etan39
/
cloudstack
mirror of https://github.com/apache/cloudstack.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Remove scripts directory no longer necessary

This commit is contained in:
Ian Southam 2014-07-29 13:32:42 +02:00 committed by wilderrodrigues
parent 72111c3399
commit 8d9a4be9dd
65 changed files with 0 additions and 6733 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
tools/vagrant/systemvm/scripts/etc/apache2/httpd.conf
View File

@ -1,2 +0,0 @@
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

23
tools/vagrant/systemvm/scripts/etc/apache2/ports.conf
View File

@ -1,23 +0,0 @@
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz
NameVirtualHost 10.1.1.1:80
Listen 10.1.1.1:80
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
Listen 10.1.1.1:443
</IfModule>
<IfModule mod_gnutls.c>
Listen 10.1.1.1:443
</IfModule>

41
tools/vagrant/systemvm/scripts/etc/apache2/sites-available/default
View File

@ -1,41 +0,0 @@
<VirtualHost 10.1.1.1:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>

172
tools/vagrant/systemvm/scripts/etc/apache2/sites-available/default-ssl
View File

@ -1,172 +0,0 @@
<IfModule mod_ssl.c>
<VirtualHost 10.1.1.1:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/apache2/ssl.crl/
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>

238
tools/vagrant/systemvm/scripts/etc/apache2/vhostexample.conf
View File

@ -1,238 +0,0 @@
<VirtualHost 10.1.1.1:80>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName cloudinternal.com
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
</VirtualHost>
<IfModule mod_ssl.c>
<VirtualHost 10.1.1.1:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName cloudinternal.com
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/html>
Options Indexes FollowSymLinks MultiViews
AllowOverride all
Order allow,deny
allow from all
</Directory>
ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
AllowOverride None
Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
Order allow,deny
Allow from all
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
Options Indexes MultiViews FollowSymLinks
AllowOverride None
Order deny,allow
Deny from all
Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>
# SSL Engine Switch:
# Enable/Disable SSL for this virtual host.
SSLEngine on
# A self-signed (snakeoil) certificate can be created by installing
# the ssl-cert package. See
# /usr/share/doc/apache2.2-common/README.Debian.gz for more info.
# If both key and certificate are stored in the same file, only the
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt
# Certificate Authority (CA):
# Set the CA certificate verification path where to find CA
# certificates for client authentication or alternatively one
# huge file containing all of them (file must be PEM encoded)
# Note: Inside SSLCACertificatePath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCACertificatePath /etc/ssl/certs/
#SSLCACertificateFile /etc/apache2/ssl.crt/ca-bundle.crt
# Certificate Revocation Lists (CRL):
# Set the CA revocation path where to find CA CRLs for client
# authentication or alternatively one huge file containing all
# of them (file must be PEM encoded)
# Note: Inside SSLCARevocationPath you need hash symlinks
# to point to the certificate files. Use the provided
# Makefile to update the hash symlinks after changes.
#SSLCARevocationPath /etc/apache2/ssl.crl/
#SSLCARevocationFile /etc/apache2/ssl.crl/ca-bundle.crl
# Client Authentication (Type):
# Client certificate verification type and depth. Types are
# none, optional, require and optional_no_ca. Depth is a
# number which specifies how deeply to verify the certificate
# issuer chain before deciding the certificate is not valid.
#SSLVerifyClient require
#SSLVerifyDepth 10
# Access Control:
# With SSLRequire you can do per-directory access control based
# on arbitrary complex boolean expressions containing server
# variable checks and other lookup directives. The syntax is a
# mixture between C and Perl. See the mod_ssl documentation
# for more details.
#<Location />
#SSLRequire ( %{SSL_CIPHER} !~ m/^(EXP|NULL)/ \
# and %{SSL_CLIENT_S_DN_O} eq "Snake Oil, Ltd." \
# and %{SSL_CLIENT_S_DN_OU} in {"Staff", "CA", "Dev"} \
# and %{TIME_WDAY} >= 1 and %{TIME_WDAY} <= 5 \
# and %{TIME_HOUR} >= 8 and %{TIME_HOUR} <= 20 ) \
# or %{REMOTE_ADDR} =~ m/^192\.76\.162\.[0-9]+$/
#</Location>
# SSL Engine Options:
# Set various options for the SSL engine.
# o FakeBasicAuth:
# Translate the client X.509 into a Basic Authorisation. This means that
# the standard Auth/DBMAuth methods can be used for access control. The
# user name is the `one line' version of the client's X.509 certificate.
# Note that no password is obtained from the user. Every entry in the user
# file needs this password: `xxj31ZMTZzkVA'.
# o ExportCertData:
# This exports two additional environment variables: SSL_CLIENT_CERT and
# SSL_SERVER_CERT. These contain the PEM-encoded certificates of the
# server (always existing) and the client (only existing when client
# authentication is used). This can be used to import the certificates
# into CGI scripts.
# o StdEnvVars:
# This exports the standard SSL/TLS related `SSL_*' environment variables.
# Per default this exportation is switched off for performance reasons,
# because the extraction step is an expensive operation and is usually
# useless for serving static content. So one usually enables the
# exportation for CGI and SSI requests only.
# o StrictRequire:
# This denies access when "SSLRequireSSL" or "SSLRequire" applied even
# under a "Satisfy any" situation, i.e. when it applies access is denied
# and no other module can change it.
# o OptRenegotiate:
# This enables optimized SSL connection renegotiation handling when SSL
# directives are used in per-directory context.
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
# The safe and default but still SSL/TLS standard compliant shutdown
# approach is that mod_ssl sends the close notify alert but doesn't wait for
# the close notify alert from client. When you need a different shutdown
# approach you can use one of the following variables:
# o ssl-unclean-shutdown:
# This forces an unclean shutdown when the connection is closed, i.e. no
# SSL close notify alert is send or allowed to received. This violates
# the SSL/TLS standard but is needed for some brain-dead browsers. Use
# this when you receive I/O errors because of the standard approach where
# mod_ssl sends the close notify alert.
# o ssl-accurate-shutdown:
# This forces an accurate shutdown when the connection is closed, i.e. a
# SSL close notify alert is send and mod_ssl waits for the close notify
# alert of the client. This is 100% SSL/TLS standard compliant, but in
# practice often causes hanging connections with brain-dead browsers. Use
# this only for browsers where you know that their SSL implementation
# works correctly.
# Notice: Most problems of broken clients are also related to the HTTP
# keep-alive facility, so you usually additionally want to disable
# keep-alive for those clients, too. Use variable "nokeepalive" for this.
# Similarly, one has to force some clients to use HTTP/1.0 to workaround
# their broken HTTP/1.1 implementation. Use variables "downgrade-1.0" and
# "force-response-1.0" for this.
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>
# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default
# This is also true if you have upgraded from before 2.2.9-3 (i.e. from
# Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and
# README.Debian.gz
Listen 10.1.1.1:80
<IfModule mod_ssl.c>
# If you add NameVirtualHost *:443 here, you will also have to change
# the VirtualHost statement in /etc/apache2/sites-available/default-ssl
# to <VirtualHost *:443>
# Server Name Indication for SSL named virtual hosts is currently not
# supported by MSIE on Windows XP.
Listen 10.1.1.1:443
</IfModule>
<IfModule mod_gnutls.c>
Listen 10.1.1.1:443
</IfModule>

2
tools/vagrant/systemvm/scripts/etc/cloud-nic.rules
View File

@ -1,2 +0,0 @@
SUBSYSTEM=="net" KERNEL=="eth*" RUN+="/opt/cloud/bin/cloud-nic.sh $env{ACTION} %k"

27
tools/vagrant/systemvm/scripts/etc/cron.daily/cloud-cleanup
View File

@ -1,27 +0,0 @@
#!/bin/sh
# /etc/cron.daily/cloud-cleanup: cleanup old cloudstack logs
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
cd /
output=$(find /var/log/cloud -mtime +7 -size +1M -exec rm -v '{}' \; )
logger -t cloud "cloud-cleanup cronjob: cleaning up logfiles in /var/log/cloud older than 7 days and more than 1M in size"
[ "$output" != "" ] && logger -t cloud $output
[ -z "$output" ] && logger -t cloud "No files removed"
exit 0

19
tools/vagrant/systemvm/scripts/etc/default/cloud
View File

@ -1,19 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#set ENABLED to 1 if you want the init script to start the password server
ENABLED=0

19
tools/vagrant/systemvm/scripts/etc/default/cloud-passwd-srvr
View File

@ -1,19 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#set ENABLED to 1 if you want the init script to start the password server
ENABLED=0

638
tools/vagrant/systemvm/scripts/etc/dnsmasq.conf.tmpl
View File

@ -1,638 +0,0 @@
# Configuration file for dnsmasq.
#
# Format is one option per line, legal options are the same
# as the long options legal on the command line. See
# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
# Listen on this specific port instead of the standard DNS port
# (53). Setting this to zero completely disables DNS function,
# leaving only DHCP and/or TFTP.
#port=5353
# The following two options make you a better netizen, since they
# tell dnsmasq to filter out queries which the public DNS cannot
# answer, and which load the servers (especially the root servers)
# unnecessarily. If you have a dial-on-demand link they also stop
# these requests from bringing up the link unnecessarily.
# Never forward plain names (without a dot or domain part)
domain-needed
# Never forward addresses in the non-routed address spaces.
bogus-priv
# Uncomment this to filter useless windows-originated DNS requests
# which can trigger dial-on-demand links needlessly.
# Note that (amongst other things) this blocks all SRV requests,
# so don't use it if you use eg Kerberos, SIP, XMMP or Google-talk.
# This option only affects forwarding, SRV records originating for
# dnsmasq (via srv-host= lines) are not suppressed by it.
# filterwin2k
# Change this line if you want dns to get its upstream servers from
# somewhere other that /etc/resolv.conf
resolv-file=/etc/dnsmasq-resolv.conf
# By default, dnsmasq will send queries to any of the upstream
# servers it knows about and tries to favour servers to are known
# to be up. Uncommenting this forces dnsmasq to try each query
# with each server strictly in the order they appear in
# /etc/resolv.conf
#strict-order
# If you don't want dnsmasq to read /etc/resolv.conf or any other
# file, getting its servers from this file instead (see below), then
# uncomment this.
#no-resolv
# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
# files for changes and re-read them then uncomment this.
#no-poll
# Add other name servers here, with domain specs if they are for
# non-public domains.
#server=/localnet/192.168.0.1
# Example of routing PTR queries to nameservers: this will send all
# address->name queries for 192.168.3/24 to nameserver 10.1.2.3
#server=/3.168.192.in-addr.arpa/10.1.2.3
# Add local-only domains here, queries in these domains are answered
# from /etc/hosts or DHCP only.
local=/2.vmops-test.vmops.com/
# Add domains which you want to force to an IP address here.
# The example below send any host in double-click.net to a local
# web-server.
#address=/double-click.net/127.0.0.1
# --address (and --server) work with IPv6 addresses too.
#address=/www.thekelleys.org.uk/fe80::20d:60ff:fe36:f83
# You can control how dnsmasq talks to a server: this forces
# queries to 10.1.2.3 to be routed via eth1
# server=10.1.2.3@eth1
# and this sets the source (ie local) address used to talk to
# 10.1.2.3 to 192.168.1.1 port 55 (there must be a interface with that
# IP on the machine, obviously).
# server=10.1.2.3@192.168.1.1#55
# If you want dnsmasq to change uid and gid to something other
# than the default, edit the following lines.
#user=
#group=
# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
interface=eth0
# Or you can specify which interface _not_ to listen on
except-interface=eth1
except-interface=eth2
except-interface=lo
# Or which to listen on by address (remember to include 127.0.0.1 if
# you use this.)
#listen-address=
# If you want dnsmasq to provide only DNS service on an interface,
# configure it as shown above, and then use the following line to
# disable DHCP and TFTP on it.
no-dhcp-interface=eth1
no-dhcp-interface=eth2
# On systems which support it, dnsmasq binds the wildcard address,
# even when it is listening on only some interfaces. It then discards
# requests that it shouldn't reply to. This has the advantage of
# working even when interfaces come and go and change address. If you
# want dnsmasq to really bind only the interfaces it is listening on,
# uncomment this option. About the only time you may need this is when
# running another nameserver on the same machine.
bind-interfaces
# If you don't want dnsmasq to read /etc/hosts, uncomment the
# following line.
#no-hosts
# or if you want it to read another file, as well as /etc/hosts, use
# this.
#addn-hosts=/etc/banner_add_hosts
# Set this (and domain: see below) if you want to have a domain
# automatically added to simple names in a hosts-file.
expand-hosts
# Set the domain for dnsmasq. this is optional, but if it is set, it
# does the following things.
# 1) Allows DHCP hosts to have fully qualified domain names, as long
# as the domain part matches this setting.
# 2) Sets the "domain" DHCP option thereby potentially setting the
# domain of all systems configured by DHCP
# 3) Provides the domain part for "expand-hosts"
domain=2.vmops-test.vmops.com
# Set a different domain for a particular subnet
#domain=wireless.thekelleys.org.uk,192.168.2.0/24
# Same idea, but range rather then subnet
#domain=reserved.thekelleys.org.uk,192.68.3.100,192.168.3.200
# Uncomment this to enable the integrated DHCP server, you need
# to supply the range of addresses available for lease and optionally
# a lease time. If you have more than one network, you will need to
# repeat this for each network on which you want to supply DHCP
# service.
dhcp-range_ip4=10.1.1.1,static
dhcp-range_ip6=::1,static
dhcp-hostsfile=/etc/dhcphosts.txt
# This is an example of a DHCP range where the netmask is given. This
# is needed for networks we reach the dnsmasq DHCP server via a relay
# agent. If you don't know what a DHCP relay agent is, you probably
# don't need to worry about this.
#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
# This is an example of a DHCP range which sets a tag, so that
# some DHCP options may be set only for this network.
#dhcp-range=set:red,192.168.0.50,192.168.0.150
# Use this DHCP range only when the tag "green" is set.
#dhcp-range=tag:green,192.168.0.50,192.168.0.150,12h
# Specify a subnet which can't be used for dynamic address allocation,
# is available for hosts with matching --dhcp-host lines. Note that
# dhcp-host declarations will be ignored unless there is a dhcp-range
# of some type for the subnet in question.
# In this case the netmask is implied (it comes from the network
# configuration on the machine running dnsmasq) it is possible to give
# an explicit netmask instead.
#dhcp-range=192.168.0.0,static
# Enable DHCPv6. Note that the prefix-length does not need to be specified
# and defaults to 64 if missing/
#dhcp-range=1234::2, 1234::500, 64, 12h
# Do Router Advertisements, BUT NOT DHCP for this subnet.
#dhcp-range=1234::, ra-only
# Do Router Advertisements, BUT NOT DHCP for this subnet, also try and
# add names to the DNS for the IPv6 address of SLAAC-configured dual-stack
# hosts. Use the DHCPv4 lease to derive the name, network segment and
# MAC address and assume that the host will also have an
# IPv6 address calculated using the SLAAC alogrithm.
#dhcp-range=1234::, ra-names
# Do Router Advertisements, BUT NOT DHCP for this subnet.
# Set the lifetime to 46 hours. (Note: minimum lifetime is 2 hours.)
#dhcp-range=1234::, ra-only, 48h
# Do DHCP and Router Advertisements for this subnet. Set the A bit in the RA
# so that clients can use SLAAC addresses as well as DHCP ones.
#dhcp-range=1234::2, 1234::500, slaac
# Do Router Advertisements and stateless DHCP for this subnet. Clients will
# not get addresses from DHCP, but they will get other configuration information.
# They will use SLAAC for addresses.
#dhcp-range=1234::, ra-stateless
# Do stateless DHCP, SLAAC, and generate DNS names for SLAAC addresses
# from DHCPv4 leases.
#dhcp-range=1234::, ra-stateless, ra-names
# Do router advertisements for all subnets where we're doing DHCPv6
# Unless overriden by ra-stateless, ra-names, et al, the router
# advertisements will have the M and O bits set, so that the clients
# get addresses and configuration from DHCPv6, and the A bit reset, so the
# clients don't use SLAAC addresses.
#enable-ra
# Supply parameters for specified hosts using DHCP. There are lots
# of valid alternatives, so we will give examples of each. Note that
# IP addresses DO NOT have to be in the range given above, they just
# need to be on the same network. The order of the parameters in these
# do not matter, it's permissible to give name, address and MAC in any
# order.
# Always allocate the host with Ethernet address 11:22:33:44:55:66
# The IP address 192.168.0.60
#dhcp-host=11:22:33:44:55:66,192.168.0.60
# Always set the name of the host with hardware address
# 11:22:33:44:55:66 to be "fred"
#dhcp-host=11:22:33:44:55:66,fred
# Always give the host with Ethernet address 11:22:33:44:55:66
# the name fred and IP address 192.168.0.60 and lease time 45 minutes
#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
# Give a host with Ethernet address 11:22:33:44:55:66 or
# 12:34:56:78:90:12 the IP address 192.168.0.60. Dnsmasq will assume
# that these two Ethernet interfaces will never be in use at the same
# time, and give the IP address to the second, even if it is already
# in use by the first. Useful for laptops with wired and wireless
# addresses.
#dhcp-host=11:22:33:44:55:66,12:34:56:78:90:12,192.168.0.60
# Give the machine which says its name is "bert" IP address
# 192.168.0.70 and an infinite lease
#dhcp-host=bert,192.168.0.70,infinite
# Always give the host with client identifier 01:02:02:04
# the IP address 192.168.0.60
#dhcp-host=id:01:02:02:04,192.168.0.60
# Always give the host with client identifier "marjorie"
# the IP address 192.168.0.60
#dhcp-host=id:marjorie,192.168.0.60
# Enable the address given for "judge" in /etc/hosts
# to be given to a machine presenting the name "judge" when
# it asks for a DHCP lease.
#dhcp-host=judge
# Never offer DHCP service to a machine whose Ethernet
# address is 11:22:33:44:55:66
#dhcp-host=11:22:33:44:55:66,ignore
# Ignore any client-id presented by the machine with Ethernet
# address 11:22:33:44:55:66. This is useful to prevent a machine
# being treated differently when running under different OS's or
# between PXE boot and OS boot.
#dhcp-host=11:22:33:44:55:66,id:*
# Send extra options which are tagged as "red" to
# the machine with Ethernet address 11:22:33:44:55:66
#dhcp-host=11:22:33:44:55:66,set:red
# Send extra options which are tagged as "red" to
# any machine with Ethernet address starting 11:22:33:
#dhcp-host=11:22:33:*:*:*,set:red
# Give a fixed IPv6 address and name to client with
# DUID 00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2
# Note the MAC addresses CANNOT be used to identify DHCPv6 clients.
# Note also the they [] around the IPv6 address are obilgatory.
#dhcp-host=id:00:01:00:01:16:d2:83:fc:92:d4:19:e2:d8:b2, fred, [1234::5]
# Ignore any clients which are not specified in dhcp-host lines
# or /etc/ethers. Equivalent to ISC "deny unknown-clients".
# This relies on the special "known" tag which is set when
# a host is matched.
#
# When using bridged networks in ACS this prevents ack to DHCPINFORM etc. request
dhcp-ignore=tag:!known
# Send extra options which are tagged as "red" to any machine whose
# DHCP vendorclass string includes the substring "Linux"
#dhcp-vendorclass=set:red,Linux
# Send extra options which are tagged as "red" to any machine one
# of whose DHCP userclass strings includes the substring "accounts"
#dhcp-userclass=set:red,accounts
# Send extra options which are tagged as "red" to any machine whose
# MAC address matches the pattern.
#dhcp-mac=set:red,00:60:8C:*:*:*
# If this line is uncommented, dnsmasq will read /etc/ethers and act
# on the ethernet-address/IP pairs found there just as if they had
# been given as --dhcp-host options. Useful if you keep
# MAC-address/host mappings there for other purposes.
#read-ethers
# Send options to hosts which ask for a DHCP lease.
# See RFC 2132 for details of available options.
# Common options can be given to dnsmasq by name:
# run "dnsmasq --help dhcp" to get a list.
# Note that all the common settings, such as netmask and
# broadcast address, DNS server and default route, are given
# sane defaults by dnsmasq. You very likely will not need
# any dhcp-options. If you use Windows clients and Samba, there
# are some options which are recommended, they are detailed at the
# end of this section.
# Override the default route supplied by dnsmasq, which assumes the
# router is the same machine as the one running dnsmasq.
#dhcp-option=3,1.2.3.4
# Do the same thing, but using the option name
#dhcp-option=option:router,1.2.3.4
# Override the default route supplied by dnsmasq and send no default
# route at all. Note that this only works for the options sent by
# default (1, 3, 6, 12, 28) the same line will send a zero-length option
# for all other option numbers.
#dhcp-option=3
# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
# Send DHCPv6 option. Note [] around IPv6 addresses.
#dhcp-option=option6:dns-server,[1234::77],[1234::88]
# Send DHCPv6 option for namservers as the machine running
# dnsmasq and another.
#dhcp-option=option6:dns-server,[::],[1234::88]
# Set the NTP time server address to be the same machine as
# is running dnsmasq
#dhcp-option=42,0.0.0.0
# Set the NIS domain name to "welly"
#dhcp-option=40,welly
# Set the default time-to-live to 50
#dhcp-option=23,50
# Set the "all subnets are local" flag
#dhcp-option=27,1
# Set the domain
dhcp-option=15,"2.vmops-test.vmops.com"
# Send the etherboot magic flag and then etherboot options (a string).
#dhcp-option=128,e4:45:74:68:00:00
#dhcp-option=129,NIC=eepro100
# Specify an option which will only be sent to the "red" network
# (see dhcp-range for the declaration of the "red" network)
# Note that the tag: part must precede the option: part.
#dhcp-option = tag:red, option:ntp-server, 192.168.1.1
# The following DHCP options set up dnsmasq in the same way as is specified
# for the ISC dhcpcd in
# http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
# adapted for a typical dnsmasq installation where the host running
# dnsmasq is also the host running samba.
# you may want to uncomment some or all of them if you use
# Windows clients and Samba.
#dhcp-option=19,0 # option ip-forwarding off
#dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
#dhcp-option=45,0.0.0.0 # netbios datagram distribution server
#dhcp-option=46,8 # netbios node type
# Send an empty WPAD option. This may be REQUIRED to get windows 7 to behave.
#dhcp-option=252,"\n"
# Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
# probably doesn't support this......
#dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
# Send RFC-3442 classless static routes (note the netmask encoding)
#dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
# Send vendor-class specific options encapsulated in DHCP option 43.
# The meaning of the options is defined by the vendor-class so
# options are sent only when the client supplied vendor class
# matches the class given here. (A substring match is OK, so "MSFT"
# matches "MSFT" and "MSFT 5.0"). This example sets the
# mtftp address to 0.0.0.0 for PXEClients.
#dhcp-option=vendor:PXEClient,1,0.0.0.0
# Send microsoft-specific option to tell windows to release the DHCP lease
# when it shuts down. Note the "i" flag, to tell dnsmasq to send the
# value as a four-byte integer - that's what microsoft wants. See
# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
dhcp-option=vendor:MSFT,2,1i
# Send the Encapsulated-vendor-class ID needed by some configurations of
# Etherboot to allow is to recognise the DHCP server.
#dhcp-option=vendor:Etherboot,60,"Etherboot"
# Send options to PXELinux. Note that we need to send the options even
# though they don't appear in the parameter request list, so we need
# to use dhcp-option-force here.
# See http://syslinux.zytor.com/pxe.php#special for details.
# Magic number - needed before anything else is recognised
#dhcp-option-force=208,f1:00:74:7e
# Configuration file name
#dhcp-option-force=209,configs/common
# Path prefix
#dhcp-option-force=210,/tftpboot/pxelinux/files/
# Reboot time. (Note 'i' to send 32-bit value)
#dhcp-option-force=211,30i
# Set the boot filename for netboot/PXE. You will only need
# this is you want to boot machines over the network and you will need
# a TFTP server; either dnsmasq's built in TFTP server or an
# external one. (See below for how to enable the TFTP server.)
#dhcp-boot=pxelinux.0
# The same as above, but use custom tftp-server instead machine running dnsmasq
#dhcp-boot=pxelinux,server.name,192.168.1.100
# Boot for Etherboot gPXE. The idea is to send two different
# filenames, the first loads gPXE, and the second tells gPXE what to
# load. The dhcp-match sets the gpxe tag for requests from gPXE.
#dhcp-match=set:gpxe,175 # gPXE sends a 175 option.
#dhcp-boot=tag:!gpxe,undionly.kpxe
#dhcp-boot=mybootimage
# Encapsulated options for Etherboot gPXE. All the options are
# encapsulated within option 175
#dhcp-option=encap:175, 1, 5b # priority code
#dhcp-option=encap:175, 176, 1b # no-proxydhcp
#dhcp-option=encap:175, 177, string # bus-id
#dhcp-option=encap:175, 189, 1b # BIOS drive code
#dhcp-option=encap:175, 190, user # iSCSI username
#dhcp-option=encap:175, 191, pass # iSCSI password
# Test for the architecture of a netboot client. PXE clients are
# supposed to send their architecture as option 93. (See RFC 4578)
#dhcp-match=peecees, option:client-arch, 0 #x86-32
#dhcp-match=itanics, option:client-arch, 2 #IA64
#dhcp-match=hammers, option:client-arch, 6 #x86-64
#dhcp-match=mactels, option:client-arch, 7 #EFI x86-64
# Do real PXE, rather than just booting a single file, this is an
# alternative to dhcp-boot.
#pxe-prompt="What system shall I netboot?"
# or with timeout before first available action is taken:
#pxe-prompt="Press F8 for menu.", 60
# Available boot services. for PXE.
#pxe-service=x86PC, "Boot from local disk"
# Loads <tftp-root>/pxelinux.0 from dnsmasq TFTP server.
#pxe-service=x86PC, "Install Linux", pxelinux
# Loads <tftp-root>/pxelinux.0 from TFTP server at 1.2.3.4.
# Beware this fails on old PXE ROMS.
#pxe-service=x86PC, "Install Linux", pxelinux, 1.2.3.4
# Use bootserver on network, found my multicast or broadcast.
#pxe-service=x86PC, "Install windows from RIS server", 1
# Use bootserver at a known IP address.
#pxe-service=x86PC, "Install windows from RIS server", 1, 1.2.3.4
# If you have multicast-FTP available,
# information for that can be passed in a similar way using options 1
# to 5. See page 19 of
# http://download.intel.com/design/archives/wfm/downloads/pxespec.pdf
# Enable dnsmasq's built-in TFTP server
#enable-tftp
# Set the root directory for files available via FTP.
#tftp-root=/var/ftpd
# Make the TFTP server more secure: with this set, only files owned by
# the user dnsmasq is running as will be send over the net.
#tftp-secure
# This option stops dnsmasq from negotiating a larger blocksize for TFTP
# transfers. It will slow things down, but may rescue some broken TFTP
# clients.
#tftp-no-blocksize
# Set the boot file name only when the "red" tag is set.
#dhcp-boot=net:red,pxelinux.red-net
# An example of dhcp-boot with an external TFTP server: the name and IP
# address of the server are given after the filename.
# Can fail with old PXE ROMS. Overridden by --pxe-service.
#dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
# If there are multiple external tftp servers having a same name
# (using /etc/hosts) then that name can be specified as the
# tftp_servername (the third option to dhcp-boot) and in that
# case dnsmasq resolves this name and returns the resultant IP
# addresses in round robin fasion. This facility can be used to
# load balance the tftp load among a set of servers.
#dhcp-boot=/var/ftpd/pxelinux.0,boothost,tftp_server_name
# Set the limit on DHCP leases, the default is 150
dhcp-lease-max=2100
# The DHCP server needs somewhere on disk to keep its lease database.
# This defaults to a sane location, but if you want to change it, use
# the line below.
#dhcp-leasefile=/var/lib/misc/dnsmasq.leases
leasefile-ro
# Set the DHCP server to authoritative mode. In this mode it will barge in
# and take over the lease for any client which broadcasts on the network,
# whether it has a record of the lease or not. This avoids long timeouts
# when a machine wakes up on a new network. DO NOT enable this if there's
# the slightest chance that you might end up accidentally configuring a DHCP
# server for your campus/company accidentally. The ISC server uses
# the same option, and this URL provides more information:
# http://www.isc.org/files/auth.html
#dhcp-authoritative
# Run an executable when a DHCP lease is created or destroyed.
# The arguments sent to the script are "add" or "del",
# then the MAC address, the IP address and finally the hostname
# if there is one.
#dhcp-script=/bin/echo
# Set the cachesize here.
#cache-size=150
# If you want to disable negative caching, uncomment this.
#no-negcache
# Normally responses which come form /etc/hosts and the DHCP lease
# file have Time-To-Live set as zero, which conventionally means
# do not cache further. If you are happy to trade lower load on the
# server for potentially stale date, you can set a time-to-live (in
# seconds) here.
#local-ttl=
# If you want dnsmasq to detect attempts by Verisign to send queries
# to unregistered .com and .net hosts to its sitefinder service and
# have dnsmasq instead return the correct NXDOMAIN response, uncomment
# this line. You can add similar lines to do the same for other
# registries which have implemented wildcard A records.
#bogus-nxdomain=64.94.110.11
# If you want to fix up DNS results from upstream servers, use the
# alias option. This only works for IPv4.
# This alias makes a result of 1.2.3.4 appear as 5.6.7.8
#alias=1.2.3.4,5.6.7.8
# and this maps 1.2.3.x to 5.6.7.x
#alias=1.2.3.0,5.6.7.0,255.255.255.0
# and this maps 192.168.0.10->192.168.0.40 to 10.0.0.10->10.0.0.40
#alias=192.168.0.10-192.168.0.40,10.0.0.0,255.255.255.0
# Change these lines if you want dnsmasq to serve MX records.
# Return an MX record named "maildomain.com" with target
# servermachine.com and preference 50
#mx-host=maildomain.com,servermachine.com,50
# Set the default target for MX records created using the localmx option.
#mx-target=servermachine.com
# Return an MX record pointing to the mx-target for all local
# machines.
#localmx
# Return an MX record pointing to itself for all local machines.
#selfmx
# Change the following lines if you want dnsmasq to serve SRV
# records. These are useful if you want to serve ldap requests for
# Active Directory and other windows-originated DNS requests.
# See RFC 2782.
# You may add multiple srv-host lines.
# The fields are <name>,<target>,<port>,<priority>,<weight>
# If the domain part if missing from the name (so that is just has the
# service and protocol sections) then the domain given by the domain=
# config option is used. (Note that expand-hosts does not need to be
# set for this to work.)
# A SRV record sending LDAP for the example.com domain to
# ldapserver.example.com port 389
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
# A SRV record sending LDAP for the example.com domain to
# ldapserver.example.com port 389 (using domain=)
#domain=example.com
#srv-host=_ldap._tcp,ldapserver.example.com,389
# Two SRV records for LDAP, each with different priorities
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
# A SRV record indicating that there is no LDAP server for the domain
# example.com
#srv-host=_ldap._tcp.example.com
# The following line shows how to make dnsmasq serve an arbitrary PTR
# record. This is useful for DNS-SD. (Note that the
# domain-name expansion done for SRV records _does_not
# occur for PTR records.)
#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
# Change the following lines to enable dnsmasq to serve TXT records.
# These are used for things like SPF and zeroconf. (Note that the
# domain-name expansion done for SRV records _does_not
# occur for TXT records.)
#Example SPF.
#txt-record=example.com,"v=spf1 a -all"
#Example zeroconf
#txt-record=_http._tcp.example.com,name=value,paper=A4
# Provide an alias for a "local" DNS name. Note that this _only_ works
# for targets which are names from DHCP or /etc/hosts. Give host
# "bert" another name, bertrand
#cname=bertand,bert
# For debugging purposes, log each DNS query as it passes through
# dnsmasq.
#log-queries
# Log lots of extra information about DHCP transactions.
#log-dhcp
log-facility=/var/log/dnsmasq.log
# Include a another lot of configuration options.
#conf-file=/etc/dnsmasq.more.conf
conf-dir=/etc/dnsmasq.d
dhcp-optsfile=/etc/dhcpopts.txt

26
tools/vagrant/systemvm/scripts/etc/haproxy/haproxy.cfg
View File

@ -1,26 +0,0 @@
global
log 127.0.0.1:3914 local0 info
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
defaults
log global
mode tcp
option dontlognull
retries 3
option redispatch
option forwardfor
stats enable
stats uri /admin?stats
stats realm Haproxy\ Statistics
stats auth admin1:AdMiN123
option forceclose
timeout connect 5000
timeout client 50000
timeout server 50000
listen cloud-default 0.0.0.0:35999
option transparent

157
tools/vagrant/systemvm/scripts/etc/init.d/cloud
View File

@ -1,157 +0,0 @@
#!/bin/bash
### BEGIN INIT INFO
# Provides: cloud
# Required-Start: mountkernfs $local_fs cloud-early-config
# Required-Stop: $local_fs
# Should-Start:
# Should-Stop:
# Default-Start:
# Default-Stop: 0 1 6
# Short-Description: Start up the CloudStack cloud service
### END INIT INFO
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#set -x
ENABLED=0
[ -e /etc/default/cloud ] && . /etc/default/cloud
CMDLINE=$(cat /var/cache/cloud/cmdline)
if [ ! -z $CLOUD_DEBUG ];then
LOG_FILE=/var/log/cloud/cloud.out
else
LOG_FILE=/dev/null
fi
TYPE="router"
for i in $CMDLINE
do
# search for foo=bar pattern and cut out foo
FIRSTPATTERN=$(echo $i | cut -d= -f1)
case $FIRSTPATTERN in
type)
TYPE=$(echo $i | cut -d= -f2)
;;
esac
done
# Source function library.
if [ -f /etc/init.d/functions ]
then
. /etc/init.d/functions
fi
if [ -f ./lib/lsb/init-functions ]
then
. /lib/lsb/init-functions
fi
_success() {
if [ -f /etc/init.d/functions ]
then
success
else
echo "Success"
fi
}
_failure() {
if [ -f /etc/init.d/functions ]
then
failure
else
echo "Failed"
fi
}
RETVAL=$?
CLOUDSTACK_HOME="/usr/local/cloud"
if [ -f $CLOUDSTACK_HOME/systemvm/utils.sh ];
then
. $CLOUDSTACK_HOME/systemvm/utils.sh
else
_failure
fi
# mkdir -p /var/log/vmops
start() {
local pid=$(get_pids)
if [ "$pid" != "" ]; then
echo "CloudStack cloud sevice is already running, PID = $pid"
return 0
fi
echo -n "Starting CloudStack cloud service (type=$TYPE) "
if [ -f $CLOUDSTACK_HOME/systemvm/run.sh ];
then
if [ "$pid" == "" ]
then
(cd $CLOUDSTACK_HOME/systemvm; nohup ./run.sh > $LOG_FILE 2>&1 & )
pid=$(get_pids)
echo $pid > /var/run/cloud.pid
fi
_success
else
_failure
fi
echo
echo 'start' > $CLOUDSTACK_HOME/systemvm/user_request
}
stop() {
local pid
echo -n "Stopping CloudStack cloud service (type=$TYPE): "
for pid in $(get_pids)
do
kill $pid
done
_success
echo
echo 'stop' > $CLOUDSTACK_HOME/systemvm/user_request
}
status() {
local pids=$(get_pids)
if [ "$pids" == "" ]
then
echo "CloudStack cloud service is not running"
return 1
fi
echo "CloudStack cloud service (type=$TYPE) is running: process id: $pids"
return 0
}
[ "$ENABLED" != 0 ] || exit 0
case "$1" in
start) start
;;
stop) stop
;;
status) status
;;
restart) stop
start
;;
*) echo "Usage: $0 {start|stop|status|restart}"
exit 1
;;
esac
exit $RETVAL

1500
tools/vagrant/systemvm/scripts/etc/init.d/cloud-early-config
View File

File diff suppressed because it is too large Load Diff

124
tools/vagrant/systemvm/scripts/etc/init.d/cloud-passwd-srvr
View File

@ -1,124 +0,0 @@
#!/bin/bash
### BEGIN INIT INFO
# Provides: cloud-passwd-srvr
# Required-Start: mountkernfs $local_fs cloud-early-config iptables-persistent
# Required-Stop: $local_fs
# Should-Start:
# Should-Stop:
# Default-Start:
# Default-Stop: 0 6
# Short-Description: Web server that sends passwords to User VMs
### END INIT INFO
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
ENABLED=0
[ -e /etc/default/cloud-passwd-srvr ] && . /etc/default/cloud-passwd-srvr
add_iptables_rules()
{
#Delete any old iptables rule for port 8080 on eth0
remove_iptables_rules
#For all cidrs on eth0 for port 8080 accept only if source is withing that cidr
for cidr in $(ip addr | grep eth0 | grep inet | awk '{print $2}');
do
count=1
#Try for 10 times, if it still fails then bail
while [ $count -le 10 ];
do
(( count++ ))
iptables -A INPUT -i eth0 -p tcp -m state --state NEW -m tcp -s $cidr --dport 8080 -j ACCEPT
if [ `iptables -L INPUT -n -v | grep eth0 | grep 8080 | grep ACCEPT | wc -l` -gt 0 ]
then
break
else
sleep 2
fi
done
done
echo "Added cloud-passwd-srvr iptables rules" && return 0
}
remove_iptables_rules()
{
#Change the Internal Field Separator so the for loop, loops on lines and not spaces
OIFS="${IFS}"
NIFS=$'\n'
IFS="${NIFS}"
#Removed all iptable rules for port 8080 on eth0, they were added in start()
for srcdest in `iptables -L -n -v | grep eth0 | grep 8080 | grep ACCEPT | awk '{print "--source "$8" --destination "$9}'`;
do
eval "iptables -D INPUT -i eth0 -p tcp -m state --state NEW -m tcp $srcdest --dport 8080 -j ACCEPT";
done
#Restore IFS
IFS="${OIFS}"
echo "Removed cloud-passwd-srvr iptables rules" && return 0
}
start() {
[ "$ENABLED" != 0 ] || exit 0
pid=$(getpid)
[ "$pid" != "" ] && echo "Password server is already running (pid=$pid)" && return 0
add_iptables_rules
nohup bash /opt/cloud/bin/passwd_server &
}
getpid() {
pid=$(ps -ef | grep passwd_server_ip | grep -v grep | awk '{print $2}')
echo $pid
}
stop_socat() {
spid=$(pidof socat)
[ "$spid" != "" ] && kill -9 $spid && echo "Killed socat (pid=$spid)"
return 0
}
stop () {
stop_socat
pid=$(getpid)
[ "$pid" != "" ] && kill -9 $pid && remove_iptables_rules && echo "Stopped password server (pid=$pid)" && stop_socat && return 0
echo "Password server is not running" && return 0
}
status () {
pid=$(getpid)
[ "$pid" != "" ] && echo "Password server is running (pid=$pid)" && return 0
echo "Password server is not running" && return 0
}
case "$1" in
start) start
;;
stop) stop
;;
status) status
;;
restart) stop
start
;;
*) echo "Usage: $0 {start|stop|status|restart}"
exit 1
;;
esac
exit 0

178
tools/vagrant/systemvm/scripts/etc/init.d/postinit
View File

@ -1,178 +0,0 @@
#!/bin/bash -e
### BEGIN INIT INFO
# Provides: postinit
# Required-Start: mountkernfs $local_fs cloud-early-config
# Required-Stop: $local_fs
# Should-Start:
# Should-Stop:
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: post-init
### END INIT INFO
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
replace_in_file() {
local filename=$1
local keyname=$2
local value=$3
sed -i /$keyname=/d $filename
echo "$keyname=$value" >> $filename
return $?
}
setup_secstorage() {
public_ip=$ETH2_IP
sed -i /$NAME/d /etc/hosts
echo "$public_ip $NAME" >> /etc/hosts
[ -f /etc/httpd/conf/httpd.conf ] && sed -i -e "s/^Listen.*:80$/Listen $public_ip:80/" /etc/httpd/conf/httpd.conf
[ -f /etc/httpd/conf/httpd.conf ] && sed -i -e "s/^Listen.*:443$/Listen $public_ip:443/" /etc/httpd/conf/httpd.conf
}
setup_console_proxy() {
public_ip=$ETH2_IP
sed -i /$NAME/d /etc/hosts
echo "$public_ip $NAME" >> /etc/hosts
}
setup_redundant_router() {
if [ "$RROUTER" != "1" ]
then
return 1
fi
rrouter_bin_path="/ramdisk/rrouter"
eth2mac=`ip link show eth2 | awk '/ether/ {print $2}'`
sed -i "s/\[ETH2MAC\]/$eth2mac/g" $rrouter_bin_path/enable_pubip.sh
}
start() {
case $TYPE in
secstorage)
[ "$NAME" == "" ] && NAME=secstorage
setup_secstorage;
;;
consoleproxy)
[ "$NAME" == "" ] && NAME=consoleproxy
setup_console_proxy;
;;
router)
[ "$NAME" == "" ] && NAME=router
setup_redundant_router;
;;
esac
}
stop() {
echo ""
}
status() {
echo ""
}
CMDLINE=$(cat /var/cache/cloud/cmdline)
TYPE="router"
BOOTPROTO="static"
for i in $CMDLINE
do
# search for foo=bar pattern and cut out foo
KEY=$(echo $i | cut -d= -f1)
VALUE=$(echo $i | cut -d= -f2)
case $KEY in
eth0ip)
ETH0_IP=$VALUE
;;
eth1ip)
ETH1_IP=$VALUE
;;
eth2ip)
ETH2_IP=$VALUE
;;
gateway)
GW=$VALUE
;;
eth0mask)
ETH0_MASK=$VALUE
;;
eth1mask)
ETH1_MASK=$VALUE
;;
eth2mask)
ETH2_MASK=$VALUE
;;
dns1)
NS1=$VALUE
;;
dns2)
NS2=$VALUE
;;
domain)
DOMAIN=$VALUE
;;
mgmtcidr)
MGMTNET=$VALUE
;;
localgw)
LOCAL_GW=$VALUE
;;
template)
TEMPLATE=$VALUE
;;
name)
NAME=$VALUE
;;
dhcprange)
DHCP_RANGE=$(echo $VALUE | tr ':' ',')
;;
bootproto)
BOOTPROTO=$VALUE
;;
type)
TYPE=$VALUE
;;
redundant_router)
RROUTER=$VALUE
;;
esac
done
if [ "$BOOTPROTO" == "static" -a "$RROUTER" != "1" ]
then
exit 0
fi
ETH1_IP=$(ifconfig eth1|grep 'inet addr:'|cut -d : -f 2|cut -d \ -f 1)
ETH2_IP=$(ifconfig eth2|grep 'inet addr:'|cut -d : -f 2|cut -d \ -f 1)
case "$1" in
start) start
;;
stop) stop
;;
status) status
;;
restart) stop
start
;;
*) echo "Usage: $0 {start|stop|status|restart}"
exit 1
;;
esac

9
tools/vagrant/systemvm/scripts/etc/ipsec.conf
View File

@ -1,9 +0,0 @@
# Manual: ipsec.conf.5
version 2.0
config setup
nat_traversal=yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
protostack=auto
include /etc/ipsec.d/*.conf

33
tools/vagrant/systemvm/scripts/etc/ipsec.d/l2tp.conf
View File

@ -1,33 +0,0 @@
conn L2TP-PSK
authby=secret
pfs=no
rekey=no
keyingtries=3
#
# ----------------------------------------------------------
# The VPN server.
#
# Allow incoming connections on the external network interface.
# If you want to use a different interface or if there is no
# defaultroute, you can use: left=your.ip.addr.ess
#
left=172.26.0.151
#
leftprotoport=17/1701
# If you insist on supporting non-updated Windows clients,
# you can use: leftprotoport=17/%any
#
# ----------------------------------------------------------
# The remote user(s).
#
# Allow incoming connections only from this IP address.
right=%any
# If you want to allow multiple connections from any IP address,
# you can use: right=%any
#
rightprotoport=17/%any
#
# ----------------------------------------------------------
# Change 'ignore' to 'add' to enable this configuration.
#
auto=add

2
tools/vagrant/systemvm/scripts/etc/ipsec.secrets
View File

@ -1,2 +0,0 @@
include /var/lib/openswan/ipsec.secrets.inc
include /etc/ipsec.d/ipsec.*.secrets

38
tools/vagrant/systemvm/scripts/etc/iptables/iptables-consoleproxy
View File

@ -1,38 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp --icmp-type 13 -j DROP
-A INPUT -p icmp -j ACCEPT
-A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 3922 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW -m tcp --dport 8001 -j ACCEPT
-A INPUT -i eth1 -p tcp -m state --state NEW -m tcp --dport 8001 -j ACCEPT
-A INPUT -i eth2 -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
-A INPUT -i eth2 -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
COMMIT

34
tools/vagrant/systemvm/scripts/etc/iptables/iptables-elbvm
View File

@ -1,34 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
COMMIT

33
tools/vagrant/systemvm/scripts/etc/iptables/iptables-ilbvm
View File

@ -1,33 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth1 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
COMMIT

55
tools/vagrant/systemvm/scripts/etc/iptables/iptables-router
View File

@ -1,55 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:FW_OUTBOUND - [0:0]
-A INPUT -d 224.0.0.18/32 -j ACCEPT
-A INPUT -d 225.0.0.50/32 -j ACCEPT
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i eth1 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW --dport 80 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o eth0 -m state --state NEW -j ACCEPT
-A FORWARD -i eth0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o eth2 -j FW_OUTBOUND
-I FW_OUTBOUND -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A PREROUTING -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
-A POSTROUTING -p udp --dport bootpc -j CHECKSUM --checksum-fill
COMMIT

36
tools/vagrant/systemvm/scripts/etc/iptables/iptables-secstorage
View File

@ -1,36 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:HTTP - [0:0]
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth3 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p icmp --icmp-type 13 -j DROP
-A INPUT -p icmp -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
COMMIT

42
tools/vagrant/systemvm/scripts/etc/iptables/iptables-vpcrouter
View File

@ -1,42 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -d 224.0.0.18/32 -j ACCEPT
-A INPUT -d 225.0.0.50/32 -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
COMMIT
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A OUTPUT -p udp --dport bootpc -j CHECKSUM --checksum-fill
COMMIT

29
tools/vagrant/systemvm/scripts/etc/iptables/rt_tables_init
View File

@ -1,29 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
#
# reserved values
#
255 local
254 main
253 default
0 unspec
#
# local
#
#1 inr.ruhep

42
tools/vagrant/systemvm/scripts/etc/iptables/rules
View File

@ -1,42 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i eth1 -p tcp -m state --state NEW --dport 3922 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW --dport 8080 -j ACCEPT
-A INPUT -i eth0 -p tcp -m state --state NEW --dport 80 -j ACCEPT
-A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i eth0 -o eth2 -j ACCEPT
-A FORWARD -i eth2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
COMMIT

25
tools/vagrant/systemvm/scripts/etc/logrotate.conf
View File

@ -1,25 +0,0 @@
# rotate log files daily
daily
# keep 5 days worth
rotate 5
# create new (empty) log files after rotating old ones
create
# use date as a suffix of the rotated file
dateext
# max size 50M
size 50M
# RPM packages drop log rotation information into this directory
include /etc/logrotate.d
# no packages own wtmp and btmp -- we'll rotate them here
/var/log/wtmp {
monthly
create 0664 root utmp
rotate 1
}
/var/log/btmp {
missingok
monthly
create 0600 root utmp
rotate 1
}

13
tools/vagrant/systemvm/scripts/etc/logrotate.d/apache2
View File

@ -1,13 +0,0 @@
/var/log/apache2/*.log {
daily
missingok
rotate 5
compress
delaycompress
notifempty
create 640 root adm
sharedscripts
postrotate
/etc/init.d/apache2 reload > /dev/null
endscript
}

27
tools/vagrant/systemvm/scripts/etc/logrotate.d/cloud
View File

@ -1,27 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
/var/log/cloud.log {
rotate 4
daily
missingok
notifempty
compress
delaycompress
postrotate
pkill socat > /dev/null
endscript
}

13
tools/vagrant/systemvm/scripts/etc/logrotate.d/conntrackd
View File

@ -1,13 +0,0 @@
/var/log/conntrackd-stats.log {
daily
rotate 2
missingok
compress
delaycompress
postrotate
if [ -e /var/run/conntrackd.sock ]; then
invoke-rc.d conntrackd restart > /dev/null
fi
endscript
}

13
tools/vagrant/systemvm/scripts/etc/logrotate.d/dnsmasq
View File

@ -1,13 +0,0 @@
/var/log/dnsmasq.log {
daily
missingok
rotate 5
notifempty
delaycompress
sharedscripts
postrotate
[ ! -f /var/run/dnsmasq/dnsmasq.pid ] || kill -USR2 `cat /var/run/dnsmasq/dnsmasq.pid`
endscript
create 0640 dnsmasq root
}

10
tools/vagrant/systemvm/scripts/etc/logrotate.d/haproxy
View File

@ -1,10 +0,0 @@
/var/log/haproxy.log {
daily
rotate 5
missingok
notifempty
size 10M
postrotate
/bin/kill -HUP `cat /var/run/rsyslog.pid 2> /dev/null` 2> /dev/null || true
endscript
}

9
tools/vagrant/systemvm/scripts/etc/logrotate.d/ppp
View File

@ -1,9 +0,0 @@
/var/log/ppp-connect-errors {
daily
rotate 5
missingok
notifempty
compress
nocreate
}

37
tools/vagrant/systemvm/scripts/etc/logrotate.d/rsyslog
View File

@ -1,37 +0,0 @@
/var/log/syslog
{
rotate 7
daily
missingok
notifempty
delaycompress
compress
postrotate
invoke-rc.d rsyslog reload > /dev/null
endscript
}
/var/log/mail.info
/var/log/mail.warn
/var/log/mail.err
/var/log/mail.log
/var/log/daemon.log
/var/log/kern.log
/var/log/auth.log
/var/log/user.log
/var/log/lpr.log
/var/log/cron.log
/var/log/debug
/var/log/messages
{
rotate 10
daily
missingok
notifempty
compress
delaycompress
sharedscripts
postrotate
invoke-rc.d rsyslog reload > /dev/null
endscript
}

17
tools/vagrant/systemvm/scripts/etc/modprobe.d/aesni_intel.conf
View File

@ -1,17 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
blacklist aesni_intel

17
tools/vagrant/systemvm/scripts/etc/modprobe.d/pcspkr.conf
View File

@ -1,17 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
blacklist pcspkr

14
tools/vagrant/systemvm/scripts/etc/ppp/options.xl2tpd
View File

@ -1,14 +0,0 @@
proxyarp
ipcp-accept-local
ipcp-accept-remote
noccp
idle 1800
auth
crtscts
mtu 1410
mru 1410
nodefaultroute
debug
lock
connect-delay 5000
ms-dns 10.1.1.1

22
tools/vagrant/systemvm/scripts/etc/profile.d/cloud.sh
View File

@ -1,22 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
if [ "`id -u`" -eq 0 ]; then
PATH=${PATH}:/opt/cloud/bin
fi
export PATH

29
tools/vagrant/systemvm/scripts/etc/rc.local
View File

@ -1,29 +0,0 @@
#/bin/bash
[ ! -f /var/cache/cloud/enabled_svcs ] && touch /var/cache/cloud/enabled_svcs
for svc in $(cat /var/cache/cloud/enabled_svcs)
do
logger -t cloud "Starting $svc"
service $svc start
done
[ ! -f /var/cache/cloud/disabled_svcs ] && touch /var/cache/cloud/disabled_svcs
for svc in $(cat /var/cache/cloud/disabled_svcs)
do
logger -t cloud "Stopping $svc"
service $svc stop
done
CMDLINE=$(cat /var/cache/cloud/cmdline)
router=$(echo "$CMDLINE" | grep -o type=router)
vpcrouter=$(echo "$CMDLINE" | grep -o type=vpcrouter)
if [ "$router" != "" ] || [ "$vpcrouter" != "" ]
then
echo 1000000 > /proc/sys/net/ipv4/netfilter/ip_conntrack_max
echo 1000000 > /proc/sys/net/netfilter/nf_conntrack_max
echo 1000000 > /proc/sys/net/nf_conntrack_max
fi
date > /var/cache/cloud/boot_up_done
logger -t cloud "Boot up process done"

106
tools/vagrant/systemvm/scripts/etc/rsyslog.conf
View File

@ -1,106 +0,0 @@
# /etc/rsyslog.conf Configuration file for rsyslog.
#
# For more information see
# /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html
#################
#### MODULES ####
#################
$ModLoad imuxsock # provides support for local system logging
$ModLoad imklog # provides kernel logging support (previously done by rklogd)
#$ModLoad immark # provides --MARK-- message capability
# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 3914
# provides TCP syslog reception
#$ModLoad imtcp
#$InputTCPServerRun 514
###########################
#### GLOBAL DIRECTIVES ####
###########################
#
# Use traditional timestamp format.
# To enable high precision timestamps, comment out the following line.
#
$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat
#
# Set the default permissions for all log files.
#
$FileOwner root
$FileGroup adm
$FileCreateMode 0640
$DirCreateMode 0755
$Umask 0022
#
# Include all config files in /etc/rsyslog.d/
#
$IncludeConfig /etc/rsyslog.d/*.conf
###############
#### RULES ####
###############
#
# First some standard log files. Log by facility.
#
auth,authpriv.* /var/log/auth.log
#*.*;auth,authpriv.none -/var/log/syslog
cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
#user.* -/var/log/user.log
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
#
# Logging for INN news system.
#
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice
#
# Some "catch-all" log files.
#
#*.=debug;\
# auth,authpriv.none;\
# news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron.none,daemon.none;\
local0.none,daemon.none;\
mail.none,news.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg *
#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
# news.=crit;news.=err;news.=notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn /dev/tty8
local0.* -/var/log/haproxy.log

130
tools/vagrant/systemvm/scripts/etc/ssh/sshd_config
View File

@ -1,130 +0,0 @@
# $OpenBSD: sshd_config,v 1.75 2007/03/19 01:01:29 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
# This sshd was compiled with PATH=/usr/local/bin:/bin:/usr/bin
# The strategy used for options in the default sshd_config shipped with
# OpenSSH is to specify options with their default value where
# possible, but leave them commented. Uncommented options change a
# default value.
Port 3922
#AddressFamily any
#ListenAddress 0.0.0.0
#ListenAddress ::
# Disable legacy (protocol version 1) support in the server for new
# installations. In future the default will change to require explicit
# activation of protocol 1
Protocol 2
# HostKey for protocol version 1
#HostKey /etc/ssh/ssh_host_key
# HostKeys for protocol version 2
#HostKey /etc/ssh/ssh_host_rsa_key
#HostKey /etc/ssh/ssh_host_dsa_key
# Lifetime and size of ephemeral version 1 server key
#KeyRegenerationInterval 1h
#ServerKeyBits 768
# Logging
# obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
#LoginGraceTime 2m
PermitRootLogin yes
#StrictModes yes
#MaxAuthTries 6
#RSAAuthentication yes
#PubkeyAuthentication yes
#AuthorizedKeysFile .ssh/authorized_keys
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
#HostbasedAuthentication no
# Change to yes if you don't trust ~/.ssh/known_hosts for
# RhostsRSAAuthentication and HostbasedAuthentication
#IgnoreUserKnownHosts no
# Don't read the user's ~/.rhosts and ~/.shosts files
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
PasswordAuthentication no
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
# be allowed through the ChallengeResponseAuthentication and
# PasswordAuthentication. Depending on your PAM configuration,
# PAM authentication via ChallengeResponseAuthentication may bypass
# the setting of "PermitRootLogin without-password".
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
#UsePAM no
UsePAM yes
# Accept locale-related environment variables
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
#X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
#UsePrivilegeSeparation yes
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
#ClientAliveCountMax 3
#ShowPatchLevel no
UseDNS no
#PidFile /var/run/sshd.pid
#PermitTunnel no
MaxStartups 1000
MaxSessions 1000
# no default banner path
#Banner /some/path
# override default of no subsystems
Subsystem sftp /usr/libexec/openssh/sftp-server
# Example of overriding settings on a per-user basis
#Match User anoncvs
# X11Forwarding no
# AllowTcpForwarding no
# ForceCommand cvs server

50
tools/vagrant/systemvm/scripts/etc/sysctl.conf
View File

@ -1,50 +0,0 @@
# Kernel sysctl configuration file
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# @VERSION@
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
# Controls source route verification
net.ipv4.conf.default.rp_filter = 0
# Do not accept source routing
net.ipv4.conf.default.accept_source_route = 0
# Respect local interface in ARP interactions
net.ipv4.conf.default.arp_announce = 2
net.ipv4.conf.default.arp_ignore = 2
net.ipv4.conf.all.arp_announce = 2
net.ipv4.conf.all.arp_ignore = 2
# IPSec NETKEY -- avoid bogus redirects
net.ipv4.conf.all.accept_redirects = 0
net.ipv4.conf.default.accept_redirects = 0
net.ipv4.conf.all.send_redirects = 0
net.ipv4.conf.default.send_redirects = 0
net.ipv4.conf.all.secure_redirects = 0
net.ipv4.conf.default.secure_redirects = 0
# Controls the System Request debugging functionality of the kernel
kernel.sysrq = 0
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
kernel.core_uses_pid = 1
# Controls the use of TCP syncookies
net.ipv4.tcp_syncookies = 1
net.ipv4.netfilter.ip_conntrack_max=1000000
net.ipv4.tcp_tw_reuse=1
net.ipv4.tcp_max_tw_buckets=1000000
net.core.somaxconn=1000000
# Disable IPv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.all.forwarding = 0
net.ipv6.conf.all.accept_ra = 0
net.ipv6.conf.all.accept_redirects = 0
net.ipv6.conf.all.autoconf = 0

462
tools/vagrant/systemvm/scripts/etc/vpcdnsmasq.conf
View File

@ -1,462 +0,0 @@
# Configuration file for dnsmasq.
#
# Format is one option per line, legal options are the same
# as the long options legal on the command line. See
# "/usr/sbin/dnsmasq --help" or "man 8 dnsmasq" for details.
# The following two options make you a better netizen, since they
# tell dnsmasq to filter out queries which the public DNS cannot
# answer, and which load the servers (especially the root servers)
# uneccessarily. If you have a dial-on-demand link they also stop
# these requests from bringing up the link uneccessarily.
# Never forward plain names (without a dot or domain part)
domain-needed
# Never forward addresses in the non-routed address spaces.
bogus-priv
# Uncomment this to filter useless windows-originated DNS requests
# which can trigger dial-on-demand links needlessly.
# Note that (amongst other things) this blocks all SRV requests,
# so don't use it if you use eg Kerberos.
# This option only affects forwarding, SRV records originating for
# dnsmasq (via srv-host= lines) are not suppressed by it.
#filterwin2k
# Change this line if you want dns to get its upstream servers from
# somewhere other that /etc/resolv.conf
resolv-file=/etc/dnsmasq-resolv.conf
# By default, dnsmasq will send queries to any of the upstream
# servers it knows about and tries to favour servers to are known
# to be up. Uncommenting this forces dnsmasq to try each query
# with each server strictly in the order they appear in
# /etc/resolv.conf
#strict-order
# If you don't want dnsmasq to read /etc/resolv.conf or any other
# file, getting its servers from this file instead (see below), then
# uncomment this.
#no-resolv
# If you don't want dnsmasq to poll /etc/resolv.conf or other resolv
# files for changes and re-read them then uncomment this.
#no-poll
# Add other name servers here, with domain specs if they are for
# non-public domains.
#server=/localnet/192.168.0.1
# Example of routing PTR queries to nameservers: this will send all
# address->name queries for 192.168.3/24 to nameserver 10.1.2.3
#server=/3.168.192.in-addr.arpa/10.1.2.3
# Add local-only domains here, queries in these domains are answered
# from /etc/hosts or DHCP only.
local=/2.vmops-test.vmops.com/
# Add domains which you want to force to an IP address here.
# The example below send any host in doubleclick.net to a local
# webserver.
#address=/doubleclick.net/127.0.0.1
# If you want dnsmasq to change uid and gid to something other
# than the default, edit the following lines.
#user=
#group=
# If you want dnsmasq to listen for DHCP and DNS requests only on
# specified interfaces (and the loopback) give the name of the
# interface (eg eth0) here.
# Repeat the line for more than one interface.
#interface=eth0
# Or you can specify which interface _not_ to listen on
except-interface=lo
# Or which to listen on by address (remember to include 127.0.0.1 if
# you use this.)
#listen-address=
# If you want dnsmasq to provide only DNS service on an interface,
# configure it as shown above, and then use the following line to
# disable DHCP on it.
#no-dhcp-interface=eth1
# On systems which support it, dnsmasq binds the wildcard address,
# even when it is listening on only some interfaces. It then discards
# requests that it shouldn't reply to. This has the advantage of
# working even when interfaces come and go and change address. If you
# want dnsmasq to really bind only the interfaces it is listening on,
# uncomment this option. About the only time you may need this is when
# running another nameserver on the same machine.
bind-interfaces
# If you don't want dnsmasq to read /etc/hosts, uncomment the
# following line.
#no-hosts
# or if you want it to read another file, as well as /etc/hosts, use
# this.
#addn-hosts=/etc/banner_add_hosts
# Set this (and domain: see below) if you want to have a domain
# automatically added to simple names in a hosts-file.
expand-hosts
# Set the domain for dnsmasq. this is optional, but if it is set, it
# does the following things.
# 1) Allows DHCP hosts to have fully qualified domain names, as long
# as the domain part matches this setting.
# 2) Sets the "domain" DHCP option thereby potentially setting the
# domain of all systems configured by DHCP
# 3) Provides the domain part for "expand-hosts"
#domain=2.vmops-test.vmops.com
# Uncomment this to enable the integrated DHCP server, you need
# to supply the range of addresses available for lease and optionally
# a lease time. If you have more than one network, you will need to
# repeat this for each network on which you want to supply DHCP
# service.
#dhcp-range=10.1.1.1,static
#dhcp-range=10.0.0.1,10.255.255.255
#dhcp-hostsfile=/etc/dhcphosts.txt
# This is an example of a DHCP range where the netmask is given. This
# is needed for networks we reach the dnsmasq DHCP server via a relay
# agent. If you don't know what a DHCP relay agent is, you probably
# don't need to worry about this.
#dhcp-range=192.168.0.50,192.168.0.150,255.255.255.0,12h
# This is an example of a DHCP range with a network-id, so that
# some DHCP options may be set only for this network.
#dhcp-range=red,192.168.0.50,192.168.0.150
# Supply parameters for specified hosts using DHCP. There are lots
# of valid alternatives, so we will give examples of each. Note that
# IP addresses DO NOT have to be in the range given above, they just
# need to be on the same network. The order of the parameters in these
# do not matter, it's permissble to give name,adddress and MAC in any order
# Always allocate the host with ethernet address 11:22:33:44:55:66
# The IP address 192.168.0.60
#dhcp-host=11:22:33:44:55:66,192.168.0.60
# Always set the name of the host with hardware address
# 11:22:33:44:55:66 to be "fred"
#dhcp-host=11:22:33:44:55:66,fred
# Always give the host with ethernet address 11:22:33:44:55:66
# the name fred and IP address 192.168.0.60 and lease time 45 minutes
#dhcp-host=11:22:33:44:55:66,fred,192.168.0.60,45m
# Give the machine which says it's name is "bert" IP address
# 192.168.0.70 and an infinite lease
#dhcp-host=bert,192.168.0.70,infinite
# Always give the host with client identifier 01:02:02:04
# the IP address 192.168.0.60
#dhcp-host=id:01:02:02:04,192.168.0.60
# Always give the host with client identifier "marjorie"
# the IP address 192.168.0.60
#dhcp-host=id:marjorie,192.168.0.60
# Enable the address given for "judge" in /etc/hosts
# to be given to a machine presenting the name "judge" when
# it asks for a DHCP lease.
#dhcp-host=judge
# Never offer DHCP service to a machine whose ethernet
# address is 11:22:33:44:55:66
#dhcp-host=11:22:33:44:55:66,ignore
# Ignore any client-id presented by the machine with ethernet
# address 11:22:33:44:55:66. This is useful to prevent a machine
# being treated differently when running under different OS's or
# between PXE boot and OS boot.
#dhcp-host=11:22:33:44:55:66,id:*
# Send extra options which are tagged as "red" to
# the machine with ethernet address 11:22:33:44:55:66
#dhcp-host=11:22:33:44:55:66,net:red
# Send extra options which are tagged as "red" to
# any machine with ethernet address starting 11:22:33:
#dhcp-host=11:22:33:*:*:*,net:red
# Ignore any clients which are specified in dhcp-host lines
# or /etc/ethers. Equivalent to ISC "deny unkown-clients".
# This relies on the special "known" tag which is set when
# a host is matched.
#dhcp-ignore=#known
# Send extra options which are tagged as "red" to any machine whose
# DHCP vendorclass string includes the substring "Linux"
#dhcp-vendorclass=red,Linux
# Send extra options which are tagged as "red" to any machine one
# of whose DHCP userclass strings includes the substring "accounts"
#dhcp-userclass=red,accounts
# Send extra options which are tagged as "red" to any machine whose
# MAC address matches the pattern.
#dhcp-mac=red,00:60:8C:*:*:*
# If this line is uncommented, dnsmasq will read /etc/ethers and act
# on the ethernet-address/IP pairs found there just as if they had
# been given as --dhcp-host options. Useful if you keep
# MAC-address/host mappings there for other purposes.
#read-ethers
# Send options to hosts which ask for a DHCP lease.
# See RFC 2132 for details of available options.
# Common options can be given to dnsmasq by name:
# run "dnsmasq --help dhcp" to get a list.
# Note that all the common settings, such as netmask and
# broadcast address, DNS server and default route, are given
# sane defaults by dnsmasq. You very likely will not need
# any dhcp-options. If you use Windows clients and Samba, there
# are some options which are recommended, they are detailed at the
# end of this section.
# Override the default route supplied by dnsmasq, which assumes the
# router is the same machine as the one running dnsmasq.
#dhcp-option=3,1.2.3.4
# Do the same thing, but using the option name
#dhcp-option=option:router,1.2.3.4
# Override the default route supplied by dnsmasq and send no default
# route at all. Note that this only works for the options sent by
# default (1, 3, 6, 12, 28) the same line will send a zero-length option
# for all other option numbers.
#dhcp-option=3
# Set the NTP time server addresses to 192.168.0.4 and 10.10.0.5
#dhcp-option=option:ntp-server,192.168.0.4,10.10.0.5
# Set the NTP time server address to be the same machine as
# is running dnsmasq
#dhcp-option=42,0.0.0.0
# Set the NIS domain name to "welly"
#dhcp-option=40,welly
# Set the default time-to-live to 50
#dhcp-option=23,50
# Set the "all subnets are local" flag
#dhcp-option=27,1
# Set the domain
dhcp-option=15,"2.vmops-test.vmops.com"
# Send the etherboot magic flag and then etherboot options (a string).
#dhcp-option=128,e4:45:74:68:00:00
#dhcp-option=129,NIC=eepro100
# Specify an option which will only be sent to the "red" network
# (see dhcp-range for the declaration of the "red" network)
# Note that the net: part must precede the option: part.
#dhcp-option = net:red, option:ntp-server, 192.168.1.1
# The following DHCP options set up dnsmasq in the same way as is specified
# for the ISC dhcpcd in
# http://www.samba.org/samba/ftp/docs/textdocs/DHCP-Server-Configuration.txt
# adapted for a typical dnsmasq installation where the host running
# dnsmasq is also the host running samba.
# you may want to uncomment them if you use Windows clients and Samba.
#dhcp-option=19,0 # option ip-forwarding off
#dhcp-option=44,0.0.0.0 # set netbios-over-TCP/IP nameserver(s) aka WINS server(s)
#dhcp-option=45,0.0.0.0 # netbios datagram distribution server
#dhcp-option=46,8 # netbios node type
#dhcp-option=47 # empty netbios scope.
# Send RFC-3397 DNS domain search DHCP option. WARNING: Your DHCP client
# probably doesn't support this......
#dhcp-option=option:domain-search,eng.apple.com,marketing.apple.com
# Send RFC-3442 classless static routes (note the netmask encoding)
#dhcp-option=121,192.168.1.0/24,1.2.3.4,10.0.0.0/8,5.6.7.8
# Send vendor-class specific options encapsulated in DHCP option 43.
# The meaning of the options is defined by the vendor-class so
# options are sent only when the client supplied vendor class
# matches the class given here. (A substring match is OK, so "MSFT"
# matches "MSFT" and "MSFT 5.0"). This example sets the
# mtftp address to 0.0.0.0 for PXEClients.
#dhcp-option=vendor:PXEClient,1,0.0.0.0
# Send microsoft-specific option to tell windows to release the DHCP lease
# when it shuts down. Note the "i" flag, to tell dnsmasq to send the
# value as a four-byte integer - that's what microsoft wants. See
# http://technet2.microsoft.com/WindowsServer/en/library/a70f1bb7-d2d4-49f0-96d6-4b7414ecfaae1033.mspx?mfr=true
dhcp-option=vendor:MSFT,2,1i
# Send the Encapsulated-vendor-class ID needed by some configurations of
# Etherboot to allow is to recognise the DHCP server.
#dhcp-option=vendor:Etherboot,60,"Etherboot"
# Send options to PXELinux. Note that we need to send the options even
# though they don't appear in the parameter request list, so we need
# to use dhcp-option-force here.
# See http://syslinux.zytor.com/pxe.php#special for details.
# Magic number - needed before anything else is recognised
#dhcp-option-force=208,f1:00:74:7e
# Configuration file name
#dhcp-option-force=209,configs/common
# Path prefix
#dhcp-option-force=210,/tftpboot/pxelinux/files/
# Reboot time. (Note 'i' to send 32-bit value)
#dhcp-option-force=211,30i
# Set the boot filename for BOOTP. You will only need
# this is you want to boot machines over the network and you will need
# a TFTP server; either dnsmasq's built in TFTP server or an
# external one. (See below for how to enable the TFTP server.)
#dhcp-boot=pxelinux.0
# Enable dnsmasq's built-in TFTP server
#enable-tftp
# Set the root directory for files availble via FTP.
#tftp-root=/var/ftpd
# Make the TFTP server more secure: with this set, only files owned by
# the user dnsmasq is running as will be send over the net.
#tftp-secure
# Set the boot file name only when the "red" tag is set.
#dhcp-boot=net:red,pxelinux.red-net
# An example of dhcp-boot with an external server: the name and IP
# address of the server are given after the filename.
#dhcp-boot=/var/ftpd/pxelinux.0,boothost,192.168.0.3
# Set the limit on DHCP leases, the default is 150
dhcp-lease-max=2100
# The DHCP server needs somewhere on disk to keep its lease database.
# This defaults to a sane location, but if you want to change it, use
# the line below.
#dhcp-leasefile=/var/lib/misc/dnsmasq.leases
leasefile-ro
# Set the DHCP server to authoritative mode. In this mode it will barge in
# and take over the lease for any client which broadcasts on the network,
# whether it has a record of the lease or not. This avoids long timeouts
# when a machine wakes up on a new network. DO NOT enable this if there's
# the slighest chance that you might end up accidentally configuring a DHCP
# server for your campus/company accidentally. The ISC server uses
# the same option, and this URL provides more information:
# http://www.isc.org/index.pl?/sw/dhcp/authoritative.php
#dhcp-authoritative
# Run an executable when a DHCP lease is created or destroyed.
# The arguments sent to the script are "add" or "del",
# then the MAC address, the IP address and finally the hostname
# if there is one.
#dhcp-script=/bin/echo
# Set the cachesize here.
#cache-size=150
# If you want to disable negative caching, uncomment this.
#no-negcache
# Normally responses which come form /etc/hosts and the DHCP lease
# file have Time-To-Live set as zero, which conventionally means
# do not cache further. If you are happy to trade lower load on the
# server for potentially stale date, you can set a time-to-live (in
# seconds) here.
#local-ttl=
# If you want dnsmasq to detect attempts by Verisign to send queries
# to unregistered .com and .net hosts to its sitefinder service and
# have dnsmasq instead return the correct NXDOMAIN response, uncomment
# this line. You can add similar lines to do the same for other
# registries which have implemented wildcard A records.
#bogus-nxdomain=64.94.110.11
# If you want to fix up DNS results from upstream servers, use the
# alias option. This only works for IPv4.
# This alias makes a result of 1.2.3.4 appear as 5.6.7.8
#alias=1.2.3.4,5.6.7.8
# and this maps 1.2.3.x to 5.6.7.x
#alias=1.2.3.0,5.6.7.0,255.255.255.0
# Change these lines if you want dnsmasq to serve MX records.
# Return an MX record named "maildomain.com" with target
# servermachine.com and preference 50
#mx-host=maildomain.com,servermachine.com,50
# Set the default target for MX records created using the localmx option.
#mx-target=servermachine.com
# Return an MX record pointing to the mx-target for all local
# machines.
#localmx
# Return an MX record pointing to itself for all local machines.
#selfmx
# Change the following lines if you want dnsmasq to serve SRV
# records. These are useful if you want to serve ldap requests for
# Active Directory and other windows-originated DNS requests.
# See RFC 2782.
# You may add multiple srv-host lines.
# The fields are <name>,<target>,<port>,<priority>,<weight>
# If the domain part if missing from the name (so that is just has the
# service and protocol sections) then the domain given by the domain=
# config option is used. (Note that expand-hosts does not need to be
# set for this to work.)
# A SRV record sending LDAP for the example.com domain to
# ldapserver.example.com port 289
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389
# A SRV record sending LDAP for the example.com domain to
# ldapserver.example.com port 289 (using domain=)
###domain=example.com
#srv-host=_ldap._tcp,ldapserver.example.com,389
# Two SRV records for LDAP, each with different priorities
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,1
#srv-host=_ldap._tcp.example.com,ldapserver.example.com,389,2
# A SRV record indicating that there is no LDAP server for the domain
# example.com
#srv-host=_ldap._tcp.example.com
# The following line shows how to make dnsmasq serve an arbitrary PTR
# record. This is useful for DNS-SD. (Note that the
# domain-name expansion done for SRV records _does_not
# occur for PTR records.)
#ptr-record=_http._tcp.dns-sd-services,"New Employee Page._http._tcp.dns-sd-services"
# Change the following lines to enable dnsmasq to serve TXT records.
# These are used for things like SPF and zeroconf. (Note that the
# domain-name expansion done for SRV records _does_not
# occur for TXT records.)
#Example SPF.
#txt-record=example.com,"v=spf1 a -all"
#Example zeroconf
#txt-record=_http._tcp.example.com,name=value,paper=A4
# For debugging purposes, log each DNS query as it passes through
# dnsmasq.
#log-queries
# Log lots of extra information about DHCP transactions.
#log-dhcp
log-facility=/var/log/dnsmasq.log
# Include a another lot of configuration options.
#conf-file=/etc/dnsmasq.more.conf
conf-dir=/etc/dnsmasq.d

6
tools/vagrant/systemvm/scripts/etc/xl2tpd/xl2tpd.conf
View File

@ -1,6 +0,0 @@
[lns default]
ip range = 10.1.9.2-10.1.9.8
local ip = 10.1.9.1
require chap = yes
refuse pap = yes
pppoptfile = /etc/ppp/options.xl2tpd

39
tools/vagrant/systemvm/scripts/root/clearUsageRules.sh
View File

@ -1,39 +0,0 @@
#!/usr/bin/env bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# clearUsageRules.sh - remove iptable rules for removed public interfaces
# @VERSION@
if [ -f /root/removedVifs ]
then
var=`cat /root/removedVifs`
# loop through even vif to be cleared
for i in $var; do
# Make sure vif doesn't exist
if [ ! -f /sys/class/net/$i ]
then
# remove rules
iptables -D NETWORK_STATS -i eth0 -o $i > /dev/null;
iptables -D NETWORK_STATS -i $i -o eth0 > /dev/null;
iptables -D NETWORK_STATS -o $i ! -i eth0 -p tcp > /dev/null;
iptables -D NETWORK_STATS -i $i ! -o eth0 -p tcp > /dev/null;
fi
done
rm /root/removedVifs
fi

143
tools/vagrant/systemvm/scripts/root/func.sh
View File

@ -1,143 +0,0 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Only one lock is allowed: biglock
# getLockFile() parameters
# $1 lock filename
# $2 timeout seconds
#set -x
getCurrLock() {
result=`ls $__LOCKDIR/*-$1.lock 2>/dev/null | head -n1`
while [ $? -ne 0 ]
do
result=`ls $__LOCKDIR/*-$1.lock 2>/dev/null| head -n1`
done
echo $result
}
getLockFile() {
lock=$1
__locked=0
__TS=`date +%s%N`
__LOCKDIR="/tmp"
__LOCKFILE="$__LOCKDIR/$__TS-$$-$lock.lock"
if [ $2 ]
then
__TIMEOUT=$2
else
__TIMEOUT=30
fi
if [ -e $__LOCKFILE ]
then
logger -t cloud "Process $0 pid $$ want to get ECLUSIVE LOCK $lock RECURSIVELY!"
psline=`ps u $$`
logger -t cloud "Failed job detail: $psline"
echo 0
return
fi
psline=`ps u $$`
echo $psline > $__LOCKFILE
if [ ! -e $__LOCKFILE ]
then
return
fi
for i in `seq 1 $(($__TIMEOUT * 10))`
do
currlock=$(getCurrLock $lock)
if [ $currlock -ef $__LOCKFILE ]
then
__locked=1
break
fi
sleep 0.1
if [ $((i % 10)) -eq 0 ]
then
logger -t cloud "Process $0 pid $$ waiting for the lock $lock for another 1 second"
fi
done
if [ $__locked -ne 1 ]
then
logger -t cloud "fail to acquire the lock $lock for process $0 pid $$ after $__TIMEOUT seconds time out!"
cmd=`cat $currlock 2>/dev/null`
if [ $? -eq 0 ]
then
logger -t cloud "waiting for process: $cmd"
else
logger -t cloud "didn't get info about process who we're waiting for"
fi
psline=`ps u $$`
logger -t cloud "Failed job detail: $psline"
rm $__LOCKFILE
fi
echo $__locked
}
# releaseLockFile() parameters
# $1 lock filename
# $2 locked(1) or not(0)
releaseLockFile() {
__LOCKDIR="/tmp"
__LOCKFILE="$__LOCKDIR/*-$$-$1.lock"
__locked=$2
if [ "$__locked" == "1" ]
then
rm $__LOCKFILE
fi
}
# releaseLockFile() parameters
# $1 exit value
# $2 lock filename
# $3 locked(1) or not(0)
unlock_exit() {
releaseLockFile $2 $3
exit $1
}
# calcuate the ip & network mask
rangecalc(){
local IFS='.'
local -a oct mask ip
read -ra oct <<<"$1"
read -ra mask <<<"$2"
for i in {0..3}
do
ip+=( "$(( oct[i] & mask[i] ))" )
done
echo "${ip[*]}"
}
#get cidr of the nic
getcidr(){
local dev=$1
local mask=`ifconfig $dev|grep "Mask"|cut -d ":" -f 4`
local cidrsize=`ip addr show $dev|grep inet|head -n 1|awk '{print $2}'|cut -d '/' -f 2`
local ipaddr=`ip addr show $dev|grep inet|head -n 1|awk '{print $2}'|cut -d '/' -f 1`
local base=$(rangecalc $ipaddr $mask)
echo $base/$cidrsize
}

387
tools/vagrant/systemvm/scripts/root/monitorServices.py
View File

@ -1,387 +0,0 @@
#!/usr/bin/python
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
from ConfigParser import SafeConfigParser
from subprocess import *
from os import path
import time
import os
import logging
class StatusCodes:
SUCCESS = 0
FAILED = 1
INVALID_INP = 2
RUNNING = 3
STOPPED = 4
STARTING = 5
class Log:
INFO = 'INFO'
ALERT = 'ALERT'
CRIT = 'CRIT'
NOTIF = 'NOTIF'
class Config:
MONIT_AFTER_MINS = 30
SLEEP_SEC = 1
RETRY_ITERATIONS = 10
RETRY_FOR_RESTART = 5
MONITOR_LOG = '/var/log/monitor.log'
UNMONIT_PS_FILE = '/etc/unmonit_psList.txt'
def getConfig( config_file_path = "/etc/monitor.conf" ):
"""
Reads the process configuration from the config file.
Config file contains the processes to be monitored.
"""
process_dict = {}
parser = SafeConfigParser()
parser.read( config_file_path )
for section in parser.sections():
process_dict[section] = {}
for name, value in parser.items(section):
process_dict[section][name] = value
# printd (" %s = %r" % (name, value))
return process_dict
def printd (msg):
"""
prints the debug messages
"""
#for debug
#print msg
return 0
f= open(Config.MONITOR_LOG,'r+')
f.seek(0, 2)
f.write(str(msg)+"\n")
f.close()
def raisealert(severity, msg, process_name=None):
""" Writes the alert message"""
#timeStr=str(time.ctime())
if process_name is not None:
log = '['+severity +']'+" " + '['+process_name+']' + " " + msg +"\n"
else:
log = '['+severity+']' + " " + msg +"\n"
logging.basicConfig(level=logging.INFO,filename='/var/log/routerServiceMonitor.log',format='%(asctime)s %(message)s')
logging.info(log)
msg = 'logger -t monit '+ log
pout = Popen(msg, shell=True, stdout=PIPE)
def isPidMatchPidFile(pidfile, pids):
""" Compares the running process pid with the pid in pid file.
If a process with multiple pids then it matches with pid file
"""
if pids is None or isinstance(pids,list) != True or len(pids) == 0:
printd ("Invalid Arguments")
return StatusCodes.FAILED
if not path.isfile(pidfile):
#It seems there is no pid file for this service
printd("The pid file "+pidfile+" is not there for this process")
return StatusCodes.FAILED
fd=None
try:
fd = open(pidfile,'r')
except:
printd("pid file: "+ pidfile +" open failed")
return StatusCodes.FAILED
inp = fd.read()
if not inp:
fd.close()
return StatusCodes.FAILED
printd("file content "+str(inp))
printd(pids)
tocheck_pid = inp.strip()
for item in pids:
if str(tocheck_pid) == item.strip():
printd("pid file matched")
fd.close()
return StatusCodes.SUCCESS
fd.close()
return StatusCodes.FAILED
def checkProcessRunningStatus(process_name, pidFile):
printd("checking the process " + process_name)
cmd = ''
pids = []
cmd = 'pidof ' + process_name
printd(cmd)
#cmd = 'service ' + process_name + ' status'
pout = Popen(cmd, shell=True, stdout=PIPE)
exitStatus = pout.wait()
temp_out = pout.communicate()[0]
#check there is only one pid or not
if exitStatus == 0:
pids = temp_out.split(' ')
printd("pid(s) of process %s are %s " %(process_name, pids))
#there is more than one process so match the pid file
#if not matched set pidFileMatched=False
printd("Checking pid file")
if isPidMatchPidFile(pidFile, pids) == StatusCodes.SUCCESS:
return True,pids
printd("pid of exit status %s" %exitStatus)
return False,pids
def restartService(service_name):
cmd = 'service ' + service_name + ' restart'
cout = Popen(cmd, shell=True, stdout=PIPE, stderr=STDOUT)
return_val = cout.wait()
if return_val == 0:
printd("The service " + service_name +" recovered successfully ")
msg="The process " +service_name+" is recovered successfully "
raisealert(Log.INFO,msg,service_name)
return True
else:
printd("process restart failed ....")
return False
def checkProcessStatus( process ):
"""
Check the process running status, if not running tries to restart
"""
process_name = process.get('processname')
service_name = process.get('servicename')
pidfile = process.get('pidfile')
#temp_out = None
restartFailed=False
pidFileMatched=False
pids=''
cmd=''
if process_name is None:
printd ("\n Invalid Process Name")
return StatusCodes.INVALID_INP
status, pids = checkProcessRunningStatus(process_name, pidfile)
if status == True:
printd("The process is running ....")
return StatusCodes.RUNNING
else:
printd("Process %s is not running trying to recover" %process_name)
#Retry the process state for few seconds
for i in range(1, Config.RETRY_ITERATIONS):
time.sleep(Config.SLEEP_SEC)
if i < Config.RETRY_FOR_RESTART: # this is just for trying few more times
status, pids = checkProcessRunningStatus(process_name, pidfile)
if status == True:
raisealert(Log.ALERT, "The process detected as running", process_name)
break
else:
printd("Process %s is not running checking the status again..." %process_name)
continue
else:
msg="The process " +process_name+" is not running trying recover "
raisealert(Log.INFO,process_name,msg)
if service_name == 'apache2':
# Killing apache2 process with this the main service will not start
for pid in pids:
cmd = 'kill -9 '+pid
printd(cmd)
Popen(cmd, shell=True, stdout=PIPE, stderr=STDOUT)
if restartService(service_name) == True:
break
else:
restartFailed = True
continue
#for end here
if restartFailed == True:
msg="The process %s recover failed "%process_name
raisealert(Log.ALERT,process_name,msg)
printd("Restart failed after number of retries")
return StatusCodes.STOPPED
return StatusCodes.RUNNING
def monitProcess( processes_info ):
"""
Monitors the processes which got from the config file
"""
if len( processes_info ) == 0:
printd("Invalid Input")
return StatusCodes.INVALID_INP
dict_unmonit={}
umonit_update={}
unMonitPs=False
if not path.isfile(Config.UNMONIT_PS_FILE):
printd('Unmonit File not exist')
else:
#load the dictionary with unmonit process list
dict_unmonit = loadPsFromUnMonitFile()
#time for noting process down time
csec = repr(time.time()).split('.')[0]
for process,properties in processes_info.items():
#skip the process it its time stamp less than Config.MONIT_AFTER_MINS
printd ("checking the service %s \n" %process)
if not is_emtpy(dict_unmonit):
if dict_unmonit.has_key(process):
ts = dict_unmonit[process]
if checkPsTimeStampForMonitor (csec, ts, properties) == False:
unMonitPs = True
continue
if checkProcessStatus( properties) != StatusCodes.RUNNING:
printd( "\n Service %s is not Running"%process)
#add this process into unmonit list
printd ("updating the service for unmonit %s\n" %process)
umonit_update[process]=csec
#if dict is not empty write to file else delete it
if not is_emtpy(umonit_update):
writePsListToUnmonitFile(umonit_update)
else:
if is_emtpy(umonit_update) and unMonitPs == False:
#delete file it is there
removeFile(Config.UNMONIT_PS_FILE)
def checkPsTimeStampForMonitor(csec,ts, process):
printd("Time difference=%s" %str(int(csec) - int(ts)))
tmin = (int(csec) - int(ts) )/60
if ( int(csec) - int(ts) )/60 < Config.MONIT_AFTER_MINS:
raisealert(Log.ALERT, "The %s get monitor after %s minutes " %(process, Config.MONIT_AFTER_MINS))
printd('process will be monitored after %s min' %(str(int(Config.MONIT_AFTER_MINS) - tmin)))
return False
return True
def removeFile(fileName):
if path.isfile(fileName):
printd("Removing the file %s" %fileName)
os.remove(fileName)
def loadPsFromUnMonitFile():
dict_unmonit = {}
try:
fd = open(Config.UNMONIT_PS_FILE)
except:
printd("Failed to open file %s " %(Config.UNMONIT_PS_FILE))
return StatusCodes.FAILED
ps = fd.read()
if not ps:
printd("File %s content is empty " %Config.UNMONIT_PS_FILE)
return StatusCodes.FAILED
printd(ps)
plist = ps.split(',')
plist.remove('')
for i in plist:
dict_unmonit[i.split(':')[0]] = i.split(':')[1]
fd.close()
return dict_unmonit
def writePsListToUnmonitFile(umonit_update):
printd("Write updated unmonit list to file")
line=''
for i in umonit_update:
line+=str(i)+":"+str(umonit_update[i])+','
printd(line)
try:
fd=open(Config.UNMONIT_PS_FILE,'w')
except:
printd("Failed to open file %s " %Config.UNMONIT_PS_FILE)
return StatusCodes.FAILED
fd.write(line)
fd.close()
def is_emtpy(struct):
"""
Checks wether the given struct is empty or not
"""
if struct:
return False
else:
return True
def main():
'''
Step1 : Get Config
'''
printd("monitoring started")
temp_dict = getConfig()
'''
Step2: Monitor and Raise Alert
'''
monitProcess( temp_dict )
if __name__ == "__main__":
main()

47
tools/vagrant/systemvm/scripts/root/reconfigLB.sh
View File

@ -1,47 +0,0 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
ret=0
new_config=$1
# save previous state
mv /etc/haproxy/haproxy.cfg /etc/haproxy/haproxy.cfg.old
mv /var/run/haproxy.pid /var/run/haproxy.pid.old
mv $new_config /etc/haproxy/haproxy.cfg
kill -TTOU $(cat /var/run/haproxy.pid.old)
sleep 2
if haproxy -D -p /var/run/haproxy.pid -f /etc/haproxy/haproxy.cfg; then
logger -t cloud "New haproxy instance successfully loaded, stopping previous one."
kill -KILL $(cat /var/run/haproxy.pid.old)
rm -f /var/run/haproxy.pid.old
ret=0
else
logger -t cloud "New instance failed to start, resuming previous one."
kill -TTIN $(cat /var/run/haproxy.pid.old)
rm -f /var/run/haproxy.pid
mv /var/run/haproxy.pid.old /var/run/haproxy.pid
mv /etc/haproxy/haproxy.cfg $new_config
mv /etc/haproxy/haproxy.cfg.old /etc/haproxy/haproxy.cfg
ret=1
fi
exit $ret

29
tools/vagrant/systemvm/scripts/root/redundant_router/arping_gateways.sh.templ
View File

@ -1,29 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
ip link|grep BROADCAST|grep -v eth0|grep -v eth1|cut -d ":" -f 2 > /tmp/iflist
while read i
do
ip addr show $i|grep "inet " > /tmp/iplist_$i
while read line
do
ip=`echo $line|cut -d " " -f 2|cut -d "/" -f 1`
arping -I $i -A $ip -c 1 >> [RROUTER_LOG] 2>&1
arping -I $i -A $ip -c 1 >> [RROUTER_LOG] 2>&1
done < /tmp/iplist_$i
done < /tmp/iflist
sleep 1

39
tools/vagrant/systemvm/scripts/root/redundant_router/backup.sh.templ
View File

@ -1,39 +0,0 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
sleep 1
source /root/func.sh
lock="biglock"
locked=$(getLockFile $lock)
if [ "$locked" != "1" ]
then
exit 1
fi
echo To backup called >> [RROUTER_LOG]
[RROUTER_BIN_PATH]/disable_pubip.sh >> [RROUTER_LOG] 2>&1
echo Disable public ip $? >> [RROUTER_LOG]
[RROUTER_BIN_PATH]/services.sh stop >> [RROUTER_LOG] 2>&1
[RROUTER_BIN_PATH]/primary-backup.sh backup >> [RROUTER_LOG] 2>&1
echo Switch conntrackd mode backup $? >> [RROUTER_LOG]
echo Status: BACKUP >> [RROUTER_LOG]
releaseLockFile $lock $locked
exit 0

19
tools/vagrant/systemvm/scripts/root/redundant_router/check_bumpup.sh
View File

@ -1,19 +0,0 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
cat /tmp/rrouter_bumped

55
tools/vagrant/systemvm/scripts/root/redundant_router/check_heartbeat.sh.templ
View File

@ -1,55 +0,0 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
STRIKE_FILE="[RROUTER_BIN_PATH]/keepalived.strikes"
if [ -e [RROUTER_BIN_PATH]/keepalived.ts2 ]
then
lasttime=$(cat [RROUTER_BIN_PATH]/keepalived.ts2)
thistime=$(cat [RROUTER_BIN_PATH]/keepalived.ts)
diff=$(($thistime - $lasttime))
s=0
if [ $diff -lt 30 ]
then
if [ -e $STRIKE_FILE ]
then
s=`cat $STRIKE_FILE 2>/dev/null`
fi
s=$(($s+1))
echo $s > $STRIKE_FILE
else
rm $STRIKE_FILE
fi
#3 strikes rule
if [ $s -gt 2 ]
then
echo Keepalived process is dead! >> [RROUTER_LOG]
[RROUTER_BIN_PATH]/services.sh stop >> [RROUTER_LOG] 2>&1
[RROUTER_BIN_PATH]/disable_pubip.sh >> [RROUTER_LOG] 2>&1
[RROUTER_BIN_PATH]/primary-backup.sh fault >> [RROUTER_LOG] 2>&1
service keepalived stop >> [RROUTER_LOG] 2>&1
service conntrackd stop >> [RROUTER_LOG] 2>&1
pkill -9 keepalived >> [RROUTER_LOG] 2>&1
pkill -9 conntrackd >> [RROUTER_LOG] 2>&1
echo Status: FAULT \(keepalived process is dead\) >> [RROUTER_LOG]
exit
fi
fi
cp [RROUTER_BIN_PATH]/keepalived.ts [RROUTER_BIN_PATH]/keepalived.ts2

56
tools/vagrant/systemvm/scripts/root/redundant_router/checkrouter.sh.templ
View File

@ -1,56 +0,0 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
source /root/func.sh
nolock=0
if [ $# -eq 1 ]
then
if [ $1 == "--no-lock" ]
then
nolock=1
fi
fi
if [ $nolock -eq 0 ]
then
lock="biglock"
locked=$(getLockFile $lock)
if [ "$locked" != "1" ]
then
exit 1
fi
fi
bumped="Bumped: NO"
if [ -e /tmp/rrouter_bumped ]
then
bumped="Bumped: YES"
fi
stat=`tail -n 1 [RROUTER_LOG] | grep "Status"`
if [ $? -eq 0 ]
then
echo "$stat&$bumped"
fi
if [ $nolock -eq 0 ]
then
unlock_exit $? $lock $locked
fi

401
tools/vagrant/systemvm/scripts/root/redundant_router/conntrackd.conf.templ
View File

@ -1,401 +0,0 @@
#
# Synchronizer settings
#
Sync {
Mode FTFW {
#
# Size of the resend queue (in objects). This is the maximum
# number of objects that can be stored waiting to be confirmed
# via acknoledgment. If you keep this value low, the daemon
# will have less chances to recover state-changes under message
# omission. On the other hand, if you keep this value high,
# the daemon will consume more memory to store dead objects.
# Default is 131072 objects.
#
# ResendQueueSize 131072
#
# This parameter allows you to set an initial fixed timeout
# for the committed entries when this node goes from backup
# to primary. This mechanism provides a way to purge entries
# that were not recovered appropriately after the specified
# fixed timeout. If you set a low value, TCP entries in
# Established states with no traffic may hang. For example,
# an SSH connection without KeepAlive enabled. If not set,
# the daemon uses an approximate timeout value calculation
# mechanism. By default, this option is not set.
#
# CommitTimeout 180
#
# If the firewall replica goes from primary to backup,
# the conntrackd -t command is invoked in the script.
# This command schedules a flush of the table in N seconds.
# This is useful to purge the connection tracking table of
# zombie entries and avoid clashes with old entries if you
# trigger several consecutive hand-overs. Default is 60 seconds.
#
# PurgeTimeout 60
# Set the acknowledgement window size. If you decrease this
# value, the number of acknowlegdments increases. More
# acknowledgments means more overhead as conntrackd has to
# handle more control messages. On the other hand, if you
# increase this value, the resend queue gets more populated.
# This results in more overhead in the queue releasing.
# The following value is based on some practical experiments
# measuring the cycles spent by the acknowledgment handling
# with oprofile. If not set, default window size is 300.
#
# ACKWindowSize 300
#
# This clause allows you to disable the external cache. Thus,
# the state entries are directly injected into the kernel
# conntrack table. As a result, you save memory in user-space
# but you consume slots in the kernel conntrack table for
# backup state entries. Moreover, disabling the external cache
# means more CPU consumption. You need a Linux kernel
# >= 2.6.29 to use this feature. By default, this clause is
# set off. If you are installing conntrackd for first time,
# please read the user manual and I encourage you to consider
# using the fail-over scripts instead of enabling this option!
#
# DisableExternalCache Off
}
#
# Multicast IP and interface where messages are
# broadcasted (dedicated link). IMPORTANT: Make sure
# that iptables accepts traffic for destination
# 225.0.0.50, eg:
#
# iptables -I INPUT -d 225.0.0.50 -j ACCEPT
# iptables -I OUTPUT -d 225.0.0.50 -j ACCEPT
#
Multicast {
#
# Multicast address: The address that you use as destination
# in the synchronization messages. You do not have to add
# this IP to any of your existing interfaces. If any doubt,
# do not modify this value.
#
IPv4_address 225.0.0.50
#
# The multicast group that identifies the cluster. If any
# doubt, do not modify this value.
#
Group 3780
#
# IP address of the interface that you are going to use to
# send the synchronization messages. Remember that you must
# use a dedicated link for the synchronization messages.
#
IPv4_interface [LINK_IP]
#
# The name of the interface that you are going to use to
# send the synchronization messages.
#
Interface [LINK_IF]
# The multicast sender uses a buffer to enqueue the packets
# that are going to be transmitted. The default size of this
# socket buffer is available at /proc/sys/net/core/wmem_default.
# This value determines the chances to have an overrun in the
# sender queue. The overrun results packet loss, thus, losing
# state information that would have to be retransmitted. If you
# notice some packet loss, you may want to increase the size
# of the sender buffer. The default size is usually around
# ~100 KBytes which is fairly small for busy firewalls.
#
SndSocketBuffer 1249280
# The multicast receiver uses a buffer to enqueue the packets
# that the socket is pending to handle. The default size of this
# socket buffer is available at /proc/sys/net/core/rmem_default.
# This value determines the chances to have an overrun in the
# receiver queue. The overrun results packet loss, thus, losing
# state information that would have to be retransmitted. If you
# notice some packet loss, you may want to increase the size of
# the receiver buffer. The default size is usually around
# ~100 KBytes which is fairly small for busy firewalls.
#
RcvSocketBuffer 1249280
#
# Enable/Disable message checksumming. This is a good
# property to achieve fault-tolerance. In case of doubt, do
# not modify this value.
#
Checksum on
}
#
# You can specify more than one dedicated link. Thus, if one dedicated
# link fails, conntrackd can fail-over to another. Note that adding
# more than one dedicated link does not mean that state-updates will
# be sent to all of them. There is only one active dedicated link at
# a given moment. The `Default' keyword indicates that this interface
# will be selected as the initial dedicated link. You can have
# up to 4 redundant dedicated links. Note: Use different multicast
# groups for every redundant link.
#
# Multicast Default {
# IPv4_address 225.0.0.51
# Group 3781
# IPv4_interface 192.168.100.101
# Interface eth3
# # SndSocketBuffer 1249280
# # RcvSocketBuffer 1249280
# Checksum on
# }
#
# You can use Unicast UDP instead of Multicast to propagate events.
# Note that you cannot use unicast UDP and Multicast at the same
# time, you can only select one.
#
# UDP {
#
# UDP address that this firewall uses to listen to events.
#
# IPv4_address 192.168.2.100
#
# or you may want to use an IPv6 address:
#
# IPv6_address fe80::215:58ff:fe28:5a27
#
# Destination UDP address that receives events, ie. the other
# firewall's dedicated link address.
#
# IPv4_Destination_Address 192.168.2.101
#
# or you may want to use an IPv6 address:
#
# IPv6_Destination_Address fe80::2d0:59ff:fe2a:775c
#
# UDP port used
#
# Port 3780
#
# The name of the interface that you are going to use to
# send the synchronization messages.
#
# Interface eth2
#
# The sender socket buffer size
#
# SndSocketBuffer 1249280
#
# The receiver socket buffer size
#
# RcvSocketBuffer 1249280
#
# Enable/Disable message checksumming.
#
# Checksum on
# }
}
#
# General settings
#
General {
#
# Set the nice value of the daemon, this value goes from -20
# (most favorable scheduling) to 19 (least favorable). Using a
# very low value reduces the chances to lose state-change events.
# Default is 0 but this example file sets it to most favourable
# scheduling as this is generally a good idea. See man nice(1) for
# more information.
#
Nice -20
#
# Select a different scheduler for the daemon, you can select between
# RR and FIFO and the process priority (minimum is 0, maximum is 99).
# See man sched_setscheduler(2) for more information. Using a RT
# scheduler reduces the chances to overrun the Netlink buffer.
#
# Scheduler {
# Type FIFO
# Priority 99
# }
#
# Number of buckets in the cache hashtable. The bigger it is,
# the closer it gets to O(1) at the cost of consuming more memory.
# Read some documents about tuning hashtables for further reference.
#
HashSize 32768
#
# Maximum number of conntracks, it should be double of:
# $ cat /proc/sys/net/netfilter/nf_conntrack_max
# since the daemon may keep some dead entries cached for possible
# retransmission during state synchronization.
#
HashLimit 131072
#
# Logfile: on (/var/log/conntrackd.log), off, or a filename
# Default: off
#
LogFile on
#
# Syslog: on, off or a facility name (daemon (default) or local0..7)
# Default: off
#
#Syslog on
#
# Lockfile
#
LockFile /var/lock/conntrack.lock
#
# Unix socket configuration
#
UNIX {
Path /var/run/conntrackd.ctl
Backlog 20
}
#
# Netlink event socket buffer size. If you do not specify this clause,
# the default buffer size value in /proc/net/core/rmem_default is
# used. This default value is usually around 100 Kbytes which is
# fairly small for busy firewalls. This leads to event message dropping
# and high CPU consumption. This example configuration file sets the
# size to 2 MBytes to avoid this sort of problems.
#
NetlinkBufferSize 2097152
#
# The daemon doubles the size of the netlink event socket buffer size
# if it detects netlink event message dropping. This clause sets the
# maximum buffer size growth that can be reached. This example file
# sets the size to 8 MBytes.
#
NetlinkBufferSizeMaxGrowth 8388608
#
# If the daemon detects that Netlink is dropping state-change events,
# it automatically schedules a resynchronization against the Kernel
# after 30 seconds (default value). Resynchronizations are expensive
# in terms of CPU consumption since the daemon has to get the full
# kernel state-table and purge state-entries that do not exist anymore.
# Be careful of setting a very small value here. You have the following
# choices: On (enabled, use default 30 seconds value), Off (disabled)
# or Value (in seconds, to set a specific amount of time). If not
# specified, the daemon assumes that this option is enabled.
#
# NetlinkOverrunResync On
#
# If you want reliable event reporting over Netlink, set on this
# option. If you set on this clause, it is a good idea to set off
# NetlinkOverrunResync. This option is off by default and you need
# a Linux kernel >= 2.6.31.
#
# NetlinkEventsReliable Off
#
# By default, the daemon receives state updates following an
# event-driven model. You can modify this behaviour by switching to
# polling mode with the PollSecs clause. This clause tells conntrackd
# to dump the states in the kernel every N seconds. With regards to
# synchronization mode, the polling mode can only guarantee that
# long-lifetime states are recovered. The main advantage of this method
# is the reduction in the state replication at the cost of reducing the
# chances of recovering connections.
#
# PollSecs 15
#
# The daemon prioritizes the handling of state-change events coming
# from the core. With this clause, you can set the maximum number of
# state-change events (those coming from kernel-space) that the daemon
# will handle after which it will handle other events coming from the
# network or userspace. A low value improves interactivity (in terms of
# real-time behaviour) at the cost of extra CPU consumption.
# Default (if not set) is 100.
#
# EventIterationLimit 100
#
# Event filtering: This clause allows you to filter certain traffic,
# There are currently three filter-sets: Protocol, Address and
# State. The filter is attached to an action that can be: Accept or
# Ignore. Thus, you can define the event filtering policy of the
# filter-sets in positive or negative logic depending on your needs.
# You can select if conntrackd filters the event messages from
# user-space or kernel-space. The kernel-space event filtering
# saves some CPU cycles by avoiding the copy of the event message
# from kernel-space to user-space. The kernel-space event filtering
# is prefered, however, you require a Linux kernel >= 2.6.29 to
# filter from kernel-space. If you want to select kernel-space
# event filtering, use the keyword 'Kernelspace' instead of
# 'Userspace'.
#
Filter From Userspace {
#
# Accept only certain protocols: You may want to replicate
# the state of flows depending on their layer 4 protocol.
#
Protocol Accept {
TCP
SCTP
DCCP
# UDP
# ICMP # This requires a Linux kernel >= 2.6.31
}
#
# Ignore traffic for a certain set of IP's: Usually all the
# IP assigned to the firewall since local traffic must be
# ignored, only forwarded connections are worth to replicate.
# Note that these values depends on the local IPs that are
# assigned to the firewall.
#
Address Ignore {
IPv4_address 127.0.0.1 # loopback
IPv4_address [IGNORE_IP1]
IPv4_address [IGNORE_IP2]
IPv4_address [IGNORE_IP3]
#IPv4_address 192.168.0.100 # virtual IP 1
#IPv4_address 192.168.1.100 # virtual IP 2
#IPv4_address 192.168.0.1
#IPv4_address 192.168.1.1
#IPv4_address 192.168.100.100 # dedicated link ip
#
# You can also specify networks in format IP/cidr.
# IPv4_address 192.168.0.0/24
#
# You can also specify an IPv6 address
# IPv6_address ::1
}
#
# Uncomment this line below if you want to filter by flow state.
# This option introduces a trade-off in the replication: it
# reduces CPU consumption at the cost of having lazy backup
# firewall replicas. The existing TCP states are: SYN_SENT,
# SYN_RECV, ESTABLISHED, FIN_WAIT, CLOSE_WAIT, LAST_ACK,
# TIME_WAIT, CLOSED, LISTEN.
#
# State Accept {
# ESTABLISHED CLOSED TIME_WAIT CLOSE_WAIT for TCP
# }
}
}

23
tools/vagrant/systemvm/scripts/root/redundant_router/disable_pubip.sh
View File

@ -1,23 +0,0 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
ip link|grep BROADCAST|grep -v eth0|grep -v eth1|cut -d ":" -f 2 > /tmp/iflist
while read i
do
ifconfig $i down
done < /tmp/iflist

50
tools/vagrant/systemvm/scripts/root/redundant_router/enable_pubip.sh.templ
View File

@ -1,50 +0,0 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
ip link|grep BROADCAST|grep -v eth0|grep -v eth1|cut -d ":" -f 2 > /tmp/iflist
ip addr show eth2 | grep "inet" 2>&1 > /dev/null
is_init=$?
set -e
while read i
do
# if eth2'ip has already been configured, we would use ifconfig rather than ifdown/ifup
if [ "$i" == "eth2" -a "$is_init" != "0" ]
then
ifdown $i
ifup $i
else
ifconfig $i down
ifconfig $i up
fi
done < /tmp/iflist
ip route add default via [GATEWAY] dev eth2
while read line
do
dev=$(echo $line | awk '{print $1'})
gw=$(echo $line | awk '{print $2'})
if [ "$dev" == "eth2" ]
then
continue;
fi
ip route add default via $gw table Table_$dev proto static
done < /var/cache/cloud/ifaceGwIp

37
tools/vagrant/systemvm/scripts/root/redundant_router/fault.sh.templ
View File

@ -1,37 +0,0 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
source /root/func.sh
lock="biglock"
locked=$(getLockFile $lock)
if [ "$locked" != "1" ]
then
exit 1
fi
echo To fault called >> [RROUTER_LOG]
[RROUTER_BIN_PATH]/disable_pubip.sh >> [RROUTER_LOG] 2>&1
echo Disable public ip >> [RROUTER_LOG]
[RROUTER_BIN_PATH]/services.sh stop >> [RROUTER_LOG] 2>&1
echo Stop services $? >> [RROUTER_LOG]
[RROUTER_BIN_PATH]/primary-backup.sh fault >> [RROUTER_LOG] 2>&1
echo Switch conntrackd mode fault $? >> [RROUTER_LOG]
echo Status: FAULT >> [RROUTER_LOG]
releaseLockFile $lock $locked

20
tools/vagrant/systemvm/scripts/root/redundant_router/heartbeat.sh.templ
View File

@ -1,20 +0,0 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
t=$(date +%s)
echo $t > [RROUTER_BIN_PATH]/keepalived.ts

57
tools/vagrant/systemvm/scripts/root/redundant_router/keepalived.conf.templ
View File

@ -1,57 +0,0 @@
! Licensed to the Apache Software Foundation (ASF) under one
! or more contributor license agreements. See the NOTICE file
! distributed with this work for additional information
! regarding copyright ownership. The ASF licenses this file
! to you under the Apache License, Version 2.0 (the
! "License"); you may not use this file except in compliance
! with the License. You may obtain a copy of the License at
!
! http://www.apache.org/licenses/LICENSE-2.0
!
! Unless required by applicable law or agreed to in writing,
! software distributed under the License is distributed on an
! "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
! KIND, either express or implied. See the License for the
! specific language governing permissions and limitations
! under the License.
global_defs {
router_id [ROUTER_ID]
}
vrrp_script check_bumpup {
script "[RROUTER_BIN_PATH]/check_bumpup.sh"
interval 5
weight [DELTA]
}
vrrp_script heartbeat {
script "[RROUTER_BIN_PATH]/heartbeat.sh"
interval 10
}
vrrp_instance inside_network {
state BACKUP
interface eth0
virtual_router_id 51
priority [PRIORITY]
advert_int 1
authentication {
auth_type PASS
auth_pass WORD
}
virtual_ipaddress {
[ROUTER_IP] brd [BOARDCAST] dev eth0
}
track_script {
check_bumpup
heartbeat
}
notify_master "[RROUTER_BIN_PATH]/master.sh"
notify_backup "[RROUTER_BIN_PATH]/backup.sh"
notify_fault "[RROUTER_BIN_PATH]/fault.sh"
}

60
tools/vagrant/systemvm/scripts/root/redundant_router/master.sh.templ
View File

@ -1,60 +0,0 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
source /root/func.sh
lock="biglock"
locked=$(getLockFile $lock)
if [ "$locked" != "1" ]
then
exit 1
fi
echo To master called >> [RROUTER_LOG]
[RROUTER_BIN_PATH]/enable_pubip.sh >> [RROUTER_LOG] 2>&1
ret=$?
if [ $ret -eq 0 ]
then
[RROUTER_BIN_PATH]/services.sh restart >> [RROUTER_LOG] 2>&1
ret=$?
fi
last_msg=`tail -n 1 [RROUTER_LOG]`
echo Enable public ip returned $ret >> [RROUTER_LOG]
if [ $ret -ne 0 ]
then
echo Fail to enable public ip! >> [RROUTER_LOG]
[RROUTER_BIN_PATH]/disable_pubip.sh >> [RROUTER_LOG] 2>&1
[RROUTER_BIN_PATH]/services.sh stop >> [RROUTER_LOG] 2>&1
service keepalived stop >> [RROUTER_LOG] 2>&1
service conntrackd stop >> [RROUTER_LOG] 2>&1
echo Status: FAULT \($last_msg\) >> [RROUTER_LOG]
releaseLockFile $lock $locked
exit
fi
[RROUTER_BIN_PATH]/primary-backup.sh primary >> [RROUTER_LOG] 2>&1
ret=$?
echo Switch conntrackd mode primary returned $ret >> [RROUTER_LOG]
if [ $ret -ne 0 ]
then
echo Fail to switch conntrackd mode, but try to continue working >> [RROUTER_LOG]
fi
[RROUTER_BIN_PATH]/arping_gateways.sh
echo Status: MASTER >> [RROUTER_LOG]
releaseLockFile $lock $locked
exit 0

126
tools/vagrant/systemvm/scripts/root/redundant_router/primary-backup.sh.templ
View File

@ -1,126 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
CONNTRACKD_BIN=/usr/sbin/conntrackd
CONNTRACKD_LOCK=/var/lock/conntrack.lock
CONNTRACKD_CONFIG=/etc/conntrackd/conntrackd.conf
CONNTRACKD_LOG=[RROUTER_LOG]
case "$1" in
primary)
#
# commit the external cache into the kernel table
#
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -c
if [ $? -eq 1 ]
then
logger "ERROR: failed to invoke conntrackd -c"
fi
#
# flush the internal and the external caches
#
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -f
if [ $? -eq 1 ]
then
logger "ERROR: failed to invoke conntrackd -f"
fi
#
# resynchronize my internal cache to the kernel table
#
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -R
if [ $? -eq 1 ]
then
logger "ERROR: failed to invoke conntrackd -R"
fi
#
# send a bulk update to backups
#
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -B
if [ $? -eq 1 ]
then
logger "ERROR: failed to invoke conntrackd -B"
fi
echo Conntrackd switch to primary done >> $CONNTRACKD_LOG
;;
backup)
#
# is conntrackd running? request some statistics to check it
#
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -s
if [ $? -eq 1 ]
then
#
# something's wrong, do we have a lock file?
#
if [ -f $CONNTRACKD_LOCK ]
then
logger "WARNING: conntrackd was not cleanly stopped."
logger "If you suspect that it has crashed:"
logger "1) Enable coredumps"
logger "2) Try to reproduce the problem"
logger "3) Post the coredump to netfilter-devel@vger.kernel.org"
rm -f $CONNTRACKD_LOCK
fi
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -d
if [ $? -eq 1 ]
then
logger "ERROR: cannot launch conntrackd"
exit 1
fi
fi
#
# shorten kernel conntrack timers to remove the zombie entries.
#
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t
if [ $? -eq 1 ]
then
logger "ERROR: failed to invoke conntrackd -t"
fi
#
# request resynchronization with master firewall replica (if any)
# Note: this does nothing in the alarm approach.
#
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -n
if [ $? -eq 1 ]
then
logger "ERROR: failed to invoke conntrackd -n"
fi
echo Conntrackd switch to backup done >> $CONNTRACKD_LOG
;;
fault)
#
# shorten kernel conntrack timers to remove the zombie entries.
#
$CONNTRACKD_BIN -C $CONNTRACKD_CONFIG -t
if [ $? -eq 1 ]
then
logger "ERROR: failed to invoke conntrackd -t"
fi
echo Conntrackd switch to fault done >> $CONNTRACKD_LOG
;;
*)
logger "conntrackd: ERROR: unknown state transition: " $1
echo "Usage: primary-backup.sh {primary|backup|fault}"
exit 1
;;
esac
exit 0

68
tools/vagrant/systemvm/scripts/root/redundant_router/services.sh
View File

@ -1,68 +0,0 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
vpn_service() {
ps aux|grep ipsec | grep -v grep > /dev/null
no_vpn=$?
if [ $no_vpn -eq 1 ]
then
return 0
fi
r=0
case "$1" in
stop)
service ipsec stop && \
service xl2tpd stop
r=$?
;;
restart)
service ipsec restart && \
service xl2tpd restart
r=$?
;;
esac
return $r
}
ret=0
case "$1" in
start)
vpn_service restart && \
service cloud-passwd-srvr start && \
service dnsmasq start
ret=$?
;;
stop)
vpn_service stop && \
service cloud-passwd-srvr stop && \
service dnsmasq stop
ret=$?
;;
restart)
vpn_service restart && \
service cloud-passwd-srvr restart && \
service dnsmasq restart
ret=$?
;;
*)
echo "Usage: services {start|stop|restart}"
exit 1
;;
esac
exit $ret

65
tools/vagrant/systemvm/scripts/usr/sbin/xe-daemon
View File

@ -1,65 +0,0 @@
#!/bin/bash
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
LANG="C"
export LANG
usage() {
echo "$0 [ -p <pidfile> ]" >&2
exit 1
}
# Parse command line opts
while [ $# -ne 0 ] ; do
arg="$1"
shift
case "$arg" in
"-p")
[ $# -eq 0 ] && usage
pidfile="$1"
shift
mkdir -p "$(dirname "$pidfile")"
echo $$ > "$pidfile"
;;
*)
usage
;;
esac
done
XE_UPDATE_GUEST_ATTRS=${XE_UPDATE_GUEST_ATTRS:-/usr/sbin/xe-update-guest-attrs}
XE_DAEMON_RATE=${XE_DAEMON_RATE:-60} # run once a minute by default
XE_MEMORY_UPDATE_DIVISOR=${XE_MEMORY_UPDATE_DIVISOR:-2} # update mem stats 1/2 as often by dflt
# Delete xenstore cache following each reboot
rm -rf /var/cache/xenstore
MEMORY_UPDATE_COUNTER=0
while true ; do
if [ ${MEMORY_UPDATE_COUNTER} -eq 0 ] ; then
MEMORY=--memory
MEMORY_UPDATE_COUNTER=${XE_MEMORY_UPDATE_DIVISOR}
else
MEMORY=
fi
MEMORY_UPDATE_COUNTER=$((${MEMORY_UPDATE_COUNTER} - 1))
${XE_UPDATE_GUEST_ATTRS} ${MEMORY}
sleep ${XE_DAEMON_RATE}
done

267
tools/vagrant/systemvm/scripts/usr/sbin/xe-linux-distribution
View File

@ -1,267 +0,0 @@
#! /bin/sh
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Script to write information about the current distribution to stdout or a file.
# Information collected:
# - Distribution name
# - Distribution version (major and minor)
# - Kernel version (uname)
LANG="C"
export LANG
write_to_output()
{
local distro="$1"
local major="$2"
local minor="$3"
local name="$4"
local uname=$(uname -r)
if [ -n "${TEST_RESULT}" ] ; then
MAJOR=$major
MINOR=$minor
DISTRO=$distro
UNAME=$uname
return 0
fi
echo "os_distro=\"${distro}\""
echo "os_majorver=\"${major}\""
echo "os_minorver=\"${minor}\""
echo "os_uname=\"${uname}\""
echo "os_name=\"${name}\""
return 0
}
identify_debian()
{
local debian_version="$1"
local major
local minor
# 3.1
# 4.0
# Ignores testing and unstable which contain ".*/sid".
if [ ! -f "${debian_version}" ] ; then
return 1
fi
eval $(awk -F. '/^[0-9]*\.[0-9]*/ \
{ print "major="$1 ; print "minor="$2 ; exit 0 }' \
"${debian_version}")
if [ -z "${major}" ] && [ -z "${minor}" ] && ! grep -q /sid "${debian_version}" ; then
return 1
fi
write_to_output "debian" "${major}" "${minor}" "Debian $(head -n 1 $debian_version)"
return 0
}
identify_redhat()
{
redhat_release="$1"
local distro
local major
local minor
local beta
# distro=rhel
# Red Hat Enterprise Linux AS release 3 (Taroon Update 6)
# Red Hat Enterprise Linux AS release 3 (Taroon Update 8)
# Red Hat Enterprise Linux AS release 4 (Nahant)
# Red Hat Enterprise Linux AS release 4 (Nahant Update 1)
# Red Hat Enterprise Linux AS release 4 (Nahant Update 2)
# Red Hat Enterprise Linux AS release 4 (Nahant Update 3)
# Red Hat Enterprise Linux AS release 4 (Nahant Update 4)
# Red Hat Enterprise Linux Server release 4.92 (Tikanga)
# Red Hat Enterprise Linux Server release 5 (Tikanga)
# Red Hat Enterprise Linux Server release 5.1 Beta (Tikanga)
# distro=xe-ddk
# \@PRODUCT_BRAND\@ DDK release \@PRODUCT_VERSION\@-\@BUILD_NUMBER\@ (\@PRODUCT_NAME\@)
# Rio DDK release 0.5.6-2991c (xenenterprise)
# distro=xe-sdk
# \@PRODUCT_BRAND\@ SDK release \@PRODUCT_VERSION\@-\@BUILD_NUMBER\@ (\@PRODUCT_NAME\@)
# Rio SDK release 0.5.6-2991c (xenenterprise)
# distro=fedora
# Fedora Core release 3 (Heidelberg)
# distro=centos
# CentOS release 4.0 (Final)
# CentOS release 5 (Final)
# distro=oracle
# Enterprise Linux Enterprise Linux Server release 5 (Carthage)
if [ ! -f "${redhat_release}" ] ; then
return 1
fi
eval $(sed -n \
-e 's/^\(.*\) DDK release \(.*\)-\(.*\) (.*)$/distro=xe-ddk;major=\2;minor=\3/gp;' \
-e 's/^\(.*\) SDK release \(.*\)-\(.*\) (.*)$/distro=xe-sdk;major=\2;minor=\3/gp;' \
-e 's/^Red Hat Enterprise Linux .* release \([0-9]*\) (.* Update \(.*\))$/distro=rhel;major=\1;minor=\2/gp;'\
-e 's/^Red Hat Enterprise Linux .* release \([0-9]*\) (.*)$/distro=rhel;major=\1/gp;' \
-e 's/^Red Hat Enterprise Linux .* release \([0-9]*\)\.\([0-9]*\) \([Bb]eta \)\?(.*)$/distro=rhel;major=\1;minor=\2;beta=\3;/gp;' \
-e 's/^Fedora.*release \([0-9]*\) (.*)$/distro=fedora;major=\1/gp;' \
-e 's/^CentOS release \([0-9]*\)\.\([0-9]*\) (.*)/distro=centos;major=\1;minor=\2/gp;' \
-e 's/^CentOS release \([0-9]*\) (.*)/distro=centos;major=\1/gp;' \
-e 's/^Enterprise Linux Enterprise Linux .* release \([0-9]*\)\.\([0-9]*\) (.*)$/distro=oracle;major=\1;minor=\2;/gp;' \
-e 's/^Enterprise Linux Enterprise Linux .* release \([0-9]*\) (.*)$/distro=oracle;major=\1/gp;' \
"${redhat_release}")
if [ -z "${major}" -o -z "${distro}" ] ; then
return 1
fi
if [ -z "${minor}" ] ; then
minor=0
fi
# HACK to handle RHEL betas
if [ "${distro}" == "rhel" ] && [ ${minor} -gt 90 ] ; then
major=$(expr ${major} + 1 )
minor=0
beta=Beta
fi
if [ -n "${beta}" ] ; then
minor="${minor}beta"
fi
write_to_output "${distro}" "${major}" "${minor}" "$(head -n 1 ${redhat_release})"
}
identify_sles()
{
suse_release="$1"
local major
local minor
local _major
# SUSE LINUX Enterprise Server 9 (i586)
# VERSION = 9
#
# SUSE LINUX Enterprise Server 9 (i586)
# VERSION = 9
# PATCHLEVEL = 2
#
# SUSE LINUX Enterprise Server 9 (i586)
# VERSION = 9
# PATCHLEVEL = 3
#
# SUSE Linux Enterprise Server 10 (i586)
# VERSION = 10
#
# SUSE Linux Enterprise Server 10 (i586)
# VERSION = 10
# PATCHLEVEL = 1
#
# SUSE Linux Enterprise Server 11 (i586)
# VERSION = 11
# PATCHLEVEL = 0
if [ ! -f "${suse_release}" ] ; then
return 1
fi
eval $(sed -n \
-e 's/^SUSE L\(inux\|INUX\) Enterprise Server \([0-9]*\) (.*)/_major=\2;/gp;' \
-e 's/^VERSION = \([0-9]*\)$/major=\1;/gp;' \
-e 's/^PATCHLEVEL = \([0-9]*\)$/minor=\1;/gp;' \
"${suse_release}")
if [ -z "${major}" -o -z "${_major}" ] ; then
return 1
fi
if [ "${major}" != "${_major}" ] ; then
return 1
fi
if [ -z "${minor}" ] ; then
minor=0
fi
write_to_output "sles" "${major}" "${minor}" "$(head -n 1 ${suse_release})"
}
identify_lsb()
{
lsb_release="$1"
if [ ! -x "${lsb_release}" ] ; then
saved_IFS=$IFS
IFS=:
for i in $PATH ; do
if [ -x "${i}/${lsb_release}" ] ; then
lsb_release="${i}/${lsb_release}"
break
fi
done
IFS=$saved_IFS
fi
if [ ! -x "${lsb_release}" ] ; then
return 1
fi
distro=$(${lsb_release} --short --id | tr 'A-Z' 'a-z')
description=$(${lsb_release} --short --description | sed -e 's/^"\(.*\)"$/\1/g')
release=$(${lsb_release} --short --release)
if [ -z "${distro}" -o -z "${release}" ] ; then
return 1
fi
eval $(echo $release | awk -F. -- '{ print "major=" $1 ; print "minor=" $2 }')
if [ -z "${major}" -o -z "${distro}" ] ; then
return 1
fi
write_to_output "${distro}" "${major}" "${minor}" "${description}"
}
if [ $# -eq 1 ] ; then
exec 1>"$1"
fi
if [ -z "${TEST}" ] ; then
identify_redhat /etc/redhat-release && exit 0
identify_sles /etc/SuSE-release && exit 0
identify_lsb lsb_release && exit 0
identify_debian /etc/debian_version && exit 0
if [ $# -eq 1 ] ; then
rm -f "$1"
fi
exit 1
fi

226
tools/vagrant/systemvm/scripts/usr/sbin/xe-update-guest-attrs
View File

@ -1,226 +0,0 @@
#!/bin/sh
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
# Script to write information about the guest to XenStore.
#
# Information collected (if --memory NOT passed in):
# - Distribution name
# - Distribution version (major and minor)
# - Kernel version (uname)
# - IP address for each Ethernet interface
#
# Information collected (if --memory IS passed in):
# - memtotal
# - memfree
#
# Memory stats are separated out because they change all the time
# and so we may not want to update them as frequently
LANG="C"
export LANG
XE_LINUX_DISTRIBUTION_CACHE=/var/cache/xe-linux-distribution
IPADDR_RE="\([[:digit:]]\{1,3\}\.\)\{3\}[[:digit:]]\{1,3\}"
export PATH=/usr/sbin:/usr/bin:/sbin:/bin
XENSTORE=${XENSTORE:-xenstore}
XENSTORE_UPDATED=0
# parse command line opts
MEMORY_MODE=0 # do not update memory stats
while [ $# -ge 1 ] ; do
if [ "$1" = "--memory" ] ; then
MEMORY_MODE=1 # update only memory stats
fi
shift
done
xenstore_write_cached() {
key="$1" newval="$2"
cache=/var/cache/xenstore/$key
if [ -f $cache ] ; then
# cache exists
oldval=$(cat "$cache")
if [ "$oldval" = "$newval" ] ; then
# value unchanged
return 0
fi
else
# cache does not exist
if [ -e $cache ] ; then
# something (directory?) in its way
rm -rf $cache
fi
fi
# try to write and update cache if successfull
if $XENSTORE-write "$key" "$newval" ; then
mkdir -p $(dirname "$cache")
echo -n "$newval" > "$cache"
XENSTORE_UPDATED=1
return 0
fi
return 1
}
# If we detect a domain change then delete our cache and force a refresh
domid=$(xenstore-read "domid")
cache=/var/cache/xenstore/unique-domain-id
newval=$(xenstore-read "/local/domain/${domid}/unique-domain-id")
if [ -e $cache ]; then
oldval=$(cat "$cache")
if [ "$oldval" != "$newval" ]; then
# domain changed
rm -rf /var/cache/xenstore
fi
fi
mkdir -p $(dirname "$cache")
echo -n "$newval" > "$cache"
xenstore_rm_cached() {
key="$1"
cache=/var/cache/xenstore/$key
if [ ! -e $cache ] ; then
return 1
fi
# try to write and update cache if successfull
if $XENSTORE-rm "$key" ; then
rm -rf "$cache"
XENSTORE_UPDATED=1
return 0
fi
return 1
}
xenstore_list_interfaces_cached() {
topdir=/var/cache/xenstore/attr
if [ -d $topdir ] ; then
cd $topdir
for dir in * ; do
[ -f $dir/ip ] && echo $dir
done
fi
}
if [ $MEMORY_MODE -eq 1 ] ; then
# Update the memory information
eval $(cat /proc/meminfo | \
sed -n -e 's/MemTotal\: *\([0-9]*\)[^$]*/memtotal=\1/gp;' \
-e 's/MemFree\: *\([0-9]*\)[^$]*/memfree=\1/gp;')
xenstore_write_cached "data/meminfo_total" "${memtotal}"
xenstore_write_cached "data/meminfo_free" "${memfree}"
fi
# e.g.
# $ ip addr show
# 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
# link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
# inet 127.0.0.1/8 scope host lo
# inet6 ::1/128 scope host
# valid_lft forever preferred_lft forever
# 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
# link/ether 00:13:20:95:e8:74 brd ff:ff:ff:ff:ff:ff
# inet 172.31.0.57/20 brd 172.31.15.255 scope global eth0
# inet6 fe80::213:20ff:fe95:e874/64 scope link
# valid_lft forever preferred_lft forever
# 3: sit0: <NOARP> mtu 1480 qdisc noop
# link/sit 0.0.0.0 brd 0.0.0.0
#eval $(ip addr show | \
# sed -n -e 's/^[[:digit:]]*: \([a-z0-9]*\): .*/ifs="\$ifs \1"; current="\1"; /gp;' \
# -e 's/^[[:space:]]\{4\}inet \('${IPADDR_RE}'\)\/.*/eval inet_\${current}="\1"; /gp;')
# e.g.
# eth0 Link encap:Ethernet HWaddr 00:13:20:95:E8:74
# inet addr:172.31.0.57 Bcast:172.31.15.255 Mask:255.255.240.0
# inet6 addr: fe80::213:20ff:fe95:e874/64 Scope:Link
# UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
# RX packets:98001128 errors:0 dropped:0 overruns:0 frame:0
# TX packets:87728920 errors:0 dropped:0 overruns:0 carrier:0
# collisions:0 txqueuelen:1000
# RX bytes:35864034092 (33.4 GiB) TX bytes:27544025180 (25.6 GiB)
# Interrupt:177
#
# lo Link encap:Local Loopback
# inet addr:127.0.0.1 Mask:255.0.0.0
# inet6 addr: ::1/128 Scope:Host
# UP LOOPBACK RUNNING MTU:16436 Metric:1
# RX packets:32928 errors:0 dropped:0 overruns:0 frame:0
# TX packets:32928 errors:0 dropped:0 overruns:0 carrier:0
# collisions:0 txqueuelen:0
# RX bytes:3604609 (3.4 MiB) TX bytes:3604609 (3.4 MiB)
eval $(/sbin/ifconfig | \
sed -n -e '/^[0-9a-z][0-9a-z]*\:/,/^$/d' \
-e 's/^\([0-9a-z][0-9a-z]*\) .*/ifs="\$ifs \1"; current="\1"; /gp;' \
-e 's/ *inet addr:\('$IPADDR_RE'\) .*/eval inet_\${current}="\1"; /gp;')
# network
for if in $ifs ; do
[ "${if}" = "lo" ] && continue
inet=$(eval echo \${inet_${if}})
[ -z "${inet}" ] && continue
xenstore_write_cached "attr/${if}/ip" "${inet}"
done
# remove any interfaces that have been unplugged or downed
for at in $(xenstore_list_interfaces_cached) ; do
for if in $ifs ; do
[ "${if}" = "${at}" ] && continue 2
done
xenstore_rm_cached "attr/${at}"
done
# distro
if [ -f ${XE_LINUX_DISTRIBUTION_CACHE} ] ; then
. ${XE_LINUX_DISTRIBUTION_CACHE}
for key in os_name os_majorver os_minorver os_uname os_distro ; do
new=$(eval echo \${${key}})
[ -n "${new}" ] || continue
xenstore_write_cached "data/${key}" "${new}"
done
fi
# whether I support ballooning or not
xenstore_write_cached "control/feature-balloon" "1"
# whether I support ballooning or not
xenstore_write_cached "control/feature-balloon" "1"
# build time addons
xenstore_write_cached "attr/PVAddons/MajorVersion" "5"
xenstore_write_cached "attr/PVAddons/MinorVersion" "6"
xenstore_write_cached "attr/PVAddons/MicroVersion" "0"
xenstore_write_cached "attr/PVAddons/BuildVersion" "31188"
xenstore_write_cached "attr/PVAddons/Installed" "1"
# update xenstore if necc
if [ $XENSTORE_UPDATED -eq 1 ] ; then
xenstore_write_cached "data/updated" "$(date)"
fi