context.ManagedContextRunnable;
+import org.apache.cloudstack.userdata.UserDataManager;
 import org.apache.commons.lang3.StringUtils;
 import org.springframework.stereotype.Component;
 
@@ -141,6 +142,8 @@ public class ElasticLoadBalancerManagerImpl extends ManagerBase implements Elast
     private ElasticLbVmMapDao _elbVmMapDao;
     @Inject
     private NicDao _nicDao;
+    @Inject
+    private UserDataManager userDataManager;
 
     String _instance;
 
@@ -484,7 +487,8 @@ public boolean finalizeVirtualMachineProfile(VirtualMachineProfile profile, Depl
         buf.append(" authorized_key=").append(VirtualMachineGuru.getEncodedMsPublicKey(msPublicKey));
 
         if (SystemVmEnableUserData.valueIn(dc.getId())) {
-            String userData = RouterUserData.valueIn(dc.getId());
+            String userDataUuid = RouterUserData.valueIn(dc.getId());
+            String userData = userDataManager.getUserDataForSystemVms(userDataUuid, profile.getTemplate());
             if (StringUtils.isNotBlank(userData)) {
                 String encodedUserData = Base64.getEncoder().encodeToString(userData.getBytes());
                 buf.append(" userdata=").append(encodedUserData);

plugins/network-elements/internal-loadbalancer/src/main/java/org/apache/cloudstack/network/lb/InternalLoadBalancerVMManagerImpl.java

@@ -42,6 +42,7 @@
 import org.apache.cloudstack.framework.config.dao.ConfigurationDao;
 import org.apache.cloudstack.lb.ApplicationLoadBalancerRuleVO;
 import org.apache.cloudstack.lb.dao.ApplicationLoadBalancerRuleDao;
+import org.apache.cloudstack.userdata.UserDataManager;
 import org.apache.commons.collections.CollectionUtils;
 
 import com.cloud.agent.AgentManager;
@@ -179,6 +180,8 @@ public class InternalLoadBalancerVMManagerImpl extends ManagerBase implements In
     ResourceManager _resourceMgr;
     @Inject
     UserDao _userDao;
+    @Inject
+    private UserDataManager userDataManager;
 
     @Override
     public boolean finalizeVirtualMachineProfile(final VirtualMachineProfile profile, final DeployDestination dest, final ReservationContext context) {
@@ -249,7 +252,8 @@ public boolean finalizeVirtualMachineProfile(final VirtualMachineProfile profile
 
         long dcId = profile.getVirtualMachine().getDataCenterId();
         if (SystemVmEnableUserData.valueIn(dcId)) {
-            String userData = RouterUserData.valueIn(dcId);
+            String userDataUuid = RouterUserData.valueIn(dcId);
+            String userData = userDataManager.getUserDataForSystemVms(userDataUuid, profile.getTemplate());
             if (StringUtils.isNotBlank(userData)) {
                 String encodedUserData = Base64.getEncoder().encodeToString(userData.getBytes());
                 buf.append(" userdata=").append(encodedUserData);

server/src/main/java/com/cloud/consoleproxy/ConsoleProxyManager.java

@@ -94,8 +94,8 @@ public interface ConsoleProxyManager extends Manager, ConsoleProxyService {
             "last console proxy service management state", false, ConfigKey.Kind.Select, consoleProxyManagementStates);
 
     ConfigKey<String> ConsoleProxyUserData = new ConfigKey<>(String.class, "consoleproxy.userdata",
-            ConfigKey.CATEGORY_SECURE, "",
-            "Default user data for console proxy VMs. This works only when systemvm.userdata.enabled is set to true",
+            ConfigKey.CATEGORY_ADVANCED, "",
+            "UUID for user data for console proxy VMs. This works only when systemvm.userdata.enabled is set to true",
             true, ConfigKey.Scope.Zone, null, "User Data for CPVMs",
             null, ConfigKey.GROUP_SYSTEM_VMS, ConfigKey.SUBGROUP_CONSOLE_PROXY_VM);
 

server/src/main/java/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java

@@ -49,6 +49,7 @@
 import org.apache.cloudstack.storage.datastore.db.PrimaryDataStoreDao;
 import org.apache.cloudstack.storage.datastore.db.StoragePoolVO;
 import org.apache.cloudstack.storage.datastore.db.TemplateDataStoreDao;
+import org.apache.cloudstack.userdata.UserDataManager;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.commons.lang3.BooleanUtils;
 
@@ -230,6 +231,8 @@ public class ConsoleProxyManagerImpl extends ManagerBase implements ConsoleProxy
     private CAManager caManager;
     @Inject
     private NetworkOrchestrationService networkMgr;
+    @Inject
+    private UserDataManager userDataManager;
 
     private ConsoleProxyListener consoleProxyListener;
 
@@ -1270,7 +1273,8 @@ public boolean finalizeVirtualMachineProfile(VirtualMachineProfile profile, Depl
         buf.append(" keystore_password=").append(VirtualMachineGuru.getEncodedString(PasswordGenerator.generateRandomPassword(16)));
 
         if (SystemVmEnableUserData.valueIn(dc.getId())) {
-            String userData = ConsoleProxyUserData.valueIn(dc.getId());
+            String userDataUuid = ConsoleProxyUserData.valueIn(dc.getId());
+            String userData = userDataManager.getUserDataForSystemVms(userDataUuid, profile.getTemplate());
             if (StringUtils.isNotBlank(userData)) {
                 String encodedUserData = Base64.getEncoder().encodeToString(userData.getBytes());
                 buf.append(" userdata=").append(encodedUserData);

server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManager.java

@@ -65,8 +65,8 @@ public interface VirtualNetworkApplianceManager extends Manager, VirtualNetworkA
             "Name of the default router template on Ovm3.", true, ConfigKey.Scope.Zone, null);
 
     ConfigKey<String> RouterUserData = new ConfigKey<>(String.class, "router.userdata",
-            ConfigKey.CATEGORY_SECURE, "",
-            "Default user data for VR, VPC VR, internal LB, and elastic LB. This works only when systemvm.userdata.enabled is set to true",
+            ConfigKey.CATEGORY_ADVANCED, "",
+            "UUID for user data of VR, VPC VR, internal LB, and elastic LB. This works only when systemvm.userdata.enabled is set to true",
             true, ConfigKey.Scope.Zone, null, "User Data for VRs",
             null, ConfigKey.GROUP_SYSTEM_VMS, ConfigKey.SUBGROUP_VIRTUAL_ROUTER);
 

server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java

@@ -73,6 +73,7 @@
 import org.apache.cloudstack.network.RoutedIpv4Manager;
 import org.apache.cloudstack.network.topology.NetworkTopology;
 import org.apache.cloudstack.network.topology.NetworkTopologyContext;
+import org.apache.cloudstack.userdata.UserDataManager;
 import org.apache.cloudstack.utils.CloudStackVersion;
 import org.apache.cloudstack.utils.identity.ManagementServerNode;
 import org.apache.cloudstack.utils.usage.UsageUtils;
@@ -354,6 +355,9 @@ public class VirtualNetworkApplianceManagerImpl extends ManagerBase implements V
     @Inject
     BGPService bgpService;
 
+    @Inject
+    private UserDataManager userDataManager;
+
     private int _routerStatsInterval = 300;
     private int _routerCheckInterval = 30;
     private int _rvrStatusUpdatePoolSize = 10;
@@ -2099,7 +2103,8 @@ public boolean finalizeVirtualMachineProfile(final VirtualMachineProfile profile
         buf.append(String.format(" logrotatefrequency=%s", routerLogrotateFrequency));
 
         if (SystemVmEnableUserData.valueIn(router.getDataCenterId())) {
-            String userData = RouterUserData.valueIn(router.getDataCenterId());
+            String userDataUuid = RouterUserData.valueIn(dc.getId());
+            String userData = userDataManager.getUserDataForSystemVms(userDataUuid, profile.getTemplate());
             if (StringUtils.isNotBlank(userData)) {
                 String encodedUserData = Base64.getEncoder().encodeToString(userData.getBytes());
                 buf.append(" userdata=").append(encodedUserData);

server/src/main/java/com/cloud/storage/secondary/SecondaryStorageVmManager.java

@@ -45,8 +45,8 @@ public interface SecondaryStorageVmManager extends Manager {
             false);
 
     ConfigKey<String> SecondaryStorageUserData = new ConfigKey<>(String.class, "secstorage.userdata",
-            ConfigKey.CATEGORY_SECURE, "",
-            "Default user data for secondary storage VMs. This works only when systemvm.userdata.enabled is set to true",
+            ConfigKey.CATEGORY_ADVANCED, "",
+            "UUID for user data for secondary storage VMs. This works only when systemvm.userdata.enabled is set to true",
             true, ConfigKey.Scope.Zone, null, "User Data for SSVMs",
             null, ConfigKey.GROUP_SYSTEM_VMS, ConfigKey.SUBGROUP_SEC_STORAGE_VM);