systemd: fix services to allow TLS configurations via java.security.ciphers

[yadvr]

This fixes the management server and systemd services to allow the
java.security.ciphers file to configure disabled TLS protocols and
algorithms. This also cleans up systemd service files for agent and
usage server, and deprecates use of jsvc when systemd can be used
directly.

This fixes #3140

Types of changes

• Breaking change (fix or feature that would cause existing functionality to change)
• New feature (non-breaking change which adds functionality)
• Bug fix (non-breaking change which fixes an issue)
• Enhancement (improves an existing feature and functionality)
• Cleanup (Code refactoring and cleanup, that may add test cases)

How Has This Been Tested?

Deploy systemd based environments using CentOS7 and Ubuntu 18.04. Verified first that TLS settings has no effect, then with the changes applied found in both usage, kvm agent and management server that systemd service works OK and TLS was configurable again.

[yadvr]

@blueorangutan package

[blueorangutan]

@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress.

[blueorangutan]

Packaging result: ✔centos6 ✔centos7 ✔debian. JID-2594

[yadvr]

@blueorangutan test matrix

[blueorangutan]

@rhtyd a Trillian-Jenkins matrix job (centos6 mgmt + xs71, centos7 mgmt + vmware65, centos7 mgmt + kvmcentos7) has been kicked to run smoke tests

[yadvr]

@GabrielBrascher please consider including this in 4.12.0.0 as this fixes the TLS configuration security issue.

[wido]

LGTM

[yadvr]

Forward merging-note: master does not support ubuntu 14.04 and older, therefore jsvc dependency can be removed from master's debian/.

[blueorangutan]

Trillian test result (tid-3371)
Environment: kvm-centos7 (x2), Advanced Networking with Mgmt server 7
Total time taken: 24936 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr3163-t3371-kvm-centos7.zip
Intermittent failure detected: /marvin/tests/smoke/test_deploy_virtio_scsi_vm.py
Intermittent failure detected: /marvin/tests/smoke/test_vpc_redundant.py
Intermittent failure detected: /marvin/tests/smoke/test_vpc_vpn.py
Smoke tests completed. 67 look OK, 1 have error(s)
Only failed tests results shown below:

Test	Result	Time (s)	Test File
test_01_redundant_vpc_site2site_vpn	Failure	205.85	test_vpc_vpn.py

[blueorangutan]

Trillian test result (tid-3372)
Environment: vmware-65 (x2), Advanced Networking with Mgmt server 7
Total time taken: 26302 seconds
Marvin logs: https://github.com/blueorangutan/acs-prs/releases/download/trillian/pr3163-t3372-vmware-65.zip
Smoke tests completed. 68 look OK, 0 have error(s)
Only failed tests results shown below:

Test	Result	Time (s)	Test File

[GabrielBrascher]

We are on tight schedule for 4.12; thus, I am trying to keep as short as possible the list of PRs aiming the 4.12 release.

Considering this; @rhtyd do you think that this PR is a blocker for 4.12? If so, could you please register this PR as a blocker on the mailing list thread '[PROPOSE] RM for 4.12'? Thanks!

[yadvr]

Yes @GabrielBrascher because the tls disabled settings is no longer honoured, it's a security issue. Will propose on the list.

[borisstoyanov]

LGTM, run manual testing and could confirm that secure renegotiation is not supported with tls1 and tls1_1