Add support for providing userdata to system VMs

Author: vishesh92

engine/api/src/main/java/com/cloud/vm/VirtualMachineManager.java

@@ -106,6 +106,9 @@ public interface VirtualMachineManager extends Manager {
     ConfigKey<Boolean> VmSyncPowerStateTransitioning = new ConfigKey<>("Advanced", Boolean.class, "vm.sync.power.state.transitioning", "true",
             "Whether to sync power states of the transitioning and stalled VMs while processing VM power reports.", false);
 
+    ConfigKey<Boolean> SystemVmEnableUserData = new ConfigKey<>(Boolean.class, "systemvm.userdata.enabled", "Advanced", "false",
+            "Enable user data for system VMs. When enabled, the CPVM, SSVM, and Router system VMs will use the values from the global settings consoleproxy.userdata, secstorage.userdata, and router.userdata, respectively, to provide cloud-init user data to the VM.",
+            true, ConfigKey.Scope.Zone, null);
 
     interface Topics {
         String VM_POWER_STATE = "vm.powerstate";

engine/orchestration/src/main/java/com/cloud/vm/VirtualMachineManagerImpl.java

@@ -5121,7 +5121,7 @@ public ConfigKey<?>[] getConfigKeys() {
                 VmConfigDriveLabel, VmConfigDriveOnPrimaryPool, VmConfigDriveForceHostCacheUse, VmConfigDriveUseHostCacheOnUnsupportedPool,
                 HaVmRestartHostUp, ResourceCountRunningVMsonly, AllowExposeHypervisorHostname, AllowExposeHypervisorHostnameAccountLevel, SystemVmRootDiskSize,
                 AllowExposeDomainInMetadata, MetadataCustomCloudName, VmMetadataManufacturer, VmMetadataProductName,
-                VmSyncPowerStateTransitioning
+                VmSyncPowerStateTransitioning, SystemVmEnableUserData
         };
     }
 

server/src/main/java/com/cloud/consoleproxy/ConsoleProxyManager.java

@@ -93,6 +93,10 @@ public interface ConsoleProxyManager extends Manager, ConsoleProxyService {
     ConfigKey<String> ConsoleProxyManagementLastState = new ConfigKey<String>(ConfigKey.CATEGORY_ADVANCED, String.class, "consoleproxy.management.state.last", com.cloud.consoleproxy.ConsoleProxyManagementState.Auto.toString(),
             "last console proxy service management state", false, ConfigKey.Kind.Select, consoleProxyManagementStates);
 
+    ConfigKey<String> ConsoleProxyUserData = new ConfigKey<>(String.class, "consoleproxy.userdata", "Advanced", "",
+            "Default user data for console proxy VMs. This works only when systemvm.userdata.enabled is set to true.",
+            true, ConfigKey.Scope.Zone, null);
+
     void setManagementState(ConsoleProxyManagementState state);
 
     ConsoleProxyManagementState getManagementState();

server/src/main/java/com/cloud/consoleproxy/ConsoleProxyManagerImpl.java

@@ -19,6 +19,7 @@
 import java.nio.charset.Charset;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Base64;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -152,6 +153,8 @@
 import com.google.gson.GsonBuilder;
 import com.google.gson.JsonParseException;
 
+import static com.cloud.vm.VirtualMachineManager.SystemVmEnableUserData;
+
 /**
  * Class to manage console proxys. <br><br>
  * Possible console proxy state transition cases:<br>
@@ -1265,6 +1268,15 @@ public boolean finalizeVirtualMachineProfile(VirtualMachineProfile profile, Depl
             buf.append(" vncport=").append(getVncPort(datacenterId));
         }
         buf.append(" keystore_password=").append(VirtualMachineGuru.getEncodedString(PasswordGenerator.generateRandomPassword(16)));
+
+        if (SystemVmEnableUserData.valueIn(dc.getId())) {
+            String userData = ConsoleProxyUserData.valueIn(dc.getId());
+            if (userData != null && !userData.trim().isEmpty()) {
+                String encodedUserData = Base64.getEncoder().encodeToString(userData.getBytes());
+                buf.append(" userdata=").append(encodedUserData);
+            }
+        }
+
         String bootArgs = buf.toString();
         if (logger.isDebugEnabled()) {
             logger.debug("Boot Args for " + profile + ": " + bootArgs);
@@ -1572,7 +1584,7 @@ public String getConfigComponentName() {
     public ConfigKey<?>[] getConfigKeys() {
         return new ConfigKey<?>[] { ConsoleProxySslEnabled, NoVncConsoleDefault, NoVncConsoleSourceIpCheckEnabled, ConsoleProxyServiceOffering,
                 ConsoleProxyCapacityStandby, ConsoleProxyCapacityScanInterval, ConsoleProxyCmdPort, ConsoleProxyRestart, ConsoleProxyUrlDomain, ConsoleProxySessionMax, ConsoleProxySessionTimeout, ConsoleProxyDisableRpFilter, ConsoleProxyLaunchMax,
-                ConsoleProxyManagementLastState, ConsoleProxyServiceManagementState };
+                ConsoleProxyManagementLastState, ConsoleProxyServiceManagementState, ConsoleProxyUserData };
     }
 
     protected ConsoleProxyStatus parseJsonToConsoleProxyStatus(String json) throws JsonParseException {

server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManager.java

@@ -64,6 +64,10 @@ public interface VirtualNetworkApplianceManager extends Manager, VirtualNetworkA
     ConfigKey<String> RouterTemplateOvm3 = new ConfigKey<>(String.class, RouterTemplateOvm3CK, "Advanced", "SystemVM Template (Ovm3)",
             "Name of the default router template on Ovm3.", true, ConfigKey.Scope.Zone, null);
 
+    ConfigKey<String> RouterUserData = new ConfigKey<>(String.class, "router.userdata", "Advanced", "",
+            "Default user data for virtual router. This works only when systemvm.userdata.enabled is set to true.",
+            true, ConfigKey.Scope.Zone, null);
+
     ConfigKey<Boolean> SetServiceMonitor = new ConfigKey<>(Boolean.class, SetServiceMonitorCK, "Advanced", "true",
             "service monitoring in router enable/disable option, default true", true, ConfigKey.Scope.Zone, null);
 

server/src/main/java/com/cloud/network/router/VirtualNetworkApplianceManagerImpl.java

@@ -18,6 +18,7 @@
 package com.cloud.network.router;
 
 import static com.cloud.utils.NumbersUtil.toHumanReadableSize;
+import static com.cloud.vm.VirtualMachineManager.SystemVmEnableUserData;
 
 import java.lang.reflect.Type;
 import java.math.BigInteger;
@@ -28,6 +29,7 @@
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Base64;
 import java.util.Calendar;
 import java.util.Collections;
 import java.util.Date;
@@ -2149,6 +2151,14 @@ public boolean finalizeVirtualMachineProfile(final VirtualMachineProfile profile
                 " on the virtual router.", RouterLogrotateFrequency.key(), routerLogrotateFrequency, dc.getUuid()));
         buf.append(String.format(" logrotatefrequency=%s", routerLogrotateFrequency));
 
+        if (SystemVmEnableUserData.valueIn(router.getDataCenterId())) {
+            String userData = RouterUserData.valueIn(router.getDataCenterId());
+            if (userData != null && !userData.trim().isEmpty()) {
+                String encodedUserData = Base64.getEncoder().encodeToString(userData.getBytes());
+                buf.append(" userdata=").append(encodedUserData);
+            }
+        }
+
         if (logger.isDebugEnabled()) {
             logger.debug("Boot Args for " + profile + ": " + buf.toString());
         }
@@ -3429,7 +3439,8 @@ public ConfigKey<?>[] getConfigKeys() {
                 RouterHealthChecksMaxMemoryUsageThreshold,
                 ExposeDnsAndBootpServer,
                 RouterLogrotateFrequency,
-                RemoveControlIpOnStop
+                RemoveControlIpOnStop,
+                RouterUserData
         };
     }
 

server/src/main/java/com/cloud/storage/secondary/SecondaryStorageVmManager.java

@@ -44,6 +44,10 @@ public interface SecondaryStorageVmManager extends Manager {
             "The time interval(in millisecond) to scan whether or not system needs more SSVM to ensure minimal standby capacity",
             false);
 
+    ConfigKey<String> SecondaryStorageUserData = new ConfigKey<>(String.class, "secstorage.userdata", "Advanced", "",
+            "Default user data for secondary storage VMs. This works only when systemvm.userdata.enabled is set to true.", true, ConfigKey.Scope.Zone, null);
+
+
     public static final int DEFAULT_SS_VM_RAMSIZE = 512;            // 512M
     public static final int DEFAULT_SS_VM_CPUMHZ = 500;             // 500 MHz
     public static final int DEFAULT_SS_VM_MTUSIZE = 1500;

services/secondary-storage/controller/src/main/java/org/apache/cloudstack/secondarystorage/SecondaryStorageManagerImpl.java

@@ -17,11 +17,13 @@
 package org.apache.cloudstack.secondarystorage;
 
 import static com.cloud.configuration.Config.SecStorageAllowedInternalDownloadSites;
+import static com.cloud.vm.VirtualMachineManager.SystemVmEnableUserData;
 
 import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Base64;
 import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
@@ -1227,6 +1229,15 @@ public boolean finalizeVirtualMachineProfile(VirtualMachineProfile profile, Depl
         String nfsVersion = imageStoreDetailsUtil != null ? imageStoreDetailsUtil.getNfsVersion(secStores.get(0).getId()) : null;
         buf.append(" nfsVersion=").append(nfsVersion);
         buf.append(" keystore_password=").append(VirtualMachineGuru.getEncodedString(PasswordGenerator.generateRandomPassword(16)));
+
+        if (SystemVmEnableUserData.valueIn(dc.getId())) {
+            String userData = SecondaryStorageUserData.valueIn(dc.getId());
+            if (userData != null && !userData.trim().isEmpty()) {
+                String encodedUserData = Base64.getEncoder().encodeToString(userData.getBytes());
+                buf.append(" userdata=").append(encodedUserData);
+            }
+        }
+
         String bootArgs = buf.toString();
         if (logger.isDebugEnabled()) {
             logger.debug(String.format("Boot args for machine profile [%s]: [%s].", profile.toString(), bootArgs));
@@ -1529,7 +1540,7 @@ public String getConfigComponentName() {
 
     @Override
     public ConfigKey<?>[] getConfigKeys() {
-        return new ConfigKey<?>[] {NTPServerConfig, MaxNumberOfSsvmsForMigration, SecondaryStorageCapacityScanInterval};
+        return new ConfigKey<?>[] {NTPServerConfig, MaxNumberOfSsvmsForMigration, SecondaryStorageCapacityScanInterval, SecondaryStorageUserData};
     }
 
 }

systemvm/debian/opt/cloud/bin/setup/init.sh

@@ -20,6 +20,8 @@ set -x
 PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin"
 CMDLINE=/var/cache/cloud/cmdline
 
+. /lib/lsb/init-functions
+
 log_it() {
   echo "$(date) $@" >> /var/log/cloud.log
   log_action_msg "$@"

systemvm/debian/opt/cloud/bin/setup/postinit.sh

@@ -18,6 +18,8 @@
 #
 # This scripts before ssh.service but after cloud-early-config
 
+. /lib/lsb/init-functions
+
 log_it() {
   echo "$(date) $@" >> /var/log/cloud.log
   log_action_msg "$@"
@@ -47,6 +49,100 @@ fi
 
 CMDLINE=/var/cache/cloud/cmdline
 TYPE=$(grep -Po 'type=\K[a-zA-Z]*' $CMDLINE)
+
+# Execute cloud-init if user data is present
+run_cloud_init() {
+  if [ ! -f "$CMDLINE" ]; then
+    log_it "No cmdline file found, skipping cloud-init execution"
+    return 0
+  fi
+
+  local encoded_userdata=$(grep -Po 'userdata=\K[^[:space:]]*' "$CMDLINE" || true)
+  if [ -z "$encoded_userdata" ]; then
+    log_it "No user data found in cmdline, skipping cloud-init execution"
+    return 0
+  fi
+
+  log_it "User data detected, setting up and running cloud-init"
+
+  # Update cloud-init config to use NoCloud datasource
+  cat <<EOF > /etc/cloud/cloud.cfg.d/cloudstack.cfg
+#cloud-config
+datasource_list: ['NoCloud']
+network:
+  config: disabled
+manage_etc_hosts: false
+manage_resolv_conf: false
+users: []
+disable_root: false
+ssh_pwauth: false
+cloud_init_modules:
+  - migrator
+  - seed_random
+  - bootcmd
+  - write-files
+  - growpart
+  - resizefs
+  - disk_setup
+  - mounts
+  - rsyslog
+cloud_config_modules:
+  - locale
+  - timezone
+  - runcmd
+cloud_final_modules:
+  - scripts-per-once
+  - scripts-per-boot
+  - scripts-per-instance
+  - scripts-user
+  - final-message
+  - power-state-change
+EOF
+
+  # Set up user data files (reuse the function from init.sh)
+  mkdir -p /var/lib/cloud/seed/nocloud
+
+  # Decode and potentially decompress user data
+  local decoded_userdata
+  decoded_userdata=$(echo "$encoded_userdata" | base64 -d 2>/dev/null)
+  if [ $? -ne 0 ] || [ -z "$decoded_userdata" ]; then
+    log_it "ERROR: Failed to decode base64 user data"
+    return 1
+  fi
+
+  # Write user data
+  echo "$decoded_userdata" > /var/lib/cloud/seed/nocloud/user-data
+  chmod 600 /var/lib/cloud/seed/nocloud/user-data
+
+  # Create meta-data
+  local instance_name=$(grep -Po 'name=\K[^[:space:]]*' "$CMDLINE" || hostname)
+  cat > /var/lib/cloud/seed/nocloud/meta-data << EOF
+instance-id: $instance_name
+local-hostname: $instance_name
+EOF
+  chmod 644 /var/lib/cloud/seed/nocloud/meta-data
+
+  log_it "User data files created, executing cloud-init..."
+
+  # Clean any previous cloud-init state
+  cloud-init clean --logs
+
+  # Run cloud-init stages manually
+  cloud-init init --local && \
+  cloud-init init && \
+  cloud-init modules --mode=config && \
+  cloud-init modules --mode=final
+
+  local cloud_init_result=$?
+  if [ $cloud_init_result -eq 0 ]; then
+    log_it "Cloud-init executed successfully"
+  else
+    log_it "ERROR: Cloud-init execution failed with exit code: $cloud_init_result"
+  fi
+
+  return $cloud_init_result
+}
+
 if [ "$TYPE" == "router" ] || [ "$TYPE" == "vpcrouter" ] || [ "$TYPE" == "dhcpsrvr" ]
 then
   if [ -x /opt/cloud/bin/update_config.py ]
@@ -71,4 +167,6 @@ do
   systemctl disable --now --no-block $svc
 done
 
+run_cloud_init
+
 date > /var/cache/cloud/boot_up_done