From 29c88787e1cd68467860451ac4b5402cce1d90b0 Mon Sep 17 00:00:00 2001
From: Chiradeep Vittal <chiradeep@cloud.com>
Date: Thu, 28 Jul 2011 16:03:32 -0700
Subject: [PATCH 1/8] from eip feature: 1. fix ordering of ingress and egress
 rules so that vms are protected from other vms on the same host in all cases
 2. remove dependency on cloud-guest

---
 scripts/vm/hypervisor/xenserver/vmops | 56 ++++++++++++++++++++++-----
 1 file changed, 46 insertions(+), 10 deletions(-)

diff --git a/scripts/vm/hypervisor/xenserver/vmops b/scripts/vm/hypervisor/xenserver/vmops
index 8a3c0a40c6a..bf2193509bc 100755
--- a/scripts/vm/hypervisor/xenserver/vmops
+++ b/scripts/vm/hypervisor/xenserver/vmops
@@ -230,6 +230,7 @@ def saveDhcpEntry(session, args):
 
     return txt
 
+    
 @echo
 def setLinkLocalIP(session, args):
     brName = args['brName']
@@ -377,7 +378,7 @@ def can_bridge_firewall(session, args):
             util.pread2(['iptables', '-A', 'FORWARD', '-j', 'DROP'])
         except:
             result = 'false'
-
+    allow_egress_traffic(session)
     if not os.path.exists('/var/run/cloud'):
         os.makedirs('/var/run/cloud')
  
@@ -386,6 +387,28 @@ def can_bridge_firewall(session, args):
     
     return result
 
+@echo
+def allow_egress_traffic(session):
+    devs = []
+    for pif in session.xenapi.PIF.get_all():
+        pif_rec = session.xenapi.PIF.get_record(pif)
+        vlan = pif_rec.get('VLAN')
+        dev = pif_rec.get('device')
+        if vlan == '-1':
+            devs.append(dev)
+        else:
+            devs.append(dev + "." + vlan)
+    for d in devs:
+        try:
+            util.pread2(['/bin/bash', '-c', "iptables -n -L FORWARD | grep '%s '" % d])
+        except:
+            try:
+                util.pread2(['iptables', '-I', 'FORWARD', '2', '-m', 'physdev', '--physdev-is-bridged', '--physdev-out', d, '-j', 'ACCEPT'])
+            except:
+                util.SMlog("Failed to add FORWARD rule through to %s" % d)
+                return 'false'
+    return 'true'
+
 
 def ipset(ipsetname, proto, start, end, ips):
     try:
@@ -557,16 +580,19 @@ def default_network_rules_systemvm(session, args):
         util.pread2(['iptables', '-N', vmchain])
     except:
         util.pread2(['iptables', '-F', vmchain])
-
+    
+    allow_egress_traffic(session)
   
     for vif in vifs:
         try:
             util.pread2(['iptables', '-A', 'BRIDGE-FIREWALL', '-m', 'physdev', '--physdev-is-bridged', '--physdev-out', vif, '-j', vmchain])
-            util.pread2(['iptables', '-A', 'BRIDGE-FIREWALL', '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', vif, '-j', vmchain])
+            util.pread2(['iptables', '-I', 'BRIDGE-FIREWALL', '2', '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', vif, '-j', vmchain])
+            util.pread2(['iptables', '-I', vmchain, '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', vif, '-j', 'RETURN'])
         except:
             util.SMlog("Failed to program default rules")
             return 'false'
-
+	
+	
     util.pread2(['iptables', '-A', vmchain, '-j', 'ACCEPT'])
     
     if write_rule_log_for_vm(vm_name, '-1', '_ignore_', domid, '_initial_', '-1') == False:
@@ -626,7 +652,7 @@ def default_network_rules(session, args):
     try:
         for v in vifs:
             util.pread2(['iptables', '-A', 'BRIDGE-FIREWALL', '-m', 'physdev', '--physdev-is-bridged', '--physdev-out', v, '-j', vmchain_default])
-            util.pread2(['iptables', '-A', 'BRIDGE-FIREWALL', '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', v, '-j', vmchain_default])
+            util.pread2(['iptables', '-I', 'BRIDGE-FIREWALL', '2', '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', v, '-j', vmchain_default])
         util.pread2(['iptables', '-A', vmchain_default, '-m', 'state', '--state', 'RELATED,ESTABLISHED', '-j', 'ACCEPT'])
         #allow dhcp
         for v in vifs:
@@ -726,7 +752,7 @@ def network_rules_for_rebooted_vm(session, vmName):
 
     for v in vifs:
         util.pread2(['iptables', '-A', 'BRIDGE-FIREWALL', '-m', 'physdev', '--physdev-is-bridged', '--physdev-out', v, '-j', vmchain_default])
-        util.pread2(['iptables', '-A', 'BRIDGE-FIREWALL', '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', v, '-j', vmchain_default])
+        util.pread2(['iptables', '-I', 'BRIDGE-FIREWALL', '-m', 'physdev', '--physdev-is-bridged', '--physdev-in', v, '-j', vmchain_default])
 
     #change antispoof rule in vmchain
     try:
@@ -843,7 +869,7 @@ def cleanup_rules(session, args):
     cleanup = []
     for chain in chains:
         if 1 in [ chain.startswith(c) for c in ['r-', 'i-', 's-', 'v-'] ]:
-            vm = session.xenapi.VM.get_by_name_label(vm_name)
+            vm = session.xenapi.VM.get_by_name_label(chain)
             if len(vm) != 1:
                 util.SMlog("chain " + chain + " does not correspond to a vm, cleaning up")
                 cleanup.append(vm_name)
@@ -1029,7 +1055,17 @@ def network_rules(session, args):
     util.SMlog("Failed to network rule !")
 
 
-
 if __name__ == "__main__":
-    XenAPIPlugin.dispatch({"pingtest": pingtest, "setup_iscsi":setup_iscsi, "gethostvmstats": gethostvmstats, "getvncport": getvncport, "getgateway": getgateway, "preparemigration": preparemigration, "setIptables": setIptables, "pingdomr": pingdomr, "pingxenserver": pingxenserver,  "ipassoc": ipassoc, "vm_data": vm_data, "savePassword": savePassword, "saveDhcpEntry": saveDhcpEntry, "setFirewallRule": setFirewallRule, "setLoadBalancerRule": setLoadBalancerRule, "createFile": createFile, "deleteFile": deleteFile, "networkUsage": networkUsage, "network_rules":network_rules, "can_bridge_firewall":can_bridge_firewall, "default_network_rules":default_network_rules, "destroy_network_rules_for_vm":destroy_network_rules_for_vm, "default_network_rules_systemvm":default_network_rules_systemvm, "get_rule_logs_for_vms":get_rule_logs_for_vms, "setLinkLocalIP":setLinkLocalIP, "cleanup_rules":cleanup_rules})
-
+     XenAPIPlugin.dispatch({"pingtest": pingtest, "setup_iscsi":setup_iscsi, "gethostvmstats": gethostvmstats, 
+                            "getvncport": getvncport, "getgateway": getgateway, "preparemigration": preparemigration, 
+                            "setIptables": setIptables, "pingdomr": pingdomr, "pingxenserver": pingxenserver,  
+                            "ipassoc": ipassoc, "vm_data": vm_data, "savePassword": savePassword, 
+                            "saveDhcpEntry": saveDhcpEntry, "setFirewallRule": setFirewallRule, 
+                            "setLoadBalancerRule": setLoadBalancerRule, "createFile": createFile, "deleteFile": deleteFile, 
+                            "networkUsage": networkUsage, "network_rules":network_rules, 
+                            "can_bridge_firewall":can_bridge_firewall, "default_network_rules":default_network_rules,
+                            "destroy_network_rules_for_vm":destroy_network_rules_for_vm, 
+                            "default_network_rules_systemvm":default_network_rules_systemvm, 
+                            "get_rule_logs_for_vms":get_rule_logs_for_vms, 
+                            "setLinkLocalIP":setLinkLocalIP, 
+                            "cleanup_rules":cleanup_rules})

From 56d7be35f16e260ba4ed981a3b5b6bc278b9333c Mon Sep 17 00:00:00 2001
From: Chiradeep Vittal <chiradeep@cloud.com>
Date: Fri, 29 Jul 2011 11:04:54 -0700
Subject: [PATCH 2/8]  WIP

---
 .../config/etc/init.d/cloud-early-config      | 22 ++++++
 .../com/cloud/network/NetworkManagerImpl.java |  2 +-
 .../lb/ElasticLoadBalancerManagerImpl.java    | 76 ++++++++++++++++++-
 3 files changed, 98 insertions(+), 2 deletions(-)

diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
index 80704f848cc..76066e30ba1 100755
--- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config
+++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
@@ -396,6 +396,24 @@ setup_console_proxy() {
   chkconfig nfs-common off
 }
 
+setup_elbvm() {
+  log_it "Setting up Elastic Load Balancer system vm"
+  local hyp=$1
+  setup_common eth0 eth1 eth2
+  sed -i  /gateway/d /etc/hosts
+  public_ip=$ETH2_IP
+  [ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH0_IP
+  echo "$public_ip $NAME" >> /etc/hosts
+
+  setup_sshd $ETH0_IP
+  
+  enable_fwding 0
+  enable_svc haproxy 0
+  enable_svc dnsmasq 0
+  enable_svc cloud-passwd-srvr 0
+  enable_svc cloud 0
+}
+
 setup_default() {
   cat > /etc/network/interfaces << EOF
 auto lo eth0
@@ -430,6 +448,10 @@ start() {
          [ "$NAME" == "" ] && NAME=consoleproxy
          setup_console_proxy $hyp;
 	  ;;
+     elbvm)
+         [ "$NAME" == "" ] && NAME=elb
+         setup_elbvm
+	  ;;
      unknown)
          [ "$NAME" == "" ] && NAME=systemvm
          setup_default;
diff --git a/server/src/com/cloud/network/NetworkManagerImpl.java b/server/src/com/cloud/network/NetworkManagerImpl.java
index 6d188b79c7e..e90d88c2671 100755
--- a/server/src/com/cloud/network/NetworkManagerImpl.java
+++ b/server/src/com/cloud/network/NetworkManagerImpl.java
@@ -752,7 +752,7 @@ public class NetworkManagerImpl implements NetworkManager, NetworkService, Manag
         NetworkOfferingVO guestNetworkOffering = new NetworkOfferingVO(NetworkOffering.SystemGuestNetwork, "System Offering for System-Guest-Network", TrafficType.Guest, true, false, null, null,
                 null, true, Availability.Required,
                 // services - all true except for firewall/lb/vpn and gateway services
-                true, true, true, false, false, false, false, GuestIpType.Direct);
+                true, true, true, false, false, true, false, GuestIpType.Direct);
         guestNetworkOffering = _networkOfferingDao.persistDefaultNetworkOffering(guestNetworkOffering);
         _systemNetworks.put(NetworkOfferingVO.SystemGuestNetwork, guestNetworkOffering);
 
diff --git a/server/src/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java b/server/src/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java
index 11f685325ae..a18873d5d54 100644
--- a/server/src/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java
+++ b/server/src/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java
@@ -33,6 +33,7 @@ import org.apache.log4j.Logger;
 import com.cloud.agent.AgentManager;
 import com.cloud.agent.AgentManager.OnError;
 import com.cloud.agent.api.Answer;
+import com.cloud.agent.api.StopAnswer;
 import com.cloud.agent.api.routing.LoadBalancerConfigCommand;
 import com.cloud.agent.api.routing.NetworkElementCommand;
 import com.cloud.agent.api.to.LoadBalancerTO;
@@ -104,7 +105,9 @@ import com.cloud.utils.db.Transaction;
 import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.vm.DomainRouterVO;
 import com.cloud.vm.NicProfile;
+import com.cloud.vm.ReservationContext;
 import com.cloud.vm.VirtualMachine;
+import com.cloud.vm.VirtualMachineGuru;
 import com.cloud.vm.VirtualMachine.State;
 import com.cloud.vm.VirtualMachineManager;
 import com.cloud.vm.VirtualMachineName;
@@ -114,7 +117,7 @@ import com.cloud.vm.dao.DomainRouterDao;
 
 @Local(value = { ElasticLoadBalancerManager.class })
 public class ElasticLoadBalancerManagerImpl implements
-        ElasticLoadBalancerManager, Manager {
+        ElasticLoadBalancerManager, Manager,  VirtualMachineGuru<DomainRouterVO> {
     private static final Logger s_logger = Logger
             .getLogger(ElasticLoadBalancerManagerImpl.class);
     
@@ -369,6 +372,8 @@ public class ElasticLoadBalancerManagerImpl implements
                 throw new ConfigurationException("Traffic type for front end of load balancer has to be guest or public; found : " + traffType);
             _gcThreadPool = Executors.newScheduledThreadPool(1, new NamedThreadFactory("ELBVM-GC"));
             _gcThreadPool.scheduleAtFixedRate(new CleanupThread(), 30, 30, TimeUnit.SECONDS);
+            _itMgr.registerGuru(VirtualMachine.Type.DomainRouter, this);
+
         }
         
 
@@ -683,4 +688,73 @@ public class ElasticLoadBalancerManagerImpl implements
 
         }
     }
+
+    @Override
+    public DomainRouterVO findByName(String name) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+
+    @Override
+    public DomainRouterVO findById(long id) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+
+    @Override
+    public DomainRouterVO persist(DomainRouterVO vm) {
+        // TODO Auto-generated method stub
+        return null;
+    }
+
+
+    @Override
+    public boolean finalizeVirtualMachineProfile(VirtualMachineProfile<DomainRouterVO> profile, DeployDestination dest, ReservationContext context) {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+
+    @Override
+    public boolean finalizeDeployment(Commands cmds, VirtualMachineProfile<DomainRouterVO> profile, DeployDestination dest, ReservationContext context) throws ResourceUnavailableException {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+
+    @Override
+    public boolean finalizeStart(VirtualMachineProfile<DomainRouterVO> profile, long hostId, Commands cmds, ReservationContext context) {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+
+    @Override
+    public boolean finalizeCommandsOnStart(Commands cmds, VirtualMachineProfile<DomainRouterVO> profile) {
+        // TODO Auto-generated method stub
+        return false;
+    }
+
+
+    @Override
+    public void finalizeStop(VirtualMachineProfile<DomainRouterVO> profile, StopAnswer answer) {
+        // TODO Auto-generated method stub
+        
+    }
+
+
+    @Override
+    public void finalizeExpunge(DomainRouterVO vm) {
+        // TODO Auto-generated method stub
+        
+    }
+
+
+    @Override
+    public Long convertToId(String vmName) {
+        // TODO Auto-generated method stub
+        return null;
+    }
 }

From e5c4bf4e28734633683fd1a3bce4f01284fec037 Mon Sep 17 00:00:00 2001
From: Chiradeep Vittal <chiradeep@cloud.com>
Date: Wed, 3 Aug 2011 18:55:01 -0700
Subject: [PATCH 3/8] bug 10659: manage elb vms independently of
 virtualnetworkappliance.

---
 .../lb/ElasticLoadBalancerManagerImpl.java    | 208 ++++++++++++++++--
 .../network/lb/dao/ElasticLbVmMapDao.java     |   2 +
 .../network/lb/dao/ElasticLbVmMapDaoImpl.java | 100 +++++----
 .../cloud/network/dao/ElbVmMapDaoTest.java    |  12 +
 4 files changed, 260 insertions(+), 62 deletions(-)

diff --git a/server/src/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java b/server/src/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java
index a18873d5d54..5f395a36bd3 100644
--- a/server/src/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java
+++ b/server/src/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java
@@ -34,6 +34,8 @@ import com.cloud.agent.AgentManager;
 import com.cloud.agent.AgentManager.OnError;
 import com.cloud.agent.api.Answer;
 import com.cloud.agent.api.StopAnswer;
+import com.cloud.agent.api.check.CheckSshAnswer;
+import com.cloud.agent.api.check.CheckSshCommand;
 import com.cloud.agent.api.routing.LoadBalancerConfigCommand;
 import com.cloud.agent.api.routing.NetworkElementCommand;
 import com.cloud.agent.api.to.LoadBalancerTO;
@@ -42,6 +44,8 @@ import com.cloud.api.commands.CreateLoadBalancerRuleCmd;
 import com.cloud.configuration.Config;
 import com.cloud.configuration.dao.ConfigurationDao;
 import com.cloud.dc.DataCenter;
+import com.cloud.dc.DataCenter.NetworkType;
+import com.cloud.dc.DataCenterVO;
 import com.cloud.dc.Pod;
 import com.cloud.dc.PodVlanMapVO;
 import com.cloud.dc.Vlan.VlanType;
@@ -61,6 +65,7 @@ import com.cloud.exception.NetworkRuleConflictException;
 import com.cloud.exception.OperationTimedoutException;
 import com.cloud.exception.ResourceUnavailableException;
 import com.cloud.exception.StorageUnavailableException;
+import com.cloud.hypervisor.Hypervisor.HypervisorType;
 import com.cloud.network.ElasticLbVmMapVO;
 import com.cloud.network.IPAddressVO;
 import com.cloud.network.LoadBalancerVO;
@@ -106,9 +111,11 @@ import com.cloud.utils.exception.CloudRuntimeException;
 import com.cloud.vm.DomainRouterVO;
 import com.cloud.vm.NicProfile;
 import com.cloud.vm.ReservationContext;
+import com.cloud.vm.VMInstanceVO;
 import com.cloud.vm.VirtualMachine;
 import com.cloud.vm.VirtualMachineGuru;
 import com.cloud.vm.VirtualMachine.State;
+import com.cloud.vm.VirtualMachineGuru;
 import com.cloud.vm.VirtualMachineManager;
 import com.cloud.vm.VirtualMachineName;
 import com.cloud.vm.VirtualMachineProfile;
@@ -171,6 +178,8 @@ public class ElasticLoadBalancerManagerImpl implements
 
     String _name;
     String _instance;
+    static final private String _elbVmNamePrefix = "l";
+    static final private String _systemVmType = "elbvm";
     
     boolean _enabled;
     TrafficType _frontendTrafficType = TrafficType.Guest;
@@ -178,6 +187,8 @@ public class ElasticLoadBalancerManagerImpl implements
     Account _systemAcct;
     ServiceOfferingVO _elasticLbVmOffering;
     ScheduledExecutorService _gcThreadPool;
+    String _mgmtCidr;
+    String _mgmtHost;
     
     int _elasticLbVmRamSize;
     int _elasticLbvmCpuMHz;
@@ -352,6 +363,9 @@ public class ElasticLoadBalancerManagerImpl implements
         if (_instance == null) {
             _instance = "VM";
         }
+        _mgmtCidr = _configDao.getValue(Config.ManagementNetwork.key());
+        _mgmtHost = _configDao.getValue(Config.ManagementHostIPAdr.key());
+        
         boolean useLocalStorage = Boolean.parseBoolean(configs.get(Config.SystemVMUseLocalStorage.key()));
 
         _elasticLbVmRamSize = NumbersUtil.parseInt(configs.get("elastic.lb.vm.ram.size"), DEFAULT_ELB_VM_RAMSIZE);
@@ -360,6 +374,8 @@ public class ElasticLoadBalancerManagerImpl implements
         _elasticLbVmOffering.setUniqueName("Cloud.Com-ElasticLBVm");
         _elasticLbVmOffering = _serviceOfferingDao.persistSystemServiceOffering(_elasticLbVmOffering);
         
+        
+        
         String enabled = _configDao.getValue(Config.ElasticLoadBalancerEnabled.key());
         _enabled = (enabled == null) ? false: Boolean.parseBoolean(enabled);
         if (_enabled) {
@@ -371,9 +387,8 @@ public class ElasticLoadBalancerManagerImpl implements
             } else
                 throw new ConfigurationException("Traffic type for front end of load balancer has to be guest or public; found : " + traffType);
             _gcThreadPool = Executors.newScheduledThreadPool(1, new NamedThreadFactory("ELBVM-GC"));
-            _gcThreadPool.scheduleAtFixedRate(new CleanupThread(), 30, 30, TimeUnit.SECONDS);
-            _itMgr.registerGuru(VirtualMachine.Type.DomainRouter, this);
-
+            _gcThreadPool.scheduleAtFixedRate(new CleanupThread(), gcIntervalMinutes, gcIntervalMinutes, TimeUnit.MINUTES);
+            _itMgr.registerGuru(VirtualMachine.Type.ElasticLoadBalancerVm, this);
         }
         
 
@@ -450,10 +465,11 @@ public class ElasticLoadBalancerManagerImpl implements
                 VMTemplateVO template = _templateDao.findSystemVMTemplate(dcId);
 
                
-                elbVm = new DomainRouterVO(id, _elasticLbVmOffering.getId(), VirtualMachineName.getRouterName(id, _instance), template.getId(), template.getHypervisorType(), template.getGuestOSId(),
+                elbVm = new DomainRouterVO(id, _elasticLbVmOffering.getId(), VirtualMachineName.getSystemVmName(id, _instance, _elbVmNamePrefix), template.getId(), template.getHypervisorType(), template.getGuestOSId(),
                         owner.getDomainId(), owner.getId(), guestNetwork.getId(), _elasticLbVmOffering.getOfferHA());
                 elbVm.setRole(Role.LB);
                 elbVm = _itMgr.allocate(elbVm, template, _elasticLbVmOffering, networks, plan, null, owner);
+                //TODO: create usage stats
             }
 
             State state = elbVm.getState();
@@ -695,66 +711,210 @@ public class ElasticLoadBalancerManagerImpl implements
         return null;
     }
 
-
     @Override
-    public DomainRouterVO findById(long id) {
-        // TODO Auto-generated method stub
-        return null;
+    public DomainRouterVO findByName(String name) {
+        if (!VirtualMachineName.isValidSystemVmName(name, _instance, _elbVmNamePrefix)) {
+            return null;
+        }
+
+        return _routerDao.findById(VirtualMachineName.getSystemVmId(name));
     }
 
 
     @Override
-    public DomainRouterVO persist(DomainRouterVO vm) {
-        // TODO Auto-generated method stub
-        return null;
+    public DomainRouterVO findById(long id) {
+        return _routerDao.findById(id);
+    }
+
+
+    @Override
+    public DomainRouterVO persist(DomainRouterVO elbVm) {
+        return _routerDao.persist(elbVm);
     }
 
 
     @Override
     public boolean finalizeVirtualMachineProfile(VirtualMachineProfile<DomainRouterVO> profile, DeployDestination dest, ReservationContext context) {
-        // TODO Auto-generated method stub
-        return false;
+        DomainRouterVO elbVm = profile.getVirtualMachine();
+        NetworkVO network = _networkDao.findById(elbVm.getNetworkId());
+
+        DataCenter dc = dest.getDataCenter();
+
+        StringBuilder buf = profile.getBootArgsBuilder();
+        buf.append(" template=domP type=" + _systemVmType);
+        buf.append(" name=").append(profile.getHostName());
+        NicProfile controlNic = null;
+        String defaultDns1 = null;
+        String defaultDns2 = null;
+
+        for (NicProfile nic : profile.getNics()) {
+            int deviceId = nic.getDeviceId();
+            buf.append(" eth").append(deviceId).append("ip=").append(nic.getIp4Address());
+            buf.append(" eth").append(deviceId).append("mask=").append(nic.getNetmask());
+            if (nic.isDefaultNic()) {
+                buf.append(" gateway=").append(nic.getGateway());
+                defaultDns1 = nic.getDns1();
+                defaultDns2 = nic.getDns2();
+            }
+            if (nic.getTrafficType() == TrafficType.Management) {
+                buf.append(" localgw=").append(dest.getPod().getGateway());
+            } else if (nic.getTrafficType() == TrafficType.Control) {
+                //  control command is sent over management network in VMware
+                if (dest.getHost().getHypervisorType() == HypervisorType.VMware) {
+                    if (s_logger.isInfoEnabled()) {
+                        s_logger.info("Check if we need to add management server explicit route to elb vm. pod cidr: " + dest.getPod().getCidrAddress() + "/" + dest.getPod().getCidrSize()
+                                + ", pod gateway: " + dest.getPod().getGateway() + ", management host: " + _mgmtHost);
+                    }
+
+                    if (s_logger.isDebugEnabled()) {
+                        s_logger.debug("Added management server explicit route to elb vm.");
+                    }
+                    // always add management explicit route, for basic networking setup
+                    buf.append(" mgmtcidr=").append(_mgmtCidr);
+                    buf.append(" localgw=").append(dest.getPod().getGateway());
+
+                    if (dc.getNetworkType() == NetworkType.Basic) {
+                        // ask elb vm to setup SSH on guest network
+                        buf.append(" sshonguest=true");
+                    }
+                }
+
+                controlNic = nic;
+            }
+        }
+        String domain = network.getNetworkDomain();
+        if (domain != null) {
+            buf.append(" domain=" + domain);
+        }  
+
+        buf.append(" dns1=").append(defaultDns1);
+        if (defaultDns2 != null) {
+            buf.append(" dns2=").append(defaultDns2);
+        }
+        
+        if (s_logger.isDebugEnabled()) {
+            s_logger.debug("Boot Args for " + profile + ": " + buf.toString());
+        }
+
+        if (controlNic == null) {
+            throw new CloudRuntimeException("Didn't start a control port");
+        }
+
+        return true;
     }
 
 
     @Override
     public boolean finalizeDeployment(Commands cmds, VirtualMachineProfile<DomainRouterVO> profile, DeployDestination dest, ReservationContext context) throws ResourceUnavailableException {
-        // TODO Auto-generated method stub
-        return false;
+        DomainRouterVO elbVm = profile.getVirtualMachine();
+
+        List<NicProfile> nics = profile.getNics();
+        for (NicProfile nic : nics) {
+            if (nic.getTrafficType() == TrafficType.Public) {
+                elbVm.setPublicIpAddress(nic.getIp4Address());
+                elbVm.setPublicNetmask(nic.getNetmask());
+                elbVm.setPublicMacAddress(nic.getMacAddress());
+            } else if (nic.getTrafficType() == TrafficType.Guest) {
+                elbVm.setGuestIpAddress(nic.getIp4Address());
+            } else if (nic.getTrafficType() == TrafficType.Control) {
+                elbVm.setPrivateIpAddress(nic.getIp4Address());
+                elbVm.setPrivateMacAddress(nic.getMacAddress());
+            }
+        }
+        _routerDao.update(elbVm.getId(), elbVm);
+
+        finalizeCommandsOnStart(cmds, profile);
+        return true;
     }
 
 
     @Override
     public boolean finalizeStart(VirtualMachineProfile<DomainRouterVO> profile, long hostId, Commands cmds, ReservationContext context) {
-        // TODO Auto-generated method stub
-        return false;
+        CheckSshAnswer answer = (CheckSshAnswer) cmds.getAnswer("checkSsh");
+        if (answer == null || !answer.getResult()) {
+            s_logger.warn("Unable to ssh to the ELB VM: " + answer.getDetails());
+            return false;
+        }
+
+        return true;
     }
 
 
     @Override
     public boolean finalizeCommandsOnStart(Commands cmds, VirtualMachineProfile<DomainRouterVO> profile) {
-        // TODO Auto-generated method stub
-        return false;
+        DomainRouterVO elbVm = profile.getVirtualMachine();
+        DataCenterVO dcVo = _dcDao.findById(elbVm.getDataCenterIdToDeployIn());
+
+        NicProfile controlNic = null;
+        
+        if(profile.getHypervisorType() == HypervisorType.VMware && dcVo.getNetworkType() == NetworkType.Basic) {
+            // TODO this is a ugly to test hypervisor type here
+            // for basic network mode, we will use the guest NIC for control NIC
+            for (NicProfile nic : profile.getNics()) {
+                if (nic.getTrafficType() == TrafficType.Guest && nic.getIp4Address() != null) {
+                    controlNic = nic;
+                }
+            }
+        } else {
+            for (NicProfile nic : profile.getNics()) {
+                if (nic.getTrafficType() == TrafficType.Control && nic.getIp4Address() != null) {
+                    controlNic = nic;
+                }
+            }
+        }
+
+        if (controlNic == null) {
+            s_logger.error("Control network doesn't exist for the ELB vm " + elbVm);
+            return false;
+        }
+
+        cmds.addCommand("checkSsh", new CheckSshCommand(profile.getInstanceName(), controlNic.getIp4Address(), 3922, 5, 20));
+
+        // Re-apply load balancing rules
+        List<LoadBalancerVO> lbs = _elbVmMapDao.listLbsForElbVm(elbVm.getId());
+        List<LoadBalancingRule> lbRules = new ArrayList<LoadBalancingRule>();
+        for (LoadBalancerVO lb : lbs) {
+            List<LbDestination> dstList = _lbMgr.getExistingDestinations(lb.getId());
+            LoadBalancingRule loadBalancing = new LoadBalancingRule(lb, dstList);
+            lbRules.add(loadBalancing);
+        }
+
+        s_logger.debug("Found " + lbRules.size() + " load balancing rule(s) to apply as a part of ELB vm " + elbVm + " start.");
+        if (!lbRules.isEmpty()) {
+            createApplyLoadBalancingRulesCommands(lbRules, elbVm, cmds);
+        }
+
+        return true;
     }
 
 
     @Override
     public void finalizeStop(VirtualMachineProfile<DomainRouterVO> profile, StopAnswer answer) {
-        // TODO Auto-generated method stub
-        
+        if (answer != null) {
+            VMInstanceVO vm = profile.getVirtualMachine();
+            DomainRouterVO elbVm = _routerDao.findById(vm.getId());
+            processStopOrRebootAnswer(elbVm, answer);
+        }
+    }
+    
+    public void processStopOrRebootAnswer(final DomainRouterVO elbVm, Answer answer) {
+        //TODO: process network usage stats
     }
 
 
     @Override
     public void finalizeExpunge(DomainRouterVO vm) {
-        // TODO Auto-generated method stub
+        // no-op
         
     }
 
 
     @Override
     public Long convertToId(String vmName) {
-        // TODO Auto-generated method stub
-        return null;
+        if (!VirtualMachineName.isValidSystemVmName(vmName, _instance, _elbVmNamePrefix)) {
+            return null;
+        }
+
+        return VirtualMachineName.getSystemVmId(vmName);
     }
 }
diff --git a/server/src/com/cloud/network/lb/dao/ElasticLbVmMapDao.java b/server/src/com/cloud/network/lb/dao/ElasticLbVmMapDao.java
index 9a8921cb0f7..ff529012923 100644
--- a/server/src/com/cloud/network/lb/dao/ElasticLbVmMapDao.java
+++ b/server/src/com/cloud/network/lb/dao/ElasticLbVmMapDao.java
@@ -21,6 +21,7 @@ package com.cloud.network.lb.dao;
 import java.util.List;
 
 import com.cloud.network.ElasticLbVmMapVO;
+import com.cloud.network.LoadBalancerVO;
 import com.cloud.utils.db.GenericDao;
 import com.cloud.vm.DomainRouterVO;
 
@@ -33,5 +34,6 @@ public interface ElasticLbVmMapDao extends GenericDao<ElasticLbVmMapVO, Long> {
     List<ElasticLbVmMapVO> listByLbId(long lbId);
     int deleteLB(long lbId);
     List<DomainRouterVO> listUnusedElbVms();
+    List<LoadBalancerVO> listLbsForElbVm(long elbVmId);
 	
 }
diff --git a/server/src/com/cloud/network/lb/dao/ElasticLbVmMapDaoImpl.java b/server/src/com/cloud/network/lb/dao/ElasticLbVmMapDaoImpl.java
index bd06aa7e017..590567a27da 100644
--- a/server/src/com/cloud/network/lb/dao/ElasticLbVmMapDaoImpl.java
+++ b/server/src/com/cloud/network/lb/dao/ElasticLbVmMapDaoImpl.java
@@ -16,13 +16,17 @@
  * 
  */
 
-package com.cloud.network.lb.dao;
-
+package com.cloud.network.lb.dao;
+
 import java.util.List;
 
 import javax.ejb.Local;
 
 import com.cloud.network.ElasticLbVmMapVO;
+import com.cloud.network.LoadBalancerVO;
+import com.cloud.network.dao.LoadBalancerDao;
+import com.cloud.network.dao.LoadBalancerDaoImpl;
+import com.cloud.network.router.VirtualRouter.Role;
 import com.cloud.utils.component.ComponentLocator;
 import com.cloud.utils.db.GenericDaoBase;
 import com.cloud.utils.db.JoinBuilder.JoinType;
@@ -31,21 +35,27 @@ import com.cloud.utils.db.SearchCriteria;
 import com.cloud.vm.DomainRouterVO;
 import com.cloud.vm.dao.DomainRouterDao;
 import com.cloud.vm.dao.DomainRouterDaoImpl;
-
-@Local(value={ElasticLbVmMapDao.class})
+
+@Local(value={ElasticLbVmMapDao.class})
 public class ElasticLbVmMapDaoImpl extends GenericDaoBase<ElasticLbVmMapVO, Long> implements ElasticLbVmMapDao {
     protected final DomainRouterDao _routerDao = ComponentLocator.inject(DomainRouterDaoImpl.class);
+    protected final LoadBalancerDao _loadbalancerDao = ComponentLocator.inject(LoadBalancerDaoImpl.class);
+
     
     protected final SearchBuilder<ElasticLbVmMapVO> AllFieldsSearch;
     protected final SearchBuilder<ElasticLbVmMapVO> UnusedVmSearch;
+    protected final SearchBuilder<ElasticLbVmMapVO> LoadBalancersForElbVmSearch;
 
-    protected final SearchBuilder<DomainRouterVO> ElbVmSearch;
-   
-    protected ElasticLbVmMapDaoImpl() {
+
+    protected final SearchBuilder<DomainRouterVO> ElbVmSearch;
+    
+    protected final SearchBuilder<LoadBalancerVO> LoadBalancerSearch;
+   
+    protected ElasticLbVmMapDaoImpl() {
         AllFieldsSearch  = createSearchBuilder();
-        AllFieldsSearch.and("ipId", AllFieldsSearch.entity().getIpAddressId(), SearchCriteria.Op.EQ);
-        AllFieldsSearch.and("lbId", AllFieldsSearch.entity().getLbId(), SearchCriteria.Op.EQ);
-        AllFieldsSearch.and("elbVmId", AllFieldsSearch.entity().getElbVmId(), SearchCriteria.Op.EQ);
+        AllFieldsSearch.and("ipId", AllFieldsSearch.entity().getIpAddressId(), SearchCriteria.Op.EQ);
+        AllFieldsSearch.and("lbId", AllFieldsSearch.entity().getLbId(), SearchCriteria.Op.EQ);
+        AllFieldsSearch.and("elbVmId", AllFieldsSearch.entity().getElbVmId(), SearchCriteria.Op.EQ);
         AllFieldsSearch.done();
    
         ElbVmSearch = _routerDao.createSearchBuilder();
@@ -55,36 +65,43 @@ public class ElasticLbVmMapDaoImpl extends GenericDaoBase<ElasticLbVmMapVO, Long
         ElbVmSearch.join("UnusedVmSearch", UnusedVmSearch, ElbVmSearch.entity().getId(), UnusedVmSearch.entity().getElbVmId(), JoinType.LEFTOUTER);
         ElbVmSearch.done();
         UnusedVmSearch.done();    
+        
+        LoadBalancerSearch = _loadbalancerDao.createSearchBuilder();
+        LoadBalancersForElbVmSearch = createSearchBuilder();
+        LoadBalancersForElbVmSearch.and("elbVmId", LoadBalancersForElbVmSearch.entity().getElbVmId(), SearchCriteria.Op.EQ);
+        LoadBalancerSearch.join("LoadBalancersForElbVm", LoadBalancersForElbVmSearch, LoadBalancerSearch.entity().getSourceIpAddressId(), LoadBalancersForElbVmSearch.entity().getIpAddressId(), JoinType.INNER);
+        LoadBalancersForElbVmSearch.done();
+        LoadBalancerSearch.done();
+
+    }
+
+    @Override
+    public ElasticLbVmMapVO findOneByLbIdAndElbVmId(long lbId, long elbVmId) {
+        SearchCriteria<ElasticLbVmMapVO> sc = AllFieldsSearch.create();
+        sc.setParameters("lbId", lbId);
+        sc.setParameters("elbVmId", elbVmId);
+        return findOneBy(sc);
+    }
+
+    @Override
+    public List<ElasticLbVmMapVO> listByLbId(long lbId) {
+        SearchCriteria<ElasticLbVmMapVO> sc = AllFieldsSearch.create();
+        sc.setParameters("lbId", lbId);
+        return listBy(sc);
+    }
+
+    @Override
+    public List<ElasticLbVmMapVO> listByElbVmId(long elbVmId) {
+        SearchCriteria<ElasticLbVmMapVO> sc = AllFieldsSearch.create();
+        sc.setParameters("elbVmId", elbVmId);
+        return listBy(sc);
+    }
 
-    }
-
     @Override
-    public ElasticLbVmMapVO findOneByLbIdAndElbVmId(long lbId, long elbVmId) {
-        SearchCriteria<ElasticLbVmMapVO> sc = AllFieldsSearch.create();
-        sc.setParameters("lbId", lbId);
-        sc.setParameters("elbVmId", elbVmId);
-        return findOneBy(sc);
-    }
-
-    @Override
-    public List<ElasticLbVmMapVO> listByLbId(long lbId) {
-        SearchCriteria<ElasticLbVmMapVO> sc = AllFieldsSearch.create();
-        sc.setParameters("lbId", lbId);
-        return listBy(sc);
-    }
-
-    @Override
-    public List<ElasticLbVmMapVO> listByElbVmId(long elbVmId) {
-        SearchCriteria<ElasticLbVmMapVO> sc = AllFieldsSearch.create();
-        sc.setParameters("elbVmId", elbVmId);
-        return listBy(sc);
-    }
-
-    @Override
     public int deleteLB(long lbId) {
     	SearchCriteria<ElasticLbVmMapVO> sc = AllFieldsSearch.create();
-        sc.setParameters("lbId", lbId);
-        return super.expunge(sc);
+        sc.setParameters("lbId", lbId);
+        return super.expunge(sc);
     }
 
     @Override
@@ -106,5 +123,12 @@ public class ElasticLbVmMapDaoImpl extends GenericDaoBase<ElasticLbVmMapVO, Long
         SearchCriteria<DomainRouterVO> sc = ElbVmSearch.create();
         return _routerDao.search(sc, null);
     }
-	
-}
+    
+    @Override
+    public List<LoadBalancerVO> listLbsForElbVm(long elbVmId) {
+        SearchCriteria<LoadBalancerVO> sc = LoadBalancerSearch.create();
+        sc.setJoinParameters("LoadBalancersForElbVm", "elbVmId", elbVmId);
+        return _loadbalancerDao.search(sc, null);
+    }
+	
+}
diff --git a/server/test/com/cloud/network/dao/ElbVmMapDaoTest.java b/server/test/com/cloud/network/dao/ElbVmMapDaoTest.java
index ff1b3ec5f60..eb92875fa4c 100644
--- a/server/test/com/cloud/network/dao/ElbVmMapDaoTest.java
+++ b/server/test/com/cloud/network/dao/ElbVmMapDaoTest.java
@@ -5,6 +5,7 @@ import java.util.List;
 import junit.framework.TestCase;
 
 import com.cloud.network.ElasticLbVmMapVO;
+import com.cloud.network.LoadBalancerVO;
 import com.cloud.network.lb.dao.ElasticLbVmMapDaoImpl;
 import com.cloud.utils.component.ComponentLocator;
 import com.cloud.vm.DomainRouterVO;
@@ -30,4 +31,15 @@ public class ElbVmMapDaoTest extends TestCase {
             System.out.println("Found");
         }
     }
+    
+    public void testFindLB() {
+        ElasticLbVmMapDaoImpl dao = ComponentLocator.inject(ElasticLbVmMapDaoImpl.class);
+        
+        List<LoadBalancerVO> lbs = dao.listLbsForElbVm(10);
+        if (lbs == null) {
+           System.out.println("Not Found");   
+        } else {
+            System.out.println("Found");
+        }
+    }
 }

From 61fd6a79c8ce56c5a2894d8de39aa83bf1101acb Mon Sep 17 00:00:00 2001
From: Chiradeep Vittal <chiradeep@cloud.com>
Date: Thu, 4 Aug 2011 17:02:27 -0700
Subject: [PATCH 4/8] ensure elb vm is managed by elb manager

---
 core/src/com/cloud/vm/DomainRouterVO.java         | 15 +++++++++++++++
 .../debian/config/etc/init.d/cloud-early-config   |  7 ++++++-
 .../lb/ElasticLoadBalancerManagerImpl.java        |  9 ++-------
 3 files changed, 23 insertions(+), 8 deletions(-)

diff --git a/core/src/com/cloud/vm/DomainRouterVO.java b/core/src/com/cloud/vm/DomainRouterVO.java
index 02ab3a5c18f..6cd95d38271 100755
--- a/core/src/com/cloud/vm/DomainRouterVO.java
+++ b/core/src/com/cloud/vm/DomainRouterVO.java
@@ -68,6 +68,21 @@ public class DomainRouterVO extends VMInstanceVO implements VirtualRouter {
         super(id, serviceOfferingId, name, name, Type.DomainRouter, templateId, hypervisorType, guestOSId, domainId, accountId, haEnabled);
         this.networkId = networkId;
     }
+    
+    public DomainRouterVO(long id,
+            long serviceOfferingId,
+            String name,
+            long templateId,
+            HypervisorType hypervisorType,
+            long guestOSId,
+            long domainId,
+            long accountId,
+            long networkId,
+            boolean haEnabled,
+            VirtualMachine.Type vmType) {
+        super(id, serviceOfferingId, name, name, vmType, templateId, hypervisorType, guestOSId, domainId, accountId, haEnabled);
+        this.networkId = networkId;
+    }
 
     public void setPublicIpAddress(String publicIpAddress) {
         this.publicIpAddress = publicIpAddress;
diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
index 3479c067aee..08804544952 100755
--- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config
+++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
@@ -432,7 +432,12 @@ setup_elbvm() {
   [ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH0_IP
   echo "$public_ip $NAME" >> /etc/hosts
 
-  setup_sshd $ETH0_IP
+  if [ "$SSHONGUEST" == "true" ]
+  then
+    setup_sshd $ETH0_IP
+  else
+    setup_sshd $ETH1_IP
+  fi
   
   enable_fwding 0
   enable_svc haproxy 0
diff --git a/server/src/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java b/server/src/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java
index d09d45dac56..e84fd757941 100644
--- a/server/src/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java
+++ b/server/src/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java
@@ -481,7 +481,7 @@ public class ElasticLoadBalancerManagerImpl implements
 
                
                 elbVm = new DomainRouterVO(id, _elasticLbVmOffering.getId(), VirtualMachineName.getSystemVmName(id, _instance, _elbVmNamePrefix), template.getId(), template.getHypervisorType(), template.getGuestOSId(),
-                        owner.getDomainId(), owner.getId(), guestNetwork.getId(), _elasticLbVmOffering.getOfferHA());
+                        owner.getDomainId(), owner.getId(), guestNetwork.getId(), _elasticLbVmOffering.getOfferHA(), VirtualMachine.Type.ElasticLoadBalancerVm);
                 elbVm.setRole(Role.LB);
                 elbVm = _itMgr.allocate(elbVm, template, _elasticLbVmOffering, networks, plan, null, owner);
                 //TODO: create usage stats
@@ -745,12 +745,7 @@ public class ElasticLoadBalancerManagerImpl implements
        releaseIp(lb.getSourceIpAddressId(), userId, caller);
     }
 
-    @Override
-    public DomainRouterVO findByName(String name) {
-        // TODO Auto-generated method stub
-        return null;
-    }
-
+ 
     @Override
     public DomainRouterVO findByName(String name) {
         if (!VirtualMachineName.isValidSystemVmName(name, _instance, _elbVmNamePrefix)) {

From 0c408d8da5968a72543ec8c2e7e92476df9efcaf Mon Sep 17 00:00:00 2001
From: Chiradeep Vittal <chiradeep@cloud.com>
Date: Thu, 4 Aug 2011 22:05:48 -0700
Subject: [PATCH 5/8] handle elb vm restart

---
 .../debian/config/etc/init.d/cloud-early-config |  5 ++++-
 .../debian/config/etc/iptables/iptables-elbvm   | 17 +++++++++++++++++
 .../systemvm/debian/config/root/loadbalancer.sh | 10 ++++++----
 scripts/vm/hypervisor/xenserver/vmops           | 16 ++++++++--------
 .../network/lb/dao/ElasticLbVmMapDaoImpl.java   |  2 +-
 .../com/cloud/network/dao/ElbVmMapDaoTest.java  |  4 ++--
 6 files changed, 38 insertions(+), 16 deletions(-)
 create mode 100755 patches/systemvm/debian/config/etc/iptables/iptables-elbvm

diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
index 08804544952..a7d2d141f9b 100755
--- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config
+++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
@@ -429,13 +429,15 @@ setup_elbvm() {
   setup_common eth0 eth1 eth2
   sed -i  /gateway/d /etc/hosts
   public_ip=$ETH2_IP
-  [ "$ETH2_IP" == "0.0.0.0" ] && public_ip=$ETH0_IP
+  [ "$ETH2_IP" == "0.0.0.0" ] || [ "$ETH2_IP" == "" ] && public_ip=$ETH0_IP
   echo "$public_ip $NAME" >> /etc/hosts
 
   if [ "$SSHONGUEST" == "true" ]
   then
+    sed '/3922/s/eth1/eth0/'
     setup_sshd $ETH0_IP
   else
+    cp /etc/iptables/iptables-elbvm /etc/iptables/rules
     setup_sshd $ETH1_IP
   fi
   
@@ -444,6 +446,7 @@ setup_elbvm() {
   enable_svc dnsmasq 0
   enable_svc cloud-passwd-srvr 0
   enable_svc cloud 0
+  chkconfig nfs-common off
 }
 
 setup_default() {
diff --git a/patches/systemvm/debian/config/etc/iptables/iptables-elbvm b/patches/systemvm/debian/config/etc/iptables/iptables-elbvm
new file mode 100755
index 00000000000..30dbcc1013a
--- /dev/null
+++ b/patches/systemvm/debian/config/etc/iptables/iptables-elbvm
@@ -0,0 +1,17 @@
+*nat
+:PREROUTING ACCEPT [0:0]
+:POSTROUTING ACCEPT [0:0]
+:OUTPUT ACCEPT [0:0]
+COMMIT
+*filter
+:INPUT DROP [0:0]
+:FORWARD DROP [0:0]
+:OUTPUT ACCEPT [0:0]
+-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
+-A INPUT -p icmp -j ACCEPT
+-A INPUT -i lo -j ACCEPT
+-A INPUT -i eth1 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
+COMMIT
+
diff --git a/patches/systemvm/debian/config/root/loadbalancer.sh b/patches/systemvm/debian/config/root/loadbalancer.sh
index d620b58415c..4a7d2c7cd48 100755
--- a/patches/systemvm/debian/config/root/loadbalancer.sh
+++ b/patches/systemvm/debian/config/root/loadbalancer.sh
@@ -52,8 +52,8 @@ ip_entry() {
   
   for i in $a
   do
-    logger -t cloud "Adding  public ips for load balancing"  
     local pubIp=$(echo $i | cut -d: -f1)
+    logger -t cloud "Adding  public ip $pubIp for load balancing"  
     for vif in $VIF_LIST; do 
       sudo ip addr add dev $vif $pubIp/32
       #ignore error since it is because the ip is already there
@@ -64,6 +64,7 @@ ip_entry() {
   do
     logger -t cloud "Removing  public ips for deleted loadbalancers"  
     local pubIp=$(echo $i | cut -d: -f1)
+    logger -t cloud "Removing  public ip $pubIp for deleted loadbalancers"  
     for vif in $VIF_LIST; do 
       sudo ip addr del $pubIp/32 dev $vif 
     done
@@ -92,9 +93,9 @@ fw_entry() {
  
   for i in $a
   do
-    logger -t cloud "Opening up firewall (INPUT chain) for load balancing" 
     local pubIp=$(echo $i | cut -d: -f1)
     local dport=$(echo $i | cut -d: -f2)
+    logger -t cloud "Opening up firewall $pubIp:$dport (INPUT chain) for load balancing" 
     
     for vif in $VIF_LIST; do 
       sudo iptables -D INPUT -i $vif -p tcp -d $pubIp --dport $dport -j ACCEPT 2> /dev/null
@@ -109,9 +110,9 @@ fw_entry() {
 
   for i in $r
   do
-    logger -t cloud "Closing up firewall (INPUT chain) for deleted load balancers" 
     local pubIp=$(echo $i | cut -d: -f1)
     local dport=$(echo $i | cut -d: -f2)
+    logger -t cloud "Closing up firewall (INPUT chain) $pubIp:$dport for deleted load balancers" 
     
     for vif in $VIF_LIST; do 
       sudo iptables -D INPUT -i $vif -p tcp -d $pubIp --dport $dport -j ACCEPT
@@ -154,6 +155,7 @@ get_vif_list() {
       vif_list="eth0"
   fi
   
+  logger -t cloud "Loadbalancer public interfaces = $vif_list"
   echo $vif_list
 }
 
@@ -219,7 +221,7 @@ reconfig_lb $cfgfile
 
 if [ $? -gt 0 ]
 then
-  printf "Reconfiguring loadbalancer failed\n"
+  logger -t cloud "Reconfiguring loadbalancer failed"
   #FIXME: make this explicit via check on vm type or passed in flag
   if [ "$VIF_LIST" == "eth0"  ]
   then
diff --git a/scripts/vm/hypervisor/xenserver/vmops b/scripts/vm/hypervisor/xenserver/vmops
index bf2193509bc..e6ce3a67b7b 100755
--- a/scripts/vm/hypervisor/xenserver/vmops
+++ b/scripts/vm/hypervisor/xenserver/vmops
@@ -345,14 +345,14 @@ def get_private_nic(session, args):
     return mgmtnic
 
 def chain_name(vm_name):
-    if vm_name.startswith('i-') or vm_name.startswith('r-'):
+    if vm_name.startswith('i-') or vm_name.startswith('r-') or vm_name.startswith('l-'):
         if vm_name.endswith('untagged'):
             return '-'.join(vm_name.split('-')[:-1])
         return '-'.join(vm_name.split('-'))
     return vm_name
 
 def chain_name_def(vm_name):
-    if vm_name.startswith('i-') or vm_name.startswith('r-'):
+    if vm_name.startswith('i-') or vm_name.startswith('r-') or vm_name.startswith('l-'):
         if vm_name.endswith('untagged'):
             return '-'.join(vm_name.split('-')[:-2]) + "-def"
         return '-'.join(vm_name.split('-')[:-1]) + "-def"
@@ -442,7 +442,7 @@ def destroy_network_rules_for_vm(session, args):
     vmchain_default = chain_name_def(vm_name)
     
     delete_rules_for_vm_in_bridge_firewall_chain(vm_name)
-    if vm_name.startswith('i-') or vm_name.startswith('r-'):
+    if vm_name.startswith('i-') or vm_name.startswith('r-') or vm_name.startswith('l-'):
         try:
             util.pread2(['iptables', '-F', vmchain_default])
             util.pread2(['iptables', '-X', vmchain_default])
@@ -461,7 +461,7 @@ def destroy_network_rules_for_vm(session, args):
     
     remove_rule_log_for_vm(vm_name)
     
-    if 1 in [ vm_name.startswith(c) for c in ['r-', 's-', 'v-'] ]:
+    if 1 in [ vm_name.startswith(c) for c in ['r-', 's-', 'v-', 'l-'] ]:
         return 'true'
     
     try:
@@ -735,7 +735,7 @@ def network_rules_for_rebooted_vm(session, vmName):
     util.SMlog("Found a rebooted VM -- reprogramming rules for  " + vm_name)
     
     delete_rules_for_vm_in_bridge_firewall_chain(vm_name)
-    if 1 in [ vm_name.startswith(c) for c in ['r-', 's-', 'v-'] ]:
+    if 1 in [ vm_name.startswith(c) for c in ['r-', 's-', 'v-', 'l-'] ]:
         default_network_rules_systemvm(session, {"vmName":vm_name})
         return True
     
@@ -823,7 +823,7 @@ def get_rule_logs_for_vms(session, args):
     result = []
     try:
         for name in [session.xenapi.VM.get_name_label(x) for x in vms]:
-            if 1 not in [ name.startswith(c) for c in ['r-', 's-', 'v-', 'i-'] ]:
+            if 1 not in [ name.startswith(c) for c in ['r-', 's-', 'v-', 'i-', 'l-'] ]:
                 continue
             network_rules_for_rebooted_vm(session, name)
             if name.startswith('i-'):
@@ -840,7 +840,7 @@ def cleanup_rules_for_dead_vms(session):
     vms = session.xenapi.VM.get_all()
     cleaned = 0
     for vm_name in [session.xenapi.VM.get_name_label(x) for x in vms]:
-        if 1 in [ vm_name.startswith(c) for c in ['r-', 'i-', 's-', 'v-'] ]:
+        if 1 in [ vm_name.startswith(c) for c in ['r-', 'i-', 's-', 'v-', 'l-'] ]:
             vm = session.xenapi.VM.get_by_name_label(vm_name)
             if len(vm) != 1:
                 continue
@@ -868,7 +868,7 @@ def cleanup_rules(session, args):
     cleaned = 0
     cleanup = []
     for chain in chains:
-        if 1 in [ chain.startswith(c) for c in ['r-', 'i-', 's-', 'v-'] ]:
+        if 1 in [ chain.startswith(c) for c in ['r-', 'i-', 's-', 'v-', 'l-'] ]:
             vm = session.xenapi.VM.get_by_name_label(chain)
             if len(vm) != 1:
                 util.SMlog("chain " + chain + " does not correspond to a vm, cleaning up")
diff --git a/server/src/com/cloud/network/lb/dao/ElasticLbVmMapDaoImpl.java b/server/src/com/cloud/network/lb/dao/ElasticLbVmMapDaoImpl.java
index e2e44c51e9a..9a753e63080 100644
--- a/server/src/com/cloud/network/lb/dao/ElasticLbVmMapDaoImpl.java
+++ b/server/src/com/cloud/network/lb/dao/ElasticLbVmMapDaoImpl.java
@@ -70,7 +70,7 @@ public class ElasticLbVmMapDaoImpl extends GenericDaoBase<ElasticLbVmMapVO, Long
         LoadBalancerSearch = _loadbalancerDao.createSearchBuilder();
         LoadBalancersForElbVmSearch = createSearchBuilder();
         LoadBalancersForElbVmSearch.and("elbVmId", LoadBalancersForElbVmSearch.entity().getElbVmId(), SearchCriteria.Op.EQ);
-        LoadBalancerSearch.join("LoadBalancersForElbVm", LoadBalancersForElbVmSearch, LoadBalancerSearch.entity().getSourceIpAddressId(), LoadBalancersForElbVmSearch.entity().getIpAddressId(), JoinType.INNER);
+        LoadBalancerSearch.join("LoadBalancersForElbVm", LoadBalancersForElbVmSearch, LoadBalancerSearch.entity().getId(), LoadBalancersForElbVmSearch.entity().getLbId(), JoinType.INNER);
         LoadBalancersForElbVmSearch.done();
         LoadBalancerSearch.done();
 
diff --git a/server/test/com/cloud/network/dao/ElbVmMapDaoTest.java b/server/test/com/cloud/network/dao/ElbVmMapDaoTest.java
index eb92875fa4c..228e115a234 100644
--- a/server/test/com/cloud/network/dao/ElbVmMapDaoTest.java
+++ b/server/test/com/cloud/network/dao/ElbVmMapDaoTest.java
@@ -35,11 +35,11 @@ public class ElbVmMapDaoTest extends TestCase {
     public void testFindLB() {
         ElasticLbVmMapDaoImpl dao = ComponentLocator.inject(ElasticLbVmMapDaoImpl.class);
         
-        List<LoadBalancerVO> lbs = dao.listLbsForElbVm(10);
+        List<LoadBalancerVO> lbs = dao.listLbsForElbVm(5);
         if (lbs == null) {
            System.out.println("Not Found");   
         } else {
-            System.out.println("Found");
+            System.out.println("Found " + lbs.size() + " lbs");
         }
     }
 }

From 736b6cf98e98ed0d97a63ac1042b310f3395decd Mon Sep 17 00:00:00 2001
From: Chiradeep Vittal <chiradeep@cloud.com>
Date: Thu, 4 Aug 2011 22:58:42 -0700
Subject: [PATCH 6/8] properly clean up rules for nonexistent vms

---
 scripts/vm/hypervisor/xenserver/vmops | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/scripts/vm/hypervisor/xenserver/vmops b/scripts/vm/hypervisor/xenserver/vmops
index e6ce3a67b7b..ce0dc03f965 100755
--- a/scripts/vm/hypervisor/xenserver/vmops
+++ b/scripts/vm/hypervisor/xenserver/vmops
@@ -345,14 +345,13 @@ def get_private_nic(session, args):
     return mgmtnic
 
 def chain_name(vm_name):
-    if vm_name.startswith('i-') or vm_name.startswith('r-') or vm_name.startswith('l-'):
+    if vm_name.startswith('i-') or vm_name.startswith('r-'):
         if vm_name.endswith('untagged'):
             return '-'.join(vm_name.split('-')[:-1])
-        return '-'.join(vm_name.split('-'))
     return vm_name
 
 def chain_name_def(vm_name):
-    if vm_name.startswith('i-') or vm_name.startswith('r-') or vm_name.startswith('l-'):
+    if vm_name.startswith('i-'):
         if vm_name.endswith('untagged'):
             return '-'.join(vm_name.split('-')[:-2]) + "-def"
         return '-'.join(vm_name.split('-')[:-1]) + "-def"
@@ -872,7 +871,7 @@ def cleanup_rules(session, args):
             vm = session.xenapi.VM.get_by_name_label(chain)
             if len(vm) != 1:
                 util.SMlog("chain " + chain + " does not correspond to a vm, cleaning up")
-                cleanup.append(vm_name)
+                cleanup.append(chain)
                 continue
             vm_rec = session.xenapi.VM.get_record(vm[0])
             state = vm_rec.get('power_state')

From ac8b833fb0f007c5c438b86a0e221dfd8ee85d0a Mon Sep 17 00:00:00 2001
From: Chiradeep Vittal <chiradeep@cloud.com>
Date: Fri, 5 Aug 2011 12:16:55 -0700
Subject: [PATCH 7/8] Ensure lb vm enables only those services that are
 necessary. ensure default route

---
 .../config/etc/init.d/cloud-early-config      |  3 ++-
 .../config/opt/cloud/bin/patchsystemvm.sh     | 20 +++++++++++++++++++
 .../lb/ElasticLoadBalancerManagerImpl.java    |  1 +
 3 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/patches/systemvm/debian/config/etc/init.d/cloud-early-config b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
index a7d2d141f9b..4664d1c454e 100755
--- a/patches/systemvm/debian/config/etc/init.d/cloud-early-config
+++ b/patches/systemvm/debian/config/etc/init.d/cloud-early-config
@@ -426,7 +426,7 @@ setup_console_proxy() {
 setup_elbvm() {
   log_it "Setting up Elastic Load Balancer system vm"
   local hyp=$1
-  setup_common eth0 eth1 eth2
+  setup_common eth0 eth1
   sed -i  /gateway/d /etc/hosts
   public_ip=$ETH2_IP
   [ "$ETH2_IP" == "0.0.0.0" ] || [ "$ETH2_IP" == "" ] && public_ip=$ETH0_IP
@@ -447,6 +447,7 @@ setup_elbvm() {
   enable_svc cloud-passwd-srvr 0
   enable_svc cloud 0
   chkconfig nfs-common off
+  chkconfig portmap off
 }
 
 setup_default() {
diff --git a/patches/systemvm/debian/config/opt/cloud/bin/patchsystemvm.sh b/patches/systemvm/debian/config/opt/cloud/bin/patchsystemvm.sh
index e9bcc5ebe2f..85361b55307 100755
--- a/patches/systemvm/debian/config/opt/cloud/bin/patchsystemvm.sh
+++ b/patches/systemvm/debian/config/opt/cloud/bin/patchsystemvm.sh
@@ -90,6 +90,16 @@ dhcpsrvr_svcs() {
    echo "cloud nfs-common haproxy portmap" > /var/cache/cloud/disabled_svcs
 }
 
+elbvm_svcs() {
+   chkconfig cloud off
+   chkconfig haproxy on ; 
+   chkconfig ssh on
+   chkconfig nfs-common off
+   chkconfig portmap off
+   echo "ssh haproxy" > /var/cache/cloud/enabled_svcs
+   echo "cloud cloud-passwd-srvr dnsmasq apache2 nfs-common portmap" > /var/cache/cloud/disabled_svcs
+}
+
 enable_pcihotplug() {
    sed -i -e "/acpiphp/d" /etc/modules
    sed -i -e "/pci_hotplug/d" /etc/modules
@@ -188,4 +198,14 @@ then
   fi
 fi
 
+if [ "$TYPE" == "elbvm" ]
+then
+  elbvm_svcs
+  if [ $? -gt 0 ]
+  then
+    printf "Failed to execute elbvm svcs\n" >$logfile
+    exit 9
+  fi
+fi
+
 exit $?
diff --git a/server/src/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java b/server/src/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java
index e84fd757941..a15ba2fb819 100644
--- a/server/src/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java
+++ b/server/src/com/cloud/network/lb/ElasticLoadBalancerManagerImpl.java
@@ -474,6 +474,7 @@ public class ElasticLoadBalancerManagerImpl implements
 
                 List<Pair<NetworkVO, NicProfile>> networks = new ArrayList<Pair<NetworkVO, NicProfile>>(2);
                 NicProfile guestNic = new NicProfile();
+                guestNic.setDefaultNic(true);
                 networks.add(new Pair<NetworkVO, NicProfile>((NetworkVO) guestNetwork, guestNic));
                 networks.add(new Pair<NetworkVO, NicProfile>(controlConfig, null));
                 

From 60e21d5611e5998ebcc06223cd23f40de21a18c0 Mon Sep 17 00:00:00 2001
From: Chiradeep Vittal <chiradeep@cloud.com>
Date: Fri, 5 Aug 2011 12:17:19 -0700
Subject: [PATCH 8/8] initialize search builder

---
 server/src/com/cloud/vm/dao/UserVmDaoImpl.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/src/com/cloud/vm/dao/UserVmDaoImpl.java b/server/src/com/cloud/vm/dao/UserVmDaoImpl.java
index 84a4fdcfd44..5888bed0f6e 100755
--- a/server/src/com/cloud/vm/dao/UserVmDaoImpl.java
+++ b/server/src/com/cloud/vm/dao/UserVmDaoImpl.java
@@ -68,7 +68,7 @@ public class UserVmDaoImpl extends GenericDaoBase<UserVmVO, Long> implements Use
     protected final SearchBuilder<UserVmVO> AccountHostSearch;
 
     protected final SearchBuilder<UserVmVO> DestroySearch;
-    protected SearchBuilder<UserVmVO> AccountDataCenterVirtualSearch;
+    protected SearchBuilder<UserVmVO> AccountDataCenterVirtualSearch = null;
     protected GenericSearchBuilder<UserVmVO, Long> CountByAccountPod;
     protected GenericSearchBuilder<UserVmVO, Long> CountByAccount;
     protected GenericSearchBuilder<UserVmVO, Long> PodsHavingVmsForAccount;